Mayıs 23rd 2012
D6R57NP32Q2R
D6R57NP32Q2R
PCI DSS SSL
PCI taramalarında başarılı olmak için sunucunuzda eski SSL desteklerinin hepsini kaldırın.
Sadece SSLv3 ve TLSv1 destekleyin.
Yaşasın SSLv3
Apache’de
SSLProtocol -ALL +SSLv3 +TLSv1
http://www.debianadmin.com/how-to-enable-ssl-version-3-and-tls-transport-layer-security-version-1-in-apache-hosts.html
Windows 2008 için
http://social.technet.microsoft.com/Forums/en/winservergen/thread/74a45b74-8d84-4308-ba14-02e4bc724e27
Taramak için
$ sudo sslscan www.google.com.tr:443
[sudo] password for dincer:
_
___ ___| |___ ___ __ _ _ __
/ __/ __| / __|/ __/ _` | ‘_ \
\__ \__ \ \__ \ (_| (_| | | | |
|___/___/_|___/\___\__,_|_| |_|
Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009
Testing SSL server www.google.com.tr on port 443
Supported Server Cipher(s):
Accepted SSLv3 256 bits ECDHE-RSA-AES256-SHA
Rejected SSLv3 256 bits ECDHE-ECDSA-AES256-SHA
Rejected SSLv3 256 bits DHE-RSA-AES256-SHA
Rejected SSLv3 256 bits DHE-DSS-AES256-SHA
Rejected SSLv3 256 bits DHE-RSA-CAMELLIA256-SHA
Rejected SSLv3 256 bits DHE-DSS-CAMELLIA256-SHA
Rejected SSLv3 256 bits AECDH-AES256-SHA
Rejected SSLv3 256 bits ADH-AES256-SHA
Rejected SSLv3 256 bits ADH-CAMELLIA256-SHA
Rejected SSLv3 256 bits ECDH-RSA-AES256-SHA
Rejected SSLv3 256 bits ECDH-ECDSA-AES256-SHA
Accepted SSLv3 256 bits AES256-SHA
Rejected SSLv3 256 bits CAMELLIA256-SHA
Failed SSLv3 256 bits PSK-AES256-CBC-SHA
Accepted SSLv3 168 bits ECDHE-RSA-DES-CBC3-SHA
Rejected SSLv3 168 bits ECDHE-ECDSA-DES-CBC3-SHA
Rejected SSLv3 168 bits EDH-RSA-DES-CBC3-SHA
Rejected SSLv3 168 bits EDH-DSS-DES-CBC3-SHA
Dns performance test
Simple script
for i in $(seq 1 9000); do dig @8.8.8.8 c$i.com soa & done >a 2>b
report memory map of a process
Processiniz hangi uygulamalarla iletişim halinde ne kadar RAM tüketiyor görebiliyorsunuz
$ pmap 4059 {PID}
4059: /usr/bin/java -jar /home/dincer/Desktop/ApacheDirectoryStudio-linux-x86_64-1.5.3.v20100330/plugins/org.eclipse.equinox.launcher_1.0.201.R35x_v20090715.jar -os linux -ws gtk -arch x86_64 -showsplash -launch
er /home/dincer/Desktop/ApacheDirectoryStudio-linux-x86_64-1.5.3.v20100330/ApacheDirectoryStudio -name ApacheDirectoryStudio —launcher.library /home/dincer/Desktop/ApacheDirectoryStudio-linux-x86_64-1.5.3.v201003
30/plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.0.200.v20090519/eclipse_1206.so -s
0000000000400000 36K r-x— /usr/lib/jvm/java-6-openjdk/jre/bin/java
0000000000608000 4K r—— /usr/lib/jvm/java-6-openjdk/jre/bin/java
0000000000609000 4K rw—- /usr/lib/jvm/java-6-openjdk/jre/bin/java
0000000000da7000 31424K rw—- [ anon ]
00000000bba00000 45824K rw—- [ anon ]
00000000be6c0000 124160K rw—- [ anon ]
00000000c6000000 39616K rw—- [ anon ]
00000000c86b0000 593920K rw—- [ anon ]
00000000ecab0000 83520K rw—- [ anon ]
00000000f1c40000 49600K ——- [ anon ]
00000000f4cb0000 183616K rw—- [ anon ]
00007f58e84ee000 12K ——- [ anon ]
00007f58e84f1000 1016K rw—- [ anon ]
00007f58e85ef000 12K ——- [ anon ]
00007f58e85f2000 1016K rw—- [ anon ]
00007f58e86f0000 1348K r-x— /usr/lib/libxml2.so.2.7.8
00007f58e8841000 2044K ——- /usr/lib/libxml2.so.2.7.8
00007f58e8a40000 32K r—— /usr/lib/libxml2.so.2.7.8
00007f58e8a48000 8K rw—- /usr/lib/libxml2.so.2.7.8
00007f58e8a4a000 4K rw—- [ anon ]
00007f58e8a4b000 216K r-x— /usr/lib/libcroco-0.6.so.3.0.1
00007f58e8a81000 2044K ——- /usr/lib/libcroco-0.6.so.3.0.1
00007f58e8c80000 4K r—— /usr/lib/libcroco-0.6.so.3.0.1
00007f58e8c81000 12K rw—- /usr/lib/libcroco-0.6.so.3.0.1
…
Seviyorum seni ülen Linux :)
qcow2 imajini mount etmek
imaj hakkında bilgi edinelim.
