1 |
System.getProperty("catalina.base") + File.separator + "bin" |
1 |
System.getProperty("catalina.base") + File.separator + "bin" |
Symptoms:
– Ping works with no problem, from LAN to LAN,
from WAN to WAN and any cross-subnet combination with the correct NAT/gateway rules.
– TCP connections work in one way or between specific hosts, but in one direction to WAN or from WAN they don’t work,
Slow traffic (~5.67 Kbps) !!!!
– UDP work sometimes,
First : Login Host machine, SERVER which is Main
1 |
$ sudo ethtool -K VMwareswitch17 tx off |
Second: Open pfsense
Disable the hardware checksum offload.
References
https://doc.pfsense.org/index.php/VirtIO_Driver_Support
https://doc.pfsense.org/index.php/Limiters
https://turbofuture.com/computers/How-to-Configure-Deep-Packet-Inspection-Using-pfSense
https://www.reddit.com/r/PFSENSE/comments/45k0n5/pfsense_slow_wan_throughput/
Animation
1 |
http://jsfiddle.net/twTab/3/ |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
<div id="animation"> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging01.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging02.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging03.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging04.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging05.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging06.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging07.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging08.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging09.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging10.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging11.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging12.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging13.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging14.png" /> <img src="http://jumpingfishes.com/dancingpurpleunicorns/charging15.png" /> </div> onload = function startAnimation() { var frames = document.getElementById("animation").children; var frameCount = frames.length; var i = 0; setInterval(function () { frames[i % frameCount].style.display = "none"; frames[++i % frameCount].style.display = "block"; }, 30); } |
ADD this the APACHE site configuration
FcgidMaxRequestLen 80000000
1 2 3 |
VirtualHost *:80> DocumentRoot /var/www/kutayzorlu.com/web FcgidMaxRequestLen 80000000 |
1 |
FcgidMaxRequestLen 80000000 |
Repository:
https://httpd.apache.org/mod_fcgid/mod/mod_fcgid.html
Package names:
1 |
apt-get install msmtp msmtp-mta |
Controlling,, installed well
1 2 |
$ msmtp --version | grep "System configuration" System configuration file name: /etc/msmtprc |
Set the email configuration
1 |
nano /etc/msmtprc |
1 2 3 4 5 6 7 8 9 10 11 12 |
EXample configuration # Kutay Account account Kutay host smtphm.kutayzorlu.ca from from_home@localkutayzorlu.com.name tls on tls_starttls on tls_trust_file /etc/ssl/certs/ca-certificates.crt auth on user me_kutay@kutayzorlu.com password ******** syslog LOG_MAIL |
Apply settings for current user
1 |
msmtp --pretend |
Testing the mail :
1 |
echo "This is a test e-mail " | msmtp -d me@kutayzorlu.com |
1 2 |
sudo mv /usr/sbin/sendmail /usr/sbin/sendmail.bak sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail |
Change mail configuration,
1 |
sudo nano /etc/mdadm/mdadm.conf |
1 2 |
MAILADDR me@kutayzorlu.com MAILFROM kutay_zorlu - mdadm |
Monitoring
1 |
sudo mdadm --monitor --scan --test --oneshot |
Example Crontab,
1 2 |
crontab -e 10 10 1,6,7,10,16,21,24 * * /sbin/mdadm --monitor --scan --test --oneshot or /dev/md12 |
1 |
mdadm --monitor --scan --daemonize --test --syslog (/dev/md[[:digit:]]*) |
Autostart with mdadm
1 2 3 |
#mdadm.conf DAEMON_OPTIONS="--syslog --test (/dev/md[[:digit:]]*)" |
1 |
ps aux | grep mdadm |
The easiest method of installing ModSecurity is to use your existing OS Package Manager application (Yum or Aptitude) to install it from your default OS Repository.
1 2 3 |
$ sudo apt-get install libapache2-mod-security $ sudo a2enmod mod-security $ sudo /etc/init.d/apache2 force-reload |
1 2 |
$ sudo yum install mod_security $ sudo /etc/init.d/httpd restart |
Installation information for IIS
ModSecurity is an open source product licensed under ASLv2. It comes with full source code and documentation. Current releases are signed by Breno Silva. These public keys are available via most PGP key server mirrors.
Installation information for Apache
NOTE: The Nginx module is contained within the Apache archive package. You must first compile ModSecurity with the –enable-standalone-moduleflag and then compile the Nginx code to use it. See the Blog post for more information.
