diumenge, 1 desembre de 2013

FTP Sync with Linux

donat que en un hosting no tinc acces via ssh, i no puc utilitzar rsync per realitzar backups contra ell, utilitzaré la mateixa  estrategia pero ara fent-ho via ftp amb lftp

la meva font d'informació és :

http://www.dangibbs.co.uk/journal/ftp-sync-usin-linux

pero finalment canvio la ordre amb la opció -r per tal de poder pujar del meu servidor al remot, i tot el document està pensat en sentit contrari, del remot a aquest. (jo no puc utilitzar comandes en aquest hosting)

dintre del fitxer lftp-script posaré 
open ftp://username:password@website.com
mirror -R -v --only-newer /var/lib/mysql /eso2/mysql
 
d'aquesta manera envio de sabadell a mirrors hosting en nominalia. 

la web font indica que .....

If you can’t use SSH or have limited access to a server it can be difficult to synchronise or create backups of files such as websites. As asked by Tom here’s how to use the powerful and flexible LFTP to sync a remote FTP account to a local directory using Linux.
First of all you will need to install LFTP via your package manager or from their website at http://lftp.yar.ru/. In Ubuntu, for example, you would use:
1
sudo apt-get install lftp
Next create a small and easy script called lftp-script that LFTP can read:
1
2
open ftp://username:password@website.com
mirror -v --only-newer /home/local/path/ /website.com/public_html/
As lftp-script contains a username and password you will want to remove all group and public permissions on the file with something like;
1
chmod 600 lftp-script
Finally you can run LFTP and start the synchronisation straight away, its that easy and perfect for cron backups:
1
lftp -f /path/to/lftp-script
In the example above I used -v (verbose) and –only-newer so that files that haven’t changed don’t get downloaded and overwritten. There are a ton of arguments that will solve just about every FTP problem needed. Some interesting ones, for mirror, are below.
 mirror [OPTS] [source [target]]
 
       Mirror specified source directory to local target directory. If  target
       directory ends with a slash, the source base name is appended to target
       directory name. Source and/or target can be URLs pointing  to  directo‐
       ries.
 
            -c,    --continue                continue a mirror job if possible
            -e,    --delete                  delete   files   not  present  at
                                             remote site
                   --delete-first            delete old files before transfer‐
                                             ring new ones
                   --depth-first             descend    into    subdirectories
                                             before transferring files
            -s,    --allow-suid              set suid/sgid bits  according  to
                                             remote site
                   --allow-chown             try  to  set  owner  and group on
                                             files
                   --ascii                   use ascii mode transfers (implies
                                             --ignore-size)
                   --ignore-time             ignore time when deciding whether
                                             to download
                   --ignore-size             ignore size when deciding whether
                                             to download
                   --only-missing            download only missing files
                   --only-existing           download   only   files   already
                                             existing at target
            -n,    --only-newer              download  only  newer  files  (-c
                                             won't work)
                   --no-empty-dirs           don't  create  empty  directories
                                             (implies --depth-first)
            -r,    --no-recursion            don't go to subdirectories
                   --no-symlinks             don't create symbolic links
            -p,    --no-perms                don't set file permissions
                   --no-umask                don't apply umask to file modes
            -R,    --reverse                 reverse mirror (put files)
            -L,    --dereference             download symbolic links as files
            -N,    --newer-than=SPEC         download only  files  newer  than
                                             specified time
                   --on-change=CMD           execute  the  command if anything
                                             has been changed
                   --older-than=SPEC         download only  files  older  than
                                             specified time
                   --size-range=RANGE        download  only files with size in
                                             specified range
            -P,    --parallel[=N]            download N files in parallel
                   --use-pget[-n=N]          use pget to transfer every single
                                             file
                   --loop                    loop until no changes found
            -i RX, --include RX              include matching files
            -x RX, --exclude RX              exclude matching files
            -I GP, --include-glob GP         include matching files
            -X GP, --exclude-glob GP         exclude matching files
            -v,    --verbose[=level]         verbose operation
                   --log=FILE                write  lftp  commands  being exe‐
                                             cuted to FILE
                   --script=FILE             write lftp commands to FILE,  but
                                             don't execute them
                   --just-print, --dry-run   same as --script=-
                   --use-cache               use cached directory listings
                   --Remove-source-files     remove  files after transfer (use
                                             with caution)
            -a                               same  as  --allow-chown  --allow-
                                             suid --no-umask
… and for the rest man lftp or take a look at the LFTP online man.

