Here is a simple way to backup your svn repository. Use the following command:

svnadmin dump /repository_path/project > /backup_path/project_backup

 You can test if this is okay by creating a test repository and importing the backup
file to the new test repository.

svnadmin create /repository_path/project1
svnadmin load /repository_path/project1 < /project_backup/project

 After that you cand remove it.

rm -rf /repository_path/project1

 In the end you can create a zip copy to the backup file project_backup
to project_backup.zip.

zip -r project_backup.zip project_backup
01. June 2010 · 2 comments · Categories: Linux

Under the WP admin option menu, WordPress lists four choices for permalink structure:

  1. Default: http://pensacola-tech.com/pensacola/?=123
  2. Date and name based: http://pensacola-tech.com/pensacola/2010/05/10/sample-post/
  3. Numeric: http://pensacola-tech.com/pensacola/archives/123
  4. Custom: /%year%/%monthnum%/%day%/%postname%

Note: The “default” option is to not use permalinks.

There are 2 htaccess rules for all WordPress permalinks:

1. If WordPress is installed in the root directory:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

2. If WordPress is installed in a subdirectory called "pensacola"


# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /pensacola/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /pensacola/index.php [L]
</IfModule>
# END WordPress

That's it... :)Enjoy!

10. May 2010 · 6 comments · Categories: Linux

We all know that it is possible to upgrade Linux distributions. You can upgrade Ubuntu 9.10 to the latest 10.04 Lucid Lynx release, but a clean install is the best way to go if you want to avoid update headaches. Usually this means reinstalling your favorite applications and applying tweaks all over again. Now with Ubuntu 10.04 a script called Ubuntu 10.04 Start Script can help you to install software and tweak the system very easy.

Using this script, you can add popular repositories including Ubuntu restricted extras, Medibuntu, and Getdeb. With a few clicks, you can install a wide range of useful applications such as Dropbox, Google Earth, Google Chrome, VLC media player, Ubuntu Tweak and many others. The script also lets you install different codecs, Java runtime environment, Flash plugin as well as add support for various archive types and DVD playback. In addition to that, the script can apply an assortment of tweaks to the freshly installed system.

In the terminal, switch to the resulting directory and run the script as root using the following command:

[pensacola@pensacola-tech ~]# sudo ./ubuntu-10.04-script

References: https://launchpad.net/ubuntustart/
While it is possible to upgrade Ubuntu 9.10 to the latest 10.04 Lucid Lynx release, a clean install is the best way to go if you want to avoid update headaches. Usually this means reinstalling your favorite applications and applying tweaks all over again — but now with Ubuntu 10.04. A clever script with the imaginative name Ubuntu 10.04 Start Script can help you to install software and tweak the system with a minimum of fuss.While it is possible to upgrade Ubuntu 9.10 to the latest 10.04 Lucid Lynx release, a clean install is the best way to go if you want to avoid update headaches. Usually this means reinstalling your favorite applications and applying tweaks all over again — but now with Ubuntu 10.04. A clever script with the imaginative name Ubuntu 10.04 Start Script can help you to install software and tweak the system with a minimum of fuss.

Mobile Apps Conference coming soon: May 13! … OVI Store will be presented by Jure Sustersic ….

More info here.

Agile & Lean Practices la OpenAgile

OpenAgile conference for second time in Romania. The content of the first edition of the conference is available here.
Please check GeekMeet and OpenAgile websites for more details.
Hurry up!

Ubuntu 10.04

LONDON, April 27, 2010: Canonical announced today the upcoming release of Ubuntu 10.04 LTS Desktop Edition, the latest version of the popular Linux desktop distribution, which includes three years of support through free security and maintenance updates. It will be available for free download on Thursday 29 April and will be pre-installed on a range of machines from a number of manufacturers in Summer 2010.

