So I got several AIX boxes hosting Oracle EBS. Since the company that I work for is obliged to follow SOX 404 standard, and that means no root password sharing for each administrators. Hence, I need to create a user for each administrators, and grant them a root equivalent right.

One approach to do this on Linux (and HP-UX) box is by changing each administrator account UID number to 0, essentially making all login from those account to be forwarded to root. The problem with this approach is that those account will use all config and history or log files of the root account. For example, when you look at .history file, you won’t be able to tell which user perform what, since all activity from each account will be recorded as if it was performed by root.

What I can do is to use sudo, that will allow you to delegate root access to certain user or group of user. Here is a little how to on installing sudo.

1. Get the source here , as of the time of writing the current stable one is 1.7.2p1
2. Since You will need to compile sudo from the source, make sure the C compiler is installed, and can be called. You can purchase a license for C compiler from IBM, or you can always use the good old GCC. To check, simply type “cc”.
   if the output is similar to this :

   # cc
   ksh: cc:  not found.

   Then either the C compiler is not installed, or simply that it is not on your path. In my case it was the later. “cc” from the xlC compiler was installed on “/usr/vac/bin”. So what you can do is either create a symlink of “cc” to “/usr/sbin” or “/sbin”, or to add “/usr/vac/bin” to your path. To temporarily ad “/usr/vac/bin” to your path, type the following :

   # export PATH=$PATH:/usr/vac/bin

   Test it by running “cc -qversion” if you’re running the xlC compiler, or “cc –version” if you are using GCC.

   # cc -qversion
   IBM XL C/C++ Enterprise Edition for AIX, V9.0
   Version: 09.00.0000.0000

3. Untar the source, and then compile.

   # gunzip sudo-1.7.2p1.tar.gz
   # tar xvf sudo-1.7.2p1.tar
   # cd sudo-1.7.2p1
   # ./configure
   # make
   # make install

   The steps above should install sudo executables, sudo in /usr/local/bin and visudo in /usr/local/sbin. I believe that both directories are not on your $PATH. for ease of use, create a symlink for both of the executables :

   # ln -s /usr/local/bin/sudo /usr/bin/sudo
   # ln -s /usr/local/sbin/visudo /usr/sbin/visudo

4. I assume that all account that will be used by administrator team has already been created. The correct way of creating user account is by using “smit user”. Put all administrators account in one group, in my case “wheel”. To do this, use “smit group”

   # smit group

   Go to “Add a Group”, put “wheel” on Group Name. Go to USER List and press F4 or Escape+4 to get the list of available user. Mark each administrator accounts with F7 or Escape+7. If you’re done, press Enter

5. Find and edit the /etc/sudoers configuration using visudo

   # visudo

   uncomment the following line :

   %wheel ALL=(ALL) ALL

   Save. Log out from the root account.

We’re done To use sudo simply do “sudo command-name”. For example, to create a folder /opt/sources using sudo, type :

$ sudo mkdir /opt/sources

]]> http://kirayamato04.wordpress.com/2009/12/03/queens-blade-s2-eps-11-sneak-peek-ecchi/ Thu, 03 Dec 2009 13:42:46 +0000 kirayamato04 http://kirayamato04.wordpress.com/2009/12/03/queens-blade-s2-eps-11-sneak-peek-ecchi/

