The Problem:
I can't use cp to copy a symlinks to a directory, but i don't want to re-create it which could lead to typo problem due to long target path.
The Solution:
After quick search i found two working ways to do it.
First,
you still need to re-create then link but doesn't have to re-type target path, use readlink output instead.
ln -s `readlink ~/v1/jboss-deploy` ~/v2/jboss-deploy
In above command the `jboss-deploy` is a symlink to a directory somewhere in this box.
Second,
just use -P option on cp
cp -P ~/v1/jboss-deploy ~/v2/
well, then i should admit that i never read cp manual carefully... =="
git diff's ESC chars problem on xterm
First time using
Found this after searching, and after checking less man pages i concluded that i only need
and here is the result after re-login:
git diff on xterm, the displayed result showing ESC[ characters instead of colored line.
Found this after searching, and after checking less man pages i concluded that i only need
-R options since i only want to clear ESC[ characters and colored diffs. So i add this line on my ~/.bashrc :
LESS="-R"; export LESS
and here is the result after re-login:
Securing JBoss AS From Remote Exploit
This morning i got a call from office telling that she can't accessing our ERP application. After some checking i found that there are something wrong with Jboss AS. There are some unrecognized .war files on deploy dir. The .war files only contain one .jsp file with similar code. The results from web search lead me to this website. The code was same, and obviously we were the victim.
It was exploiting standard and unsecured jmx console on jboss (i'm still using jboss v4.0.2), well.. that was entirely my fault wasn't to prioritize securing jmx and web console on production server. The code on .jsp was intended to open a console (cmd on windows or sh on linux) and fortunately the jboss service was executed by user 'jboss' not 'root' (you can imagine what happen if it was root).
This 'accident' forcing me to take time (mine and users) to apply jboss security. First step is i opening bookmark list on my browser (believe me or not i was bookmarking an some articles about securing jboss a couple months ago) and start to apply them. Here are the links : SecuringTheJMXConsole - Jboss Comunity and JBoss Application Server Security Vulnerability Notice.
Now some security was applied, and i need to test it right? download the exploit code and put it into linux box because it wrote using perl and i don't have perl on my windows. First i try the exploit to jboss on my development server which using standard/unsecured version and the exploit was working, this proofing that the exploit is wasn't defect. Then i try it to jboss on production server which the jmx and web concole already secured, and failed while complaining can't upload the file.
For now the jboss is secure from the exploit while i still need to explore other posibilities.
Days after implementing secure jmx and web console, i'm not found any alien .war file any more. But netstat result mention some unknown irc connections.
Then i take these step:
1. Run a full scan and found 3 infected files:
and remove them.
2. I also checking
3. Kill all process by PID shown from
4. Re-check all process which is owned by jboss except one which running Jboss Server.
5. Check again
It was exploiting standard and unsecured jmx console on jboss (i'm still using jboss v4.0.2), well.. that was entirely my fault wasn't to prioritize securing jmx and web console on production server. The code on .jsp was intended to open a console (cmd on windows or sh on linux) and fortunately the jboss service was executed by user 'jboss' not 'root' (you can imagine what happen if it was root).
This 'accident' forcing me to take time (mine and users) to apply jboss security. First step is i opening bookmark list on my browser (believe me or not i was bookmarking an some articles about securing jboss a couple months ago) and start to apply them. Here are the links : SecuringTheJMXConsole - Jboss Comunity and JBoss Application Server Security Vulnerability Notice.
Now some security was applied, and i need to test it right? download the exploit code and put it into linux box because it wrote using perl and i don't have perl on my windows. First i try the exploit to jboss on my development server which using standard/unsecured version and the exploit was working, this proofing that the exploit is wasn't defect. Then i try it to jboss on production server which the jmx and web concole already secured, and failed while complaining can't upload the file.
For now the jboss is secure from the exploit while i still need to explore other posibilities.
Update: April 1, 2011
Days after implementing secure jmx and web console, i'm not found any alien .war file any more. But netstat result mention some unknown irc connections.
Then i take these step:
1. Run a full scan and found 3 infected files:
ieh: Trojan.Perl.Shellbot-2
.X-un1x: Trojan.Perl.Shellbot-2
xh: Linux.Rst
and remove them.