el man es troba a la direcció http://lftp.yar.ru/lftp-man.html

dilluns, 25 novembre de 2013

habilitar quota en debian per la partició /home


Instal·lem

apt-get install quota quotatool

editem fstab

/dev/sda5 /home ext4 defaults,usrquota,grpquota 0 2

Crear 2 arxius a la partició /home per crear quotes d'usuari :

touch /home/aquota.user /home/quota.user
touch /home/aquota.group /home/quota.group
chmod 600 /home/aquota.user /home/aquota.group

tornem a montar la partició per no tenir que reiniciar

mount -o remount /home

Ejecutar:

quotacheck -avug

i dona error sembla ser que per tenir dintre de la partició una partició virtual activa

quotacheck: Cannot guess format from filename on /dev/disk/by-uuid/7c16a6bf-8383-4142-b0c0-65cc408389b3. Please specify format on commandline.
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

finalment a la web

http://www.debian-administration.org/articles/47

Posted by Anonymous (194.208.xx.xx) on Tue 3 Apr 2012 at 19:51

If you run into the following error message:

quotacheck: Cannot guess format from filename on /dev/example/disk. Please specify format on commandline.
quotacheck: Cannot find filesystem to check or filesystem not mounted with quota option.

It’s
 most likely that you have some kind of VPS which is running inside a 
virtual machine. To get this up and running run the following:

# quotacheck -F vfsv0 -afcvugm

If you want debugging information add a d to the last bunch of options:

# quotacheck -F vfsv0 -afcvdugm

solucinat, ara passa per tots els fitxers de la partició.

queda ara asignar la quota per usuari de 500 MBytes

he creat un usuari cuota per que sigui la referencia de quota dels alumnes

edquota cuota

Disk quotas for user cuota (uid 1001):
  Filesystem                   blocks       soft       hard     inodes     soft     hard
  /dev/sda5                         0     500000     550000          0        0        0


a l'script de donar alta alumnes finalment copia la quota d'aquest usuari a tots

for A in  $(cat $1) ; do

edquota -p cuota $A  
done

fi


on $A és la varible que porto amb el nom d'alumne.



http://debianhlg.wordpress.com/replicar-ldap-mediante-syncrepl/asignar-cuotas-de-disco-en-debian/

altre manera d'aplicar-ho a tots els usuaris a partir d'un identification number

Aplicando cuotas masivamente.

Si se quiere que todo aplique para los usuarios existentes, a partir de UID 510, por ejemplo, suponiendo que tiene al usuario "pepito" como molde (note por favor el acento grave en el mandato justo antes de awk, no es una comilla ni apostrofe):

edquota -p pepito `awk -F: '$3 > 510 {print $1}' /etc/passwd`
http://www.linuxparatodos.net/portal/staticpages/index.php?page=04-disk-quota


diumenge, 24 novembre de 2013

revisió dels logs apache despres d'instalar proxy-invers

després de documentar com es posa un proxy invers, ara em quedava el problema que al proxy invers tenia la ip externa que atacava la màquina, i al log de la màquina redireccionava en donava només el de la ip del proxy invers, i perdia traçavilitat sobre qui realment estava accedint al meu servidor darrera del proxy.

a més donat, que tinc moltes màquina que accedien des de la xarxa interna, totes aquestes acabaven apantallades darrera de la connexió del proxy extern, per això, he fete modificacions al sites-available/default, per tal que ara els accessos m'indiqui també la ip de la màquina original



LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" xcombined
CustomLog /var/log/apache2/access-prova.log xcombined

ara al  fitxer access-prova.log tinc

192.168.130.213 192.168.0.202 - - [24/Nov/2013:10:16:14 +0100] "GET /moodle2/theme/image.php/leatherbound/core/1379142382/i/import HTTP/1.1" 200 1047 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=167" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
192.168.130.213 192.168.0.202 - - [24/Nov/2013:10:16:14 +0100] "GET /moodle2/theme/image.php/leatherbound/core/1379142382/i/restore HTTP/1.1" 200 1047 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=167" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"

jo estava accedint des de la màquina 130.213 on adalt és visible i a sota el log clàssic no ho és.

mentre que al access.log que encara no he descartat tinc tot com la màquina proxy invers
192.168.0.202 - - [24/Nov/2013:10:20:34 +0100] "GET /moodle2/theme/image.php/clean/core/1379142382/t/switch_plus HTTP/1.1" 200 1036 "https://xxxxxxxxxxxxx/moodleeso2/course/view.php?id=112" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"
192.168.0.202 - - [24/Nov/2013:10:20:34 +0100] "GET /moodle2/theme/image.php/clean/core/1379142382/t/switch_minus HTTP/1.1" 200 936 "https:/xxxxxxxxxxxxx/moodleeso2/course/view.php?id=112" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36"




1
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
2
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

3
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
4
CustomLog "logs/access_log" combined env=!forwarded

5
CustomLog "logs/access_log" proxy env=forwarded


POR PONER ESTOS LOGS AHORA AWSTAT I WEBALIZER LOS DEBERÉ PERSONALIZAR. I TAMBIEN LOGS EN SSL


dijous, 14 novembre de 2013

Change MySQL Password on Zentyal

if you are using zentyal 3.. the default password for mysql is here:
--
/var/lib/zentyal/conf/zentyal-mysql.passwd
--

might be a help..
ciao,
arko

estava seguint com descobrir el passwd de mysql de zentyal que no recordava haver posat ...

https://help.ubuntu.com/community/MysqlPasswordReset

PERO FINALMENT A LA WEB http://www.sururi.com/2011/02/change-mysql-password-on-zentyal.html he trobar la resposta superior que m'ha tret del problema.

finalment em deixo posat la guia d'ubuntu per ja tenir-ho pero ho he solucionat amb la segona linea d'aquesta entrada.

aquesta és la guia d'ubuntu de la versió lts 12.04

Why are you looking at this wiki page?

Are you looking at this page because you cannot access the mysql server installed on your pc/server when you were trying to see if it works well? Or do you receive error messages like the following? :
ERROR 1045: Access denied for user: 'root@localhost' (Using 
password: NO)
or
ERROR 1045: Access denied for user: 'root@localhost' (Using 
password: YES)
To resolve this problem ,a fast and always working way is the "Password Resetting" .

How can I reset my MySQL password?

IconsPage/IconWarning3.png Following this procedure, you will disable access control on the MySQL server. All connexions will have a root access. It is a good thing to unplug your server from the network or at least disable remote access.
To reset your mysqld password just follow these instructions :
  • Stop the mysql demon process using this command :
    •    sudo /etc/init.d/mysql stop
  • Start the mysqld demon process using the --skip-grant-tables option with this command
    •    sudo /usr/sbin/mysqld --skip-grant-tables --skip-networking &
Because you are not checking user privs at this point, it's safest to disable networking. In Dapper, /usr/bin/mysqld... did not work. However, mysqld --skip-grant-tables did.
  • start the mysql client process using this command
    •    mysql -u root
  • from the mysql prompt execute this command to be able to change any password
    •    FLUSH PRIVILEGES;
  • Then reset/update your password
    •    SET PASSWORD FOR root@'localhost' = PASSWORD('password');
  • If you have a mysql root account that can connect from everywhere, you should also do:
    •    UPDATE mysql.user SET Password=PASSWORD('newpwd') WHERE User='root';
  • Alternate Method:
    •    USE mysql
         UPDATE user SET Password = PASSWORD('newpwd')
         WHERE Host = 'localhost' AND User = 'root';
  • And if you have a root account that can access from everywhere:
    •    USE mysql
         UPDATE user SET Password = PASSWORD('newpwd')
         WHERE Host = '%' AND User = 'root';
For either method, once have received a message indicating a successful query (one or more rows affected), flush privileges:
FLUSH PRIVILEGES;
Then stop the mysqld process and relaunch it with the classical way:
sudo /etc/init.d/mysql stop
sudo /etc/init.d/mysql start
When you have completed all this steps ,you can easily access to your mysql server with the password you have set in the step before. An easy way to have a full control of your mysql server is phpmyadmin (www.phpmyadmin.net), software made in php that can give you a web interface that can be very usefull to people that havent got a lot of confidence with bash .To install phpmyadmin on you server you will need to have 4 things:
  • web server apache
  • php
  • mysql server/mysql client installed
  • php_mysql support for apache
All packages can be found browsing synaptic.

