updated version of this blog

updated version of this blog is at http://gregorgede.blogspot.com

installing postgresql on RHEL4 update 3 from source

1. make sure rpm’s version is not installed

$ rpm -qa | grep postgresql

if installed, remove it

$ rpm -e postgresql-pl postgresql-test postgresql-server

2. download the source

$ wget -b  http://ftp9.id.postgresql.org/v8.2.5/postgresql-8.2.5.tar.bz2

3. after download has finished

$ ./configure
$ gmake
$ su
$ gmake install
$ adduser postgres
$ mkdir /usr/local/pgsql/data
$ chown postgres /usr/local/pgsql/data
$ su – postgres
$ /usr/local/pgsql/bin/initdb -D /usr/local/pgsql/data
$ /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data >logfile 2>&1 &
$ /usr/local/pgsql/bin/createdb test
$ /usr/local/pgsql/bin/psql test

4. copy start-up script from contrib folder

$ pwd

make sure you are in postgresql-8.2.5 folder then

$ cd contrib/start-scripts/

$ cp linux /etc/rc.d/init.d/postgresql

$ chmod 755 /etc/rc.d/init.d/postgresql

$ chkconfig –add postgresql

$ service postgresql restart

Kernel Tunable Security Parameters

to help increasing your linux box security, add these lines in /etc/sysctl.conf :

net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.icmp_echo_ignore_all = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1

be aware that the line number 3 from below will cause your box un-ping-able. put # in front of it if you don’t like the idea…..

then do :

$ sysctl -p

standar bandwidth ban-pt

AKREDITASI INSTITUSI PERGURUAN TINGGI, BADAN AKREDITASI NASIONAL PERGURUAN TINGGI 2007 menerapkan standar penilaian untuk bandwidth sebagai berikut (buku VI page. 22) :

Perguruan tinggi memiliki kapasitas internet dengan rasio bandwidth per mahasiswa yang memadai

1. >0.75 Kbps/mhs = sangat baik (nilai 4)
2. 0.5 – 0.75 Kbps/mhs = baik (nilai 3)
3. 0.25 – 0.49 Kbps/mhs = cukup (nilai 2)
4. < 0.25 Kbps/mhs = kurang (nilai 1)

hardening mikrotik and set a DMZ

1. login from mikrotik terminal console as user admin and blank password, then change password:
> /password
enter new password twice.

2. from now on, if you get lost just press the ? button…
3. to make a dmz router we need 3 nic’s, let’s check it out :
> /interface
interface> print
Flags: X – disabled, D – dynamic, R – running
# NAME TYPE RX-RATE TX-RATE MTU
0 R ether1 ether 0 0 1500
1 R ether2 ether 0 0 1500
2 R ether3 ether 0 0 1500

ok. they’re all there….

4. if you want to disable ether1 here’s what to do :
interface> set 0 disabled=yes
or
interface> disable 0
to enable:
interface> set 0 disabled=no
or
interface> enable 0
5. let’s give them the IP now :
>/ip address
ip address>add address=192.168.100.1/24 interface=ether3
that’s for the dmz
ip address>add address=172.16.10.1/24 interface=ether2
that’s for the LAN
ip address>add address=202.x.x.x/28 interface=ether1
that’s for the public

6. add default gateway
>/ip route
ip route> add gateway=202.x.x.x

7. testing connection (don’t forget to plug the cable)
>/ping 202.x.x.x

8.now let’s harden the router.
>/ip service print
let’s only let ssh available :
>/ip service disable 0
do the same for all but 3

9. more hardening
create user that can only login from console. this is useful when we lost our admin password
>/user add name=gregor password=typepassword group=full address=127.0.0.1/32

10. more hardening with firewall
> /ip firewall filter
ip firewall filter>add chain=input connection-state=established action=accept comment=”accept established connection packets” disabled=no
ip firewall filter>add chain=input connection-state=related action=accept comment=”accept related connection packets” disabled=no
ip firewall filter>add chain=input connection-state=invalid action=drop comment=”drop invalid packets” disabled=no

those 3 lines will let only valid connection to the router

ip firewall filter>add chain=input protocol=tcp psd=21,3s,3,1 action=drop comment=”detect and drop port scan connections” disabled=no
that’s for protection against port scan

