compiling of nginx + https(ssl) needs openssl source code

STEP1 ) configure ; make ; make install

$ su -
# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2d.tar.gz
# tar -zxvf openssl-1.0.2d.tar.gz
$ cd /home/endo/tmp
$ wget http://nginx.org/download/nginx-1.9.3.tar.gz
$ tar -xzvf nginx-1.9.3.tar.gz
$ cd nginx-1.9.3
$ ./configure --prefix=/home/endo/local/nginx19 
              --with-http_ssl_module 
              --with-openssl=/usr/local/src/openssl-1.0.2d
$ make
$ make install

STEP2 ) configure of nginx

$ vi /home/endo/local/nginx19/conf/nginx_ssl.conf
worker_processes  1;

error_log  /dev/stdout;

events {
    worker_connections  1024;
}

http {
    access_log /dev/stdout;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            root   /home/endo/local/nginx19/html;
            index  index.html;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }

    server {
        listen       443 ssl;
        server_name  localhost;

        ssl_certificate      /home/endo/local/sslproxy/server.crt;
        ssl_certificate_key  /home/endo/local/sslproxy/server.key;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;

        location / {
            root   /home/endo/local/nginx19/html;
            index  index.html;
        }
    }
}

STEP3 ) start nginx + https(ssl)

$ su -
# /home/endo/local/nginx19/sbin/nginx 
   -c /home/endo/local/nginx19/conf/nginx_ssl.conf

Joint probability, Conditional probability, Addition of Probability, Multiplication of probability, Bayes

######## legend
━: Sample space、★:Event
[tex:P(X)]

┏━━ U┓
┃┌X ┐┃
┃│★│┃
┃└─┘┃
┗━━━┛
######## Joint probability – P(X,Y)
Event X and Y B occur at the same time.

┏━━━━━━U ┓
┃┌── X┐ ┃
┃│ ┌ Y┼─┐┃
┃│ │★│ │┃
┃└─┼─┘ │┃
┃ └───┘┃
┗━━━━━━━┛
######## Conditional probability – P(X|Y)
X occor , while Y occur.

┌──────U ┐
│┌X ──┐ │
││ ┏Y ┿━┓│
││ ┃★│ ┃│
│└─╂─┘ ┃│
│ ┗━━━┛│
└───────┘
######## Addition theorem of Probability
Relation of Joint probability:P(X,Y) and probability:P(X)
can be expressed by the following math-formula.

######## Multiplication theorem of Probability
Relation of Joint probability:P(X,Y) , Conditional probability:P(Y|X)
and Marginal probability:P(X)
can be expressed by the following math-formula.

######## Bayes

The above equation is satisfied than multiplicative theorem, and dividing the second & third terms in the P (Y),you can derive the following equation.

http://sites.nicholas.duke.edu/statsreview/probability/jmc/

 

 

install BeautifulSoup module for python from src

Practice for installing python module from source code.


$ wget http://www.crummy.com/software/BeautifulSoup/bs4/download/4.4/beautifulsoup4-4.4.0.tar.gz
$ tar -zxvf beautifulsoup4-4.4.0.tar.gz
$ cd beautifulsoup4-4.4.0
$ /usr/local/bin/python build
running build
running build_py
creating build
creating build/lib
creating build/lib/bs4
copying bs4/dammit.py -> build/lib/bs4
copying bs4/__init__.py -> build/lib/bs4
copying bs4/element.py -> build/lib/bs4
copying bs4/diagnose.py -> build/lib/bs4
copying bs4/testing.py -> build/lib/bs4
creating build/lib/bs4/tests
copying bs4/tests/test_builder_registry.py -> build/lib/bs4/tests
copying bs4/tests/test_soup.py -> build/lib/bs4/tests
copying bs4/tests/__init__.py -> build/lib/bs4/tests
copying bs4/tests/test_lxml.py -> build/lib/bs4/tests
copying bs4/tests/test_html5lib.py -> build/lib/bs4/tests
copying bs4/tests/test_htmlparser.py -> build/lib/bs4/tests
copying bs4/tests/test_docs.py -> build/lib/bs4/tests
copying bs4/tests/test_tree.py -> build/lib/bs4/tests
creating build/lib/bs4/builder
copying bs4/builder/_html5lib.py -> build/lib/bs4/builder
copying bs4/builder/__init__.py -> build/lib/bs4/builder
copying bs4/builder/_htmlparser.py -> build/lib/bs4/builder
copying bs4/builder/_lxml.py -> build/lib/bs4/builder
$ su
# /usr/local/bin/python install
running install
running bdist_egg
running egg_info
writing requirements to beautifulsoup4.egg-info/requires.txt
writing beautifulsoup4.egg-info/PKG-INFO
writing top-level names to beautifulsoup4.egg-info/top_level.txt
writing dependency_links to beautifulsoup4.egg-info/dependency_links.txt
reading manifest file 'beautifulsoup4.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'beautifulsoup4.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
creating build/bdist.linux-x86_64/egg/bs4
copying build/lib/bs4/dammit.py -> build/bdist.linux-x86_64/egg/bs4
copying build/lib/bs4/__init__.py -> build/bdist.linux-x86_64/egg/bs4
copying build/lib/bs4/element.py -> build/bdist.linux-x86_64/egg/bs4
creating build/bdist.linux-x86_64/egg/bs4/tests
  :
Installed /usr/local/lib/python2.7/site-packages/beautifulsoup4-4.4.0-py2.7.egg
Processing dependencies for beautifulsoup4==4.4.0
Finished processing dependencies for beautifulsoup4==4.4.0

