This article was first written in December 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/99 )
LVM  is a great system to resize filesystems and partitions online , do online snapshots of the filesystems, span filesystems and partitions on multiple drives. It is the ultimate solution to the disk space allocation nightmare.
Linux’s LVM is closely inspired by HP-UX, which provided the technology to AIX also. They share almost the same schemes, functionalities and names for tools and everything else.
You will need some knowledge of the terminology of an LVM before using it; all Volume Managers use a same basic principles but use sometimes different names.
Volume Group is a “container” that holds physical disks and logical volumes. It’s wise to only have two volume groups, a VGROOT and a VGDATA. AIX calls it a diskgroup, since it holds physical disks as well as logical volumes. Example: /dev/datavg/var
Physical Volume is in fact a slice or partition. These devices are the building blocks for a volume group. Example: /dev/hdb1
Logical Volume is a part of a volume group. The logical volume will be supplied with a file system and then can be mounted. You can also keep logical volumes ‘RAW’ and assign them to an Oracle system for example.
Physical Extend (PE) A logical volume can be extended or shrunk with a certain amount of PE’s. In AIX this is known as PP. Always be careful with shrinking volumes! Do not shrink a volume thoo much that it lands into your filesystem; your filesystem will be immediately an irreversibly useless. Also notice that most filesystems can grow but not all of them can shrink.
The reference document in this respect is the LVM HOWTO.
Here is how to use LVM on a Debian Woody, for non-root filesystems (it is not hard to adapt, though):
Install the needed packages
$ sudo apt-get install lvm10
Prepare the system
Create the LVM partition container
# cfdisk /dev/hda
Use 8E(LVM) as partition type code.
Create the Physical Volume
# pvcreate /dev/hda4
Create and activate the Volume Group(s)
# vgcreate my_volume_group_name /dev/hda4 # vgchange -a y my_volume_group_name
Create the Logical Volumes
to be continued…
This article was first written in December 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/97 )
Mozilla is the all-in-one open source Internet application suite.
It features, among others:
- a web browser: Mozilla Navigator,
- a MUA: Mozilla Mail,
- an HTML editor: Mozilla Composer,
- a calendar manager: Mozilla Calendar
and is the engine of most other open source high-end web browsers available, on many platforms.
It is derived from and now the base for the famous Netscape.
Lately, the developers decided to split the code into several distinct softwares, which will become the officially-supported ones one day: Mozilla Firefox, Mozilla Thunderbird, Nvu and Mozilla Sunbird.
 in this case, Firebird is the previous name of Firefox, otherwise Firebird is also the free implementation of Borland’s InterBase relational database engine
This article was first written in December 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/96 )
Some UNIX administrators find it handy to add «.» in the PATH (and some even put it at the beginning of the PATH). Why is this bad? On UNIX, everything is made so that you don’t have to do it. Anything not doing so can be considered buggy, and can be fixed easily.
Imagine someone has access to write a file in a otherwise harmless directory, like /tmp for example. Image now that that someone wants to do harm. He saves his file (a shell script for example) as ls and makes it executable. Now, you cd to /tmp and type ls. What happens?
Such a script could look like this:
#!/bin/bash rm -f ~/*
Imagine now what could be done if this is done as root and read carefully this also: Why using root on UNIX is bad ?.
If you insist on adding «.» to the PATH , please do so at the end of the PATH, this is yet far safer.
 probably to get a similar behaviour than on MS-DOS & Windows
See update below for the fix
I’m trying to get my head around a super-tricky bug since last Friday. Basically, the bug happens only on one portal and with a specific learning path imported by Oogie.
The bug appears due to a loss of session before the generation of the table of contents.
Something like this appears:
Fatal error: Call to a member function get_theme() on a non-object in /var/www/yourportal/main/newscorm/lp_toc.php on line 39
The bug is not in the Oogie conversion (no strange characters) as the same content works on another portal on the same server.
The bug is not a PHP configuration problem either, as again, another portal on the same server, with the same PHP configuration, works perfectly.
The problem seems to reside in the time the newscorm tool needs to generate some of the frames. Apparently, one of the frames loads before the others, and looses the session data, but only on this portal.
