The Penguinlinux.com Blog

HOW TO UPGRADE TO PHP 5.3 ON A CENTOS 5 DISTRO

tepezcuintle — Thu, 03 Dec 2009 18:36:35 +0000

HOW TO UPGRADE TO PHP 5.3 ON A CENTOS 5 DISTRO

I am trying to install cahoots a StackOverflow clone but I am running Centos 5 and by default
it comes with php 5.1.6 and I needed to install the Zend Framework. If you tried to install the Zend
framework you will realize that you need PHP 5.2 in order to use it.

I know there are ways to install a new version of PHP on Centos 5, I would not recommend this steps
on a production system at work because you will be using repos that are not supported by Redhat or Centos
so if the maintainer of the repo decides to you are stuck with a version of PHP that is not maintained
by anyone and if there are bugs or security risks you are stuck with a machine that is not supported anymore.

In my case this is my machine so I will install php 5.3 via the REMI repos

wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

Now upgrade php and mysql

yum –enablerepo=remi update php

you will see a bunch of rpm’s being dowloaded and then installed. But you will see this error.

############ ERROR UPGRADING PHP 5.3 #################################################

Transaction Check Error:
file /etc/my.cnf from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/charsets/Index.xml from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/charsets/cp1250.xml from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/czech/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/danish/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/dutch/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/english/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/estonian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/french/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/german/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/greek/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/hungarian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/italian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/japanese/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/korean/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/norwegian-ny/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/norwegian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/polish/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/portuguese/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/romanian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/russian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/serbian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/slovak/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/spanish/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/swedish/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386
file /usr/share/mysql/ukrainian/errmsg.sys from install of mysql-libs-5.1.41-1.el5.remi.i386 conflicts with file from package mysql-5.0.77-3.el5.i386

######### HOW TO FIX THE ABOVE ERROR ##############################

Well that sucked right. It seems some files are conflicting with my original install of MySQL the problem here is that
I am updating PHP but I also needed to update my MySQL to work with php 5.3 so i did the following

[root@penguin-web1 ZendFramework-1.7.8]# yum –enablerepo=remi update mysql

Dependency Installed:
libXaw.i386 0:1.0.2-8.1 libXmu.i386 0:1.0.2-5 libedit.i386 0:2.11-2.20080712cvs.el5 mysql-libs.i386 0:5.1.41-1.el5.remi
mysqlclient15.i386 0:5.0.67-1.el5.remi sqlite2.i386 0:2.8.17-2.el5.remi t1lib.i386 0:5.1.1-7.el5

Updated:
mysql.i386 0:5.1.41-1.el5.remi

Dependency Updated:
mysql-bench.i386 0:5.1.41-1.el5.remi mysql-server.i386 0:5.1.41-1.el5.remi php.i386 0:5.3.1-1.el5.remi php-cli.i386 0:5.3.1-1.el5.remi
php-common.i386 0:5.3.1-1.el5.remi php-devel.i386 0:5.3.1-1.el5.remi php-gd.i386 0:5.3.1-1.el5.remi php-ldap.i386 0:5.3.1-1.el5.remi
php-mbstring.i386 0:5.3.1-1.el5.remi php-mysql.i386 0:5.3.1-1.el5.remi php-pdo.i386 0:5.3.1-1.el5.remi php-snmp.i386 0:5.3.1-1.el5.remi
php-xml.i386 0:5.3.1-1.el5.remi php-xmlrpc.i386 0:5.3.1-1.el5.remi

Complete!
[root@penguin-web1 ZendFramework

################## VERIFY THAT PHP 5.3 HAS BEEN INSTALLED ##########################

[root@penguin-web1 ZendFramework-1.7.8]# php –version
PHP 5.3.1 (cli) (built: Nov 20 2009 17:51:14)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies
[root@penguin-web1 ZendFramework-1.7.8]#

Well this is great, now just reload the httpd server so it can use the new version of php

[root@penguin-web1 ZendFramework-1.7.8]# service httpd reload
Reloading httpd: [ OK ]
[root@penguin-web1 ZendFramework-1.7.8]#

