All posts by hanafi

Brief of State of Network Security

  1. What is network security?

Is a process of taking measures to protect an organisation’s network infrastructure from unauthorized access by creating a secure platform for server including mitigating risk to the critical devices.

2. How risk, threat and vulnerability related each other?

Risk an be expressed as; Risk = Threat x Vulnerability. Threat is a potential harm that can exploit vulnerability and / or intrude into the computer system. While vulnerability is a weaknesses that may allow threat to  run in  the system.

3. List  the key characteristics of attacks?

Attacks are growing dramatically: Activities involving cyber attacks increased exponentially as well as instances of malware.

Threats are more sophisticated: Threats crime been sophisticated and normally it is unexpected because it has been deployed in one step ahead or take it for granted on the loophole.

Known outnumbered by unknowns : Focus on what is known and always be ready for known and unknown attacks

Current approach is ineffective: Current approach is insufficient to address the level and type of attacks that are presently occurring due to the ever-changing nature of attacks.

Current approach in handling security?

Define the goals of integrity principle in network security?

Confidentiality: Prevent the unauthorized disclosure of sensitive information.

Integrity: Prevent information fabrication by unauthorized user, Prevent unauthorized fabrication of information by authorized user and Preserve of the internal and external consistency.

Availability: Provide authorized user timely and uninterrupted access to the information in the network system.

  1. What are the main reasons for unreported security breaches?

-To secure the company’s reputation

– Company do not know when a breach been committed.

2.  Briefly describe two main types of attacks?

-Passive attacks; Sniffing and information gathering.

– Active attacks; Denial of service, Breaking into a site.

3.  What are the aspects of approaching good cyber security in dealing with attacks?

Aspects of approaching good cyber security are:-

– Management buy-in

– Policy development with regular updates and revisions,

– Policy reviews

– Knowledgeable network staff

– Training

–  Tested process

– Third party assessment

Setup a SVM mirror in Solaris 10

Part Tag Flag Cylinders Size Blocks
0 root wm 70 – 1143 8.23GB (1074/0/0) 17253810
1 swap wu 3 – 69 525.56MB (67/0/0) 1076355
2 backup wm 0 – 1170 8.97GB (1171/0/0) 18812115
3 unassigned wu 0 0 (0/0/0) 0
4 unassigned wu 0 0 (0/0/0) 0
5 unassigned wu 0 0 (0/0/0) 0
6 unassigned wu 0 0 (0/0/0) 0
7 home wm 1144 – 1170 211.79MB (27/0/0) 433755
8 boot wu 0 – 0 7.84MB (1/0/0) 16065
9 alternates wu 1 – 2 15.69MB (2/0/0) 32130

Partition 0 is /
Partition 1 is swap
Partition 8 is /boot
Partition 9 is where metadevice state database

metadb -a -f -c3 /dev/dsk/c0d0s9

# metainit -f d12 1 1 c0d0s0

# metainit -f d12 1 1 c0d0s1

# metainit -f d12 1 1 c0d0s8

# metastat -p

# metainit d10 -m d12

# metaroot d10

# metainit d20 -m d22

# metainit d30 -m d32

# shutdown -y -g0 -i6

Then create the metadevices for the other side of the mirror and attach them

metainit -f d11 1 1 c0d1s0
metainit -f d21 1 1 c0d1s1
metainit -f d31 1 1 c0d1s8

metattach d10 d11
metattach d20 d21
metattach d30 d31

metadb -a -f -c3 /dev/dsk/c0d1s9

Solaris Volume Manager (SVM) x86 How to Replace a Failed, SCSI Disk, Mirrored with SVM

Verify failed disk (in this example, c1t0d0 is the failed disk)

# metastat -c

#format

#tail /var/adm/messages

# metastat -c (We can see that the disk is no longer an active member of the mirror.)

 

Remove failed disk from existing mirror group

# metadetach <mirror> <submirror>

# iostat -iEn c1t0d0

#cfgadm -al

# cfgadm -c unconfigure c1::dsk/c1t0d0

Maybe there is a need to delete the metadb with ‘metadb -d c1t0d0s7’ before ‘cfgadm -c unconfigure …’ can complete.