Ecchi scenes

Other screenshots

Bẵng đi một thời gian từ bài viết cuối cùng giờ tớ mới có thời gian viết một cái gì đó thư giãn .
Đợt này có việc phải liên quan tới python nên cũng chịu khó bắt đầu với nó một chút. Với một ngôn ngữ lập trình thì người lập trình viên thường bắt đầu bằng việc tìm một trình soạn thảo hoặc một IDE cho ngôn ngữ mình cần sử dụng. Có rất nhiều IDE cho python mà mọi người có thể bắt đầu và đó luôn là lựa chọn phù hợp cho những dự án lớn. Tuy nhiên, đôi khi chúng ta chỉ cần viết một vài dòng lệnh cho một script nho nhỏ và điều cần thiết chỉ là một trình soạn thảo với hỗ trợ cho ngôn ngữ đó là đủ. Cũng như rất nhiều người sử dụng linux, tớ thường dùng vim cho các công việc chỉnh sửa, tạo các tệp tin với nội dung ngắn nên quyết định tìm một vài plugins nho nhỏ cho vim để tiện sử dụng sau này.
Do Python là ngôn ngữ rất chú trọng về thụt dòng trong syntax nên sau một hồi tìm hiểu, tớ quyết định theo chuẩn PEP-8 và do mặc định vim sử dụng 8 ký tự trắng cho một ký tự tab nên để thay đổi cho đúng theo chuẩn và nhờ có anh bạn google tớ đã tìm được bài viết này để chỉnh được vim hỗ trợ thụt dòng theo ý muốn.
Nếu ai đó tham lam, chỉnh sửa, tạo nhiều tệp tin trong một phiên làm việc với vim thì plugin này là một lựa chọn rất tốt, nó cho phép chuyển qua lại các tệp tin được nạp vào vim tại thời điểm chỉnh sửa như làm việc với nhiều tabs trong nhiều trình soạn thảo khác.
Cuối cùng, để làm việc với một tệp tin dài, với nhiều hàm con, lớp thì việc chuyển qua lại giữa những thành phần đó trong vim được một plugin hỗ trợ rất tốt, đó là taglist.
Trên đây chỉ là những giới thiệu nho nhỏ về hỗ trợ của vim cho python, còn rất rất nhiều plugin hữu ích cho vim hỗ trợ các ngôn ngữ lập trình cũng như công việc nhất định khác mà mọi người có thể tham khảo .
Tuần mới vui vẻ !

Ecchi scenes

Other screenshots

Everyone uses passwords. Be it for online accounts or local computer accounts, they must be secure. The problem with the security is that it may be hard to remember complex passwords. That is where pwgen comes in.  It is a small command line utility that generates secure, memorable passwords. You can customize the password from being very memorable to being very secure. Pwgen allows you to do this by allowing you to specify whether to include numbers, capital letters, vowels, and special symbols.

1. Installing in Ubuntu is as simple as opening Synaptic (System>Administration>Synaptic) and installing the pwgen package or typing in a Terminal:

sudo apt-get install pwgen

2. To run it, start up Terminal (Applications>Accessories>Terminal) and type in pwgen. This will generate a bunch of passwords using the default settings:

oloo6Xu8 ohjup8Oo Ain1ohxi chov7Shi
oGh4io5o Tooshu0u iebae6iZ gachae3O
...
Ahsh1ais Jee0eeSh Iene0naa Iefo1tav

3. To change the settings run pwgen with different parameters:

-c >> Include at least one capital letter in the password
-A >> Don’t include capital letters in the password
-0 >> Don’t include numbers in the password
-y >> Include at least one special symbol in the password

Example:
pwgen -A
oox4xeit eihikao8 iov6oong iphith7e
shairai0 so4uhau4 see1maep oo4ookei
...
wieh3yai nei9gie6 yoogahw7 ieve8oov

4. To see all the available options, type: pwgen --help

The official site for the program is: http://pwgen.sourceforge.net/

By AJ Lieberman (writer), Riley Rossmo (artist)

The Story: Nix and the Cowboy Ninja Viking saddle up and head out to Japan to take down Ammo, but the Triplet’s not going down without a fight, and may actually be serving a larger endgame than anyone realized.

The Good: I’d read recently that CNV has been upgraded from a limited to an ongoing series, and I think that’s about the finest compliment you can pay a book like this. Lieberman and Rossmo have the makings of an insanely fun book on their hands here, and this issue just goes to show the last one wasn’t a fluke. Lieberman’s writing is smart and manic, gleefully chomping on bits of Tarantino dialogue and plot points from Alias and spitting the whole mess out on paper. You’d think that would make for a fairly disgusting, regurgitated mess, but you’d be wrong. These guys fully understand the genres and conventions they are exploiting, and they do it with a wink and a knowing smile. I like that this issue brought out Duncan’s character and made him more human, and I think the extent to which Lieberman can bring that out of Duncan will only fuel the success of this book. Rossmo’s art is perfect for CNV. I didn’t care for it one bit on Proof, but his frenzied style is exactly what this comic needs. Under Rossmo’s direction, the fight sequences between Cowboy Ninja Viking and Pirate Gladiator Oceanographer take on the kind of furious intensity worthy of only the finest summer blockbusters, know what I mean?

