Archives for: February 2010
02/25/10
Hosts File On Mac
Here's a great little article on how to edit the hosts file on a Mac:
http://decoding.wordpress.com/2009/04/06/how-to-edit-the-hosts-file-in-mac-os-x-leopard/
02/23/10
RHEL5 Server Hardening
The National Security Agency publishes a great collection of documents that provide detailed security configuration guidelines. The full index can be found here:
http://www.nsa.gov/ia/guidance/security_configuration_guides/index.shtml
We particularly like the guides for RedHat EL5:
“Hardening Tips For Default Installation of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/factsheets/rhel5-pamphlet-i731.pdf
“Guide to the Secure Configuration of Red Hat Enterprise Linux 5”
http://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf
02/20/10
Setup Alternate MySQL Instance
To setup an alternate instance of MySQL listening on TCP port 3307 on a RHEL5 server follow these steps.
1. Setup a new MySQL config file.
cp /etc/my.cnf /etc/my-3307.cnf
Add a line like this:
port = 3307
to the "[mysqld]" section.
Edit /etc/my-3307.cnf and change:
datadir=/var/lib/mysql
to
datadir=/var/lib/mysql-3307
Change:
socket=/var/lib/mysql/mysql.sock
to:
socket=/var/lib/mysql-3307/mysql.sock
Change the following lines:
log-slow-queries=/var/lib/mysqllogs/slow-log
log-bin=/var/lib/mysqllogs/bin-log
log-bin-index=/var/lib/mysqllogs/bin-log.index
relay-log=/var/lib/mysqllogs/relay-log
relay-log-index=/var/lib/mysqllogs/relay-log.index
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
to:
log-slow-queries=/var/lib/mysqllogs-3307/slow-log
log-bin=/var/lib/mysqllogs-3307/bin-log
log-bin-index=/var/lib/mysqllogs-3307/bin-log.index
relay-log=/var/lib/mysqllogs-3307/relay-log
relay-log-index=/var/lib/mysqllogs-3307/relay-log.index
log-error=/var/log/mysqld-3307.log
pid-file=/var/run/mysqld/mysqld-3307.pid
Change server-id to a unique value:
server-id=2
2. Setup a new service control script.
cp /etc/init.d/mysqld /etc/init.d/mysqld-3307
Edit /etc/init.d/mysqld-3307 and add this line:
MYCNF=/etc/my-3307.cnf
directly after:
# Source networking configuration.
. /etc/sysconfig/network
so that you have:
# Source networking configuration.
. /etc/sysconfig/network
MYCNF=/etc/my-3307.cnf
Next change this function:
get_mysql_option(){
result=`/usr/bin/my_print_defaults "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}
to:
get_mysql_option(){
result=`/usr/bin/my_print_defaults -c $MYCNF "$1" | sed -n "s/^--$2=//p" | tail -n 1`
if [ -z "$result" ]; then
# not found, use default
result="$3"
fi
}
Notice that the change is to add "-c $MYCNF" to the call to "my_print_defaults".
Finally run the following search/replace commands to fixup the program name, add defaults file to mysqld_safe call and set unique pid and subsys files:
replace 'prog="MySQL"' 'prog="MySQL-3307"' -- /etc/init.d/mysqld-3307
replace '/usr/bin/mysqld_safe' '/usr/bin/mysqld_safe --defaults-file=$MYCNF' \
-- /etc/init.d/mysqld-3307
replace 'mysqld.pid' 'mysqld-3307.pid' -- /etc/init.d/mysqld-3307
replace '/var/lock/subsys/mysqld' '/var/lock/subsys/mysqld-3307' -- /etc/init.d/mysqld-3307
3. Setup directories
mkdir /var/lib/mysql-3307 /var/lib/mysqllogs-3307
chown mysql.mysql /var/lib/mysql-3307/ /var/lib/mysqllogs-3307
chmod o-rwx /var/lib/mysqllogs-3307
4. Set service to start on boot
/sbin/chkconfig mysqld-3307 on
5. Start the new instance:
/sbin/service mysqld-3307 start
On the first startup you should see some output like this:
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK
To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system
PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h 244418-web3.www.idtweet.com password 'new-password'
Alternatively you can run:
/usr/bin/mysql_secure_installation
which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.
See the manual for more instructions.
You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &
You can test the MySQL daemon with mysql-test-run.pl
cd mysql-test ; perl mysql-test-run.pl
Please report any problems with the /usr/bin/mysqlbug script!
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL-3307: [ OK ]
6. Set MySQL root password.
/usr/bin/mysqladmin -P 3307 -h 127.0.0.1 -u root --password="" password password 'new-password'
And that's it. You now have an new instance of MySQL listening on port 3307.
Remember that you must tell the mysql command line utilities where to find the instance. For example:
mysql -P 3307 -h 127.0.0.1
or
mysql -S /var/lib/mysql-3307/mysql.sock
Also keep in mind that by default any .my.cnf file in your home directory will be used. You may have to override settings in the .my.cnf file and explicitly provide the user and password when connecting.
02/07/10
Turn on PHP register_globals with .htaccess file
It is of course a bad idea to write code that depends on register_globals for security reason, but sometimes when faced with old code it's a necessary evil. You can turn on register_globals for a site or directory by adding the following line to your .htaccess file:
php_flag register_globals on
XML Feeds