This command will remove the block and character (raw) device nodes the symbolic links in /dev/[r]dsk point to.

Physically replace the disk. Configure the new disk back into Solaris.

# cfgadm -c configure c1::dsk/c1t0d0

# ls -lL /dev/dsk/c1t0d0s* <— check the device nodes
# ls -lL /dev/rdsk/c1t0d0s*

# format

# iostat -iEn c1t0d0

if boot disk, run below:
# fdisk -b /usr/lib/fs/ufs/mboot /dev/rdsk/c1t0d0p0

if not, run below:
# fdisk /dev/rdsk/c1t0d0p0
# prtvtoc /dev/rdsk/c1t1d0s2 | fmthard -s – /dev/rdsk/c1t0d0s2
# /sbin/installgrub /boot/grub/stage1 /boot/grub/stage2 /dev/rdsk/c1t0d0s0
# metadb
# metadb -d /dev/dsk/c1t0d0s7 <—-remove old metadb replicas
# metadb -a -c3 /dev/dsk/c1t0d0s7 <—re-add new metadb replicas
# metadb
# metadevadm -u c1t0d0

#metainit -f d11 1 1 c1t0d0s0
#metainit -f d21 1 1 c1t0d0s1
#metainit -f d31 1 1 c1t0d0s3

#metattach d10 d11
#metattach d20 d21
#metattach d30 d31

#metastat -c     (below is the sample output)

d20        m 525MB d22 d21 (resync-19%)
d22 s 525MB c0d0s1
d21 s 525MB c0d1s1
d30        m 211MB d32 d31 (resync-33%)
d32 s 211MB c0d0s7
d31 s 211MB c0d1s7
d10       m 8.2GB d12 d11 (resync-0%)
d12 s 8.2GB c0d0s0
d11 s 8.2GB c0d1s0

Brief of WLAN

1.0)     What Is the Meaning of WLAN?

Wireless Local Area Networks or WLAN have been rapidly growing and getting a lot of interest from numerous people whether it was noticed or not. Basically, WLAN has been initiated by a cellular spectrum technology that being evolve to become friendly network connections. It helps us to minimize the physical wiring in designing the networks and indirectly reduce the cost of development. In spite of that, there were always been a pros and contras in terms of various criteria such as performance, data rates, and so forth need to be elaborate so we will get this things clearer. Therefore, the brief of architecture and along with its challenges faced by utilizing WLAN will be discussed in the next paragraph.

1.1)      When It Was Started?

Officially, IEEE has created a standard approach for wireless technology for the usage of enterprise, home and public on 1997. However, there was some claim said that the research and study of this wireless LAN has been started earlier.

Kevin J. Negus and Al Petrick in “History of Wireless Local Area Networks (WLANs) in the Unlicensed Bands”, George Mason University Law School Conference, Information Economy Project, Arlington, in 2008 have mentioned in that article the first product of WLAN was the Telesystems “ARLAN-SST” (circa 1988) in 1988. [8]

1.2)      How the Term Wi-Fi Get In Place?

There was no solid evidence the term “wifi” is owned by any organization. The only close to truth owner of the term “wifi” was from the WECA that chosen “WI-FI” on 802.11b Direct Sequence in 1999 and patented it as “WI-FI” [1] that including the computer hardware, namely, wireless local area networking products in class A However, Cory Doctorow [2] in his blog boingboing.net has stated that Phil Belanger, a founding member of the Wi-Fi Alliance who presided over the selection of the name “Wi-Fi” writes:

“Wi-Fi doesn’t stand for anything. It is not an acronym. There is no meaning.

Wi-Fi and the ying yang style logo were invented by Interbrand. We (the founding members of the Wireless Ethernet Compatibility Alliance, now called the Wi-Fi Alliance) hired Interbrand to come up with the name and logo that we could use for our interoperability seal and marketing efforts. We needed something that was a little catchier than “IEEE 802.11b Direct Sequence”.

Extending Zpool to Increase Size of Partition in Solaris 10

Hi, the needs for the storage has been rapidly growing from time to time especially when you are in the enterprise environment. From my experience, there are always be a request for increasing the size of a partition but i have not recall gotten the request for reducing the size.  Let say i want to increase the size of my non-global zone partition.What most important thing that we have to remember is whether the non-global zone was attached to its dedicated pool or sharing with the pool with its global pool. Is it any available space that i can extend the space without adding new lun? or there is no any available space that i can extend the space unless adding new lun to the pool.I want to share here how to increase the size of partition of zones by adding new disk to the existing pool.