##################### I SCREW UP MY SYSTEM I FUCKED UP AND NOW I AM STUCK WITH A BROKEN APPLICATION OR SYSTEM ##########

Yes what if you had an application that is not working anymore or even apache might not work in that case do this

yum –disablerepo=remi
yum remove php php-cli php-common (It didn’t remove dependencies when uninstalling just php)

yum install php (Reverts back to PHP version in Red Hat’s repositories)

Then restart httpd

Well so those are the steps to upgrade your system to php 5.3

Ciao my fellow Penguin readers

MySQL Backup Table Schema Structure and Backup only Data

tepezcuintle — Fri, 02 Oct 2009 16:50:39 +0000

This is a reminder of how to backup the schema of a complete database

mysqldump –no-data -h localhost -u root -ppassword mydatabase > mydatabase_backup

This is if you want to only backup certain tables schema.

mysqldump –no-data -h localhost -u root -ppassword mydatabase table1 table2 > mydatabase_backup.sql

More info at

http://dev.mysql.com/doc/refman/5.1/en/mysqldump.html#option_mysqldump_no-data

http://dev.mysql.com/doc/refman/5.1/en/mysqldump.html

Here is a cool shell script you can use to backup shema and data only.

#! /bin/bash

# backup-mysql.sh
#
# Craig Sanders
# this script is in the public domain. do whatever you want with it.

MYUSER=”USERNAME”
MYPWD=”PASSWD”

ARGS=”–single-transaction –flush-logs –complete-insert”

DATABASES=$( mysql -D mysql –skip-column-names -B -e ’show databases;’ | egrep -v ‘information_schema’ );

BACKUPDIR=/var/backups/mysql

YEAR=$(date +”%Y”)
MONTH=$(date +”%m”)
DAY=$(date +”%d”)

DATE=”$YEAR-$MONTH/$YEAR-$MONTH-$DAY”

mkdir -p $BACKUPDIR/$DATE
cd $BACKUPDIR/$DATE

for i in $DATABASES ; do
echo -n “backing up $i: schema…”
mysqldump $ARGS –no-data -u$MYUSER -p$MYPWD $i > $i.schema.sql

echo -n “data…”
mysqldump $ARGS –skip-opt –no-create-db –no-create-info -u$MYUSER -p$MYPWD $i > $i.data.sql

echo -n “compressing…”
gzip -9fq $i.schema.sql $i.data.sql
echo “done.”
done

# delete backup files older than 30 days
OLD=$(find $BACKUPDIR -type d -mtime +30)
if [ -n "$OLD" ] ; then
echo deleting old backup files: $OLD
echo $OLD | xargs rm -rfv
fi

The Most Common OpenSSL Commands

tepezcuintle — Fri, 02 Oct 2009 16:36:21 +0000

The Most Common OpenSSL Commands

One of the most versatile SSL tools is OpenSSL which is an open source implementation of the SSL protocol. There are versions of OpenSSL for nearly every platform, including Windows, Linux, and Mac OS X. OpenSSL is commonly used to create the CSR and private key for many different platforms, including Apache. However, it also has hundreds of different functions that allow you to view the details of a CSR or certificate, compare an MD5 hash of the certificate and private key (to make sure they match), verify that a certificate is installed properly on any website, and convert the certificate to a different format.

A compiled version of OpenSSL for Windows can be found here.

If you don’t want to bother with OpenSSL, you can do many of the same things with our SSL Certificate Tools. Below, we have listed the most common OpenSSL commands and their usage:

General OpenSSL Commands

These commands allow you to generate CSRs, Certificates, Private Keys and do other miscellaneous tasks.

Generate a new private key and Certificate Signing Request

openssl req -out CSR.csr -pubkey -new -keyout privateKey.key

Generate a self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout privateKey.key -out certificate.crt

Generate a certificate signing request (CSR) for an existing private key
```
openssl req -out CSR.csr -key privateKey.key -new
```

Generate a certificate signing request based on an existing certificate

openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking Using OpenSSL

If you need to check the information within a Certificate, CSR or Private Key, use these commands. You can also check CSRs and check certificates using our online tools.

