Friday, January 31, 2014

Protect your server with Fail2Ban

Fail2Ban is one of the must have security features for your server. It is a nifty peice of code, which detects annomalies from the log files and bans IP address for a period o time.

However I do not like users trying to access my server and if they break a rule, I would liked them banned forever. Fail2Ban does this but at system reset or reboot these IP addresses are lost.

But this can be easily fixed by saving these files.
In my server I have added these lines to  /etc/fail2ban/filter.d/iptables.conf

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> --dport <port> -j fail2ban-<name>
              cat /opt/ip.blacklist-<name> | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:    <ip>  IP address
#          <failures>  number of failures
#          <time>  unix timestamp of the ban time
# Values:  CMD
#
actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
            echo '<ip>' >> /opt/ip.blacklist-<name>

Posted by Vyom Khandelia at 2:23 AM 0 comments

Sunday, January 19, 2014

Changing Windows Wifi key for the multiple machines in Network

In one of the places I have been working, the IT team was using the Network Wifi WPA Key for a couple of years. The biggest problem was that there were perhaps hundreds of devices connected on Wifi but no central way of managing these centrally. At the end they decided to bite the bullet and changed the keys.

Now as people started coming to office, the IT department was supposed to set the key instead of giving it away. In Windows 8, MS has removed the feature if "Managing Wireless networks". So to give a new Key, it would take some time.

To make things simple, we found out a very elegant solution which works for Windows 7 and 8.

Step 1: Set one Laptop with the Wifi key manualy
Step 2: Export the Key
netsh wlan export profile key=clear

Step 3: Write a simple batch file that would delete the old profile and set the new one.
upgrade.bat
netsh wlan delete profile name=[profile-name]
netsh wlan add profile filename="WiFi-[profile-name].xml"
netsh wlan connect [profilename]

Copy the profile-file and the batch file into a USB key and simply run it on every machine.

I am sure this could be extended to OSX and Linux but will update you if I find out.

Posted by Vyom Khandelia at 9:55 PM 0 comments
Labels: , , , ,

Saturday, January 18, 2014

Working with Google Spreadsheet API and PHP Arrays.

Over the last few years, I have been writting scipts for a lot of functionality. I often find it a pain to use a database. Most often the database are not even databases in true sense but really a table I need to store and refer to.  The tables are not more than 40-50 rows and never exceed few hundreds rows. It was usually accessed from one program at a time and did not need concurrancy. Using a database is like trying to kill a mosquito with a bazooka :-). 

In past I have used simple CSV files that I have stored in my local file system. The problem with using a CSV file on the local or remote server is that it becomes very difficult to edit manually or een view it. (I am old fashinoned and like coding on command line most of the times)

Over the last couple of projects I have found using GoogleDocs Spreadseheet as very useful.
Advantage are
1. Kept on the cloud and hence always available
2. Built in Version control :-)
3. Can be editted and viewed on UI
4. Easy for the layman to see and work on it.

This can come especially useful in cases like when you are trying to store a list of users who have filled up the form etc. However looking at Google Data API was a pain. There was no direct way of easily accessing the data. What I needed was that I should be
a) Able to load the complete data into my memory
b) After doing the manipulation, be able to write it back
c) Able to open multiple documents at once

Here is a simple API. Hope this helps and let me know if there is something I can do to improve
(You will need to install zend-framework which is very simple on ubuntu sudo apt-get install zend-framework
and may need to remove a comment from the line on /etc/php5/conf.d/zend-framework.ini )

gSSClass.php
<?php

/**
 * @see Zend_Loader
 */
require_once 'Zend/Loader.php';

/**
 * @see Zend_Gdata
 */
Zend_Loader::loadClass('Zend_Gdata');

/**
 * @see Zend_Gdata_ClientLogin
 */
Zend_Loader::loadClass('Zend_Gdata_ClientLogin');

/**
 * @see Zend_Gdata_Spreadsheets
 */
Zend_Loader::loadClass('Zend_Gdata_Spreadsheets');

/**
 * @see Zend_Gdata_App_AuthException
 */
Zend_Loader::loadClass('Zend_Gdata_App_AuthException');

