Kinh Nghiệm Việt Nam - Thủ Thuật PC

Change date time Linux

noreply@blogger.com (vitec) — Thu, 19 Apr 2012 04:51:00 +0000

In order to manually change the timezone, you can edit the /etc/sysconfig/clock file and then make a new soft link to /etc/localtime. Here is an example of changing the timezone manually to "America/Denver":

1. Select the appropriate time zone from the /usr/share/zoneinfo directory. Time zone names are relative to that directory. In this case, we will select "America/Denver"

2. Edit the /etc/sysconfig/clock text file so that it looks like this:

ZONE="America/Denver"
UTC=true
ARC=false

Of course, this assumes that your hardware clock is running UTC time...

3. Delete the following file: /etc/localtime

4. Create a new soft link for /etc/localtime. Here is an example of step 3 and step 4:

# cd /etc
# ls -al localtime
lrwxrwxrwx 1 root root 39 Mar 28 07:00 localtime -> /usr/share/zoneinfo/America/Los_Angeles

# rm /etc/localtime

# ln -s /usr/share/zoneinfo/America/Denver /etc/localtime
# ls -al localtime
lrwxrwxrwx 1 root root 34 Mar 28 08:59 localtime -> /usr/share/zoneinfo/America/Denver

# date
Fri Mar 28 09:00:04 MST 2003

How to secure your Kloxo for iptables

noreply@blogger.com (vitec) — Fri, 16 Mar 2012 09:04:00 +0000

Stop iptables service:

/etc/init.d/iptables stop

Disable iptables service:
chkconfig iptables off

Copy this code to /etc/init.d/firewall (Reminder: Disable "word wrap" in your text editor. Ex.: nano -w /etc/init.d/firewall)

#!/bin/sh
# firewall
# chkconfig: 3 21 91
# description: Starts, stops iptables firewall

case "$1" in
start)

# Clear rules
iptables -t filter -F
iptables -t filter -X
echo - Clear rules : [OK]

# SSH In
iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
echo - SSH : [OK]

# Don't break established connections
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo - established connections : [OK]

# Block all connections by default
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
echo - Block all connections : [OK]

# SYN-Flood Protection
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD: "
iptables -A syn-flood -j DROP
echo - SYN-Flood Protection : [OK]

# Loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
echo - Loopback : [OK]

# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT
echo - PING : [OK]

# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
echo - DNS : [OK]

# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
echo - NTP : [OK]

# FTP Out
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT
# FTP In
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo - FTP : [OK]

# HTTP + HTTPS Out
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
# HTTP + HTTPS In
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
echo - HTTP/HTTPS : [OK]

# Mail SMTP:25
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
echo - SMTP : [OK]

# Mail POP3:110
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
echo - POP : [OK]

# Mail IMAP:143
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
echo - IMAP : [OK]

# Kloxo
iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
echo - Kloxo : [OK]

echo - Firewall [OK]
exit 0
;;

stop)
echo "Stopping Firewall... "
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t filter -F
echo "Firewall Stopped!"
exit 0
;;

restart)
/etc/init.d/firewall stop
/etc/init.d/firewall start
;;

*)
echo "Usage: /etc/init.d/firewall {start|stop|restart}"
exit 1
;;
esac

chmod 700 /etc/init.d/firewall

add firewall service:
chkconfig --add firewall

auto start firewall:
chkconfig --level 2345 firewall on

start firewall:
/etc/init.d/firewall start

If you have slave server, add this on the master

iptables -t filter -A INPUT -p tcp -s SLAVE_IP --dport 7779 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -d SLAVE_IP --dport 7779 -j ACCEPT

Note: replace SLAVE_IP with your Slave server IP.

Add this on slave server

iptables -t filter -A INPUT -p tcp -s MASTER_IP --dport 7779 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp -d MASTER_IP --dport 7779 -j ACCEPT

Note: replace MASTER_IP with your Master server IP.

Cron running job / script every 5 second

noreply@blogger.com (vitec) — Thu, 15 Mar 2012 14:35:00 +0000

crontab -e add this on your crontab */1 * * * * /scripts/5secondrotatorscript.sh #! /bin/bash LOGFILE=/root/username/logs/log_`date +%H%M%S`.log x=60 while [ ${x} -gt 0 ] do /usr/bin/php /home/username/public_html/scripts/file.php >> $LOGFILE x=$((x-5)) sleep 5 done save as 5secondrotatorscript.sh

Chức năng NAT của iptables

noreply@blogger.com (vitec) — Thu, 15 Mar 2012 11:09:00 +0000

iptables -t nat -A PREROUTING -p tcp --dport 80 -d 1.1.1.1 -i eth0 -j DNAT --to 2.2.2.2:80

iptables -t nat -A POSTROUTING -p tcp --dport 80 -o eth0 -j SNAT --to 1.1.1.1

Ghi chú:
- 1.1.1.1 là IP address của eth0 trên reverse proxy, 2.2.2.2 là IP address của eth0 trên web-server.

- 2 lệnh này được chạy trên reverse proxy và chúng chỉ "redirect" traffic đến cổng 80, nếu bạn cần redirect traffic đến các cổng khác như 443 chẳng hạn, bạn phải thêm vào các lệnh tương ứng.
- Lệnh số 1 có tác dụng chuyển destination IP address (hence DNAT) của tất cả TCP packet đến cổng 80 của IP 1.1.1.1 thành cổng 80 của IP 2.2.2.2. Lệnh này nằm ở chain PREROUTING, nghĩa là nó được apply trước giai đoạn routing.

- Lệnh số 2 có tác dụng chuyển source IP address (hence SNAT) của tất cả TCP packet đi ra bằng đường eth0 có destination port là 80 thành 1.1.1.1. Lệnh này nằm ở chain POSTROUTING, nghĩa là nó được apply sau giai đoạn routing.

Giải thích:

1. client 3.3.3.3 gửi một packet (src=3.3.3.3, dst=1.1.1.1) đến reverse proxy 1.1.1.1

2. Lệnh thứ nhất sẽ chuyển packet này thành (src=3.3.3.3, dst=2.2.2.2).

3. Lệnh thứ hai sẽ chuyển packet này thành (src=1.1.1.1, dst=2.2.2.2).

3. Sau khi web-server 2.2.2.2 nhận được packet này, nó sẽ tạo ra một packet (src=2.2.2.2, dst=1.1.1.1) và gửi lại cho reverse proxy 1.1.1.1.

4. reverse proxy 1.1.1.1 sẽ nhìn vào NAT table của lệnh thứ hai để chuyển packet này thành (src=2.2.2.2, dst=3.3.3.3)

5. reverse proxy 1.1.1.1 tiếp tục nhìn vào NAT table của lệnh thứ nhất để chuyển packet này thành (src=1.1.1.1, dst=3.3.3.3)

6. reverse proxy 1.1.1.1 gửi packet (src=1.1.1.1, dst=3.3.3.3) lại cho client 3.3.3.3

Apache 2.2.x security tricks (CentOS) - Bảo vệ an toàn cho apache 2.2.x

noreply@blogger.com (vitec) — Wed, 14 Mar 2012 16:44:00 +0000

Install httpd-devel and gcc:

yum install httpd-devel gcc

        Download this modules (you'll need the .c files)
        mod_allowmethods: http://www.apachelounge.com/viewtopic.php?t=4238
        mod_antiloris: http://sourceforge.net/projects/mod-antiloris/
        mod_reqtimeout: https://github.com/apache/httpd/blob/2.2.x/modules/filters/mod_reqtimeout.c

Upload those files to your server (secure ftp via ssh port should be a good way to do so).

        Build and install the modules

        apxs -cia mod_allowmethods.c
        apxs -cia mod_antiloris.c
        apxs -cia mod_reqtimeout.c

        Go to /etc/httpd/conf.d and add a file named 3rdparty.conf with:

TraceEnable Off

TraceEnable Off
<Directory />
    LimitRequestBody 8388608
    <IfModule allowmethods_module>
        AllowMethods GET HEAD OPTIONS POST
    </IfModule>
</Directory>

<IfModule antiloris_module>
    IPReadLimit 20

</IfModule>

<IfModule reqtimeout_module>
    RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
</IfModule>

Please note that LimitRequestBody will disallow uploading/posting more than 8MB (8388608 bytes) but for most websites it should be ok.

$ service httpd fullstatus | grep antiloris mod_antiloris/0.4

Install mod_security in Kloxo (Lxadmin) on Centos 5.3

noreply@blogger.com (vitec) — Tue, 13 Mar 2012 14:11:00 +0000

First of all make sure you switched the default webserver to Apache2. This can be done in the Kloxo admin console under the Server > Switch server tab.

Retrieve the mod_security binary for your platform. You can find detailed information here, but below are the key steps assuming you're running a Centos 5.3 VPS.

1. Validate the packages by installing the GPG key:

rpm --import http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka

2. Add the following to your '/etc/sysconfig/rhn/sources' file:

yum utterramblings http://www.jasonlitka.com/media/EL5/$ARCH

3. Type:

vi /etc/yum.repos.d/utterramblings.repo

... and then paste the following into the editor:

[utterramblings]
name=Jason's Utter Ramblings Repo
baseurl=http://www.jasonlitka.com/media/EL$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=http://www.jasonlitka.com/media/RPM-GPG-KEY-jlitka
4. Update your yum repository by typing yum update and accepting the update. This might take a bit of time depending on when you did your last update.

