tag:blogger.com,1999:blog-201275832024-03-19T15:19:33.832+07:00My Blogdicatat dibagi semoga bermanfaatainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.comBlogger122125tag:blogger.com,1999:blog-20127583.post-295262438028026072016-03-29T14:46:00.000+07:002016-03-29T14:46:07.430+07:00Posting baru setelah lama vakumSudah sekian lama blog ini tidak tersentuh. Sekarang ini mencoba untuk konsisten menulis lagi, mendokumentasikan kerjaan harian, karena semakin lama semakin sering lupa :P. Too much multitasking will kill you haha..<br />
<br />
Postingan berikut-berikutnya juga masih sama, catatan mengenai kegiatan, percobaan instalasi, atau apapun yang lebih banyak kerjaan related, IT related.<br />
<br />
Yang jelas target saya adalah kembali belajar FreeBSD setelah sekian lama saya tidak update mengenai packagenya yang udah ganti ke pkgng, proses instalasinya yang semakin simple di versi 9 ke atas dan hal lain yg terkait dengan security, webserver dan database server.<br />
<br />
<br />Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com2tag:blogger.com,1999:blog-20127583.post-80288034576707134742013-11-22T15:10:00.002+07:002013-11-22T15:10:34.589+07:00NFS server di FreeBSD<br />
<br />
<ol>
<li>% su</li>
<li># ee /etc/exports</li>
<li>add the following line:</li>
</ol>
<blockquote>
/usr/ports/distfiles -maproot=root 10.10.7.4 </blockquote>
Start NFS server<br />
<ol>
<li>% su</li>
<li># rpcbind</li>
<li># nfsd -u -t -n 4</li>
<li># mountd -r</li>
</ol>
setelah edit <span style="font-style: italic;">exports</span> file, reload dgn :<br />
<ol>
<li>% su</li>
<li># /etc/rc.d/mountd onereload</li>
</ol>
Also, the <span style="font-style: italic;">showmount</span> command can be used to display the exports on the server:<br />
<ol>
<li>% su</li>
<li># showmount -e</li>
</ol>
Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-78414995039489284772013-11-21T12:09:00.003+07:002013-11-21T12:09:15.923+07:00Rsync dari remote server ke lokal rsync -Pae "ssh -p 2233" root@10.10.7.25:/var/hosting /dataku/<br />Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-9076083831053151842012-11-23T10:03:00.003+07:002012-11-23T10:04:09.169+07:00mengarahkan eth ke vlan pada ciscoBerikut ini adalah cara untuk menambahkan port 17 pada switch untuk masuk ke vlan2 pada cisco switch catalys<br />
<br />
catalyst-ku(config)#interface Fa0/17<br />
catalyst-ku(config-if)#sw<br />
catalyst-ku(config-if)#switchport ac<br />
catalyst-ku(config-if)#switchport access vl<br />
catalyst-ku(config-if)#switchport access vlan 2<br />
<br />
<br />
<br />
Untuk menghilangkan mode trunk ketik perintah berikut :<br />
no switchport mode access<br />
no switchport trunk encapsulation dot1qRunhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com4tag:blogger.com,1999:blog-20127583.post-18076130380227013362012-11-20T10:11:00.001+07:002012-11-20T10:38:33.406+07:00php.ini dan httpd.confexpose_php = Off<br />
max_execution_time = 30<br />
max_input_time = 60<br />
memory_limit = 128M / 1024M<br />
error_log = php_errors.log<br />
post_max_size = 8M<br />
doc_root =<br />
user_dir =<br />
enable_dl = Off<br />
file_uploads = On<br />
upload_max_filesize = 2M<br />
allow_url_fopen = Off<br />
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.<br />
; http://php.net/allow-url-include<br />
allow_url_include = Off<br />
<br />
<br />
AddType application/x-httpd-php .php<br />AddType application/x-httpd-php-source .phps<br />ServerRoot "/usr/local"<br />Listen 80<br />#LoadModule authn_file_module libexec/apache22/mod_authn_file.so<br />#LoadModule authn_default_module libexec/apache22/mod_authn_default.so<br />#LoadModule authn_alias_module libexec/apache22/mod_authn_alias.so<br />#LoadModule cgi_module libexec/apache22/mod_cgi.so<br />#LoadModule version_module libexec/apache22/mod_version.so<br />LoadModule mime_magic_module libexec/apache22/mod_mime_magic.so<br />LoadModule mime_module libexec/apache22/mod_mime.so<br />LoadModule charset_lite_module libexec/apache22/mod_charset_lite.so<br />LoadModule ssl_module libexec/apache22/mod_ssl.so<br />LoadModule authz_host_module libexec/apache22/mod_authz_host.so<br />LoadModule authz_user_module libexec/apache22/mod_authz_user.so<br />LoadModule authz_owner_module libexec/apache22/mod_authz_owner.so<br />LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so<br />LoadModule include_module libexec/apache22/mod_include.so<br />LoadModule filter_module libexec/apache22/mod_filter.so<br />LoadModule deflate_module libexec/apache22/mod_deflate.so<br />LoadModule log_config_module libexec/apache22/mod_log_config.so<br />LoadModule logio_module libexec/apache22/mod_logio.so<br />LoadModule headers_module libexec/apache22/mod_headers.so<br />LoadModule unique_id_module libexec/apache22/mod_unique_id.so<br />LoadModule setenvif_module libexec/apache22/mod_setenvif.so<br />LoadModule autoindex_module libexec/apache22/mod_autoindex.so<br />LoadModule vhost_alias_module libexec/apache22/mod_vhost_alias.so<br />LoadModule dir_module libexec/apache22/mod_dir.so<br />LoadModule alias_module libexec/apache22/mod_alias.so<br />LoadModule rewrite_module libexec/apache22/mod_rewrite.so<br />LoadModule php5_module libexec/apache22/libphp5.so<br /><br />Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com1tag:blogger.com,1999:blog-20127583.post-38017339915581287762012-11-05T11:19:00.000+07:002012-11-05T11:20:46.656+07:00FreeBSD as RouterBerikut ini tulisan mengenai instalasi freebsd sebagai router.<br />
<br />
Setelah melakukan fresh install sesuai http://runia2001.blogspot.com/search?q=instalasi+freebsd. Akan muncul konfirmasi apakah reboot atau melakukan setting. Jangan lgs reboot tapi pilih configure.<br />
<br />
Lakukan hal berikut :<br />
1. Ganti root passwd dengan memilih "root password", masukkan password root.<br />
2. Tambah user dengan memilih user management, pastikan group berisi angka 0 atau isi dgn wheel itu artinya user kita setara root / admin<br />
3. Sesuaikan time zone dengan memilih menu "time zone"<br />
4. Pilih networking, centang sshd, centang gateway, pilih interfaces dan masukkan IP untuk mesin tsb.<br />
5. konfigure ttys, beri tanda # dari ttyv3 s/d ttyv7. hal ini akan mematikan console ttyv3 sd 7.<br />
<br />
Reboot.<br />
<br />
Setelah masuk ke login, masukkan password root dan pastikan bisa ping ke jaringan. Jika sudah bisa di ping dari jaringan maka coba lakukan ssh dari komputer lain, hal ini akan memudahkan instalasi dan configure karena Anda tidak harus berdiam diri dalam ruang server ;).<br />
<br />Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-32689186952215005752012-10-18T10:07:00.001+07:002012-10-18T14:00:12.129+07:00Migrasi email account dan data dari postfixadmin mysql ke zimbraHal yang perlu dilakukan untuk migrasi tentu saja instalasi zimbra mailserver. Saya menggunakan OS Ubuntu 10 LTS dgn ZCS 7.2
Langkah berikutnya kurang lebih sbb :<br />
1. List semua domain yg ada pada mailserver lama dan tambahkan domain ke zimbra melalui zimbra admin https://webmai.domain.ltd:7071. Klik pada panel kiri menu configuration klik domain. Klik new tambahkan domain email di server lama klik finish.<br />
2. Eksport email account dari mailserver lama<br />
3. Import email account ke server zimbra<br />
4. Pindahkan data email dari server lama ke server zimbra.<br />
<br />
Detailnya sbb :
Point 1 saya kira sudah jelas, point2 selanjutnya penjelasannya sbb :
<br />
<br />
2. Eksport email account dari mailserver lama <br />
Gunakan script php berikut berikut, sesuaikan login dan nama db email.