$ qemu-img info image.qcow2
modülü ekleyelim.
$ modprobe nbd max_part=16
imajı nbd sürücüsüne bağlayalım.
$ qemu-nbd -c /dev/nbd0 image.qcow2
nbd sürücüsü üzerindeki partitionlara bakalım.
$ fdisk /dev/nbd0
istediğimiz partitionu mount edelim.
$ mount /dev/nbd0p1 /mnt/image
Şimdi ise bağladığımız imajı bırakalım.
$ umount /mnt/image
$ qemu-nbd -d /dev/nbd0
Bu kadar :)
Linux swap kullanım oranına göre processleri sıralamak
$ top
top - 15:24:50 up 6:25, 4 users, load average: 0.01, 0.04, 0.05
Tasks: 148 total, 1 running, 146 sleeping, 0 stopped, 1 zombie
Cpu(s): 2.7%us, 0.7%sy, 0.0%ni, 96.7%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3797528k total, 3069344k used, 728184k free, 550052k buffers
Swap: 949380k total, 0k used, 949380k free, 1000448k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1952 dincer 20 0 1199m 356m 39m S 4 9.6 39:36.57 firefox
1077 root 20 0 421m 76m 11m S 3 2.1 14:55.58 Xorg
2913 dincer 20 0 307m 20m 11m S 3 0.5 0:03.20 gnome-terminal
2493 dincer 20 0 640m 99m 31m S 2 2.7 5:04.12 compiz
‘O’( Büyük O ) ya bas sonra ‘p’ bas ve ‘enter’
Şimdi ençok swap kullanan uygulamayı görüyorsun.
top - 15:25:56 up 6:26, 4 users, load average: 0.00, 0.04, 0.05
Tasks: 148 total, 1 running, 146 sleeping, 0 stopped, 1 zombie
Cpu(s): 2.5%us, 0.7%sy, 0.0%ni, 96.8%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3797528k total, 3062272k used, 735256k free, 550052k buffers
Swap: 949380k total, 0k used, 949380k free, 1001276k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ SWAP COMMAND
2028 dincer 20 0 1688m 68m 29m S 0 1.8 0:23.10 1.6g empathy-chat
1952 dincer 20 0 1253m 346m 39m S 4 9.4 39:42.72 906m firefox
2713 dincer 20 0 871m 122m 27m S 1 3.3 9:47.62 749m plugin-contain
1721 dincer 20 0 640m 35m 22m S 0 1.0 0:42.81 604m empathy
2493 dincer 20 0 641m 99m 31m S 0 2.7 5:05.11 542m compiz
Linux Vserver chcontext and magic
En sevdiğimiz vserver komutlarımız :)
$ vps
$ vtop
$ sudo chcontext —ctx 1 netstat -lpn
$ sudo chcontext —ctx 1 atop 1
Intrusion prevention system and intrusion detection system
oracle data guard testleri
http://www.orafaq.com/wiki/Data_Guard
Aynı Sunucu üzerinde yapıyoruz. BAŞLIYORUZ!!..
Master “ora11g”
Slave “ora11gdg”
instance adı 8 karakterden buyuk olmasın!
******************************************************
Veritabanımızın arşiv mode alalım.