5. Install modsecurity by typing: yum install mod_security

6. Restart the Apache webserver: service httpd restart.

That's it!

Note that a default ruleset is included and activated during the installation. If you want to edit the configuration, the following can be useful:

/etc/httpd/conf.d: all files in this directory are loaded during Apache startup
/etc/httpd/conf.d/mod_security.conf: default configuration loading the mod_security module and the default rule set
/etc/httpd/modsecurity.d: default rule set

Tham khao: http://www.clientcentral.info/knowledgebase.php?action=displaycat&catid=1015

Dùng iptables để band IP

noreply@blogger.com (vitec) — Tue, 06 Mar 2012 09:18:00 +0000

Liệt kê tất cả các IP đang band
/etc/init.d/iptables status

- Band một IP
iptables -A INPUT -s 123.42.168.250 -j DROP
iptables -A OUTPUT -p tcp -d 123.42.168.250 -j DROP

Lệnh trên để band IP tức thời thôi, khi restart lại service iptables, thì tất cả các IP đã band sẽ mất
Nếu muốn không mất ta phải save nó lại

/etc/init.d/iptables save

[root@ns ~]# /etc/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target     prot opt source               destination
1    ACCEPT     tcp -- 0.0.0.0/0            0.0.0.0/0           tcp dpt:22
2    DROP       all -- 112.213.95.11       0.0.0.0/0
3    DROP       all -- 123.42.168.250       0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num target     prot opt source               destination
1    DROP       tcp -- 0.0.0.0/0            112.213.95.11
2    DROP       tcp -- 0.0.0.0/0            123.42.168.250

Để remove IP đã band, ta phải xác định IP band đang ở num mấy

[root@ns ~]# iptables -D INPUT 2
[root@ns ~]# iptables -D OUTPUT 1

Các lệnh view log
iptables -L INPUT -v -n --line-numbers
iptables -L OUTPUT -v -n --line-numbers

Có thể dùng lệnh sau để drop
iptables -D INPUT -s 113.161.207.117 -j DROP

Thanh toán và Rút tiền từ tài khoản Paypal ở Việt Nam

noreply@blogger.com (vitec) — Sat, 25 Feb 2012 03:18:00 +0000

Có lẽ nhiều bạn đã biết về Paypal cũng như công dụng và hạn chế của nó. Nếu ai chưa biết thì mình giới thiệu sơ qua về Paypal. Paypal là 1 cổng thanh toán trực tuyến phổ biến thế giới và hiện nay có rất nhiều website cho phép thanh toán trực tuyến thông qua tài khoản Paypal để mua hàng trên mạng. Paypal sẽ giúp lên kết đến số tiền có trong các tài khoản ngân hàng (Band Account), thẻ tín dụng (Credit Card), thẻ ghi nợ (Debit Card)… để tiến hành các giao dịch.

Theo xu thế tiến bộ của thời đại thì việc thanh toán trực tuyến là điều khó tránh khỏi, vậy tại sao không tạo 1 tài khoản Paypal ngay từ bây giờ để dùng cho các giao dịch trực tuyến sau này. Ở các nước tiến bộ, Paypal cho phép người dùng gởi tiền vào để mua sắm hoặc rút tiền ra từ số tiền trong Paypal (dành cho những người buôn bán trên mạng) để có tiền mặt sử dụng.

Đối với Việt Nam, với danh hiệu “lỗ đen Internet” lẫy lừng nên việc Paypal không cho phép tài khoản ở Việt Nam rút tiền là điều không lấy làm lạ ^^. Tuy nhiên, do sức ép cùng với nhu cầu mở rộng giao dịch trực tuyến nên cách đây mấy tháng thì các tài khoản Paypal Việt Nam đã có thể rút tiền được từ tài khoản Paypal rồi. Đồng nghĩa với việc bạn có thể nhận tiền hoặc kinh doanh trực tuyến thông qua tài khoản Paypal.
Sau 1 thời gian kiểm nghiệm, mua sắm, xin tiền vô tài khoản và rút tiền thành công từ paypal với tài khoản ở Việt Nam, nay mình viết bài này nhằm chia sẽ tới các bạn những kinh nghiệm trong việc sử dụng paypal để mua sắm, buôn bán Online mà không sợ ràng buộc như trước. Bài này mình sẽ tập trung vào 1 số trọng điểm chính sau:

1> Tạo tài khoản paypal ở Việt Nam
2> Verify địa chỉ Email cho tài khoản Paypal.
3> Đăng ký thẻ VISA Debit để giao dịch.
4> Kết hợp & Xác nhận thẻ vào tài khoản Paypal để thực hiện các giao dịch.
5> Một Hóa đơn minh họa thanh toán thành công bằng tài khoản Paypal.
6> Rút tiền ngược từ tài khoản Paypal về thẻ để sử dụng.

1> Tạo tài khoản paypal ở Việt Nam

Hình 1-1: Nhấn vào liên kết Sign Up để đăng ký tài khoản paypal

Hình 1-2: Chọn quốc gia Việt Nam và loại tài khoản bạn cần tạo. Có thể tạo Personal để mua hàng. Loại tài khoản này bạn có thể thay đổi sau cũng được. Nhấn nút Get Started để bắt đầu.

Hình 1-3: Tới bước này, bạn nhập các thông tin về tài khoản cần tạo. Sau đó nhấn nút Agree and Create Account. Nếu thông tin bạn nhập đúng và đầy đủ thì tài khoản của bạn sẽ được tạo và sẽ tới bước kế tiếp.

Hình 1-4: Tới trang này có nghĩa là bạn đã đăng ký thành công tài khoản Paypal. Bước này Paypal hỏi bạn có muốn gắn thẻ thanh toán của bạn vào Paypal bây giờ không, nếu bạn chưa có thẻ thì nhấn vào liên kết Go to My Account để vào trang nhà của bạn.

Hình 1-5: Lần đầu tiên bạn login thì Paypal sẽ tới trang thiết đặt câu hỏi bảo mật để sau này có thể phục hồi lại tài khoản nếu có trục trặc gì. Paypal sẽ cho bạn set 2 câu hỏi. Hoàn tất và nhấn Submit để vào trang quản lý tài khoản.

Hình 1-6: Đây là giao diện trang tài khoản của bạn. Chú ý mũi tên màu đỏ chỉ là nói tài khoản của bạn chưa được xác nhận. Bạn để ý cái box bên phải có 2 cái link Confirm email address và Confirm my debit or credit card. Mình sẽ hướng dẫn các bạn xác nhận lần lượt từng phần trong các bước tiếp theo.

2> Verify địa chỉ Email cho tài khoản Paypal

Hình 2-1: Sau khi đăng ký tài khoản thì Paypal sẽ gởi 1 email với nội dung như trên. Trong email sẽ có phần mã xác nhận (là 20 chữ số) trong phần CONFIRMATION CODE.

Hình 2-2: Bạn đăng nhập vào Paypal, nhấn vào liên kết Confirm email address để tiến hành xác nhận Email.

Hình 2-3: Nhấn vào liên kết mà mũi tên màu đỏ chỉ, để tới trang nhập mã xác nhận mà bạn nhận được trong email.

Hình 2-4: Nhập mã xác nhận trong email vào đây rồi nhấn Confirm

Hình 2-5: Nếu mã xác nhận bạn nhập là hợp lệ thì bạn sẽ thông báo là đã xác nhận email thành công. Các bước tiếp theo chúng ta sẽ tiến hành liên kết thẻ ngân hàng vào tài khoản Paypal

3> Đăng ký thẻ VISA Debit để giao dịch.

Hình 3-1: Trước tiên bạn cần đến các trung tâm giao dịch của ACB để làm thẻ VISA Debit, chi phí hình như 100k/năm. Bạn nên nhớ 1 số vấn đề sau khi đi đăng ký thẻ. a>bạn cần nạp vào thẻ khoảng 100K để sau này paypal tiến hành thanh toán thử để xác nhận thẻ. b>Kêu họ tạo cho bạn 1 tài khoản online để kiểm tra tình trạng thẻ thông qua chức năng login trên trang acb.com.vn. c> Hỏi các thông tin về SWIFT CODE, mã thẻ...để sau này khai báo trong Paypal. Nếu không sau này mỗi lần không biết mà hỏi thì cực lắm. Các ngân hàng khác thì mình chưa thử, chỉ test mỗi ACB và đã thành công.

Hình 3-2: Hình dạng thẻ VISA Debit của ACB phát hành. Một số thông tin bạn cần biết đó là: Mã thẻ (16 chữ số), tên chủ tài khoản, ngày hết hạn và mã an toàn để tiến hành các giao dịch.

Hình 3-3: Nếu bạn có tài khoản do bên ngân hàng cấp thì có thể login tại trang acb.com.vn để vào xem tình trạng thẻ.

Hình 3-4: Đây là trang xem số dư trong thẻ của mình. Ở đây mình đã nạp 200K vào tài khoản để tiến hành kết nối với Paypal. Lưu ý: quá trình kết nối với Paypal là miễn phí, ban đầu họ charge bạn 1 số tiền (1.95usd) rồi sau đó sẽ refund lại cho bạn. Tới phần sau các bạn sẽ biết cụ thể hơn. Như vậy là bạn đã có đủ thông tin về thẻ cũng như 1 ít tiền trong thẻ. Tiếp theo bạn chỉ cần Gắn thẻ vào Paypal và xác nhận nữa là bạn có thể thanh toán, mua bán, gởi nhận tiền thông qua Paypal rồi.

