I too always forget the parameters for this and have to look them up in the man page, so:

tcpdump -nnXSs 0 ‘port 80′

• “-nn” makes it not lookup hostnames in DNS and service names (in /etc/services) for respectively faster and cleaner output.
• “-X” makes it print each packet in hex and ascii; that’s really the useful bit for tracking headers and such
• “-S” print absolute rather than relative TCP sequence numbers – If I remember right this is so you can compare tcpdump outputs from multiple users doing this at once
• “-s 0″ by default tcpdump will only capture the beginning of each packet, using 0 here will make it capture the full packets. We are debugging, right?

Instead of “port 80″ you can make more complicated rules like “port 80 and host 10.50.33.10″.

Share on Facebook

Tweet

The default mySQL configuration for InnoDB database tables creates a massive storage file called ‘ibdata1′. Basically, the ibdata1 file contains the table data of your InnoDB tables. In large production environments, this file can grow to be extremely large. On some of the servers I administer, I’ve seen this file exceed sizes of 30GB. Fixing the file size obviously has the effect of limiting the total amount of data which can be stored in InnoDB tables, so that’s not a viable option.

The ibdata1 file is by default ‘auto-growing’, so it will inflate as more data is put into InnoDB tables. After records are deleted from InnoDB tables, the file will contain pages marked as “free” which could be used for future data, but the file itself is unshrinkable.

The inability to shrink this file is a particularly annoying feature of MySQL. The ibdata1 file can’t actually be shrunk unless you delete all databases, remove the files and reload a dump. I’ve come up with a solution to do this with minimal downtime for the mySQL service (the length of time it takes for a normal service restart).

To do this, it’s necessary that you have enough disk space available to double your mySQL storage footprint. We’re in essence going to be spawning up a new service in a temporary ‘staging’ area, and then importing the data back in using the file-per-table option.

CAUTION: Be sure you have backups of your data before performing these operations. It is possible that something could go horribly wrong and ruin your day/week/month/year.

Steps to shrink ibdata1 file

IMPORTANT: Before shrinking the ibdata file, be sure my.cnf is configured to use separate files per innoDB table:

sed ‘/innodb_file_per_table/d’ -i /etc/my.cnf
echo ‘innodb_file_per_table’ >> /etc/my.cnf

1. Get list of all InnoDB databases

mysql> SELECT `TABLE_SCHEMA`,`TABLE_NAME` FROM information_schema.tables WHERE ENGINE = ‘InnoDB’

2. Dump all of the databases to /root/all-databases.sql

/usr/bin/mysqldump –extended-insert –all-databases –add-drop-database –disable-keys –flush-privileges –quick –routines –triggers > /root/all-databases.sql

3. Prepare a secondary venue for which we can perform our magic

mkdir /var/lib/mysql2 # create a new staging area
rsync -avz /var/lib/mysql/mysql /var/lib/mysql2 # copy the mysql database w/grants
chown -R mysql.mysql /var/lib/mysql2 # set permissions correctly

4. Spin up the new mysqld instance, allowing it to create a fresh ibdata1 environment

Notes: to avoid conflicts we’re using temporary pid/socket/error files here, and skipping networking binding of 3306

/usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql2 –plugin-dir=/usr/lib64/mysql/plugin –user=mysql –log-error=/var/lib/mysql2/error.log –pid-file=/var/lib/mysql2/temp.pid –skip-networking –socket=/var/lib/mysql2/dirty.sock

5. Check out our new environment, ensure there’s no databases other than information_schema and mysql

# ls -lah /var/lib/mysql2

total 29M
drwxr-xr-x 3 mysql mysql 4.0K Aug 2 08:46 ./
drwxr-xr-x 28 root root 4.0K Aug 2 08:39 ../
srwxrwxrwx 1 mysql mysql 0 Aug 2 08:46 dirty.sock=
-rw-rw—- 1 mysql mysql 7.2K Aug 2 08:46 error.log
-rw-rw—- 1 mysql mysql 18M Aug 2 08:41 ibdata1
-rw-rw—- 1 mysql mysql 5.0M Aug 2 08:46 ib_logfile0
-rw-rw—- 1 mysql mysql 5.0M Aug 2 08:41 ib_logfile1
drwx–x–x 2 mysql mysql 4.0K Jun 27 07:27 mysql/
-rw-rw—- 1 mysql mysql 5 Aug 2 08:46 temp.pid

# mysql -S /var/lib/mysql2/dirty.sock

mysql> show databases;
+——————–+
| Database |
+——————–+
| information_schema |
| mysql |
+——————–+
2 rows in set (0.00 sec)

