หน้าเว็บ

Friday, March 22, 2013

อยู่ต่อเลยได้ไหม

สิงโต นำโชค



สิงโต นำโชค

Intro:  /Dmaj7 E7/C#m7 F#m7/Bm7 E7/Amaj7/

Dmaj7        E7               C#m7         F#m7
มองไปก็มีแต่ฝนโปรยปลาย ในหัวใจก็มีแต่ความเหน็บหนาว
Dmaj7             E7                        C#m7  F#m7
ท้องฟ้าที่มองไม่เห็นแสงดาว คืนเหน็บหนาวยิ่งทำให้ใจเราหนาวสั่น

Dmaj7             E7            C#m7          F#m7
* อยากอยู่ดูแลให้เธอฝันดี แต่ใจก็รู้ดีคงหมดเวลาของฉัน
Dmaj7                 E7                       C#m7        F#m7
ยากจะอยู่กับเธอให้นานน้านนาน แต่ก็คงต้องลาเพราะใจที่ไหวหวั่น

B7                                                       E7
** แต่ใจของฉันบอก อยากอยู่กับเธอต่อ แต่ฉันวิงวอนกับเธอได้เพียงสายตา

                     Dmaj7  E7                   C#m7    F#m7   Bm7        E7             F#7sus4 F#7
*** อยู่ต่อเลยได้ไหม อย่าเพิ่งปล่อยให้ตัวฉันไป เธอก็รู้ทั้งหัวใจฉันอยู่ที่เธอหมดแล้วตอนนี้
                 Dmaj7               E7           C#m7  F#m7 Bm7          E7       Amaj7 (F#7sus4 F#7)
อยากได้ยินคำว่ารักแทนคำบอกลา เมฆฝนบนฟ้าคงรู้ดี     คืนนี้....ฉันได้อยู่ใกล้ ๆ เธอ

           Dmaj7                    E7                C#m7                     F#m7
ก็เพราะว่าคืนนี้ ฉันกลัวว่าฉันจะนอนฝันร้าย ถ้าฉันต้องกลับไปไม่มีเธอเคียงข้างฉัน
Dmaj7              E7                     C#m7         F#m7
นาฬิกาคงไม่บอกคืนและวัน โลกของฉันที่ไม่มีเธอคงว่างเปล่า

(  *,  **, ***  )

Solo: /Dm9/G13/Dm9/G13/
        /Dm9/G13/Bm7/E7/
        /Dmaj7 E7/C#m7 F#m7/Bm7 E7 /F#7/
        /Dmaj7 E7/C#m7 F#m7/Bm7 E7 /Amaj7/

(  ***, ***  )

    Bm7         E7    F#7sus4 F#7
คืนนี้ให้ฉันได้อยู่กับเธอ  
    Bm7         E9       F#add9
คืนนี้ให้ฉันได้อยู....กับเธอ
Posted by at No comments:

ร่มสีเทา

วัชราวลี



Intro: /A B/G#m C#m/ F#m B/Emaj7/
         /A B/G#m C#m/ F#m/B/

E                               G#m F#m  B            E
ฉันเฝ้าถามความสุขอยู่ที่ไหน   ชายที่เขาเดินผ่านฉันเข้ามา
          A                               G#m       C#m    F#m          B
บอกกับฉันขอร่มสักคัน แต่ว่าที่มือเขาก็มีหนึ่งคัน  ก็แปลกใจ ท่ามกลางหยดฝนโปรยปราย
E                          G#m   F#m   B            E
เขาก็ถามฉันว่าอยากสุขไหม  ลองหุบร่มในมือสักพักนึง
            A                             G#m        C#m     F#m                        B
และเงยหน้ามองวันเวลา มองหยดน้ำที่มันกระทบตา ยังเปียกอยู่ใช่ไหม หรือไม่มีฝน


             A            B      G#m         C#m     F#m          B  E   E7
* บนท้องฟ้าไม่มีอะไรแน่นอนถ้ามองจากตรงนี้ เดี๋ยวก็มืดแล้วก็สว่าง
           A              B       G#m          C#m
อาจจะมีฝนก่อเป็นพายุ หรือลมลอยปลิวอยู่แค่นั้น
       F#m                            B                             Amaj7 B
สุขที่เคยเดินทางตามหามานาน ไม่ได้ไกลที่ไหน (อยู่แค่นี้เอง)


E                      G#m   F#m B                E
ยิ้มฉันยิ้มมากกว่าทุกครั้ง   สุขที่ฉันตามหามาแสนนาน
       A                            G#m              C#m   F#m                 B
อยู่ตรงนี้แค่เพียงเข้าใจ อย่าไปยึดถือมันและกอดไว้ ก็แค่ร่มเท่านั้น เท่านั้น