4> Kết hợp & Xác nhận thẻ vào tài khoản Paypal để thực hiện các giao dịch

Hình 4-1: Bạn đăng nhập hoặc trở về My Account (như hình 2-2), bạn nhấn vào liên kết Link and confirm my credit or debit card để tới trang này. Bạn tiến hành nhập các thông tin trên thẻ rồi nhấn Save and Continue để qua bước xác nhận.

Hình 4-2: Tới bước này là bạn đã liên kết được thẻ VISA Debit của mình vào Paypal rồi (hoàn thành 50% nhiệm vụ). Sau khi liên kết thành công, Paypal sẽ gởi cho bạn 1 cái email như hình 4-3 để báo cho bạn biết. Nhiệm vụ còn lại khá phức tạp là Xác nhận thẻ này cho Paypal để Paypal hiểu các giao dịch sau này sẽ sử dụng thẻ VISA Debit của bạn. Nhấn Continue để tiến hành Xác nhận. Quá trình xác nhận diễn ra như sau: đầu tiên Paypal sẽ lấy (charge) của bạn $1.95, bạn phải kiểm tra trong phần đăng nhập thẻ trên ACB để biết có giao dịch với Paypal hay không và tìm 4 con số như chỉ dẫn, sau đó vào lại phần xác nhận thẻ và nhập 4 con số này vào như bước 4-6.

Hình 4-3: Email Paypal thông báo là bạn đã liên kết thẻ vào tài khoản Paypal

Hình 4-4: Email Paypal đưa các chỉ dẫn các bước Xác nhận tài khoản VISA của bạn.

Hình 4-5: Nếu làm theo đúng tiến trình (chờ khoảng 1,2 ngày) thì bạn vào trang quản lý thẻ của ACB sẽ thấy dòng giao dịch như trên..chú ý phần chi tiết 1234PAYPAL..., 1234 chính là con số mà bạn đang chờ đợi.

Hình 4-6: Sau khi có được 4 con số ở bước 4-5, bạn vào liên kết Confirm my card và nhập 4 con số này vào ô PayPal code và nhấn Submit. Ở đây mình nhập 5678. Trong trường hợp bạn bị kẹt ở bước 4-5 (giống mình), có nghĩa là chờ hoài không thấy giao dịch từ Paypal qua ACB, thôi đừng hy vọng nữa, bạn có thể vô trang Confirm này nhấn vào nút Resend PayPal Code để nó charge lại 1 lần nữa, yên tâm, dù có hay không thì sau nay nó charge bạn bao nhiêu thì nó sẽ trả lại hết cho bạn và bỏ vào PayPal balance.

Hình 4-7: Sau khi nhấn Submit, nếu làm đúng trình tự và nhập đúng số thì bạn sẽ được đưa tới trang My Account với thông báo là họ sẽ trả tiền lại (refund) cho bạn trong khoảng 24 tiếng nữa. Chờ đợi nhé !

Hình 4-8: Lưu ý, sau khi Confirm đầy đủ (bước 2,bước 4) thì chỗ mũi tên màu đỏ nói là bạn đã Verify, vậy là ổn rồi. Tuy nhiên hiện tại tiền vẫn chưa vô vì mình chụp hình này là lúc tiền Paypal chưa refund vô kịp. Bạn lưu ý mũi tên màu xanh, bạn đang ở loại tài khoản Personal (như đã tạo lúc đầu), bạn nhấn vào liên kết Upgrade để chuyển lên tài khoản Premier, yên tâm, miến phí ^^. Quá trình Upgrade đơn giản nên mình không minh họa ở đây.

Hình 4-9: Hình này có nghĩa là bạn đã được PayPal trả tiền ($1.95) và tài khoản của bạn đã ở Premier và đã được xác nhận (Verified). Chúc mừng bạn, như vậy là bạn đã bắt đầu đi mua sắm online được rồi. Nếu bạn muốn biết PayPal xử lý thế nào với PayPal balance và tiền trong thẻ VISA của bạn thì xem bước 5 để xem 1 hóa đơn mà Paypal thanh toán

5> Một Hóa đơn minh họa thanh toán thành công bằng tài khoản Paypal

Hình 5-1: Trong hình này bạn sẽ thấy được cách mà Paypal thanh toán giúp bạn. Đây là hóa đơn mình mua 1 Domain trên trang godaddy.com. Tổng đơn hàng này là $7.67 USD. Đầu tiên Paypal sẽ charge tiền trong PayPal Balance trước (trong trường hợp này trong PayPal mình chỉ còn có $1.32), nếu không đủ thì paypal tiến hành charge số tiền còn lại vào số tiền trong thẻ mà bạn đã liên kết trong bước 4. Đơn giản và dễ hiểu đúng không nào ^^.

6> Rút tiền ngược từ tài khoản Paypal về thẻ để sử dụng

Nếu bạn muốn rút tiền từ PayPal balance thì đầu tiên bạn phải chuyển tiền từ PayPal balance vào tài khoản VISA Debit của bạn, sau đó chỉ cần ra ATM của ACB rút thôi, cũng không phức tạp lắm. Mình sẽ hướng dẫn các bạn.

Hình 6-1: Bạn nhấn vào liên kết Withdraw trong trang My Account như trên.

Hình 6-2: Tới đây bạn nhấn vào liên kết mà mũi tên chỉ.

Hình 6-3: Lần đầu tiên bạn cần nhập các thông tin về ngân hàng thì mới chuyển tiền từ Paypal qua được. Ở đây có 1 số thông tin mà bạn cần phải nhập. Những thông tin như Bank name, SWIFT code thì bạn phải hỏi nơi phát hành thẻ mới biết. Do đó ở bước 3, mình đã khuyên các bạn hỏi 1 lần luôn. Đối với ACB, Account number chính là số thẻ luôn. Các ngân hàng khác thì không rành

Hình 6-4: Sau khi thêm ngân hàng thành công, bạn sẽ được chuyển qua trang rút tiền. Ở đây bạn có thể xem tỷ giá hiện tại thời điểm mà bạn đang muốn rút. Nếu đồng ý thì cứ nhập số tiền vào vào nhấn Continue để sang bước xác nhận. Lưu ý, đối với USD thì tối thiểu $10 USD mới chuyển được.

Hình 6-5: Đây là thông tin xem lại trước khi bạn nhấn Submit là hoàn tất quá trình chuyển từ Paypal balance sang tài khoản trong thẻ VISA ACB. Lưu ý phí chuyển tiền là 60K sẽ được trừ vào số tiền mà bạn chuyển. Nếu xem hình thì bạn sẽ thấy nếu mình chuyển $10 USD thì thẻ VISA của mình chỉ được có 116,891VND.

Hình 6-6: Đây là màn hình MyAccount sau khi bạn đã chuyển tiền, nhìn vào bảng các giao dịch bạn sẽ thấy 1 giao dịch chuyển tiền. Chờ 2-4 ngày thì tiền sẽ được chuyển vào thẻ VISA Debit của bạn. Việc còn lại là của bạn, muốn làm gì với số tiền đó thì làm, có thể mời mình 1 ly cafe cũng được ^^.

—————–

Như vậy là mình đã hướng dẫn khá chi tiết những bước giúp các bạn tận dụng Paypal như là 1 công cụ đắc lực hỗ trợ cho các giao dịch trực tuyến

how to install memcached

noreply@blogger.com (vitec) — Wed, 15 Feb 2012 04:29:00 +0000

Install memcached

Cách 1: Cài và chạy bằng tay

Here's a quick recipe for installing memcached on EC2 Amazon Linux AMI 1.0.

yum install gcc libevent libevent-devel
cd /usr/local/src
wget http://memcached.org/latest
tar -xf memcached-*.tar.gz
cd memcached-*
./configure
make && make install

Memcached will be installed to /usr/local/bin. Let's make sure everything went well by running memcached:

/usr/local/bin/memcached -u root -d

Then we'll make sure it's running

ps aux | grep memcached

netstat -anp | grep 11211

And finally kill it.

pkill memcached

Cách 2: Cài và chạy service

Going all out - building a memcached rpm

If you're installing memcached on multiple machines then having an RPM handy is preferred. Make sure to run this as the ec2-user and not root.

cd ~
sudo yum install gcc libevent libevent-devel rpm-build perl-Test-Base
echo "%_topdir /home/ec2-user/rpmbuild" >> ~/.rpmmacros
mkdir -p /home/ec2-user/rpmbuild/{SPECS,BUILD,SRPMS,RPMS,SOURCES}
wget http://memcached.org/latest
rpmbuild -ta memcached-*.tar.gz

The RPM will be created in ~/rpmbuild/RPMS/x86_64/ or ~/rpmbuild/RPMS/i386/ depending on whether you chose a 32 or 64 bit AMI. Copy the rpm to your home directory and run the command below to install memcached to /usr/bin/memcache

sudo yum localinstall memcached-*.rpm --nogpgcheck

The beauty of this approach is that you can now do the following to start or stop memcached

service memcached status
service memcached start
service memcached stop

And finally you can enable memcached at startup with this simple command:

chkconfig memcached on

Install php-pecl-memcache

#if apt-get, rpm, or yum doesn't work

cd /usr/src/
wget http://pecl.php.net/get/memcache-2.2.4.tgz
tar -zxvf memcached-2.2.4.tgz
cd memcached-2.2.4
phpize && ./configure --enable-memcache && make
cp modules/memcache.so /usr/lib/php/modules/

