The Joker

December 20th, 2013 | kalerparamvir

It all started with ” I believe whatever doesn’t kill you simply makes you… stranger”.

My first impressions :

- yet another ordinary guy, with very poor sense of humour
- yet another villian, who is after money
- yet another attention seeker

At that moment, I never realized that how deep this character is. Joker is a villain who does not become a bad guy because of any personal reasons (a childhood spent in poverty, molestation etc). He is a bad guy because he wants to be a bad guy. He is a unique personality, a mixture of humor, anger, sarcasm, simplicity ,intelligence (A genius I will say). He has no friends, no family and he does not trust anyone.

Batman: He must have friends!
Salvatore Maroni: Friends? Have you met this guy?

Even Batman had a wrong impression about him. See, it is not ones fault, our society has a very poor class of villains who are after money, power, fame or stardom. But, this guy here, is of different league. In his own words, “I am a man of very simple taste”

A violent maniac who is the definition for pure evil (not necessary evil). Joker is not a schemer, he does not waste time in making plans, he just do things. He not only hate making plans, he hates schemers and their attempts to control this world. He always wants to show the schemers how, pathetic, their attempts to control things really are. Because of his extra-ordinary mind, he can easily make out what his enemies or schemers are planning and can turn it around. He murders people indiscriminately, with the prime motive of destroying, not specific lives, but respect for life, in general.

He has nothing, but complete disrespect for values and hate people who feel proud of their values. For ex – Dent with “I make my own luck” attitude. We all know, what he did to Dent. Instead of killing Dent, he destroyed his morals, values and love. He is not only a man of simple tastes, he has a very clear mindset and philosophy that makes him “Agent Of Chaos”

Introduce a little anarchy. Upset the established order, and everything becomes chaos.

Most of the people believe that Joker is insane, he has completely lost his mind. I was one of these for a while. One day, I saw a real insane person and after observing him for a good time, I changed my mind. I thought, how can someone who does not know what is going on, where he is and why he is there can be a Joker. The Joker is a master of tricks, disguise and a liar who manipulates his enemies through lies, trickery, disguises, and traps. He has shown this on numerous occasions – bank robbery, gambol murder, dressing as a guard to kill mayor etc etc.

Joker is the most fearless villain of all times. He doesn’t ever bother to remember that how he got the scars. In comics universe, Scarecrow once betrayed Joker by spraying him with fear gas, but it has absolutely no effect on him. The Joker, does not value life, especially not his own. Even when faced with death, he laughs, as life is of no importance.

In his death too, he would have won by proving “all it takes is the right circumstances to turn a man to evil”. Last lines, as said by Alfred sums up this death-worshiping mentality:

“Some men aren’t interested in anything logical, like money. Some men just want to watch the world burn.”

Kerberos + Apache + AD

July 30th, 2013 | kalerparamvir

Kerberos Installation Guide

Step 1 – Pre-requisites

Kerberos Components
pam_krb5-2.3.11-9.el6.x86_64
krb5-devel-1.9-33.el6_3.2.x86_64
krb5-workstation-1.9-33.el6_3.2.x86_64
krb5-libs-1.9-33.el6_3.2.x86_64

Apache
httpd-tools
httpd-devel

Kerberos Apache Module
mod_auth_kerb

Time on AD and Apache Server must be same

Step 2 Keytab File

In order to use kerberos authentication in apache httpd we need a service principal entry in the keytab file on the machine running apache httpd. All descriptions here use the global keytab file in /etc/krb5.keytab. 

A  keytab file needs to be created because each kerberized Apache server needs an AD account to authenticate against the domain.  The ktpass command is used on the Windows system to map the AD user to the HTTP service and then create the corresponding keytab file which is what we need on the Centos Linux webserver configuration

Means for Server 1 – httpd@server1 and httpd@server2 for Server 2 and so on

Before this kerberos client must be installed obn Apache server with valid krb5.conf file

Steps for Keytab File
1. Create Service Principal for httpd on KDC
2. Create User account for every Apache server
3. Create Keytab File in Service Principal for every user account (Step 2)  

We need to repeat these steps for every Apache server
4. Move the keytab file on Linux machine, copy it’s contents in /etc/krb5.keytab
5. Verify using kinit and klist commands.