Simpan dgn nama misalnya eksport.php dan jalankan dgn perintah php eksport.php
jika berhasil maka akan file exported.sh akan digenerate.
<br />
<blockquote>
<pre><?php
/////////////////////////////////////////////////////////
$user="Your_mysql_login";
$pass="Your_mysql_pass";
$base="Your_mysql_database";
$tabl="Your_Table_mailbox"; //table
$file="exported.sh";
/////////////////////////////////////////////////////////
echo "Usage: as "zimbra" user on destination server:n";
echo "# sh ./exported.shnn";
echo "";
$mydb = mysql_connect('localhost',$user, $pass) or die ('Error of connection with server');
mysql_select_db($base);
mysql_query("SET CHARACTER SET utf8");
mysql_query("SET NAMES utf8");
$query = "SELECT username,password,name,maildir,quota,domain FROM ".$tabl;
$dane = mysql_query($query) or die ('Error during query for bazy1'.mysql_error());
$handle = fopen($file, "w");
while ($row = mysql_fetch_array($dane, MYSQL_NUM))
{
$StringData = "zmprov ca ".$row[0]." dsfs123hsdyfgbsdgfbsd displayName '".$row[2]."'n";
fwrite($handle, $StringData);
$StringData = "zmprov ma ".$row[0]." userPassword '{crypt}".$row[1]."'"."n";
fwrite($handle, $StringData);
}
?>
</pre>
</blockquote>
<br />
3. Import email account ke server zimbra<br />
Copy file exported.sh ke mailserver zimbra, ubah owner filenya jadi milik zimbra dan beri hak akses eksekusi (chmod), ketik :
# su - zimbra
$ ./home/aku/exported.sh
Tunggu sampai proses selesai dan coba cek pada halaman zimbra admin, apakah account sudah masuk atau belum.<br />
<br />
4. Pindahkan data email dari server lama ke server zimbra.<br />
Pada mailserver lama email disimpan pada directory /usr/local/virtual. Gunakan perintah scp di server zimbra untuk mengambil semua file.<br />
# cd /usr/local<br />
# scp -r -P 22 root@ipserverlama:/usr/local/virtual .<br />
Tunggu sampai selesai.<br />
Format dari file email sbb /usr/local/virtual/nmdomain/username/...<br />
<br />
Setelah selesai proses pengambilan email lewat scp, buat sebuah file dgn nama convertmail.sh yg isinya script sbb :<br />
<blockquote class="tr_bq">
<br />
<pre style="padding-left: 30px;">#!/bin/bash
# Postfix virtual transport -> Zimbra mailbox migration
# written by NERvOus (http://www.nervous.it) - 2009-12-25, Modified By Gigih Forda Nama 2011
# base folder where msgs will be imported
BFOLDER="Arsip-Mail"
ZMMBOX="/opt/zimbra/bin/zmmailbox"
BDIR=$(pwd)
echo You must run $0 from inside /var/mail/virtual directory
echo $0 expects to find the mailboxes in the current path!
echo The structure of maildirs must be as follows:
echo
echo "domain/username/{cur|new|tmp}"
echo "domain/username/subfolder1/{cur|new|tmp}"
echo "domain/username/subfolder2/{cur|new|tmp}"
echo ...
echo
echo All folders will be stored in a subfolder called $BFOLDER
echo The hierarchy of subfolders will be maintained under $BFOLDER.
echo
echo Press Enter to start, CTRL+C to abort.
read
# handle folders with a space inside, they are more common than you may
# think
IFS='
'
for p in $(find . -type d -name cur); do
DOMAIN=`echo $p | cut -d'/' -f2`
UNAME=`echo $p | cut -d'/' -f3`
DIRNAME=`echo $p | cut -d'/' -f4`
# this may fail, if folder already exists. Who cares. Ignore the
# error.
echo createFolder /$BFOLDER | $ZMMBOX -z -m $UNAME@$DOMAIN
if [ "$DIRNAME" == "cur" ]; then
echo Importing INBOX folder for $UNAME@$DOMAIN from $BDIR/$DOMAIN/$UNAME/ 1>&2
# we are importing the top level folder
echo addMessage /$BFOLDER $BDIR/$DOMAIN/$UNAME/cur | $ZMMBOX -z -m $UNAME@$DOMAIN
echo addMessage /$BFOLDER $BDIR/$DOMAIN/$UNAME/new | $ZMMBOX -z -m $UNAME@$DOMAIN
else
DIRNAME=$(echo $DIRNAME | sed -e 's//cur$//')
echo Importing folder $DIRNAME for $UNAME@$DOMAIN from $BDIR/$DOMAIN/$UNAME/$DIRNAME 1>&2
echo createFolder '/$BFOLDER/$DIRNAME' | $ZMMBOX -z -m $UNAME@$DOMAIN
echo addMessage '/$BFOLDER/$DIRNAME' '$BDIR/$DOMAIN/$UNAME/$DIRNAME/cur' | $ZMMBOX -z -m $UNAME@$DOMAIN
echo addMessage '/$BFOLDER/$DIRNAME' '$BDIR/$DOMAIN/$UNAME/$DIRNAME/new' | $ZMMBOX -z -m $UNAME@$DOMAIN
fi
done</pre>
<br /></blockquote>
Tunggu hingga proses selesai, dan coba login ke account anda di mailserver zimbra.<br />
Script taken from : http://staff.unila.ac.id/gigih/2011/08/04/mail-migration-from-postfix-mysql-to-zimbraldap-backend-again/ Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com8tag:blogger.com,1999:blog-20127583.post-64734502733737996102012-09-19T12:50:00.002+07:002012-09-19T12:50:47.228+07:00Error upload dan install template pada joomla There was an error uploading this file to the server.Ini nih pengalaman baru, waktu mau ada yg coba install template baru di joomlanya. Ketika upload file template (zip file) dr menu extension manager keluar error kalo upload gagal.<br />
Pertama aku cek sih emang salah path foldernya karena awalnya kan di install di windows terus di pindah ke server unix based.<br />
Nah udah aku benerin, kalo permission file sih aku yakin ga ada masalah. Udah ta buka error info php, disable function juga udah aku kosongi masihh aja belum bisa.. hampir frustasi karena error log ga ada juga.<br />
Sampe aku coba tak chmod 777 saking gemesnya hahah.. tetep ga bisa.<br />
Aku cek php.ini post_max_size udah 8MB nahh file template ini sizenya cmn 2MB lebih dikit. duhhh masih ga bisa juga.<br />
Finally aku cek upload_max_size nahh ini nihh cm 2MB. Kucoba naikkan dan restart webserver.<br />
Alhamdulilahhhh bisaaaaa..... ;)<br />
<br />ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-13739698486597384112012-09-13T14:51:00.002+07:002012-09-13T14:51:43.007+07:00mengambil baris tertentu dari data dgn awkSebenarnya bingung dgn judul postingnya, yang jelas saya butuh manipulasi dari data/list yg tampil lewat shell..<br />
<br />
Contohnya sbb :<br />
<br />
Saya ingin merubah owner banyak directory beserta subnya. Nah ownernya folder saat ini ada milik root sedangkan di server lain beda-beda. Sebagai contoh sbb :<br />
<br />
Data awal :<br />
<br />
# pwd<br />
/home<br />
# ls (data saya di server A)<br />
drwxr-xr-x 10 a a 4096 2012-03-20 09:04 BACKUP/<br />drwxr-xr-x 17 b b 4096 2012-03-03 11:35 Image/<br />
drwxr-xr-x 17 c c 4096 2012-03-03 11:35 Image2/<br />
dst..<br />
<br />
# Setelah saya copy ke server B ownernya berubah milik root semua<br />
maka saya perlu merubah sesuai list diatas dgn perintah chown<br />
akan tetapi terlalu capek dan ribet kan kalo manual.<br />
<br />
So lets begin with the magic of awk<br />
<br />
di server A ketik :<br />
# ll | awk '{print "chown -R " $3":"$4,$8}' >> /home/ubahmode<br />
Perintah awk diatas untuk memodif sedikit dari tampilan ls dan menyimpannya pada file di home dgn nama file ubahmode<br />
<br />
$3 : artinya ambil data kolom ke 3<br />
":" : menyisipkan tanda petik<br />
<br />
Jika selesai tinggal copy file ubahmode ke server B, tambahkan hak eksekusi dgn perintah chmod +x ubahmode<br />
Jalankan dgn perintah sh -x ./ubahmode<br />
<br />
<br />
;)<br />
<br />
<br />
<br />
Untuk kalimat yg gandeng juga bisa diambil lohh<br />
<br />
Misalnya mau ambil text tertentu dari /etc/passwd<br />
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh<br />
mail:x:8:8:mail:/var/mail:/bin/sh<br />
Nah kalo cuman butuh data user, uid dan hak shellnya bisa pake perintah<br />
<br />
<br />
more /etc/passwd | awk 'BEGIN {FS=":"};{print $1,$3,$7}'<br />
<br />
<br /><br />
<br />
<br />ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-16299060421490092352012-04-24T14:27:00.000+07:002012-04-24T14:41:38.138+07:00instalasi dan sinkronisasi file menggunakan rsync dan sshTulisan ini sekaligus update tulisan lama saya. Yang sepertinya kurang lengkap :)
Disini misal ada 2 Server 10.10.10.14(server) dan 10.10.10.16(backup/mirror). Dan port ssh 22
Langkah2nya sbb :
1. Masuk ke /home di 10.10.10.16 (server backup)
Di directory /home inilah nanti file authentifikasi akan disimpan. Dan perintah rsync dijalankan.
