Thursday, December 24, 2009

Restart or Shutdown Windows (XP, 2000 and Vista) from Command Line or One-Click Shortcut

SkyHi @ Thursday, December 24, 2009

If you getting tired of everytime have to clicking Start menu, and then click on Turn Off Computer, and then still have to click on Turn Off or Restart or Log Off in order to log off, restart or shut down your computer, and feel that it’s time wasting, you can create a one-click shortcut that allows the user to shutdown or restart Windows

, or go into standby or hibernate mode, with just a single click on the shortcut itself. Best of all, the shortcut can be put at any place – desktop, Quick Launch bar, or Start Menu, and can even launch the shutdown or restart process from command line or command prompt.

In order to shutdown or restart the Windows with just one click shortcut or from command prompt or command line, users can use shutdown command line utility/command that comes with Windows 2000 (with the Resource Kit installed) and Windows XP or Windows Vista (native). To access shutdown command, simply go to DOS command prompt by clicking on Start -> All Programs -> Accessories -> Command Prompt or Start -> Run and then type in Cmd to launch a command prompt window.

To create a one-click shortcut to shutdown the Windows computer, right click on your desktop or any folder (or click at File at toolbar), and then select New, and then click on Shortcut. A New Shortcut wizard will ask for location of this item. In the textbox, type “shutdown -s -t 01″ (without quotation marks). Click on Next when done. When ask for a name for the shortcut, give any descriptive name you prefer, such as Shutdown. Then click on Finish, and you can now use the shortcut created to shut down PC immediately after click.

If you want to create a shortcut that quick restart the Windows instead of shutting down the computer, follow the above instruction, but “shutdown -s -t 01″, key in “shutdown -r -t 01″ for location of this item. Again, give a proper descriptive name to the shortcut, such as Restart, and the shortcut is ready to be used to restart the Windows right after click.

As in the shutdown command above, -s parameter will shutdown the computer, while -r will shutdown and restart the computer. -t 01 set the timeout or time to lapse in seconds for a shut down or restart to begin. By default, if no -t argument is specified, shutdown command will wait for 30 seconds countdown before shutdown or restart. The best part for shutdown command is that it can abort a system shutdown, by using -a as the option for shutdown, i.e. “shutdown -a”. There are other options or parameters that available, and users can view all of the flags with “shutdown /?” command at command prompt.

The options available for shutdown are:

No arguments : Display this message (same as -?)
-i : Display GUI interface, must be the first option
-l : Log off (cannot be used with -m option)
-s : Shutdown the computer
-r : Shutdown and restart the computer
-a : Abort a system shutdown
-m \\computername : Remote computer to shutdown/restart/abort
-t xx : Set timeout for shutdown to xx seconds
-c “comment” : Shutdown comment (maximum of 127 characters)
-f : Forces running applications to close without warning
-d [u][p]:xx:yy : The reason code for the shutdown


Refernece: http://www.mydigitallife.info/2006/11/01/restart-or-shutdown-windows-xp-2000-and-vista-from-command-line-or-one-click-shortcut/



Wednesday, December 23, 2009

PHP Security Guide

SkyHi @ Wednesday, December 23, 2009

Apache directoryindex per virtualhost

SkyHi @ Wednesday, December 23, 2009
I have found the solution! There are literally hundreds of people that have been looking for this solution on the internet and have not posted a solution for the rest of us that run into this problem.

For some reason contrary to the manual my setup only works with an * instead of my ip address.

If you change to an * with out a directory directive you get a permissions error. By making a directory directive "correctly" it will pass you to your correct index.html.

In this example I have not tweaked it yet for security, so beware!

Listen 80

ServerRoot "C:/Apache"

DocumentRoot "C:/Apache/htdocs"

ServerAdmin datapros@our-hosting.net

ServerName 216.51.***.136

Namevirtualhost *

<virtualhost *>
ServerName www.example.com
ServerAdmin datapros@our-hosting.net
DocumentRoot /example
directoryindex index.html
ErrorLog /example/logs/error_log
CustomLog /example/logs/access_log common
</virtualhost>

<virtualhost *>
ServerName www.example2.com
ServerAdmin datapros@our-hosting.net
DocumentRoot /example2
directoryindex index.html
ErrorLog /example2/logs/error_log
CustomLog /example2/logs/access_log common
</virtualhost>

# notice example does not have a "/" in front of it!
<Directory example>
Options FollowSymLinks
AllowOverride All
#None
Order allow,deny
#deny,allow
# Deny from all
Satisfy all
</Directory>

# notice example2 does not have a "/" in front of it!
<Directory example2>
Options FollowSymLinks
AllowOverride All
#None
Order allow,deny
#deny,allow
# Deny from all
Satisfy all
</Directory>



Reference: http://www.webmasterworld.com/apache/3182824.htm

dns @ sign means

SkyHi @ Wednesday, December 23, 2009
The "@" symbol in DNS is not proprietary to CT. In fact there is no room in the functionality of DNS (at the operational level) to allow for proprietary functions.

The "@" symbol in any DNS entry means "Primary" which is the just the domain name at face value (Ex. crystaltech.com). This is why it is almost 99% of the time used for MX (Mail exchange) record, because you send email to name@domain.com NOT name@www.domain.com (note: the "@" in the email address itself has nothing to do with the DNS entry for MX it is just a formatting/syntax thing) Thats not to say that you cant do that  ;), but I'll leave that to you experimental types to figure out.

This is contrary to another common symbol the "*" which is a wildcard. Which means anything not defined by another entry. This does NOT include the "Primary".

so.. heres a quick example to help you wrap your head around the concepts;

heres some DNS entries for fictionaldoamin.com;
Code: [Select]
Prefix   IN   Type     Value
@        IN    A     100.100.100.1
www      IN    A     100.100.100.2
*        IN    A     100.100.100.3
@        IN    MX    100.100.100.20

which means...
Code: [Select]
fictionaldoamin.com = 100.100.100.1
www.fictionaldoamin.com = 100.100.100.2
test.fictionaldoamin.com = 100.100.100.3
gibberish.fictionaldoamin.com = 100.100.100.3
name@fictionaldoamin.com = 100.100.100.20
name@www.fictionaldoamin.com = fail

A HOST records can ONLY point to IP address since they are final resolvers. Meaning it has to be something a computer will know and computers only know each other on the internat by thier IP address.