2. I also checking
/tmp and removing some suspicious files/folders which is owned by jboss and nothing to do with currently deployed legit applications (i.e: hibernate cache files). 3. Kill all process by PID shown from
netstat (i use -p option to show pid).4. Re-check all process which is owned by jboss except one which running Jboss Server.
5. Check again
netstat to make sure there are no more unwanted connections.
WAR File Auto Deployer
Ok, here its scripts for auto deploying war file, so i don't have to wait all the employees logged out before i can bring down the server ;)
1) create a file with name '/erp/scripts/war-deployer.sh'
2) Then assign it in crontab:
run command
It will execute script /erp/scripts/war-deployer.sh on 07 March 2011 22:05
3) Done! and let see if it will do the job :p
By given method above, all i need to do is put new erp.war file on distribution directory and change Day-of-month and Month field on crontab every time i need to update the application.
Btw, it will work great too if i have fixed schedule to update the app. consider this cycle: develop/bug fix > test > distribute it by put war file on dist directory and forget the 'deploy' part... ;)
read more about cron on : http://en.wikipedia.org/wiki/Cron.
1) create a file with name '/erp/scripts/war-deployer.sh'
#!/bin/bash
#
# WAR File Deployer Script
# description: Its simply stop service, backup file, replace file, and start the service again.
#
WAR_FILE="erp.war"
DIST_DIR="/erp/readyToDeploy"
DEPLOY_DIR="/usr/jboss/server/default/deploy"
# stop jboss server
/sbin/service jbossd stop
# backup
BACKUP_FILE="/erp/backup/$WAR_FILE-"`date +%F_%H-%M`".bak"
echo "Creating backup file $BACKUP_FILE ..."
/bin/cp "$DEPLOY_DIR/$WAR_FILE" "$BACKUP_FILE"
# replace
echo "Replacing $DIST_DIR/$WAR_FILE with $DEPLOY_DIR/$WAR_FILE"
/bin/cp "$DIST_DIR/$WAR_FILE" "$DEPLOY_DIR/$WAR_FILE"
# start jboss server
/sbin/service jbossd start
2) Then assign it in crontab:
run command
crontab -e to insert job to be executed tonight into crontab. Then add following line:
05 22 7 3 * /erp/scripts/war-deployer.sh
It will execute script /erp/scripts/war-deployer.sh on 07 March 2011 22:05
3) Done! and let see if it will do the job :p
By given method above, all i need to do is put new erp.war file on distribution directory and change Day-of-month and Month field on crontab every time i need to update the application.
Btw, it will work great too if i have fixed schedule to update the app. consider this cycle: develop/bug fix > test > distribute it by put war file on dist directory and forget the 'deploy' part... ;)
read more about cron on : http://en.wikipedia.org/wiki/Cron.
update[March 26, 2011]
- fixed script (variable $DIST_FILE -> $DIST_DIR).
- crontab entry (year removed, and change ? with *).
Handling Timestamp '0000-00-00 00:00:00' in jdbc
here i found quick ref to resolve SQLException when Timestamp value is '0000-00-00 00:00:00', link
Summary
In hibernate.cfg.xml:
In hibernate.properties:
In mysql-ds.xml file for JBOSS:
In JDBC URL:
Summary
In hibernate.cfg.xml:
<property name="hibernate.connection.zeroDateTimeBehavior">convertToNull</property>In hibernate.properties:
hibernate.connection.zeroDateTimeBehavior=convertToNullIn mysql-ds.xml file for JBOSS:
<connection-property name="zeroDateTimeBehavior">convertToNull</connection-property>In JDBC URL:
jdbc:mysql://yourserver:3306/yourdatabase?zeroDateTimeBehavior=convertToNull
Replikasi MySQL Database
Dengan adanya kebutuhan untuk membuat pelaporan yang komplek tanpa membebani kenerja aplikasi utama maka saya merencanakan membuat modul tambahan khusus untuk sistem pelaporan. Aplikasi ini akan dibuat terpisah dengan menggunakan database replika dari database yang digunakan oleh aplikasi utama. Berdasarkan referensi mysql tentang replikasi dan howtos ini dan ini kelihatannya akan cukup mudah implementasi replika database tersebut, ok waktunya praktek.. wish me luck..
HOWTO: Download package dependencies for offline installation
Hari ini kebetulan ada waktu untuk mempelajari instalasi OpenOffice.org3 dengan menggunakan bantuan buku + cd info linux extra no.01/2009, isinya full tentang OOo3.