( * )

A                B            G#m            C#m
ฉันเห็นเธอถือร่มผ่านมา เต็มไปด้วยร่องรอยและคราบน้ำตา
F#m           B              E                       E7
ฉันได้เห็นแล้วมันปวดใจ  ไม่ใช่เพียงแค่เธอที่ทุกข์
A                   B                     G#m                       C#m       F#m                      B
ฉันก็เป็นเหมือนเธอ เธอได้ยินไหม อยากขอให้เธอลองโยนร่มที่ถือเอาไว้หนัก โยนมันออกไป

( * )

       F#m                                          B
อย่าไปยึด อย่าไปถือ อย่าไปเอามากอดไว้ ก็จะไม่เสียใจ
       F#m                                                B                                Amaj7       B  E
ตลอดชีวิต ต้องผ่านการเปลี่ยนแปลง ไม่ว่าใคร จะทุกข์ จะสุขแค่ไหน ก็อยู่ที่จะมอง
Posted by at No comments:

Thursday, March 21, 2013

Date and Time

Show Date and Time

[root@myserver ~]# date
Thu Mar 21 14:31:59 ICT 2013

Date Configuration

Change the current date.

[root@myserver ~]# date +%D -s YYYY-MM-DD

YYYY a four-digit year
MM a two-digit month
DD a two-digit day of the month


Change the current time.

[root@myserver ~]# date +%T -s HH:MM:SS

HH hour (00..23)
MM minute (00..59)
SS second (00..59)


Change date and time from remote server

  1. Verify that NTP Server has ntpd service is running 
    [root@ntpserver ~]#  service ntpd status
ntpd is stopped
[root@ntpserver ~]#  service ntpd start
Starting ntpd:                                             [  OK  ]
[root@ntpserver ~]#  service ntpd status
ntpd (pid  28436) is running...
  2. Firstly, check whether the selected NTP server is accessible 
    [root@myserver ~]# ntpdate -q ntpserver_address/hostname
  3. When you find a satisfactory server, run the ntpdate command followed by one or more server addresses 
    [root@myserver ~]# ntpdate ntpserver_address/hostname [ ... ]
  4. In most cases, these steps are sufficient. Only if you really need one or more system services to always use the correct time, enable running the ntpdate at boot time 
    [root@myserver ~]# chkconfig ntpdate on
Refer to:redhat.com: Date and Time Configuration
Posted by at No comments:

FTP

  1. FTP and VSFTPD Configuration
Posted by at No comments:

FTP and VSFTPD Configuration

File Transfer Protocol (FTP) is one of the oldest and most commonly used protocols that Its purpose is to reliably transfer files between computer hosts on a network without requiring the user to log directly into the remote host or have knowledge of how to use the remote system. It allows users to access files on remote systems using a standard set of simple commands.

The Very Secure FTP Daemon (vsftpd) is designed from the ground up to be fast, stable, and, most importantly, secure. Its ability to handle large numbers of connections efficiently and securely is why vsftpd is the only stand-alone FTP distributed with Red Hat Enterprise Linux.

FSFTPD Configuration

  1. Run rpm -q ftp to see if the ftp package is installed.
    If it is not, run yum install ftp as the root user to install it.
  2. Run rpm -q vsftpd to see if the vsftpd package is installed.
    If it is not, run yum install vsftpd as the root user to install it.
  3. In Red Hat Enterprise Linux, vsftpd only allows anonymous users to log in by default. To allow authenticated users to log in, edit /etc/vsftpd/vsftpd.conf as the root user. Make sure the local_enable=YES option is uncommented. 
    # Uncomment this to allow local users to log in.
local_enable=YES
  4. Run service vsftpd start as the root user to start vsftpd.
    If the service was running before editing vsftpd.conf, run service vsftpd restart as the root user to apply the configuration changes. (can check status of vsftpd via run service vsftpd status) 
    [root@myserver ~]#
[root@myserver ~]# service vsftpd status
vsftpd is stopped
[root@myserver ~]#
[root@myserver ~]# service vsftpd start
Starting vsftpd for vsftpd:                                [  OK  ]
[root@myserver ~]#
[root@myserver ~]# service vsftpd status
vsftpd (pid 14059) is running...
[root@myserver ~]#
  5. Run ftp localhost as the user you are currently logged in with. When prompted for your name, make sure your username is displayed. If the correct username is displayed, press Enter, otherwise, enter the correct username. 
    [root@myserver ~]#
[root@myserver ~]# ftp localhost
Connected to localhost.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): myuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp>
ftp> quit
221 Goodbye.
[root@myserver ~]#
  6. An SELinux denial similar to the following is logged:

    setroubleshoot: SELinux is preventing the ftp daemon from reading users home directories (username). For complete SELinux messages. run sealert -l c366e889-2553-4c16-b73f-92f36a1730ce