CNAME and MX can be an IP address -OR- a FQDN (explained below)

Special types of entries like TXT adn PTR have different restrictions but I will not cover them to stay on topic.

FQDN = Fully Qualified Domain Name
A FQDN is a SUBDomain.DomainName.TLD (TLD is Top Level Domain, its the .com, .net
.org etc.)

so..
www.fictionaldomain.com IS a FQDN
fictionaldomain.com IS NOT a FQDN
www.fictionaldomain.com/subfolder IS NOT a FQDN

I hope this helps you understand DNS a little better. I can go on about DNS but, again, wanted to stay on topic and I tend to sidetrack a lot

Reference:
http://forums.crystaltech.com/index.php?topic=33527.0
http://forums.crystaltech.com/index.php?topic=33527.0


DNS related RFC's

As was already pointed out, the '@' symbol really hasn't got anything to with DNS. It's just a shortcut that some DNS control panels let you use to save on typing. Review whatever help system they provide for clues.


In DNS records the '@' that you are seeing is nothing more than a character used to refer to the domain name itself. It has more to do with the system or control panel that you are working in than an actual DNS entry. In simpler terms, you can view this as a place holder in an instance in which there is no character or prefix to be used. If you look at the primary A record, for instance, the '@' is often times used here since there is not a predetermined sub-domain or prefix needed for that entry.

Reference: http://forums.devshed.com/dns-36/what-does-mean-when-setting-dns-settings-636502.html

DNS Records Explained with Examples

SkyHi @ Wednesday, December 23, 2009

DNS (Domain Name System), is the service which translates between Internet names and Internet addresses.
Internet names are the names which we use to refer to hosts on the Internet, such as www.debianhelp.co.uk.
Internet addresses are the numbers which routers use to move traffic across the Internet, such as 211.1.13.115 and

What are DNS Records ?

DNS records or Zone files are used for mapping URLs to an IPs. Located on servers called the DNS servers, these records are typically the connection of your website with the outside world. Requests for your website are forwarded to your DNS servers and then get pointed to the WebServers that serve the website or to Email servers that handle the incoming email.

Different Types of DNS Records With Syntax and Examples

Types of DNS Records

A
AAAA
CNAME
MX
PTR
NS
SOA
SRV
TXT
NAPTR

The above DNS records are mostly used in all DNS Configurations. Now we will see each one with examples.

A Record

An A record or address record.

Address Record, assigns an IP address to a domain or subdomain name. When the domain name system was designed it was recommended that no two A records refer to the same IP address.

Suppose you have the somedomain.tld domain and want to assign 10.10.0.1 IP address to your web server, then you should create an A record with "www.somedomain.tld" as Fully Qualified Domain Name and "10.10.0.1" in the value field.

From now on, all the requests for www.somedomain.tld will be sent to a server with that IP.

Basically is useful to use an A record when you have subdomains residing on various systems.

Usefultip: you might use a "*.somedomain.tld" A record to allow WHATEVER.somedomain.tld to be resolved to your IP, though a wildcard CNAME record is often better than a wildcard A record.

Example of A Record with Syntax

example.com. IN A 69.9.64.11

Where

IN indicates Internet

A indicates the Address record.

The above example indicate that the IP Address for the domain example.com is 69.9.64.11

AAAA Record

An AAAA record or IPv6 address record maps a hostname to a 128-bit IPv6 address.

The regular DNS Address resource record is defined for a 32-bit IPv4 address, so a new one was created to allow a domain name to be associated with a 128-bit IPv6 address. The four “A”s (“AAAA”) are a mnemonic to indicate that the IPv6 address is four times the size of the IPv4 address. The AAAA record is structured in very much the same way as the A record in both binary and master file formats; it is just much larger. The DNS resource record Type value for AAAA is 28.

Example of AAAA Record with Syntax

The AAAA record is to help transition and coexistence between IPv4 and IPv6 networks.An IPv4 nameserver can provide IPv6 addresses:

linux aaaa 3ffe:1900:4545:2:02d0:09ff:fef7:6d2c

CNAME Record

A CNAME record or canonical name record makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.

You should use a CNAME record whenever you want associate a new subdomain to an already existing A record; i.e. you can make "www.somedomain.tld" to "somedomain.tld", which should already have been assigned an IP with an A record.

This allows you to have as many subdomains as you wish without having to specify the IP for every record. Use a CNAME if you have more services pointing to the same IP. This way you will have to update only one record in the convenience of a change of IP address.

Example of a CNAME record: "stuff.everybox.com CNAME www.everybox.com" where 'www.everybox.com' is an A record listing an IP address, and 'stuff.everybox.com' points to 'www.everybox.com'. It will NOT allow you to foward a domain to a specific web page. Use a webhop for that. Port numbers can be changed with webhops, as well; CNAMEs cannot change the HTTP default of 80 to any other port number.

Do not use CNAME defined hostnames in MX records. For example, this is not recommended

Example Of CNAME With syntax

mail.example.com IN CNAME mail.example.net

where

IN indicates Internet

CNAME indicates CNAME record.

MX Record

An MX record or mail exchange record maps a domain name to a list of mail exchange servers for that domain.

Example with MX Record Syntax - Single mail servers

mydomain.com. 14400 IN MX 0 mydomain.com.

The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 26.34.9.14. This means that email meant for test@mydomain.com will be routed to the email server at 26.34.9.14. This finishes the task of the MX record. The email server on that server then takes over, collects the email and then proceeds to distribute it to the user ``test''.