The Not So Good: I’ve got two small issues that are still annoying me. The first is the use of the mono tones Rossmo uses to color the book. Last month it was blue, this month it’s red. Is it going to be green next month? Purple? Don’t know, and I don’t care, because frankly I think Rossmo’s art here, as well as the overall design of the book, is strong enough that it doesn’t need any color at all. The tones are an eye sore, but I don’t expect that to change. Also, I’m still not convinced yet that this idea of the Triplets is anything more than a gag. I’m sure this is a point Lieberman will address in forthcoming issues so I’m more than willing to ride this one out and see where it takes me.

Conclusion: Is there a point to teaching each aspect of a person suffering from Multiple Personality Disorder how to be an assassin, or does it just make for some fun, brutal storytelling? I’m not sure yet, but I do know that I’m having a good time reading this comic, and at the end of the day isn’t that what counts?

Grade: B

-Tony Rakittke

LOL, was hoping they all are going to strip naked together since all of them are in their bikinis. Dunno whether this is the last part of the OVA series, but dont worry since there will be more when its second season dvd is out

Download link HERE

Ecchi scenes

Other screenshots

IPFW:check-state/keep-state advanced stateful rules.  By Joe Barbish  07/22/2002  All rights reserved.
As most new ipfw users, I had a typical ipfw rules file built from the simple stateful rules in rc.firewall. I had originally been using user ppp with it’s internal Nat function, but went to natd as the simple stateful type in rc.firewall showed. Since the sample rc.firewall (simple) was pretty much just what I wanted to do, I just assumed this was the correct and proper way, so I cut out the simple type code from rc.firewall to create my own ipfw firewall rules. In searching FBSD and the many sites found by google search I saw many many other people before me had done the same thing. From a technical point of view the whole rc.firewall file is based on simple stateful rules using setup/established with some stateless rules thrown in. As a new ipfw user I did not know the difference and the comments sure did not call out the difference.
When I tried to change my simple stateful [established/setup] to advanced stateful [check-state/keep-state] rules, I kept having trouble with ip address being mismatched. Technically the mismatches showed up in /var/log/security as packets that got denied by the (default deny everything rule) for all packets that reach the end of the rule set with out matching any rule. Configuration looked like this.
Divert natd (network address translation)                   (                   (LAN PC’s  < — > IPFW  < — >  internetPrivate IP     advanced        public ip  Address      stateful rules    address
I spend weeks playing around trying different combinations of ipfw rules, but kept having mismatches in the dynamic table. Finally I removed the natd divert rule from the ipfw rules set and deactivated natd in rc.conf and re-activated ppp -Nat in rc.conf, and the advanced stateful [check-state/keep-state] rules started to work. Configuration looked like this.

