May 12, 2007

Some Selinux Tips


vi /etc/selinux/targeted/booleans.local
allow_ypbind=0
ftpd_disable_trans=1
httpd_disable_trans=1
or
setsebool ftpd_disable_trans 1
setsebool httpd_disable_trans 1
for vsftpd
modprobe ip_nat_ftp 2> /dev/null
modprobe ip_conntrack_ftp 2> /dev/null
for openwebmail
touch /var/log/openwebmail.log
chcon -u system_u /var/log/openwebmail.log
chcon -t httpd_sys_script_rw_t /var/log/openwebmail.log
chcon -t httpd_unconfined_script_exec_t /var/www/cgi-bin/openwebmail/openwebmail*

for awtstats
chcon -t httpd_unconfined_script_exec_t /usr/local/awstats/wwwroot/cgi-bin/*

drupal installed modules

Layout
Content Construction Kit (CCK)
http://drupal.org/node/48429
Front Page
http://drupal.org/project/front
Nice Menus
http://drupal.org/node/43047
Block Bar
http://drupal.org/node/36373
Feedback
http://drupal.org/project/feedback
Page
Print Friendly Pages
http://drupal.org/project/print
Forward
http://drupal.org/node/31638
Service links
http://drupal.org/node/40790
Tagadelic
http://drupal.org/project/tagadelic
TinyMCE WYSIWYG Editor
http://drupal.org/project/tinymce
IMCE
http://drupal.org/project/imce
Image
http://drupal.org/project/image
TOP
Live Discussion
http://drupal.org/node/14950

Media
Gallery
http://drupal.org/project/gallery
Lightbox V2
http://drupal.org/node/55200
Views
http://drupal.org/project/views
Community
Guestbook
http://drupal.org/project/guestbook
Invite
http://drupal.org/project/invite
Organic groups
http://drupal.org/project/og
Privatemsg
http://drupal.org/project/privatemsg
Legal
http://drupal.org/project/Legal
Simplenews
http://drupal.org/project/simplenews
LDAP integration
http://drupal.org/project/ldap_integration
Utility
DB Maintenance
http://drupal.org/node/41588
SMTP support
http://drupal.org/project/smtp
Workspace
http://drupal.org/project/workspace
Notify
http://drupal.org/project/notify
Control Panel
http://drupal.org/node/32400
captcha
http://drupal.org/project/captcha
Textimage
http://drupal.org/project/textimage
Announcement
Timeline
http://drupal.org/project/timeline
Event
http://drupal.org/project/event
* eventfinder: useful for sites that have large amounts of events across many geographical locations
* volunteer: signup to volunteer for an event
* RSVP: users can create and manage RSVPs associated with events
* signup: allows you to signup enable
* event views: adds views module compatability
Reference
http://tw-drupal.info/module
http://drupal.org/project/Modules
Nick的十大Drupal模組
http://tw-drupal.info/node/130

remote backup to tape

#Server

  useradd backup
su - backup
ssh-keygen -t rsa
mv .ssh/id_dsa.pub .ssh/authorized_keys
mt -f /dev/st0 rewind
chown backup /bin/st0

#copy your key to client
(use vi to copy and past) or scp etc..

#Client

  vi backup.sh
#!/bin/sh
#remote backup to tape
#Author: Yu-Jen Chen
filename="www_"`date +%Y%m%d_%H%M%S`".tar.gz"
remote="203.64.178.107"
tar -zcf $filename /var/www/html/
scp -i id_rsa $filename backup@$remote:~
ssh -i id_rsa backup@$remote "tar -rvf /dev/st0 "$filename