Skip dulu yang lainnya, langsung ke installasi! di buku itu dijelaskan step-by-step installasi pada Windows, OSX, dan Linux (Ubuntu 8.10, untuk distro lainnya hanya sekilas saja). Langsung coba install di XP, lancar, seperti biasa aja tinggal klik next terus :), berikutnya install di OSX, nah kalo ini saya ga punya jd skip aja deh.
Berikutnya adalah ubuntu, kebetulan versi-nya sama dengan ubuntu di komp yang sedang saya gunakan. Tapi maklum karena ini komp bekas pegangan orang lain dan baru bbrp hari saya pakai jadi ngga tau apakah OOo yang ada jalan atau tidak (kemungkinan besar sih tidak) karena ternyata tidak jre atau jdk yang terinstall. Itu pun baru saya ketahui pada saat install OOo3 tiba-tiba muncul message "javaldx: Could not find a Java Runtime Environment!". Setelah saya cek pada synaptic pkg manager, memang pkg jre atau jdk memang tidak terinstall... duh. Ternyata cd info linux tidak menyertakan jre. Memang ga susah sih, kita tinggal pake synaptic untuk download dan install jre/jdk nya (soalnya saya ga pegang cd ubuntu-nya :( ), tapi ada bbrp komp dengan os ubuntu yang akan di-upgrade OOo-nya. Setelah googling dikit saya nemu cara untuk mendownload package beserta dependencies-nya, sehingga saya bisa download pkg jre untuk dipajang di server files dan tidak perlu dowload jre setiap install jre.
Skip dulu yang lainnya, langsung ke installasi! di buku itu dijelaskan step-by-step installasi pada Windows, OSX, dan Linux (Ubuntu 8.10, untuk distro lainnya hanya sekilas saja). Langsung coba install di XP, lancar, seperti biasa aja tinggal klik next terus :), berikutnya install di OSX, nah kalo ini saya ga punya jd skip aja deh.
Berikutnya adalah ubuntu, kebetulan versi-nya sama dengan ubuntu di komp yang sedang saya gunakan. Tapi maklum karena ini komp bekas pegangan orang lain dan baru bbrp hari saya pakai jadi ngga tau apakah OOo yang ada jalan atau tidak (kemungkinan besar sih tidak) karena ternyata tidak jre atau jdk yang terinstall. Itu pun baru saya ketahui pada saat install OOo3 tiba-tiba muncul message "javaldx: Could not find a Java Runtime Environment!". Setelah saya cek pada synaptic pkg manager, memang pkg jre atau jdk memang tidak terinstall... duh. Ternyata cd info linux tidak menyertakan jre. Memang ga susah sih, kita tinggal pake synaptic untuk download dan install jre/jdk nya (soalnya saya ga pegang cd ubuntu-nya :( ), tapi ada bbrp komp dengan os ubuntu yang akan di-upgrade OOo-nya. Setelah googling dikit saya nemu cara untuk mendownload package beserta dependencies-nya, sehingga saya bisa download pkg jre untuk dipajang di server files dan tidak perlu dowload jre setiap install jre.
Restore MySQL Database Using Java
Restoring MySQL database from a backup file (SQL File).