LAN PC’s  < — > IPFW  < — >  user ppp -nat < — > internetPrivate IP     advanced        network address      public ip  Address      stateful rules    translation           address
In this configuration IPFW only knows the private ip address on the LAN and the advanced stateful rules functioned just like described in the man documentation.
I wrote emails to the IPFW authors, gave then 2 documented examples of rules sets using exclusively advanced stateful rules and user ppp dial up ISP, the only difference was one used user ppp -nat and did not have the divert natd rulecd ../ one had the divert natd rule and no user ppp -nat and did not work. After much conflicting correspondences the results were that they were not going to do anything about it and I was left on my own.
The real problem here is ipfw advanced stateful rules are relatively new to the IPFW program (FBSD version 4.0 year 2000) and still does not fit cleanly into the divert natd program logic.
IPFW was originally designed as a firewall using stateless rules and/or simple stateful rules which is nothing more than an rules file coding logic technique based on the TP flags setup/established. Using these very primitive type of rules IPFW function’s correctly. When advanced stateful rules are used to tighten down the control of packets passing through the firewall by dynamically creating an internal rules table based on the by-directional exchange of packets which have to match the pre-known ip address, flow direction, and packet sequence numbers the divert natd function malfunctions. This problem is not limited to dial up internet access, but also occurs for ‘all ways on’ environments (DSL, Cable, T1) with or without DHCP support.
Many users reach this point using the advanced check-state/keep-state stateful rules and go back to simple stateful rule set using established/setup simple because they can not get the advanced stateful rules to work. The rc.firewall file was created for FBSD 2.0 and has not been updated to exclusively utilize the advanced stateful rule set, so it is a very poor example to be using for your ipfw rules set.
Cable internet access became available in my area and I was forced to revisit the divert natd / advanced stateful rules again because (DSL, Cable, T1) ‘all ways on’ environments normally use the ISP’s DHCP server to get it’s network configuration information so user ppp -nat is not used in this case. This meant I had to use the divert natd ipfw statement to provide the NAT function so I could use private ip address for my LAN because my cable ISP only issues one dynamic public ip address per customer account.
After many days of trial and error testing I finally found an rules coding logic which functioned correctly using exclusively advanced check-state/keep-state stateful rules and the divert natd rule statement. Normally the rule to allow the packets from local LAN Nic cards to pass through the ipfw firewall come before the divert natd rule as seen in the rc.firewall file. But for advanced stateful rules it has to be moved after the divert natd rule and the ‘keep-state’ option has to be used so the dynamic rules table knows about the packet activity before they get passed through the rules file the second time. Technically this means each packet will have 2 sets of dynamic table rules, one set for the private Nic interface and one for the public Nic interface. This is an resource waste, decreases performance, and not necessary if the nat function is done outside of ipfw.
The simplest and best solution to the advanced stateful rules problem is to use ‘user ppp -nat’ for all dialup ISP environments and have no divert natd rule in the ipfw rules file.  For all DSL, cable, and T1 connection where the ISP’s DHCP is used to configure FBSD’s public network you have to use the divert natd rule in your ipfw rules set followed by this rule for each private Nic interface,  ’allow all from any to any via xl0 keep-state’
where xl0 is the private Nic card interface device name. This solution has been tested in FBSD version 4.5 & 4.6.
The IPFW rules listed below are my current firewall rules file configured for a cable divert natd environment. Here are the matching /etc/rc.conf optionsifconfig_rl0=”DHCP”ppp_enable=”NO”             natd_enable=”YES”natd_interface=”rl0″natd_flags=”-dynamic”firewall_enable=”YES”                 firewall_script=”/etc/ipfw.rules.conf”

For an user ppp dialup modem ISP connection using ‘divert natd’ make following changes to the ipfw rules below   Change  oif=”rl0″  to  oif=”tun0″
Here are the matching /etc/rc.conf options#ifconfig_rl0=”DHCP”ppp_enable=”YES”ppp_mode=”ddial”             ppp_profile=”papchat”        ppp_nat=”NO”                       natd_enable=”YES”natd_interface=”tun0″natd_flags=”-dynamic”firewall_enable=”YES”                 firewall_script=”/etc/ipfw.rules.conf

For an user ppp dialup modem ISP connection using ‘user ppp -nat’ make following changes to the ipfw rules belowChange  oif=”rl0″  to  oif=”tun0″  Add    $cmd 00130 allow all from any to any via xl0Delete $cmd 00150 divert natd all from any to any via $oifDelete $cmd 00210 allow all from any to any via xl0 keep-state
Here are the matching /etc/rc.conf options#ifconfig_rl0=”DHCP”ppp_enable=”YES”ppp_mode=”ddial”             ppp_profile=”papchat”        ppp_nat=”YES”                       natd_enable=”NO”#natd_interface=”tun0″#natd_flags=”-dynamic”firewall_enable=”YES”                 firewall_script=”/etc/ipfw.rules.conf