# Note: packaged extension modules are now loaded via the .ini files
# found in the directory php.ini

php -i | grep php.ini

vi /etc/sysconfig/memcached

PORT=”11211″                #define on which port to urn
USER=”nobody”           #same as apache user
MAXCONN=”1024″     #maximum number of connections allowed
CACHESIZE=”64″         #memory used for caching
OPTIONS=”"                   #use for any custom options

add php.ini

extension="memcache.so"

restart service https

/etc/init.d/httpd restart

Note: Neu bi loi can install cac goi

yum install php-devel
yum install zlib-devel
yum install zlib zlib-devel

Check memcache

php -i | grep memcache

[root@dedi94125 ~]# more testmemcach.php
$memcache = new Memcache;
$memcache->connect('127.0.0.1', 11211);
print_r($memcache);
?>

[root@dedi94125 ~]# php testmemcach.php
Memcache Object
(
[connection] => Resource id #5
)

[root@dedi94125 ~]#

Learn how to Sniff Wireless Passwords with Pirni (Man in the Middle Attack)

noreply@blogger.com (vitec) — Fri, 03 Feb 2012 06:50:00 +0000

The thing about the iPod Touch and the iPhone is that they are great portable hacking devices. To the naked eye the iPod Touch/iPhone looks like nothing more than an ordinary mp3 player/cellphone however that is just an understatement to its full potential. Once your iPod Touch/iPhone is jailbroken you have access to your whole file system meaning that applications generally associated with laptop/desktop hacking can be ported and used on the iPod Touch/iPhone. This opens up a whole lot of possibilities for network sniffing, port scanning and much much more! In this tutorial we are going to take a look at one of these programs called Pirni.

What is Pirni?

Pirni is an application that was ported to The Ipod Touch/iPhone to be used as a native network sniffer. Pirni is so useful because it gets past the iPod Touch’s/iPhone’s wifi hardware limitation of not being able to be set into promiscious mode (a mode that allows a network device to intercept and read each network packet that arrives in its entirety). To get past this limitation Pirni comes with an ARP spoofer that successfully routes all the network traffic through your iPod Touch/iPhone, records it to a dump file and then uses packet forwarding to send it to it’s normal recipent (ie. the router). What this basically means in simpler terms is that all the traffic on a specific network comes through your iPod Touch/iPhone before it reaches the router. This meaning that if we sniff the network long enough, another user connected to the network could enter in an unencrypted password and you could then retrieve that password after looking through your dump file.

Using Pirni

Pirni is an application that does not have a GUI (Graphical User Interface) and it requires a program called Terminal to run and be used. Terminal is basically an application that allows you to give your iPod Touch/iPhone simple commands. Below I am going to go through the steps of installing and using Pirni… **Note this is a technical tutorial and is not recommended for users new to computers. Please also note that this tutorial is for educational purposes only. It is illegal to sniff a wireless network that is not your own. Use and Follow this Tutorial at your own Risk.
Step 1) - The first thing you are going to need to do is install a program called Mobile Terminal on your iPod Touch/iPhone. This program is available through cydia, so open up cydia and type in terminal into the search tab. Once you find Mobile Terminal on your search Results install it to your iPod Touch/iPhone.

Step 2) - Once you have installed terminal the next application you are going to install is Pirni. Type pirni into the search tab and once it appears on your search results click it and install it to your iPod Touch/iPhone. Once Pirni installs you will have installed everything you need to begin sniffing wireless networks…

Step 3) - Before you launch terminal and begin sniffing you will need a few pieces of information on your wireless network; the network’s ip address and the router’s ip address. You can find out this information by launching Settings and clicking Wifi then clicking on the arrow next to Your wireless network’s Name. Once you find the information you are looking for which is the IP Address and the Router IP Address write it down on a piece of paper so you remember it.

Step 4) - Now that you have the required information you are ready to begin the process of sniffing with Pirni. The first thing you need to do is open up Terminal; so do this now by finding Terminal on your springboard and clicking it to launch it. **Note Terminal sometimes takes a few times to actually load. If you click the Terminal application and it opens and closes then simply click it again until it fully launches. Once you get Terminal up and Running you are going to need to login as a a root user to gain full access to your iPod Touch/iPhone. Type in the following commands and please note they are all case sensitive so copy them exactly as shown…

su
alpine (alpine is the default password. If you have not changed your password then use alpine)

Once you have gained root access continue to step 5…
Step 5) - Once you are logged in as the root user you can begin using Pirni. To initiate Pirni you are going to need to enter in a line of commands replacing whats in red with your network specific information.
-s: Specifies the IP-adress you want to spoof, this is where the Router IP Address goes.
-d: Specifies the target you want to perform MITM on, this is where the IP Address of your network goes.
-f: Specifies the Berkley Packet Filter so that pirni only collects interesting packets. This is very good if you want to filter out specific packets – such as FTP, SMTP or HTTP. If no -f options is supplied, all packets will be captured.
-o: Specifies the dumpfile where all the collected packets end up. This is a pcap dump format, that most traffic analyzers can handle.

iphone4s:~ root# more get.sh
pirni -s 192.168.1.1 -o log.pcap
pirni -s 192.168.1.1 -d 192.168.1.189 -f "tcp dst port 80" -o log.pcap
pirni -i en1 -s 192.168.1.1 -d 255.255.255.0 -o log.pcap

iphone4s:~ root#

Once you enter the Commands Pirni will initiate and begin collecting packets. A packet is a formatted unit of data carried by a packet mode computer network. For example, every Web page that you receive comes as a series of packets, and every e-mail you send leaves as a series of packets. Pirni collects these packets and records them into a readable dump file that can be analyized at a later date on your computer. In order for Pirni to collect something interesting you are going to need to visit a website that doesnt use an ssl encrypted connection. Leave your iPod Touch or iPhone alone collecting packets and go to a website that doesn’t use an ssl encrypted connection and login to that website. An example of this kind of website would be Hawkee.com this website does not use an ssl encrypted connection while handling logins. If you want to test out Pirni to see if you can get a password register an account up with Hawkee.com and login to your account while you are sniffing your network. Once you are done scanning the network drag your finger across the screen in a diagnol direction and this will stop pirni correctly. **Note it is important to close pirni this way to avoid errors while analyzing your dump file later on.

Analyzing your Dump File

Now that you have sniffed the packets on your network you now have to analyze the dump file created by Pirni. To do this you will need to get the dump file off your iPodTouch/iPhone by using a program called Winscp. This program allows you to access the files on your iPodTouch/iPhone. To use this program you will need two things; open ssh installed on your iPodTouch/iPhone and Winscp installed on your computer…
Step 1) - Download openssh to your iPodTouch/iPhone by going into Cydia and typing in openssh into the search panel. Once you see openssh on the search results click it and install open ssh. Once open ssh has been installed exit cydia and continue to step 2…

Step 2) - The next thing you need to do is install a program called winscp to your computer. This program will allow you to take files off your iPod Touch/iPhone with an easy to use GUI (Graphical User Interface).

Download Winscp Here

Once Winscp Downloads to your computer install it by following the easy to use steps of the installer…
Step 3) - Once Winscp has finished installing double click the winscp.exe to launch the program. You will be presented with a window like the one depicted below…

Once you get Winscp up and running you are going to need to enter in some information into Winscp. The first thing you need to enter is the Host name which is your networks IP Address. This is the Address that you wrote down earlier you can find it inside Settings > Wifi >Your Network Name Tab. The next thing you need to enter is the Username this is always left as root. The last piece of information you need to enter in is the password the default password if you haven’t changed it is alpine. If you have changed your password then enter your current password in the password field now.

Once you enter in the required information click the Login Button. The first time you login it will take awhile to load just be patient and wait it can take up to five minutes. The first time you login you will also get a warning message that will appear simply hit the ok button to the warning message. When you succesfully login click the / button on the top right hand corner of the screen…

Once you click the / Button (Which is the Root Directory Shortcut) the next thing you are going to do is click the User file directory as shown below. This is where all your dump files are saved and stored through Pirni…

Once you are inside the User File Directory you should now see your log file. Drag the Log file to your Desktop and then Exit Winscp as you are now done using the program. Winscp is a useful program if you need to access your iPod Touch/iPhones internal File Structure. Now that you know how to use Winscp you can use this useful program anytime you want.

Step 4) - Now that your Log File has been successfully transferred to your computer you are now going to need to download an application that will analyze the dump file called WireShark.

Download WireShark Here

With WireShark successfully downloaded to your computer double click the setup.exe and install it to your computer. When it asks you if you want to install WinPcap click no because you will not need this functionality while analyzing your dump file.
Step 5) - Now that WireShark is installed double click the WireShark.exe on your Desktop to start the program. Once the Program is up and running you are going to need to open your log file. Click the Open Button in the middle of the screen and then locate your log file which should be on your Desktop.

