mizerie
hosts.allow hosts.deny
Hosts:
/etc/hosts is used to resolve hostnames for machines behind the firewall, on the 192.168.1. LAN. If an entry is found in /etc/hosts, there is no need to go to the DNS to resolve either hostname or ip address. Here is an example
# Do not remove the following line, or various programs
# that require loopback on 127.0.0.1 or name resolved will fail.
127.0.0.1 localhost.localdomain localhost oururl oururl.net www.oururl.net
192.168.1.10 ourappserver
192.168.1.101 ibookg3
192.168.1.102 w95notebook
192.168.1.103 visiting machine
Hosts to allow & those to deny:
Since about RedHat 7 xinted’s ‘TCP Wrappers’ have been included in the OS, making it easier than ever to be selective about who gets to do what with the services your machine offers via the web. I’ve been told that this software & text-file-on-a-disk reading approach is not as efficient as a more hardware & RAM approach used in hardware routers & firewalls. But I’ve also been told it can keep up with all that can be thrown at the server via a T1.
/etc/hosts.allow and hosts.deny work as a pair to control access to your server. If both files are empty there are no limits and anybody at any ip address can, for example, try guessing userids & passwords all day long. Hosts.allow is read first and if the packet just received matches one of its rules it is let to pass. If no ‘allow rule’ is found the TCP Wrapper continues on to hosts.deny and looks there. If the packet’s ip address, or other criterion, is found there the service is instantly denied. Someone using putty to log into info465.net from anywhere in 200. or another banned network will see their putty window blip out without have the opportunity to enter a password or userid. Xinetd logs attempts, acceptances, and denials so this is easy to police.
Here are hosts.allow & hosts.deny for info465.net. It is an active mail server, hosts http & https web pages, and needs to be relatively ‘open’ for students using its ssh. It must run telnet to provide connectivity for applications that run behind the firewall, but it restricts telnet access to the LAN 192.168.1. If I want to get to it from somewhere else via telnet for some reason I can uncomment the line in hosts.allow and edit it.
Hosts.allow:
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
#in.telnetd: 192.168.1., 128.172.188.201, 64.83.20.139, 64.83.20.138, \
# 128.172.189.
in.telnetd: 192.168.1.
sshd: 70.16., 207.228.
ipop3d: ALL
sendmail: ALL
Hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
in.telnetd: all
sshd: 61., 62., 64.179., 65., 67.18., 69.198., 80.53., 81., 82., 83., 84., \
128.171., 128.123., 128.146., 128.233., \
130., 134., 137., 139., 140., 142., 143., 147., 148., 155., 168., 193., 195., 196., 199., \
200., 201., 202., 203., 205., 206., 207., 209., 210., 211., 212., 213., 217., 218., 219., 220., 221., 222.
Here are hosts.allow & hosts.deny for a more restrictive firewall/mailserver where nobody is expected to ssh in except its administrator, and that is only from a few places outside & anywhere in the LAN. The hosts.deny script says ALL: ALL, meaning that everybody not found in hosts.allow is denied services.
Hosts.allow:
# hosts.allow
ipop3d: 192.168.1.
sendmail: ALL
sshd: 128.372.188.267, 67.679.1.379, 192.168.1.
Hosts.deny:
# hosts.deny
ALL: ALL
Decide which way your server’s TCP needs to be wrappered, most likely to be restrictive…
ClamAV + samba
This is a howto on getting samba + clamav to work on a rpm system
First thing first I need do install samba file server and clamav anti-virus, after configurating my samba share i have made 2 directory’s in /home
- virus
- logs
the virus folder contains the infected files found during scanning and the logs folder contains the report of the scanning witch is send bu email to you.
and added a script in crontab in the root account.
#!/bin/bash
TIME=$(date '+%Y-%m-%d-%T')
/usr/bin/clamdscan --move /home/virus/quarantine -v /home/samba > /home/logs/samba/dailyscan.$TIME
virus=`cat /home/logs/samba/dailyscan.$TIME | grep "Infected files" | awk '{print $3}'`
virus=`cat /home/logs/samba/dailyscan.$TIME | grep "Total errors:" | awk '{print $3}'`
if [ "$virus" != "0" ]; then
mail -u root -s "Virus on Samba File Server : Hostname `hostname`" you@mail.com </home/logs/samba/dailyscan.$TIME
else if [ "$error" != "0" ]; then
mail -u root -s "Error on virus scan Interliner.eu: Hostname `hostname`" you@mail.com </home/logs/samba/dailyscan.$TIME
fi
fi
and set the script to run once a day, in my case in 11:00pm, because the businesses it is not in the hours 
. The reson is that i made it run once a day because it task’s 2 hours to finish the scanning, You can change this 
Creating Multiple Users on Multiple servers
Hey wassup,
I was locking for a method to create multiple users on multiple Linux/Unix machines with different user id group id….. so i brows the internet back and forth and didnt found nothing what i was locking for 
.
