| 1 |
jonen |
1.1 |
|
| 2 |
jonen |
1.3 |
- Unix-Systems |
| 3 |
|
|
o learn howto move/maintain /etc of servers at cvs !! |
| 4 |
|
|
Debian: |
| 5 |
|
|
x search if new packages available, do 'apt-get --dry-run upgrade'! |
| 6 |
|
|
x build small systool script 'apt-get_remote.pl' which do a cronly 'apt-get --dry-run upgrade' and send output via mail |
| 7 |
|
|
o review 'apt-get_remote.pl' |
| 8 |
|
|
o what's about parsing some response for comand like installing some marked packages |
| 9 |
|
|
FreeBSD(stable): |
| 10 |
|
|
o read more about BSD package systems (pkg, cvsup) |
| 11 |
|
|
x for simple package installation/de-installation use pkg |
| 12 |
|
|
x install downloaded package: |
| 13 |
|
|
:# pkg_add <package>-<version>.tgz |
| 14 |
|
|
x install package via remote server(only if package is available as *latest*): |
| 15 |
|
|
pkg_add -r <package>.tgz |
| 16 |
|
|
x using cvsup |
| 17 |
|
|
x newbies could use cvsupit (not what it really does..) |
| 18 |
|
|
:# pkg_add -r cvsupit.tgz |
| 19 |
|
|
- cvsupit will proberly ask you for the default values it |
| 20 |
|
|
place at /etc/cvsupfile, which is used by cvsup |
| 21 |
|
|
- after that it will start cvsup to update your system |
| 22 |
|
|
x if /etc/cvsupfile already exists and you know what you do, |
| 23 |
|
|
this command will update your system (maybe run it via cron...): |
| 24 |
|
|
:# /usr/local/bin/cvsup -g -L 2 /etc/cvsupfile |
| 25 |
|
|
o whats about daemon start-stop scripts (like at linux: /etc/init.d/) ? |
| 26 |
|
|
x configure and compile custom kernel: |
| 27 |
|
|
x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-building.html |
| 28 |
|
|
x create custom kernel conf-file |
| 29 |
|
|
- cd usr/src/sys/i386/conf/ |
| 30 |
|
|
- copy default kenrnel GENERIC to eg MYKERNEL |
| 31 |
|
|
- edit/modify MYKERNEL |
| 32 |
|
|
x configure sources(really?) |
| 33 |
|
|
- run /usr/sbin/config MYKERNEL |
| 34 |
|
|
x build kernel |
| 35 |
|
|
- cd ../../MYKERNEL |
| 36 |
|
|
- make depend |
| 37 |
|
|
- make |
| 38 |
|
|
- make install |
| 39 |
|
|
x use packet fiters (firewall): |
| 40 |
|
|
x read http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html |
| 41 |
|
|
x some options at the kernel have to be enabled: |
| 42 |
|
|
options IPFIREWALL #Compiles into the kernel the code for packet filtering. |
| 43 |
|
|
options IPFIREWALL_VERBOSE #Enables code to allow logging of packets through syslogd. |
| 44 |
|
|
# Without this option, even if you specify that packets should be logged in the filter rules, |
| 45 |
|
|
# nothing will happen. |
| 46 |
|
|
options IPFIREWALL_VERBOSE_LIMIT=10 #Limits the number of packets logged through syslogd on a per entry basis. |
| 47 |
|
|
# You may wish to use this option in hostile environments in which you want to log firewall activity, |
| 48 |
|
|
# but do not want to be open to a denial of service attack via syslog flooding. |
| 49 |
|
|
# When a chain entry reaches the packet limit specified, logging is turned off for that particular entry. |
| 50 |
|
|
# To resume logging, you will need to reset the associated counter using the ipfw(8) utility: |
| 51 |
|
|
# ipfw zero 4500 |
| 52 |
|
|
# Where 4500 is the chain entry you wish to continue logging. |
| 53 |
|
|
options IPFIREWALL_DEFAULT_TO_ACCEPT #This changes the default rule action from ``deny'' to ``allow''. |
| 54 |
|
|
