How do I buy a bitcoin is perhaps one of the most common questions I get. So here is a quick guide of how I did it.

I thought buying a was difficult at first but with a bit of research, it turned out pretty simple.

Here are several different approaches that I took to buy bitcoins.

Option 1: Coinbase (Can do it all online, just provide your bank info) I registered at coinbase.com because they looked so legit. I gave them info and within an hour, I was to buy a bitcoin. They did have a $1k bitcoin transaction limit and I wanted to put in more so I had to look for an alternative. Depositing the money was painless and buying was also painless. However, from the moment I purchased, it took me 5 full days for my bitcoin to get into my account. Which is an incredibly long time in a bitcoin world.

Option 2: Bitfloor (Need to hit the bank or Moneygrams, but I prefer this) After much research, I chose bitfloor.com. I signed up and they told me all I needed to do now was perform a deposit (LocalTill) or send a wire transfer to the info they provided. This process seemed daunting at first but it was as easy as depositing my own money. I used the LocalTill option which charges about 3% of the transaction fee and within minutes, I got a notification that my money have been added and ready to use. Then I went to their Trade, and put in how much I wanted to buy and within minutes, I had my bitcoins!

Option 3: Dwolla + (I haven’t tried it yet, I’m still in the waiting queue, I’ll update this post once I try it out)

[Disclaimer: This is not an April Fools day joke]

Using Mac’s meta as option is NOT an option!

After getting accustomed to the Mac, I fell in love with it but one thing have constantly been nagging me. It is the unbelivably horrific placement of the “meta/option” key. What this means is that, to go forward/back word, you have to reach your thumb all the way halfway across your hand to where your pinky is. Do that enough, I am pretty sure you’ll have early retirement of your hands.

Anyhow I decided to finally do something about this once and for all. I can’t tell you how many sleepless nights I have thinking about how to combat this option. I have even ventured into re-mapping my emacs by changing all the commands using meta with control-something. For instance, page up would be re-mapped to C-u. But this is unreasonable as years of my muscle memory still have a hard time getting adjusted and I didn’t want to make up my own mapping settings for the long haul anyway.

The first time I used the Mac, I did a google marathon of how to accomplish this but everything had it’s negative drawbacks. At the time, I didn’t know enough of all the Mac’s keyboard shortcuts so I hesitated swapping my meta with Command completely.

The fix!

Just follow these and you should be good!

1
2
3
4
5
6

mkdir ~/tmp && cd /tmp
git clone https://github.com/jaequery/cmd-key-happy .
make
sudo make install
make install-rcfile
make install-plist

What this does is it sets up and installs this to your launchctl so that it runs on boot. Now all your meta bindings should be using “cmd” key, except Mac’s global ones, such as “cmd-space”, “cmd-tab”, etc …

You can customize them to which you want excluded globall and what not by:

1. editing this file: ~/.cmd-key-happy.lua
2. and issuing make install-plist to reload

Now that is all there is to it, I hope this especially helps out greatly for those switching from PCs to Macs.

Note) When on terminal, you’ll notice that paste does not work. That is because I excluded M-v into terminal section, so I can use it for page up. But paste can still be triggerd using option-v and it shouldn’t cause much issue as “on terminal” you don’t necessarily need to paste all that much.

In the pursuit of achieving the perfect web development environment on Mac, I’d need two things.

1. LAMP environment
2. Ruby/Rails environment

For LAMP, I’ve settled on MAMP Pro. Although it costs a bit of money, this is by far the best way to manage your sites locally. For one, it’s got a great GUI to manage your vhosts. Editing by hand can get tedious and this takes care of it. It even adds /etc/hosts entries for you to handle local name resolutions.

For Ruby, Pow has been an unbelievably efficient way of running and managing multiple ruby apps for me. All you have to do is just drop a folder in your ~/.pow and you are set as it also handles local name resolutions for you on the fly.

But getting both of them to work at the same time posed a problem but a quick SO search revealed a very cool trick:

Setting up Pow and MAMP to work simultaneiously

The story

For most of my life, I had a deep resentment toward Macs. I always never liked their concept of trying to do something different. Back in the days, my feelings all started with their philosophy of one-button mouse. I appreciate they want to keep it simple but as a computer, it just didn’t make sense to me. I grew up with things that had a lot of buttons, my favorite video games all had atleast 6 buttons to press. Heck, if they had 3 buttons when PCs had 2, I’d have given them a second look. But no, Macs were consistently pushing one-button, even to this date.