Another way, purge

I also had some problems with mysql just not accepting my password. I tried the other way as well and it just ended up being difficult. I had not been able to use mysql so it was empty anyway. If this is also your case you may opt for the PURGE way. This removes every file related to mysql. Depending on your installation the packages might be diffrent, mysql-server in 6.10 is called mysql-server-5.0 as an example.
IconsPage/IconWarning3.png USE THIS AS A LAST RESORT METHOD, YOU WILL LOSE ALL YOUR MYSQL DATA
sudo apt-get --purge remove mysql-server mysql-common mysql-client
sudo apt-get install mysql-server mysql-common mysql-client
In the next step be sure to chance the your-new-password with the password you want!
mysqladmin -u root password your-new-password
sudo /etc/init.d/mysql restart
mysql -u root -p
You should now be logged in as root. Make sure to notedown your password! Thanks to Illuvator for posting this method in the ubuntu forum.

dilluns, 11 novembre de 2013

migran carpetes dels usuaris i les seves bases de dades.

els comptes alumnes es troben a la ruta  /home/alumnes.....llavors per traslladar a l'altre servidor que farà de frontal, pels comptes alumnes pero reverse proxy pels serveis de moodle de la eso i cicles

no traslladaré la base de dades ni mysql ni moodle ni ..... no son necessàries.

rsync -e ssh --progress --delete -lprtz /home/alumnes root@192.168.0.202:/home

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/11* root@192.168.0.202:/var/lib/mysql

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/12* root@192.168.0.202:/var/lib/mysql

rsync -e ssh --progress --delete -lprtz /var/lib/mysql/13* root@192.168.0.202:/var/lib/mysql

la resta de comptes del mysql

acaceres asix1112* epozo fsc gallery2 gsantama

rcapsada rau -scarsofglory spook surferblood wikidb

diumenge, 10 novembre de 2013

migracio msyql dels usuaris i prigvilegis a la seva base de dades

es podria fer la exportació mitjançant la anterior entrada pero queda tot sobreescrit, no tinc intenció de sobreescriure la base de dades mysql ni altres, llavors només vull traslladar la llista d'usuaris i la seva vinculació a altres taules.

primer fer extreure la llista d'usuaris del sistema pero construint una consulta sql per després accedir a la seva informació personal

$ mysql -u root -p -Bse "SELECT DISTINCT CONCAT('SHOW GRANTS FOR ''', user, '''@''', host, ''';') AS query FROM mysql.user;" > grant-queries.sql

on s'obté quelcom similar a 

SHOW GRANTS FOR 'root'@'127.0.0.1';
SHOW GRANTS FOR 'foo'@'127.0.0.1';
SHOW GRANTS FOR 'bar'@'127.0.0.1';

després doname com entrada el fitxer resultant anterior i obtenir la sortida dels privilegis de cada usuari