It is important that there be a dot(``.'') after the domain name in the MX record. If the dot is absent, it routes to ``mydomain.com.mydomain.com''. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.

Using Multiple mail servers

If you want to use multiple mail servers you have to use MX record preferences.The MX record preference values indicate which mail server to use and in which order to try them when they fail or don't respond. A larger preference number is less preferred. Thus, a mail exchanger with a preference of zero (0) is always preferred over all other mail exchangers. Setting preference values to equal numbers makes mail servers equally preferred.

Example with MX Record Syntax - Multiple mail servers

mydomain.com. 14400 IN MX 0 mydomain.com.
mydomain.com. 14400 IN MX 30 server2.mydomain.com

You can have unlimited MX entries for Fallback or backup purpose.If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.

PTR Record

A PTR record or pointer record maps an IPv4 address to the canonical name for that host. Setting up a PTR record for a hostname in the in-addr.arpa domain that corresponds to an IP address implements reverse DNS lookup for that address. For example www.name.net has the IP address 122.0.3.16, but a PTR record maps 16.3.0.122.in-addr.arpa.

Example of PTR Record with syntax

16.3.0.122.in-addr.arpa. IN PTR name.net

Here as you see the IP Address is reversed and added with in-addr.arpa and this has come to the left side while the actual domain name has gone to right side of IN PTR.

This is mostly used as a security and an anti-spam measure wherein most of the webservers or the email servers do a reverse DNS lookup to check if the host is actually coming from where it claims to come from. It is always advisable to have a proper reverse DNS record (PTR) is been setup for your servers especially when you are running a mail / smtp server.

NS Record

An NS record or name server record maps a domain name to a list of DNS servers authoritative for that domain. Delegations depend on NS records.

NS Record Name Server Record which indicates the Authoritative Name Servers for a particular Domain. The NS records of the Authoritative Name Server for any given Domain will be listed on the Parent Server. These are called as the Delegation Records as these records on the Parent Server indicates the delegation of the domain to the Authoritative servers.

The NS record will also be listed in the Zone records of the Authoritative Name Server itself. These records are called as the Authoritative Records.

The NS records found on the Parent Server should match the NS records on the Authoritative Server as well. However, you can have NS records listed on the Authoritative server that is not listed in the Parent Server. This arrangement is normally used to configure Stealth Name Servers.

Example of NS Record With syntax

example.com. IN NS ns1.live.secure.com.

where

IN indicates the Internet

NS indicates the type of record which Name Server record

The above indicates that the ns1.live.secure.com is the authoritative server for the domain example.com

SOA Record

An SOA record or start of authority record specifies the DNS server providing authoritative information about an Internet domain, the email of the domain administrator, the domain serial number, and several timers relating to refreshing the zone.

An SOA(State of Authority) Record is the most essential part of a Zone file. The SOA record is a way for the Domain Administrator to give out simple information about the domain like, how often it is updated, when it was last updated, when to check back for more info, what is the admins email address and so on. A Zone file can contain only one SOA Record.

A properly optimized and updated SOA record can reduce bandwidth between nameservers, increase the speed of website access and ensure the site is alive even when the primary DNS server is down.

Example of SOA Record with syntax

Here is the SOA record. Notice the starting bracket ``(``. This has to be on the same line, otherwise the record gets broken.

; name TTL class rr Nameserver email-address
mydomain.com. 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
2004123001 ; Serial number
86000 ; Refresh rate in seconds
7200 ; Update Retry in seconds
3600000 ; Expiry in seconds
600 ; minimum in seconds )

name - mydomain.com is the main name in this zone.

TTL - 14400 - TTL defines the duration in seconds that the record may be cached by client side programs. If it is set as 0, it indicates that the record should not be cached. The range is defined to be between 0 to 2147483647 (close to 68 years !) .

Class - IN - The class shows the type of record. IN equates to Internet. Other options are all historic. So as long as your DNS is on the Internet or Intranet, you must use IN.

Nameserver - ns.nameserver.com. - The nameserver is the server which holds the zone files. It can be either an external server in which case, the entire domain name must be specified followed by a dot. In case it is defined in this zone file, then it can be written as ``ns'' .

Email address - root.ns.nameserver.com. - This is the email of the domain name administrator. Now, this is really confusing, because people expect an @ to be in an email address. However in this case, email is sent to root@ns.nameserver.com, but written as root.ns.nameserver.com . And yes, remember to put the dot behind the domain name.

Serial number - 2004123001 - This is a sort of a revision numbering system to show the changes made to the DNS Zone. This number has to increment , whenever any change is made to the Zone file. The standard convention is to use the date of update YYYYMMDDnn, where nn is a revision number in case more than one updates are done in a day. So if the first update done today would be 2005301200 and second update would be 2005301201.

Refresh - 86000 - This is time(in seconds) when the slave DNS server will refresh from the master. This value represents how often a secondary will poll the primary server to see if the serial number for the zone has increased (so it knows to request a new copy of the data for the zone). It can be written as ``23h88M'' indicating 23 hours and 88 minutes. If you have a regular Internet server, you can keep it between 6 to 24 hours.

Retry - 7200 - Now assume that a slave tried to contact the master server and failed to contact it because it was down. The Retry value (time in seconds) will tell it when to get back. This value is not very important and can be a fraction of the refresh value.

Expiry - 3600000 - This is the time (in seconds) that a slave server will keep a cached zone file as valid, if it can't contact the primary server. If this value were set to say 2 weeks ( in seconds), what it means is that a slave would still be able to give out domain information from its cached zone file for 2 weeks, without anyone knowing the difference. The recommended value is between 2 to 4 weeks.

Minimum - 600 - This is the default time(in seconds) that the slave servers should cache the Zone file. This is the most important time field in the SOA Record. If your DNS information keeps changing, keep it down to a day or less. Otherwise if your DNS record doesn't change regularly, step it up between 1 to 5 days. The benefit of keeping this value high, is that your website speeds increase drastically as a result of reduced lookups. Caching servers around the globe would cache your records and this improves site performance.

