openssl s_client -connect mysite.com:443
To retrieve a certificate
openssl s_client -connect sdms.ecp:443 2>&1 | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’
Useful page:
http://www.madboa.com/geek/openssl/
Category Archives: Memo
PHP session
Use both Session and cookie to keep security for the website
$_COOKIE[session_name()]
the session name is stored as cookie, other variables are stored as session var
auth.php
<?php
session_set_cookie_params(7200,’/’,”,true);
session_start();
if($_SESSION[‘auth’]!=’xxx’){
session_destroy();
header(“Location: ./login.php\n\n”);
exit;
}else{
//check fingerprint
$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];
$fp = md5($fp);
if($_SESSION[‘par’] != $fp){
header(“Location: ./login.php\n\n”);
exit;
}
}
?>
login.php
check if ID, pass are matched with those in db….then
session_start();
$_SESSION[‘user_id’] = $uid;
$_SESSION[‘grp_id’] = $gid;
$_SESSION[‘auth’] = 1;
$fp = $_SERVER[“HTTP_USER_AGENT”];
$fp .= $_SERVER[“REMOTE_ADDR”];
$_SESSION[‘remote’] = md5($fp);
header(“Location: ./index.php”);
logout.php
session_set_cookie_params(7200,’/’,”,true);
session_start();
$_SESSION = array();
if(isset($_COOKIE[session_name()])){
$params = session_get_cookie_params();
setcookie(session_name(), ”, time()-3600,
$params[“path”], $params[“domain”],
$params[“secure”], $params[“httponly”]
);
}
session_destroy();
header(“Location: ./login.php\n\n”);
exit;
session_destroy() destroy the session, and cookie will be deleted as setting the cookie lifetime as a time past
SQL — MySQL
Insert
INSERT INTO tablename (col1, col2) VALUES(‘data1’, ‘data2’ );
Grant
GRANT ALL PRIVILEGES ON dbname.* to dbuser@localhost;
GRANT ALL PRIVILEGES ON dbname.* to dbuser@”%”;
GRANT SELECT ON dbname.dbtable to dbuser@”111.111.111.111″;
GRANT SELECT(colname) ON dbname.dbtable to dbuser@”111.111.111.111″;
set password for username = password(‘password’);
flush privileges;
Find
To avoid files started with “.” in find result
find . -name ‘.snapshot’ -prune -o -name ‘file.mp4’
To delete files older than 7*24h
find /var/tmp -mtime +7 -exec rm -f {} \;
mysqldump
1. dump all database into backup file
mysqldump –opt –all-databases > /tmp/databkup
(–opt includes lock table option)
2. dump several databases
mysqldump –opt –databases db1 db2 db3 > /tmp/databkup
3. dump single table
mysqldump –opt db1 table1 > /tmp/databkup
Touble shooting
Error: Access denied for user x@y to database z when using lock tables
mysqldump -u username -p database –single-transaction >dump.sql
User tar to back up db
mysql> FLUSH TABLES WITH READ LOCK;
(This will lock the db so it won’t be updated by other threads. Write threads by other process will wait till the lock is released)
#tar cvzf /var/tmp/datadump.tgz /var/lib/mysql/*
mysql> UNLOCK TABLES;
Restore data
lock tables bbb write;
mysql bbb < /data_backup/databkup
unlock tables;
MySQL interface — PHP
Connect and Close connection to DB
$DB_HOST = “localhost”;
$DB_NAME = “mysql”;
$DB_USER = “mysql”;
$DB_PASS = “password”;
function conn_db(){
global $DB_HOST;
global $DB_USER;
global $DB_PASS;
global $DB_NAME;
if(!($conn = mysql_connect($DB_HOST, $DB_USER, $DB_PASS))) {
echo “Failed to connect DB”;
echo mysql_error($conn);
die;
}
if(!(mysql_select_db($DB_NAME))) {
echo “Failed to select DB”;
echo mysql_error($conn);
die;
}
return $conn;
}
function close_db($conn){
mysql_close($conn);
}
$conn = conn_db();
$sql = “select * from users where date>’20081001′ order by id”;
if (!($rs=mysql_query($sql))) {
echo mysql_error($conn);
die;
}
while ($row = mysql_fetch_array($rs)) {
echo “$row[0] $row[1]\n”;
}
Reset db slave
Some old data were missingon db slave server
copy data from master db01.lalife.net to slave db02.lalife.net and reset slave
On Master:
Lock table
mysql> FLUSH TABLES WITH READ LOCK;
mysql> show master status;
+——————+———-+————–+——————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———-+————–+——————+
| db01-bin.000901 | 84861692 | | |
+——————+———-+————–+——————+
cd /var/lib
tar cvfz TARFILE_NAME.tgz mysql/
mysql > unlock tables;
On Slave:
cd /var/tmp/
tar -zxvf db01_bk.tar.gz
service mysql stop
##backup old db
mv /www/mysql /www/mysql0603
mv /var/tmp/www/mysql/ /www/
service mysql start
mysql>STOP SLAVE;
mysql>RESET SLAVE;
mysql> CHANGE MASTER TO MASTER_HOST=’db001.lalife.net’, MASTER_USER=’replication’, MASTER_PASSWORD=’xxxxx’, MASTER_LOG_FILE=’db01-bin.000900′, MASTER_LOG_POS=13482116;
mysql>START SLAVE;
How to get master bin file and position:
On master server
mysql> show master status;
+——————+———–+————–+——————+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+——————+———–+————–+——————+
| db01-bin.000900 | 437292441 | | |
+——————+———–+————–+——————+
SSH key setup in cluster servers
Setup keys for xxx to login yyy without password
[xxx-sync@xxx ~]$ ssh-keygen -t dsa
cp id_dsa.pub to xxx /home/xxx-sync/.ssh
Find
To delete empty directory
for d in `find /www/xxxx/oldfiles/* -type d -mtime +1| sort -r`;do echo $d;rmdir $d;done
requiretty
Some cron didn’t work well after move to CentOS5
New to disable requiretty
May 19 10:40:01 xxx sudo: root : sorry, you must have a tty to run sudo ; TTY=unknown ; PWD=/www/xxx/bin ; USER=xxx ; COMMAND=/bin/sh moviepagechmod.sh
vi /etc/sudoers
#Defaults requiretty