Sampling Is Simple

Saturday, January 27, 2007
Filesystem Partition
This my Server Filesystem Partition, according to the disply below, HDD part to 7 partition and 2 swap partition.


Filesystem Size Used Avail Capacity Mounted on
/dev/ad0s1a 248M 56M 172M 24% /
devfs 1.0K 1.0K 0B 100% /dev
/dev/ad0s2d 26G 13G 11G 53% /cache
/dev/ad0s1f 2.9G 7.9M 2.7G 0% /home
/dev/ad0s1e 248M 14K 228M 0% /tmp
/dev/ad0s1g 4.4G 1.8G 2.2G 45% /usr
/dev/ad0s1d 989M 322M 588M 35% /var
devfs 1.0K 1.0K 0B 100% /var/named/dev

all File system intalled at /dev/ad0s1a 248M 56M 172M 24% /
for caching is used /dev/ad0s2d 26G 13G 11G 53% /cache

For Now my cache is 53% full from 26 G disk avalailable, to set che_dir is at /etc/squid/squid.conf, or another directory according to your set.

The rule of cache is.. the cache_dir is stopped increase if the cache alocation is 80% from disk avalablility. such as 80% from 26 G is 18,4 G ist maximal size for cache dir ini squid configuration.

just that...
posted by realme @ 3:12 AM   0 comments
Thursday, December 14, 2006
FileSystems in Squid

The cache_dir type in Squid has nothing to do with the underlying filesystem type, it defines the storage method / implementation.

Currently Squid has 4 different implementations:
ufs :- On top of a normal filesystem supporting directories and files.
aufs :- As "ufs", but using threads to implement non-blocking disk I/O
diskd :- As "ufs", but using a separate process to implement non-blocking disk I/O
coss :- An experimental "raw" filesystem, where all objects are stored in one big file.
Other storage methods are being worked upon

Kind of diskd is designed to work around the problem of blocking IO in a unix process. async ufs gets around this by using threads to complete disk IO. diskd uses external processes to complete disk IO.

Asyncufs works just that little bit faster, but only works on systems where threads can do async disk IO without blocking the main process. Systems with user-threads (eg FreeBSD) can not use this effectively. Diskd, being implemented as an external process, gets around this. If cache is slightly active, then the difference cannot be noticed. diskd/aufs are only useful when the cache is under high load.

In case it was not clear, asyncronous I/O (diskd/aufs) is beneficial for single drive configurations with "higher" request loads, in many cases allowing you to push about 100% more I/O thru the drive before latency creeps up too high.

For multiple drive configurations, it is almost a requirement to be able to use the I/O capacity of the extra drives. Without it, a multiple disk configuration is effectively limited to almost the speed of a single disk configuration. With asyncronous I/O, the disk I/O scales quite well (at least for the first few drives, other limits gets very apparent when you have more than ~3 drives).

posted by realme @ 4:38 PM   0 comments
Monday, December 11, 2006
What Is SQUID ??
Squid is :

- a full-featured Web proxy cache
- designed to run on Unix systems
- free, open-source software
- the result of many contributions by unpaid (and paid) volunteers
- licensed under the terms of the GNU General Public License

Squid supports :

Cache content:
1. proxying and caching of HTTP, FTP, and other URL's
2. proxying for SSL
3. caching of DNS lookups
Cache mechanism:
1. cache hierarchies, Cache Digests
2. ICP, HTCP, CARP, WCCP
3. transparent caching
4. HTTP server acceleration

Extra services:

extensive access controls, SNMP

Good For Caching :

1. Big memory cache space and high-speed network
2. Use the best disk access methods for the OS

Best choice of squid

1. FreeBSD+DISKD
2. (570 req/sec, avg. response time 6.4 sec)
3. Squid is good enough for TANet traffic using.
posted by realme @ 4:23 AM   0 comments
Thursday, December 07, 2006
Crontab

crontab (cron table)

Schedule a command to run at a later time

SYNTAX
crontab [ -u user ] file
crontab [ -u user ] { -l | -r | -e }

Key
-l List - display the current crontab entries.