Check a Certificate Signing Request (CSR)

openssl req -text -noout -verify -in CSR.csr

Check a private key
```
openssl rsa -in privateKey.key -check
```

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 file (.pfx or .p12)
```
openssl pkcs12 -info -in keyStore.p12
```

Debugging Using OpenSSL

If you are receiving an error that the private doesn’t match the certificate or that a certificate that you installed to a site is not trusted, try one of these commands. If you are trying to verify that an SSL certificate is installed correctly, be sure to check out the SSL Checker.

Check an MD5 hash of the public key to ensure that it matches with what is in a CSR or private key

openssl x509 -noout -modulus -in certificate.crt | openssl md5openssl rsa -noout -modulus -in privateKey.key | openssl md5openssl req -noout -modulus -in CSR.csr | openssl md5

Check an SSL connection. All the certificates (including Intermediates) should be displayed
```
openssl s_client -connect www.paypal.com:443
```

Converting Using OpenSSL

These commands allow you to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, you can convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file and use it with Tomcat or IIS. Use our SSL Converter to convert certificates without messing with OpenSSL.

Convert a DER file (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert a PEM file to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM
```
openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
```
You can add -nocerts to only output the private key or add -nokeys to only output the certificates.

Convert a PEM certificate file and a private key to PKCS#12 (.pfx .p12)

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Useful OpenSSL Tricks

tepezcuintle — Fri, 02 Oct 2009 16:31:17 +0000

Introduction

OpenSSL deserves a lot of credit. It is an extremely useful, valuable Open Source project. When
people talk about how successful Apache is, rock-solid crypto toolkits like OpenSSL and OpenSSH should
also be mentioned. Here are a few (of the many) functions that I have found useful, along with examples of
how to use them:

Base64 Encoding and Decoding
Symmetric Encryption and Decryption of Files
Cryptographic Hashing of Files
S_CLIENT SSL/TLS Test Utility

These examples assume that you are using a Unix-like OS, with OpenSSL 0.9.6b or higher.

Base64 Encode/Decode

Base64 encoding is a standard method for converting 8-bit binary information into a limited subset
of ASCII characters for safe transport through e-mail systems, and other systems that are not 8-bit
safe. With OpenSSL, it is very easy to encode and decode Base64 data:

$ openssl enc -base64 -in myfile -out myfile.b64

$ openssl enc -d -base64 -in myfile.b64 -out myfile.decrypt

Symmetric Encryption/Decryption of Files

As you can imagine, being able to encrypt and decrypt files with strong ciphers is a useful function.
With OpenSSL, you can even use the commands in shell scripts. Here are some command line examples
using the Blowfish, Triple DES, and CAST5 ciphers:

$ openssl enc -e -a -salt -bf -in tomcat.jpg -out tomcat.blowfish
enter bf-cbc encryption password:
Verifying password - enter bf-cbc encryption password:

$ openssl enc -d -a -bf -in tomcat.blowfish -out tomcat-decrypt.jpg
enter bf-cbc decryption password:

$ openssl enc -e -a -salt -des3 -in tomcat.jpg -out tomcat.des3
enter des-ede3-cbc encryption password:
Verifying password - enter des-ede3-cbc encryption password:

$ openssl enc -d -a -des3 -in tomcat.des3 -out tomcat-des3.jpg
enter des-ede3-cbc decryption password:

$ openssl enc -e -a -salt -cast5-cbc -in tomcat.jpg -out tomcat.cast5
enter cast5-cbc encryption password:
Verifying password - enter cast5-cbc encryption password:

$ openssl enc -d -a -cast5-cbc -in tomcat.cast5 -out tomcat-cast5.jpg
enter cast5-cbc decryption password:

If the file will not be transported as an e-mail attachment, you can forego the
-a argument, which base64 encodes and decodes the ciphertext. Sometimes this is
referred to as “ASCII armor”. The non-base64 encoded files should be smaller. Here is an example
using the CAST5-CBC algorithm:

$ openssl enc -e -salt -cast5-cbc -in tomcat.jpg -out tomcat.nob64
enter cast5-cbc encryption password:
Verifying password - enter cast5-cbc encryption password:

$ openssl enc -d -cast5-cbc -in tomcat.nob64 -out tomcat-nob64.jpg
enter cast5-cbc decryption password:

Cryptographic Hashing Functions

What if you want to check to see that a file has not been tampered with? One simple way to do this
is a cryptographic hashing function. This will give you a fixed-length string (called a
message digest) given an input
file of any length. SHA-1 and RIPE-MD160 are considered current; MD-5 is considered outdated.

$ openssl dgst -sha1 -c tomcat.jpg
SHA1(tomcat.jpg)= 92:b1:9b:96:ef:45:c3:89:b4:2e:e6:96:5b:43:bf:02:66:4a:47:8f

$ openssl dgst -ripemd160 -c tomcat.jpg
RIPEMD160(tomcat.jpg)= 68:f2:05:a9:9d:52:f1:cc:04:ed:d7:1e:42:80:0a:b8:c0:e6:cc:6d

$ openssl dgst -md5 -c tomcat.jpg
MD5(tomcat.jpg)= e7:13:d6:a7:cc:16:e3:da:0a:f7:ab:5a:fa:e3:3b:34

You can see that the md5sum utility that is shipped with most GNU/Linux distributions returns the
same value as the openssl md5 message digest:

$ md5sum tomcat.jpg
e713d6a7cc16e3da0af7ab5afae33b34  tomcat.jpg

The OpenSSL dgst (message digest/hashing) command also has numerous options for signing digests,
verifying signatures, etc.

S_CLIENT SSL/TLS Test Utility

OpenSSL has a great test utility available, called s_client. This lets you test servers
that use SSL/TLS with a powerful command line utility. The following is an example of using
s_client to view information about a secure web server:

$ openssl s_client -connect www.redhat.com:443

CONNECTED(00000003)
depth=0 /C=US/ST=North Carolina/L=Durham/O=Red Hat, Inc./OU=Web Operations/CN=www.redhat.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=North Carolina/L=Durham/O=Red Hat, Inc./OU=Web Operations/CN=www.redhat.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=US/ST=North Carolina/L=Durham/O=Red Hat, Inc./OU=Web Operations/CN=www.redhat.com
verify error:num=21:unable to verify the first certificate
verify return:1
—
Certificate chain
 0 s:/C=US/ST=North Carolina/L=Durham/O=Red Hat, Inc./OU=Web Operations/CN=www.redhat.com
   i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
—
Server certificate
—–BEGIN CERTIFICATE—–
MIID3TCCA0qgAwIBAgIQC4A9mzg//B7clolOw0V4WzANBgkqhkiG9w0BAQQFADBf
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x
LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDExMTE0MDAwMDAwWhcNMDMxMjA1MjM1OTU5WjCBgTELMAkGA1UEBhMCVVMx
FzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQHFAZEdXJoYW0xFjAUBgNV
BAoUDVJlZCBIYXQsIEluYy4xFzAVBgNVBAsUDldlYiBPcGVyYXRpb25zMRcwFQYD
VQQDFA53d3cucmVkaGF0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
4MFi5Xg1rYKETCZ4inSeLJwK4/g/WcOI8JUpH7aK/Hm/e8Lz0uwagzEg/EQnACGl
o6HZsAwlNwV/H4LDXhf4I7NIfgLHmrp6qY1e3SX5qfAAPbxFl4ghiGzNdlTR2Pkn
XQhj/0eW8Pt7NdmQ6LDaMHxb2WchBQYVTYC/cK2zU+8CAwEAAaOCAXkwggF1MAkG
A1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9j
cmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5jcmwwgawGA1UdIASBpDCB
oTCBngYLYIZIAYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZl
cmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjAD
AgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBs
dGQuIChjKTk3IFZlcmlTaWduMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAZBgpghkgBhvhFAQYPBAsWCTg3ODA1MTU1NjA0BggrBgEFBQcBAQQoMCYwJAYI
KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLnZlcmlzaWduLmNvbTANBgkqhkiG9w0BAQQF
AAN+AEBUhe0gnMw8OWcnKA5XnoglC3V9v//UIZh7lVJCaMA/K2tFAiRlmkGPsim7
H8rHpZhtTOUBqZl6PuA/VJD2wCECJ+uUYx0zUh1dKwoJKWgcaBQOQ6GsCgxsOB2a
i6wMUcAlqHZULjF1mDkM4bu0gNmLXpIMIsw9UotTvz/O
—–END CERTIFICATE—–
subject=/C=US/ST=North Carolina/L=Durham/O=Red Hat, Inc./OU=Web Operations/CN=www.redhat.com
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
—
No client certificate CA names sent
—
SSL handshake has read 1549 bytes and written 314 bytes
—
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : EDH-RSA-DES-CBC3-SHA
    Session-ID: 97D3E2DF903F5757AF8BED807F5FD9665F43300F139BDFCD1701974D97E5C5CA
    Session-ID-ctx:
    Master-Key: 4B2295AEDCE520F4615769135FB65EBD6E2345C88FCE4EB7450B71B17FD1A2B4460D751DC3DF05C311DA54B02A7B04D1
    Key-Arg   : None
    Start Time: 1063899107
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)
—