2. Ketik ssh-keygen -f loginku -t rsa dan tekan enter.
Pada pilihan passwd langsung tekan enter 2x. Dan akan ada 2 file loginku dan loginku.pub
3. Copykan file loginku.pub ke /root/.ssh pada server utama (10.10.10.14) dan rename menjadi authorized_keys2.
hasilnya sbb /root/.ssh/authorized_keys2
4. Sekarang coba login dari server backup masuk ke /home dan ketik :
ssh -i loginku root@10.10.7.14 -p 22
Jika berhasil maka tanpa passwd harusnya login bisa dilakukan tanpa password.
5. Perintah rsync sbb :
/usr/local/bin/rsync -e "ssh -i loginku -l root -p 22" -avz root@10.10.10.14:/home/coba /home/coba
sent 188 bytes received 35168 bytes 70712.00 bytes/sec
total size is 42515051 speedup is 1202.48
Nah ada satu tips lagi agar lebih secure. Yaitu hanya mengijinkan root untuk login dari ip 10.10.10.16 (server backup saja).
Caranya sbb :
1. Tambahkan baris berikut pada /etc/security/access.conf
-:root:ALL EXCEPT 10.10.7.16
Perintah diatas adalah mengijinkan semua user untuk login dr ip manapun kecuali untuk root harus login dari 10.10.7.16
2. Tambahkan baris berikut pada /etc/pam.d/sshd
account required pam_access.soRunhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com1tag:blogger.com,1999:blog-20127583.post-9145107378588885372012-04-21T11:24:00.002+07:002012-04-21T11:24:40.155+07:00Installasi NFS server di SLESInstalasi NFS server di SLES 11 SP 1
Jika dari yast :
# yast2
# pilih network service
# pilih NFS
# Setting directory, IP NFS client
# Finish
Jika dari Zypper
# zypper install -y nfs-kernel-server
# nano /etc/exports
/home 10.10.7.1(rw,sync,no_root_squash) atau bisa juga
/home/www 10.10.7.1 10.10.7.22 10.10.7.23 *(fsid=0,crossmnt,ro,root_squash,sync,no_subtree_check)
Start daemon
# /etc/init.d/rpcbind start
# /etc/init.d/nfsserver start
Edit startup
# chkconfig rpcbind on
# chkconfig nfsserver onRunhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-34637846921604106642011-12-15T11:39:00.002+07:002011-12-15T11:43:33.212+07:00Apache22 Port di FreeBSD 8.2 StableKemarin setelah update ke FreeBSD stable 8.2 dan CVsup it coz me trouble.<br />In da middle on installation i got<br /><br />/usr/ports/www/apache22/work/httpd-2.2.16/support/htpasswd.c:133: undefined reference to `apr_generate_random_bytes'<br />*** Error code 1<br />1 error<br /><br />it made me frustated, after a day search and following instruction from freebsd forum i got nothing. so i assume that maybe something wrong with the port and i have to fix it. <br /><br />Here is the solution i've found from the inet to fix a broken port.<br />It works for me .. :)<br /><br /># Change into the ports directory<br />cd /usr/ports/<br /># First fetch ports index<br />make fetchindex<br /># Build the ports database<br />portsdb -u<br /># Show out of date ports<br />pkg_version -l "<"<br /># Upgrade ports<br />portupgrade -arR<br /># Check for stale dependencies<br />pkgdb -F<br /># Clean out work directories and delete old distfiles<br />portsclean -CDD _________________Runhttp://www.blogger.com/profile/17015113499951735876noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-29638699498152106232011-11-08T10:48:00.003+07:002011-11-08T10:52:57.209+07:00Next...Ternyata banyak sekali aplikasi di OS yg kupake ini yg sangat berguna<br />tapi aku belum tahu, dan sekarang sudah tahu tambah bingung..<br />mau yg mana duluan..<br />baru coba ngoprek openLDAP kok malah macet..<br />hikss...<br /><br />belum lagi HAST untuk clustering storage..<br />uCARP untuk balancingnya..<br />Wow..<br />Wow..<br />Wowowowow...<br />Speechless...ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-54417362736127147752011-11-04T11:12:00.003+07:002011-11-08T10:51:43.099+07:00mengaktifkan log pada mysqlBuat directory log mysql, misal<br />mkdir /var/log/mysql<br />chown mysql:mysql /var/log/mysql<br /><br />Tambahkan baris berikut pada config file mysql my.cnf<br /><br />[mysqld_safe]<br />log-error=/var/log/mysql/error.log<br /><br /># The MySQL server<br />[mysqld]<br />log-error=/var/log/mysql/error.log<br /><br />restart mysqlainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-67486551756832975772011-07-02T13:07:00.001+07:002011-07-02T13:07:47.678+07:00Instalasi dan Konfigurasi SYSLOG-NG dengan database MYSQL.SYSLOG-NG adalah daemon yang bisa digunakan untuk menggantikan syslogd di FreeBSD atau di Linux yang berfungsi untuk merekam log2 yang ada, baik itu server berbasis linux, bsd ataupun mikrotik ;)<br />Dengan SYSLOG-NG yang digabung dengan database MySQL maka kita bisa menyimpan semua log secara terpusat dalam satu database, sehingga mudah untuk di manage.<br /><br />Untuk Web Interface tampilan log saya memakai php-syslog-ng yg bisa di download di http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz<br />Syaratnya server anda sudah ada webserver support php<br /><br /># cd /usr/local/www<br /># fetch http://php-syslog-ng.googlecode.com/files/php-syslog-ng-2.9.8.tgz<br /># tar -xzvf php-syslog-ng-2.9.8.tgz<br /># chown -R www:www php-syslog-ng<br /># edit httpd.conf <br />Alias /log "/usr/local/www/php-syslog-ng/html/"<br /><Directory "/usr/local/www/php-syslog-ng/html/"><br /> Options None<br /> AllowOverride None<br /> Order allow,deny<br /> Allow from all<br /></Directory><br /><br />Jika sudah selesai langsung restart webserver dan akses http://ipserver/log<br />Akan muncul menu instalasi php-syslog, pastikan fitur2 PHP dan file web sudah sesuai (tidak ada warning) klik next, centang konfirmasi, next.<br />Isikan user root dan password mysql, nama database yang akan digunakan untuk menyimpan log, dan user untuk database dan password (user dan password ini diingat2 yah, karena untuk <br />konfigurasi syslog servernya), <br />Misalkan disini <br />user mysql : syslog<br />pass mysql : 123abc<br />nama db : syslogserv<br /><br />Hilangkan centang dimenu bawah, klik next. next akan muncul :<br /><br />URL : http://ipserver/log<br />site : log/ (ingat belakang harus ada backslash)<br />email : abc@aaaa.com<br />passwd : syslogadmin<br /><br />Klik next, akan muncul user : admin passwd: syslogadmin<br /><br />Selesaaiiii.. hehe untuk web interface sama database doang hehe..<br /><br /><br /><br />Selanjutnya install via port :<br /># cd /usr/ports/sysutils/syslog-ng<br /># make install clean<br /># cd /usr/local/etc/syslog-ng/<br /># cp syslog-ng.conf.sample syslog-ng.conf<br /><code><br />options { long_hostnames(off); <br /> sync(0);<br /> use_dns(yes);<br /> use_fqdn(no); };<br /><br />#<br /># sources<br />#<br />source src { unix-dgram("/var/run/log");<br /> unix-dgram("/var/run/logpriv" perm(0600));<br /> internal(); file("/dev/klog"); };<br /><br />source netsrc { udp(ip("0.0.0.0") port(514));<br /> tcp(ip("0.0.0.0") port(514)); };<br /><br />#<br /># destinations<br />#<br />destination messages { file("/var/log/messages"); };<br />destination security { file("/var/log/security"); };<br />destination authlog { file("/var/log/auth.log"); };<br />destination maillog { file("/var/log/maillog"); };<br />destination lpd-errs { file("/var/log/lpd-errs"); };<br />destination xferlog { file("/var/log/xferlog"); };<br />destination cron { file("/var/log/cron"); };<br />destination debuglog { file("/var/log/debug.log"); };<br />destination consolelog { file("/var/log/console.log"); };<br />destination all { file("/var/log/all.log"); };<br />destination newscrit { file("/var/log/news/news.crit"); };<br />destination newserr { file("/var/log/news/news.err"); };<br />destination newsnotice { file("/var/log/news/news.notice"); };<br />destination slip { file("/var/log/slip.log"); };<br />destination ppp { file("/var/log/ppp.log"); };<br />destination console { file("/dev/console"); };<br />destination allusers { usertty("*"); };<br />#destination loghost { udp("loghost" port(514)); };<br /># CISCO Destinations...