Today I had a BSOD ( Blue Screen Of Death ) on one of my windows servers and after searching the net , I found an invaluable tool which can simplify analyzing the dump file generated by windows after the crash to find out the root cause of crash.
This tool is a must have for every windows system administrator , for more information visit the following link :
WhoCrashed Comprehensible Crash Dump Analyzer
April 25, 2010
Excellent windows dump file analyzer
April 20, 2010
Auto login/boot Windows XP/Vista/7/2003
Open “Run …” Dialog ( through start menu or by pressing windows key + R )
type the following command in Run field and press enter :
control userpasswords2
uncheck “User must enter a username and password to use this computer” and Click on Apply.
it will ask for password , fill the password fields and click on OK.
Done 🙂
April 10, 2010
Benchmark network throughput between 2 systems
Today I had 2 systems connected to each other with Mellanox MT25208 InfiniBand cards with 40Gbps speed ( it is fast , isnt it ? 😀 ) , after setting up IPoIB ( IP on InfiniBand ) on cards. I wanted to make sure I really have 40Gbps speed , so I searched the net for a network throughput benchmark utility and I found a great software named PCAUSA Test TCP (PCATTCP)
You can download its latest version from its original site : Original Download Page
Or from my site : PCATTCP-0111.zip
Usage :
you have to run a receiver on one of systems by following command :
PCATTCP.exe -r
the default setting was not optimized for testing a 40Gbps line , so I used the following command on transmitter part :
PCATTCP.exe -t -l 819200 -n 1024 10.0.0.1
10.0.0.1 is the IP of receiver part.
You are curious to know the result ? 😀 Here it is :
PCAUSA Test TCP Utility V2.01.01.11 Started TCP Transmit Test 0... TCP Transmit Test Transmit : TCP -> 10.0.0.1:5001 Buffer Size : 819200; Alignment: 16384/0 TCP_NODELAY : DISABLED (0) Connect : Connected to 10.0.0.1:5001 Send Mode : Send Pattern; Number of Buffers: 1024 Statistics : TCP -> 10.0.0.1:5001 838860800 bytes in 1.97 real seconds = 416683.62 KB/sec +++ numCalls: 1024; msec/call: 1.97; calls/sec: 520.85
Yes , I have a working 40Gbps line 😀
April 9, 2010
Free Under construction page for your website
You can download a free under construction page for your website here :
http://adminsehow.com/files/Under%20Construction%20Page.zip
April 4, 2010
Configure Powerdns to use MVPS.org Hosts file
One of the solutions to increase your PC security and block ads, counters, malwares and etc is to use a HOSTS file on your windows so the DNS address of such sites is resolved to localhost (127.0.0.1) instead of correct address.
Simply using a HOSTS file is not a cure-all against all the dangers on the Internet, but it does provide another very effective “Layer of Protection”.
The original idea is explained on this link : http://www.mvps.org/winhelp2002/hosts.htm
As the above link explains , you can put HOSTS file inside your windows system files and it will do the trick , but this solution has its own complexities and downsides , a better solution is to have a DNS server which uses MVPS HOSTS file to block malware sites and then point your PC DNS entries to it.
like 1 year ago I explained how to install PowerDNS as a caching DNS server – HERE – now I want to explain how you can configure it to use MVPS HOSTS file to block malware site and update it automatically.
Please note you should have perl installed on your server for this script to work.
Go to /etc/powerdns folder and create the following files :
null.zone.file :
; BIND db file for ad servers - point all addresses to localhost
;
; This file comes from:
;
; http://adminsehow.com
$TTL 86400 ; one day
@ IN SOA ns0.example.net. hostmaster.example.net. (
2002061000 ; serial number YYMMDDNN
28800 ; refresh 8 hours
7200 ; retry 2 hours
864000 ; expire 10 days
86400 ) ; min ttl 1 day
NS ns0.example.net.
NS ns1.example.net.
A 127.0.0.1
* IN A 127.0.0.1
auth-zone.pl :
local $/=undef;
open FILE, "hosts.txt" or die "Couldn't open file: $!";
binmode FILE;
$subject = <FILE>;
close FILE;
$a='auth-zones=';
while ($subject =~ m/127\.0\.0\.1[ ]+(([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,4})/ixg) {
$a=$a.$1."=null.zone.file,";
}
print "$a";
update-auth-zone :
cd /etc/powerdns rm -f hosts.txt wget -q "http://www.mvps.org/winhelp2002/hosts.txt" perl auth-zone.pl > auth.zone sed -i "/auth-zones=/d" recursor.conf cat auth.zone >> recursor.conf /etc/init.d/pdns-recursor restart > /dev/null 2>&1 rm -f hosts.txt rm -f auth.zone
make update-auth-zone executable :
chmod +x update-auth-zone
execute update-auth-zone once :
./update-auth-zone
open crontab by “crontab -e” command and add the following line to it :
@weekly /etc/powerdns/update-auth-zone
this cron job will automatically update your powerdns configuration based on MVPS HOSTS file weekly.