Following the rules file below are some other IP stack security options which are specified in the /etc/rc.conf file and kernel that you can use as a guide to configure your own world.
/etc/ipfw.rules.conf############################################################################# Define IPFW firewall rules for gateway.poweruser.net # 7/04/2002  Joe Barbish  ##   Cable modem connection to ISP with dynamic IP addresses assigned.#   Private Ip address used inside.#   3 win98 boxes on LAN with DHCP used for auto private network configure. #   Protect the whole private network from loss of service attacks#   These rules can be reloaded with out rebooting by issuing this command#   sh /etc/ipfw.rules.conf##   The use of ‘me’ in rules means IP address 127.0.0.0 localhost #   # Firewall Policy Statement.#   Each public internet function must be explicitly allowed by a rule.#   Only valid response to the packets I’ve sent out are allowed in.#   All packets must use the IPFW advanced “dynamic” rules function.#   No state-less rules or simple-stateful rules are allowed to grant#   internet function.#############################################################################
# Flush out the list before we begin./sbin/ipfw -q -f flush
# Set rules command prefix# The -q option on the command is for quite mode. # Do not display rules as they load. Remove during development to see.cmd=”/sbin/ipfw -q add”
# Set defaults  # set your outside interface network device name and # domain name servers IP address to values issued by your ISP.

oif=”rl0″                  # Nic card to cable modem public internet connectionodns1=”24.50.201.66″       # ISP’s dns server 1 IP addressodns2=”24.52.201.66″       # ISP’s dns server 2 IP address
# Set these to your inside interface network and ip address rangeiif=”xl0″                  # Nic card to private internal Local area network

# This is the start of the rules. # All traffic coming in from the internet or# leaving the local LAN start here

# Internal gateway housekeeping# Rules # 100 exempt everything on localhost behind the firewall from this rules set.# Rules # 110 & 120 deny the reference to the localhost default IP address.$cmd 00100 allow all from any to any via lo0  # allow all localhost$cmd 00110 deny log  all from any to 127.0.0.0/8  # deny use of localhost IP $cmd 00120 deny log  all from 127.0.0.0/8 to any  # deny use of localhost IP

# This does the  Network Address translation of every packet coming in# or going out over the public internet.
$cmd 00150 divert natd all from any to any via $oif
#*** TESTING PURPOSES ONLY *** TESTING PURPOSES ONLY *** TESTING PURPOSES ONLY# The following rule if un-commented will change the behavior of this# Firewall rule set from closed to completely open, thus bypassing all of the# following rules. This single rule is placed here for TESTING PURPOSES ONLY.#$cmd 00160 allow log logamount 500 all from any to any#$cmd 00161 allow all from any to any

########  control section  ############################################# Start of IPFW advanced Stateful Filtering using “dynamic” rules.# The check-state statement behavior is to match bi-directional packet traffic# flow between source and destination using protocol/IP/port/sequence number. # The dynamic rule has a limited lifetime which is controlled by a set of# sysctl(8) variables. The lifetime is refreshed every time a matching# packet is found in the dynamic table.
# Allow the packet through if it has previous been added to the # the “dynamic” rules table by an allow keep-state statement. $cmd 00200 check-state
# Run all private Lan packet traffic through the dynamic rules# table so the IP address are in sync with Natd.$cmd 00210 allow all from any to any via xl0 keep-state
# Deny all fragments as bogus packets $cmd 00250 deny all from any to any frag in via $oif
# Deny  ACK packets that did not match the dynamic rule table$cmd 00260 deny tcp from any to any established in via $oif