Anyhow, I’ve grown accustomed to PCs very much. I know almost all the keyboard shortcuts Windows has to offer, allowing me to do virtually anything instantly and seamlessly at ease. Simply put, I was quite happy and comfortable with it so switching to anything else would throw me off guard and would not be my ideal situation.

Tried Macs (several times)

But because I also enjoy trying out new and shiny things, time and time I’d buy a Mac, try it out, and find myself totally weirded out by it. Sometimes, I tried so hard to like it, but I just was not quite as productive on a Mac than on a PC. If it wasn’t a gift from my wife, I would’ve returned it for a full refund. Anyway, it was just collecting dust. I just had too much work to do and I absolutely require productivity.

My PC broke hardcore

Then one day, my awesome PC just died. It was a Lenovo Thinkpad and it was just the perfect fit for me, small, compact, and dock-station ready. I’d take it wherever I go, work, home, friends, it was one thing I’d never leave my house without. Had some great memories with it and some bad. I was just overly distraught, like losing a kitten or something.

Powering on the dusty old Mac

Since I had no other choice, I powered up my Macbook Air for me to continue working. The utter feeling of being slow and un-productive was catching up to me really fast. At this point, I already knew a most of the common keyboard shortcut commands, such as spotlight, alt-tab, cmd+shift+[ and ], and so on. But it just wasn’t the same. It sucked.

As I was on a strict deadline at work, I decided I’ll just have to use Mac for now and deal with PC later. I knew I had to get up to speed fast as I absolutely must be productive. Now at this time, I decided to try to understand what made me less productive on a Mac compared to PC.

So here are what I just didn’t like about Macs:

1. No easy way to maximize window and full screen mode weirded me out. On Windows, I’d just double click on the window title. But on Macs, I had to carefully hit the green plus button.
2. Sometimes, my window would get minimized and when I cmd+tab back into it, I don’t see anything. I read article that I had to also hold options and release before I get to it, which was probably the dumbest thing I have ever heard.
3. There was no Start+e equivalent to open explorer/finder. On Windows, I’d just start+e and just start typing to get to any folders/files on my PC. On Mac, closest I’ve come across was to just locate finder from cmd+tab, or launch finder via an app called Alfred.
4. No Zend Studio 5.5. This was almost a deal breaker right on the spot.
5. Mac keyboards aren’t too friendly for emacs user. Hitting that option button for meta is quite an excercise in itself.

Since I just could not live without these, I looked hard online to see if there was anything remotely even close to how it was on PCs. And I can now safely say, I did, and boy am I glad I took that extra time to do so, as it has paid off in dividends.

1. To perform maximize window, I had to go to System Preferences -> Keyboard -> Keyboard Shortcuts -> Add, and put in “Zoom”, and shortcut as “cmd+shift+m”. Now this will trigger the green maximize button an any active window I’m on which is incredibly useful for me as I hate any apps/windows that floats around in a “limbo” state.

2. Now I knew there was no other way, I looked hard and there just was no supported option for having cmd+tab to work the way it did on PCs. Then fortunately I stumbled across a forum which discussed exactly same problem I was having and one person mentioned that I should install an app called: Witch. It wasn’t free, I had just installed their trial and I was reasonably satisfied with it, as now when I switch back to any app, it’d even restore it from minimized state. Only issue I have is that it’s not as responsive as native cmd+tab, there is a slight delay.

3. I searched hard and found another gold mine, cmd+option+space. It opened finder just as I used to open Explorer. One caveat, sometimes it would open it without any side panels (main folders on the left), but quickly found out that you can hit cmd+option+t to toggle the sidepanel.

4. Now this was tough, I been using ZS 5.5 for roughly close to 8+ years. It was my bread and butter when it comes to development. I had a lot of shortcut/macros to do whatever I needed and all of that was now taken away from me. But since I had no choice, I went on an IDE download spree, testing just about all the IDE’s out there available for mac, including: Coda, Textmate, Sublime, Eclipse, etc … And after a good couple hair pulling days, I managed to find something I liked, and that happened to be Aptana Studios. In fact, I found this to surpass even Zend Studio in many ways. The auto code formatting via cmd+shift+f to be awesome. And on top of it all, it was the only IDE that provided the closest to emacs as one can possibly get. My only gripe is, ctrl+s works for search but ctrl+r (reverse search) doesn’t. Quite baffling to me and I hope I can find out how to get around to doing it.

5. In the beginning, I was mostly upset about how it is now too difficult for me to hit the meta key. It’s almost as if I have to stretch my left thumb all the way out to where my pinky is. If you are an emacs user, you probably understand just how important it is to hit that meta key repeatedly :) But miraculously, I learned to get accustomed to it. I guess human mind really allow you to get accustomed to anything if no other given choices exists.