<br />destination netlog { file("/var/log/network/$HOST/$YEAR$MONTH$DAY.log" owner(root) group(wheel) perm(0644) create_dirs(yes)); };<br /><br />destination netsql<br /> {<br /> program("/usr/local/bin/mysql --user=syslog --password=123abc syslogserv < /var/log/mysql.pipe");<br /> pipe ("/var/log/mysql.pipe"<br /> template ("INSERT INTO syslogserv.logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ('$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$ISODATE', '$PROGRAM', '$MESSAGE' );\n")<br /> template_escape(yes));<br /> };<br /><br />#<br /># log facility filters<br />#<br />filter f_auth { facility(auth); };<br />filter f_authpriv { facility(authpriv); };<br />filter f_not_authpriv { not facility(authpriv); };<br />filter f_console { facility(console); };<br />filter f_cron { facility(cron); };<br />filter f_daemon { facility(daemon); };<br />filter f_ftp { facility(ftp); };<br />filter f_kern { facility(kern); };<br />filter f_lpr { facility(lpr); };<br />filter f_mail { facility(mail); };<br />filter f_news { facility(news); };<br />filter f_security { facility(security); };<br />filter f_user { facility(user); };<br />filter f_uucp { facility(uucp); };<br />filter f_local0 { facility(local0); };<br />filter f_local1 { facility(local1); };<br />filter f_local2 { facility(local2); };<br />filter f_local3 { facility(local3); };<br />filter f_local4 { facility(local4); };<br />filter f_local5 { facility(local5); };<br />filter f_local6 { facility(local6); };<br />filter f_local7 { facility(local7); };<br /><br />#<br /># log level filters<br />#<br />filter f_emerg { level(emerg); };<br />filter f_alert { level(alert..emerg); };<br />filter f_crit { level(crit..emerg); };<br />filter f_err { level(err..emerg); };<br />filter f_warning { level(warning..emerg); };<br />filter f_notice { level(notice..emerg); };<br />filter f_info { level(info..emerg); };<br />filter f_debug { level(debug..emerg); };<br />filter f_is_debug { level(debug); };<br /><br />#<br /># program filters<br />#<br />filter f_ppp { program("ppp"); };<br />filter f_slip { program("startslip"); };<br /><br />#<br /># host filters<br />#<br /><br /># CISCO Filters<br />filter f_netswitch001 {host("10.1.5.1"); };<br />filter f_netswitch002 {host("10.1.5.2"); };<br />filter f_netswitch003 {host("10.1.5.3"); };<br />filter f_netswitch004 {host("10.1.5.4"); };<br />filter f_netswitch005 {host("172.16.4.1"); };<br />filter f_netrouter001 {host("10.1.5.9"); };<br />filter f_netrouter002 {host("172.16.4.2"); };<br />filter f_netserver001 {host("server1.example.com"); };<br />filter f_netserver002 {host("server2.example.com"); };<br />#<br /># *.err;kern.warning;auth.notice;mail.crit /dev/console<br />#<br />log { source(src); filter(f_err); destination(console); };<br />log { source(src); filter(f_kern); filter(f_warning); destination(console); };<br />log { source(src); filter(f_auth); filter(f_notice); destination(console); };<br />log { source(src); filter(f_mail); filter(f_crit); destination(console); };<br /><br />#<br /># *.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages<br />#<br />log { source(src); filter(f_notice); filter(f_not_authpriv); destination(messages); };<br />log { source(src); filter(f_kern); filter(f_debug); destination(messages); };<br />log { source(src); filter(f_lpr); filter(f_info); destination(messages); };<br />log { source(src); filter(f_mail); filter(f_crit); destination(messages); };<br />log { source(src); filter(f_news); filter(f_err); destination(messages); };<br /><br />#<br /># security.* /var/log/security<br />#<br />log { source(src); filter(f_security); destination(security); };<br /><br />#<br /># auth.info;authpriv.info /var/log/auth.log<br />log { source(src); filter(f_auth); filter(f_info); destination(authlog); };<br />log { source(src); filter(f_authpriv); filter(f_info); destination(authlog); };<br /><br />#<br /># mail.info /var/log/maillog<br />#<br />log { source(src); filter(f_mail); filter(f_info); destination(maillog); };<br /><br />#<br /># lpr.info /var/log/lpd-errs<br />#<br />log { source(src); filter(f_lpr); filter(f_info); destination(lpd-errs); };<br /><br />#<br /># ftp.info /var/log/xferlog<br />#<br />log { source(src); filter(f_ftp); filter(f_info); destination(xferlog); }; <br /><br />#<br /># cron.* /var/log/cron<br />#<br />log { source(src); filter(f_cron); destination(cron); };<br /><br />#<br /># *.=debug /var/log/debug.log<br />#<br />log { source(src); filter(f_is_debug); destination(debuglog); };<br /><br />#<br /># *.emerg *<br />#<br />log { source(src); filter(f_emerg); destination(allusers); };<br /><br />#<br /># !startslip<br /># *.* /var/log/slip.log<br />#<br />log { source(src); filter(f_slip); destination(slip); };<br /><br />#<br /># !ppp<br /># *.* /var/log/ppp.log<br />#<br />log { source(src); filter(f_ppp); destination(ppp); };<br /><br />#<br /># CISCO Program Filters<br />#<br />log { source(netsrc); destination(netlog); };<br />log { source(netsrc); destination(netsql); };<br /><br /></code><br />taken from : http://www.freebsdwiki.net/index.php/Syslog-NG_Installation#Installation<br /><br /># mkfifo /var/log/mysql.pipe<br /># ee /etc/rc.conf<br />syslogd_enable="NO"<br />syslog_ng_enable="YES"<br />syslogd_program="/usr/local/sbin/syslog-ng"<br />syslogd_flags=""<br /><br />Setelah saya cek ternyata field yg digenerate oleh php-syslog ada yg kurang jadi silahkan login ke mysql server dan tambahkan sbb :<br /><br /><code><br />CREATE TABLE `logs` (<br /> `host` varchar(128) default NULL,<br /> `facility` varchar(10) default NULL,<br /> `priority` varchar(10) default NULL,<br /> `level` varchar(10) default NULL,<br /> `tag` varchar(10) default NULL,<br /> `datetime` datetime default NULL,<br /> `program` varchar(15) default NULL,<br /> `msg` text,<br /> `seq` bigint(20) unsigned NOT NULL auto_increment,<br /> `counter` int(11) NOT NULL default '1',<br /> `fo` datetime default NULL,<br /> `lo` datetime default NULL,<br /> PRIMARY KEY (`seq`),<br /> KEY `host` (`host`),<br /> KEY `program` (`program`),<br /> KEY `datetime` (`datetime`),<br /> KEY `priority` (`priority`),<br /> KEY `facility` (`facility`)<br />) ENGINE=MyISAM AUTO_INCREMENT=9 DEFAULT CHARSET=latin1;<br /></code><br /><br />Ok insya Allah sudah finish. Silahkan reboot server anda. Pastikan mysql server jalan dulu baru syslog-ng server.<br /><br />bersambungg...ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-42320948813823363532011-07-01T09:06:00.000+07:002011-07-01T09:07:39.049+07:00Merubah data directory pada mysql server FreeBSD ServerSecara default, jika kita install mysql server via port maka data-data dari database yang ada dalam mysql server akan tersimpan pada dir /var/db/mysql<br />Akan merepotkan kalau ternyata partisi /var kita terlalu kecil, sehingga data nambah sedikit aja partisi /var udah penuh.