Once you locate your Dump file and load it into WireShark you will now see a screen with a bunch of packets displayed. These are all the Packets that you captured while you were sniffing your network. If you have never seen packets before all of this information will mean nothing to you and seem confusing. If you research a little bit online about packets you will find these packets are a lot more interesting however if you are new to this whole thing then the search tool will be your friend. Click the Magnifying glass on the top of the screen and it will bring up a search window.

Once the Search window comes up you will be presented with three options Display Filter, Hex Value and String. Click the String Option and then type in password into the search field and click the Find Button. The Search Tool is a great tool to find interesting information in your dump file. With the search tool it will quickly scan through all your packets and will find a match to what you are searching for. It defiantly beats looking through hundreds of packets till you find something interesting. With the search tool you can simply type in keywords that would be of interest to you like password,username,login,email and it will try to find a match. **Note not all dump files will contain interesting information like passwords,usernames etc… It all depends on what users connected to the network you are scanning are doing.

Once you click the find button you will be directed to the packet that contains the password string or the string that you typed into the search field. If you look at what is highlight you can see that you have successfully found the username and password to your hawkee.com account. If this was performed on an unknown network you would have successfully sniffed a password that you can then do what you want with. WireShark is a very powerful tool for analyzing packets if you go to their Website you can learn a lot about packets and other analyzing techniques not discussed on this tutorial.

As you can see your iPod Touch or iPhone can be transformed into a powerful password sniffing device. With Pirni you can have a powerful password sniffing program hidden within your iPod Touch/iPhone. You can have your morning coffee at starbucks while sniffing its wireless network without anyone knowing or suspecting a thing. There are many other useful hacking programs on the iPod Touch/iPhone, and I will write more tutorials for programs like Ngrep and TCP Dump in the future if enough interest is given. As always if you require any help with this tutorial please feel free to post your questions/comments in the comments section below.

UDIDFaker – fake udid for your iPhone IOS device

noreply@blogger.com (vitec) — Mon, 30 Jan 2012 14:33:00 +0000

UDIDFaker is a jailbreak tweak that can fake udid to let you try some charges app, these are prevent you re-use by the only udid on your device, with udidfaker fake a udid for an app, this app will think this is a new device, so you can continue to use a free trial app.
UDIDFaker has updated version 2.3-3.

Follow these steps to spoof Your Device’s UDID

1.) Download UDID Faker(my repo )

2.) Download this .plist file
3.) Download NotePad++ and open .plist file
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “ http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>com.app.bundle</key>
<string>Enter Valid UDID</string>
</dict>
</plist>
Ok now enter a Valid Fake UDID and app bundle name to find the bundle name go into the .app folder you want to spoof for Info.plist open it until you find Bundle Identifier
Ok now Save the .plist file to your desktop. Then SSH into your device to

/private/var/mobile/Library/Preferences/

If you would like to spoof more than 1 app for example 3 apps it’s gona look like this
<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “ http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>com.app.bundle</key>
<string>Change this for valid-fake UUID</string>
<key>com.app.bundle2</key>
<string>Change this for valid-fake UUID</string>
<key>com.app.bundle3</key>
<string>Change this for valid-fake UUID</string>
</dict>
</plist>

Create random HEX for linux

noreply@blogger.com (vitec) — Mon, 30 Jan 2012 14:26:00 +0000

echo `< /dev/urandom tr -dc a-f0-9 | head -c40`

Pirni comes with an ARP spoofer network traffic

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:58:00 +0000

Pirni is the worlds first native network sniffer for iPhone. The iPhone's Wi-Fi has some major drawbacks in its hardware design, thus we can not properly set the device in promiscuous mode.

This is why Pirni comes with an ARP spoofer that successfully routes all the network traffic through your device and then uses packet forwarding to send it to it's normal recipient (ie. the router).

pirni -s 192.168.1.5 -f "tcp dst port 80" -o log.pcap

After a successful network sniffing, you can transfer the dumpfile to your computer and open it up with Wireshark (or any other traffic analyzer that supports pcap) to analyze the traffic.

BPF filters allow you to select which packets to be dumped. This allows you to "filter" packets, so that only "interesting" packets can be supplied to the software using BPF; this can avoid copying "uninteresting" packets from the operating system kernel to software running in user mode, reducing the CPU requirement to capture packets and the buffer space required to avoid dropping packets.

Sniff Your iPhone's Network Traffic

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:57:00 +0000

Ever wanted (or needed) to see your iPhone's network traffic? All you need is a wireless LAN and the cross-platform proxy application, Paros. There are other proxy server's that can be used, but Paros was built for web application security assessments, so it provides an intimate hook into the HTTP request/response flow. Let's get started!

1) Download and Install Paros

Grab the download from the Paros site. Your install process will differ depending on your O/S, but they've provided some install instructions here. Everybody will need the Java Runtime Environment 1.4 or above.

2) Configure Paros

Once installed, launch Paros and find the configuration options (on OS X they are under Tools -> Options). Paros is configured by default to listen on localhost only, but we are going to route our iPhone's traffic through Paros, so we need to set it to listen on the IP address of the interface connected to the same LAN as the iPhone.
My LAN's network is 1.1.1.0/16, so I'll configure the Local Proxy address accordingly:

That should be the only setting that we need to fuss with. Paros is all set and listening on port 8080, let's configure the iPhone to route its traffic through our proxy!

3) Configure iPhone

On the iPhone, open the "Settings" app and navigate to the Wi-Fi page. Once there, edit the settings for the wireless network you are currently connected to (this needs to be the same network where your proxy is running). To do this, click the little blue arrow on the right side of the screen.

Now, scroll all the way to the bottom of the settings page and change the "HTTP Proxy" setting to manual. Enter the IP address and port number of your Paros Proxy.

All set! Now all web traffic to and from the iPhone is routed through Paros. Let's go see what we can see.

4) Using Paros

The main section of Paros is the "Request/Response/Trap." As the iPhone talks through Paros to Internet sites, it will display the iPhone's request and the server's response. The "trap" functionality allows you to stop either the request or the response and view/modify it before sending it along to the recipient. Trapping is very cool, and why Paros is used for security auditing, but for our purposes we just want to see what is going on, so I won't explain it any further.
For now, let's see what happens when we fire up my iPhone's "App Store" app:
In the bottom section of the screen is the history viewer. There we can see that my iPhone made 4 requests to different servers ( 3 GETs and 1 POST):

Highlighting the first GET in the history list shows its details. The iPhone's HTTP request header looked like this:

One noteworthy tidbit is that the iPhone is sending a custom header (X-Apple-Connection-Type) which tells the server that it is connected to WiFi. Next, let's take a look at the server's response:

Notice that in the response we see both the headers that the server returned AND the response data itself, in this case an xml plist file.
Sniffing traffic like this can help you understand how different iPhone apps work behind the scenes or it can help debug interaction for an app that you're writing. Hope this helps you get started!

On-iPhone Development Environment

noreply@blogger.com (vitec) — Sun, 29 Jan 2012 05:23:00 +0000

On-iPhone Development Environment

On-iPhone Development Environment

Often, for some of the trickier packages to build (like Emacs or most Python-based programs), it is easier to have a development environment on the device than to deal with a cross-compiler. The method I outline here is one way to get one. It takes up room, and it’s outdated, but it works for almost anything you’d want to do, if you put up with it.
I’m not going to pretend that this is the best way to do this. I developed this method by changing the one I used for OS 1.0 a little at a time when a new OS came out. It’s a bit of a hack right now, but it works. I point out where I think an improvement could be made.
I’m going to assume you have a freshly jailbroken iPhone or iPad. Feel free to skip steps if you think you can.
I’ve tried to write this as accurately as possible, but errors do happen. Feel free to contact me to work things out. Worst case scenario? You have to do a full restore of your device, which is annoying but not hard. Be sure to have backups, but it shouldn’t come to that!
(Also, standard disclaimer: I claim no responsibility if somehow you make your device blow up, or otherwise fail, while using this guide.)
For this guide, I’m going to assume at least passing familiarity with the unix shell. After all, you’re here for a development environment! Above that, I’ll try to explain what I feel is needed to continue.
Finally, this guide was written for iOS 3.2 on the iPad. It shouldn’t be significantly different for similar versions on both the iPhone and iPad, though. Particularly, it seems to still work on a jailbroken iPad running iOS 4.2.1.
Special thanks must go to Børre Ludvigsen, who patiently worked through this guide on his own and helped me iron out most of the bigger issues.
Let’s get started!

Getting Shell Access

More than likely, since you’re here at all, you’ve already done this. It’s included here for completeness. Feel free to skip ahead!
If you’ve just jailbroken, install the OpenSSH package. Also, installing the OpenSSH reconnect helper and Insomnia is a good idea. The helper will reconnect you automatically if you lose your shell connection, and Insomnia keeps that from happening at all. Nothing is more annoying that having to fidget with your device just to keep the Wifi up!
You will also need to install “APT 0.7 Strict” and “Core Utilities” from Cydia. The first will let us easily install Cydia packages from the command line, which is a lot more convenient, and the second is handy for working on the command line.
SSH in to your device with the username root and the password alpine. We’re going to change this now, for security, and then we’ll give the user mobile a password so we can log in without being root.

iphone:~ root# passwd
Changing password for root.
New password: [type a password here]
Retype new password: [repeat it here]
iphone:~ root# passwd mobile
Changing password for mobile.
New password: [type a different or same password here]
Retype new password: [again...]
iphone:~ root#

Getting an Editor

Right now we have no way of editing files. For now, I recommend installing nano. It’s lightweight and easy to wrap your head around. If you’ve never used it before, look around the web for a GNU nano tutorial. If nano‘s not your thing, you could also install vim or even emacs (though for emacs, you need my Cydia repository).

iphone:~ root# apt-get install nano # or 'vim', or 'emacs', or...