SRV Record

The theory behind SRV is that given a known domain name e.g. example.com, a given service e.g. web (http) which runs on tcp in this case, a DNS query may be issued to find the host name that provides such on behalf of the domain - and which may or may not be within the domain.

Example of SRV Record with syntax

srvce.prot.name ttl class rr pri weight port target
_http._tcp.example.com. IN SRV 0 5 80 www.example.com.

srvce

Defines the symbolic service name (see IANA port-numbers) prepended with a '_' (underscore). Case insensitive. Common values are:

_http - web service
_ftp - file transfer service
_ldap - LDAP service

prot

Defines the protocol name (see IANA service-names) prepended with a '_' (underscore). Case insensitive. Common values are

_tcp - TCP protocol
_udp - UDP protocol

name

Incomprehensible description in RFC 2782. Leaving the entry blank (without a dot) will substitute the current zone root (the $ORIGIN), or you can explicitly add it as in the above _http._tcp.example.com. (with a dot).

ttl

Standard TTL parameter. For more information about TTL values.

pri

The relative Priority of this service (range 0 - 65535). Lowest is highest priority.

weight

Used when more than one service with same priority. A 16 bit unsigned integer in the range 0 - 65535. The value 0 indicates no weighting should be applied. If the weight is 1 or greater it is a relative number in which the highest is most frequently delivered i.e. given two SRV records both with Priority = 0, one with weight = 1 the other weight = 6, the one with weight 6 will have its RR delivered first 6 times out of 7 by the name server.

port

Normally the port number assigned to the symbolic service but does this is not a requirement e.g. it is permissible to define a _http service with a port number of 8100 rather than the more normal port 80.

target

The name of the host that will provide this service. Does not have to be in the same zone (domain).

TXT Record

A TXT record allows an administrator to insert arbitrary text into a DNS record. For example, this record is used to implement the Sender Policy Framework specification.

Example of TXT Record with syntax

SPF domains have to publish at least two directives: a version identifier and a default mechanism.

mydomain.com. TXT "v=spf1 -all"

This is the simplest possible SPF record: it means your domain mydomain.com never sends mail.

It makes sense to do this when a domain is only used for web services and doesn't do email.

MX servers send mail, designate them.

mydomain.com. TXT "v=spf1 mx -all"

Let's pretend mydomain.com has two MX servers, mx01 and mx02. They would both be allowed to send mail from mydomain.com.

other machines in the domain also send mail, designate them.

mydomain.com. TXT "v=spf1 mx ptr -all"

This designates all the hosts whose PTR hostname match mydomain.com.

any other machines not in the domain also send mail from that domain, designate them.

mydomain.com. TXT "v=spf1 a:mydomain.com mx ptr -all"

mydomain.com's IP address doesn't show up in its list of MX servers. So we add an "a" mechanism to the directive set to match it.

mydomain.com. TXT "v=spf1 a mx ptr -all"

This is shorthand for the same thing.

Each of your mail servers should have an SPF record also.When your mail servers create a bounce message, they will send it using a blank envelope sender: <>. When an SPF MTA sees a blank envelope sender, it will perform the lookup using the HELO domain name instead. These records take care of that scenario.

amx.mail.net. TXT "v=spf1 a -all"
mx.mail.net. TXT "v=spf1 a -all"

NAPTR Record

NAPTR records (NAPTR stands for "Naming Authority Pointer") are a newer type of DNS record that support regular expression based rewriting.

Example of NAPTR Record with syntax

$ORIGIN 3.8.0.0.6.9.2.3.6.1.4.4.e164.arpa.

NAPTR 10 100 "u" "E2U+sip" "!^.*$!sip:info@example.com!" .
NAPTR 10 101 "u" "E2U+h323" "!^.*$!h323:info@example.com!" .
NAPTR 10 102 "u" "E2U+msg" "!^.*$!mailto:info@example.com!" .

This record set maps the phone number +441632960083 onto three possible identically ordered URIs, with a preference for SIP, then H323, and finally email. In each case, the regular expression matches the full AUS (^.$), and replaces it with a URI (e.g., sip:info@example.com). As this is a terminal record, this URI is returned to the client.Though most NAPTR records replace the full AUS, it is possible for the regular expression to back-reference part of the AUS, to grab an extension number, say:

$ORIGIN 0.6.9.2.3.6.1.4.4.e164.arpa. *

NAPTR 10 100 "u" "E2U+sip""!^+441632960(.*)$!sip:\1@example.com!" .

Once the client has the URI it must be resolved using DNS, but this is no longer part of the DDDS algorithm..

wildcard DNS record

A wildcard DNS record is a record in a DNS zone file that will match all requests for non-existent domain names, i.e. domain names for which there are no records at all.


Reference: http://www.debianhelp.co.uk/dnsrecords.htm



How to: Troubleshoot UNIX / Linux BIND DNS server problems

SkyHi @ Wednesday, December 23, 2009
BIND is the Berkeley Internet Name Domain, DNS server. It is wildly used on UNIX and Linux like oses. You can use following tools to troubleshoot bind related problems under UNIX or Linux oses.

