NTP

Het Network Time Protocol of Netwerk tijdprotocol (NTP) is een protocol waarmee computers die onderling met elkaar in verbinding staan, hun interne klok kunnen gelijkzetten aan die van andere computers.

/etc/ntp.conf

server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
server 2.nl.pool.ntp.org
driftfile /var/db/ntp.drift

/etc/rc.conf

ntpd_enable="YES"

Vervolgens kun je de tijdzone nog veranderen naar Amsterdam, doormiddel met de volgende commando:

cp /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

MySQL Replication

MySQL Replication Replication enables data from one MySQL database server (called the master) to be replicated to one or more MySQL database servers (slaves). Replication is asynchronous – your replication slaves do not need to be connected permanently to receive updates from the master, which means that updates can occur over long-distance connections and even temporary solutions such as a dial-up service. Depending on the configuration, you can replicate all databases, selected databases and even selected tables within a database.

Master

Bewerk het bestand

# vi /usr/local/my.cnf

Vul de andere server als IP adres in

[mysqld]
log-bin
server-id = 1
replicate-same-server-id = 0
auto-increment-increment = 2
auto-increment-offset = 1
master-host = 192.168.100.69
master-user = slave1_user
master-password = slave1_password
master-connect-retry = 60
replicate-do-db = pdns
binlog-do-db = pdns
binlog-ignore-db = mysql

Aanmaken van de juiste user met rechten

mysql> GRANT REPLICATION SLAVE ON *.* TO 'slave2_user'@'%' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;

Dump maken van de pdns database, dit voor latere import.

# mysqldump -u root -p pdns > export.sql

Nu dien je uit te loggen binnen MySQL omgeving. Herstart de MySQL server om de instellingen actief te maken.

# /usr/local/etc/rc.d/mysql-server restart

Replication slave

/etc/my.cnf

[mysqld]
server-id=2

Nieuwe Database aanmaken

mysql> CREATE DATABASE pdns;
mysql> GRANT REPLICATION SLAVE ON *.* TO 'slave1_user'@'%' IDENTIFIED BY 'slave1_password';
mysql> FLUSH PRIVILEGES;

Dump inlezen op de slave

# mysql -u root -p pdns < export.sql

Nu dien je uit te loggen binnen MySQL omgeving. Herstart de MySQL server om de instellingen actief te maken.

# /usr/local/etc/rc.d/mysql-server restart

Master

Ga weer naar de Master server toe waar de MySQL server draait, log in.

# mysql -u root -p

Ga dan naar de betreffende database binnen MySQL en noteer de File naam:

mysql> FLUSH TABLES WITH READ LOCK;
mysql> USE pdns;
mysql> SHOW MASTER STATUS;

Replication slave

Ga weer naar de Slave server toe.

Binnen MySQL een useraccount aanmaken en voer bij MASTER_LOG_FILE de naam van het bestand binnen de Master server in, die je net hebt genoteerd

mysql> CHANGE MASTER TO MASTER_HOST='81.4.79.81', MASTER_USER='slave1_user', MASTER_PASSWORD='password', MASTER_LOG_FILE='ns1-bin.000001', MASTER_LOG_POS=98;
mysql> START SLAVE;

Handige commando’s

mysql> SHOW MASTER STATUS;
mysql> SHOW SLAVE STATUS;
mysql> SHOW PROCESSLIST;

Links

How to Set Up Replication

IPFW Firewall

Installeren

Eerst moet er bij de sysinstall twee programma’s geïnstalleerd worden.

/usr/sbin/sysinstall

Kies het volgende: Configure, dan Distributions, dan src, dan base en sys en dan “ok”

Configuratie

Commando om de firewall (IPFW) aan te zetten:

kldload -v ipfw.ko

Firewall automatisch bij het opstarten aanzetten:

# ee /etc/rc.conf
firewall_enable="YES"
firewall_type="open"

IPFW configuratie file aanpassen: /etc/ipfw.rules

################ Start of IPFW rules file ###############################
# Flush out the list before we begin.
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
pif="em0"     # interface name of NIC attached to Internet

# Change xl0 to LAN NIC interface name
$cmd 00005 allow all from any to any via xl0

# No restrictions on Loopback Interface
$cmd 00010 allow all from any to any via lo0

# Allo if it matches an existing entry in the dynamic rules table
$cmd 00101 check-state

#loopback
$cmd 00010 allow all from any to any via lo0
$cmd 00011 deny ip from any to 127.0.0.0/8
$cmd 00012 deny ip from 127.0.0.0/8 to any

# ISP DNS
# Replace x.x.x.x with the IP address of a public DNS server
# and repeat for each DNS server in /etc/resolv.conf
$cmd 00020 allow tcp from any to 80.84.224.249 53 out via $pif setup keep-state
$cmd 00021 allow udp from any to 80.84.224.249 53 out via $pif keep-state
$cmd 00022 allow tcp from any to 80.84.224.26 53 out via $pif setup keep-state
$cmd 00023 allow udp from any to 80.84.224.26 53 out via $pif keep-state
$cmd 00024 allow tcp from any to 83.96.192.26 53 out via $pif setup keep-state
$cmd 00025 allow udp from any to 83.96.192.26 53 out via $pif keep-state