I love Macs now

After taking some several weeks of changing my habits and learning some new tricks, I am now quite fond of Macs. I never really thought I will be saying this but Macs are indeed superior to PCs in just about every way. For those that wants to know why:

1. Mac’s apps are just so much better and nicer. For one, Textual was a huge improvement over mIRC, mainly in the aesthetics department. Querious (db gui) is simple and elegant and suits my needs just fine. And even Mac’s native apps, such as: iCal, iPhotos, and Mail just trumps anything PCs have to offer. It’s almost no contest who wins here.

2. Bash being integrated to the OS is a life changer. As I’m big on linux, this itself was a huge improvement over PCs. I can now finally sleep happy and not worry about the days of putty’ing.

3. TimeMachine is too good. Backups couldn’t get any simpler, point-in-time restore of any files back in time is just lovely.

4. I now fully appreciate the entire Mac keyboard shortcut eco-system. Easy to customize and not buggy like on Windows.

5. Not having to rely on Virtualbox/Vmware to launch local servers. I find brew surprisingly refreshing to use and setting up a LAMP, or RoR, or even django is extremely easy to setup on Mac.

One big caveat about Macbook Air

If you are like me, you enjoy taking your laptop everywhere you go. And when you get to an office, you’d like to hook it up to dual-screen monitors. Surely I thought this would be a walk in the park, as with any other PC’s. But no, it turned out to be quite an ordeal. Basically the problem is, in order to extend your monitor, you need to hook them from your mini displayport to the monitor. But Macbook airs only have a single mini-displayport and from my research, there aren’t any mini-dp hubs as you’d have with usbs (i know some exists but they sell for $300+).

It turns out, there is an alternative, which is what they call a DisplayLink USB to DVI adapter.

You need to buy a few things:

• Mini-dp to DVI (or vga)
• USB to DVI (or vga)

I bought them from Amazon:

• J-Tech Digital High Quality Mini DisplayPort to DVI Adapter female Cable for $12.99
• Plugable UGA-2K-A USB 2.0 to VGA/DVI/HDMI Adapter for $59.95

I was quite shocked at the price of that USB adapter but then again, it’s worth buying for that extra monitor. I’d have to warn though that there is a slight lag on the monitor this hooks up with as USB is not as fast as mini-displayport. But for just normal activity including browsing/email/coding, I haven’t been too bothered by it.

App recommendations

Here are few that I have and can’t live without:

• fantastical, a calendar app, gives you a nice quick hotkey to add tasks/events
• Tunnelblick, OpenVPN client
• getcloudapp, uploads copy buffers to the web and returns you a shortened link, useful for screen captures
• omnigraffle, sweet flowchart/diagram creator
• gitx, nice little git gui client which can even be invoked from command line on working directory
• textual, a near perfect irc client
• querious, nice little sql gui client
• aptana studio, imo the best IDE in the market
• aperture, great photo viewer

If you know of any other apps that I should try, feel free to let me know at @jaequery. I’m all ears.

I haven’t tried it out yet but it looks like Rails uses a gem called “kaminari” for dealing with pagination. Here is a nice video tutorial on usage at Railscast

Basically it involves doing:

• Bash

bundle rails g kaminari:views default

• update Gemfile to include the kaminari gem

gem 'kaminari'

• update controller (products_controller.rb)

@products = Product.order("name").page(params[:page]).per(5)

• update locales (config/locales/en.yml)

1
2
3
4
5
6
7

en:
  hello: "Hello world"
  views:
    pagination:
      previous: "< Previous"
      next: "Next >"
      truncate: "..."

• print pagination from view (products/index.html.erb)

<%= paginate @products %>

Here is a simple quick rule to get you secure for most running websites. But it is extremely strict as it only allows HTTP (port 80) from the internet.

Save this into a file (e.g; ~/iptables.hardened)

*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state INVALID -j DROP
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -s x.x.x.x/32 --dport 22 -j ACCEPT
-A INPUT -p tcp -s x.x.x.x/32 --dport 3306 -j ACCEPT
-A INPUT -p tcp --dport 0:1024 -m state --state NEW -m limit --limit 5/s -j LOG
-A INPUT -j DROP
COMMIT

Then test it by:

 iptables-restore < ~/iptables.hardened

Note) If you are paranoid and don’t want to risk yourself from locking out of the machine, just make sure to add a cronjob to stop iptables every minute. Something like: */5 * * * * /etc/init.d/iptables stop

Once you are satisfied, save it to your /etc/sysconfig/iptables to make it permanent.