Step 3 Apache Config

Add following in httpd.conf

KrbMethodNegotiate off
KrbMethodK5Passwd on
KrbVerifyKDC off
KrbAuthRealms OUR-DOMAIN
Krb5KeyTab /etc/krb5.keytab

Apache confighuration depends upon your requirment and environment.

How to calculate the MySQL database size

January 27th, 2012 | kalerparamvir

Run the below query you can get the Size of Database and Tables in MySQL

SELECT TABLE_NAME, table_rows, data_length, index_length,
round(((data_length + index_length) / 1024 / 1024),2) “Size in MB”
FROM information_schema.TABLES WHERE table_schema = “db_name”;

Let me know if it does not work for you.

Two-Factor SSH Authentication with Google Authenticator

January 16th, 2012 | kalerparamvir

1. Install latest version of Ruby

a. wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.7-p330.tar.gz
b. tar zxvf ruby-1.8.7-p330.tar.gz
c. ./configure –enable-pthread
d. make && make install
e. ln -s /usr/local/bin/ruby /usr/bin/ruby

2. Install RubyGems

a. wget http://production.cf.rubygems.org/rubygems/rubygems-1.8.15.tgz
b. tar zxvf rubygems-1.8.15.tgz
c. ruby setup.rb

3. Create a file “two_factor” under any directory with the mentioned contents. I am creating it under /usr/bin

———————————————-
#!/usr/bin/env ruby
require ‘rubygems’
require ‘rotp’
# we’ll pass in a secret to this script from the authorized_keys file
abort unless secret = ARGV[0]
# prompt the user for their validation code
STDERR.write “Enter the validation code: ”
until validation_code = STDIN.gets.strip
sleep 1
end
# check the validation code is correct
abort “Invalid” unless validation_code == ROTP::TOTP.new(secret).now.to_s
# user has validated so we’ll give them their shell
Kernel.exec ENV['SSH_ORIGINAL_COMMAND'] || ENV['SHELL']

————————————————-

4. Create public/private keys and enable key authentication with SSH. You may refer “http://www.ece.uci.edu/~chou/ssh-key.html”

5. We need to generate a secret token that is shared between the Google Authenticator app and the server. Use the following script to do it.

————————

#!/usr/bin/env ruby
require ‘rubygems’
require ‘rotp’
secret = ROTP::Base32.random_base32
data = “otpauth://totp/#{`hostname -s`.strip}?secret=#{secret}”
url = “https://chart.googleapis.com/chart?chs=200×200&chld=M|0&cht=qr&chl=#{data}”
puts “Your secret key is: #{secret}”
puts url

————————–
Running this produces (ruby script.rb)

Your secret key is: 4rr7kc47sc5a2fgt

https://chart.googleapis.com/chart?chs=200×200&chld=M|0&cht=qr&chl=otpauth://totp/myserver?secret=4rr7kc47sc5a2fgt

6. Scan the QR code directly into Google Authenticator and then update the sshd_config file as follows:

ForceCommand /usr/bin/two_factor 4rr7kc47sc5a2fgt

Make sure to replace your secret key as per the output

Understanding Reverse Proxy

December 1st, 2011 | kalerparamvir

After searching for a while, I decided to write a simple example to explain reverse proxy.

A Reverse Proxy Scenario

Company example.com has a website at www.example.com, which has a public IP address and DNS entry, and can be accessed from anywhere on the Internet.

The company also has a couple of application servers which have private IP addresses and unregistered DNS entries, and are inside the firewall. The application servers are visible within the network – including the webserver, as “internal1.example.com” and “internal2.example.com”, But because they have no public DNS entries, anyone looking at internal1.example.com from outside the company network will get a “no such host” error.

A decision is taken to enable Web access to the application servers. But they should not be exposed to the Internet directly, instead they should be integrated with the webserver, so that http://www.example.com/app1/any-path-here is mapped internally to http://internal1.example.com/any-path-here and http://www.example.com/app2/other-path-here is mapped internally to http://internal2.example.com/other-path-here.

This is a typical reverse-proxy situation.

Do let me know if you have any queries or feedback.