So i give up browsing and started scripting, shell scripting exactly because every Linux/Unix system has a “fucking shell” to be able to execute the script.
the zip contains 3 files.
- READ-ME ( it is not finished…. )
- userlist.txt (the file contains the user data, like a /etc/password file )
- and the script to execute useradd.sh
I also forgot the server list file where you add all you servers
I almost forgot about the most import en thing about the script, you need ssh keys on the root account
HPUX Hardware Components
Every recent HP-UX system has several hardware components:
- One or more PA-RISC or Itanium single- or dual-core CPUs for processing data
- One or more Cell Boards or an MIO Controller hosting CPU and memory
- One or more System/Local Bus Adapters that provide connectivity to expansion buses
- One or more PC11/0 expansion buses with slots for add-on Host Bus Adapters
- One or more Host Bus Adapter cards for connecting peripheral devices
- One or more Core 110 cards with built-in LAN, console, and boot disk connectivity
A Management Processor card to provide local and remote console access
Primul Logan electric va fi lansat la Cernavoda
Primul autoturism electric produs in Romania va fi lansat saptamana viitoare de Dacia, chiar in incinta uzinei termo-nucleare de la Cernavoda.
Producatorul de la Mioveni a ales acest inedit loc pentru lansarea noului Model Logan Electrolux din ratiuni extrem de pragmatice, mai precis consumul de 10.000 de Megawati/ora al noii masini.
Construita prin eforturi intelectuale exclusiv romanesti, noua masina electrica va costa aproximativ 10.000 de Euro, dar va avea o autonomie de doar 200 de metri, respectiv lungimea cablului electric prin care este alimentata.
PHC – A PHP to EXE compiler
Since PHP is so powerful, it is natural one would like to develope Windows applications with it. GUI extensions such as PHP-GTK and Winbinder allow users of the PHP command line interface to display GUI widgets in Windows, but the problems of distribution and code exposure still remain. The PHP command line interpreter must be included in any distribution, and the code is left as a text file.
There are a few open source PHP to EXE “compilers” out there, such as PriadoBlender and Embeder that utilize the PHP SAPI to include PHP code in executable files, but most still leave the PHP code plain or obfuscated in such a way that it is accessible to anyone who has a few minutes. PriadoBlender includes you code in an encrypted file, but it’s not much different than running the command line interpreter as the decryption code is exposed as plain text PHP inside the executable. I wanted to find something that would not allow recreation of the exact code. There are a few commercial applications out there that will do this, but they are ridiculously expensive, and inaccessible to the open source community.
In my search for a more elegant solution, I saw a few mentions of the bcompiler extension for PHP that seemed to do everything I wanted; it would join the code and the EXE file, and the code would be converted into PHP byte code, making it much harder to view and reverse engineer. The need for the PHP runtime DLL was still present, but that seems to be true of every PHP compiler, and is akin to the runtime libraries needed for Visual Basic applications.
The only problem was, you needed MS Visual Studio to compile two essential files, and only one was easily accessible. There isn’t much information on bcompiler, but eventually I found this article that mentioned the only known existing copy of the file I was looking for could be found packaged with another program by the author of bcompiler. Even when I did find the two essential files, I found they didn’t work with my PHP runtime, and had to use the one included in the above mentioned package.
Considering how useful bcompiler is, it’s a shame that it is so hard to obtain all of the components needed to produce usable EXEs. So now that I’ve collected all of the needed files, I’ve compiled the compiler script into a stand alone EXE. I present it as PHC, a PHP compiler. It is included in the PHC-SDK, which also includes the full source of PHC as well as a few simple examples to get you started, including two utilizing Winbinder to produce GUI widgets
Download the PHC-SDK with PHC v0.11 (updated from 0.1 because it seemed many people were downloading 0.1 which doesnt work in WinXP)
[UPDATE: PHC has been obsoleted by phc-win]
Suicidal Snowman
Nothing says Happy Holidays like a snowman!