-r Remove the current crontab.

-e Edit the current crontab using the editor specified by the
VISUAL or EDITOR environment variables.
After you exit from the editor, the modified crontab will be installed automatically.

Crontab is the program used to install, deinstall or list the tables used to drive the cron daemon in Vixie Cron.
Each user can have their own crontab, and though these are files in /var, they are not intended to be edited directly.

If the -u option is given, it specifies the name of the user whose crontab is to be tweaked. If this option is not given, crontab examines "your" crontab, i.e., the crontab of the person executing the command. Note that su can confuse crontab and that if you are running inside of su you should always use the -u option for safety's sake.


cron file is used to install a new crontab from some named file or standard input if the pseudo-filename `-' is given.

Each line in the cron table follows the following format: 7 fields left to right

FieldMeaning
1Minute (0-59)
2Hour (2-24)
3Day of month (1-31)
4 Month (1-12, Jan, Feb, ...)
5 Day of week (0-6) 0=Sunday, 1=Monday ...
or Sun, Mon, Tue, Wed, Thur, Fri
6User that the command will run as
7Command to execute

There are several ways of specifying multiple values in a field:

• The comma (',') operator specifies a list of values, for example: "1,3,4,7,8"
• The dash ('-') operator specifies a range of values, for example: "1-6", which is equivalent to "1,2,3,4,5,6"
• The asterisk ('*') operator specifies all possible values for a field. e.g. every hour or every day.

There is also an operator which some extended versions of cron support, the slash ('/') operator, which can be used to skip a given number of values. For example, "*/3" in the hour time field is equivalent to "0,3,6,9,12,15,18,21"; "*" specifies 'every hour' but the "/3" means that only the first, fourth, seventh...and such values given by "*" are used.

Cron will email to the user all output of the commands it runs, to silence this, redirect the output to a log file or to /dev/null

Example

Run /usr/bin/somecommand at 12.59 every day and supress the output (redirect to null)

59 12 * * * simon /usr/bin/somecommand >> /dev/null 2>&1

Permissions
If the allow file exists, then you must be listed therein in order to be allowed to use this command. If the allow file does not exist but the deny file does exist, then you must not be listed in the deny file in order to use this command. If neither of these files exists, then depending on site-dependent configuration parameters, only the super user will be allowed to use this command, or all users will be able to use this command.

"Wisdom is the power to put our time and our knowledge to the proper use" - Thomas J. Watson

posted by realme @ 1:04 AM   0 comments
Thursday, November 23, 2006
Installing CACTI Under Unix
1. Extract the distribution tarball.

shell> tar xzvf cacti-version.tar.gz

2. Create the MySQL database:

shell> mysqladmin --user=root create cacti

3. Import the default cacti database:

shell> mysql cacti <> mysql --user=root mysql
mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';
mysql> flush privileges;

5. Edit include/config.php and specify the MySQL user, password and
database for your Cacti configuration.

$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cacti";

6. Set the appropriate permissions on cacti's directories for graph/log
generation. You should execute these commands from inside cacti's
directory to change the permissions.

shell> chown -R cactiuser rra/ log/

(Enter a valid username for cactiuser, this user will also be used in
the next step for data gathering.)

7. Add a line to your /etc/crontab file similar to:

*/5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1

Replace cactiuser with the valid user specified in the previous step.

Replace /var/www/html/cacti/ with your full Cacti path.