Task: Port 53 open and listing requests

By default BIND listen DNS queries on port 53. So make sure port 53 is open and listing user requests. by running any one of the following tests. See if you can telnet to port 53 from remote computer:
$ telnet remote-server-ip 53
OR
telnet ns1.nixcraft.org domain
Output:
Trying 192.168.0.5...
Connected to ns1.nixcraft.org.
Escape character is '^]'.
If you cannot connect make sure firewall is not blocking your requests. Next use netstat command to list open and listing port 53 on server itself:
$ netstat -tulpn | grep :53
OR
# netstat -atve
Output:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode
tcp        0      0 ns1.nixcraft.org:domain *:*                     LISTEN      named      10386
tcp        0      0 rhx.test.com:domain     *:*                     LISTEN      named      10384
tcp        0      0 *:ssh                   *:*                     LISTEN      root       1785
tcp        0      0 rhx.test.com:rndc       *:*                     LISTEN      named      10388
tcp        0      0 rhx.test.com:smtp       *:*                     LISTEN      root       1873
tcp        0      0 ns1.nixcraft.org:ssh    w2k.nixcraft.org:1057   ESTABLISHED root       10501
tcp        0      0 rhx.test.com:32773      rhx.test.com:domain     TIME_WAIT   root       0
tcp        0      0 ns1.nixcraft.org:32775  ns1.nixcraft.org:domain TIME_WAIT   root       0
tcp        0      0 rhx.test.com:32774      rhx.test.com:domain     TIME_WAIT   root       0
Make sure iptables firewall is not blocking request on server:
# iptables -L -n
OR
# iptables -L -n | less
Make sure named is running:
# /etc/init.d/named status
If not start named:
# chkconfig named on
# service named start

Task: Use log files

You can use log files after starting/restarting bind to see error messages:
# tail –f /var/log/message
Output:
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface lo, 127.0.0.1#53
Nov 17 16:50:25 rhx named[3539]: listening on IPv4 interface eth0, 192.168.0.5#53
Nov 17 16:50:25 rhx named[3539]: command channel listening on 127.0.0.1#953
Nov 17 16:50:25 rhx named[3539]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Nov 17 16:50:25 rhx named[3539]: nixcraft.org.rev:1: no TTL specified; using SOA MINTTL instead
Nov 17 16:50:25 rhx named[3539]: zone 0.168.192.in-addr.arpa/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: zone localhost/IN: loaded serial 42
Nov 17 16:50:25 rhx named[3539]: zone nixcraft.org/IN: loaded serial 12
Nov 17 16:50:25 rhx named[3539]: running

Task: Check zone file for errors

You can check zone file syntax and /etc/named.conf file using following utilities. named-checkconf command is named (BIND) configuration file syntax checking tool.
# named-checkconf /etc/named.conf
Output:
/etc/named.conf:32: missing ';' before 'zone'
Plesse note that if named-checkconf did not find any errors it will not display in output on screen.
Check zone file syntax for errors. named-checkzone is zone file validity checking tool. named-checkzone checks the syntax and integrity of a zone file. It performs the same checks as named does when loading a zone. This makes named checkzone useful for checking zone files before configuring them into a name server.
# named-checkzone localhost /var/named/localhost.zone
OR
#named-checkzone nixcraft.org /var/named/nixcraft.org.zone
Output:
zone nixcraft.org/IN: loaded serial 12
OK

Task: Testing BIND/DNS with utilities

You can use host and dig utilties to test your bind configuration.
  • host: host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa.
  • dig: dig (domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use dig to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than dig.
List IP address associated with host names:
# host nixcraft.org
OR
# host www
Output:
www.nixcraft.org has address 192.168.0.6
Perform a zone transfer for zone name using -l option:
# host -l nixcraft.org
nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400
nixcraft.org name server ns1.nixcraft.org.
nixcraft.org mail is handled by 10 mail.nixcraft.org.
nixcraft.org has address 192.168.0.5
gw.nixcraft.org has address 192.168.0.254
mail.nixcraft.org has address 192.168.0.7
ns1.nixcraft.org has address 192.168.0.5
w2k.nixcraft.org has address 192.168.0.1
www.nixcraft.org has address 192.168.0.6
nixcraft.org SOA ns1.nixcraft.org. admin.nixcraft.org. 12 10800 900 604800 86400
Other examples
# dig mail.nixcraft.org
# dig 192.168.0.5



Reference: http://www.cyberciti.biz/tips/troubleshooting-bind-dns-2.html

Tuesday, December 22, 2009

Microsoft words 2007 macros security problem

SkyHi @ Tuesday, December 22, 2009
I always get a macro security settings error message everytime I open and
close a document file using Microsoft Office Word 2007.

I get this message:

"This error usually occurs because of macro security settings. If you know
that the macro comes from a source that you trust, you can change your macro
security settings to allow you to enable the macro. The way that you change
your macro security settings depends on the Microsoft Office System program
that you are using." followed by sets of instructions but all of them did not
work.

Then, when I close a file, another message pops up after the macro security
settings error message saying that:

"This message can appear if you made changes to items, such as macros,
toolbars, or AutoText, that are stored in a global template that is attached
to your document. The most commonly used global template is Normal.dotm,
which comes with Word.
If you save the changes, they will be available to all documents to which
this global template is attached. If you don't save the changes, the changes
are discarded from the template.
If you see this message often, you may want to turn off the Prompt before
saving Normal template option. To turn off this option, click the Microsoft
Office Button, click Word Options, and then click Advanced. Under Save, clear
the Prompt before saving Normal template check box. If this check box is
already clear, or if clearing it does not resolve this issue, then there may
be a problem with Word.
For more information, see the Microsoft Knowledge Base article 918064."

I hope I can receive help from this site. Thank you.

Reply to author Forward



You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.


eggmcm...@gmail.com
View profile
More options Apr 27, 3:56 am
Newsgroups: microsoft.public.word.application.errors
From: eggmcm...@gmail.com
Date: Mon, 27 Apr 2009 00:56:33 -0700 (PDT)
Local: Mon, Apr 27 2009 3:56 am
Subject: Re: macro security settings error message
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
I had the same problem and took out the 'COM Add-in' under Office
Button-> Word Options-> Trust Center-> Trust Center Settings-> Add-Ins

hope that helps

Reply to author Forward



You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.


mukherje...@gmail.com
View profile
More options May 3, 9:16 pm
Newsgroups: microsoft.public.word.application.errors
From: mukherje...@gmail.com
Date: Sun, 3 May 2009 18:16:26 -0700 (PDT)
Local: Sun, May 3 2009 9:16 pm
Subject: Re: macro security settings error message
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
On Apr 27, 12:56 pm, eggmcm...@gmail.com wrote:

> I had the same problem and took out the 'COM Add-in' under Office
> Button-> Word Options-> Trust Center-> Trust Center Settings-> Add-Ins

> hope that helps

Man That worked for me.
Facing that thing for a long time.
Thanks for saving man.