6. In order for a successful import, we need to be able to drop the log tables. To do this we need to temporarily disable them:

mysql> SET @old_log_state = @@global.general_log;
mysql> SET GLOBAL general_log = ‘OFF’;
mysql> ALTER TABLE mysql.general_log ENGINE = MyISAM;
mysql> SET @old_log_state = @@global.slow_query_log;
mysql> SET GLOBAL slow_query_log = ‘OFF’;
mysql> SET GLOBAL log_slow_queries = ‘OFF’;
mysql> ALTER TABLE mysql.slow_query_log ENGINE = MyISAM;

7. While still in the console for the secondary server, disable foreign key settings and import, then enable foreign key checks again

# mysql -S /var/lib/mysql2/dirty.sock
mysql> SET FOREIGN_KEY_CHECKS=0;
mysql> SOURCE /root/all-databases.sql;
mysql> SET FOREIGN_KEY_CHECKS=1;

8. Finally, shut down both servers and move the new mysql directory into place. Upon restart, your conversion and shrinkage should be successful.

# service mysql stop
# killall mysqld
# mv /var/lib/mysql /var/lib/mysql.old
# mv /var/lib/mysql2 /var/lib/mysql
# service mysql start

Note: logging will automatically be turned back on provided you have the appropriate settings defined in your my.cnf

Share on Facebook

Tweet

GNOME 3′s “screensaver” leaves much to be desired, and if you’re an old school X user like myself, you probably just want the good ole’ screensaver back. Here’s how to install it using the following commands (this will also remove gnome-screensaver):

sudo apt-get remove gnome-screensaver
sudo apt-get install xscreensaver xscreensaver-gl-extra xscreensaver-data-extra

Then search for “Screensaver” in the menu and tweak its settings to your needs.

To add Xscreensaver to startup, open Startup Applications and add “xscreensaver -nosplash”.

Let’s also make the lock screen work (CTRL + ALT + L):

sudo ln -s /usr/bin/xscreensaver-command /usr/bin/gnome-screensaver-command

However, that still leaves the menu. Since that is looking for a dbus entry, we will have to create our own…(That part i kinda had to figure out on my own)

Create a script called screenLock.py with the following code in it

#!/usr/bin/python

import dbus
import dbus.service
import dbus.glib
import gobject
import os

class ScreenDbusObj(dbus.service.Object):
def __init__(self):
session_bus = dbus.SessionBus()
bus_name=dbus.service.BusName("org.gnome.ScreenSaver",bus=session_bus)
dbus.service.Object.__init__(self,bus_name, '/org/gnome/ScreenSaver')

@dbus.service.method("org.gnome.ScreenSaver")
def Lock(self):
os.system( "xscreensaver-command -lock" )

if __name__ == '__main__':
object=ScreenDbusObj()
gobject.MainLoop().run()

You can place the file anywhere, but for the sake of direction, here’s a good spot:

Create the directory:
mkdir -p ~/.local/share/gnome-shell/customExtensions/

Then open the new file in your favorite editor, eg:
vim ~/.local/share/gnome-shell/customExtensions/screenLock.py

Set the permissions to executable:
chmod +x ~/.local/share/gnome-shell/customExtensions/screenLock.py

Done.

Share on Facebook

Tweet

If you find yourself wanting or considering checking binary files into your source control system (Git, SVN), you’re doing it wrong.

Source control is optimized for tracking changes to source files. When you have multiple revisions of a source file, the system has stored the original file and the changes between revisions. This is good.

When you check in a binary, you’re just keeping a separate copy of the binary for each revision. There’s not going to be any valid purpose or use case for seeing a bunch of binary garbage in source control. I’ve seen others do this, and I’ve even heard suggestions from colleagues within my own organization to do this. DON’T. It’s called source control for a reason, not binary control.

If you want a file system or a repository for your binaries, provision one. Using your source control system in this manner makes for a very expensive file system. You also don’t want to increase overhead and storage while decreasing performance of your source control system.

Share on Facebook

Tweet

Unhackable Security is a Linux security consulting firm specializing in a wide array of technologies and proven practices which make your server virtually unhackable.

Ksplice is an extension of the Linux kernel which allows system administrators to apply security patches to a running kernel without having to reboot the operating system. Ksplice takes as input a unified diff and the original kernel source code, and it updates the running kernel in memory.

Last year Oracle went on an acquisition spree, and jumped on the opportunity to buy out KSplice’s technology. That’s great for their distribution, but not for the rest of the Linux community who already have a Linux version preference and have built dependencies around it.