/**
 * @see Zend_Http_Client
 */
Zend_Loader::loadClass('Zend_Http_Client');

class gSS {

private $email = "****@*********.com";
private $password = "***************";

public function __construct($gDocName,$sheet) {

try {
 $client = Zend_Gdata_ClientLogin::getHttpClient($this->email, $this->password,
Zend_Gdata_Spreadsheets::AUTH_SERVICE_NAME);
} catch (Zend_Gdata_App_AuthException $ae) {
 exit("Error: ". $ae->getMessage() ."\nCredentials provided were email: [$email] and password [$password].\n");
}
$this->gdClient = new Zend_Gdata_Spreadsheets($client);
// Find spreadsheet Key
$feed = $this->gdClient->getSpreadsheetFeed();
//var_dump($feed); exit;
$i =0;
foreach($feed->entries as $entry) {
if ($entry->title->text == $gDocName) break;
$i++;
}
if ($feed->entries[$i]->title->text == $gDocName) {
$currKey = explode('/', $feed->entries[$i]->id->text);
$this->ssKey = $currKey[5];
} else {
exit("Error: ". $ae->getMessage() ."Document $gDocName not found\n");
}
//Assuming that worksheet will be always 0
$query = new Zend_Gdata_Spreadsheets_DocumentQuery();
$query->setSpreadsheetKey($this->ssKey);
$feed = $this->gdClient->getWorksheetFeed($query);
$currWkshtId = explode('/', $feed->entries[$sheet]->id->text);
$this->ssWkshtId = $currWkshtId[8];
}
public function gSSGetRows() {
//Get Data
$query = new Zend_Gdata_Spreadsheets_ListQuery();
$query->setSpreadsheetKey($this->ssKey);
$query->setWorksheetId($this->ssWkshtId);
$dataFeed = $this->gdClient->getListFeed($query);
// var_dump($dataFeed);exit;
$i = 0;
foreach($dataFeed->entries as $entry) {
if ($entry instanceof Zend_Gdata_Spreadsheets_ListEntry) {
$rowData = $entry->getCustom();
foreach($rowData as $customEntry) {
 $rows[$i][$customEntry->getColumnName()] = $customEntry->getText();
}
$i++;
}
//var_dump($rows);
return $rows;
}

public function gSSSetRow($index,$row) {
echo "gSSSetData\n";
//Get Data
$query = new Zend_Gdata_Spreadsheets_ListQuery();
$query->setSpreadsheetKey($this->ssKey);
$query->setWorksheetId($this->ssWkshtId);
$dataFeed = $this->gdClient->getListFeed($query);
{
$entry=$this->gdClient->updateRow($dataFeed->entries[$index], $row);
if ($entry instanceof Zend_Gdata_Spreadsheets_ListEntry) {
//echo "Success! \n"; 
$entry->save();
}
return $row;
}

public function gSSSetRows($rows) {
echo "gSSSetData\n";
//Get Data
$query = new Zend_Gdata_Spreadsheets_ListQuery();
$query->setSpreadsheetKey($this->ssKey);
$query->setWorksheetId($this->ssWkshtId);
$dataFeed = $this->gdClient->getListFeed($query);
// var_dump($dataFeed);exit;
$i = 0;
foreach($rows as $row) {
var_dump($row);
$entry=$this->gdClient->updateRow($dataFeed->entries[$i], $row);
if ($entry instanceof Zend_Gdata_Spreadsheets_ListEntry) {
echo "Success! \n"; 
$entry->save();
$i++;
}
//var_dump($rows);
return $rows;
}

public function gSSInsertRow($row) {

var_dump($row);
$entry = $this->gdClient->insertRow($row,$this->ssKey,$this->ssWkshtId);
if ($entry instanceof Zend_Gdata_Spreadsheets_SpreadsheetsEntry) {
echo "Success! \n"; 
$entry->save();
}
}
}

/*
$ss = new gSS("Interval Log",0);
$rows = $ss->gSSGetRows();
$ss->gSSSetData($rows);
*/
?>

Posted by Vyom Khandelia at 11:12 AM 0 comments

Sunday, September 15, 2013

Python API for beginners

Python is most probably the most elegant language to do quick programming.

For all those who are starting to learn Python, look at this
http://www.pythonforbeginners.com/development/list-of-python-apis/

Posted by Vyom Khandelia at 10:47 PM 0 comments

Thursday, April 25, 2013

Starting with Lumina 520 and windows 8

So I finally took the plunge. Got the new Lumia 520 with Windows 8. (In past I have had, blackberry,  iPhone 1.0 and Samsung Galaxy).  So this is my 4th Mobile OS in the few years.