(Note: I usually run nano as nano -w, which keeps nano from automatically wrapping lines, which can ruin most configuration files.)

Setting Up `sudo`

Working as root is bad, very bad. I’ve accidentaly deleted my /usr once, bricking my iPad. However, it gets annoying to have to su into root every time you want to install something. So let’s install sudo!

iphone:~ root# apt-get install sudo

Now we need to edit the sudoers file to make sudo useful. We set the EDITOR environment variable to keep visudo from complaining that vi isn’t there. If you’le using vim, you can leave it out.

iphone:~ root# EDITOR=nano visudo

Right below the line that says “root ALL=(ALL) ALL“, write the similar line “mobile ALL=(ALL) ALL“, then save and exit.
(Note: when you run sudo as mobile, it will ask you for a password sometimes. This is mobile‘s password, not root‘s.)

Logging In as `mobile`

Before we continue, we’re going to drop our superuser privelege. Log out and log back in as mobile. As a test, make sure sudo is working fine. It’ll give you a nice scary administration notice when you run it the first time, as a bonus!

iphone:~ mobile$ sudo whoami

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password: [type in mobile's password]
root
iphone:~ mobile$

The last line saying root is the key: it means sudo is set up right and correctly giving you root access.

Installing GCC and Friends

Finally, we get to the fun part. First off, let’s install some general utilities for our development environment:

iphone:~ mobile$ sudo apt-get install ldid make wget patch gawk

Some explanation: ldid modifies programs to fake iPhone OS into running them like official binaries. make is the standard GNU build tool. We’ll use wget to fetch tarballs from the internet right in the terminal, and then patch to patch them. Autotools, which just about every package uses, needs gawk to run.
Next, we’re going to install gcc itself, but if we just go and do it, we’ll run into a problem with the libgcc offered on Telesphoreo: it refuses to install, because it breaks the system. Instead, we’ll install the dummy package found here, and trick APT into thinking it’s already installed.

iphone:~ mobile$ wget http://gammalevel.com/forever/fake-libgcc_1.0_iphoneos-arm.deb
iphone:~ mobile$ sudo dpkg -i fake-libgcc_1.0_iphoneos-arm.deb

Now we’re prepared to install gcc and some development headers. Note that these headers are compatibility headers, meant to ease the transition from iOS 1.0 to 2.0. That is, they are old. I only trust them for the standard POSIX headers, and even for that they fail in some parts. This is one place that could probably be improved: more on that later.

iphone:~ mobile$ sudo apt-get install iphone-gcc com.bigboss.20toolchain

If you’re anything like me, you’ll be itching to write a little “Hello, world!” program right now and try out your shiny new gcc. Well, you’d be dissappointed. These packages are so old that they need fixing first.

Fixing What’s Broken

Libraries

Unfortunately, you have some downloading to do. Go fetch the iPhone Developer SDK. Once you have it, on a Mac, simply install it. If you’re not on a Mac, you’ll need an archive tool that reads DMGs and Mac packages. I know that 7zip works well on Windows, and probably works fine through Wine on other systems.
We’ll be looking in the iPhoneOS3.2.sdk directory, but by all means change this version number if you need to. On a Mac with the installed official SDK, this is at “/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk“. If you’re using 7zip, open the Xcode DMG, then the 5.hfs partition, which will take a while. Then, open up “iPhoneSDK/Packages/iPhoneSDKHeadersAndLibs.pkg” for the most recent version, or “.../iPhoneSDKXXX.pkg” for a different version. Inside that package, open Payload, then Payload~, then “.“. The directory we are looking for is then at “Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.2.sdk“.
We need to copy libraries from the official SDK on to the device. scp works really well, if you have it: it transfers files over SSH. However, anything that gets files from your computer to your device will work.
(Note for the interested: iPhoneOS is missing libraries to link against, so we’ll be copying them over. Later on, we’ll be editing system headers. Also, none of the frameworks on the device come with headers, so you’ll need to copy those over as you need them. It occurs to me that we might be able to just copy over the entire official SDK, and skip doing this by hand. It might work, but I haven’t tried it. For now, I just copy over whatever’s missing as I run into it. I would like to look into this, though.)
In the directory iPhoneOS3.2.sdk/usr/lib, you will find the following files:

libgcc_s.1.dylib
libSystem.B.dylib
libstdc++.6.0.9.dylib
libiconv.2.dylib

We need to copy these files to mobile‘s home directory, /var/mobile, on the device. Once there, reopen your shell on your device and move them to /usr/lib:

iphone:~ mobile$ sudo mv *.dylib /usr/lib/

We also need to reconstruct a few symlinks:

iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.B.dylib /usr/lib/libSystem.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.dylib /usr/lib/libc.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libSystem.dylib /usr/lib/libm.dylib

iphone:~ mobile$ sudo ln -s /usr/lib/libstdc++.6.0.9.dylib /usr/lib/libstdc++.6.dylib
iphone:~ mobile$ sudo ln -s /usr/lib/libstdc++.6.dylib /usr/lib/libstdc++.dylib

iphone:~ mobile$ sudo ln -s /usr/lib/libiconv.2.dylib /usr/lib/libiconv.2.4.0.dylib

Headers

We also need to copy over some key C++ headers. In iPhoneOS3.2.sdk/usr/include/c++/4.0.0/arm-apple-darwin9, there is a directory named bits. Copy that directory and all it contains to your device, then install it:

iphone:~ mobile$ sudo mkdir /var/include/c++/4.0.0/arm-apple-darwin9
iphone:~ mobile$ sudo mv bits /var/include/c++/4.0.0/arm-apple-darwin9/
iphone:~ mobile$ sudo ln -s /var/include/c++/4.0.0/arm-apple-darwin9/{,v6}
iphone:~ mobile$ sudo ln -s /var/include/c++/4.0.0/arm-apple-darwin{9,8}
iphone:~ mobile$ sudo ln -s {/var,/usr}/include/c++

Manual Header Modifications

Not only are there critical system libraries missing, but some of the headers are just plain wrong, too. It seems that somewhere along the line, iPhone OS moved from a 32 bit inode to a 64 bit inode, so there are a lot of structures defined in these headers that have the wrong size.
(Note for the interested: Beleive me when I say that hunting down bugs in system headers is a nightmare. Just keep in mind, if you seem to be getting random segfaults for no reason, or some extremely subtle bug that has no reason to exist, it’s probably a system header error I haven’t found yet! Compare the given headers with the ones from Apple, with __DARWIN_64_BIT_INO_T defined.)
First off, we’re going to edit “/private/var/include/sys/stat.h“. Make sure to edit with sudo, so you have write permissions! In struct stat, remove the line that says:

ino_t           st_ino;         /* [XSI] File serial number */

Between the entries for st_nlink and st_uid, add this line:

__uint64_t      st_ino;         /* [XSI] File serial number */

After the entry for st_ctimespec, add this line:

struct timespec st_birthtimespec;       /* time of file creation */

Finally, after the entries for st_ctime and st_ctimensec, add these lines:

time_t          st_birthtime;           /* [XSI] Time of file creation */
long            st_birthtimensec;       /* nsec of file creation */

We’re also going to edit “/private/var/include/sys/dirent.h“. First, we’re going to change the definition of __DARWIN_MAXNAMLEN:

#define __DARWIN_MAXNAMLEN      1023

In the definition of struct dirent, remove the line at the top that says

ino_t d_ino;            /* file number of entry */

In its place, write in:

__uint64_t d_ino;       /* file number of entry */
__uint64_t d_seekoff;

Between the entries for d_reclen and d_type, write in:

__uint16_t d_namlen;    /* length of string in d_name */

Finally, between the entries for d_type and d_name, remove the line that says:

__uint8_t d_namlen;     /* length of string in d_name */

That’s it!

Minor Details

Some configure scripts and Makefiles (like Emacs’s) looks for the C compiler under cc, which is supposed to exist on standard setups. Since we emphatically don’t have a standard setup, we have to make a link.

iphone:~ mobile$ sudo ln -s /usr/bin/gcc /usr/bin/cc

Apparently sometimes the GCC you get won’t search /var/include, which is where all the standard C headers are located. To fix this, add the following lines to ~/.profile:

export C_INCLUDE_PATH=/var/include
export CPLUS_INCLUDE_PATH=/var/include
export OBJC_INCLUDE_PATH=/var/include

Make sure to log out and log back in for these changes to take effect.

Testing your GCC

If you feel so inclined, now would be the time to test out your build environment. GCC works exactly as it does on Mac OS X, that is, exactly like on other systems, but with added options for linking with frameworks. Keep in mind, you may need to sign your programs before they’ll run. I have found that I don’t, but you may need to. If your program crashes for no reason when you start it, you need to run

iphone:~ mobile$ ldid -S program_name

There’s some way to change the system so you don’t ever need to do this, but last I heard there were some long-term side-effects.