Emacs out of the box doesn’t have a great php/html/js editor. So here are what you need to get it good.

• First, let’s create the elisp folder that stores all your elisps:

mkdir ~/elisp && cd ~/elsip

• Now download “php-mode”

wget http://php-mode.svn.sourceforge.net/svnroot/php-mode/tags/php-mode-1.5.0/php-mode.el

• Now download “multi-web-mode” for html/js/css

wget https://raw.github.com/fgallina/multi-web-mode/master/multi-web-mode.el

• Now add/update this line to your ~/.emacs file

1
2
3
4
5
6
7
8
9

(add-to-list ‘load-path “~/elisp”)
(require ‘php-mode)
(require ‘multi-web-mode)
(setq mweb-default-major-mode ‘html-mode)
(setq mweb-tags ‘((php-mode “<\?php\|<\? \|<\?=” “\?>”)
(js-mode “”)
(css-mode “”)))
(setq mweb-filename-extensions ‘(“php” “htm” “html” “ctp” “phtml” “php4” “php5”))
(multi-web-global-mode 1)

Day 2 of Ruby

It’s strange and I am confused by all these weird syntaxes.

Coming from PHP, I assumed at first glance:

   @name (ruby) is $name (php)

But no, because in ruby, you have several different ways of assigning a variable.

There are:

• @name (instance var)
• @@name (class var)
• name (method var)

Not to mention, “symbols” which really threw me off guard.

Anyhow, here is what I found out.

1. @name (instance var) Instance vars are similar to $this->name in php. So @name = $this->name.

2. @@name (class var) Now this one is a bit tricky. Class vars probably won’t ring a bell to PHP developer as in PHP, class vars are like instance vars. However in Ruby, @@name is similar to static vars. The reason why it’s that is because if you have 3-4+ instances of a class, @@name is shared by all of them. Somewhat of a singleton variable.

3. name (method var) This is pretty straight forward. It’s a var that only lives inside a method. Good for throwaway/temporary variables, such as res, total, etc …

4. :name (symbols) Before learning ruby, I thought this was ruby’s way of PHP’s $ sign. Every ruby code I see online had some :symbols and I thought ruby would be a walk in the park as long as I think to myself that is PHP’s equivalent of assigning variables. But no, it’s probably what threw me off the most.

You see, :symbols aren’t something you can assign to. It’s not a variable, it’s a reference. Or, atleast that’s what other ruby devs told me on freenode. I still didn’t undersetand, so is this like a pointer reference I asked? And they said no. After about an hour of chatting back and forth, I came to conclusion from bits and pieces of evidence that :symbols are only used inside hashes as keys.

So in php land:

$users = array(
    "name" => "john",
    "name" => "mark",
)

foreach($users AS $user){
    echo $user['name'];
}

But in ruby land, it’s:

users = {
    :name => "john",
    :name => "mark",
}

users.each do |user|
    puts user.name
end

In one unlikely evening, I was bored and just felt like doing something new, I did something I probably never thought I’d do. Jump into RoR. I say unlikely because those that knows me, knows how much of a PHP advocate I am. Afterall, I didn’t spend 10+ years on it for nothing. I’m also not the type to stop on something until I’ve mastered it. I suddenly now have quite a challenge on my hands.

Emacs navigation key commands are one of those things every developer should take time to learn. Because once you get to know them, you’ll be using them throughout your dev lifecycle, including in terminals, editing, and pretty much everywhere if you are using a linux/*nix like macs.

http://www.masteringemacs.org/articles/2011/01/14/effective-editing-movement/

For vi/vim users, it may even be a new opportunity for you to take a moment to step outside and experience all the powers and wonders emacs can provide for you. :) Just try.

Citrix decided to disable auto-start VM’s for their free edition startin v6, as I found this out the hard way.

i guess it’s their strategy of getting you to buy their paid license, which gives you the auto-start from the GUI.

but for the rest of us, here is a quick simple way to do this, you need to manually start the VM’s upon bootup of the host.

here’s how:

from the host, edit /etc/rc.local, and at the end of the line, add these two:

sleep 20
/opt/xensource/bin/xe vm-start uuid=fbd0fdec-9f69-e47f-072a-02ff854fd890

where uuid is that of your VM. you can find the uuid from xencenter on VM’s general tab.

do this for each VMs you want auto started

#!/bin/bash
#####################################################################

# 1) Clear old Rules
iptables -F                                                 # Delete all existing rules

# 2) Default Drop
iptables -P INPUT DROP                                            # Set default chain policies to DROP
iptables -P FORWARD DROP                                        # Set default chain policies to DROP
iptables -P OUTPUT DROP                                            # Set default chain policies to DROP