  1. Is it any available space that i can extend the space without adding new lun?

Growing a ZFS pool

http://blog.ociru.net/2013/09/25/let-your-zfs-extend

http://www.c0t0d0s0.org/archives/6224-You-dont-need-zfs-resize-…-and-a-workaround-when-you-need-one-;.html

ERROR 1045 (28000): Access denied for user ‘root’@’localhost’ (using password: YES)

/etc/init.d/mysql stop

mysqld_safe --skip-grant-tables &

mysql -u root

use mysql;
update user set password=PASSWORD("NEW_PASSWORD") where User='root';
flush privileges;
quit;

/etc/init.d/mysql stop
/etc/init.d/mysql start

mysql -u root -p
 
Reference:-
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) (2014). Available at: http://stackoverflow.com/questions/21944936/error-1045-28000-access-denied-for-user-rootlocalhost-using-password-y

 

New Oracle ASM Disks Mapping in RHEL

cd /root/asm/

###start of infomation collection script named collect_info.sh
#!/bin/ksh

currentdatetime=$(date +”%T”.”%Y%m%d”)

echo “”
echo “############################################”
echo “# #”
echo “# LINUX – ASM Disk – Backup Informations #”
echo “# #”
echo “############################################”
echo “”

echo ” ##### Collecting informations ##### ”
ls -l /dev/disk/by-id/ > diskbyidbef.$currentdatetime
ls -l /dev/disk/by-id/ | grep -i scsi- > diskbywwnidbef.$currentdatetime
multipath -ll > mpathidbef.$currentdatetime

echo ” ##### Backup configurations file ##### ”
cp -p /etc/udev/rules.d/99-oracle-asmdevices.rules /etc/udev/rules.d/99-oracle-asmdevices.rules.$currentdatetime
echo “Backup 99-oracle-asmdevices.rules to /etc/udev/rules.d/99-oracle-asmdevices.rules.$currentdatetime …”
cp -p /etc/multipath.conf /etc/multipath.conf.$currentdatetime
echo “Backup multipath.conf to /etc/multipath.conf.$currentdatetime …”
echo ” ##### Verify file existence ##### ”
ls -l /etc/udev/rules.d/99-oracle-asmdevices.rules.$currentdatetime
ls -l /etc/multipath.conf /etc/multipath.conf.$currentdatetime
########end of script for collect_info.sh

########start of device scanning script named device_scan.sh
#!/bin/ksh

currentdatetime=$(date +”%T”.”%Y%m%d”)

echo “”
echo “############################################”
echo “# #”
echo “# LINUX – ASM Disk – Device Scanning #”
echo “# #”
echo “############################################”
echo “”

echo ” ##### Collecting informations ##### ”
for i in `cat fc `; do echo “- – -” > /sys/class/scsi_host/$i/scan; echo $i; done

echo ” ##### Gather informations after scanning ##### ”
ls -l /dev/disk/by-id/ > /root/asm/diskbyidaft.$currentdatetime
echo “Save current informations to /root/asm/diskbyidaft.$currentdatetime…”
ls -l /dev/disk/by-id/ | grep -i scsi- > /root/asm/diskbywwnidaft.$currentdatetime
echo “Save current informations to /root/asm/diskbywwnidaft.$currentdatetime…”
multipath -ll > /root/asm/mpathidaft.$currentdatetime
echo “Save multipath informations after scanning to /root/asm/mpathidaft.$currentdatetime…”
#######end of device scanning script named device_scan.sh

#shows newly added disks wwn no
diff diskbywwnidbef.$currentdatetime diskbywwnidaft.$currentdatetime

vi /etc/udev/rules.d/99-oracle-asmdevices.rules
KERNEL==”dm-*”, PROGRAM=”scsi_id –page=0x83 –whitelisted –device=/dev/%k”, RESULT==”new wwn”, SYMLINK+=”oracleasm/disks/new_asm_disk_data”, OWNER:=”oracle”, GROUP:=”dba”, MODE=”0660″

#reload udev rules
udevadm control –reload-rules
udevadm trigger

List the Mapped disks
# ls -l /dev/oracleasm/disks

Easy Way to Connect MySql using JDBC

Hi, i will show you how to connect mysql using jdbc in easy way. For those who does not know what jdbc means, it is actually stand for Java Data Base Connector. There are several things you need to prepare before connecting the mysql server. In this tutorial, i was using WAMP server which is pre-installed with mysql just to demonstrate the connection to the mysql from java programming.

