adrci command line
:ON Database SID (alert log & trace file)
show home
set homepath diag/rdbms/db_sid/db_sid
show alert -tail
show tracefile -tail
PURGE -AGE 7200 -TYPE ALERT;
:ON Listener log (alertlog & tracefile)
show home
set home diag/tnslsnr/db_hostname/listener
show alert -tail
show tracefile -tail
PURGE -AGE 7200 -TYPE ALERT;
-age in sec
Tuesday, April 19, 2016
lock account/unlock account Office 365 user
To block a user account:
Set-MsolUser –UserPrincipalName user@yourdomain –blockcredential $true
To unlock a user accout:
Set-MsolUser -UserPrincipalName user@yourdomain –blockcredential $false
Set-MsolUser –UserPrincipalName user@yourdomain –blockcredential $true
To unlock a user accout:
Set-MsolUser -UserPrincipalName user@yourdomain –blockcredential $false
Tuesday, March 22, 2016
Source.list mirror.ku.ac.th Ubuntu 15.10 wily warewolf
#####Main,Restriced Update#####
deb http://mirror1.ku.ac.th/ubuntu/ wily main restricted
deb http://mirror1.ku.ac.th/ubuntu/ wily-updates main restricted
deb http://mirror1.ku.ac.th/ubuntu-security/ wily-security main restricted
#####KU Multiverse,Universe Update(Optional)#####
deb http://mirror1.ku.ac.th/ubuntu/ wily multiverse universe
deb http://mirror1.ku.ac.th/ubuntu/ wily-updates multiverse universe
deb http://mirror1.ku.ac.th/ubuntu-security/ wily-security multiverse universe
#####Source File Main, Restriced (Optional)#####
deb-src http://mirror1.ku.ac.th/ubuntu/ wily main restricted
deb-src http://mirror1.ku.ac.th/ubuntu/ wily-updates main restricted
deb-src http://mirror1.ku.ac.th/ubuntu-security/ wily-security main restricted
#####Source File Multiverse,Universe (Optional)#####
deb-src http://mirror1.ku.ac.th/ubuntu/ wily multiverse universe
deb-src http://mirror1.ku.ac.th/ubuntu/ wily-updates multiverse universe
deb-src http://mirror1.ku.ac.th/ubuntu-security/ wily-security multiverse universe
OR
edit source.list
vi search and replace
:%s/soure_url/mirror_url
ex:
:%s/us.archive.ubuntu.com/mirror1.ku.ac.th
Friday, March 18, 2016
Assigned IP Address to new NIC and restart network services Solaris10 without REBOOT
List Physical NIC
#ifconfig -a plumb up
pri-db# dladm show-link
vmxnet3s0 type: non-vlan mtu: 1500 device: vmxnet3s0
vmxnet3s1 type: non-vlan mtu: 1500 device: vmxnet3s1 <---new NIC
cat /etc/path_to_inst
Assigned NIC interface
edit /etc/hostname.vmxnet3s1
new-hostname
Assigned IP Address
edit /etc/hosts
new-hostname 192.168.1.111
Assigned Netmask
edit /etc/netmask
192.168.1.0 255.255.255.0
Restart Network Services
#svcadm restart network/physical
#ifconfig -a plumb up
pri-db# dladm show-link
vmxnet3s0 type: non-vlan mtu: 1500 device: vmxnet3s0
vmxnet3s1 type: non-vlan mtu: 1500 device: vmxnet3s1 <---new NIC
cat /etc/path_to_inst
Assigned NIC interface
edit /etc/hostname.vmxnet3s1
new-hostname
Assigned IP Address
edit /etc/hosts
new-hostname 192.168.1.111
Assigned Netmask
edit /etc/netmask
192.168.1.0 255.255.255.0
Restart Network Services
#svcadm restart network/physical
Friday, February 26, 2016
Fail2BAN Test
Add configure to /etc/fail2ban/jail.local
========================
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
# maxretry is how many GETs we can have in the findtime period before getting narky
maxretry = 300
# findtime is the time period in seconds in which we're counting "retries" (300 seconds = 5 mins)
findtime = 300
# bantime is how long we should drop incoming GET requests for a given IP for, in this case it's 5 minutes
bantime = 300
action = iptables[name=HTTP, port=http, protocol=tcp]
Create Filter file /etc/fail2ban/filter.d/http-get-dos.conf
=======================================
[Definition]
# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.
failregex = ^<HOST> -.*"(GET|POST).*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
@start service
/etc/init.d/fail2ban start
/etc/init.d/fail2ban stop
Connect Load test from client (192.168.1.14)
================================
[root@Client-01 ~]# ab -n 100 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
Completed 100 requests
Completed 200 requests
Finished 300 requests
Server Software: Apache/2.4.10
Server Hostname: 192.168.1.191
Server Port: 80
Document Path: /
Document Length: 11321 bytes
Concurrency Level: 10
Time taken for tests: 0.80254 seconds
Complete requests: 300
Failed requests: 0
Write errors: 0
Total transferred: 3495887 bytes
HTML transferred: 3413139 bytes
Requests per second: 3738.13 [#/sec] (mean)
Time per request: 2.675 [ms] (mean)
Time per request: 0.268 [ms] (mean, across all concurrent requests)
Transfer rate: 42527.47 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.3 0 1
Processing: 1 1 1.1 2 4
Waiting: 0 0 0.8 1 2
Total: 1 2 0.6 2 4
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.
Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 3
95% 3
98% 3
99% 4
100% 4 (longest request)
BAN!!!
=====
[root@Client-01 ~]# ab -n 300 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
apr_socket_recv: Connection refused (111)
@SERVER site check iptables
======================
root@IDP-Server:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-HTTP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2 2
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-HTTP (1 references) <--------------------AUTO Add from Fail2BAN
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-p ort-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
UNBAN
======
@Server site :
iptables -L -n
Chain f2b-HTTP (1 references)
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
@check rules name :
root@IDP-Server:~# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: http-get-dos, sshd
@set UNBAN
root@IDP-Server:~# fail2ban-client set http-get-dos unbanip 192.168.1.14
192.168.1.14
@LOG :
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
2016-02-25 13:00:56,160 fail2ban.actions [3504]: NOTICE [http-get-dos] Unban 192.168.1.14
========================
[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
# maxretry is how many GETs we can have in the findtime period before getting narky
maxretry = 300
# findtime is the time period in seconds in which we're counting "retries" (300 seconds = 5 mins)
findtime = 300
# bantime is how long we should drop incoming GET requests for a given IP for, in this case it's 5 minutes
bantime = 300
action = iptables[name=HTTP, port=http, protocol=tcp]
Create Filter file /etc/fail2ban/filter.d/http-get-dos.conf
=======================================
[Definition]
# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.
failregex = ^<HOST> -.*"(GET|POST).*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
@start service
/etc/init.d/fail2ban start
/etc/init.d/fail2ban stop
Connect Load test from client (192.168.1.14)
================================
[root@Client-01 ~]# ab -n 100 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
Completed 100 requests
Completed 200 requests
Finished 300 requests
Server Software: Apache/2.4.10
Server Hostname: 192.168.1.191
Server Port: 80
Document Path: /
Document Length: 11321 bytes
Concurrency Level: 10
Time taken for tests: 0.80254 seconds
Complete requests: 300
Failed requests: 0
Write errors: 0
Total transferred: 3495887 bytes
HTML transferred: 3413139 bytes
Requests per second: 3738.13 [#/sec] (mean)
Time per request: 2.675 [ms] (mean)
Time per request: 0.268 [ms] (mean, across all concurrent requests)
Transfer rate: 42527.47 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.3 0 1
Processing: 1 1 1.1 2 4
Waiting: 0 0 0.8 1 2
Total: 1 2 0.6 2 4
WARNING: The median and mean for the waiting time are not within a normal deviation
These results are probably not that reliable.
Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 3
95% 3
98% 3
99% 4
100% 4 (longest request)
BAN!!!
=====
[root@Client-01 ~]# ab -n 300 -c 10 http://192.168.1.191/
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking 192.168.1.191 (be patient)
apr_socket_recv: Connection refused (111)
@SERVER site check iptables
======================
root@IDP-Server:~# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
f2b-HTTP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
f2b-sshd tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 2 2
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain f2b-HTTP (1 references) <--------------------AUTO Add from Fail2BAN
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-p ort-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain f2b-sshd (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,749 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,750 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,751 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,752 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,753 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,754 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,755 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,756 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,757 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,758 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,759 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,760 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,761 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,762 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,763 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:06,764 fail2ban.filter [3504]: INFO [http-get-dos] Found 192.168.1.14
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
UNBAN
======
@Server site :
iptables -L -n
Chain f2b-HTTP (1 references)
target prot opt source destination
REJECT all -- 192.168.1.14 0.0.0.0/0 reject-with icmp-port-unreachable
RETURN all -- 0.0.0.0/0 0.0.0.0/0
@check rules name :
root@IDP-Server:~# fail2ban-client status
Status
|- Number of jail: 2
`- Jail list: http-get-dos, sshd
@set UNBAN
root@IDP-Server:~# fail2ban-client set http-get-dos unbanip 192.168.1.14
192.168.1.14
@LOG :
root@IDP-Server:~# tail -f fail2ban.log
2016-02-25 12:56:07,443 fail2ban.actions [3504]: NOTICE [http-get-dos] Ban 192.168.1.14
2016-02-25 13:00:56,160 fail2ban.actions [3504]: NOTICE [http-get-dos] Unban 192.168.1.14
Wednesday, February 10, 2016
ORA-39700: database must be opened with UPGRADE option
set ORACLE_SID=<SID>
sqlplus "/as sysdba"
startup upgrade;
@$ORACLE_HOME\rdbms\admin\catalog.sql;
@$ORACLE_HOME\rdbms\admin\catproc.sql;
Subscribe to:
Posts (Atom)
ALCATEL 6900
write memory copy running certified reload from working no rollback-timeout
-
grant execute on utl_http to wc grant execute on dbms_lock to wc; BEGIN DBMS_NETWORK_ACL_ADMIN.create_acl ( acl => ...
-
:system view system-view or sys :show all config dis current-configuration :create vlan vlan vlan_number :show ip interface ...
-
SET LLDP System NAME: system name ALL-Uplink system location SIAM-FL11 SHOW LLDP Configure: show lldp config or show lldp local-syste...