			

lzop and pigz is faster than gzip

pigz is a parallel implementation of gzip for multi-processor, multi-core machines

######## install lzo & lzop

$ wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.09.tar.gz
$ tar -zxvf lzo-2.09.tar.gz
$ cd lzo-2.09
$ ./configure
$ make
$ make check
$ make test
$ su
# make install

$ wget http://www.lzop.org/download/lzop-1.03.tar.gz
$ tar -zxvf lzop-1.03.tar.gz
$ cd lzop-1.03
$ ./configure
$ make
$ make check
$ su
# make install

######## install pigz

$ wget http://zlib.net/pigz/pigz-2.3.3.tar.gz
$ tar -zxvf pigz-2.3.3.tar.gz
$ cd pigz-2.3.3
$ make
$ su
# cp pigz unpigz /usr/local/bin/

######## result of gzip and pigz

check core size

$ lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                16
On-line CPU(s) list:   0-15
Thread(s) per core:    2
Core(s) per socket:    8
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 62
Stepping:              4
CPU MHz:               1200.000
BogoMIPS:              5187.27
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              20480K
NUMA node0 CPU(s):     0-15

$ ls -lh
-rw-r--r-- 1 endo wheel  4.2G  7月 17 16:08 2015 mysql_db.dmp

$ time gzip mysql_db.dmp
real    1m37.250s
user    1m34.702s
sys     0m1.808s

$ time pigz mysql_db.dmp
real    0m13.212s
user    2m40.971s
sys     0m2.771s

netcat (nc)

source code analyzer for vulnerability – RATS (Rough Auditing Tool for Security)

####SYNOPSIS

RATS is introduced by IPA secure programming course .
http://www.ipa.go.jp/security/awareness/vendor/programmingv2/contents/c004.html

RATS detects vulnerability of c/c++ , perl , php , python.
In Perl, RATS detects risky built-in functions.
https://security.web.cern.ch/security/recommendations/en/codetools/rats.shtml

I think that Perl::Critic detects same level.
http://search.cpan.org/perldoc?Perl%3A%3ACritic
So I use Perl::Critic after this…

####install
You need expat(xml parser) separately.

$ wget https://rough-auditing-tool-for-security.googlecode.com/files/rats-2.4.tgz
$ configure
$ make
$ make check
$ su
# make install

#### execute (analyze)

$ cd /path/to/perl/proj/lib
$ rats --html . > ~/tmp/rats.html

RATS outputs result of analyze in html , as below.

Entries in perl database: 33
Entries in ruby database: 46
Entries in python database: 62
Entries in c database: 334
Entries in php database: 55
   :
Severity: High
Issue: connect
The second argument specifiying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to connect to an arbitrary remote address, enabling hijacking of potentially sensitive network data. 
File: ./Xing/Model/AS400.pm
Lines: 134
File: ./Xing/DBI.pm
Lines: 14 31
Severity: Medium
Issue: open
The filename argument of open should be carefully checked if it is being created with any user-supplied string as a compontent of it. Strings should be checked for occurences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed. 
File: ./Xing/Template.pm
Lines: 58 684
File: ./Xing/Print/Juchuu.pm
  :

edit hosts file via Android Device Monitor in android studio and adb shell

####STEP1 remount /system as writable dir by adb shell

By default “/system” is readonly , so you re-mount “/system”.