# This avoids the possibility of locking yourself out if you happen to boot a kernel with IPFIREWALL support but have not configured your firewall yet. |
| 55 |
|
|
# It is also very useful if you often use ipfw(8) as a filter for specific problems as they arise. |
| 56 |
|
|
# Use with care though, as this opens up the firewall and changes the way it works. |
| 57 |
|
|
x firewall is enabled at /etc/rc.conf (or /etc/rc.conf.local) |
| 58 |
|
|
firewall_enabled = "YES" |
| 59 |
|
|
firewall_type = "<firewall_type>" |
| 60 |
|
|
x <firewall_type> is either a case at /etc/rc.firewall (/etc/rc.firewall6 for ipv6) |
| 61 |
|
|
or some custom file to read rules from. |
| 62 |
|
|
x Use firewall_type = "OPEN" for default policy 'OPEN' (allow all) |
| 63 |
|
|
|
| 64 |
|
|
|
| 65 |
jonen |
1.1 |
|
| 66 |
|
|
- QoS (Quality of Services) |
| 67 |
|
|
o check it out ! |
| 68 |
|
|
|
| 69 |
|
|
- Apache/php: |
| 70 |
|
|
- apache aliases - redirect '/' to index.php (used for url catching/rewriting) |
| 71 |
|
|
|
| 72 |
|
|
- PHP: |
| 73 |
|
|
x search for php widget lib |
| 74 |
|
|
x APL (http://apl.sourceforge.net) |
| 75 |
|
|
- huge lib in pure C |
| 76 |
|
|
x phphtmllib (http://phphtmllib.newsblob.com) |
| 77 |
|
|
a mainly widget/render lib, written in php, complete OO-based |
| 78 |
|
|
and with nice DataList rendering (abstract source API) |
| 79 |
|
|
x integrated with flib |
| 80 |
|
|
x wrote some classes to browse data-objects via class DataList (new classes flibRPCDataSource, ObjectList, TsBackend) |
| 81 |
|
|
o rename flibRPCDataSource (maybe rework to get more abstract) |
| 82 |
|
|
o review ObjectList amd move it to phphhtmllib |
| 83 |
|
|
x semi-integraded with class FormBuilder from binarycloud via interface class FormElementsInterface |
| 84 |
|
|
x new class DataItem, which render one data object for viewing/editing |
| 85 |
|
|
x integrated new FormProcessing classes from phphtmllib (released one day after interface to binaryclouds Formbuilder was written ;) |
| 86 |
|
|
x refactored DataItem to use now phphtmllib form processing instead of interface to binarycload |
| 87 |
|
|
o review code and move to phphtmllib |
| 88 |
|
|
|
| 89 |
|
|
o XOOPS (http://xoops.org) |
| 90 |
|
|
XOOPS is a dynamic OO (Object Oriented) based open source portal script written in PHP. |
| 91 |
|
|
It is the ideal tool for developing small to large dynamic community websites, intra company portals, |
| 92 |
|
|
corporate portals, weblogs and much more. |
| 93 |
|
|
o binarycloud (http://binarycloud.com) |
| 94 |
|
|
binarycloud is an enterprise class web application platform. binarycloud shares many of the capabilities of products |
| 95 |
|
|
like Oracle 9i AS (Application Server) and IBM's WebSphere: |
| 96 |
|
|
Proper definition of a framework: "A framework supplies the infrastructure and mechanisms that execute a policy for |
| 97 |
|
|
interaction between abstract components with open implementations" |
| 98 |
|
|
- benefits: |
| 99 |
|
|
x much code done yet! |
| 100 |
|
|
- drawbacks: |
| 101 |
|
|
o not-really 100% clean code |
| 102 |
|
|
o complex app which gives you only limited possibilities to use only some classes, so not very modular |
| 103 |
|
|
|
| 104 |
|
|
|
| 105 |
|
|
- OpenLDAP: |
| 106 |
|
|
- Contacts: |
| 107 |
|
|
o Evolution: modify/create schema (map Attribute) so the field 'Note' and others can be used |
| 108 |
|
|
|
| 109 |
|
|
- PAM + SASL |