# 3) Loopback                                                     
iptables -A INPUT -i lo -j ACCEPT                                    # Allow loopback access from INPUT
iptables -A OUTPUT -o lo -j ACCEPT                                    # Allow loopback access from Output

# 4) BLACKLIST IP's
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address
# iptables -A INPUT -s "BLOCK_THIS_IP" -j DROP                                # Block a specific ip-address

# 5) WHITELIST IP's
iptables -A INPUT -s 127.0.0.1/32 -j ACCEPT                                # Allow Anything from localhost     
iptables -A INPUT -s "ALLOW_THIS_IP"/32 -j ACCEPT                                # Allow Anything from KeyServer


# 6) ALLOWED SERVICES
iptables -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT            # PORT 25   SMTP   - Allow connections to outbound
iptables -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT                            # PORT 54   DNS    - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 80   httpd  - Allow connections from anywhere
iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT        # PORT 80   httpd  - Rate Limit from outside
iptables -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 443  SSL    - Allow connections from anywhere
iptables -A INPUT -p tcp -m tcp --dport 2082 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2082 cPanel - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2083 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2083 cPanel - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2086 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2086 WHM    - Allow connections to outbound 
iptables -A INPUT -p tcp -m tcp --dport 2087 -m state --state NEW,ESTABLISHED -j ACCEPT            # PORT 2087 WHM    - Allow connections to outbound 

# 7) PING
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP                # Drop Ping from address-mask-request
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP                    # Drop Ping from timestamp-request
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT                     # Rate Limit Ping from outside 

# 8) Validate packets
iptables -A INPUT   -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A FORWARD -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A OUTPUT  -m state --state INVALID -j DROP                            # Drop invalid packets 
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,FIN SYN,FIN -j DROP                    # Drop TCP - SYN,FIN packets 
iptables -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -j DROP                    # Drop TCP - SYN,RST packets 

# 9) Reject Invalid networks (Spoof)
iptables -A INPUT -s 10.0.0.0/8       -j DROP                                # (Spoofed network)
iptables -a INPUT -s 192.0.0.1/24     -j DROP                                # (Spoofed network)
iptables -A INPUT -s 169.254.0.0/16   -j DROP                                # (Spoofed network)
iptables -A INPUT -s 172.16.0.0/12    -j DROP                                # (Spoofed network)
iptables -A INPUT -s 224.0.0.0/4      -j DROP                                # (Spoofed network)
iptables -A INPUT -d 224.0.0.0/4      -j DROP                                # (Spoofed network)
iptables -A INPUT -s 240.0.0.0/5      -j DROP                                # (Spoofed network)
iptables -A INPUT -d 240.0.0.0/5      -j DROP                                # (Spoofed network)
iptables -A INPUT -s 0.0.0.0/8        -j DROP                                # (Spoofed network)
iptables -A INPUT -d 0.0.0.0/8        -j DROP                                # (Spoofed network)
iptables -A INPUT -d 239.255.255.0/24 -j DROP                                # (Spoofed network)
iptables -A INPUT -d 255.255.255.255  -j DROP                                # (Spoofed network)


# 10) CHAINS

# FTP_BRUTE CHAIN
iptables -A INPUT -p tcp -m multiport --dports 20,21 -m state --state NEW -m recent --set --name FTP_BRUTE
iptables -A INPUT -p tcp -m multiport --dports 20,21 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name FTP_BRUTE -j DROP

# SYNFLOOD CHAIN
iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name SYNFLOOD--set                        
iptables -A INPUT -m state --state NEW -p tcp -m tcp --syn -m recent --name SYNFLOOD --update --seconds 1 --hitcount 60 -j DROP

# Logging CHAIN
iptables -N LOGGING                                                # Create `LOGGING` chain for logging denied packets
iptables -A INPUT -j LOGGING                                            # Create `LOGGING` chain for logging denied packets     
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 6    # Log denied packets to /var/log/messages
iptables -A LOGGING -j DROP                                            # Drop everything

you need to disable excludes

yum --disableexcludes=main install git

i somehow came across this [http://emacswiki.org/emacs/IswitchBuffers](http://emacswiki.org/emacs/IswitchBuffers) and i’m thinking to myself how i didn’t know about it this whole time.

basically on your ~/.emacs, just put this line of code:
(iswitchb-mode 1)

and now create multiple buffers, either through multi-window (ctrl+x+2) or (ctrl+f … and type file name)

now just hit ctrl+b, it’s like mac finder, awesome. 

If you are working for PCI compliance, you may have run into situations as to where you need to disable all GET request logging.