Mobile OS

November 17th, 2011 | kalerparamvir

PHP script to check MySQL database sizes

November 11th, 2011 | kalerparamvir
<?php
$link = mysql_connect('localhost', 'root', '');
$db_list = @mysql_list_dbs($link);
while ($row = @mysql_fetch_object($db_list)) {
 mysql_select_db("$row->Database") or die(mysql_error());
 $query = "SELECT CONCAT(sum(ROUND(((DATA_LENGTH + INDEX_LENGTH - DATA_FREE) 
 / 1024 / 1024),2)),' MB') AS Size FROM INFORMATION_SCHEMA.TABLES 
 where TABLE_SCHEMA like '" . $row->Database . "'" ;
 $result = @mysql_fetch_row(mysql_query($query));
 echo $row->Database."=".$result[0]."\n";
}
?>

Munin

October 31st, 2011 | kalerparamvir

Munin is a network/system monitoring application that presents output in graphs through a web interface. Its emphasis is on plug and play capabilities. About 500 monitoring plugins are currently available. Using Munin you can monitor the performance of your computers, networks, SANs, and applications. It tries to make it easy to determine “what’s different today” when a performance problem crops up and to see how you’re doing capacity wise on all limited resources.

It uses the RRDtool (written by Tobi Oetiker) and is written in Perl. Munin has a master/node architecture in which the master connects to all the nodes at regular intervals and asks them for data. It then stores the data in RRD files, and (if needed) updates the graphs. One of the main goals has been ease of creating new plugins (graphs).

To install Munin on RPM based distribution, follow the mentioned steps :

1. Add EPEL repo (for Monit)

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

2. yum -y install munin munin-node perl-Cache perl-Cache-Cache perl-IPC-ShareLite git

Install DBD-MySQL  using cpan

a. install DBD::mysql
b. install Module::Pluggable

3. Now, we need to install extended MySQL plugins:

a. git clone http://github.com/kjellm/munin-mysql
b. cd munin-mysql; edit Makefile and point PLUGIN_DIR to the directory where our munin plugins reside (/usr/share/munin/plugins)
c. make install

4. Mention the MySQL root password in  /etc/munin/plugin-conf.d/mysql.conf file as

env.mysqlpassword password        (This is the last parameter in mysql.conf file)

5. Varnish graphs – Before configuring graphs, we need to follow these steps :

1. mkdir /usr/local/var/varnish/standalone7 (we need to create a directory whose name is same as hostname of server)

2. cp  /usr/local/var/varnish/varnish/_.vsl /usr/local/var/varnish/standalone7   (Copy _.vsl file to this new folder)

Now, graphs :

a. git clone git://github.com/basiszwo/munin-varnish.git
b. ls munin-varnish/
c. cp -v varnish* /usr/share/munin/plugins/
d. chmod 755  /usr/share/munin/plugins/varnish*
d. ln -s /usr/share/munin/plugins/varnish* /etc/munin/plugins/

6. Create symlinks for the modules we wish to monitor . By default all modules are available under /usr/share/munin/plugins, we need to create symlinks
in /etc/munin/plugins folder. There is no need to create symlinks for MySQL

ln -s /usr/share/munin/plugins/nginx_status /etc/munin/plugins/nginx_status
ln -s /usr/share/munin/plugins/nginx_request /etc/munin/plugins/nginx_request

7. Create a file named qmail under /etc/munin/plugin-conf.d with :

[qmail*]
user root

8. Remove sendmail graphs

rm -f /etc/munin/plugins/sendmail_*

9 . We can also reduce the time interval of munin cron by editing “/etc/cron.d/munin” file  (by default it is set to 5 mins)

*/3 * * * *     munin test -x /usr/bin/munin-cron && /usr/bin/munin-cron

Bash script to perform MySQL database backup

May 4th, 2011 | kalerparamvir

#!/bin/sh
path=/var/www/backups
# Path of target directory
export d=`date +%d%m%y`
NOW=$(date +”%m-%d-%Y”)
mysqldump -u user -ppass database_ name -h 127.0.0.1 > $path/backup_$d.sql
find $path -mtime +5 -exec rm {} \;
# Remove all files older than 5 days
gzip $path/backup_$d.sql
sleep 5
mutt -s ” Backup $NOW”  example@example.com < /var/email

Unfriend Facebook Finder

April 18th, 2011 | kalerparamvir

Unfriend Finder is a realtime script that allows you to know wich one of your friends removed you on Facebook.  A locale database keeps record of your friendlist, and is compared at each refresh.

There’s nothing terribly surprising or complicated about installing and using Unfriend Finder. You just download it, install it in your web browser of choice (assuming your choice is either Chrome, Firefox, Opera, or Safari), log into Facebook, and let Unfriend Finder do its job.

Install it from : http://userscripts.org/scripts/show/58852