Reference: http://groups.google.com/group/microsoft.public.word.application.errors/browse_thread/thread/d542b36f33e0802f

Troubleshooting Memory Usage

SkyHi @ Tuesday, December 22, 2009

Processing dying unexpectedly?  Want to know if you need more memory?

Check your /var/log/messages.  If you see (on a 2.4.23 kernel):

<code>Dec 11 10:21:43 www kernel: __alloc_pages: 0-order allocation failed (gfp=0x1d2/0)
Dec 11 10:21:44 www kernel: __alloc_pages: 0-order allocation failed (gfp=0x1f0/0)
</code>

Or (on a pre-2.4.23 kernel):

<code><br />Dec 7 23:49:03 www kernel: Out of Memory: Killed process 31088 (java).<br />Dec 7 23:49:03 www kernel: Out of Memory: Killed process 31103 (java).<br /></code>

Or on a Xen-based VPS console:

<code><br />swapper: page allocation failure. order:0, mode:0x20<br /> [<c01303a4>] __alloc_pages+0x327/0x3e3<br /></code>

Then your programs need more memory than they can get.

Interpreting Free

To see how much memory you are currently using, run free -m.  It will provide output like:

            total    used   free    shared buffers cached
Mem:        90      85       4      0       3       34
-/+ buffers/cache:  46      43
Swap:       9        0       9

The top row 'used' (85) value will almost always nearly match the top row mem value (90).  Since Linux likes to use any spare memory to cache disk blocks (34).

The key used figure to look at is the buffers/cache row used value (46).  This is how much space your applications are currently using.  For best performance, this number should be less than your total (90) memory.  To prevent out of memory errors, it needs to be less than the total memory (90) and swap space (9).

If you wish to quickly see how much memory is free look at the buffers/cache row free value (43). This is the total memory (90)- the actual used (46). (90 - 46 = 44, not 43, this will just be a rounding issue)

Interpreting ps

If you want to see where all your memory is going, run ps aux.  That will show the percentage of memory each process is using.  You can use it to identify the top memory users (usually Apache, MySQL and Java processes).

For example in this output snippet:

USER PID %CPU %MEM VSZ     RSS   TTY   STAT   START TIME COMMAND
root 854 0.5  39.2 239372  36208 pts/0 S     22:50 0:05 /usr/local/jdk/bi
n/java -Xms16m -Xmx64m -Djava.awt.headless=true -Djetty.home=/opt/jetty -cp /opt
/jetty/ext/ant.jar:/opt/jetty/ext/jasper-compiler.jar:/opt/jetty/ext/jasper-runt
ime.jar:/opt/jetty/ext/jcert.jar:/opt/jetty/ext/jmxri.jar:/opt/jetty/ext/jmxtool

We can see that java is using up 39.2% of the available memory.

Interpreting vmstat

vmstat helps you to see, among other things, if your server is swapping.  Take a look at the following run of vmstat doing a one second refresh for two iterations.

<code><br /># vmstat 1 2<br />   procs                      memory    swap          io     system         cpu<br /> r  b  w   swpd   free   buff  cache  si  so    bi    bo   in    cs  us  sy  id<br /> 0  0  0  39132   2416    804  15668   4   3     9     6  104    13   0   0 100<br /> 0  0  0  39132   2416    804  15668   0   0     0     0   53     8   0   0 100<br /> 0  0  0  39132   2416    804  15668   0   0     0     0   54     6   0   0 100<br /></code>

The first row shows your server averages.  The si (swap in) and so (swap out) columns show if you have been swapping (i.e. needing to dip into 'virtual' memory) in order to run your server's applications.  The si/so numbers should be 0 (or close to it).  Numbers in the hundreds or thousands indicate your server is swapping heavily.  This consumes a lot of CPU and other server resources and you would get a very (!) significant benefit from adding more memory to your server.

Some other columns of interest: The r (runnable) b (blocked) and w (waiting) columns help see your server load.  Waiting processes are swapped out.  Blocked processes are typically waiting on I/O.  The runnable column is the number of processes trying to something.  These numbers combine to form the 'load' value on your server.  Typically you want the load value to be one or less per CPU in your server.

The bi (bytes in) and bo (bytes out) column show disk I/O (including swapping memory to/from disk) on your server.

The us (user), sy (system) and id (idle) show the amount of CPU your server is using.  The higher the idle value, the better.

Resolving: High Java Memory Usage

Java processes can often consume more memory than any other application running on a server.

Java processes can be passed a -Xmx option.  This controls the maximum Java memory heap size.  It is important to set a limit on the heap size, otherwise the heap will keep increasing until you get out of memory errors on your VPS (resulting in the Java process - or even some other, random, process - dying.

Usually the setting can be found in your /usr/local/jboss/bin/run.conf or /usr/local/tomcat/bin/setenv.sh config files.  And your RimuHosting default install should have a reasonable value in there already.

If you are running a custom Java application, check there is a -XmxNNm (where NN is a number of megabytes) option on the Java command line.

The optimal -Xmx setting value will depend on what you are running.  And how much memory is available on your server.

From experience we have found that Tomcat often runs well with an -Xmx between 48m and 64m.  JBoss will need a -Xmx of at least 96m to 128m.  You can set the value higher.  However, you should ensure that there is memory available on your server.

To determine how much memory you can spare for Java, try this: stop your Java process; run free -m; subtract the 'used' value from the "-/+ cache" row from the total memory allocated to your server and then subtract another 'just in case' margin of about 10% of your total server memory.  The number you come up with is a rough indicator of the largest -Xmx setting you can use on your server.

Resolving: High Spam Assassin Memory Usage

Are you running a Spam Assassin 'daemon'?  It can create multiple (typically 5) threads/processes and each of those threads can use a very large amount of memory.