This is due to the fact that some merchants might accidentally submit their card processing over GET, in which, the server will be logging all card numbers and other valuable information in clear text.

So to do that:

SetEnvIf Request_Method “GET” dontlog
CustomLog “/var/log/httpd/site.com.ssl.request.log” combined env=!dontlog 

see which connections are connected to you sorted by:

1

netstat -pant | grep :80 | awk '{ print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

see which process are eating up your server:

1

ps -eo pmem,pcpu,pid,user,rss,vsize,args | { head -1 ; sort -k 1 -r -n ; } | head -10

mysqladmin ext -i1 | grep Threads_running

edit /etc/sysctl.conf

 #net.ipv4.netfilter.ip_conntrack_max = 300000 # for centos 5  
 net.netfilter.nf_conntrack_max = 300000 # for centos 6
 net.ipv4.tcp_max_syn_backlog = 10240
 net.core.netdev_max_backlog = 4000
 kernel.panic = 10
 net.ipv4.tcp_slow_start_after_idle=0
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.ip_local_port_range = 1024 65023
 net.ipv4.tcp_max_syn_backlog = 10240
 net.ipv4.tcp_max_tw_buckets = 400000
 net.ipv4.tcp_max_orphans = 60000
 net.ipv4.tcp_synack_retries = 3
 net.core.somaxconn = 10000

also look into considering increasing ulimit

ulimit -n 30000 ulimit -u 50000

now save then type sysctl -p to reload changes

since i keep forgetting which url i need to put in, here it is:

[http://mirror.centos.org/centos-5/5.8/os/x86_64/](http://mirror.centos.org/centos-5/5.8/os/x86_64/)

to create a backup:

innobackupex –user=root –password=xxx .

this should create a folder in timestamp, i.e; 2012-09-01_11-11-11

innobackupex –apply-log 2012-09-01_11-11-11

this keeps backup in sync, so make sure to apply this, always.

Here is a script I wrote for a friend who needed to update his outgoing IP on his postfix server and rotate them once every minute: /root/crons/rotate_postfix_ip.sh and add it to your cronjob to run every minute and you are set!

#!/bin/bash
ips=("64.250.120.128" "64.250.121.241" "64.250.121.242")
length=${#ips[@]}
pos=`cat current.txt`
oldip=${ips[$pos - 1]}
if [ "$length" -eq "$pos" ] ; then
    echo "limit reached"
    pos=1
else
    echo "increment!"
    (( pos++ ))
fi

echo "$pos" > current.txt

newip=${ips[$pos - 1]}
echo "prev: $oldip"
echo "new: $newip"

sed -ie "s/smtp_bind_address=$oldip/smtp_bind_address=$newip/g" /etc/postfix/main.cf > /dev/null
service postfix reload

As you can see, tcpdump is very english friendly and you can structure it as however you like:

tcpdump -nn -vv dst not 10.102.136.11 and port not 22 and dst not 10.102.136.100 and dst not 10.102.136.109 and dst not 10.102.136.95 and not udp and not arp

if you are like me and like things where you can get setup in a quick pinch, you’ll like dnsmasq. have you ever had a time where you had multiple servers and have wondered why we can’t just easily have a central hosts file so they are all synchronized? well look no further. dnsmasq, is that, and more. install dnsmasq on centos 5.8 is as easy as:

1

yum install dnsmasq -y

that’s it, you just now need to start it up: service dnsmasq start, and point your other server’s /etc/resolv.conf to your dnsmasq server.

note) if you are on openvz, make sure you set user=root in /etc/dnsmasq.conf, otherwise it won’t let you start the service.

CHANGE MASTER TO MASTER_HOST=’db0.local’, MASTER_USER=’xxx’, MASTER_PASSWORD=’xxx’, MASTER_LOG_FILE=’mysql-bin.000003’, MASTER_LOG_POS=628;

#!/usr/bin/perl
#  Version 0.0.1.F alpha
#  To use locally.
#   example:    "./pci_check.pl"
#
#  Remotely redirect to ssh.  
#   example:    "ssh username@servername perl < pci_check.pl"
#
#  Looping through multiple servers. 
#   example:    "for server in servername1 servername2 servernameetc; do ssh username@$server perl < pci_check.pl; done"
#
#  Redirect output to local file.
#   example:    "ssh username@servername perl < pci_check.pl >> output.txt"
#
#  Redirecting output to a local file while looping through multiple servers.
#   example:    "for server in servername1 servername2 servernameetc; do ssh username@$server perl < pci_check.pl >> output.txt; done"
#
#  Looping through multiple servers specified from a list.
#   example:    "for server in `cat serverlist.txt` ; do ssh username@$server perl < pci_check.pl; done" 
#