$ mysql -u root -p -Bse "SOURCE grant-queries.sql" > privileges.sql

mirant el contingut 

GRANT SELECT ON `maqueta1`.* TO 'jmler'@'%'
GRANT ALL PRIVILEGES ON *.* TO 'moodle'@'%' IDENTIFIED BY PASSWORD '*81FAE724C1DF3871DD6D2C8F5F980BDCAD9C53' WITH GRANT OPTION
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `moodle`.* TO 'moodle'@'%'
GRANT USAGE ON *.* TO 'ocs'@'%' IDENTIFIED BY PASSWORD '*127C25B107D201007E887369797A3000F77838'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `ocsweb`.* TO 'ocs'@'%'

amb un resultat de usuaris, passwords i privilegis de la base de dades del servidor.

només queda volcar-ho a l'ordinador destí

$ mysql -u root -p -Bse "SOURCE privileges.sql"

Bé , aquesta part m'ha fallat, m'ha donat problemes en les consultes i finalment he separat les consultes finalitzant amb ; i les he insertat en el phpmyadmin pq les vagi afegint.

he evitat tocar el root i algun altre usuari que no s'usaria en aquest nou servidor, és un frontal i no dispondrà de tots els serveis que tenia l'anterior.

font http://rm-rf.es/migrar-privilegios-de-un-servidor-mysql/#comment-57043


migració base dades mysql , usuaris i passwd

una vegada he migrat usuaris de sistema, entrada anterior al bloc, ara toca migrar els usuaris de la base de dades mysql a l'entrada posterior indicaré el backup que realitzo de la base de dades i ho podem completar amb la sincronització en el nou servidor via rsync,

només de les basses de dades noves creades pels usuaris i no les de sistema tipicament farem el backup amb

mysqldump -u usuariodb -p basededatosacopiar > volcado.sql

 pero els usuaris i passwd es guarden a la base de dades mysql pero potser tinc versió diferent i no la vull sobreescriure podem fer el backup de totes les bases de dades

PERO, NO HO FEU ENCARA, ENS PODEM TROBAR AMB ERRORS POSTERIORS PER SOBREESCIURE BBDD

mysqldump -u root -p --all-databases > dump.sql

 via sftp enviar-ho al nou servidor i en ell recuperar-es totes.

mysql -u root -p < dump.sql

 Termina la copia, salgo, entro en un shell MySQL, todo bien… Ok, reiniciemos el servidor MySQL:

service mysql restart

Stopping MySQL database server: mysqld failed!
Starting MySQL database server: mysqld already running.
/usr/bin/mysqladmin: connect to server at 'localhost' failed
error: 'Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)'


Wow! ¿Y eso qué onda!?!? En debian, existe un usuario denominado debian-sys-maint, que se encarga de realizar algunas tareas de mantenimiento al iniciar y detener el servidor MySQL, y algunas tareas con los logs del servicio.
Así que buscando un poco, hay un archivo /etc/mysql/debian.cnf similar al .my.cnf que se puede crear en nuestro home para acceder automáticamente a un servidor determinado, sin preguntar usuario, host, o incluso el password.
Comparando ambos archivos, en el servidor anterior y el nuevo, tenían passwords diferentes. El archivo tiene una estructura así:


# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = debian-sys-maint
password = passdedebiansysmaint
socket   = /var/run/mysqld/mysqld.sock

[mysql_upgrade]
user     = debian-sys-maint
password =  passdedebiansysmaint
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr


Y como dice do not touch, mejor le hacemos caso :P
Así que hay que decidí seguir el procedimiento para cambiar el password de un usuario en MySQL:
update user set password=PASSWORD("passdedebiansysmaint") where User='debian-sys-maint';

Y finalmente hacemos un:

flush privileges;
Y listo! El servidor reinicia normalmente:

service mysql restart

Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..


Espero les sirva =)

 font http://techsurveyor.com/2011/01/30/migracion-de-usuarios-y-passwords-de-un-servidor-mysql/

 TOT AIXÒ MERAVELLOS SI ÉS LA MATEIXA VERSIÓ DE mysql pero i si pot haver-hi alguna diferència, cas típic de migració de debian6 a debian7