#set crontab
 crontab -e
0 3 15,30 * * /var/www/backup/backup.sh

Some SSH Tips

SSH的相關安全設定

http://www.study-area.org/tips/ssh_tips.htm

http://linux.vbird.org/linux_server/0310telnetssh.php#ssh_sshdconfig

關於Client 的登入工具
http://linux.vbird.org/linux_server/0310telnetssh.php#ssh_client

#密碼
#私鑰

http://linux.vbird.org/linux_server/0310telnetssh.php#ssh_nopasswd

若使用putty需使用PuTTYgen將ssh-keygen 的key轉換putty所用的格式


Load→Save private Key…

使用 Key Agent
若有太多key時於可以參考Pageant
#Kerberos & GSSAPI

請man sshd_config

#putty系列的工具
http://libai.math.ncu.edu.tw/bcc16/6/putty/
http://www.chiark.greenend.org.uk/~sgtatham/putty/

l PuTTY
提供 Telnet 以及 SSH client 的功能。

l PSCP
提供 SCP client 的功能(安全加密的網路檔案拷貝,使用命令提示列)。

l PSFTP
提供 PSFTP client 的功能。

l PuTTYtel
僅提供 Telnet client 的功能。

l Plink
提供 SSH client ,使用命令提示列。

l Pageant
SSH 認證通行碼的代理程式。  

l PuTTYgen
提供產生RSA金鑰的工具。

當訊息為亂碼時

請注意系統的charset與client 的charset


或換為Big5


當然一般狀況換為en的環境可以避免較多的亂碼或排版跳格問題

若要更改預設字元集則於

vi /etc/sysconfig/i18n


Some OpenLDAP Resourse

主要的站:

http://www.openldap.org/


電子書:

http://www.bspu.secna.ru/~swp/LDAP/

http://www.zytrax.com/books/ldap/

實體書(中文):

http://203.64.181.44/Webpac2/store.dll/?ID=169574&T=0&S=ASC&ty=ns

Tools:

ldapadmin

http://ldapadmin.sourceforge.net/

jxplorer

http://www.jxplorer.org/

CSV to LDIF Converter(perl)

http://www.novell.com/coolsolutions/tools/14462.html

CSV2LDIF

http://www.home.unix-ag.org/patrick/index.php?csv2ldif

http://www.bind9.net/ldap-tools

LDAP函式庫:

PHP_LDAP

http://tw.php.net/manual/tw/ref.ldap.php

JDNI

http://java.sun.com/products/jndi/

Perl-LDAP

http://ldap.perl.org/

參考網址:

http://del.icio.us/tag/ldap

http://en.wikipedia.org/wiki/LDAP

Introduction to LDAP

http://twistedmatrix.com/users/tv/ldap-intro/ldap-intro.html


Red Hat Enterprise Linux 4: Reference Guide:Chapter 13. Lightweight Directory Access Protocol (LDAP)

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/ref-guide/ch-ldap.html

jiing's BlogLDAP相關資料整理
http://jiing.blogspot.com/2004/12/ldap.html

LDAP Howto, LDAP Links, LDAP Whitepapers

http://www.bind9.net/ldap/

Steven's Linux Note - Articles

http://ms.ntcb.edu.tw/~steven/

OpenLDAP-輕量級目錄存取協定前言
http://www.weithenn.idv.tw/cgi-bin/wiki.pl/OpenLDAP-%e8%bc%95%e9%87%8f%e7%b4%9a%e7%9b%ae%e9%8c%84%e5%ad%98%e5%8f%96%e5%8d%94%e5%ae%9a%e5%89%8d%e8%a8%80

RedHat Enterprise Linux Server 4.3 + OpenLDAP + DNS + Samba + Postfix + OpenWebmail
http://www.nseasy.net/

OpenLDAP: Configuring Access Control Lists

http://sapiens.wustl.edu/~sysmain/info/openldap/openldap_configure_acl.html

vbird網友投書

http://linux.vbird.org/somepaper

延伸閱讀:

Single Sign on

http://en.wikipedia.org/wiki/Single_sign-on

LdapInjection

http://www.owasp.org/index.php/LDAP_injection


LDAP Software, LDAP Tools, LDAP Utilities