8. Point your web browser to:

http://your-server/cacti/

Log in the with a username/password of admin. You will be required to
change this password immediately. Make sure to fill in all of the path
variables carefully and correctly on the following screen.
posted by realme @ 5:27 PM   0 comments
Wednesday, November 22, 2006
Langkah Instalasi FreeBSD 4
-Panduan Singkat

Tulisan ini merupakan sebuah prosedur ringkas cara menginstalasi FreeBSD. Tetapi disini ditambahkan fungsi portupgrade -ai (mengganti semua port, dengan konfirmasi), yang memerlukan beberapa konfigurasi lokal dalam file pkgtools.conf. Tujuan uraian ini adalah memakai cvsup.sh && build-world-kernel.sh, dan terbangunnnya sistem yang dapat memberitahu anda apa yang harus dikerjakan kemudian agar instalasi lengkap dengan sedikit usaha. Bagi pemula, sebaiknya pada waktu praktek mengikuti langkah langkah berikut didampingi rekan yang telah terbiasa dengan instalasi FreeBSD. Penjelasan tentang perintah dalam FreeBSD silahkan lihat FreeBSD Handbook. Setelah anda sukses melakukan instalasi FreeBSD, gantilah kernel anda, dan instalasi beberapa port-nya.

Anda perlu perhatikan perintah instant-server dan instant-workstation meta-ports, yang menyatukan layanan yang diperlukan dan aplikasi dekstop. Terutama jika anda mengetik

cd /usr/ports/misc/instant-workstation && make

sistem anda akan menginstalasi berbagai macam software yang bermanfaat secara otomatis.

Dalam uraian ini tidak dijelaskan bagaimana mengubah script yang ada, anda mungkin harus memutuskan mengedit script dalam sistem anda nantinya dan disesuaikan dengan data teknis jaringan komputer anda. Pengeditan script bisa dilakukan dengan mengetik perintah vi namafilenya, setelah muncul filenya barulah anda edit atau isi dengan data teknis jaringan anda seperti nama host, IP address, netmask dll.

Catatan: Perintah $myself dan $hostname, yang dipakai dibawah ini tidak ditujukan sebagai variabel shell sebenarnya. Ketika anda melihat mereka, langsung masukan saja data yang sesuai dengan jaringan komputer anda. Postfix akan memakai variable yang ada didalam file main.cf, ingat -- nama variabel dalam posfix (tidak ditulis italic) dan dapat diakses langsung, jadi Postfix dapat melakukan substitusi variabel secara sendiri.

Catatan: File file yang dipakai dalam prosedur ini ditujukan untuk pemakaian umum, dan meliputi berbagai saran. Namun ini belum tentu sesuai atau optimal bagi kebutuhan sistem anda. Akan tetapi cara berikut ini dapat merupakan awal yang baik bagi instalasi sistem anda. Disarankan untuk mendownload file resource bari uraian ini dari http://www.reppep.com/~pepper/freebsd/install/reppep.tgz, kemudian lihat dan sesuaikan dengan kebutuhan anda lalu copikan ke direktori /root/reppep untuk melanjutkan prosedur berikut nya.

Dasar Instalasi (sysinstall)

  1. Instalasi semua file distribusinya ("Semua source sistem, binari dan sistem X Window").
  2. Instalasi koleksi port.
  3. Konfigurasi network.
  4. Tambahkan :
    • bash
    • cvsup
    • ispell
    • kde
    • mozilla-gtk
    • portupgrade
    • rsync
    • samba
    • screen
    • sudo
  5. Catatan: Jika anda ingin setiap user mempunyai group personal-nya (seperti yang ada pada Linux & Panther), buatlah group group baru pertama kali pada saat melakukan sysinstall. pastikan setiap langkah pembuatan account user, tiap user mempunyai group 0 (wheel) member-- sebab dengan cara su akan mengalami kurang cocok.