Currently I have configured my own DNS server 216.155.148.9 to use MVPS HOSTS file , feel free to use it as your primary DNS Server if you like 🙂
March 31, 2010
Check e-mail on a pop3 server using telnet
These steps show how to check your e-mail on a pop3 server using a telnet client.
Telnet to the pop3 server.
telnet pop3.somedomain.com 110
You should recieve a reply to this effect.
Trying A.B.C.D... Connected to pop3.somedomain.com. Escape character is '^]'. +OK (rwcrpxc13) POP3 server
if you want to connect to a pop3 SSL server use the following command on a linux shell :
openssl s_client -connect FQDN:PORT
for instance for gmail it is :
openssl s_client -connect pop.gmail.com:995
You will get a response like this :
CONNECTED(00000003)
depth=1 /C=US/O=Google Inc/CN=Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDWjCCAsOgAwIBAgIKYgy3qQADAAAJ5zANBgkqhkiG9w0BAQUFADBGMQswCQYD
VQQGEwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzEiMCAGA1UEAxMZR29vZ2xlIElu
dGVybmV0IEF1dGhvcml0eTAeFw0wOTA3MTcxNzE2NTVaFw0xMDA3MTcxNzI2NTVa
MGcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N
b3VudGFpbiBWaWV3MRMwEQYDVQQKEwpHb29nbGUgSW5jMRYwFAYDVQQDEw1wb3Au
Z21haWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTHqjJfnRXdpmZ
4iP/WNCpvzX4N97bEZ3rvS4aDYey/DJetKZqp9DK1Ie4/C5j8M1aakwiTNA/eHS/
wNWVgQx8+HxproYKUeeYj3shYKEkHGfrRYBcyCxc7Gd6NSGaaYru3Z7nJ+STIPUJ
E1N35JAwcjjdITVI2O4LckAL4b7GkwIDAQABo4IBLDCCASgwHQYDVR0OBBYEFIln
0T5I8Mw6cqhtUS4pyMGYRxOTMB8GA1UdIwQYMBaAFL/AMOv1QxE+Z7qekfv8atrj
axIkMFsGA1UdHwRUMFIwUKBOoEyGSmh0dHA6Ly93d3cuZ3N0YXRpYy5jb20vR29v
Z2xlSW50ZXJuZXRBdXRob3JpdHkvR29vZ2xlSW50ZXJuZXRBdXRob3JpdHkuY3Js
MGYGCCsGAQUFBwEBBFowWDBWBggrBgEFBQcwAoZKaHR0cDovL3d3dy5nc3RhdGlj
LmNvbS9Hb29nbGVJbnRlcm5ldEF1dGhvcml0eS9Hb29nbGVJbnRlcm5ldEF1dGhv
cml0eS5jcnQwIQYJKwYBBAGCNxQCBBQeEgBXAGUAYgBTAGUAcgB2AGUAcjANBgkq
hkiG9w0BAQUFAAOBgQCEGIebkDpktdjtzMiTTmEiN7e4vc73hEI4K0jYKyY0Wn5N
dc44AXTfIWOzsikwb886PCUSevGs9rcw2/kaHdPaBSuGrzSCf8ODQqTC3odry3lo
PtZGr6nf/81F5UW71+bE1iWOQlJ5/olWOr2SlqYla1iOmosEctD/GyoFnDh+BA==
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=pop.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority
---
No client certificate CA names sent
---
SSL handshake has read 1703 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID: AF09D6024039D1F70D7A6518034EF3B2E1B949C15A71ED3D0E85BC89F7D4ADC2
Session-ID-ctx:
Master-Key: 58D4202B16256CA5715C45B2CDDDFDDC16ABCAEF2A0993D23F3817193AE3F4A4E5531EF13CA970BADD1F8EA273FD6871
Key-Arg : None
Start Time: 1270025037
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
+OK Gpop ready for requests from a.b.c.d q9pf826547gve.29
Enter your username for the pop3 e-mail account using the “user” command.
user username_here
You should recieve the following reply.
+OK
Enter your password for the pop3 e-mail account using the “pass” command.
pass password_here
You should recieve the following reply.
+OK Maildrop ready
Stat your mailbox using “stat” command.
stat
You will get response showing the number of messages on the server and total size of them.
+OK 2 9141
List the mail on the pop3 e-mail account using the “list” command.
list
You will see the list of messages on the server.
+OK scan listing follows 1 1489 2 7652 .
To see one of the messages issue the retrieve command “retr” and the message id.
retr 1
You will see the whole e-mail headers and all.