  7. Access to home directories has been denied by SELinux. This can be fixed by activating the ftp_home_dir Boolean. Enable this ftp_home_dir Boolean by running the following command as the root user: (Do not use the -P option if you do not want changes to persist across reboots.) 
    [root@myserver ~]# setsebool -P ftp_home_dir=1
Refer to:redhat.com: File Transfer Protocol
redhat.com: FTP Servers
Posted by at No comments:

Wednesday, March 20, 2013

Shutting Down and Rebooting the System

Command Line

  1. Shutdown the computer immediately (don't power down). Note that in UNIX systems this kind of shutdown means to go to "single-user mode". Single-user mode is a mode where only the administrator (root) has access to the computer, this mode is designed for maintenance and is often used for repairs. 
    [root@myserver ~]# shutdown now

/sbin/shutdown [-t sec] [-arkhncfFHP] time [warning-message]
OPTIONS
-a     Use /etc/shutdown.allow.
-t sec Tell init to wait sec seconds between sending processes the warning and the kill signal, before changing to another run-level.
-k     Don't really shutdown; only send the warning messages to everybody.
-r     Reboot after shutdown.
-h     Halt or poweroff after shutdown.
-H     Halt action is to halt or drop into boot monitor on systems that support it.
-P     Halt action is to turn off the power.
-n     [DEPRECATED] Don't call init to do the shutdown but do it ourself. The use of this option is discouraged, and  its results are not always what you'd expect.
-f     Skip fsck on reboot.
-F     Force fsck on reboot.
-c     Cancel an already running shutdown. With this option it is of course not possible to give the time argument, but you can enter a explanatory message on the command line that will be sent to all users.
 time   When to shutdown.
 warning-message  Message to send to all users.
  2. Shutdown (-h = halt) the computer immediately. It begins the shutdown procedure, press CTRL-C (break-key) to stop it. After the end of the command you can also leave a message in quotation marks which will be broad-casted to all users. 
    [root@myserver ~]# shutdown -h now "Warning system malfunction, self-destruct imminent"
  3. On some systems, shutdown -h and halt do not actually turn the system's power off. On systems that do not power off with these commands use the poweroff command halt 
    [root@myserver ~]# poweroff

/sbin/poweroff [-n] [-w] [-d] [-f] [-i] [-h]
OPTIONS
-n     Don't sync before reboot or halt. Note that the kernel and storage drivers may still sync.
-w     Don't actually reboot or halt but only write the wtmp record (in the /var/log/wtmp file).
-d     Don't write the wtmp record. The -n flag implies -d.
-f     Force halt or reboot, don't call shutdown.
-i     Shut down all network interfaces just before halt or reboot.
-h     Put all harddrives on the system in standby mode just before halt or poweroff.
  4. Shutting down at a particular time 
    [root@myserver ~]# shutdown -h 16:16
  5. Shutdown ( -r = reboot) the computer immediately. It begins the reboot procedure, press CTRL-C (break-key) to stop it. After the end of the command you can also leave a message in quotation marks which will be broad-casted to all users. 
    [root@myserver ~]# shutdown -r now "Warning system rebooting, all files will be destroyed"

[root@myserver ~]# reboot

 /sbin/reboot [-n] [-w] [-d] [-f] [-i]
OPTIONS
-n     Don't sync before reboot or halt. Note that the kernel and storage drivers may still sync.
-w     Don't actually reboot or halt but only write the wtmp record (in the /var/log/wtmp file).
-d     Don't write the wtmp record. The -n flag implies -d.
-f     Force halt or reboot, don't call shutdown.
-i     Shut down all network interfaces just before halt or reboot.
  6. Rebooting at a particular time 
    [root@myserver ~]# shutdown -r 16:16

GUI

  1. Shutdown: go to System => Shut down the computer or click Shut Down on log in screen.
  2. Log out from the system: go to System => Log out [username] of this session to log in as a different user
  3. Restart: click Restart on log in screen.
Refer to:redhat.com: Shutting Down/Rebooting the System
cyberciti.biz: Linux Reboot Command Example
Posted by at No comments:

Tuesday, March 19, 2013

Security

  1. Firewall
Refer to:
Posted by at No comments:

Firewall

Firewalls are one of the core components of a network security implementation, are a vital component in protecting a computer system, or network of computers from external attack.