Once you have connected, you can manually type in any commands you want, such as “GET /” and
“HEAD / HTTP/1.0” for secure web servers. There are also options
like -no_tls1 and -no_ssl2 that let you specify which version of SSL/TLS that you want to
connect with.

The -showcerts and -debug options are also worth a look.

Resources

OpenSSL home page
man openssl
man enc
man dgst
man s_client

Search and Replace String MySQL

tepezcuintle — Mon, 17 Aug 2009 15:25:23 +0000

A day will eventually come when your need to find and replace a string of text in your database. You don’t know which row, or which column, or which table. Heck, you may not even know which database. Your options are: spend the rest of the summer hunting down the elusive table cells, or use the weapon of mass replacement described below. Naturally and as usual, you absolutely must back up your database (or databases) before attempting any far-reaching scripted mumbo jumbo.

#!/bin/bash echo -n "Enter username: " ; read db_user echo -n "Enter $db_user password: " ; stty -echo ; read db_passwd ; stty echo ; echo "" echo -n "Enter database name: " ; read db_name echo -n "Enter search string: " ; read search_string echo -n "Enter replacement string: " ; read replacement_string


MYSQL="/usr/bin/mysql --skip-column-names -u${db_user} -p${db_passwd}"
echo "SHOW TABLES;" | $MYSQL $db_name | while read db_table

do

	echo "SHOW COLUMNS FROM $db_table;" | $MYSQL $db_name| \

	awk -F'\t' '{print $1}' | while read tbl_column

	do

		echo "update $db_table set ${tbl_column} = replace(${tbl_column}, '${search_string}', '${replacement_string}');" |\

		$MYSQL $db_name

	done

done

Create your own PGP Public Key

tepezcuintle — Fri, 14 Aug 2009 17:30:18 +0000

Linux create your own GnuPG private and public key GNU gpg is encryption and signing tool.


The GNU Privacy Guard (GnuPG or GPG) is a free software replacement for the PGP suite of cryptographic software.
GnuPG encrypts messages using asymmetric keypairs individually generated by GnuPG users. The resulting public keys can be exchanged with other users in a variety of ways, such as Internet key servers. They must always be exchanged carefully to prevent identity spoofing by corrupting public key ? 'owner' identity correspondences. It is also possible to add a cryptographic digital signature to a message, so the message integrity and sender can be verified, if a particular correspondence relied upon has not been corrupted.