I have never liked the blackberry and found it very tedious to use. iPhone and iOS when it came out was a revolutionary. People had to get and and rethink about mobile phones. I remember when I got it, I had significant opposition from many folks in my company (who kept advising me to get a Blackberry) and even after I used it, would keep comparing their BB to my iPhone. In today's date, I do not think there is any debate about who won the argument there.

After 4 years of iPhone I finally moved to Android. For one-third the price, I got better hardware than the iPhone had. But the OS (Android Gingerbread) was far from seamless experience you had with iPhone. Yes, most of the iPhone type of feature were there but it never came close to the UX of iPhone. The Android still functioned as a set of independent applications, while iOS worked as one device.

In the last 6 months, I have now seen the new Android Jelly bean (Micromax A110) and the iOS 6.1. (iPad 3.0). The difference of the two OS has vastly reduced. Android still functioned as a independent applications but the number of applications were much more seamless. On the other hand the number of free applications had increased significantly and almost anything you needed, you could find a free application. Lot of applications were using open-standards and hence it made interfacing with multiple devices much easier. On the other hand, the iPad experience was not as great. Basically, there were some new applications and feature from the time off iOS 1.0 but nothing significantly had changed. There was nothing really to talk home about. Yes, the number of iOS apps were huge but almost all them had a crappy lite version for free and for anything else you needed to pay.

So, when it came time to buy a new phone, I decided to go for Lumia 520 with Windows 8.0.
I always believed that Microsoft was a software powerhouse and it best fights with its back against the wall. However over the last 10 years the market dominance made it arrogant and it was more concerned with keeping its market share than building disruptive technology. Nokia on the other hand was a great hardware company. Their initial software was also great but they choose the wrong legacy Symbian OS.  Again with them also the market dominance had made their heads spin. I had a great friend in Nokia Product Management when I got the iPhone. I remember him trashing the iPhone with not enough features, not the right software, with limited form-factor etc. At the end none of them used the iPhone and were so caught up in their own Nokia world, they too forgot that the paradigms could change.

However when these two giants with their back against the mountain joined their hands, I was very hopeful about the products they will come out with. And truely I am not disappointed.

(More to come later)
Posted by Vyom Khandelia at 3:45 AM 0 comments

Wednesday, October 5, 2011

Mangento exporting SQL issue

While exporting mySQL if you every get into the problem]


ERROR 1064 (42000) at line 688: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USING BTREE,
  KEY `FK_ATTRIBUTE_VARCHAR_ENTITY` (`entity_id`),
  KEY `FK_CATALO' at line 9

and the mySQL is 
UNIQUE KEY `IDX_BASE` (`entity_type_id`,`entity_id`,`attribute_id`,`store_id`) USING BTREE

You need to replace all such instance by 

UNIQUE KEY `IDX_BASE` USING BTREE(`entity_type_id`,`entity_id`,`attribute_id`,`store_id`)
Posted by Vyom Khandelia at 1:07 AM 0 comments
Labels: , , ,

Tuesday, October 4, 2011

How to making Linux multihomed to connect to 2 ISP

To make my Ubuntu Server on more robust I have connected it to 2 ISP so that I can have redundant last mile. Also one of my ISP gives me unlimited bandwidth while the other is costlier but more reliable.

1.
To make your linux server multihomed, I am assuming that you have atleast 2 network interfaces. In my case both are ethernet (eth0 and eth1)

2. 
Make sure both the networks are working individually up by setting it on /etc/network/interface
sudo vi /etc/network/interface

#Loopback
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 192.168.200.100
        netmask 255.255.255.0
        metric 100
        gateway 192.168.200.6

auto eth1
iface eth1 inet static
        address 192.168.201.100
        netmask 255.255.255.0
        metric 200
        gateway 192.168.201.5

Now if you go to your terminal, you should be able to
>ip route show
192.168.201.0/24 dev eth1  proto kernel  scope link  src 192.168.201.100
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.100
default via 192.168.200.6 dev eth0  metric 100
default via 192.168.201.5 dev eth1  metric 200

With this if your eth0 goes down, your eth1 will take over and vice-versa.
But this is still a long way from making your network multihoned where your can do load balancing.

All you need to do is to add  multihop route in your /etc/rc.local
ip route append default scope global nexthop via 192.168.200.6 dev eth0 weight 5 nexthop via 192.168.201.5 dev eth1 weight 1

Posted by Vyom Khandelia at 11:22 PM 0 comments
Labels: , , , , , , ,
Subscribe to: Posts (Atom)