ip firewall filter>add chain=input protocol=icmp action=jump jump-target=ICMP comment=”jump to chain ICMP” disabled=no
ip firewall filter>add chain=input action=jump jump-target=services comment=”jump to chain services” disabled=no

create a separate chain to handle ICMP and services that the router provides

ip firewall filter>add chain=input dst- address-type=broadcast action=accept comment=”Allow Broadcast Traffic” disabled=no

that’s for broadcast

ip firewall filter>add chain=input action=drop comment=”drop everything else” disabled=no

read the comment please…:)

ip firewall filter>add chain=ICMP protocol=icmp icmp-options=0:0-255 limit=5,5 action=accept comment=”0:0 and limit for 5pac/s” disabled=no
ip firewall filter>add chain=ICMP protocol=icmp icmp-options=3:3 limit=5,5 action=accept comment=”3:3 and limit for 5pac/s” disabled=no
ip firewall filter>add chain=ICMP protocol=icmp icmp-options=3:4 limit=5,5 action=accept comment=”3:4 and limit for 5pac/s” disabled=no
ip firewall filter>add chain=ICMP protocol=icmp icmp-options=8:0-255 limit=5,5 action=accept comment=”8:0 and limit for 5pac/s” disabled=no
ip firewall filter>add chain=ICMP protocol=icmp icmp-options=11:0-255 limit=5,5 action=accept comment=”11:0 and limit for 5pac/s” disabled=no
ip firewall filter>add chain=ICMP protocol=icmp action=drop comment=”Drop everything else” disabled=no

those lines are to handle ICMP

ip firewall filter>add chain=services protocol=tcp dst-address=172.16.10.1 dst-port=8291 action=accept comment=”allow winbox from LAN” disabled=no
ip firewall filter>add chain=services protocol=tcp dst-address=172.16.10.1 dst-port=22 action=accept comment=”allow ssh from LAN” disabled=no
ip firewall filter>add chain=services protocol=tcp dst-address=192.168.100.1 dst-port=53 action=accept comment=”allow DNS from DMZ” disabled=no

please read the comment……

10. now set the dns with dns server provided by your ISP
>/ip dns
ip dns> set primary-dns=202.x.x.x

now you can set all machines in your DMZ to use 192.168.100.1 as their DNS server.
you can also add some static entries for them to find each other.
eg. www.example.com is publicly known as 202.x.x.x while it’s actual IP in the DMZ is 192.168.100.5

>/ip dns static
ip dns static> add name www.example.com address=192.168.100.5

11.let’s set the port forwarding now
> ip firewall nat
ip firewall nat>add chain=dstnat action=dst-nat dst-address=202.x.x.x dst-port=80 to-addresses=192.168.100.5 to-ports=80 disabled=no
ip firewall nat>add chain=srcnat src-address=192.168.100.5 action=src-nat to-addresses=202.x.x.x disabled=no

12. on your LAN, you should have a router who has 172.16.10.1 as it’s default gateway and you should masquerade all connections from it.

aplikasi eprocurement bappenas

found these messages in wrapper.log :

Launching a JVM…
Error occurred during initialization of VM
java/lang/NoClassDefFoundError: java/lang/Object
JVM exited while loading the application.

use these following steps to solve the problem above :

find a file named unpack or unpack200 in your jdk1.6.0 directory. usually in lib or bin, then do this :

$ cd  /usr/local/src/jdk1.6.0/jre/lib

 $ /usr/local/src/jdk1.6.0/bin/unpack200 rt.pack rt.jar

$ /usr/local/src/jdk1.6.0/bin/unpack200 charsets.pack charsets.jar

$ /usr/local/src/jdk1.6.0/bin/unpack200 deploy.pack deploy.jar

$ /usr/local/src/jdk1.6.0/bin/unpack200 javaws.pack javaws.jar

 $ /usr/local/src/jdk1.6.0/bin/unpack200 jsse.pack jsse.jar

$ /usr/local/src/jdk1.6.0/bin/unpack200 plugin.pack plugin.jar

now try running your application again, it should works fine now.

: bad interpreter: No such file or directory

if you ever see this following message when tried to run a sh or bash script :

: bad interpreter: No such file or directory

then you should do this to fix it :

$ vi filename.sh

inside vi editor give this command :

:set fileformat=unix

:wq!

then try to run it again…. it should works now….

source : http://www.diegobelotti.com/?q=bash_bad_interpreter