use strict;
my $internet_connectivity_url = "http://www.google.com";

my $which_cmd = "which";
my $etc_passwd_file = "/etc/passwd";
my $etc_login_defs_file = "/etc/login.defs";
my $etc_lsb_release_file = "/etc/lsb-release";
my $etc_redhat_release_file = "/etc/redhat-release";
my $etc_gentoo_release_file = "/etc/gentoo-release";
my $etc_ntp_conf_file = "/etc/ntp.conf";
my $etc_exports_file = "/etc/exports";
my $etc_fstab_file = "/etc/fstab";
my $etc_ssh_sshd_conf_file = "/etc/ssh/sshd_config";
my $var_log_clamav_freshclam_log = "/var/log/clamav/freshclam.log";
my $my_id = `id -u`;
my $sysctl_cmd = "/sbin/sysctl";
my $passwd_cmd = `$which_cmd passwd`;
  chomp $passwd_cmd;
my $curl_cmd = `$which_cmd curl`;
  chomp $curl_cmd;
my $crontab_cmd = `$which_cmd crontab`;
  chomp $crontab_cmd;
my $ifconfig_cmd= `$which_cmd ifconfig`;
  chomp $ifconfig_cmd;



my $hostname = `/bin/hostname`;
my @ps_cmd = `/bin/ps -eo %c h`;
my @ifconfig = `$ifconfig_cmd`;
my @netstat = `/bin/netstat -nlp`;
my @pam_d_contents = `/bin/cat /etc/pam.d/*  2> /dev/null`;
if ($my_id == 0)
  {
    my @crontab = `$crontab_cmd -l`;
  }


my @installed_packages;
my $os_distro;
my $ipv6_status;

my @sysctl_oids = 
  qw( 
    net.ipv4.conf.all.forwarding
    net.ipv4.conf.default.forwarding
    net.ipv4.ip_forward
    net.ipv4.conf.default.accept_source_route
    net.ipv4.conf.all.accept_source_route
  );

my @cron_directories =
  qw(
    /etc/cron.hourly
    /etc/cron.daily
    /etc/cron.weekly
    /etc/cron.montly
    );

my @log_directories =
  qw(
    /var/log
    /var/log/httpd
    );

my @login_defs = open_file($etc_login_defs_file);
my @etc_lsb_release = open_file($etc_lsb_release_file);
my @etc_redhat_release = open_file($etc_redhat_release_file);
my @etc_gentoo_release = open_file($etc_gentoo_release_file);
my @etc_ntp_conf = open_file($etc_ntp_conf_file);
my @etc_exports = open_file($etc_exports_file);
my @etc_fstab = open_file($etc_fstab_file);
my @etc_ssh_sshd_conf = open_file($etc_ssh_sshd_conf_file);
my @etc_passwd = open_file($etc_passwd_file);
my @clamav_freshclam = open_file($var_log_clamav_freshclam_log);


print "Hostname:nt$hostname";

#print whether internet connectivity is detected or not
if ( length($curl_cmd) != 0 )
  {
    if ( `$curl_cmd --silent -m 5 $internet_connectivity_url` )
      {
        print "tINTERNET CONNECTIVITY DETECTEDn";
      }
    else
      {
        print "tNO INTERNET CONNECTIVITYn";
      }
  }

print "OS Version:n";
foreach (@etc_lsb_release)
  {
    if (/DISTRIB_DESCRIPTION="(.*)"/)
      {
        print "t$1n";
    $os_distro = $1;
      }
  }

foreach (@etc_redhat_release)
  {
    if (/(.*)/)
      {
        print "t$1n";
        $os_distro = $1;
      }
  }
foreach (@etc_gentoo_release)
  {
    if (/(.*)/)
      {
         print "t$1n";
         $os_distro = $1;
      }
  }


#Loop through ifconfig for IP Addresses
print "IP Addresses:n";
foreach (@ifconfig)
  {
    if (/inet (?:addr:)?([d.]+)/)
      {
        print "t$1n";
      }
  }  



#Loop through ifconfig for IPv6
foreach (@ifconfig)
  {
    if (/inet6/)
      {
        $ipv6_status = 1;
        last;
      }
  } 

if ($ipv6_status)
  {
    print "IPv6 is Enabledn";
  }
else
  {
    print "IPv6 is Disabledn";
  }


#services
print "Listening Services:n";
foreach (@netstat)
  {
    if (/(tcp|udp).* ([d.d.d.d]+:d+)/)
      {
        print "t$1 $2n";
      }
  }