How do I create my own GnuPG private and public key

1) Login to your shell account
2) Use gpg command to create the keys
$ gpg –gen-key

Output:
gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.

This program comes with ABSOLUTELY NO WARRANTY.

This is free software, and you are welcome to redistribute it

under certain conditions. See the file COPYING for details.
gpg: directory `/home/vivek/.gnupg’ created

gpg: new configuration file `/home/vivek/.gnupg/gpg.conf’ created

gpg: WARNING: options in `/home/vivek/.gnupg/gpg.conf’ are not yet active during this run

gpg: keyring `/home/vivek/.gnupg/secring.gpg’ created

gpg: keyring `/home/vivek/.gnupg/pubring.gpg’ created

Please select what kind of key you want:

   (1) DSA and Elgamal (default)

   (2) DSA (sign only)

   (5) RSA (sign only)

Your selection? Press [Enter] Key

DSA keypair will have 1024 bits.

ELG-E keys may be between 1024 and 4096 bits long.

What keysize do you want? (2048) Press [Enter] Key

Requested keysize is 2048 bits

Please specify how long the key should be valid.

         0 = key does not expire

        = key expires in n days

      w = key expires in n weeks

      m = key expires in n months

      y = key expires in n years

Key is valid for? (0) Press [Enter] Key

Key does not expire at all

Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID

from the Real Name, Comment and Email Address in this form:

    “Heinrich Heine (Der Dichter) ”
Real name: Vivek Gite

Email address: vivek@nixcraftcorp.com

Comment:[Enter] key

You selected this USER-ID:

    “Vivek Gite ”
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O

You need a Passphrase to protect your secret key.
Enter passphrase: [Enter password twice]

We need to generate a lot of random bytes. It is a good idea to perform

some other action (type on the keyboard, move the mouse, utilize the

disks) during the prime generation; this gives the random number

generator a better chance to gain enough entropy.

.+++++….+++++++++++++++..++++++++++..++++++++++…++++++++++++++++++++.+++++++++++++++++++++++++++++++++++.+++++..++++++++++++++++++++.++++++++++..+++++.+++++.+++++>+++++….+++++>.+++++………………………………………………………….+++++^^^^^^^^^^^

gpg: /home/vivek/.gnupg/trustdb.gpg: trustdb created

gpg: key 8E19F126 marked as ultimately trusted

public and secret key created and signed.
gpg: checking the trustdb

gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model

gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

pub   1024D/8E19F126 2007-02-10

      Key fingerprint = A7AF E25D 3E8D 6946 37CC  8CCE 12C4 8DC1 8E19 F126

uid                  Vivek Gite

sub   2048g/032824B9 2007-02-10

3) Now keys generated, you can list your own key using:
$ gpg -K

OR
$ gpg –list-keys

Output:
/home/vivek/.gnupg/pubring.gpg

——————————

pub   1024D/CA7A8402 2007-02-10

uid                  Vivek Gite

sub   2048g/0A7B4F93 2007-02-10

Let us try to understand the line pub 1024D/CA7A8402 2007-02-10:
?pub : Public key

?1024D : The number of bits in the key

?CA7A8402 : The key ID

?2007-02-10 : The date of key creation

?Vivek Gite : The user real name

? : The email id

Most important is the key ID i.e. CA7A8402. Make sure you use powerful passphrase to protect keys and not the easy one.
4) To list secret key, type the command:
$ gpg –list-secret-keys

Output:

/home/vivek/.gnupg/secring.gpg —————————— sec 1024D/CA7A8402 2007-02-10 uid Vivek Gite ssb 2048g/0A7B4F93 2007-02-10

How to Drop all Tables on a MySQL database

tepezcuintle — Thu, 13 Aug 2009 19:17:28 +0000

Let’s say you need to drop all tables in a mysql database. How do you do that?

You could use a gui, but that’s not fun.

You’re a shell jockey so you want a commandline:

mysql -u uname dbname -e "show tables" | grep -v Tables_in | grep -v "+" | \ gawk '{print "drop table " $1 ";"}' | mysql -u uname dbname

(that’s all one line, but if I do it as a line then it screws up my theme - go figure).