SpamAssassin works very well with just one thread.  So you can reduce the 'children' setting and reclaim some memory on your server for other apps to run with.

<code><br />for location in /etc/default/spamassassin /etc/sysconfig/spamassassin; do <br />if [ ! -e $location ]; then continue; fi<br />replace "SPAMDOPTIONS=\"-d -c -m5 -H" "SPAMDOPTIONS=\"-d -c -m1 -H" -- /etc/init.d/spamassassin<br />replace "\-m 10 " "-m 1 " -- $location<br />replace "\-m 5 " "-m 1 " -- $location<br />replace "\-m5 " "-m1 " -- $location<br />replace "max-children 5 " "max-children 1 " -- $location<br />done	<br /></code>

Another thing to check with spamassassin is that any /etc/procmailrc entry only does one spamassassin check at a time.  Otherwise if you receive a batch of incoming email they will all be processed in parallel.  This could cause your server CPU usage to spike, slowing down your other apps, and it may cause your server to run out of memory.

To make procmailrc run only one email at a time through Spamassassin use a lockfile on your recipe line.  e.g. change the top line of:

<code><br />:0fw:<br /># The following line tells Procmail to send messages to Spamassassin only if they are less thatn 256000 bytes. Most spam falls well below this size and a larger size could seriously affect performance.)<br />* < 256000<br />| /usr/bin/spamc<br /></code>

To:

<code><br />:0fw:/etc/mail/spamc.lock<br /># The following line tells Procmail to send messages to Spamassassin only if they are less thatn 256000 bytes. Most spam falls well below this size and a larger size could seriously affect performance.)<br />* < 256000<br />| /usr/bin/spamc<br /></code>

Resolving: High Apache Memory Usage

Apache can be a big memory user.  Apache runs a number of 'servers' and shares incoming requests among them.  The memory used by each server grows, especially when the web page being returned by that server includes PHP or Perl that needs to load in new libraries.  It is common for each server process to use as much as 10% of a server's memory.

To reduce the number of servers, you can edit your httpd.conf file.  There are three settings to tweak: StartServers, MinSpareServers, and MaxSpareServers.  Each can be reduced to a value of 1 or 2 and your server will still respond promptly, even on quite busy sites.  Some distros have multiple versions of these settings depending on which process model Apache is using.  In this case, the 'prefork' values are the ones that would need to change.

To get a rough idea of how to set the MaxClients directive, it is best to find out how much memory the largest apache thread is using. Then stop apache, check the free memory and divide that amount by the size of the apache thread found earlier. The result will be a rough guideline that can be used to further tune (up/down) the MaxClients directive. The following script can be used to get a general idea of how to set MaxClients for a particular server:

<code><br />#!/bin/bash<br />echo "This is intended as a guideline only!"<br />if [ -e /etc/debian_version ]; then<br />    APACHE="apache2"<br />elif [ -e /etc/redhat-release ]; then<br />    APACHE="httpd"<br />fi<br />RSS=`ps -aylC $APACHE |grep "$APACHE" |awk '{print $8'} |sort -n |tail -n 1`<br />RSS=`expr $RSS / 1024`<br />echo "Stopping $APACHE to calculate free memory"<br />/etc/init.d/$APACHE stop &> /dev/null<br />MEM=`free -m |head -n 2 |tail -n 1 |awk '{free=($4); print free}'`<br />echo "Starting $APACHE again"<br />/etc/init.d/$APACHE start &> /dev/null<br />echo "MaxClients should be around" `expr $MEM / $RSS`<br /></code>

Note: httpd.conf should be tuned correctly on our newer WBEL3 and FC2 distros.  Apache is not installed by default on our Debian distros (since some people opt for Apache 2 and others prefer Apache 1.3).  So this change should only be necessary if you have a Debian distro.

Resolving: High MySQL Memory Usage

Our rpm based distros (e.g. RH9 and WBEL3) have MySQL preinstalled but not running.  Our pre-install uses a memory efficient /etc/my.cnf file.  If you install MySQL on a Debian server, edit the key_buffer_size setting in /etc/mysql/my.cnf.  A small value like 2M often works well. For an ultra-tiny setup add or change the follow entries to the mysqld section:

<code><br /># if your are not using the innodb table manager, then just skip it to save some memory<br />#skip-innodb<br />innodb_buffer_pool_size = 16k<br />key_buffer_size = 16k<br />myisam_sort_buffer_size = 16k<br />query_cache_size = 1M<br /></code>

Troubleshooting Irregular Out Of Memory Errors

Sometimes a server's regular memory usage is fine.  But it will intermittently run out of memory.  And when that happens you may lose trace of what caused the server to run out of memory.

In this case you can setup a script (see below) that will regularly log your server's memory usage.  And if there is a problem you can check the logs to see what was running.

<code><br /># create a memmon.sh script that tracks the current date, memory usage and running processes<br />cat << EOF > /root/memmon.sh<br />#!/bin/bash<br />date;<br />uptime<br />free -m<br />vmstat 1 5<br />ps auxf --width=200<br />if which iptables 2>&1 > /dev/null; then<br />iptables -L | diff iptables_default - | awk '{print "IPTABLES: " $0}'<br />iptables -L > iptables_default<br />else<br />echo "IPTABLES MISSING"<br />fi<br />dmesg | diff -u dmesg_default - | grep '^+' | awk '{print "DMESG:" $0}'<br />dmesg > dmesg_default<br />EOF<br /><br />chmod +x /root/memmon.sh<br /><br /># create a cronjob that runs every few minutes to log the memory usage<br />echo '0-59/10 * * * * root /root/memmon.sh >> /root/memmon.txt' > /etc/cron.d/memmon<br />/etc/init.d/cron* restart <br /><br /># create a logrotate entry so the log file does not get too large<br />echo '/root/memmon.txt {}' > /etc/logrotate.d/memmon<br /><br /></code>

Just Add Memory

A simple solution to resolving most out of memory problems is to add more memory.  If you'd like to increase the memory on your VPS, just send us a support ticket and let us know how much memory you need (per the pricing here).