<br />Ada 2 cara untuk mensiasati hal tsb, <br />pertama ada merubah letak data directory pada file konfigurasi mysql kita my.cnf.<br />Hal ini memerlukan perubahan pada file konfigurasi my.cnf <br /># ee /var/db/mysql/my.cnf<br />[mysqld]<br />datadir=/data/mysqlbaru<br />Create directory tempat data baru disimpan<br /># mkdir /data/mysqlbaru<br />merubah owner directory tsb menjadi milik mysql<br />#chown -R mysql:mysql /data/mysqlbaru<br />kemudian start mysql<br /># /usr/local/etc/rc.d/mysql-server start<br /><br />Cara kedua adalah dengan memindah dan melakukan linking directory mysql.<br />Detailnya sbb :<br /><br />matikan server : <br /># /usr/local/etc/rc.d/mysql-server stop<br /># cd /var/db<br />pindahkan directory data mysql ke directory baru yang kapasitasnya lebih lega : <br /># mv mysql /data<br />lakukan linking directory<br /># ln -s /data/mysql /var/db/mysql<br />start server : <br /># /usr/local/etc/rc.d/mysql-server startainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com1tag:blogger.com,1999:blog-20127583.post-76354824357003522222011-06-22T14:29:00.004+07:002011-06-22T15:03:00.781+07:00Block http brute force dengan PFLumayan ada ilmu baru hasil diskusi dengan admin sebelah dan baca manual PF.<br />Rulenya sbb :<br /><br />out_if = bce0<br />table <bruteforces> persist<br />pass quick from 10.10.3.0/29<br />block quick from <bruteforces><br /><br />pass in on $int_if proto { tcp } from any to 10.10.7.4 port 80 flags S/SA keep state \<br /> (max-src-conn 2, max-src-conn-rate 5/5, overload <bruteforces> flush global)<br /><br />Penjelasan sbb :<br />max-src-conn number<br /> Limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make. <br /><br />max-src-conn-rate number / interval<br /> Limit the rate of new connections to a certain amount per time interval. <br /><br />Bagi saya yg awam sulit sekali memahami maksudnya, Hiks..<br />So dicoba aja testing dengan rule diatas saya coba sebagai berikut :<br /><br />Saya membuka http://10.10.7.4 di 5 tab firefox dan saya reload dalam waktu bersamaan.Dan halaman masih bisa dibuka. <br />Akan tetapi jika saya buka 6 halaman http://10.10.7.4 dengan browser berbeda maupun browser yg sama maka saya cek :<br /><br /># pfctl -t bruteforces -Tshow<br /> 10.10.7.1<br /><br />IP saya terjaring dalam rule tsb.<br /><br />Kemudian rule coba saya ubah <br />pass in on $int_if proto { tcp } from any to 10.10.7.4 port 80 flags S/SA keep state \<br /> (max-src-conn 1, max-src-conn-rate 5/5, overload <bruteforces> flush global)<br /><br />max-src-conn nya saya set 1 saja.<br /><br />Saya coba buka http://10.10.7.4 pada 1 tab saja di firefox dan coba buka halaman tsb di chrome.<br />Alhasil :<br /># pfctl -t bruteforces -Tshow<br /> 10.10.7.1<br /><br />Saya coba juga buka dengan IP berbeda, ternyata ip ke 2 langsung kena jaring<br /><br /># pfctl -t bruteforces -Tshow<br /> 10.10.7.10<br /><br />Saya menyimpulkan sbb :<br />max-src-conn : berapa banyak browser yg akan di launch untuk mengakses web kita ternyata.<br />Tidak membedakan IP. oh ternyata sekali buka browser dan akses itu dihitung 1 TCP connection hehe..<br />max-src-conn-rate a/b : dalam b detik berapa a tab yg akan dibuka/direfresh.<br />ada juga max-src-node : asumsi saya ini melimit berapa banyak ip yg boleh mengakses, tidak disarankan kalau web kita untuk umum.ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-16930865221409042792011-03-18T09:56:00.003+07:002011-03-18T10:50:02.046+07:00Membangun Server dari Awal dengan FreeBSD (part1)1. Optimasi Kernel<br />Setelah instalasi yg perlu di perhatikan adalah kompile kernel.<br />Buang device2 yang tidak diperlukan. eth driver, pcmcia dll.<br />1. DIsable IPv6 <br />2. DISABLE NFS<br /><br />Untuk option tambahan mgkn bisa ditambahkan pada kernel sbb : <br /><br />options IPFIREWALL<br />options IPFIREWALL_VERBOSE<br />options IPFIREWALL_FORWARD<br />options IPFIREWALL_DEFAULT_TO_ACCEPT<br />options DUMMYNET<br />options IPFILTER<br />options IPFILTER_LOG<br /><br />#### PF OPTION ####<br />device pf<br />device pflog<br />device pfsync<br /><br /><br />2. Setting SSHD<br />ee /etc/ssh/sshd.config<br /><br />Port 1234<br />Protocol 2<br />MaxAuthTries 2<br />MaxSessions 8<br />PermitRootLogin no<br />#StrictModes yes<br />#RSAAuthentication yes<br />#PubkeyAuthentication yes<br />#AuthorizedKeysFile .ssh/authorized_keys<br />PermitEmptyPasswords no<br />UseDNS no<br />Banner none<br /># override default of no subsystems<br />Subsystem sftp /usr/libexec/sftp-server<br />AllowUsers user1<br />AllowUsers user2<br /><br /><br />3. Setting TTYS<br /># If console is marked "insecure", then init will ask for the root password<br /># when going to single-user mode.<br />console none unknown off insecure<br />#<br />ttyv0 "/usr/libexec/getty Pc" cons25 on secure<br /># Virtual terminals<br />ttyv1 "/usr/libexec/getty Pc" cons25 on secure<br />ttyv2 "/usr/libexec/getty Pc" cons25 on secure<br />#ttyv3 "/usr/libexec/getty Pc" cons25 on secure<br />#ttyv4 "/usr/libexec/getty Pc" cons25 on secure<br />#ttyv5 "/usr/libexec/getty Pc" cons25 on secure<br />#ttyv6 "/usr/libexec/getty Pc" cons25 on secure<br />#ttyv7 "/usr/libexec/getty Pc" cons25 on secure<br />ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure<br /><br />Saran dari Dru Lavigne sbb :<br /><br />General Hardening Tips<br /><br />• restricting ssh access using the AllowUsers keyword in / etc/ssh/sshd_config<br />• using chflags to set the schg flag on system binaries and configuration files that<br />don't require modifications<br />• implementing a file integrity checking system such as tripwire<br />(http:/ /www.tripwire.com), aide (http:/ /www.cs.tut.fi/~rammer /aide.html)or<br />implementing your own using mtree<br />• changing /etc/motd removing the COPYRIGHT notice<br />• subscribing to the FreeBSD security advisories mailing list<br />(http:/ /lists.freebsd.org/mailman/listinfo/freebsd- security- notifications)<br />• reviewing mount(8) to see if any options are applicable to your filesystems<br />• reviewing your sysctl(8) settings; http:/ /sysctl.enderunix.org/ provides some<br />helpful descriptions<br />• reviewing your rc.conf(5) settings<br />Finally, do:<br />• read root's emails daily and have a log review action planainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com3tag:blogger.com,1999:blog-20127583.post-67130781195992282622011-03-18T09:24:00.001+07:002011-03-18T09:24:49.198+07:00General hardening tips from Dru..does this system really need IPv6 support?<br />• do I really want NFS (and its inherent security risks) on an Internet facing server?<br />• should I be loading filesystems I'll never use? (e.g. DOS, CD9660)<br />• do I need SCSI drivers on a non- SCSI system?<br />• do I need hardware RAID drivers if I'm using software RAID?<br />• do I really need to load dozens of NIC drivers if I always buy the same brand of NIC?<br />• do I need PCMCIA or wireless support on a non- laptop system?<br />• will I be using USB or Firewire?