The desktop edition of Ubuntu 10.04 LTS will feature extensive design work, faster boot speed, social network integration, online services and the Ubuntu One Music Store.
Read more here.
You can get Ubuntu from the official site. Enjoy!
05. May 2010 · 11 comments · Categories: Linux

Linux Configure rssh Chroot Jail To Lock Users To Their Home Directories Only


rssh support chrooting option. If you want to chroot users, use chrootpath option. It is used to set the directory where the root of the chroot jail will be located. This is a security feature.

A chroot on Linux or Unix OS is an operation that changes the root directory. It affects only the current process and its children. If your default home directory is /home/pensacola normal user can access files in /etc, /sbin or /bin directory. This allows an attacker to install programs / backdoor via your web server in /tmp. chroot allows to restrict file system access and locks down user to their own directory.

Configuring rssh chroot

#Chroot directory: /users.
Note: If possible mount /users filesystem with the noexec/nosuid option to improve security.

# Required directories in jail:

  • /users/dev – Device file
  • /users/etc – Configuration file such as passwd
  • /users/lib – Shared libs
  • /users/usr – rssh and other binaries
  • /users/bin – Copy default shell such as /bin/csh or /bin/bash

# Required files in jail at /users directory (default for RHEL / CentOS / Debian Linux):

  • /etc/ld.so.cache
  • /etc/ld.so.cache.d/*
  • /etc/ld.so.conf
  • /etc/nsswitch.conf
  • /etc/passwd
  • /etc/group
  • /etc/hosts
  • /etc/resolv.conf
  • /usr/bin/scp
  • /usr/bin/rssh
  • /usr/bin/sftp
  • /usr/libexec/openssh/sftp-server OR /usr/lib/openssh/sftp-server
  • /usr/libexec/rssh_chroot_helper OR /usr/lib/rssh/rssh_chroot_helper (suid must be set on this binary)
  • /bin/sh or /bin/bash (default shell)

Note: Limit the binaries which live in the jail to the absolute minimum required to improve security. Usually /bin/bash and /bin/sh is not required but some system may give out error.

A note about jail file system

Note: The files need to be placed in the jail directory (such as /users) in directories that mimic their placement in the root (/) file system. So you need to copy all required files. For example, /usr/bin/rssh is located on / file system. If your jail is located at /users, then copy /usr/bin/rssh to /users/usr/bin/rssh. Following instuctions are tested on:

  • FreeBSD
  • Solaris UNIX
  • RHEL / Redhat / Fedora / CentOS Linux
  • Debian Linux

Building the Chrooted Jail

Create all required directories:
# mkdir -p /users/{dev,etc,lib,usr,bin}
# mkdir -p /users/usr/bin
# mkdir -p /users/libexec/openssh

Create /users/dev/null:
# mknod -m 666 /users/dev/null c 1 3
Copy required /etc/ configuration files, as described above to your jail directory /users/etc:
# cd /users/etc
# cp /etc/ld.so.cache .
# cp -avr /etc/ld.so.cache.d/ .
# cp /etc/ld.so.conf .
# cp /etc/nsswitch.conf .
# cp /etc/passwd .
# cp /etc/group .
# cp /etc/hosts .
# cp /etc/resolv.conf .
Open /usres/group and /users/passwd file and remove root and all other accounts.

Copy required binary files, as described above to your jail directory /users/bin and other locations:
# cd /users/usr/bin
# cp /usr/bin/scp .
# cp /usr/bin/rssh .
# cp /usr/bin/sftp .
# cd /users/usr/libexec/openssh/
# cp /usr/libexec/openssh/sftp-server .
OR
# cp /usr/lib/openssh/sftp-server .
# cd /users/usr/libexec/
# cp /usr/libexec/rssh_chroot_helper
OR
# cp /usr/lib/rssh/rssh_chroot_helper
# cd /users/bin/
# cp /bin/sh .
OR
# cp /bin/bash .