Setup Dasar dan Account

  1. Serial console dibuat enable dengan mengetikan : echo "-hD" > /boot.config tekan enter.
  2. Bila anda tidak melakukan itu pada terminal serial didalam sysinstall, lakukan sekarang dengan cara mengetikan : echo 'ttyd0 "/usr/libexec/getty std.9600" dialup on secure' >> /etc/ttys lalu tekan enter.
  3. Ketikan: visudo # uncomment full access for %wheel lalu tekan enter.
  4. Ketikan: cd /root && ftp http://www.reppep.com/~pepper/freebsd/install/reppep.tgz && tar xzf reppep.tgz && ls -lt reppep kemudian anda tekan tombol enter, ambilah file file tambahan yang disarankan berikut patch-nya, dan bukalah pada untuk direktori /root/reppep -- bila anda punya patch local, buka jugalah file file itu untuk patch lokal anda.
  5. Jika anda punya pacth lokal, bukalah file file itu dengan cara mengetikan. tar xzf local.tgz && ls -lt reppep tekan enter.
  6. Ketikan: patch /etc/ssh/sshd_config /root/reppep/sshd_config.diff tekan enter.
  7. Instalasilah file kernel anda dan tetapkan konfigurasinya dalam direktori /usr/src/sys/i386/conf.
  8. Ketikan: cd /etc && cp /root/reppep/make.conf . && cat /root/reppep/rc.conf* >> rc.conf && vi resolv.conf rc.conf make.conf && egrep -v '(^$|^#)' rc.conf | sort | more # tuliskan semua konfigurasi jaringan komputer anda pada file rc.conf.local; pastikan tidak ada variabel yang anda tuliskan dua kali didalam file rc.conf.
  9. Ketikan: mkdir -p /home/ports/distfiles && cd /usr/ports && rmdir distfiles && ln -s /home/ports/distfiles # preserves ports across rebuilds
  10. Ketikan: mkdir -p /usr/sup && cp /root/reppep/cvsupfile /root/reppep/periodic.conf /root/reppep/ntp.conf /etc && cp /root/reppep/refuse /usr/sup && vi /etc/cvsupfile /etc/ntp.conf /usr/sup/refuse
  11. Ketikan: mkdir -p ~root/bin ~root/log
  12. Ketikan: cd /root/reppep && cp build-world-kernel.sh cvsup.sh /root/bin && chmod u+x /root/bin/*.sh && rehash
  13. Ketikan: patch /usr/local/etc/pkgtools.conf /root/reppep/pkgtools.conf.diff

Mengubah Source, Kernel dan World (dengan tipe terbaru, lakukan secara periodik)

Catatan: Rekomendasi dari FreeBSD ada di http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html, walau agak susah tetapi secara teori cukup aman. Jika anda masih kurang jelas dg apa yang anda lakukan disini ataupun dengan mengikuti langkah dari situs tadi, bacalah prosedur yang tertulis didalam Handbook FreeBSD.

Peringatan: Langkah ini muda merusak sistem anda, atau mengunci anda sendiri, ketika melakukan perubahan kernel atau world. pastikan anda memiliki akses console (PS/2-style atau serial) sebelum melakukan perubahan.

  1. cvsup.sh # mengubah dasar FreeBSD yaitu source (kernel & world), dan pohon port; tidak akan berpengaruh terhadap port yang telah terinstall
  2. cd /usr/src && mergemaster -p # mergemaster akan membutuhkan banyak waktu, sehinga akan lebih b aik melakukannya sebelum sistem down.
  3. build-world-kernel.sh
  4. make installkernel
  5. shutdown -r now
  6. Pembuatan kernel baru.
  7. shutdown now # single-user
  8. cd /usr/src && make installworld
  9. mergemaster
  10. shutdown -r now
  11. Editlah tiap file konfigurasi tambahan ang ada dalam direktori /etc or /usr/local/etc.
  12. Ujilah sambungan komputer anda ke jaringan dan firewal-nya (mungkin memakai perintah ipfw list).

Catatan: Jika anda memakai bagian ini sebagai panduan dalam pengubahan sistem yang sedang beroperasi, dan bukan sistem yang baru anda buat, jangan lupa lakukan perintah portupgrade -ai pada saat kernel & world yang baru anda buat sudah selesai dikerjakan..