########  outbound section  ############################################# Interrogate packets originating from behind the firewall, private net.# Upon a rule match, it’s keep-state option will create a dynamic rule.
# Allow out non-secure standard www function$cmd 00300 allow tcp  from any to any 80  out via $oif setup keep-state
# Allow out secure www function https over TLS SSL$cmd 00301 allow tcp  from any to any 443 out via $oif setup keep-state
# Allow out access to my ISP’s Domain name server. $cmd 00310 allow tcp  from any to $odns1 53 out via $oif setup keep-state $cmd 00311 allow udp  from any to $odns1 53 out via $oif keep-state$cmd 00315 allow tcp  from any to $odns2 53 out via $oif setup keep-state  $cmd 00316 allow udp  from any to $odns2 53 out via $oif keep-state
# Allow out send & get email function$cmd 00330 allow tcp from any to any 25  out via $oif setup keep-state$cmd 00331 allow tcp from any to any 110 out via $oif setup keep-state
# Allow out & in FBSD (make install & CVSUP)  functions# Basically give user id root  ”GOD”  privileges.$cmd 00340 allow tcp from me to any out via $oif setup keep-state uid root
# Allow out & in console traceroot command$cmd 00342 allow udp from me to any 33435-33500 out via $oif keep-state  $cmd 00343 allow log icmp from any to me icmptype 3,11 in via $oif limit src-addr 2
# Allow out ping $cmd 00350 allow icmp from any to any   out via $oif keep-state
############ passive FTP rules to public Internet ####### Allow passive FTP control channel 21 & data high ports $cmd 00375 allow tcp  from me to any 21  out via $oif setup keep-state$cmd 00376 allow tcp  from me to any 10000-65000  out via $oif setup keep-state############ End of passive FTP rules to public Internet ######
# Allow out ssh $cmd 00380 allow tcp  from any to any 22   out via $oif setup keep-state
# Allow out TELNET $cmd 00390 allow tcp  from any to any 23    out via $oif setup keep-state
# Allow out Network Time Protocol (NTP) queries #$cmd 00394 allow tcp  from any to any 123   out via $oif setup keep-state#$cmd 00395 allow udp  from any to any 123   out via $oif keep-state
# Allow out Time $cmd 00396 allow tcp  from any to any 37    out via $oif setup keep-state$cmd 00397 allow udp  from any to any 37    out via $oif keep-state
# Allow out ident#$cmd 00400 allow tcp  from any to any 113   out via $oif setup keep-state#$cmd 00401 allow udp  from any to any 113   out via $oif keep-state
# Allow out IRC#$cmd 00410 allow tcp  from any to any 194   out via $oif setup keep-state#$cmd 00411 allow udp  from any to any 194   out via $oif keep-state
# Allow out whois$cmd 00412 allow tcp  from any to any 43    out via $oif setup keep-state$cmd 00413 allow udp  from any to any 43    out via $oif keep-state
# Allow out whois++#$cmd 00415 allow tcp  from any to any 63    out via $oif setup keep-state#$cmd 00416 allow udp  from any to any 63    out via $oif keep-state
# Allow out finger#$cmd 00420 allow tcp  from any to any 79    out via $oif setup keep-state#$cmd 00421 allow udp  from any to any 79    out via $oif keep-state
# Allow out nntp news$cmd 00425 allow tcp  from any to any 119   out via $oif setup keep-state$cmd 00426 allow udp  from any to any 119   out via $oif keep-state
# Allow out gopher#$cmd 00430 allow tcp  from any to any 70    out via $oif setup keep-state#$cmd 00431 allow udp  from any to any 70    out via $oif keep-state