import java.io.FileInputStream;
import java.io.OutputStream;
public class MySQLBackupUtil {
private static void restore(String host, String port, String user,
String password, String db, String sqlFile) throws Exception {
int BUFFER = 10485760;
String cmd = "mysql --host=" + host;
if (port != null && port.length() > 0)
cmd += " --port=" + port;
cmd += " --user=" + user;
if (password != null && password.length() > 0)
cmd += " --password=" + password;
cmd += " " + db;
Process run = Runtime.getRuntime().exec(cmd);
FileInputStream fis = new FileInputStream(sqlFile);
OutputStream out = run.getOutputStream();
byte[] buf = new byte[BUFFER];
int len;
while ((len = fis.read(buf)) >= 0)
out.write(buf, 0, len);
fis.close();
out.close();
}
public static void main(String[] args) {
try {
String sqlFile = "D:\\APP\\workspace\\chunkcode\\dbtest.sql";
restore("localhost", "3306", "root", "", "dbtest", sqlFile);
} catch (Exception e) {
e.printStackTrace();
}
}
}
Extracting Zip File Using Java
Extract a zip file to a directory:
import java.io.*;
import java.util.zip.*;
public class Unzip {
public static void unzipTo(String zipName, String dirName) throws Exception {
final int BUFFER = 2048;
File dir = new File(dirName);
if (!dir.exists())
dir.mkdir();
if (!dirName.endsWith("\\") && !dirName.endsWith("/")) {
dirName += "/";
}
BufferedOutputStream dest = null;
FileInputStream fis = new FileInputStream(zipName);
CheckedInputStream checksum = new CheckedInputStream(fis, new Adler32());
ZipInputStream zis = new ZipInputStream(new BufferedInputStream(
checksum));
ZipEntry entry;
while ((entry = zis.getNextEntry()) != null) {
System.out.println("Extracting: " + entry + " to " + dirName
+ entry.getName());
int count;
byte data[] = new byte[BUFFER];
// write the files to the disk
FileOutputStream fos = new FileOutputStream(dirName
+ entry.getName());
dest = new BufferedOutputStream(fos, BUFFER);
while ((count = zis.read(data, 0, BUFFER)) != -1) {
dest.write(data, 0, count);
}
dest.flush();
dest.close();
}
zis.close();
System.out.println("Checksum: " + checksum.getChecksum().getValue());
}
public static final void main(String[] args) {
try {
String targetDir = "D:\\APP\\workspace\\chunkcode\\tmp";
String zipFile = "D:/APP/workspace/chunkcode/test.zip";
unzipTo(zipFile, targetDir);
} catch (Exception e) {
e.printStackTrace();
}
}
}
The code is based from this article.
MIME Type Quick Reference
| MIME Type | File Extension |
| application/SLA | stl |
| application/STEP | step |
| application/STEP | stp |
| application/acad | dwg |
| application/andrew-inset | ez |
| application/clariscad | ccad |
| application/drafting | drw |
| application/dsptype | tsp |
| application/dxf | dxf |
| application/excel | xls |
| application/i-deas | unv |
| application/java-archive | jar |
| application/mac-binhex40 | hqx |
| application/mac-compactpro | cpt |
| application/vnd.ms-powerpoint | pot |
| application/vnd.ms-powerpoint | pps |
| application/vnd.ms-powerpoint | ppt |
| application/vnd.ms-powerpoint | ppz |
| application/msword | doc |
| application/octet-stream | bin |
| application/octet-stream | style |
| application/octet-stream | dms |
| application/octet-stream | exe |
| application/octet-stream | lha |
| application/octet-stream | lzh |
| application/oda | oda |
| application/ogg | ogg |
| application/ogg | ogm |
| application/pdf | |
| application/pgp | pgp |
| application/postscript | ai |
| application/postscript | eps |
| application/postscript | ps |
| application/pro_eng | prt |
| application/rtf | rtf |
| application/set | set |
| application/smil | smi |
| application/smil | smil |
| application/solids | sol |
| application/vda | vda |
| application/vnd.mif | mif |
| application/vnd.ms-excel | xlc |
| application/vnd.ms-excel | xll |
| application/vnd.ms-excel | xlm |
| application/vnd.ms-excel | xls |
| application/vnd.ms-excel | xlw |
| application/vnd.rim.cod | cod |
| application/x-arj-compressed | arj |
| application/x-bcpio | bcpio |
| application/x-cdlink | vcd |
| application/x-chess-pgn | pgn |
| application/x-cpio | cpio |
| application/x-csh | csh |
| application/x-debian-package | deb |
