Auto backup

Auto MySQL Backup is a shell script that helps to automate the back process. http://sourceforge.net/projects/automysqlbackup/ Here are 7 easy steps to create backup of any database. 1) connect to the server. 2) Download the package: wget http://tinyurl.com/c52x3sh 3) Extract files: tar xvfz automysqlbackup-v3.0_rc6.tar 4) make sure you are "root" and then install: sh install.sh 5) create backup folder: mkdir /var/backup/ # this backup location can be changed as shown below 6) Make changes to user name / password and the DB that needs to be backup: vi /usr/local/bin/automysqlbackup CONFIG_mysql_dump_password='admin' CONFIG_db_names=('drupaldb') CONFIG_backup_dir='/var/backup/db' 7) Run the script to take the backup: /usr/local/bin/automysqlbackup

Resetting root password

If you have forgotten your root password, you will need to start mysql service with --skip-grant-tables mode and then run the following 2 commands to reset it to root / root@123 UPDATE mysql.user SET Password = password('root@123') WHERE Host = 'localhost' AND User = 'root'; REPLACE INTO mysql.user VALUES ('%','root','*A00C34073A26B40AB4307650BFB9309D6BFA6999', 'Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','Y','Y','Y', 'Y','Y','Y','Y','Y','','','','', 0,0,0,0,'',''); You may now remove the skip grant tables option and restart mysql service. I assume you are not using old-passwords option in my.cnf that makes it compatible with mysql version 3.0!

Script to search locked threads The following script will pick up the thread-id from innodb status page and select the last queries executed by that thread. #!/bin/sh mysql -e"show engine innodb status\G" | grep "MySQL thread id " | awk -F"," '{print $1}' | replace 'MySQL thread id' '' | tail | while read -r connectid do tail -1000000 /var/log/mysql/general.log | awk '$1 == "'$connectid'" || $3 == "'$connectid'" { print $0 }' | head tail -1000000 /var/log/mysql/general.log | awk '$1 == "'$connectid'" || $3 == "'$connectid'" { print $0 }' | tail done

ntroduction This document demonstrates how Apache can be used to control access based on a web client's digital certificate. Three machines are used in this example: A Certificate Authority (CA), running OpenBSD, which validates and signs the client keys, A web server, running OpenBSD and Apache + mod_ssl, which only allows users with certificates signed by the CA to view its protected pages, and The client, running Windows 2000 and IE 5.5, which requests a key with openssl.exe, and attempts to view the pages protected by the web server. Note that in a production environment, the CA should be a separate machine and disconnected from the network. Create the Certificate Authority (CA) On the machine used for the CA, create a directory for its keys: mkdir -p /etc/ssl/ca/private chown -R root:wheel /etc/ssl/ca chmod 700 /etc/ssl/ca/private Next, generate a private key and a certificate request, and then self-sign the certificate. openssl genrsa -out ca.key 1024 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt Setup the Web Server Certificate On the web server, create a self-signed certificate for SSL requests: openssl genrsa -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt Make sure the path(s) to the server certificate are correct in /var/www/conf/httpd.conf. Install the CA Certificate on the Web Server Copy the CA certificate (via floppy) to /var/www/conf/ssl.crt/ca.crt, on the web server. Tell the web server (Apache) where it can find the CA certificate, in httpd.conf: ... SSLCACertificateFile /var/www/conf/ssl.crt/ca.crt ... Require a Certificate for Access Tell Apache which URL (in this case /cert) to require authentication for. httpd.conf: ... SSLRequireSSL SSLVerifyClient require SSLVerifyDepth 10 ... Shutdown and Restart httpd: apachectl stop /usr/sbin/httpd -DSSL Have the Client Request a Certificate On the client, generate a private key and certificate request: openssl genrsa -out client.key 1024 openssl req -new -key client.key -out client.csr -config openssl.cnf OpenSSL for Win32 can be downloaded here. Note that OpenSSL won't be able to obtain a nice pseudo-random sample for its key generation, and will complain. However, it will allow you to specify a document for added entropy with the -rand switch. In testing, I created a file on the OpenBSD machine with dd if=/dev/srandom of=output.txt bs=4096 count=1, copied that file to Windows, and generated a key with openssl genrsa -rand output.txt -out client.key 1024. Have the Authority Sign the Certificate Copy the client request to the CA (via floppy), and sign the client request with the CA's private key: openssl x509 -req -days 365 -CA ca.crt -CAkey ca.key -CAcreateserial -in client.csr -out client.crt Copy the signed certificate (client.crt) back to the client. Import the Client Certificate Create a PKCS#12 document from the client private key and the signed certificate: openssl pkcs12 -export -clcerts -in client.crt -inkey client.key -out client.p12 Double click client.p12 to import, and select the default values. Finally, attempt to access the protected server pages (e.g. http://www.server.com/cert/). Known Issues The example generates 1024-bit keys. I tried 4096-bits for each key without success. Please drop me a note if you've solved this dilema. References OpenSSL homepage: http://www.openssl.org mod_ssl homepage: http://www.modssl.org Public-Key Cryptography Standards: http://www.rsasecurity.com/rsalabs/pkcs/ X-series Recommendations: X.500 and up: http://www.itu.int//itudoc/itu-t/rec/x/x500up/ Additional Reading Using Certificate Revocation Lists (Apache Week): http://www.apacheweek.com/features/crl Using Client Certificates with stunnel: http://www.stunnel.org/faq/certs.html#ToC1