#Sysctl Values
print "IP sysctl:n";
foreach (@sysctl_oids)
  {
    print "t" . read_sysctl($_);
  }

#Enumerate System Users
print "Users:n";
foreach (@etc_passwd)
  {
    my($login, $passwd, $uid, $gid,$gcos, $home, $shell) = split(/:/);
    print "t$logint$homet$shell";
      if ( $my_id == 0 )
        {
          print "t".`$passwd_cmd -S $login`;
        }
  }


#NTP server configuration
print "NTP Servers:n";
foreach (@etc_ntp_conf)
  {
    if (m/^(server.*)/)
      {
        print "t$1n";
      }
  }

#List filesystem exports
print "Filesystem NFS Exports:n";
foreach (@etc_exports)
  {
    if (!(m/^#/))
      {
    print "t$_";
      }
  }


#etc fstab contents
print "fstab mounts:n";
foreach (@etc_fstab)
  {
    if (!(m/^#/))
      {
        print "t$_";
      }
  }

#etc sshd config contents
if ($my_id == 0)
  {
  print "sshd_conf:n";
  foreach (@etc_ssh_sshd_conf)
    {
      if (!(m/^#/) && !(m/^$/))
        {
          print "t$_";
        }
    }
  }


#Determine OS and find installed packages
if ($os_distro =~ m/ubuntu/i)
  {
    my @installed_packages_tmp = `/usr/bin/dpkg -l`;
    foreach (@installed_packages_tmp)
      {
        my @line =  split(/s+/, $_);
        push @installed_packages, "$line[1]t$line[2]n";
      }
  }

if ($os_distro =~ m/debian/i)
  {
    my @installed_packages_tmp = `/usr/bin/dpkg -l`;
    foreach (@installed_packages_tmp)
      {
        my @line =  split(/s+/, $_);
        push @installed_packages, "$line[1]t$line[2]n";
      }
  }

if ($os_distro =~ m/gentoo/i)
  {
    @installed_packages = `ls -d /var/db/pkg/*/*`;
  }

if ($os_distro =~ m/centos/i)
  {
    @installed_packages = `rpm -qa`;
  }

if ($os_distro =~ m/red hat/i)
  {
    @installed_packages = `rpm -qa`;
  }


print "Installed packages:n";
foreach (@installed_packages)
  {
    if (m/(.*(ssh|ntp|httpd|apache|named|bind|avg|clam|portmap|sophos|sys|ssl|cups|sec|tripwire).*)/i)
    {
       print "t$1n";
    } 
  }


if (-e $var_log_clamav_freshclam_log)
    {
      print "ClamAV Updates:n";
      foreach (@clamav_freshclam[-30,-1])
        {
          print "t$_";
        }
    }

print "File contents: login.defsn";
foreach (@login_defs)
  {
    if (m/(^(MD5_CRYPT_ENAB|ENCRYPT_METHOD|LOGIN_RETRIES|LOGIN_TIMEOUT|LOG_OK_LOGINS|SYSLOG_SU_ENAB|PASS_MAX_DAYS).*)/i){print "t$1n";}
  }


print "Pam.d config:n";
foreach (@pam_d_contents)
  {
    if ((!(m/^#/) && ((m/(.*pam_unix.*)/i) || (m/(.*pam_tally.*)/i) || (m/(.*pam_crack.*)/i) || (m/(.*minlen.*)/i) || (m/(.*retry.*)/i)) ) )
      {
        print "t$1n";
      }
  }

print "Cron Jobs:n";
foreach my $file (@cron_directories)
  {
    foreach (<$file/*>)
      {
        print "t $_n";
      }
  }

print "Log Files:n";
foreach my $file (@log_directories)
  {
    foreach (<$file/*>)
      {
    if (!(m/.[0-9]/))
          {
            print "t $_n";
          }
      }
  }


#Sort unique processes 
print "System Processes:n";
my %seen;
foreach ( sort( grep{ ! $seen{$_}++ } @ps_cmd))
  {
    print "t$_";
  }




#Argument filename, Returns array
sub open_file
  {
    my $file_name = $_[0];
    open FILE, ")
      {
        push(@file_contents, $_);
      }
    close FILE;
    return @file_contents;
  }

#Read specific sysctl
sub read_sysctl
  {
    my $search_oid=$_[0];
    open SYSCTL, "$sysctl_cmd $search_oid |" || die "Can't run sysctl: $!n";
    my $output;
    while ()
      {
        $output = $_;
      }
    close SYSCTL;
    return $output;
  }