########  inbound section  ############################################# Interrogate packets originating from in front of the firewall, public net.# Place statements here to allow public requests for service.
# Allow in www$cmd 00600 allow tcp from any to any 80 in via $oif setup keep-state limit src-addr 4
# Allow  TCP FTP control channel in & data channel out $cmd 00610 allow tcp from any to me 21  in via $oif setup keep-state limit src-addr 4$cmd 00611 allow tcp from any 20 to any 1024-49151 out via $oif setup keep limit src-addr 4
# Allow in ssh function $cmd 00620 allow log tcp from any to me 22 in via $oif setup keep-state limit src-addr 4
# Allow in Telnet  $cmd 00630 allow tcp from any to me 23 in via $oif setup keep-state limit src-addr 4
# Allow in Ping $cmd 00635 allow log icmp from any to me icmptype 0,8  in via $oif
# This sends a RESET to all ident packets.#$cmd 00640 reset log tcp from any to me 113  in via $oif limit src-addr 4
########  Catch all section  ############################################
#### Start Special rules for Adelphia Cable  #########################
#valid dhcp broadcast from Adelphia dhcp server$cmd 00700 allow UDP from 0.0.0.0 68 to 255.255.255.255 67 in via rl0
# valid FBSD dhcp client request for dns config info$cmd 00701 allow udp from me 68 to $odns1 67      out via rl0$cmd 00702 allow udp from $odns1 67 to me 68       in via rl0
# invalid bogus packets on Adelphia Cable network.$cmd 00705 deny udp from any to 255.255.255.255    in via rl0$cmd 00706 deny udp from 0.0.0.0 to any            in via rl0#               P:2$cmd 00707 deny all  from 192.168.100.1 to 224.0.0.1   in via rl0$cmd 00708 deny udp from $odns1 53 to me           in via rl0#### End Special rules for Adelphia Cable  #########################

# Stop & log external redirect requests.$cmd 00720 deny log icmp from any to any icmptype 5  in via $oif
# Stop & log spoofing Attack attempts.# Examine incoming traffic for packets with both a source and destination# IP address in my local domain as per CIAC prevention alert.$cmd 00730 deny log ip from me to me  in via $oif
# Stop & log ping echo attacks# stop echo reply (ICMP type 0), and echo request (type 8).$cmd 00740 deny log icmp from any to me icmptype 0,8  in via $oif
# Reject & Log all setup of tcp incoming connections from the outside$cmd 00750 deny log tcp from any to any  setup  in via $oif
# Reject & Log all netbios service. 137=name, 138=datagram, 139=session# netbios is ms/windows sharing services.$cmd 00760 deny log tcp from any to any 137,138,139  in via $oif$cmd 00761 deny log udp from any to any 137,138,139  in via $oif
# Reject all port 80 http packets that fall through to here.# These packets are auto spawn web page requests from within # original web page request.$cmd 00770 deny  tcp from any to any 80   out via $oif
# Everything else is denied by default # deny and log all packets that fell through to see what they are$cmd 00950 deny log logamount 500 all from any to any
################## End Of IPFW Firewall Rules  #########################

Other IP stack security options.The main run control configuration file /etc/rc.conf has a whole group of run time security options to control the flood of falsified packets entering the system which get control before IPFW evens knows their coming in.
The following is from my rc.conf file.
# Required IPFW  kernel firewall support# For more info see # www.onlamp.com/pub/a/bsd/2001/04/25/FreeBSD_Basics.html #
firewall_enable=”YES”                 # Start daemonfirewall_script=”/etc/ipfw.stdrules”  # run my custom rules if present                                      # sh /etc/ipfw.stdrules will load                                       # new rules file after editing.filewall_logging=”YES”                # Enable events logging

# Extra firewalling optionslog_in_vain=”YES”           # NO is default. YES enables logging of                             # connection attempts to ports that have no                            # listening socket on them. Put msg on consol
icmp_drop_redirect=”YES”    # YES will cause the kernel to ignore                            # ICMP REDIRECT packets.
tcp_drop_synfin=”YES”       # YES will cause the kernel to ignore TCP                            # frames that have both the SYN and FIN flags                            # set. Only available if the kernel was built                            # with the TCP_DROP_SYNFIN option.                            # change to NO if web server behind firewall.
tcp_restrict_rst=”YES”      # YES will cause the kernel to refrain from                             # emitting TCP RST frames in response to                             # invalid TCP packets (e.g., frames destined                            # for closed ports). This option is only                             # available if the kernel was built with the                            # TCP_RESTRICT_RST option.
syslogd_flags=”-ss”         # Don’t use network sockets so portscan          # will not find (security tip)
portmap_enable=”NO”         # Don’t allow nfs portmapper (security tip)

The  log_in_vain=”YES” option will post a message to the root console screen every time it stops a packet. This became very annoying so I changed the syslog to put these messages in the security log. All the ipfw messages that were going to the /var/log/security file was also going to the /var/log/message file. I did not think it was wise to be posting ipfw messages in more that one place, so I stopped them from going to the message file.  Below are the lines I changed in /etc/syslog.conf to make this happen.

