Jaime Frutos Morales's blog

14/12/2009

How to free disk space in ext2, ext3 and ext4 partitions

Filed under: Linux, SysAdmin — acidborg @ 18:42

When a disk partition is given format using ext2, ext3 or ext4, the filesystem reserves a 5% of its capacity by default for root-only processes to use. It is done to avoid filesystem fragmentation and to allow system daemons to continue writing to the filesystem even after non-privileged processes can’t. This is a good thing to have by default, but a 5% means 25GB on a 500GB drive and that’s too much.

You can reduce this percentage on the fly, without data loss or corruption, using tune2fs. For example, if you want to reduce the space reserved on your /dev/sda1 partition to a 2%, use this command: tune2fs -m 2 /dev/sda1

On non-root partitions like /home or media drives, no reserved space is needed, so you can free that space using this command (assuming that your home partition is /dev/sda3): tune2fs -m 0 /dev/sda3

NOTE: It is not recommended to free all the reserved space on your / partition.

11/12/2009

Book review: Pro OpenSolaris

Filed under: Books, SysAdmin — acidborg @ 01:35

Yesterday, I finished reading “Pro OpenSolaris. A new Open Source OS for Linux developers and administrators“. It introduces the main differences between OpenSolaris and GNU/Linux (SMF, ZFS, zones and containers, Dtrace, etc). It explains all this things from a GNU/Linux user perspective, so if that’s your case, it will be easy to read for you. I missed some other comparisons between common GNU/Linux commands and their OpenSolaris equivalents, but it would have increased dramatically the number of pages of the book. A nice book to start using OpenSolaris.

Pro OpenSolaris

09/12/2009

How to install and configure GreenSQL in Ubuntu 9.10

Filed under: Databases, Security, SysAdmin — acidborg @ 13:12

Description: “GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license”.

Installation:

  • Download its source code from its web.
  • install the needed packages: apt-get install libevent-1.4-2 libpcre3 libmysqlclient15off libpq5 libmysqlclient15-dev libevent-dev libpcre3-dev libpcre3 libpq-dev flex g++ bison build-essential
  • Uncompress it: tar xvfz greensql-fw_*.tar.gz
  • Enter its directory: cd greensql-fw_*
  • Build the deb package: ./build.sh
  • Install the deb package (as root): cd .. && dpkg -i greensql-fw*.deb
  • Answer the questions to connect GreenSQL to your database

Configuration (using Apache):

  • Enter GreenSQL directory: cd /usr/share/greensql-fw
  • Set the right permissions to templates_c : chgrp -R www-data templates_c && chmod -R 770 templates_c
  • Create the file /etc/apache2/conf.d/greensql with the following content(replace [ and ] for angle brackets):
    Alias /greensql /usr/share/greensql-fw
    [Directory /greensql]
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    [/Directory]
  • Restart Apache: apache2ctl restart
  • Access GreenSQL using your web browser (default user is admin and default password is pwd): http://localhost/greensql
  • Change the default admin’s password.
  • Edit GreenSQL configuration to fit your needs (reading this might help).

Use:
To use GreenSQL, you have to change the configuration of the applications which connect to your database and point them to the computer where you have installed GreenSQL (localhost in this case) and the port where GreenSQL is running (3305 in my case to proxy my MySQL database). You can test whether it is working connecting to your database and creating a table (it should appear as an alert named “Detected attempt to create database/table/index” in GreenSQL and it should be blocked if you didn’t change the IPS option). Example:
mysql -u root -h 127.0.0.1 -P 3305 -p
CREATE TABLE greensql_test;

Remember: Although you use database firewalls like GreenSQL, you must prevent SQL injection and other database-related attacks by securing and auditing your application’s code.

04/12/2009

Introducing Rootkit Hunter

Filed under: Security, SysAdmin — acidborg @ 14:28

Description: “Rootkit scanner is scanning tool to ensure you for about 99.9%* you’re clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like:

  • MD5 hash compare
  • Look for default files used by rootkits
  • Wrong file permissions for binaries
  • Look for suspected strings in LKM and KLD modules
  • Look for hidden files
  • Optional scan within plaintext and binary files

Rootkit Hunter is released as GPL licensed project and free for everyone to use“.

Installation:

  • Download the latest version from its web.
  • Uncompress it: tar xvfz rkhunter-*.tar.gz
  • Enter its directory: cd rkhunter-*
  • Install it (as root): ./installer.sh --layout /usr/local --install

Use:

  • To run it (as root): rkhunter --sk -c
  • To check its rsults: less /var/log/rkhunter.log

To obtain valid results, be aware of false positives (check warnings twice) and keep it updated. Remember: security is a process, not a state.

02/12/2009

Create and restore MySQL backups using mysqldump

Filed under: Databases, SysAdmin — acidborg @ 13:02

Description: “The mysqldump client is a backup program originally written by Igor Romanenko. It can be used to dump a database or a collection of databases for backup or transfer to another SQL server (not necessarily a MySQL server). The dump typically contains SQL statements to create the table, populate it, or both. However, mysqldump can also be used to generate files in CSV, other delimited text, or XML format.

To create a backup of a single database: mysqldump --opt -u database_admin_username -p database_name > database_name_backup.sql

To create a backup of all databases: mysqldump --opt -u database_admin_username -p --all-databases > all_databases_backup.sql

To restore a backup: mysql database_name -u database_admin_username -p < database_backup.sql

You might need to create the database you are restoring if you deleted it before:

mysql -u database_admin_username -p
CREATE DATABASE database_name;
QUIT

01/12/2009

Create and restore Trac backups

Filed under: SysAdmin — acidborg @ 14:03

Since Trac uses a database backend (SQLite by default), you can’t just copy its files to make a backup. The tool trac-admin includes an option to do this.

To create a Trac backup: trac-admin /path_to_trac_environment hotcopy /path_to_backup_directory

It will lock the database and make a live copy of your Trac environment to the specified directory. It must NOT exist, otherwise an error will appear (Command failed: [Errno 17] File exists). Once you have made this live copy, you can create a backup of this directory using your favourite backup system.

To restore a Trac backup: stop the process running Trac (usually Apache), copy the content of the backup directory to your Trac environment and restart the process you use to run Trac.

Create a free website or blog at WordPress.com.