Copy all shared library files

The library files that any of these binary files need can be found by using the ldd / strace command. For example, running ldd against /usr/bin/sftp provides the following output:
ldd /usr/bin/sftp
Output:

linux-gate.so.1 =>  (0x00456000)

libresolv.so.2 => /lib/libresolv.so.2 (0x0050e000)

libcrypto.so.6 => /lib/libcrypto.so.6 (0x0013e000)

libutil.so.1 => /lib/libutil.so.1 (0x008ba000)

libz.so.1 => /usr/lib/libz.so.1 (0x00110000)

libnsl.so.1 => /lib/libnsl.so.1 (0x0080e000)

libcrypt.so.1 => /lib/libcrypt.so.1 (0x00a8c000)

libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00656000)

libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x00271000)

libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00304000)

libcom_err.so.2 => /lib/libcom_err.so.2 (0x00777000)

libdl.so.2 => /lib/libdl.so.2 (0x00123000)

libnss3.so => /usr/lib/libnss3.so (0x00569000)

libc.so.6 => /lib/libc.so.6 (0x00b6c000)

libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x00127000)

libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00130000)

/lib/ld-linux.so.2 (0x00525000)

libplc4.so => /usr/lib/libplc4.so (0x008c9000)

libplds4.so => /usr/lib/libplds4.so (0x00133000)

libnspr4.so => /usr/lib/libnspr4.so (0x00d04000)

libpthread.so.0 => /lib/libpthread.so.0 (0x0032a000)

libselinux.so.1 => /lib/libselinux.so.1 (0x00341000)

libsepol.so.1 => /lib/libsepol.so.1 (0x00964000)

You need to copy all those libraries to /lib and other appropriate location. However, I recommend using this automated script called l2chroot:
# cd /sbin
# wget -O l2chroot http://www.cyberciti.biz/files/lighttpd/l2chroot.txt
# chmod +x l2chroot
Open l2chroot and set BASE variable to point to chroot directory (jail) location:
BASE=”/users”
Now copy all shared library files
# l2chroot /usr/bin/scp
# l2chroot /usr/bin/rssh
# l2chroot /usr/bin/sftp
# l2chroot /usr/libexec/openssh/sftp-server
OR
# l2chroot /usr/lib/openssh/sftp-server
# l2chroot /usr/libexec/rssh_chroot_helper
OR
# l2chroot /usr/lib/rssh/rssh_chroot_helper
# l2chroot /bin/sh
OR
# l2chroot /bin/bash

Modify syslogd configuration

The syslog library function works by writing messages into a FIFO file such as /dev/log. You need to pass -a /path/to/chroot/dev/log option. Using this argument you can specify additional sockets from that syslogd has to listen to. This is needed if you’re going to let some daemon run within a chroot() environment. You can use up to 19 additional sockets. If your environment needs even more, you have to increase the symbol MAXFUNIX within the syslogd.c source file. Open /etc/sysconfig/syslog file:
# vi /etc/sysconfig/syslog
Find line that read as follows:
SYSLOGD_OPTIONS=”-m 0″
Append -a /users/dev/log
SYSLOGD_OPTIONS=”-m 0 -a /users/dev/log”
Save and close the file. Restart syslog:
# /etc/init.d/syslog restart
If you are using Debian / Ubuntu Linux apply changes to /etc/default/syslogd file.

Set chroot path

Open configuration file /etc/rssh.conf:
# vi /etc/rssh.conf
Set chrootpath to /users
chrootpath=/users
Save and close the file. If sshd is not running start it:
# /etc/init.d/sshd start

Add user to jail

For example, add user pensacola in chrooted jail with the following command:
# useradd -m -d /users/pensacola -s /usr/bin/rssh pensacola
# passwd pensacola
Now pensacola can login using sftp or copy files using scp:

sftp pensacola@my-server.com

pensacola@my-server.com’s password:

sftp> ls

sftp> pwd

Remote working directory: /pensacola

sftp> cd /tmp

Couldn’t canonicalise: No such file or directory

User pensacola is allowed to login to server to transfer files, but not allowed to browse entire file system.

References: http://www.cyberciti.biz/tips/rhel-centos-linux-install-configure-rssh-shell.html#comments

css.php