+OK 1489 octets Return-path: Received: from blah (blah.somedomain.net [a.b.c.d]) by blah2.somedomain.net (iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003)) with ESMTP id <0HHF00C6KK6NXJ@blah2.somedomain.net> for me@here.net; Wed, 02 Jul 2003 23:54:23 -0400 (EDT) Date: Wed, 02 Jul 2003 23:52:59 -0400 From: Me Subject: test To: you@there.net Reply-to: me@here.net Message-id: <200307022352.59679.me@here.net> Organization: Pantz.org MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit Content-disposition: inline User-Agent: KMail/1.5.1 Original-recipient: rfc822;me@here.net test
If you would like to delete the message issue the dele command with the message id.
dele 1
You will then see a delete confirmation.
+OK message deleted
To finish issue the quit command.
quit
Response :
+OK Connection closed by foreign host.
March 20, 2010
How to Disable Password Expiration on Windows Server 2008
If you’re not using Active Directory, your “Local Security Policy” dictates things like password complexity rules, account lockouts, and password expiration. To turn off password expiration:
1) Login as Administrator or a user with Administrator rights
2) Launch “Local Security Policy”: Start > Administrative Tools > Local Security Policy
3) Expand “Account Policies”
4) Select Password Policy
5) Set Maximum Password age to “0”
Source : Ryan’s Tech Notes
March 18, 2010
Prevent MySQL Injection in PHP
As it is explained everywhere on the web , the general solution to prevent mysql injection attacks in php is to use mysql_real_escape_string function , there are many guides on how to use it in conjunction with sprintf to escape dangerous characters before executing a mysql query, but I found a very innovative solution in a comment on php.net website , it recommends to escape all variables sent by user by get or post method in the beginning of every page which executes mysql queries :
first make sure magic_quotes_gpc is turned off on your php configuration , it can be checked on php info page.
this step makes sure your variables are not escaped twice.
This article explains how to disable magic quotes : Disabling Magic Quotes Guide
put the following code in the beginning of every page executing mysql queries :
include ('mysql_connect.php');
//This stops SQL Injection in POST vars
foreach ($_POST as $key => $value) {
$_POST[$key] = mysql_real_escape_string($value);
}
//This stops SQL Injection in GET vars
foreach ($_GET as $key => $value) {
$_GET[$key] = mysql_real_escape_string($value);
}
mysql_real_escape_string needs you to be connected to your mysql database when you call it , so I have placed include (‘mysql_connect.php’); in the beginning of script , you can replace it with your own mysql connect commands.
March 13, 2010
Shell script to show network speed
The following shell script shows current download and upload speeds for the network interface you choose.
Copy the shell script in a file named, i.e: net_speed.sh
Then after setting execution permissions:
chmod a+x net_speed.sh
You can run the shell script passing as the first argument the network interface you want to monitor:
./net_speed.sh eth0
You will get a line like that:
eth0 DOWN:15 KB/s UP:880 B/s
This script works parsing /proc/net/dev file and calculating the difference between current transmitted or received bytes and their values one second ago.
#!/bin/bash
# This shell script shows the network speed, both received and transmitted.
# Usage: net_speed.sh interface
# e.g: net_speed.sh eth0
# Global variables
interface=$1
received_bytes=""
old_received_bytes=""
transmitted_bytes=""
old_transmitted_bytes=""
# This function parses /proc/net/dev file searching for a line containing $interface data.
# Within that line, the first and ninth numbers after ':' are respectively the received and transmited bytes.
get_bytes()
{
line=$(cat /proc/net/dev | grep $interface | cut -d ':' -f 2 | awk '{print "received_bytes="$1, "transmitted_bytes="$9}')
eval $line
}
# Function which calculates the speed using actual and old byte number.
# Speed is shown in KByte per second when greater or equal than 1 KByte per second.
# This function should be called each second.
get_velocity()
{
value=$1
old_value=$2
let vel=$value-$old_value
let velKB=$vel/1024
if [ $velKB != 0 ];
then
echo -n "$velKB KB/s";
else
echo -n "$vel B/s";
fi
}
# Gets initial values.
get_bytes
old_received_bytes=$received_bytes
old_transmitted_bytes=$transmitted_bytes
# Shows a message and waits for one second.
echo "Starting...";
sleep 1;
echo "";
# Main loop. It will repeat forever.
while true;
do
# Get new transmitted and received byte number values.
get_bytes
# Calculates speeds.
vel_recv=$(get_velocity $received_bytes $old_received_bytes)
vel_trans=$(get_velocity $transmitted_bytes $old_transmitted_bytes)
# Shows results in the console.
echo -en "$interface DOWN:$vel_recv\tUP:$vel_trans\r"
# Update old values to perform new calculations.
old_received_bytes=$received_bytes
old_transmitted_bytes=$transmitted_bytes
# Waits one second.
sleep 1;
done
Source : Linux Clues