python script to backup mysql on debian

#!/usr/bin/env python
import ConfigParser
import os
import time

# On Debian, /etc/mysql/debian.cnf contains ‘root’ a like login and password.
config = ConfigParser.ConfigParser()
config.read(“/etc/mysql/debian.cnf”)
username = config.get(‘client’, ‘user’)
password = config.get(‘client’, ‘password’)
hostname = config.get(‘client’, ‘host’)

filestamp = time.strftime(‘%Y-%m-%d’)

# Get a list of databases with :
database_list_command=”mysql -u %s -p%s -h %s –silent -N -e ‘show databases'” % (username, password, hostname)
for database in os.popen(database_list_command).readlines():
database = database.strip()
if database == ‘information_schema’:
continue
filename = “/backups/mysql/%s-%s.sql” % (database, filestamp)
os.popen(“mysqldump -u %s -p%s -h %s -e –opt -c %s | gzip -c > %s.gz” % (username, password, hostname, database, filename))

you can use this to remove old backup

find /backups/mysql -mtime +5 -print | xargs -r rm

using virtualbox with command line

/usr/bin/VBoxHeadless

You should have the message below :

Sun VirtualBox Headless Interface 3.1.4
(C) 2008-2010 Sun Microsystems, Inc.
All rights reserved.

Usage:
-s, -startvm, –startvm <name|uuid>   Start given VM (required argument)
-v, -vrdp, –vrdp on|off|config       Enable (default) or disable the VRDP
server or don’t change the setting
-p, -vrdpport, –vrdpport <ports>     Comma-separated list of ports the VRDP
server can bind to. Use a dash between
two port numbers to specify a range
-a, -vrdpaddress, –vrdpaddress <ip>  Interface IP the VRDP will bind to
-c, -capture, –capture               Record the VM screen output to a file
-w, –width                           Frame width when recording
-h, –height                          Frame height when recording
-r, –bitrate                         Recording bit rate when recording
-f, –filename                        File name when recording.  The codec
used will be chosen based on the
file extension

webdav ssl on debian

I was looking for a way to easily share documents between machines, since WebDAV shares can be accessed by Windows, Linux or Mac machines out of the box, I choose WebDAV over SSL. I don’t use SSL for anything so WebDAV is served from DocumentRoot. I’ve been using it for a few days, so far it beats carrying USB sticks around.

Enable relevant Apache modules,

<code class=" apache">a2enmod ssl
a2enmod dav_fs
a2enmod <span class="keyword">dav</span>
</code>

Create SSL certificate,

<code class=" cpp"> mkdir /etc/apache2/ssl<br /> openssl req $@ -<span class="keyword">new</span> -x509 -days <span class="number">365</span> -nodes -out /etc/apache2/ssl/apache.pem \<br />     -keyout /etc/apache2/ssl/apache.pem<br /> chmod <span class="number">600</span> /etc/apache2/ssl/apache.pem<br /></code>

Create your WebDAV directory and create a password file,

<code class=" sql">mkdir /path/<span class="keyword">to</span>/webdav/<br />chown www-data /path/<span class="keyword">to</span>/webdav/<br />htpasswd -c /path/<span class="keyword">to</span>/passwd.dav <span class="keyword">user</span><br /></code>

Edit and add the following snippet to the configuration for the host you want to enable WebDAV,

<code class=" apache"> <span class="tag"><VirtualHost *:443></span><br />         <span class="keyword">ServerAdmin</span> <span class="keyword">user</span>@host.com<br />         <span class="keyword">DocumentRoot</span> /path/to/webdav<br /><br />         <span class="keyword">SSLEngine</span> <span class="literal">on</span><br />         <span class="keyword">SSLCertificateFile</span> /etc/apache2/ssl/apache.pem<br /><br />         <span class="tag"><Directory /path/to/webdav/></span><br />            <span class="keyword">DAV</span> <span class="literal">On</span><br />            <span class="keyword">AuthType</span> Basic<br />            <span class="keyword">AuthName</span> <span class="string">"webdav"</span><br />            <span class="keyword">AuthUserFile</span> /path/to/passwd.<span class="keyword">dav</span><br />            <span class="keyword">Require</span> valid-<span class="keyword">user</span><br />        <span class="tag"></Directory></span><br /><br />         <span class="keyword">ErrorLog</span>  /path/to/webdav/error.log<br />         <span class="keyword">CustomLog</span> /path/to/webdav/access.log combined<br /> <span class="tag"></VirtualHost></span><br /></code>

Reload Apache configuration,

<code>/etc/init.d/apache2 reload<br /><br />from <a target="_blank" href="http://nakkaya.com/2010/03/05/webdav-ssl-on-debian/">here</a><br /></code>

riak HTTP/JSON query interface to provide a database ideally suited for Web applications

sameone thanks me for the post 🙂
Riak combines a decentralized key-value store, a flexible map/reduce engine, and a friendly HTTP/JSON query interface to provide a database ideally suited for Web applications.