| 110 |
|
|
o seems pam will only works(will only be activated) if plain passwords are used |
| 111 |
|
|
o read more about PAM special in co-operate with SASL !! |
| 112 |
|
|
|
| 113 |
|
|
- Kerberos V |
| 114 |
|
|
x use GQ LdapBrowser with SASL to authenticate against ldap |
| 115 |
|
|
- this requires a 'kinit <username>' at the shell to get the kerberos ticket |
| 116 |
|
|
- ldap will check your ticket pricipial against its acl's ! |
| 117 |
|
|
o 'libpam-ldap' from Turbo is bad, don't use it !! (remember at 'apt-get upgrade' !!) |
| 118 |
|
|
o write this down in some (existing e.g. sendmail?) howto |
| 119 |
|
|
|
| 120 |
|
|
- Sendmail |
| 121 |
|
|
o research some about sendmail-cluster, 2 mx records, howto to set up second mx/cluster? |
| 122 |
jonen |
1.2 |
x backup mx: |
| 123 |
|
|
- set up second mx at dns |
| 124 |
|
|
- add at backup mx place some like this at /etx/mail/mailtertable: |
| 125 |
|
|
domain.com esmtp:[123.123.123.123] |
| 126 |
|
|
where the ip points to the system the real user accounts |
| 127 |
|
|
and add every domain to /etc/mail/relay-domains: |
| 128 |
|
|
domain.com |
| 129 |
|
|
o whats about these *open* relaying rules(security ?!?) |
| 130 |
|
|
x simple load balancing: |
| 131 |
|
|
- set up two(or more) mx records with same priority at dns |
| 132 |
|
|
- add at every mx place some like this at /etx/mail/mailtertable: |
| 133 |
|
|
domain.com esmtp:[123.123.123.123] |
| 134 |
|
|
where the ip points to the system the real user accounts are |
| 135 |
|
|
note: this will do load balancing between eg 2 mail server, but if one fails, |
| 136 |
|
|
there is only a 50% chance that sent messages would arrive |
| 137 |
jonen |
1.1 |
o change '/etc/init.d/amavisd' to '/etc/init.d/amavis-milter' in howto |
| 138 |
|
|
o migrationtools: |
| 139 |
|
|
o patch migrationtools for sendmail aliases support (/usr/share/migrationtools/migrate_aliases.pl) |
| 140 |
|
|
o create, or search web for, migrationtool for sendmail virtusertable (/usr/share/migrationtools/migrate_virtuser.pl) |
| 141 |
|
|
o review patched kerberosV support at /usr/share/migrationtools/migrate_user.pl? |
| 142 |
|
|
|
| 143 |
|
|
|
| 144 |
|
|
|
| 145 |
|
|
|
| 146 |
|
|
- MySQL: |
| 147 |
|
|
o move this to mysql-common-tasks howto |
| 148 |
|
|
- Create Database |
| 149 |
|
|
:# mysqladmin create <database> |
| 150 |
|
|
- Set Privileges on databases(creates user too, if not exists...): |
| 151 |
jonen |
1.2 |
mysql>grant all on <database>.* to <user> identified by "<pass>"; |
| 152 |
|
|
mysql>grant all on <database>.* to <user>@<domain> identified by "<pass>"; |
| 153 |
jonen |
1.1 |
|
| 154 |
|
|
|
| 155 |
|
|
- Document saving: |
| 156 |
|
|
o remember *.doc is a non-standard, bloated Mircosoft format, use HTML instead !! |
| 157 |
|
|
see http://www.fsf.org/philosophy/no-word-attachments.html |
| 158 |
|
|
|
| 159 |
|
|
- my documents: |
| 160 |
|
|
o convert all howto's to SDF format ( look at 'nfo/doc/computing/sysadmin/linux/example_sdf_howto.sdf' ) |
| 161 |
|
|
o learn more about Lyx/LaTex |
| 162 |
|
|
o convert all howto's to LaTex format ( look at 'nfo/doc/computing/sysadmin/linux/example_latex_howto.lyx' ) |
| 163 |
|
|
|
| 164 |
|
|
|
| 165 |
|
|
|
| 166 |
|
|
|
| 167 |
|
|
future: |
| 168 |
|
|
o build 'black box' to trace for 'spys' at a isdn/internet connection ;) |
| 169 |
|
|
|
Parent Directory
| 
Revision Log