In a default Red Hat Enterprise Linux installation, a firewall exists between your computer or network and any untrusted networks.

Firewall Type

MethodDescriptionAdvantagesDisadvantages
NAT Network Address Translation (NAT) places private IP subnetworks behind one or a small pool of public IP addresses, masquerading all requests to one source rather than several. The Linux kernel has built-in NAT functionality through the Netfilter kernel subsystem.
  1. Can be configured transparently to machines on a LAN.
  2. Protection of many machines and services behind one or more external IP addresses simplifies administration duties.
  3. Restriction of user access to and from the LAN can be configured by opening and closing ports on the NAT firewall/gateway.
  1. Cannot prevent malicious activity once users connect to a service outside of the firewall.
Packet Filter A packet filtering firewall reads each data packet that passes through a LAN. It can read and process packets by header information and filters the packet based on sets of programmable rules implemented by the firewall administrator. The Linux kernel has built-in packet filtering functionality through the Netfilter kernel subsystem.
  1. Customizable through the iptables front-end utility.
  2. Does not require any customization on the client side, as all network activity is filtered at the router level rather than the application level.
  3. Since packets are not transmitted through a proxy, network performance is faster due to direct connection from client to remote host.
  1. Cannot filter packets for content like proxy firewalls.
  2. Processes packets at the protocol layer, but cannot filter packets at an application layer.
  3. Complex network architectures can make establishing packet filtering rules difficult, especially if coupled with IP masquerading or local subnets and DMZ networks.
Proxy Proxy firewalls filter all requests of a certain protocol or type from LAN clients to a proxy machine, which then makes those requests to the Internet on behalf of the local client. A proxy machine acts as a buffer between malicious remote users and the internal network client machines.
  1. Gives administrators control over what applications and protocols function outside of the LAN.
  2. Some proxy servers can cache frequently-accessed data locally rather than having to use the Internet connection to request it. This helps to reduce bandwidth consumption.
  3. Proxy services can be logged and monitored closely, allowing tighter control over resource utilization on the network.
  1. Proxies are often application-specific (HTTP, Telnet, etc.), or protocol-restricted (most proxies work with TCP-connected services only).
  2. Application services cannot run behind a proxy, so your application servers must use a separate form of network security.
  3. Proxies can become a network bottleneck, as all requests and transmissions are passed through one source rather than directly from a client to a remote service.


Enabling and Disabling the Firewall

  1. To start this application, either select SystemAdministrationFirewall from the panel, or type system-config-firewall at a shell prompt.
  2. Select one of the following options for the firewall:
    1. Disabled — Disabling the firewall provides complete access to your system and does no security checking. This should only be selected if you are running on a trusted network (not the Internet) or need to configure a custom firewall using the iptables command line tool.
    2. Enabled — This option configures the system to reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
      If you are connecting your system to the Internet, but do not plan to run a server, this is the safest choice.
Refer to:redhat.com: Firewall
techotopia.com: Basic RHEL 5 Firewall Configuration
Posted by at No comments:

SELinux

  1. Enable or Disable SELinux
Refer to:
Posted by at No comments:

Enable or Disable SELinux

Command Line

  1. you can edit the /etc/sysconfig/selinux file. This file is a symlink to /etc/selinux/config.
    # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=permissive
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted

# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
  2. you need to restart the machine for the change to take effect.

NOTE: Changes you make to files while SELinux is disabled may give them an unexpected security label, and new files will not have a label. You may need to relabel part or all of the file system after re-enabling SELinux.

GUI

  1. On the System menu, point to Administration and then click Security Level and Firewall to display the Security Level Configuration dialog box (You need administrator privileges).
  2. Click the SELinux tab.
  3. In the SELinux Setting select either Disabled, Enforcing or Permissive, and then click OK.
  4. If you changed from Enabled to Disabled or vice versa, you need to restart the machine for the change to take effect.
Refer to:redhat.com: Enable or Disable SELinux
Posted by at No comments:

Thursday, March 14, 2013

Linux

  1. RedHat
Posted by at No comments:

RedHat Linux

  1. Command Line
  2. FTP
  3. Security
  4. SELinux
Posted by at No comments:

Command Line

  1. Managing Users and Groups
  2. Shutting Down and Rebooting the System
  3. Date and Time
Posted by at No comments:

Managing Users and Groups

Command line utilities for managing users and groups

UTILITIESDESCRIPTION
UsersuseraddStandard utilities for adding user accounts
usermodStandard utilities for modifying user accounts
userdelStandard utilities for deleting user accounts
passwd Standard utility for administering the /etc/shadow configuration file.
pwck A command to verify the /etc/passwd and /etc/shadow files.
chage A command to modify password aging policies and account expiration.
Groupsgroupadd Standard utilities for adding groups
groupmod Standard utilities for modifying groups
groupdel Standard utilities for deleting groups
gpasswdStandard utility for administering the /etc/group configuration file.
grpckUtilities that can be used for verification of the password, group, and associated shadow files.
grpck verifies all entries in the group file. This verifica- tion includes a check of the number of fields, group name, group ID, whether any login names belong to more than NGROUPS_MAX groups, and that all login names appear in the password file. The default group file is /etc/group.
pwconvUtilities that can be used for the conversion of standard passwords to shadow passwords.
pwunconvUtilities that can be used for the conversion of shadow passwords to standard passwords.


Adding a New User

useradd [options] username

Options Description
-c 'comment' comment can be replaced with any string. This option is generally used to specify the full name of a user.
-d home_directory Home directory to be used instead of default /home/username/.
-e date Date for the account to be disabled in the format YYYY-MM-DD.
-f days Number of days after the password expires until the account is disabled. If 0 is specified, the account is disabled immediately after the password expires. If -1 is specified, the account is not be disabled after the password expires.
-g group_name Group name or group number for the user's default group. The group must exist prior to being specified here.
-G group_list List of additional (other than default) group names or group numbers, separated by commas, of which the user is a member. The groups must exist prior to being specified here.
-m Create the home directory if it does not exist.
-M Do not create the home directory.
-N Do not create a user private group for the user.
-p password The password encrypted with crypt.
-r Create a system account with a UID less than 500 and without a home directory.
-s User's login shell, which defaults to /bin/bash.
-u uid User ID for the user, which must be unique and greater than 499.


Adding a New Group

groupadd [options] group_name

Options Description
-f, --force When used with -g gid and gid already exists, groupadd will choose another unique gid for the group.
-g gid Group ID for the group, which must be unique and greater than 499.
-K, --key key=value Override /etc/login.defs defaults.
-o, --non-unique Allow to create groups with duplicate.
-p, --password password Use this encrypted password for the new group.
-r Create a system group with a GID less than 500.


Related Configuration Files

Configuration File Description
group The file containing group information for the system.
gshadow The file containing passwords of group.
passwd The file containing user information for the system.
shadow The file containing passwords and account expiration information for the system.
  1. group file is in /etc directory (/etc/group) 
    mygroup:x:701:
    1. group name is "mygroup"
    2. An "x" appears in the password field indicating that the system is using shadow group passwords.
    3. The GID (Group Identifier) matches the one listed for user in /etc/passwd (Values between 0 and 499 are typically reserved for system accounts.)
  2. gshadow file is in /etc directory (/etc/gshadow)
    mygroup:!::
    1. group name is "mygroup"
    2. An exclamation mark (!) appears in the password field of the /etc/gshadow file, which locks the group.
    3. All other fields are blank.
  3. passwd is in /etc directory (/etc/passwd)
    myuser:x:1001:701:System Administrator:/home/myuser:/bin/bash
    1. user name is "myuser"
    2. There is an x for the password field indicating that the system is using shadow passwords.
    3. UID (Use Identifier) is "myuser" (The default is to use the smallest ID value greater than 999 and greater than every other user. Values between 0 and 999 are typically reserved for system accounts.)
    4. GID is 701
    5. The comment is "System Administrator"
    6. The home directory for myuser is set to /home/myuser/.
    7. The default shell is set to /bin/bash.
  4. shadow is in /etc directory (/etc/shadow)
    myuser:!!:15770:0:99999:7:::
    1. user name is "myuser"
    2. Two exclamation marks (!!) appear in the password field of the /etc/shadow file, which locks the account. (if use passwd to create/chagne password of myuser will be shown as follow: 
      myuser:$1$jIYsXaz3$zkRU0XazJ72rrbQLFFutF.:15770:0:99999:7:::
    3. The password is set to never expire.




Example

  1. Adding user account, name is "myuser", in "mygrp" group and create password by passwd 
    [root@myserver etc]#
[root@myserver etc]# groupadd -g 700 mygrp
[root@myserver etc]# useradd -u 1100 -g mygrp -c 'System Administrator' -s /bin/bash -m -d /home/myuser myuser
[root@myserver etc]# passwd myuser
Changing password for user myuser.
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully.
[root@myserver etc]#
Refer to:redhat.com: Using Command Line Tools
Posted by at No comments:
Subscribe to: Posts (Atom)