<br /><br />KERNEL<br /><br />1. DIsable IPv6 <br />2. DISABLE NFS<br /><br />There are many tools available to create a custom backup solution, ranging<br />built- in FreeBSD utilities to third- party software applications available through<br />ports collection. In a more complex scenario you may wish to investigate:<br />• bacula http://www.bacula.org<br />• rsnapshot http://www.rsnapshot.org<br />• boxbackup http://www.fluffy.co.uk/boxbackup/<br /><br /><br />General Hardening Tips<br /><br />• restricting ssh access using the AllowUsers keyword in / etc/ssh/sshd_config<br />• using chflags to set the schg flag on system binaries and configuration files that<br />don't require modifications<br />• implementing a file integrity checking system such as tripwire<br />(http:/ /www.tripwire.com), aide (http:/ /www.cs.tut.fi/~rammer /aide.html)or<br />implementing your own using mtree<br />• changing /etc/motd , adding an ssh banner, and removing the COPYRIGHT notice<br />• subscribing to the FreeBSD security advisories mailing list<br />(http:/ /lists.freebsd.org/mailman/listinfo/freebsd- security- notifications)<br />• reviewing mount(8) to see if any options are applicable to your filesystems<br />• reviewing your sysctl(8) settings; http:/ /sysctl.enderunix.org/ provides some<br />helpful descriptions<br />• reviewing your rc.conf(5) settings<br />Finally, do:<br />• read root's emails daily and have a log review action planainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-24274164791008893602011-03-03T09:27:00.000+07:002011-03-03T09:29:22.990+07:00Lusca/cacheboyLagi nyoba cacheboy tapi belum berhasil yang Tproxy karena mesinku amd. Googling nemu artikel berikut. Semoga bermanfaat<br />Diambil dari : http://hikmah-teknologi.blogspot.com/<br /><br />LUSCA TPROXY on FREEBSD-7-STABLE<br />patch kernel:<br />cd /usr/src<br />fetch http://squid-proxy-pkg.googlecode.com/files/freebsd-tproxy-sys.patch<br />path -p0 < freebsd-tproxy-sys.patch<br /><br />di kernel : /sys/i386/conf/PROXY<br />options IP_NONLOCALBIND<br />options IPDIVERT<br />options IPFIREWALL<br />options IPFIREWALL_NAT<br />options IPFIREWALL_VERBOSE<br />options IPFIREWALL_FORWARD<br />options IPFIREWALL_DEFAULT_TO_ACCEPT<br />options IP_NONLOCALBIND<br />options LIBALIAS<br /><br />#option tunning for squid<br />options VFS_AIO<br />options MAXFILES=262144<br />options MSGMNB=32768<br />options MSGMNI=82<br />options MSGSEG=4096<br />options MSGSSZ=128<br />options MSGTQL=2048<br />options SHMSEG=32<br />options SHMMNI=256<br />options SHMMAX=4194304<br />options SHMALL=16384<br />makeoptions COPTFLAGS="-O2 -pipe -funroll-loops -ffast-math"<br />makeoptions NO_MODULES=yes<br /><br />build kernel<br />cd /usr/src<br />make buildkernel KERNCONF=PROXY && make installkernel KERNCONF=PROXY<br /><br />di /etc/sysctl.conf<br />net.inet.ip.nonlocalok=1<br /><br />cp /usr/src/sys/netinet/in.h /usr/include/netinet<br /><br /><br />install squid<br />pkg_add -v http://squid-proxy-pkg.googlecode.com/files/lusca-with-tproxy-r14371_3.tbz<br /><br />di /usr/local/etc/squid/squid.conf<br /><br />http_port XXX.INTERNAL.IP.XXX:3128 transparent tproxy<br /><br /><br /># em0 -> External interface (to mikrotik)<br /># em1 -> Internal interface (to client)<br /><br />di /etc/ipfw.tproxy<br />ipfw add fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 in via em1 # default rule to transparent proxy<br />ipfw add fwd 192.168.1.1 tcp from any 80 to 192.168.1.0/24 in via em0 # catch the packets that come back using the clients IPs<br /><br />di rc.conf<br />gateway_enable="YES"<br />ifconfig_em0="192.168.0.1 255.255.255.252"<br />ifconfig_em1="192.168.1.1 255.255.255.0"<br />firewall_enable="YES"<br />firewall_script="/etc/ipfw.tproxy"<br />firewall_type="open"<br />firewall_logging="YES"<br /><br />fsck_y_enable="YES"<br />background_fsck="NO"<br /><br />squid_enable="YES"<br />#disini tidak menggunakan bind taoi dnsmasq<br /><br />dnsmasq_enable="YES"<br />dnsmasq_flags="--conf-file=/usr/local/etc/dnsmasq.conf"<br /><br />dan jangan lupa di router paling atas untuk membuat NAT dan static routes utk ip di bawah proxyainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-71436977509274168622011-03-02T09:50:00.004+07:002011-03-02T10:32:44.039+07:00TproxyBack to proxy, especially squid. Eh ada lagi yang namanya cacheboy.<br />Cacheboy adalah optimasi dari squid stable 2. Menurut pemahaman saya sih cacheboy itu versi moddingnya squid 2 begitulah gampangnya. Nah waktu mencoba instalasi via port ada banyak option yang bisa di enable/disable. Nah berhubung sudah lama gak ngutik squid jadi perlu cari2 lagi fungsi2 option tsb. Antara lain :<br /><br />1. Delay pool : Fitur ini digunakan untuk limitasi bandwidth<br />2. AUFS dan COSS : Ini adalah tipe file penyimpanan cache dari squid<br />3. PF dan IPF transparent : Ini untuk mengaktifkan support PF firewall atau IPF firewall untuk transparent proxy<br />4. Enable Tproxy : untuk mengaktifkan Tproxy.<br /><br />Penjelasan Tproxy dari internet sbb :<br /><br />Transparent Proxy (TProxy)<br /><br />Tproxy is truly transparent proxy. A transparent proxy or more precisely an interception proxy is the one that becomes transparent to the clients by transparently intercepting the http requests and serving the response, which means the client need not be explicitly configured to use the proxy but they are transparently sent to the proxy without the client's knowledge. Since the interception proxy forwards the request on behalf of the client, the web server see's the source of the request come from the proxy and hence it is not transparent to the web server.<br /><br />The tproxy feature comes into solving this issue and makes itself transparent to both for the client and the web server. However, the interception and/or tproxy feature requires kernel support and packet redirection feature of the operating system.<br /><br /><br />Note: To make still more truly transparent, the proxy should be configured not to add any extra headers while forwarding the request and serving the response.<br /><br />Nha kira2 terjemahannya spt ini.<br /><br />Tproxy adalah transparent proxy yg sebenar2nya. Transparent proxy atau proxy penangkap adalah proxy yang bekerja dengan menangkap paket http/browsing dari client secara transparan. Dengan kata lain, di sisi client tidak memerlukan adanya konfigurasi pengaktifkan proxy karena secara otomatis dan mau tidak mau akan lewat proxy.<br /><br />Karena proxy tsb menangkap paket dan melakukan koneksi ke webserver tujuan maka yg dikenali oleh webserver tujuan adalah IP dari proxy bukan dari client.<br /><br />Fitur dari Tproxy inilah kuncinya, sehingga webserver tujuan mengenali langsung ip client (tentu saja ip public). Fitur ini memerlukan pengaktifan pada kernel dari OS yang dipakai.ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com1tag:blogger.com,1999:blog-20127583.post-23722087746647721522011-03-01T13:55:00.005+07:002011-03-01T13:59:24.848+07:00Install NTP Server di FreeBSDCaranya mudah. Install saja ntp via port<br />Kemudian <br /># ee /etc/ntp.conf<br />server 3.id.pool.ntp.org<br />server 0.asia.pool.ntp.org<br />server 2.asia.pool.ntp.or<br /><br />driftfile /var/db/ntp.drift<br /><br />Save file /etc/ntp.conf dengan konfigurasi di atas.<br />Kemudian start service dengan perintah<br /><br /> /etc/rc.d/ntpd start<br /><br />Kemudian jalankan perintah<br />ntpdate -d localhost<br /><br />Jika ada pesan no server bla2. Maka coba tunggu kisaran 10 s/d 15 menit. Dan coba ulangi lagi sampai terjadi sinkronisasi sbb<br /><br />1 Mar 14:01:36 ntpdate[19223]: step time server localhost offset -225.715219 sec<br /><br />Jangan lupa untuk membuka port 123 udp.ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-76433684733621718512010-11-05T18:19:00.002+07:002010-11-05T18:23:39.824+07:00Angin dudukDapat info penting dari mas chakim yg istrinya kena angin duduk. berikut ini hal2 yang perlu diketahui.<br />Penyebab :<br />(1) Sering begadang/pengaruh angin malam<br />(2) Hobi nahan kentut/boel<br />(3) Lingkungan/cuaca dingin yang ekstrim dan terus menerus<br />(4) Telat makan<br />(5) Masuk angin biasa yang dibiarkan<br /><br />ciri2nya<br />(1) rasanya seperti ada yg ngganjel di antara perut+dada <br />(2) ingin sendawa/kentut tapi susah sekali dan meskipun bisa hampir tidak mengurangi rasa sakit no.1 <br />(3) dibawa duduk/...bungkuk/jalan/bahkan berbaring pun sulit <br />(4) badan rasanya dingin (bhs jawa: anyep)<br />Beda sama masuk angin biasa : angin duduk tidak bisa hilang meski sudah dikerokin/minum obat masuk angin/dioles minyak angin yang panas sekalipun<br /><br />Cara mengatasi :<br />Sebelumnya olesin perut + dada + pinggang + punggung dengan minyak cap kap*k, bila perlu kerokan, trus masak air, air hangat hasil masak tsb dimasukkan dalam 2 buah botol (botol kaca lebih bagus), botol pertama letakkan di ulu hati atau bagian perut depan tempat angin duduk ga mau keluar, botol kedua diletakkan pada kedua telapak kaki, posisi badan rebah menghadap ke atas, bila perlu pakai jaket + celana training + kaos kaki + selimut tebal, tunggu sampai keringat dingin keluar dan bisa kentut, jika setelah setengah jam tidak kunjung reda, ganti air dalam botol yang udah kurang dingin dengan air hangat baru, dan tempel lagi di tempat spt diatas, semoga bermanfaat, mengingat resiko angin duduk ini adalah meninggal dunia jika terlambat mengatasi (based on a true story)ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com1tag:blogger.com,1999:blog-20127583.post-2126623959022904222010-10-27T10:32:00.002+07:002010-10-27T10:37:25.382+07:00postfix, sendmail dan phpBarusan lagi update script untuk checking quota di mysql.<br />Scriptnya ini menggunakan PHP. Jika ada database yang melebihi quota yang disediakan maka akan di lock dan dikirim email pemberitahuan. <br />Nah ternyata waktu check quota ada notifikasi error <br />locking database /usr/sbin/sendmail not found.<br /><br />Sepertinya error tersebut terjadi karena saya baru migrasi dari sendmail ke postfix.<br />Ternyata solusinya mudah. Pertama cari dulu binary sendmail<br /><br /># whereis sendmail<br />sendmail: /usr/local/sbin/sendmail<br /><br />Kemudian edit php.ini pada bagian berikut :<br /><br />sendmail_path = /usr/local/sbin/sendmail -t -i -f noreply@domain.com<br /><br />restart webserver dan silhakan test kembali..ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com0tag:blogger.com,1999:blog-20127583.post-23222875130023221922010-07-16T11:45:00.003+07:002010-07-16T11:51:11.727+07:00install eaccelerator di freebsdcd /usr/ports/www/eaccelerator<br /><br />You have installed the eaccelerator package.<br />Edit /usr/local/etc/php.ini and add:<br />zend_extension="/usr/local/lib/php/20060613/eaccelerator.so"<br />Then create the cache directory:<br />mkdir /tmp/eaccelerator<br />chown www /tmp/eaccelerator<br />chmod 0700 /tmp/eaccelerator<br /><br />u can try to config :<br />zend_extension="/usr/local/lib/php/20060613/eaccelerator.so"<br />eaccelerator.shm_size="16"<br />eaccelerator.cache_dir="/tmp/eaccelerator"<br />eaccelerator.enable="1"<br />eaccelerator.optimizer="1"<br />eaccelerator.check_mtime="1"<br />eaccelerator.debug="0"<br />eaccelerator.filter=""<br />eaccelerator.shm_max="0"<br />eaccelerator.shm_ttl="0"<br />eaccelerator.shm_prune_period="0"<br />eaccelerator.shm_only="0"<br />eaccelerator.compress="1"<br />eaccelerator.compress_level="9"<br /><br /><span style="font-weight: bold;">eaccelerator.shm_size</span><br />This setting will allow you to control the amount of shared memory eAccelerator should allocate to cache PHP scripts. The number sets the amount of memory in megabytes. Setting this value to 0 will use the default size.<br /><br /><h2 id="eaccelerator.shm_size">eaccelerator.shm_size<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.shm_size"><br /></a></h2> <p>This setting will allow you to control the amount of shared memory eAccelerator should allocate to cache PHP scripts. The number sets the amount of memory in megabytes. Setting this value to 0 will use the default size.</p> <pre class="wiki">eaccelerator.shm_size = "0"</pre> <p>On Linux the maximum amount of memory a process can allocate is limited by the number set in /proc/sys/kernel/shmmax. Allocating more than this value will result in eAccelerator failing to initialise. The size in this file is given in bytes. You can raise this amount with:</p> <pre class="wiki">echo value > /proc/sys/kernel/shmmax</pre> <p>Where <em>value</em> is the size in bytes you want to use. This value is reset to the default value evertime you reboot, but you can raise it permanently by adding the amount you need in /etc/sysctl.conf. This is done by adding:</p> <pre class="wiki">kernel.shmmax = value</pre> <h2 id="eaccelerator.cache_dir">eaccelerator.cache_dir<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.cache_dir"><br /></a></h2> <p>This directory is used for the disk cache. eAccelerator stores precompiled code, session data, content and user entries here. The same data can be stored in shared memory (for quicker access). The default value is “/tmp/eaccelerator”.</p> <pre class="wiki">eaccelerator.cache_dir = "/tmp/eaccelerator"</pre> <p>This is easy because that directory is easily writable to everyone, and mounted with noexec. However, it isn’t the best because on a lot of systems this directory is cleared on reboot. A better place is <em>/var/cache/eaccelerator</em>. Create the directory and make sure it’s writable to the process eAccelerator runs under.</p> <p>A safe bet is making it world writeable, a safer and cleaner way is making the user php runs under (most of the time the same user as apache or lighttpd) the owner and set 0644 permissions.</p> <p>The lazy way:</p> <pre class="wiki">mkdir /tmp/eaccelerator<br />chmod 0777 /tmp/eaccelerator</pre> <h2 id="eaccelerator.enable">eaccelerator.enable<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.enable"><br /></a></h2> <p>With this setting you can enable or disable eAccelerator. This may seem like a pretty stupid setting, but it can be very useful. For example this setting can also be used in the vhost section of the Apache configuration. It allows you to disable eAccelerator for a certian vhost by placing <em>php_admin_value eaccelerator.enable 0</em> in the vhost section.</p> <p>Setting this value to “1″ enables eAccelerator, which is also the default value. Setting it to “0″ will disable eAccelerator.</p> <pre class="wiki">eaccelerator.enable = "1"</pre> <h2 id="eaccelerator.optimizer">eaccelerator.optimizer<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.optimizer"><br /></a></h2> <p>Enables or disables the optimizer which may speed up code execution. Setting it “1″ will enable eAccelerator, “0″ disables it. By default the optimizer is enabled. The optimizer will only run when the script is compiled before it’s cached.