You’re Done!

Congratulations!

Cách tốt nhất cập nhật lại ngày giờ cho Centos

noreply@blogger.com (vitec) — Sun, 22 Jan 2012 14:48:00 +0000

# yum install ntp
# chkconfig ntpd on
# ntpdate 0.asia.pool.ntp.org
# /etc/init.d/ntpd start

How To Fix PHP Error Notice: Undefined variable: index

noreply@blogger.com (vitec) — Wed, 18 Jan 2012 02:11:00 +0000

Notice: Undefined index:

Change php.ini

NOTE: you may have something different set for the error_reporting , just make sure you make the changes on the line without a semi-colon because a semi-colon at the begining of the line mean its a comment

So now change it to:

Code:

error_reporting = E_ALL & ~E_NOTICE

Save your changes and then restart you Apache server for the changes to take affect witht his command:
Code:

/etc/init.d/httpd restart

Remove IP Spamhaus

noreply@blogger.com (vitec) — Fri, 13 Jan 2012 03:56:00 +0000

Check at server
[root@dedi25 ~]# telnet mx1.mail.sg1.yahoo.com 25
Trying 124.108.116.109...
Connected to mx1.mail.sg1.yahoo.com (124.108.116.109).
Escape character is '^]'.
553 5.7.1 [BL21] Connections will not be accepted from 112.213.94.125, because the ip is in Spamhaus's list; see http://postmaster.yahoo.com/550-bl23.html
Connection closed by foreign host.
[root@dedi25 ~]#

Remove IP Spamhaus
http://cbl.abuseat.org/lookup.cgi?ip=125.23.9.125

Check
http://www.spamhaus.org/query/bl?ip=125.23.9.125

Hướng dẫn cấu hình crontab not send email

noreply@blogger.com (vitec) — Wed, 11 Jan 2012 07:00:00 +0000

[root@dedi94125 ~]# vi /etc/crontab

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

01 01 * * * root /var/qmail/bin/dh_key 2>&1 > /dev/null

Chú ý: nếu muốn không send email thì MAILTO = rỗng

Cách 2: thêm vào thông số /dev/null 2>&1

#Before
* * * * * php /path/to/script#After
* * * * * php /path/to/script > /dev/null 2>&1

How To scp, ssh and rsync without prompting for password

noreply@blogger.com (vitec) — Tue, 10 Jan 2012 04:05:00 +0000

Lets say you want to copy between two hosts host_src and host_dest. host_src is the host where you would run the scp, ssh or rsyn command, irrespective of the direction of the file copy!

On host_src, run this command as the user that runs scp/ssh/rsync
$ ssh-keygen -t rsa

Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: 82:c6:21:5b:9e:07:6e:6d:3b:66:47:eb:9e:ff:6a:bd root@localhost
Chú ý: Nếu không muốn hiện bản nhập key thì Enter passphrase bằng rỗng
This will prompt for a passphrase. Just press the enter key. It'll then generate an identification (private key) and a public key. Do not ever share the private key with anyone! ssh-keygen shows where it saved the public key. This is by default ~/.ssh/id_rsa.pub:
Your public key has been saved in /.ssh/id_rsa.pub

Transfer the id_rsa.pub file to host_dest by either ftp, scp, rsync or any other method.

On host_dest, login as the remote user which you plan to use when you run scp, ssh or rsync on host_src.
Copy the contents of id_rsa.pub to ~/.ssh/authorized_keys

$ cat id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh/authorized_keys

Cần copy nội dung id_rsa.pub ghi vào file ~/.ssh/authorized_keys

Nếu có nhiều key thì copy vào bên dưới file

~/.ssh/authorized_keys

If this file does not exists, then the above command will create it. Make sure you remove permission for others to read this file. If its a public key, why prevent others from reading this file? Probably, the owner of the key has distributed it to a few trusted users and has not placed any additional security measures to check if its really a trusted user.

Note that ssh by default does not allow root to log in. This has to be explicitly enabled on host_dest. This can be done by editing /etc/ssh/sshd_config and changing the option of PermitRootLogin from no to yes. Don't forget to restart sshd so that it reads the modified config file. Do this only if you want to use the root login.

Well, thats it. Now you can run scp, ssh and rsync on host_src connecting to host_dest and it won't prompt for the password. Note that this will still prompt for the password if you are running the commands on host_dest connecting to host_src. You can reverse the steps above (generate the public key on host_dest and copy it to host_src) and you have a two way setup ready!

Hướng dẫn install mtop cho centos 32bit

noreply@blogger.com (vitec) — Wed, 04 Jan 2012 04:20:00 +0000

wget http://dag.wieers.com/rpm/packages/m....rf.noarch.rpm

[root@dedi94125 ~]# rpm -ivh mtop-0.6.6-1.2.el5.rf.noarch.rpm
warning: mtop-0.6.6-1.2.el5.rf.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
perl(Curses) is needed by mtop-0.6.6-1.2.el5.rf.noarch

-- cần phải cài gói perl-Curses-1.28-1.el5.rf.i386.rpm
[root@dedi94125 ~]# wget http://pkgs.repoforge.org/perl-Curse...l5.rf.i386.rpm
[root@dedi94125 ~]# rpm -ivh perl-Curses-1.28-1.el5.rf.i386.rpm

[root@dedi94125 ~]# mtop --help

mtop ver 0.6.6/20120104

Copyright (C) 2002 Marc Prewitt/Chelsea Networks
mtop comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under certain conditions; see the COPYING file
for details.

Usage: mtop [OPTIONS]

--version Show version number and exit
--help Show this screen and exit
--host={mysql_host} Connect to the MySQL server on {mysql_host}
--dbuser={mysql_user} Connect to the MySQL server as {mysql_user}
--password={mysqluser_pw} Use {mysqluser_pw} when connecting
--seconds={refresh} Refresh the screen each {refresh} seconds
--[no]idle Display/don't display idle threads
--filter-user={regex} Filter display based on user regular expression
--filter-host={regex} Filter display based on host regular expression
--filter-db={regex} Filter display based on db regular expression
--filter-command={regex} Filter display based on command regular expression
--filter-state={regex} Filter display based on state regular expression
--filter-info={regex} Filter display based on info regular expression
--user={user} Display threads for only {user}
--manualrefresh Wait for user input between refreshes

All options can be truncated to their shortest unique abbreviation.

See 'man mtop' or 'perldoc mtop' for more information.

[root@dedi94125 ~]# mtop --dbuser=databasname

Setup Oracle 11g 11.0.2.1 for Solaris 10 - 64bit

noreply@blogger.com (vitec) — Thu, 22 Dec 2011 07:52:00 +0000

setup vnc
svccfg -s application/x11/x11-server add display1
svccfg -s application/x11/x11-server:display1 addpg options application
svccfg -s application/x11/x11-server:display1 addpropvalue options/server astring: "/usr/X11/bin/Xvnc"
svccfg -s application/x11/x11-server:display1 addpropvalue options/server_args astring: '"SecurityTypes=None"'

vncserver

mount iso for Solaris
root@TT4-BCCLML1-S # lofiadm -a /u01/sol-10-u10-ga2-sparc-dvd.iso
/dev/lofi/1

mkdir /dvd_iso
root@TT4-BCCLML1-S # mount -F hsfs -o ro /dev/lofi/1 /dvd_iso

root@TT4-BCCLML1-S # cd /dvd_iso/

Use umount command to unmount image:
# umount /mnt

Now remove/free block device:
# lofiadm -d /dev/lofi/1

/usr/sbin/prtconf | grep "Memory size"

/usr/sbin/swap -l

#check 64bit
/bin/isainfo -kv

uname -r

cat /etc/release

df -k /tmp

pkginfo -i SUNWarc SUNWbtool SUNWhea SUNWlibC SUNWlibms SUNWsprot \
SUNWtoo SUNWi1of SUNWi1cs SUNWi15cs SUNWxwfnt

#cai goi
pkgadd -d /dvd_iso/Solaris_10/Product SUNWi1cs SUNWi15cs

nếu cài oracle trước đó
more /var/opt/oracle/oraInst.loc

root@kinhnghiem # more /var/opt/oracle/oraInst.loc
inventory_loc=/u02/app/oraInventory
inst_group=oinstall

prtconf | grep Mem
Memory size: 32760 Megabytes
groupadd oinstall
groupadd dba
groupadd oper

useradd -g oinstall -G dba -d /export/home/oracle oracle
mkdir /export/home/oracle
chown oracle:oinstall /export/home/oracle
passwd -r files oracle

$ id -p
uid=59008(oracle) gid=10001(dba) projid=3(default)

By default, Oracle 10 will allocate 40% of the total system physical memory to create SGA and PGA. So for 32G system memory, the shmmax for Oracle 10 will be 0.4*32G = 12.8G.