Reference: http://rimuhosting.com/howto/memory.jsp

Monday, December 21, 2009

/dev/sda3 has gone 188 days without being checked, check forced.

SkyHi @ Monday, December 21, 2009

In this post I will present a little story of what happened to me today. As I was working to upgrade the kernel on one server (remote of course), something very funny (at least if I look at it now) happened. When upgrading a kernel on a remote server there is always a chance (even if you are very experienced and done this several times, still there is a small chance) that something will not work as expected and when rebooting the system to no have it back online. Even though I have a good experience on doing this and I can’t remember since I have ‘lost’ a system when upgrading its kernel, I am always very careful when doing this.

Depending from the datacenter the server may have different remote management options besides the normal ssh connection: remote serial console, DRAC card (on Dell PowerEdge servers), KVM, or none. In this particular case I had a remote serial console enabled on the system. Since this server is in a load balancer setup, I could work on it without any problem, without affecting the site it is serving. I took the kernel config file from the previous kernel, verified the changes, compiled, installed, added the proper entry in grub, as you would expect on a kernel upgrade. After double-checking the grub entry again, I have logged on the remote console (if I had it, why not… if not I would have rebooted directly), and restarted the system.

The server was stuck…

The system rebooted as expected and I’ve chosen the new kernel in grub at boot time and then after normal kernel messages it stopped at the following line:

Adding 2048276k swap on /dev/sda2. Priority:-1 extents:1 across:2048276k
hmm… very strange… I reviewed all the messages above, nothing, no error at all… Still the system was stopped there and was apparently not doing anything.

Reboot with the original kernel.

Ok, I said… no problemo… I have done probably something wrong as I am very busy and very tired these days… so maybe I have done something wrong… So I thought I will reboot with the previous kernel and double check again and see what I did wrong. Rebooted (using the datacenter control panel to reset the system by cutting its power), and started the kernel that was running previously. Surprise… the exact same thing… the system was stopping at the same line.
…uff… what a way to start a Saturday morning… why did I started this today?

Trying out various kernel options

So I have started and rebooted several times the system and entered different kernel parameters (acpi=off, apic=verbose, disable udev, loglevel=7, nosmp, etc.) hoping that I will understand the real problem. Nothing helped and the system was always stopping at the same place.

What was the real problem? there was nothing wrong really, it was just running fsck…

Finally I realized that the remote serial console was not printing all the messages for me and it was redirecting them to the regular console… In order to have the kernel messages printed at the serial console I had to the kernel line added the following options:

console=ttyS0,9600n8 console=tty0
and I remembered that this kind of configuration will print ALL the kernel messages only on the LAST console. So I was not seeing everything… Uff… Rebooted with only the serial console enabled (removed console=tty0 completely). and finally I have seen that the system was not giving any error at all… It was just running fsck and since the disk was very big it was taking very long to complete:

Will now activate swap.
Adding 2048276k swap on /dev/sda2. Priority:-1 extents:1 across:2048276k
swapon on /dev/sda2
Done activating swap.
Will now check root file system.
fsck 1.39 (29-May-2006)
[/sbin/fsck.ext3 (1) -- /] fsck.ext3 -a -C0 /dev/sda3
/dev/sda3 has gone 188 days without being checked, check forced.
/dev/sda3: |============= \ 22.8%

So there was really nothing wrong with the kernel upgrade, but since I have not seen what was happening I was assuming that there was something broken. If I didn̢۪t had the remote serial console this would have been solved much faster since I would have just seen the system not starting, and I would have assumed that there is something wrong, and contacted the datacenter for help (reboot, KVM, etc); until I would have found them and they would had taken action the fsck would have probably finished and the system was back online.

Conclusion: things are not always as bad as they seem. If you have a similar situation and your system is not coming back online as fast as expected, in case it was not rebooted in a long time there might be a chance to have fsck running on your root device. If the root device is big (how it was in this case 500G – not my install btw) then it can take some time to complete. Of course that if I thought that this might happen I could have seen this before with tune2fs, or set it to do this check on a different time if needed.
I hope that this was a fun story to read on a weekend day… now it seems funny to me also. But definitely not at that time :-) .

Tune2fs output (after the successful reboot):
tune2fs -l /dev/mapper/VolGroup00-LogVol00
tune2fs 1.39 (29-May-2006)
Filesystem volume name:
Last mounted on:
Filesystem UUID: 3a895332-838f-41f5-8d1b-5758de68d0f8
Filesystem magic number: 0xEF53
Filesystem revision #: 1 (dynamic)
Filesystem features: has_journal filetype needs_recovery sparse_super large_file
Default mount options: (none)
Filesystem state: clean
Errors behavior: Continue
Filesystem OS type: Linux
Inode count: 60735488
Block count: 121462784
Reserved block count: 6073139
Free blocks: 101837359
Free inodes: 60358238
First block: 0
Block size: 4096
Fragment size: 4096
Blocks per group: 32768
Fragments per group: 32768
Inodes per group: 16384
Inode blocks per group: 512
Filesystem created: Sun Dec 4 14:27:31 2005
Last mount time: Sat Jul 22 06:03:27 2006
Last write time: Sat Jul 22 06:03:27 2006
Mount count: 2
Maximum mount count: 37
Last checked: Sat Jul 22 05:53:50 2006
Check interval: 15552000 (6 months)
Next check after: Thu Jan 18 04:53:50 2007
Reserved blocks uid: 0 (user root)
Reserved blocks gid: 0 (group root)
First inode: 11
Inode size: 128
Journal inode: 8
First orphan inode: 28311571
Default directory hash: tea
Directory Hash Seed: e61e1b99-d7e8-44d1-8c22-8cd72823b5c0
Journal backup: inode blocks

Tags: , ,

Related Posts:


Reference: http://www.ducea.com/2006/07/22/things-are-not-always-as-bad-as-they-seem/