Okay, the requirements for this tutorials are:-

1)  Java IDE (eclipse MARS). You can download here (new version eclipse Neon )

2) WAMP server (assume the package installed is v3.0.6).  You can download here.

3) MySQL connector (i am using 5.1.40 connector). You can download here.

4) Set of Java program (will be shown below).

===================================================

1.1) Install eclipse and open it, create new package and new class name.

===================================================

2.1) After the WAMP server is successfully installed and run, you can see the green “W”  icon on the taskbar(on the most left position):-

We can open the phpmyadmin page by left click on the icon:-

The default username for phpmyadmin is ‘root’ and left blank for password:-

After login, we can see the dashboard panel for our database:-

As highlighted in above image, we can straight away create the database by clicking new and put a name for the database for example here my database name is ‘test1’.

Please be remind to always keep refresh for any changes made.

===================================================

3.1) To loading mysql connector into eclipse IDE, we have to configure the build path of the package, and load external connector jar as shown here:-

a) First right click on the package and choose Build Path > Configure Build Path.

b) After that, Add External JARs:-

c) Choose all the JARs files in the mysql connector folder and ok.:-

===================================================

4.1) Assuming all the requirements has been installed and running properly, you have to write the code which require the connection class to be used and driver manager method.

Below is the example to establish the connection to the mysql:-

public static Connection getConnection() {
String driver = “com.mysql.jdbc.Driver”;
String url = “jdbc:mysql://localhost:3306/test1”;
String username = “root”; //leave blank if none
String password = “”; //leave blank if none

try {
Class.forName(driver);
} catch (ClassNotFoundException e) {
e.printStackTrace();
}
try {
return DriverManager.getConnection(url, username, password);
} catch (SQLException e) {
e.printStackTrace();
}
return null;
}

Below is the sample code for creating table:-

public static Connection writeTable() throws SQLException{
Connection conn2 = getConnection();

String createString=
“CREATE TABLE table8″+
“(ID integer NOT NULL,”+
“LASTNAME varchar(32) NOT NULL,”+
“FIRSTNAME varchar (32) NOT NULL,”+
“Telephone varchar (16) NOT NULL,”+
“PRIMARY KEY (ID))”;
System.out.println(“the db suppose to be written”);

Statement stmt=null;
try{
stmt=conn2.createStatement();
stmt.executeUpdate(createString);
System.out.println(“the db suppose to be written now”);
}
catch(SQLException e){
e.getErrorCode();
System.out.println(“the db have an error:”+e.getSQLState());
}
finally {
if (stmt!=null){stmt.close();}}
return conn2;
}

After you compile and run the code, below result will be appeared:-

After create table, you have to refresh your table by clicking refresh button as below example:-

 

You can check the table created in phpmyadmin page:-

 

And  below code is for inserting data into the table:-

public static Connection populateTable() throws SQLException{
Connection conn2 = getConnection();
Statement stmt=null;
String query = “INSERT INTO `table7`”+”values(125,’Mark’,’Walbergue’,0123456789)”;
try{
stmt=conn2.createStatement();
stmt.executeUpdate(query);}
catch(SQLException e){e.printStackTrace();}
finally{if(stmt!=null){stmt.close();}}
return conn2;

}

 

Keep refresh the table, the data inserted can be viewed as below:-

And below here is the example for viewing the table that we just created:-

private static void viewTable() throws SQLException{
// TODO Auto-generated method stub
Connection conn2 = getConnection();
Statement stmt=null;
String query =
” Select * FROM table8″;
try{
stmt=conn2.createStatement();
ResultSet rs=stmt.executeQuery(query);
while(rs.next()){
int ID=rs.getInt(“ID”);
String lastName=rs.getString(“LASTNAME”);
String firstName=rs.getString(“FIRSTNAME”);
int phone=rs.getInt(“Telephone”);
System.out.println(ID+”\t”+lastName+”\t”+firstName+”\t”+phone+”\t”);
}}
catch(SQLException e){e.printStackTrace();}
finally{if (stmt!=null){stmt.close();}}
}