SQL> shutdown immediate
SQL> startup mount
SQL> alter database archivelog;
SQL> alter database open;
SQL> archive log list;
**********************************************************
SQL> Select FORCE_LOGGING from V$DATABASE;
SQL> ALTER DATABASE FORCE LOGGING;
SQL> select member from v$logfile;
MEMBER
——————————————————————————————————-
/opt/oracle/oradata/ora11g/redo03.log
/opt/oracle/oradata/ora11g/redo02.log
/opt/oracle/oradata/ora11g/redo01.log
(1 Fazlası olacak şekilde)
SQL> alter database add standby logfile ‘/opt/oracle/oradata/ora11gdg/srl01.log’ size 152428800;
SQL> alter database add standby logfile ‘/opt/oracle/oradata/ora11gdg/srl02.log’ size 152428800;
SQL> alter database add standby logfile ‘/opt/oracle/oradata/ora11gdg/srl03.log’ size 152428800;
SQL> alter database add standby logfile ‘/opt/oracle/oradata/ora11gdg/srl04.log’ size 152428800;
***********************************************************
SQL> show parameter db_name;
SQL> show parameter db_unique_name;
SQL> alter system set log_archive_config=’dg_config=(ora11g,ora11gdg)’;
SQL> alter system set log_archive_dest_1=’LOCATION=???’;
SQL> alter system set log_archive_dest_2=’service=ora11gdg async valid_for=(online_logfile,primary_role) db_unique_name=ora11gdg’;
SQL> show parameter log_archive_dest_2
SQL> show parameter log_archive_config
*******************************************************
Lisener ora11gdg yi dinleyecek şekilde ayarlanır.
netmgr
lsnrctl reload
******************************************************
copy orapwora11g.ora orapwora11gdg.ora
$vi $ORACLE_HOME/dbs/initora11gdg.ora
DB_NAME=ora11gdg
SQL> show parameter dump;
mkdir $ORACLE_BASE/admin/$ORACLE_SID/adump
Artık ora11gdg instance başlatabiliriz.
export ORACLE_SID=ora11gdg
sqlplus “/as sysdba”
SQL> startup nomount
*********************************************************
OK şimdi ora11g ye geri dönelim.
export ORACLE_SID=ora11g
rman ile kopyalamaya başlayalım.
rman target /
connect auxiliary sys/oracle@ora11gdg
run {
allocate channel prmy1 type disk;
allocate channel prmy2 type disk;
allocate auxiliary channel stby type disk;
duplicate target database for standby from active database
spfile
parameter_value_convert ‘ora11g’,’ora11gdg’
set db_unique_name=’ora11gdg’
set db_file_name_convert=’/opt/oracle/oradata/ora11g/’,’/opt/oracle/oradata/ora11gdg/’
set log_file_name_convert=’/opt/oracle/oradata/ora11g/’,’/opt/oracle/oradata/ora11gdg/’
set control_files=’/opt/oracle/oradata/ora11gdg/ora11gdg.ctl’
set log_archive_max_processes=’5’
set fal_client=’ora11gdg’
set fal_server=’ora11g’
set standby_file_management=’AUTO’
set log_archive_config=’dg_config=(ora11g,ora11gdg)’
set log_archive_dest_1=’service=ora11g ASYNC valid_for=(ONLINE_LOGFILE,PRIMARY_ROLE) db_unique_name=ora11g’
set log_archive_dest_2=’service=ora11gdg async valid_for=(online_logfile,primary_role) db_unique_name=ora11gdg’;
}
*********************************************************
export ORACLE_SID=ora11g
sqlplus “/as sysdba”
SQL> SELECT sequence#, first_time, next_time
FROM v$archived_log
ORDER BY sequence#;
SQL> alter system switch logfile;
export ORACLE_SID=ora11gdg
sqlplus “/as sysdba”
SQL> alter database recover managed standby database using current logfile disconnect;
SQL> alter system set log_archive_dest_3= ‘LOCATION=/home/oracle/archive2’ scope=both sid=’*’;
SQL> alter system set log_archive_dest_1=’service=ora11g ASYNC valid_for=(ONLINE_LOGFILE,PRIMARY_ROLE) db_unique_name=ora11g’
SQL> alter system set log_archive_dest_2=’service=ora11gdg async valid_for=(online_logfile,primary_role) db_unique_name=ora11gdg’
SQL> alter system set log_archive_dest_3= ‘LOCATION=/home/oracle/archive2’
SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE CANCEL;
SQL> ALTER DATABASE OPEN READ ONLY;
SQL> ALTER DATABASE RECOVER MANAGED STANDBY DATABASE USING CURRENT LOGFILE DISCONNECT;
****************************************************************