Unhackable Security is authorized to purchase an unlimited amount of KSplice licenses under a legacy agreement established prior to the acquisition. This allows us the unique ability to be able to offer clients KSplice protection for ALL of your servers that run virtually any of the originally supported Linux versions.

For more information, visit Unhackable Security‘s website.

Share on Facebook

Tweet

Python is a programming language that lets you work more quickly and integrate your systems more effectively.

I’ve been programming primarily in Python lately, and had the need to open a socket to a MySQL database to pull data. By default, older versions of Python does not currently have a mySQL library that can easily interact with MySQL databases. Rather than upgrading Python and possibly breaking your existing scripts, this article will teach you how to open a MySQL socket using MySQLdb from the DB-API.

DB-API’s design is similar to that used by Perl and Ruby DBI modules, the PHP PEAR DB class, and the Java JDBC interface: It uses a two-level architecture in which the top level provides an abstract interface that is similar for all supported database engines, and a lower level consisting of drivers for specific engines that handle engine-dependent details. This means, of course, that to use DB-API for writing Python scripts, you must have a driver for your particular database system. For MySQL, DB-API provides database access by means of the MySQLdb driver.

Install setuptools

First, we’ll need to install Python “setuptools” which allows us to easy install Python libraries. (official site: http://pypi.python.org/pypi/setuptools)

Install it with a package manager, or download the source from the official site.

RHEL/CentOS:

yum install python-setuptools

Debian/Ubuntu:

apt-get install python-setuptools

Install MySQLdb from DB-API

Download the latest version of MySQL-python from sourceforge.

Note: you must have mysql header libraries installed on the server you wish to install the library (these can be found in the ‘mysql-devel’ packages on most distributions)

Now unpack it on your server:

$ tar xfz MySQL-python-1.2.1.tar.gz
$ cd MySQL-python-1.2.1

You can edit site.cfg if necessary for your environment, but it is not required.

$ python setup.py build
$ sudo python setup.py install (or su first)

Import the library in your code

Now, all you need to do is “import MySQLdb” and open a connection:

This very simply Python script written by Paul DuBois (paul@kitebird.com) can be used as an example to open a MySQL connection and print the server’s version:

conn = MySQLdb.connect (host = “localhost”,
user = “testuser”,
passwd = “testpass”,
db = “test”)
cursor = conn.cursor ()
cursor.execute (“SELECT VERSION()”)
row = cursor.fetchone ()
print “server version:”, row[0]
cursor.close ()
conn.close ()

If you wanted to add in error handling for failures, you could wrap the connection
in a try: statement and then do something like this:

except MySQLdb.Error, e:
print “Error %d: %s” % (e.args[0], e.args[1])
sys.exit (1)

Query execution examples

Executing queries is very simple in MySQL Python. All you need to do is take your cursor object and call the ‘execute’ function. The execute function requires one parameter, the query. If the query contains any substitutions then a second parameter, a tuple, containing the values to substitute must be given.

Example 1: Create Table

cur.execute(“CREATE TABLE song ( id INT UNSIGNED PRIMARY KEY AUTO_INCREMENT, title TEXT NOT NULL )”)
In this example you can see how a basic query without any parameters is executed.

Example 2: Execute Insert / Single Substitution Query

songs = (‘Purple Haze’, ‘All Along the Watch Tower’, ‘Foxy Lady’)
for song in songs:
cur.execute(“INSERT INTO song (title) VALUES (%s)”, song)
print “Auto Increment ID: %s” % cur.lastrowid

In this example, you can see how a query is executed with parameters and you can see how to get the id generated from an auto increment column.

Example 3: Multiple Substitution Query

cur.execute(“SELECT * FROM song WHERE id = %s or id = %s”, (1,2))

It is important to note that when there are multiple parameters to substitue, you must use a tuple to enclose all of the parameters that need to be passed. The parameters are then substituted from left to right with tupe[0] being the left most substitution and tuple[n] being the right most substitution.

Example 4: Execute Select

numrows = cur.execute(“SELECT * FROM song”)
print “Selected %s rows” % numrows
print “Selected %s rows” % cur.rowcount

From this you can see that executing select queries is very easy. There are two ways you can get the number of rows the query returned. The MySQLdb specific way is to save the return value from the execute statement. This is NOT the preferred way. You should use the second method which is the Python DB-API 2.0 way because it will make it easier if you ever have to change databases. Both method’s are illustrated in this example.

This is too complicated for me

Well, maybe you shouldn’t be coding in Python then. If you want the easy way out, install the latest version of Python which comes with MySQL support out of the box.

Share on Facebook

Tweet