A document-oriented Web database

Schema-free document databases are in many ways a more natural fit for Web applications than the traditional RDBMS. With interfaces that are natural and convenient for rapid development, and a lack of object-relational mappers and other heavy middleware, applications can be both simpler and more powerful.

A database at Web scale

Developed with solid distributed systems fundamentals from the start, Riak scales out to meet your needs. It also scales down easily, making development and prototyping easy.

A database that eases Web operations

A truly fault-tolerant system, no aspect of Riak involves single points of failure. Since no machines are special or central, the user of Riak can decide exactly how fault-tolerant they would like their application to be.

you can find more here

and a perfect howto to install it here

How to authenticate Apache 2 with Radius on Debian

from here

Install Apache radius module :

1 apt-get install libapache2-mod-auth-radius

enable radius module for Apache :

1 a2enmod auth_radius

open /etc/apache2/apache2.conf and add the following lines to end of file :

1 AddRadiusAuth IP_OF_RADIUS_SERVER:PORT SECRET 5
2 AddRadiusCookieValid 60

go to /var/www folder or the folder which you want to protect and create a .htaccess file inside it containing following lines :

1 AuthType Basic
2 AuthName "AdminseHow Radius Authentication"
3 AuthBasicAuthoritative Off
4 AuthBasicProvider radius
5 AuthRadiusAuthoritative on
6 AuthRadiusActive On
7 Require valid-user

restart Apache :

1 /etc/init.d/apache2 restart

for more info regarding the configuration options , you can read the following link :
http://freeradius.org/mod_auth_radius/


google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);google_protectAndRun(“ads_core.google_render_ad”, google_handleError, google_render_ad);

prepare firefox to be ethical

Here is an updated list of useful security auditing extensions :

Information gathering

Whois and geo-location
ShowIP : Show the IP address of the current page in the status bar. It also allows querying custom services by IP (right mouse button) and Hostname (left mouse button), like whois, netcraft.
Shazou : The product called Shazou (pronounced Shazoo it is Japanese for mapping) enables the user with one-click to map and geo-locate any website they are currently viewing.
HostIP.info Geolocation : Displays Geolocation information for a website using hostip.info data. Works with all versions of Firefox.
Active Whois : Starting Active Whois to get details about any Web site owner and its host server.
Bibirmer Toolbar : An all-in-one extension. But auditors need to play with the toolbox. It includes ( WhoIs, DNS Report, Geolocation , Traceroute , Ping ). Very useful for information gathering phase

continue on:

http://www.security-database.com/toolswatch/Turning-Firefox-to-an-Ethical.html

samba trash and recycled tips

To use the VFS modules, create a share similar to the one below. The important parameter is the vfs objects parameter where you can list one or more VFS modules by name. For example, to log all access to files and put deleted files in a recycle bin, see the smb.conf with VFS modules example:

Example 23.1. smb.conf with VFS modules

[audit]
comment = Audited /data directory
path = /data
vfs objects = audit recycle
writeable = yes
browseable = yes

The modules are used in the order in which they are specified. Let’s say that you want to both have a virus scanner module and a recycle bin module. It is wise to put the virus scanner module as the first one so that it is the first to get run and may detect a virus immediately, before any action is performed on that file. vfs objects = vscan-clamav recycle

Samba will attempt to load modules from the /lib directory in the root directory of the Samba installation (usually /usr/lib/samba/vfs or /usr/local/samba/lib/vfs).

Some modules can be used twice for the same share. This can be done using a configuration similar to the one shown in the smb.conf with multiple VFS modules.

Example 23.2. smb.conf with multiple VFS modules

[test]
comment = VFS TEST
path = /data
writeable = yes
browseable = yes
vfs objects = example:example1 example example:test
example1: parameter = 1
example: parameter = 5
test: parameter = 7

Included Modules

audit

A simple module to audit file access to the syslog facility. The following operations are logged:

share

connect/disconnect

directory opens/create/remove

file open/close/rename/unlink/chmod

default_quota

This module allows the default quota values, in the windows explorer GUI, to be stored on a Samba-3 server. The challenge is that linux filesystems only store quotas for users and groups, but no default quotas.

Samba returns NO_LIMIT as the default quotas by default and refuses to update them. With this module you can store the default quotas that are reported to a windows client, in the quota record of a user. By default the root user is taken because quota limits for root are typically not enforced.

This module takes 2 parametric entries in the smb.conf file. The default prefix for each is the “default_quota”. This can be overwrittem when you load the module in the vfs modules parameter like this:

vfs objects = default_quota:myprefix
The parametric entries that may be specified for the default_quotas module are:

myprefix:uid
This parameter takes a integer argument that specifies the uid of the quota record that will be used for storing the default user quotas.

The default value is 0 (for root user). An example of use is:

vfs objects = default_quota
default_quota: uid = 65534
The above demonstrates the case where the myprefix was omitted, thus the default prefix is the name of the module. When a myprefix parameter is specified the above can be re-written like this:

vfs objects = default_quota:myprefix
myprefix: uid = 65534
myprefix:uid nolimit
This parameter takes a boolean argument that specifies if the stored default quota values also be reported for the user record, or if the value NO_LIMIT should be reported to the windows client for the user specified by the prefix:uid parameter.