This assumes that you are running in passwordless mode. See “man mysql” for tips on how to pass in passwords in another manner.

What this does is

1.connect to a specific mysql database and execute the command for showing tables
2.find lines that match “Tables_in” and not show them
3.find lines that match the + character and not show them
4.use gawk to print out the words “drop table” followed by the table name (which is in $1) and then a semicolon
5.pipe all of that back to the database you got the list from to drop those tables
Fun stuff and very handy!

A Simple Monitoring Script to monitor devices or hosts

tepezcuintle — Fri, 01 May 2009 21:38:04 +0000

At work we have a few routers, switches and servers that if they go down we want to know right away. The last thing we want is the CEO coming to our desk asking why the mail server is down or why the webserver it not responding.

I wrote a little script a very simple one that given a list of hosts and IP addresses will ping a host and if it is detected as down it will send you an email right away.

########## Instructions on how to use this monitor script ############

Make a directory called scripts
mkdir /scripts then inside create using your favorite text editor the following script

#!/bin/bash # Ping Alert Monitor by Marco Maldonado V 1.0 # Create a hosts file and save it somewhere on your server # specify a path and an email address where you want to send alerts # # Note: Your hosts file should have the IP address of the host followed by a space and the name # of the server: Example Below # # 69.147.76.15 www.yahoo.com # 209.85.165.147 wwww.google.com #


# Path to your hosts file
HOSTS="/scripts/hosts"
# Email address where to send alerts, you can add more addresses followed by a comma
EMAIL="yourname@yourdomain,someaddres@gmail.com"
### Do not edit anything below ############
for myHost in `cat $HOSTS | cut -d' ' -f1` ; do

     ping -c 1 $myHost > /dev/null

 if [ $? -ne 0 ] ; then

    echo “Server `grep $myHost $HOSTS` is down reported down at `date`” | mail -s “Ping Alert Server `grep $myHost $HOSTS` might be down” $EMAIL

 fi ;

 done

replace the email addresses listed there you can put only one or multiple email addresses separated by a comma. I put my gmail address because in case my mail server goes down i can still get a report to another address.

Save the script and make it executable chmod 755 /scripts/ping_alert.sh

Create a host file of the hosts you want to monitor starting with the IP address of the server and then some details about the server example

10.1.29.100 Exchange Server 120.12.45.2 External webserver www.yourdomain.com ( Phone support 212-453-### ) 10.1.30.22 Cisco Catalist for Segment XYZ 10.1.30.33 Lexmark TCP IP Printer

save the file and name it hosts. You are almost done.

Now create a crontab entry on your crontab file that will monitor the above IP addresses by the minute.

here is a quick way to edit your crontab.

crontab -l > mycrontab.txt

this will dump your crontab into the mycrontab.txt file. Edit that file and add the following line to it.

* * * * * /scripts/ping_alert.sh >> /dev/null 2>&1

as an example here is my current crontab.


[root@penguincares scripts]# crontab -l > mycrontab.txt

[root@penguincares scripts]# more mycrontab.txt

* * * * * /usr/bin/php /opt/projects/mrtg/serverstats/update.php >> /dev/null 2>&1

* * * * * /scripts/ping_alert.sh >> /dev/null 2>&1

*/5 * * * * php /opt/projects/mrtg/cacti/poller.php > /dev/null 2>&1

Then to load this new crontab all you have to do is type

crontab mycrontab.txt and that will load the new changes that you added.

######### NOW WHAT ? #################

That’s it your crontab entry is monitoring those devices by sending a ping request it they go down
you will get an email right away telling you which IP address failed. You can test to see if it is working or not by putting a fake ip address and a server name next to it.