Mengkonfigurasi BIND

  1. cd /etc/namedb && sh make-localhost && mv named.root named.root.old && dig @m.root-servers.net. ns . > named.root && vi named.conf && grep named /etc/rc.conf # konfigurasikan domain promer dan domain slave & instalasilah file file zona; bisa dilihat dengan menyetel opsi named_enable="YES"
  2. Catatan: Konfigurasi BIND disini dioperasikan sebagai root tanpa partisi pengamanan khusus. Situs http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-dns.html memberikan instruksi untuk menjalankan BIND dalam sebuah kondisi chroot, dan BIND mungkin juga dioperasikan dalam kondisi jail. Kedua opsi tersebut cukup melindungi BIND dari serangan, dan bisa anda pertimbangkan, tetapi tidak akan dijelaskan dalam uraian ini.

Instalasi Port

  1. cd /usr/ports/lang/perl5.8 && make install && rehash && use.perl port && perl --version
  2. portupgrade -a && portversion |grep -v = # mencoba mengubah apa saja.
  3. portinstall analog cronolog curl docproj-nojadetex htmldoc lsof lynx-ssl minicom netatalk nmap nut procmail webmin apache2 squirrelmail p5-Mail-SpamAssassin drac imap-uw postfix && rehash # customized or perl-based
  4. cd /usr/local/etc && cp smb.conf.default smb.conf && vi smb.conf # disini pasword enkripsi diset enable, lalu melakukan disable terhadap local master, dan disable printer; Disini juga dituliskan pembatasan akses dari IP seperti yang dituliskan dalam firewall yang ada dalam file smb.conf, sehingga semua program terkontrol melalui file yang sama.
  5. echo "- -noddp -passwdminlen 6 -loginmaxfail 6 -uamlist uams_dhx.so" >> /usr/local/etc/afpd.conf
  6. cd /usr/local/etc/rc.d && patch netatalk.sh /root/reppep/netatalk.sh.diff # disable atalk, pap, & nbp
  7. mkdir -p /var/log/samba && cd /usr/local/etc/rc.d && cp netatalk.sh.sample netatalk.sh && cp samba.sh.sample samba.sh
  8. Konfigurasikan XFree86 (disini tidak akan dijelaskan lebih rinci) lihatlah situs http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-config.html.
  9. Sekali XFree86 bekerja, pasti anda ingin menginstalasi KDE secara otomatis pada saat boot, coba lakukan perintah berikut : echo 'ttyv9 "/usr/local/bin/kdm" xterm on secure' >> /etc/ttys, or use KDE with startx: echo exec startkde > ~/.xinitrc

Mengkonfigurasi Mail

  1. cd /etc/mail && mv mailer.conf mailer.conf.sendmail && cp /root/reppep/mailer.conf .
  2. cd /usr/local/etc && cp /root/reppep/procmailrc . && vi procmailrc
  3. patch /etc/inetd.conf /root/reppep/inetd.conf.diff && patch /etc/pam.conf /root/reppep/pam.conf.diff # for imap-uw
  4. vi /usr/local/etc/mail/spamassassin/local.cf # customize SpamAssassin
  5. echo localhost > /usr/local/etc/dracd.host && /usr/local/etc/rc.d/dracd.sh start
  6. vi /etc/aliases && newaliases # forward for $myself & root
  7. Jika memakai Postfix Virtual Host, editlah dengan cara ketikan: vi /etc/mail/virtual && postmap /etc/mail/virtual
  8. cd /usr/local/etc/postfix && cat /root/reppep/main.cf.* >> main.cf && vi + /usr/local/etc/postfix/main.cf && postfix stop ; killall sendmail ; postfix check && postfix start && sleep 1 && tail /var/log/maillog
  9. cd /usr/ports/mail/imap-uw && make cert && chmod -x /usr/local/certs/imapd.pem # follow prompts
  10. Bila diinginkan port terpasang lakukan: portinstall -f mysql-server # -f to get around the hold in pkgtools.conf