The default value is yes (which means to report NO_LIMIT). An example of use is shown here:

vfs objects = default_quota:myprefix
myprefix: uid nolimit = no
myprefix:gid
This parameter takes an integer argument, it’s just like the prefix>:uid but for group quotas. NOTE: group quotas are not supported from the windows explorer.

The default value is 0 (for root group). An example of use is shown here:

vfs objects = default_quota
default_quota: gid = 65534
myprefix:gid nolimit
This parameter takes a boolean argument, just like the prefix>:uid nolimit but for group quotas. NOTE: group quotas are not supported from the windows explorer.

The default value is yes (which means to report NO_LIMIT). An example of use is shown here:

vfs objects = default_quota
default_quota: uid nolimit = no
An example of use of multiple parametric specifications is shown here:


vfs objects = default_quota:quotasettings
quotasettings: uid nolimit = no
quotasettings: gid = 65534
quotasettings: gid nolimit = no

to delete file from trash
use this useful script (thanks to Duncan)

#!/usr/bin/perl -w
# v1.0
# Copyright (c) Duncan McNutt May 2008. Free for personal use.
# Please send enhancements & bug reports back to me duncan _at_ aranea net
# For commercial use, please contact me.
#
# This script will clean out samba 3.x vfs recycle trash/rubbish bins.
# It looks for all files with an access date older than a certain number of
# days and deletes them. Empty directories will be deleted as well.
#
# There is a lot of outdated information on the recycle feature of samba.
# For up to date documentation on the recycle feature, see:
# http://www.samba.org/samba/docs/man/manpages-3/vfs_recycle.8.html
#

# List of the shares with recycle bins goes here, use colons “:” to separate
# the different directories.
$recycledirs = “/home/exampledir:/home3/groupshare:/home/you-didnt-configure-this-yet”;

# If I have time I will write a smb.conf parsing script to get it from there,
# but don’t hold your breath.

# If you are paranoid (like me) and don’t trust scripts that delete things
# without testing them first, then set this to one for dry runs.
# This is a good idea the first time you run this script, you may have mistyped
# a directory above…
# This can be 0 for off and 1 for on.
$testing = 0;

# After how many day in the recycle bin should the files be removed?
# Most people seem to think a week is fine.
$maxage = 7;

# The next parameter needs to be set depending on how the recycle system
# handles the dating of the “deleted” files. Most administrators “touch”
# (update the timestamp) on the files to mark the date they were moved to the
# recycle bin. This allows you to use scripts such as this to delete them
# later based on thier age.
#
# There are two ways to mark the files that were moved to the recycle bin:
# “recycle:touch specifies whether a file’s access date should be updated when
# the file is moved to the repository.
# So if you use “recycle:touch = true” then use “atime” below
# “recycle:touch_mtime specifies whether a file’s last modified date should be
# updated when the file is moved to the repository.
# So if you use “recycle:touch_mtime = true” then use “mtime” below
#
# ATTENTION: you must set either the touch or the touch_mtime for each recycle
# entry in smb.conf for this script to work!!!
#
# As most of the tips in the internet use touch, atime is the default.
#$modifiedtime = “mtime”;
$modifiedtime = “atime”;

# Following is the name of the recycle bin, the default is “.recycle”
# This can be changed with the “recycle:repository = ” option in smb.conf
$recyclename = “.recycle”;

# Extra messages for each action is printed when “verbose” is on.
# 0 means be quite; 1 means print informative output, 2 means print everything
$verbose = 1;

# ——————————————————
# END OF CONFIG
# ——————————————————

@dirs = split(/:/, $recycledirs);
if ($testing) { $verbose = 2; }

foreach (@dirs) {
if (! -d $_ ) {
print “ERROR IN CONFIG OF $0 , this is not a directory: $_\n”;
next;
}
$dirpath = “$_/$recyclename”;
if (! -d $_ ) {
print “ERROR IN CONFIG OF $0 , this not a directory: $dirpath\n”;
next;
}
if ($verbose) { print “Processing directory: $dirpath\n”; }

# Delete all old files older than maxage.
#`find “$dirpath” -$modifiedtime +$maxage -delete`;
@a=`find “$dirpath” -$modifiedtime +$maxage`;
if ($verbose) { $count = 0; print “Deleting files: ” };
$count = 0;
foreach (@a) {
chomp($_);
if ($verbose) { $count++; ($verbose==2 ? print “$_ ” : print “.”) };
if (! $testing) {
unlink($_);
}
}
if ($verbose) { print “\nDeleted $count files.\n” };

# Delete the empty directories.
# The mindepth makes sure we do not delete the recycle directory itself.
# `find “$dirpath” -mindepth 1 -type d -empty -delete`;
@a=`find “$dirpath” -mindepth 1 -type d -empty | sort -r`;
foreach (@a) {
if ($verbose) { print “Deleting empty directory: $_” };
if (! $testing) {
chomp($_);
rmdir ($_);
}
}
}