I’m not out of things to try out, but this one is really a painful one.
After a long week of interrupted searches, I realised (mostly thanks to a conversation with Arnaud) that the bug was caused by an overflow in the session size capacity.
Now most of you PHP developers will think “mmmmh, is there actually a way to limit sessions file size on disk?”. Well, the answer is “no”, not in the predefined PHP5 options, anyway. However, there is kind of a special condition here: the portal on which this error occured had the setting configured to save the sessions inside the database, using the dokeos_main.php_session table.
The thing is, inside this table, we defined the field to store the session as a “text”-type field (or blog, which is the same for MySQL 5). However, I did an enormous mistake in thinking that a “text”-type field could actually store up to 4MB. It can’t. It just stores a maximum of 16KB.
This size should be enough, in most situations… yes, but not in the learning path object situation. Learning paths are very large objects with a structure set to limit the number of queries made on the database. Even then, however, it coped nicely with *most* learning paths, until this 56-pages learning path appeared. Apparently, the structure was too large and went over the 16KB limit, making it unproper to serialization into the database field.
So basically, turning the field to a MEDIUMTEXT field fixed the problem:
ALTER TABLE php_session CHANGE session_value session_value MEDIUMTEXT NOT NULL;
To make things clear, the problem appeared to be a loss of session, somewhere between the script where the learning path object is built and the first script using it straight from the session.
Debugging the second script showed that the session was recovered (or rebuilt), but without that large element, which just couldn’t be stored in the database. This made it really difficult to track down, as nothing is telling you anywhere (even with full debugging on) that the problem comes from the session size and the database field limit…
Of course, this has all been fixed in the Dokeos code for the next version of Dokeos, so you don’t have to worry too much about it, it will just get updated automatically.
Webalizer is a statistics application which analyses the Apache logs (in /var/log/apache) and makes a graphical output in web format, using the libgd libraries.
Please note that we, at BeezNest, tend now to prefer AWStats to Webalizer because we feel it is better in every aspect.
To install Webalizer:
# apt-get install webalizer
The version tested asks for libgd2 to be installed. The configuration of Webalizer is pretty easy for a totally clean system. You are just asked two questions:
- where will Webalizer keep its data? (default: /var/www/webalizer)
- what title will the output page display? (defaults to something common)
When installed, a simple execution of webalizer will generate the Webalizer files. To make this generation automatic, you’ll need to add a cron script in /etc/cron.daily for example.
If for any reason your log files are not kind of /var/log/apache/access.log, the execution of Webalizer will stop before doing the export and you will get the following error:
- No valid records found!
you should edit /etc/webalizer.conf and change the corresponding settings to your log file, then try again to start webalizer.
Now you can access your stats by reaching the web server directory in which you asked Webalizer to store its data (default: http://www.yoursite.ext/webalizer/)
There are many additional statistical options you can set. To know about them, a very good start is to read the comments in /etc/webalizer.conf
This article was first written in November 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/95 )
Ours are mainly because we feel it is faster and looks a lot prettier than any other, and most major free softwares are already or are getting more integrated with GNOME in a near future (ex.: Galeon, GAIM, …).
It is also particularly well integrated and up-to-date into .
“PHP (recursive acronym for “PHP: Hypertext Preprocessor”) is a widely-used Open Source general-purpose scripting language that is especially suited for Web development and can be embedded into HTML.” See www.php.net.
Using PHP is a matter of precision. ASP can be used to reach the same objectives but ASP has proven to us to be less interesting (see some of the reasons below, one of them being the licensing scheme). Where ASP mostly relies on Microsoft web servers technologies, PHP gives the customer the choice of the web server (we advise using Apache, though) and the OS his server will be running on (we advise using Debian Linux for security, stability and licensing reasons). Also, PHP gives the opportunity to anybody to participate in the language evolution by reporting problems (very rare situation), programming new functions librairies or object code or writing documentation on his use of the code (no licence problems).
PHP is cleanly structured and, although it doesn’t rely on object-oriented design, it is currently moving to a more OO structure and has been enabling the programmer to use OO syntax within his projects for a long time.