</p> <pre class="wiki">eaccelerator.optimizer = "1"</pre> <h2 id="eaccelerator.debug">eaccelerator.debug<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.debug"><br /></a></h2> <p>Enables or disables debug logging. Setting this to 1 will print information to the log file about the cache hits of a file. This is only useful when debugging eAccelerator for bug reports.</p> <pre class="wiki">eaccelerator.debug = 0</pre> <h2 id="eaccelerator.log_file">eaccelerator.log_file<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.log_file"><br /></a></h2> <p>Set the log file for eaccelerator. When this option isn’t set then the data will be logged to stderr, when using PHP with Apache these lines will be added to the Apache error log.</p> <pre class="wiki">eaccelerator.log_file = "/var/log/httpd/eaccelerator_log"</pre> <h2 id="eaccelerator.name_space">eaccelerator.name_space<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.name_space"><br /></a></h2> <p>When using the user cache api for storing data in shared memory, all keys are prepended by the hostname used for the current request. This hostname equals the <a class="missing wiki" rel="nofollow" href="http://techgurulive.com/wiki/ServerName">ServerName?</a> set in the vhost section of apache. This is done to avoid duplicate keys between vhosts. Sometimes this behaviour is desired to share data between vhosts. When setting this option this namespace is used to prepend to each key. By default this is set to “” which instructs eAccelerator to use the hostname as namespace.</p> <p>When setting this in the main PHP configuration file this namespace will be used by all vhosts. This value can also be set in the vhost section or even in a .htaccess file to allow sharing of data between only two vhosts.</p> <pre class="wiki">eaccelerator.name_space = ""</pre> <h2 id="eaccelerator.check_mtime">eaccelerator.check_mtime<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.check_mtime"><br /></a></h2> <p>On every hit eAccelerator will check the modification time of a script to see if it changed and needs to be recompiled. Although this is a lot faster then opening the file and compiling it, this still adds some overhead because a <em>stat</em> call needs to be done every time. This setting allows you to disable this check. The downside of disabling this check is that you need to manually clean the eAccelerator cache when you update a file.</p> <p>By default this check is enabled.</p> <pre class="wiki">eaccelerator.check_mtime = "1"</pre> <h2 id="eaccelerator.filter">eaccelerator.filter<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.filter"><br /></a></h2> <p>Determine which PHP files can be cached. You can specify the pattern (for example “*.php *.phtml”) the PHP script filename needs to match. If a pattern starts with “!”, the files that match that pattern are excluded from the cache. Default value is “” which will cache all scripts PHP compiles.</p> <p>Please note that eaccelerator.filter doesn’t work on a URL basis but rather on the absolute filesystem path, so a filter of !/home* would exclude all scripts in /home from being cached.</p> <p>Multiple patterns need to be seperated by spaces or tabs, but not commas.</p> <pre class="wiki">eaccelerator.filter = ""</pre> <h2 id="eaccelerator.shm_max">eaccelerator.shm_max<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.shm_max"><br /></a></h2> <p>By default there is no limit on the maximum size a user can put in shared memory with functions like <em>eaccelerator_put</em>, the maximum size is controlled by this setting. This value is the maximum size that can be put in the cache, the size is given in bytes (10240, 10K, 1M). The default value is “0″ which disables the limit.</p> <p><strong>This setting doesn’t affect the maximum size for a script”’ </strong></p> <pre class="wiki">eaccelerator.shm_max = "0"</pre> <h2 id="eaccelerator.shm_ttl">eaccelerator.shm_ttl<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.shm_ttl"><br /></a></h2> <p>When eAccelerator doesn’t have enough free shared memory to cache a new script it will remove all scripts from shared memory cache that haven’t been accessed in at least <em>shm_ttl</em> seconds. By default this value is set to “0″ which means that eAccelerator won’t try to remove any old scripts from shared memory.</p> <pre class="wiki">eaccelerator.shm_ttl = "0"</pre> <h2 id="eaccelerator.shm_prune_period">eaccelerator.shm_prune_period<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.shm_prune_period"><br /></a></h2> <p>When eAccelerator doesn’t have enough free shared memory to cache a script it tries to remove old scripts if the previous try was made more then “shm_prune_period” seconds ago. Default value is “0″ which means that eAccelerator won’t try to remove any old script from shared memory.</p> <pre class="wiki">eaccelerator.shm_prune_period = "0"</pre> <h2 id="eaccelerator.shm_only">eaccelerator.shm_only<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.shm_only"><br /></a></h2> <p>Enable or disable caching of compiled scripts on disk. This has no effect on session data and content caching. Default value is “0″ which allows eAccelerator to use disk and shared memory cacche for scripts.</p> <pre class="wiki">eaccelerator.shm_only = "0"</pre> <h2 id="eaccelerator.compress">eaccelerator.compress<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.compress"><br /></a></h2> <p>When using the eaccelerator_content_* api eAccelerator can compress the content before saving it to memory. By default this is set to “1″, to disable compression set it to “0″.</p> <pre class="wiki">eaccelerator.compress = "1"</pre> <h2 id="eaccelerator.compress_level">eaccelerator.compress_level<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.compress_level"><br /></a></h2> <p>Compression level used for content caching. Default value is “9″ which is the maximum compression level.</p> <pre class="wiki">eaccelerator.compress_level = "9"</pre> <h2 id="eaccelerator.keyssessioncontent">eaccelerator.keys | session | content<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#eaccelerator.keyssessioncontent"><br /></a></h2> <p>These settings control the places eAccelerator may cache user content. Possible values are:</p> <ul><li><strong>shm_and_disk</strong> cache data in shared memory and on disk (default value)</li><li><strong>shm</strong> cache data in shared memory or on disk if shared memory is full or data size greater then “eaccelerator.shm_max”</li><li><strong>shm_only</strong> cache data in shared memory</li><li><strong>disk_only</strong> cache data on disk</li><li><strong>none</strong> don’t cache data</li></ul> <pre class="wiki">eaccelerator.keys = "shm_and_disk"<br />eaccelerator.sessions = "shm_and_disk"<br />eaccelerator.content = "shm_and_disk"</pre> <h2 id="Thewebinterface">The webinterface<a class="anchor" title="Link to this section" href="http://techgurulive.com/wiki/Settings#Thewebinterface"><br /></a></h2> <p>eAccelerator can be managed through a webinterface. From version 0.9.5 this webinterface has been fully implemented in php so the settings have been changed.</p><p><br /></p><p>taken from : http://techgurulive.com/2009/02/02/how-to-install-and-configure-the-eaccelerator-php-cache-on-apache/</p><p>Belum sempat nerjemahin.. ntar aja soale lagi seru coba2<br /></p><p><br /></p><p></p>ainoerhttp://www.blogger.com/profile/01330647731817385931noreply@blogger.com108