Damn, it takes me about 5 days for running /info.php on a grsec-ed box. Here are quick and dirty things should be considered:
- compile latest grsec kernel (use medium level)
- install grsec utils, update iptables to latest (at least 1.4.5)
- boot and pray
- set grsec password (gradm -P) and admin password (gradm -P admin)
- don’t do grsec learn first
- let’s compile web server + php first. if you have control panel software, use it. mine is cpanel. if cpanel shows no PHP handler, check it by executing /usr/bin/php. if it returned a “core dumped”, then you should “paxctl -permxs” it
- each webserver executables should has PaX flags disabled (don’t know which flag, i disabled all :D. e.g: paxctl -permxs /usr/local/apache/bin/httpd ). They are at least:
- [prefix]/bin/httpd (apache) or [prefix]/bin/lsws (litespeed)
- php5 modules (libphp5.so) (apache DSO) or [prefix]/fcgi/lsphp4 or lsphp5 (litespeed)
- any executables (if using cgi/fcgi, etc)
- now, let grsec learn our system
- check if your webserver+cgi/php is running!
you should do all above steps in order. if you get error ( in /var/log/message) something like segfault ..bla.. ZendOptimizer.so, then please once again make sure above steps has been done in order.
April 4th, 2010 in
Diary |
No Comments
when a grsec kernel is installed on a centos 5.4, iptable’s module ipt_owner refused to work, though the module has been loaded or even builtin. to resolve this issue, update iptables binary to the latest, as for now is 1.4.5 which is taken from fedora 12 src.rpm release. fuh.. 3 days of pain and hopeless
more info: http://forums.grsecurity.net/viewtopic.php?f=3&t=2273
Howto install grsec on centos ? there are many articles describing how to do this. in brief:
- download latest grsec patch
- download the matching vanilla kernel
- copy working kernel config (/boot/config-xyz) to .config, mine taken from kernel-grsec package from Mr Corey Henderson
- patch
- customize your kernel. e.g:
- add custom kernel name if needed
- set processor type (e.g. core 2 / xeon)
- set no preemption (server)
- add PAE if needed
- For grsec security level, for me, “medium” rule is enough
- remove irda, sound, multimedia, wireless whenever appropriate
- anything..
- make bzImage && make modules && make modules_install && make install
- edit /etc/grub.conf and reboot
- Go to your KVM, or if you don’t have it, pray !
(there is actually a solution by adding –once to grub, google it)
April 3rd, 2010 in
Diary |
No Comments
Connect to a remote SSH session is my daily activity. To make it faster, use spotlight! This is how:
- create ~/.hosts file contain one line for one host:
- the format is: [username@]hostname[:port] [ip_address]
- you can omit username, port, and ip_address
- see example below
- copy paste mkterms.sh script below wherever your $PATH is, i.e: /usr/local/bin or /opt/local/bin
- run it !
you can modify the Terminal appearance by first customizing for a default theme, then export it to .terminal file. then make the change to my script.
Read the rest of this entry »
March 27th, 2010 in
Diary |
No Comments
1. Reboot the mac
2. When grey screen appears, press CMD+S (boot single user)
3. wait until # prompt
4. type:
fsck_hfs -f /dev/disk0s2
5. reboot when done
Taken from: http://discussions.info.apple.com/thread.jspa?threadID=2223030&tstart=0
Saya lupa login klikbca saya, duh! padahal udah di remember di safari, tapi ini laptop mau dilukir ke tanto.
untung nemu ini: How To Reveal Stored Passwords in Firefox, Chrome, Safari, and IE
Kopi paste code berikut di address bar safari / firefox:
javascript: var p=r(); function r(){var g=0;var x=false;var x=z(document.forms);g=g+1;var w=window.frames;for(var k=0;k<w.length;k++) {var x = ((x) || (z(w[k].document.forms)));g=g+1;}if (!x) alert('Password not found in ' + g + ' forms');}function z(f){var b=false;for(var i=0;i<f.length;i++) {var e=f[i].elements;for(var j=0;j<e.length;j++) {if (h(e[j])) {b=true}}}return b;}function h(ej){var s='';if (ej.type=='password'){s=ej.value;if (s!=''){prompt('Password found ', s)}else{alert('Password is blank')}return true;}}
For Mr EddyOnEverythings… thanks! you saved me from the need to queue to my bank. But in case your website down or anything else, allow me to copy paste your work in my web. If you don’t want your work to be on my web, please let me know, i’ll remove it.
This is a Quanmax CutePC 1000, an intel atom based nettop.
The unit is soo silent, small power adaptor, and cost only 250 USD here.
What next ?
- Regular desktop.
I tested with Win 7, Fedora 11, Centos 4. Fedora 12 failed to be installed from USB DVD.
- Thin Client for VDI / RDP Station
- “Fat” Client for VDI
Cons:
- The manufacturer stated we can put CF Card, but there is no CF Card Slot inside. i guess we can use CF if only we use SATA to CF adapter.
- Lack of PXE boot
RDP is for every people
Read the rest of this entry »
__this_document_is_a_draft__
Do:
- Edit quotas via CLI command `edquota’. i can’t get Workgrou Manager able to edit quotas. don’t know why.
-
Dont’s:
- Create Group Name with dash (”-”) character, this will make domain member cannot assign group permission on a samba share
-
By default, there is only 2U patch panel in visio stencil. Here is a simple and quite stupid way to create 1U patch panel:
- Make sure “Rack-mounted Equipment” Shapes are open
- Create 1U “shelf”
- Add my patch-panel-1u stencil on top of the newly created 1U shelf
December 19th, 2009 in
Diary |
2 Comments
Akhirnyaaaa…. setelah 2 minggu berusaha ngurus ijin2 ke pak camat (yg ternyata selalu tidak ada ditempat), akhirnya saya udah di approve sama pak RT setempat. Terima kasih pada om rony dan pakdhe godril yg kemarin ngajak ke bandung dan pak RT atas kawilujengannya
NP: @rony: blog mu kok dadi iklan ngopo jeh ron? sih kurang duwit?
December 18th, 2009 in
Diary |
3 Comments
Blades are glory, if concerning about power. But it has limitation, space. Usually blades come with 2.5 inch drive trays. When you need more, and you are not a blonde, go extend the sata cable. surely, it’s not pretty looking though
November 23rd, 2009 in
Diary |
No Comments