Mengkonfigurasi Apache & SquirrelMail

  1. mkdir -p /var/log/httpd /home/httpd && mv /usr/local/www/data /home/httpd/htdocs && mv /usr/local/www/cgi-bin /home/httpd && cd /usr/local/etc/apache2 && patch httpd.conf /root/reppep/httpd.conf.diff && touch vhost.conf
  2. Either apply a local patch (patch httpd.conf /root/reppep/httpd.conf.diff.local), or vi httpd.conf (set ServerAdmin & ServerName dan lihatlah securitynya)
  3. apachectl configtest && apachectl graceful
  4. mkdir -p ssl.crt ssl.key && cp /usr/local/certs/imapd.pem ssl.key/server.key && cp /usr/local/certs/imapd.pem ssl.crt/server.crt && vi ssl.???/* vhost.conf && apachectl stop && apachectl configtest && apachectl startssl && apachectl fullstatus # remove cert from server.key & key from server.crt
  5. cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
  6. cd /usr/local/www/squirrelmail && ./configure
  7. Test https://$hostname/mail/.
  8. Menguji Squirell Mail (dg cara mengunencryp IMAP ke localhost) & telnet $hostname imap akan gagal, jika diblok oleh firewall.
  9. Tambahkan plugin tambahan yang anda inginkan untuk SquirrelMail .

webmin

  1. cd /usr/local/lib/webmin/ && ./setup.sh
  2. Visit https://$hostname:10000/
  3. Konfogurasi Webmin: IP Access Control: aturlah "Only allow from listed addresses" to 127.0.0.1 & trusted IPs.
  4. User Webmin: Buanglah semua modul yang tidak diperlukan.
  5. Bila mysql-server terinstalasi didalam server anda, Konfigurasi webmin dilakukan dibawah: Servers.
  6. /usr/local/etc/rc.d/webmin.sh-dist stop # pakailah argumen start nanti, untuk mengoperasikan webmin bila diperlukan.

Setelah semua selesai, lakukan pengujian atas hasil kerja anda. Apabila ternyata ada kegagalan, ulangi langkah langkah diatas. Kegagalan adalah kesuksesan anda yang tertunda.

Reff : http://www.reppep.com/~pepper/freebsd/install/

posted by realme @ 8:28 AM   0 comments
Thursday, November 16, 2006
PREROUTING chain of the nat table

The PREROUTING chain is pretty much what it says, it does network address translation on packets before they actually hit the routing decision that sends them onward to the INPUT or FORWARD chains in the filter table. The only reason that we talk about this chain in this script is that we once again feel obliged to point out that you should not do any filtering in it. The PREROUTING chain is only traversed by the first packet in a stream, which means that all subsequent packets will go totally unchecked in this chain. As it is with this script, we do not use the PREROUTING chain at all, however, this is the place we would be working in right now if we wanted to do DNAT on any specific packets, for example if you want to host your web server within your local network. For more information about the PREROUTING chain, read the Traversing of tables and chains chapter.


example : iptables -I PREROUTING -d 206.90.31.2/32 -j DNAT --to-destination 10.100.999.18 -t nat

Caution

The PREROUTING chain should not be used for any filtering since, among other things, this chain is only traversed by the first packet in a stream. The PREROUTING chain should be used for network address translation only, unless you really know what you are doing.



posted by realme @ 5:21 PM   0 comments
Writing is Difficult things but Copy Paste is Easy one, so what do want to choose?? Up to You...
About Me

Name: realme
Home:
About Me:
See my complete profile
Previous Post
Archives
The Note

Life like A Bird, free for flaying around the word.

Links
Powered by

Free Blogger Templates

BLOGGER