Within only a few years time, PHP has spread greatly and wisely amongst the world’s web servers as a reliable, fast moving and strong solution (see Netcraft or Zend for more information on PHP’s worldwide use).
Also, as PHP is a free redistributable technology, more and more public IT schools are teaching PHP programmation instead of ASP. This means more PHP programmers will be ready to help soon, avoiding to be stuck with one programmer you can’t see anymore :-) But it also means PHP has a brilliant future and is probably going to spread a lot more in the upcoming years. This will avoid the Cobol problem of having a dead language to maintain with costly programmers.
PHP is widely used in our web developments because it enables a clear, easy to modify and secure development without the hassle of a licence or without knowledge prerequisites others than programming techniques and Web Development logic.
There is plenty of documentation available for free on the net and in plenty of books in many languages.
By developing with PHP, we ensure the customer that he won’t depend on us if he wants to change his code. We study the needs, help him get to the solution going and then leave him gently with a functional and easily modifiable set of scripts, with an offer, but no obligation, of asking us for additional developments or support.
This article was first written in November 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/92 )
To create and save iptables rules the default Debian way, this is the way to go:
- create your rules using the CLI  iptables
- save them on the active rule by issuing a /etc/init.d/iptables save active
- create the rules for the inactive state (when booting, for example) and save them accordingly
That way, the rules will survive a reboot.
To delete a specific rule previously saved as above:
- go into /var/lib/iptables/active and take the line corresponding to the rule you want to delete and execute iptables with those parameters changing the beginning -A with -D
 Command Line Interface
This article was first written in October 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/88 )
An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system.
It works by checksumming or understanding the format of each file, and scrutinizing any suspect change to files. It is off course meant to report any abnormal activity.
There are many, many such tools, with various capabilities, for UNIX systems.
LIDS is such a system for GNU/Linux which needs a kernel patch to work
Logcheck is a log analyser
Logsurfer same as above
fcheck which can be used to monitor changes to any given filesystem
The Analysis Console for Intrusion Databases (ACID) is a PHP-based analysis engine to search and process a database of security events generated by various IDSes, firewalls, and network monitoring tools
Prelude Hybrid IDS is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast
MIDAS is a cross platform Monitoring and NIDS server. The goal of this project is to build a robust and complete network/system monitoring suite that is capable of scaling to very large networks.
Tripwire can be used to monitor changes to any given set of files or directories
chkrootkit identifies whether the target computer is infected with a rootkit
This article was first written in October 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/87 )
A lot of people use the root account to do anything they need, just because it is easier…
This is a really bad idea, as that user can do anything to the system. Not only can he access/delete/modify any file and its permissions, but he can mount/unmount filesystems, kill/start/stop processes, add hardware to the machine, stop the machine, create/delete semaphores/pipes, … and all that even wiping out any evidence of the modifications applied.
Annoyingly, there is no real practical way of disabling the root user on a Unix system.
All that can, of course, be done even without the actual user knowing or willing it (a virus or another harmful script/program executed by root could do anything it wants).
Many times, people use the root account to compile programs. The problem is that most of the time, they don’t even check the makefiles, which could be really harmful. They should instead compile everything with another user, and only change to root to do the final make install.
An even worst idea is to allow remote or graphical connections using it. If someone (or something, like a virus) directly logged remotely as root, there isn’t any way to know who it was in fact. Forcing the logging as another user instead, and changing to root afterwards at least ensures the bad guy has to crack at least two accounts (root and a user). Moreover, when you know that the user account has been compromised, you can disable it, not root.
The problem is often just that the user has already done a lot of things as root and it would represent a lot of work to revert the rights and permissions on files to a regular user and/or test if everything works as user. It is a never-ending loop. We highly recommend you do not try to go further in that direction. Take the time to fix all this, your system will become much safer.
It might seem easier not to manipulate the permissions to exactly match what you need, especially when several people need to read and modify them. But in the long run, this is clearly not a solution.
sudo might be a practical solution to the problem.
This article was first written in October 2003 for the BeezNest technical website ( http://glasnost.beeznest.org/articles/86 )