When the script detects the downed server you should recieve and emal saying the following

Subject:Ping Alert Server 216.21.3.33 Exchange Server might be down

Body: Server 216.21.3.33 Exchange Server is down reported down at Fri May 1 17:07:11 EDT 2009

This is a simple monitor not the greatest way to monitor a server but you can be sure you will know when a certain server or device fails. I will be adding other checks to this script in about a few more days, one of the checks i will add is to stop sending email right after 5 alerts. This is to prevent having hundreds of emails flooding your inbox.

I’ve been running the script for a few weeks and it has helped me catch problems on our network and people always ask me how do i know when things go down so fast :) well know you know.

Good luck Penguins

Your File System became read only. What gives?

tepezcuintle — Mon, 27 Apr 2009 13:38:40 +0000

If your system abruptly loses power, or if a RAID card is beginning to fail, you might see an ominous message like this within your logs:

EXT3-fs error (device hda3) in start_transaction: Journal has aborted

Basically, the system is telling you that it’s detected a filesystem/journal mismatch, and it can’t utilize the journal any longer. When this situation pops up, the filesystem gets mounted read-only almost immediately. To fix the situation, you can remount the partition as ext2 (if it isn’t your active root partition), or you can commence the repair operations.

If you’re working with an active root partition, you will need to boot into some rescue media and perform these operations there. If this error occurs with an additional partition besides the root partition, simply unmount the broken filesystem and proceed with these operations.

Remove the journal from the filesystem (effectively turning it into ext2):

# tune2fs -O ^has_journal /dev/hda3

Now, you will need to fsck it to correct any possible problems (throw in a -y flag to say yes to all repairs, -C for a progress bar):

# e2fsck /dev/hda3

Once that's finished, make a new journal which effectively makes the partition an ext3 filesystem again

# tune2fs -j /dev/hda3

You should be able to mount the partition as an ext3 partition at this time:

# mount -t ext3 /dev/hda3 /mnt/fixed

Be sure to check your dmesg output for any additional errors after you’re finished!

Configure Postfix with smart host

tepezcuintle — Tue, 21 Apr 2009 16:45:35 +0000

At work i setup a programming environment for developers. The server is on a natted IP address range and could not send email to our internal mail server because of some weird firewall issues.

All email going to external sites was working fine but to send to our internal domain it wouldn’t work so i had to figure out how to get emails out. I am running postfix on the server so what I did i had postfix relay the mail to my ISP’s mail server. I had done this in the past using sendmail but with postfix I had to do the following.

My ISP requires that mail from my dynamic IP to our small business email addresses uses their outgoing SMTP servers. This is probably done to reduce abuse and spam but now I’m not able to send email and local Postfix log file displays authentication failure message. How do I relay mail through my mail ISP servers using Postfix SMTP under Linux / UNIX like operating systems?

Postfix has a method of authentication using SASL. It can use a text file or MySQL table as a special password database.

Configure SMTP AUTH for mail servers

Create a text file as follows:
# P=/etc/postfix/password # vi $P
The format of the client password file is as follows:

#smtp.isp.com       username:password
smtp.vsnl.in         vivek@vsnl.in:mySecretePassword

Save and close the file. Set permissions:
# chown root:root $P # chmod 0600 $P # postmap hash:$P

Enable SMTP AUTH

Open main.cf file, enter:
# vi /etc/postfix/main.cf
Append following config directives:

 relayhost = smtp.vsnl.in
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/password
smtp_sasl_security_options =

Where,

relayhost = smtp.vsnl.in : Rely all mail via smtp.vsnl.in ISP mail server.
smtp_sasl_auth_enable = yes : Cyrus-SASL support for authentication of mail servers.
smtp_sasl_password_maps = hash:/etc/postfix/password : Set path to sasl_passwd.
smtp_sasl_security_options = : Finally, allow Postfix to use anonymous and plaintext authentication by leaving it empty.

Save and close the file.

Then run postmap /etc/postfix/password

Restart Postfix:
# /etc/init.d/postfix reload
Test your setup by sending a text email:
$ echo 'This is a test.' > /tmp/test $ mail -s ‘Test’ you@example.com < /tmp/test # tail -f /var/log/maillog # rm /tmp/test