NOTE: Some instabilities in the Nginx add-on have been reported (see the Github issues page for details). Please use the “nginx_refactoring” branch where possible for the most up to date version and stay tuned for the ModSecurity version 4.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
$ cd /usr $ sudo cvs -d anoncvs@anoncvs.fr.NetBSD.org:/cvsroot co -rpkgsrc-2012Q4 pkgsrc /usr/pkg/etc/pkgin/repositories.conf http://packages.netbsdfr.org/latest/6.0/amd64/packages/All # pkgin up vi /etc/mk.conf PKG_OPTIONS.nginx+= naxsi realip # pkgin in nginx $ cd /usr/pkgsrc/www/nginx $ sudo make install clean # cp /usr/pkg/share/examples/rc.d/nginx /etc/rc.d/ # echo "nginx=YES" >> /etc/rc.conf # /etc/rc.d/nginx start # pkgin in php54-fpm $ grep PHP /etc/mk.conf PHP_VERSION_DEFAULT= 54 # cd /usr/pkgsrc/www/php-fpm # make install clean # cp /usr/pkg/share/examples/rc.d/php_fpm /etc/rc.d # echo "php_fpm=YES" >> /etc/rc.conf /usr/pkg/etc/php-fpm.conf /usr/pkg/etc/php.ini # pkgin in mysql-server-5.1 $ cd /usr/pkgsrc/databases/mysql55-server $ sudo make install clean |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
nginx.conf location ~ \.php$ { fastcgi_pass unix:/tmp/fcgi-php.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffers 256 4k; include /usr/pkg/etc/nginx/fastcgi_params; } php-fpm.conf listen = /tmp/fcgi-php.sock listen = 192.168.0.1:9000 listen = 127.0.0.1:9000 fastcgi_pass fastcgi_pass 127.0.0.1:9000; # /etc/rc.d/php-fpm start # nginx -t nginx: the configuration file /usr/pkg/etc/nginx/nginx.conf syntax is ok nginx: configuration file /usr/pkg/etc/nginx/nginx.conf test is successful # nginx -s reload $ cat > test.php <?php phpinfo(); ?> ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## <?php $content = file($_GET['path']); foreach($content as $line) { echo $line; } ?> # NAXSI - /usr/pkg/share/examples/nginx/conf/naxsi_core.rules # cp /usr/pkg/share/examples/nginx/conf/naxsi_core.rules \ /usr/pkg/etc/nginx/ nginx.conf include /usr/pkg/etc/nginx/naxsi_core.rules; naxsi.rules SecRulesEnabled; DeniedUrl "/denied"; ## check rules CheckRule "$SQL >= 8" BLOCK; CheckRule "$RFI >= 8" BLOCK; CheckRule "$TRAVERSAL >= 4" BLOCK; CheckRule "$EVADE >= 4" BLOCK; CheckRule "$XSS >= 8" BLOCK; location /denied { rewrite ^ http://foobar.net/503.gif break; } naxsi.rules include /usr/pkg/etc/nginx/naxsi.rules; $ curl -I -o- http://coruscant/own.php?path=/etc/passwd HTTP/1.1 302 Moved Temporarily Server: nginx/1.2.6 Date: Sun, 17 Feb 2013 13:43:32 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive Location: http://foobar.net/503.gif?ip=192.168.0.1&server=coruscant&uri=/own.php&learning=0&total_processed=4&total_blocked=4&zone0=ARGS&id0=1202&var_name0=path error_log /var/log/nginx/error.log; set_real_ip_from 192.168.0.254; real_ip_header X-Forwarded-For; nginx.conf include /usr/pkg/etc/nginx/sites/*; user www www; worker_processes 1; error_log /var/log/nginx/error.log; events { worker_connections 1024; } http { include /usr/pkg/etc/nginx/mime.types; default_type text/plain; sendfile on; keepalive_timeout 65; set_real_ip_from 192.168.100.254; real_ip_header X-Forwarded-For; include /usr/pkg/etc/nginx/naxsi_core.rules; include /usr/pkg/etc/nginx/sites/*; } sites/ ls sites/ dynamic static server { server_name gcu.info www.gcu.info gcu-squad.org www.gcu-squad.org; root /chemin/vers/gcu/www; include /usr/pkg/etc/nginx/php.conf; } client_max_body_size 20M; include /usr/pkg/etc/nginx/logs.conf; include /usr/pkg/etc/nginx/denied; include /usr/pkg/etc/nginx/global.conf; location / { index index.php index.html; try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include /usr/pkg/etc/nginx/naxsi.rules; include /usr/pkg/etc/nginx/fastcgi_params; } Nous avons parlé de la location ~ \.php$ plus haut dans cet article, aussi voyons le contenu des 3 inclusions : $ cat /usr/pkg/etc/nginx/logs.conf if ($host ~ gcu) { set $log_fqdn $host; } access_log /var/log/nginx/$log_fqdn.access_log; Le fichier global.conf regroupe des paramètres que nous souhaitons inclure dans chacun des vhosts : listen 80; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ /\.ht.* { deny all; } # -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- port 80, 404 robots.txt. htaccess / htpasswd. # -- -- -- -- -- -- -- -- -- ------------------------------------------ - [1] https://github.com/nbs-system/naxsi-rules - [2] http://php.net/manual/en/install.unix.apache2.php - [3] http://code.google.com/p/naxsi/ - [4] http://php-fpm.org/ - [5] http://news.netcraft.com/archives/2013/02/01/february-2013-web-server-survey.html - [6] http://www.nbs-system.com/ - [7] http://www.netbsdfr.org/ - [8] http://wiki.nginx.org/HttpRealipModule - [9] http://fr.wikipedia.org/wiki/Proxy_inverse - [10] http://fr.wikipedia.org/wiki/R%C3%A9entrance - [11] http://www.gcu-squad.org/ - [12] https://www.varnish-cache.org/ - [13] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-138/Varnish-un-proxy-qui-vous-veut-du-bien - [14] http://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-140/Plus-loin-avec-Varnish |