40% 13105
50% 16442
75% 24536
100% 32764

# cat /etc/project
projmod -sK "project.max-shm-memory=(privileged,10G,deny)" oracle
projmod -p 100 -c 'lptrung add' -U oracle -G dba -K 'project.max-shm-memory=(privileged,21G,deny)' oracle

projadd -p 100 -c 'lptrung add' -U oracle -G dba -K 'project.max-shm-memory=(privileged,21G,deny)' projoracle

usermod -K project=projoracle oracle

projects -l

mkdir -p /u01/app/oracle/product/11.2.0.2/db_1
chown -R oracle:oinstall /u01

vi .profile

TMP=/tmp; export TMP
TMPDIR=$TMP; export TMPDIR
# Select the appropriate ORACLE_BASE
ORACLE_HOSTNAME=KINHNGHIEM-S; export ORACLE_HOSTNAME
ORACLE_UNQNAME=bcclml; export ORACLE_UNQNAME
ORACLE_BASE=/u01/app/oracle; export ORACLE_BASE
ORACLE_HOME=$ORACLE_BASE/product/11.2.0.2/db_1; export ORACLE_HOME
ORACLE_SID=bcclml; export ORACLE_SID
PATH=$ORACLE_HOME/bin:$PATH; export PATH

solaris
the following command displays a summary of I/O activity ten times, at ten-second intervals:
sar -b 10 10

update 11.2.0.2
Fix error tcp_largest_anon_port ....

bash-3.00# ndd -set /dev/tcp tcp_largest_anon_port 65535
bash-3.00# ndd -set /dev/udp udp_smallest_anon_port 9000
bash-3.00# ndd -set /dev/udp udp_largest_anon_port 65500
bash-3.00# ndd -set /dev/tcp tcp_smallest_anon_port 9000
bash-3.00# ndd -set /dev/tcp tcp_largest_anon_port 65500

Map san xuống server solaris sử dụng UFS

noreply@blogger.com (vitec) — Wed, 21 Dec 2011 04:07:00 +0000

-- Kiểm tra ổ dĩa hiện tại
root@c4is-standby-s # echo |format

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       6. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0
Specify disk (enter its number): Specify disk (enter its number):

-- Vào SAN tạo volumn sau đó map xuống host
--Sau khi map xuống xong kiểm tra ổ đĩa mới

root@c4is-standby-s # echo |format

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0
          /scsi_vhci/ssd@g600a0b80004700ce00001d8c4ef0cd9c
       6. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       7. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0
Specify disk (enter its number): Specify disk (enter its number):

-- Ổ đĩa hiện tại đc map xuống là
5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0

-- Xác định lại silde của partition cần format để chọn newfs

root@c4is-standby-s # format
Searching for disks...done

c5t600A0B80004700CE00001D8C4EF0CD9Cd0: configured with capacity of 1024.00GB

AVAILABLE DISK SELECTIONS:
       0. c1t0d0
          /pci@1f,700000/scsi@2/sd@0,0
       1. c1t1d0
          /pci@1f,700000/scsi@2/sd@1,0
       2. c1t2d0
          /pci@1f,700000/scsi@2/sd@2,0
       3. c1t3d0
          /pci@1f,700000/scsi@2/sd@3,0
       4. c5t600A0B8000330D0A0000054748BF696Bd0
          /scsi_vhci/ssd@g600a0b8000330d0a0000054748bf696b
       5. c5t600A0B80004700CE00001D8C4EF0CD9Cd0
          /scsi_vhci/ssd@g600a0b80004700ce00001d8c4ef0cd9c
       6. c5t600A0B80004700CE0000057348BF6846d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057348bf6846
       7. c5t600A0B80004700CE0000057748BF6AD0d0
          /scsi_vhci/ssd@g600a0b80004700ce0000057748bf6ad0

--- chọn ổ đĩa mới thứ 5 mới gắn vào

Specify disk (enter its number): 5
selecting c5t600A0B80004700CE00001D8C4EF0CD9Cd0
[disk formatted]
Disk not labeled. Label it now? yes

FORMAT MENU:
        disk       - select a disk
        type       - select (define) a disk type
        partition - select (define) a partition table
        current    - describe the current disk
        format     - format and analyze the disk
        repair     - repair a defective sector
        label      - write label to the disk
        analyze    - surface analysis
        defect     - defect list management
        backup     - search for backup labels
        verify     - read and display labels
        inquiry    - show vendor, product and revision
        volname    - set 8-character volume name
        !     - execute , then return
        quit
format> p

PARTITION MENU:
        0      - change `0' partition
        1      - change `1' partition
        2      - change `2' partition
        3      - change `3' partition
        4      - change `4' partition
        5      - change `5' partition
        6      - change `6' partition
        select - select a predefined table
        modify - modify a predefined partition table
        name   - name the current table
        print - display the current table
        label - write partition map and label to the disk
        ! - execute , then return
        quit
partition> p
Current partition table (original):
Total disk sectors available: 2147467230 + 16384 (reserved sectors)

Part      Tag    Flag     First Sector          Size          Last Sector
0       root    wm                34       128.00MB           262177
1       swap    wu            262178       128.00MB           524321
2 unassigned    wu                 0            0                0
3 unassigned    wm                 0            0                0
4 unassigned    wm                 0            0                0
5 unassigned    wm                 0            0                0
6        usr    wm            524322      1023.74GB           2147467229
8   reserved    wm        2147467230         8.00MB           2147483613

partition> q

==> chú ý thấy vị trí thứ 6 dung lượng là 1G => chính là s6

Tạo newfs

newfs /dev/rdsk/c5t600A0B80004700CE00001D8C4EF0CD9Cd0s6

-- Tạo một thư mục tên u04, sao đó mount vào
mount -F ufs /dev/dsk/c5t600A0B80004700CE00001D8C4EF0CD9Cd0s6 /u04

Chú ý: thay thế rdsk bằng dsk

=====================

Lệnh để clean cache device

devfsadm -Cv

kloxo 500 - Internal Server Error

noreply@blogger.com (vitec) — Sat, 17 Dec 2011 12:17:00 +0000

There are still have a problem when update Kloxo to version 6.1.10 (especially from 6.1.7) with using 'auto update' or 'update home' on kloxo.

Solution, run this commands:

# for sure to using latest version for certain packages
yum update
# shell command version for update
sh /script/upcp
# cleanup process for certain settings
sh /script/cleanup
# restart some services
service xinetd restart
# fix web config to make sure using latest
sh /script/fixweb --server=all
# Better reboot after that
reboot

Reset password root MYSQL với quyền root

noreply@blogger.com (vitec) — Sat, 17 Dec 2011 06:19:00 +0000

[root@servert1 ~]# /etc/init.d/mysqld stop

Stopping MySQL: [ OK ]

[root@servert1 ~]# mysqld_safe --skip-grant-tables &

[1] 13694

[root@servert1 ~]# Starting mysqld daemon with databases from /var/lib/mysql

[root@servert1 ~]# mysql -u root

Welcome to the MySQL monitor. Commands end with ; or \g.

Your MySQL connection id is 1

Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> use mysql;

mysql> update user set password=PASSWORD("testpass") where User='root';

Query OK, 3 rows affected (0.05 sec)

Rows matched: 3 Changed: 3 Warnings: 0

mysql> flush privileges;

Query OK, 0 rows affected (0.04 sec)

mysql> quit

Kinh Nghiệm Việt Nam - Thủ Thuật PC

Change date time Linux

How to secure your Kloxo for iptables

Cron running job / script every 5 second

Chức năng NAT của iptables

Apache 2.2.x security tricks (CentOS) - Bảo vệ an toàn cho apache 2.2.x

Install mod_security in Kloxo (Lxadmin) on Centos 5.3

Dùng iptables để band IP

Thanh toán và Rút tiền từ tài khoản Paypal ở Việt Nam

1> Tạo tài khoản paypal ở Việt Nam

2> Verify địa chỉ Email cho tài khoản Paypal

3> Đăng ký thẻ VISA Debit để giao dịch.

4> Kết hợp & Xác nhận thẻ vào tài khoản Paypal để thực hiện các giao dịch

5> Một Hóa đơn minh họa thanh toán thành công bằng tài khoản Paypal

6> Rút tiền ngược từ tài khoản Paypal về thẻ để sử dụng

how to install memcached

Install memcached

Cách 1: Cài và chạy bằng tay

Cách 2: Cài và chạy service

Going all out - building a memcached rpm

Install php-pecl-memcache

Learn how to Sniff Wireless Passwords with Pirni (Man in the Middle Attack)

What is Pirni?

Using Pirni

Analyzing your Dump File

Download Winscp Here

Download WireShark Here

UDIDFaker – fake udid for your iPhone IOS device

Follow these steps to spoof Your Device’s UDID

Create random HEX for linux

Pirni comes with an ARP spoofer network traffic

Sniff Your iPhone's Network Traffic

1) Download and Install Paros

2) Configure Paros

3) Configure iPhone

4) Using Paros

On-iPhone Development Environment

On-iPhone Development Environment

Getting Shell Access

Getting an Editor

Setting Up sudo

Logging In as mobile

Installing GCC and Friends

Fixing What’s Broken

Libraries

Headers

Manual Header Modifications

Minor Details

Testing your GCC

You’re Done!

Cách tốt nhất cập nhật lại ngày giờ cho Centos

How To Fix PHP Error Notice: Undefined variable: index

Remove IP Spamhaus

Hướng dẫn cấu hình crontab not send email

How To scp, ssh and rsync without prompting for password

Hướng dẫn install mtop cho centos 32bit

Setup Oracle 11g 11.0.2.1 for Solaris 10 - 64bit

Map san xuống server solaris sử dụng UFS

kloxo 500 - Internal Server Error

Reset password root MYSQL với quyền root

Setting Up `sudo`

Logging In as `mobile`