# FTP-DATA
$cmd 00040 allow tcp from any to any 20 in via $pif
$cmd 00041 allow tcp from any to any 20 out via $pif

# FTP
$cmd 00040 allow tcp from any to any 21 in via $pif
$cmd 00041 allow tcp from any to any 21 out via $pif

# SSH
$cmd 00030 allow tcp from any to any 22 in via $pif setup keep-state
$cmd 00031 allow tcp from any to any 22 out via $pif setup keep-state

# WWW
$cmd 00040 allow tcp from any to any 80 in via $pif
$cmd 00041 allow tcp from any to any 80 out via $pif

# HTTPS
$cmd 00050 allow tcp from any to any 443 in via $pif setup keep-state
$cmd 00051 allow tcp from any to any 443 out via $pif setup keep-state

# PLESK
$cmd 00060 allow tcp from any to any 8443 in via $pif setup keep-state
$cmd 00061 allow tcp from any to any 8443 out via $pif setup keep-state

# POPPASSD (Plesk)
$cmd 00060 allow tcp from 127.0.0.0/8 to any 106 in via $pif setup keep-state
$cmd 00061 allow tcp from 127.0.0.0/8 to any 106 out via $pif setup keep-state
$cmd 00060 allow udp from 127.0.0.0/8 to any 106 in via $pif setup keep-state
$cmd 00061 allow udp from 127.0.0.0/8 to any 106 out via $pif setup keep-state

# AUTH (Plesk)
$cmd 00041 allow tcp from any to any 113 out via $pif

# SMTPS (Plesk)
$cmd 00070 allow tcp from any to any 465 in via $pif setup keep-state
$cmd 00071 allow tcp from any to any 465 out via $pif setup keep-state
$cmd 00072 allow udp from any to any 465 in via $pif setup keep-state
$cmd 00073 allow udp from any to any 465 out via $pif setup keep-state

# FTPS (Plesk)
$cmd 00070 allow tcp from any to any 990 in via $pif setup keep-state
$cmd 00071 allow tcp from any to any 990 out via $pif setup keep-state
$cmd 00072 allow udp from any to any 990 in via $pif setup keep-state
$cmd 00073 allow udp from any to any 990 out via $pif setup keep-state

# plesk-license-update 
$cmd 00071 allow tcp from any to any 5224 out via $pif setup keep-state
$cmd 00073 allow udp from any to any 5224 out via $pif setup keep-state

# SEND & GET EMAIL
$cmd 00070 allow tcp from any to any 25 in via $pif setup keep-state
$cmd 00071 allow tcp from any to any 25 out via $pif setup keep-state
$cmd 00072 allow tcp from any to any 110 in via $pif setup keep-state
$cmd 00073 allow tcp from any to any 110 out via $pif setup keep-state
$cmd 00074 allow tcp from any to any 143 in via $pif setup keep-state
$cmd 00075 allow tcp from any to any 143 out via $pif setup keep-state
$cmd 00076 allow tcp from any to any 993 in via $pif setup keep-state
$cmd 00077 allow tcp from any to any 993 out via $pif setup keep-state
$cmd 00078 allow tcp from any to any 995 in via $pif setup keep-state
$cmd 00079 allow tcp from any to any 995 out via $pif setup keep-state

# PING
$cmd 00080 allow icmp from any to any in via $pif setup keep-state
$cmd 00081 allow icmp from any to any out via $pif setup keep-state

# TIME
$cmd 00090 allow tcp from any to any 37 out via $pif setup keep-state

# NTP
$cmd 00100 allow udp from any to any 123 out via $pif setup keep-state

# NNTP NEWS (i.e. news groups)
$cmd 00110 allow tcp from any to any 119 in via $pif setup keep-state
$cmd 00111 allow tcp from any to any 119 out via $pif setup keep-state

# WHOIS
$cmd 00120 allow tcp from any to any 43 in via $pif setup keep-state
$cmd 00121 allow tcp from any to any 43 out via $pif setup keep-state

# FBSD (make install & CVSUP)
$cmd 00130 allow tcp from any to any out via $pif setup keep-state uid root

# Deny all Netbios service
$cmd 00140 deny tcp from any to any 137 in via $pif
$cmd 00141 deny tcp from any to any 138 in via $pif
$cmd 00142 deny tcp from any to any 139 in via $pif
$cmd 00143 deny tcp from any to any 81 in via $pif

# MYSQL
$cmd 00120 allow tcp from any to any 3306 in via $pif setup keep-state
$cmd 00121 allow udp from any to any 3306 in via $pif setup keep-state

# PostgreSQL
$cmd 00120 allow tcp from any to any 5432 in via $pif setup keep-state

# TOMCAT
$cmd 00120 allow tcp from any to any 8080 in via $pif setup keep-state

# Coyote and Warp (Tomcat Java) connectors in Plesk 
$cmd 00120 allow tcp from any to any 9080 in via $pif setup keep-state
$cmd 00120 allow tcp from any to any 9008 in via $pif setup keep-state

$cmd 00150 deny log ip from any to any

De nieuwe firewall regels inladen:

# sh /etc/ipfw.rules
/etc/ipfw.rules.jdn

In /etc/sysctl.conf kan een instelling gemaakt worden waardoor loggen na volgende herstarts wordt ingeschakeld:

net.inet.ip.fw.verbose_limit=5

Je kunt controleren of de instellingen verwerkt zijn:

# ipfw -t list

Links