The result will be shown in the console as below example:-

Main method for this class is shown as below:-

public static void main(String args[]) throws SQLException {

try {

writeTable();
viewTable();
populateTable();
} catch(Exception e) {
System.out.println(e.getMessage());
}

Thats all the examples for establishing connection to the mysql, creating and viewing table and inserting data to table. Hope it can give you an idea how it is works and thanks for viewing this tutorial.

See you again..!

[ERROR] Plugin ‘InnoDB’ init function returned error.

I was getting below mysql error log:-

[Note] Plugin 'FEDERATED' is disabled.
InnoDB: The InnoDB memory heap is disabled
InnoDB: Mutexes and rw_locks use GCC atomic builtins
InnoDB: Compressed tables use zlib 1.2.3
InnoDB: Using Linux native AIO
InnoDB: Initializing buffer pool, size = 128.0M
InnoDB: mmap(137363456 bytes) failed; errno 12
InnoDB: Completed initialization of buffer pool
InnoDB: Fatal error: cannot allocate memory for the buffer pool
[ERROR] Plugin 'InnoDB' init function returned error.
[ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
[ERROR] Unknown/unsupported storage engine: InnoDB
[ERROR] Aborting
[Note] /usr/libexec/mysqld: Shutdown complete

I found out there are two solutions which are:-

1)Set innodb_log_file_size equal to the actual size of the existing InnoDB log files. To see what size of innoDB log allocated, login mysql and enter following cmd:-

SHOW GLOBAL VARIABLES LIKE 'innodb_log_file_size';

Expected result example:- 5242880

After that, insert that value in my.cnf:- vi /etc/my.cnf

 innodb_log_file_size =5242880

2)Rename or move both the ./ib_logfile0 and ./ib_logfile1 files, and then start the MySQL server.This normally will be located at /var/lib/mysql. After start mysql, it create new innoDB log file and restore possible half-written data from the file of .ibd.

The expexted mysql log example:-

InnoDB: Database physically writes the file full: wait...
161216  9:58:54  InnoDB: Log file ./ib_logfile1 did not exist: new to be created
InnoDB: Setting log file ./ib_logfile1 size to 5 MB
InnoDB: Database physically writes the file full: wait...
161216  9:58:54 InnoDB: highest supported file format is Barracuda.
InnoDB: The log sequence number in ibdata files does not match
InnoDB: the log sequence number in the ib_logfiles!
161216  9:58:54  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files...
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer...
161216  9:58:54  InnoDB: Waiting for the background threads to start
161216  9:58:55 InnoDB: 5.5.50 started; log sequence number 1589772
161216  9:58:55 [Note] Server hostname (bind-address): '0.0.0.0'; port: 3306
161216  9:58:55 [Note]   - '0.0.0.0' resolves to '0.0.0.0';
161216  9:58:55 [Note] Server socket created on IP: '0.0.0.0'.
161216  9:58:55 [Note] Event Scheduler: Loaded 0 events
161216  9:58:55 [Note] /usr/libexec/mysqld: ready for connections.
Version: '5.5.50'  socket: '/var/lib/mysql/mysql.sock'  port: 3306  MySQL Community Server (GPL) by Remi

References:- JUSTIN KULESZA (2011). MySQL: Failed Registration of InnoDB as a Storage Engine. Available at: https://spin.atomicobject.com/2011/05/09/mysql-failed-registration-of-innodb-as-a-storage-engine/.

RolandoMySQLDBA (2014). MySQL my.cnf: innodb_log_file_size is missing. Available at: http://dba.stackexchange.com/questions/75688/mysql-my-cnf-innodb-log-file-size-is-missing/158325#158325

Changing the Number or Size of InnoDB Redo Log Files. Available at: http://dev.mysql.com/doc/refman/5.7/en/innodb-data-log-reconfiguration.html