DOS> C:\Users\endo\AppData\Local\Android\sdk\platform-tools\adb.exe shell
root@generic_x86:/ # mount -o rw,remount /system
root@generic_x86:/ # ls -l /system/etc/hosts
ls -l /system/etc/hosts
-rw-r--r-- root     root           25 2015-02-14 16:43 hosts

####STEP2 start Android Device Monitor from Menu Bar in android studio

####STEP3 get /system/etc/hosts from virtual device and edit

####STEP4 put new hosts file to /system/etc/hosts

If you have a below error messege , you should remount /system as writable dir by adb shell

[2015-07-18 18:16:00 - ddms] transfer error: Read-only file system
[2015-07-18 18:16:00] Failed to push selection: Read-only file systemw

access control of entrie’s attribute (read write etc.) in slapd.conf ( openldap )

####STEP1 – add semi-manager user

Sampledesk is a user, who edits entrie’s data via ldap cliant (ex. LdapAdmin.exe ).

$ vi ~/tmp/add_helpdesk_dept_and_user.ldif

dn: cn=HelpDesk,dc=my-domain,dc=com
objectclass: organizationalRole
cn: HelpDesk

dn: cn=sampledesk,ou=helpdesk,dc=smart-heim,dc=com
objectClass: person
cn: sampledesk
sn: sampledesk
userPassword: {SHA}YyylynHcSfZ4rukYJCWrHe34L+U=

$ /usr/local/openldap/bin/ldapadd -x \
      -D cn=Manager,dc=my-domain,dc=com -w $ROOT_PW \
      -f ~/tmp/add_helpdesk_dept_and_user.ldif

####STEP2 edit slapd.conf

You add below “access to” settings in slapd.conf. And restart openldap (slapd).

$ su -
# vi /usr/local/openldap/etc/openldap/slapd.conf
   :
access to attrs=mail,displayName,memberSid,uidAlias
  by dn="cn=samplehelp,ou=HelpDesk,dc=my-domain,dc=com" write
  by anonymous read
  by * none
access to attrs=userPassword
  by dn="cn=samplehelp,ou=HelpDesk,dc=my-domain,dc=com" write
  by anonymous auth
  by * none
access to *
  by dn="cn=samplehelp,ou=HelpDesk,dc=my-domain,dc=com" read
  by anonymous read
  by * none

####For Your Information – priority of access

|none     | 0 |=0     |
|disclose | d |=d     |
|auth     | x |=xd    |
|compare  | c |=cxd   |
|search   | s |=scxd  |
|read     | r |=rscxd |
|write    | w |=wrscxd|

stress (performance) test to cookie ticket page by apache bench (ab sends HTTPS GET or POST)

######## HTTP GET

$ /home/endo/local/apache80/bin/ab \
  -n 5000 \
  -c 10 \
  -v 2 \
  -C "iPlanetDirectoryPro=$AUTHEN_TICKET; HTTP_havi-id=$OTHER_COOKIE_VAL" \
  https://stress.test.hostname.example.com/

######## HTTP POST – ab needs 「-p」and 「-T」option

$ /home/endo/local/apache80/bin/ab -h
Usage: ab [options] [http://]hostname[:port]/path
Options are:
    -n requests     Number of requests to perform
    -c concurrency  Number of multiple requests to make
     :
    -p postfile     File containing data to POST. Remember also to set -T
    -T content-type Content-type header for POSTing, eg.
                    'application/x-www-form-urlencoded'
                    Default is 'text/plain'
     :

according to apache bench’s help (above) , ab’s command line sample is below.
Key points is “-p” and “-T” option.

$ /home/endo/local/apache80/bin/ab \
  -n 1000 \
  -c 10 \
  -v 2 \
  -p /home/endo/tmp/postdata.file \
  -T "application/x-www-form-urlencoded" \
  -C "iPlanetDirectoryPro=$AUTHEN_TICKET; HTTP_havi-id=$OTHER_COOKIE_VAL" \
  https://stress.test.hostname.example.com/

/home/endo/tmp/postdata.file is below.

$ cat /home/endo/tmp/postdata.file
year=2015&month=12