| application/x-director | dcr |
| application/x-director | dir |
| application/x-director | dxr |
| application/x-dvi | dvi |
| application/x-freelance | pre |
| application/x-futuresplash | spl |
| application/x-gtar | gtar |
| application/x-gunzip | gz |
| application/x-gzip | gz |
| application/x-hdf | hdf |
| application/x-ipix | ipx |
| application/x-ipscript | ips |
| application/x-javascript | js |
| application/x-koan | skd |
| application/x-koan | skm |
| application/x-koan | skp |
| application/x-koan | skt |
| application/x-latex | latex |
| application/x-lisp | lsp |
| application/x-lotusscreencam | scm |
| application/x-mif | mif |
| application/x-msdos-program | bat |
| application/x-msdos-program | com |
| application/x-msdos-program | exe |
| application/x-netcdf | cdf |
| application/x-netcdf | nc |
| application/x-perl | pl |
| application/x-perl | pm |
| application/x-rar-compressed | rar |
| application/x-sh | sh |
| application/x-shar | shar |
| application/x-shockwave-flash | swf |
| application/x-stuffit | sit |
| application/x-sv4cpio | sv4cpio |
| application/x-sv4crc | sv4crc |
| application/x-tar-gz | tar.gz |
| application/x-tar-gz | tgz |
| application/x-tar | tar |
| application/x-tcl | tcl |
| application/x-tex | tex |
| application/x-texinfo | texi |
| application/x-texinfo | texinfo |
| application/x-troff-man | man |
| application/x-troff-me | me |
| application/x-troff-ms | ms |
| application/x-troff | roff |
| application/x-troff | t |
| application/x-troff | tr |
| application/x-ustar | ustar |
| application/x-wais-source | src |
| application/x-zip-compressed | zip |
| application/zip | zip |
| audio/TSP-audio | tsi |
| audio/basic | au |
| audio/basic | snd |
| audio/midi | kar |
| audio/midi | mid |
| audio/midi | midi |
| audio/mpeg | mp2 |
| audio/mpeg | mp3 |
| audio/mpeg | mpga |
| audio/ulaw | au |
| audio/x-aiff | aif |
| audio/x-aiff | aifc |
| audio/x-aiff | aiff |
| audio/x-mpegurl | m3u |
| audio/x-ms-wax | wax |
| audio/x-ms-wma | wma |
| audio/x-pn-realaudio-plugin | rpm |
| audio/x-pn-realaudio | ram |
| audio/x-pn-realaudio | rm |
| audio/x-realaudio | ra |
| audio/x-wav | wav |
| chemical/x-pdb | pdb |
| chemical/x-pdb | xyz |
| image/cmu-raster | ras |
| image/gif | gif |
| image/ief | ief |
| image/jpeg | jpe |
| image/jpeg | jpeg |
| image/jpeg | jpg |
| image/png | png |
| image/tiff | tif tiff |
| image/tiff | tif |
| image/tiff | tiff |
| image/x-cmu-raster | ras |
| image/x-portable-anymap | pnm |
| image/x-portable-bitmap | pbm |
| image/x-portable-graymap | pgm |
| image/x-portable-pixmap | ppm |
| image/x-rgb | rgb |
| image/x-xbitmap | xbm |
| image/x-xpixmap | xpm |
| image/x-xwindowdump | xwd |
| model/iges | iges |
| model/iges | igs |
| model/mesh | mesh |
| model/mesh | msh |
| model/mesh | silo |
| model/vrml | vrml |
| model/vrml | wrl |
| text/css | css |
| text/html | htm |
| text/html | html htm |
| text/html | html |
| text/plain | asc txt |
| text/plain | asc |
| text/plain | c |
| text/plain | cc |
| text/plain | f90 |
| text/plain | f |
| text/plain | h |
| text/plain | hh |
| text/plain | m |
| text/plain | txt |
| text/richtext | rtx |
| text/rtf | rtf |
| text/sgml | sgm |
| text/sgml | sgml |
| text/tab-separated-values | tsv |
| text/vnd.sun.j2me.app-descriptor | jad |
| text/x-setext | etx |
| text/xml | xml |
| video/dl | dl |
| video/fli | fli |
| video/flv | flv |
| video/gl | gl |
| video/mpeg | mp2 |
| video/mp4 | mp4 |
| video/mpeg | mpe |
| video/mpeg | mpeg |
| video/mpeg | mpg |
| video/quicktime | mov |
| video/quicktime | qt |
| video/vnd.vivo | viv |
| video/vnd.vivo | vivo |
| video/x-fli | fli |
| video/x-ms-asf | asf |
| video/x-ms-asx | asx |
| video/x-ms-wmv | wmv |
| video/x-ms-wmx | wmx |
| video/x-ms-wvx | wvx |
| video/x-msvideo | avi |
| video/x-sgi-movie | movie |
| www/mime | mime |
| x-conference/x-cooltalk | ice |
| x-world/x-vrml | vrm |
| x-world/x-vrml | vrml |
| vnd.openxmlformats-officedocument.spreadsheetml.sheet | xlsx |
| application/vnd.openxmlformats-officedocument.wordprocessingml.document | docx |
[Update 2019-05-13]
-add: docx, & xlsx.
-add: docx, & xlsx.
Subscribe to:
Posts (Atom)