The original lines.*.err;kern.debug;auth.notice;mail.crit /dev/console*.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messagessecurity.* /var/log/security
replaced by this lines# kern.info is where the log_in_vain messages come from. The following# will stop the log_in_vain messages from coming out on root console &# put them in the security log.  2/20/2002 Joe Barbish# remove kern.info messages from /dev/console & /var/log/messages# and put them into /var/log/security.*.err;auth.notice;mail.crit /dev/consolekern.notice;kern.=debug /dev/console*.notice;lpr.info;mail.crit;news.err /var/log/messageskern.notice;kern.=debug /var/log/messagessecurity.*;kern.=info /var/log/security

Another very obscure option is blackhole, new in FBSD 4.4
The blackhole sysctl(8) is used to control system behavior when connection requests are received on TCP or UDP ports where there is no socket listening.
Normal behavior, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a RST segment, and drop the connection. The connecting system will see this as a “Connection reset by peer”.
By setting the TCP blackhole MIB to a numeric value of 1, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole.
By setting the MIB value to 2, any segment arriving on a closed port is dropped without returning a RST.  This provides some degree of protection against stealth port scans.
In the UDP instance, enabling blackhole behavior turns off the sending of an ICMP port unreachable message in response to a UDP datagram which arrives on a port where there is no socket listening. It must be noted that this behavior will prevent remote systems from running traceroute(8) to a system.
The blackhole behavior is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system. It could potentially also slow down someone who is attempting a denial of service attack.
The sysctl net.inet.tcp.blackhole=2 command can be entered from the command line and will be in effect until the next boot. The sysctl command can also be in the /etc/sysctl.conf file (which you must create) and if present will be activated during the boot process. Read man sysctl for command format to display settings of this option and some others that allow you to change to default dynamic rules time out values. For the really advanced technical ipfw user check out ipfw user patches at  http://people.freebsd.org/~cjc/
See http://bsdvault.net/sections.php?op=viewarticle&artid=57 for info on sysctl.
See http://www.practicallynetworked.com/sharing/app_port_list.htm  for a list of ports used by different applications.
/etc/sysctl.conf  file contents
sysctl net.inet.tcp.blackhole=2sysctl net.inet.udp.blackhole=1

Here are the statements for the kernel source to include IPFW in the kernel.## The following options add sysctl variables for controlling how certain # TCP packets are handled by the kernel. #options        ICMP_BANDLIM        # Enables icmp error response bandwidth                                      # limiting. This will help protect from                                       # D.O.S. packet attacks.option          TCP_DROP_SYNFIN       # Adds support for ignoring TCP packets                                       # with SYN+FIN. This prevents nmap from                                       # identifying the TCP/IP stack, but                                       # breaks support for RFC1644 extensions                                      # & is not recommended for web servers.
# not supported in 4.4 & newer#option          TCP_RESTRICT_RST     # Adds support for blocking emission of                                      # TCP RST packets. Useful in limiting                                       # SYN floods & port scanning.

# Enable kernel IPFW, the FBSD supplied packet filtering and accounting system# Has a FBSD supplied user land control utility ipfw.# option IPFIREWALL                  # Adds filtering code into kerneloption IPFIREWALL_VERBOSE          # enable logging thru syslogd(8)option IPFIREWALL_VERBOSE_LIMIT=10 # stop attack via syslog floodingoption         IPFIREWALL_IPDIVERT         # Enable NATD divert function

Oben ist ein von mir zufälliges gefundenes schönes Bild:)

Ich hätte jetzt in Berlin sein sollen…
Aber macht nix, ich habe mich auch darauf gar nicht gefreut.
Am nächten Wochenende werde ich mit einigen Freundinnen eine Oma besuchen! Ich freue mich schon!!

Also, wir habe sie unterwegs kennen gelernt. Sie möchten uns jetzt zum Essen einladen! Das ist ja ganz schön toll:)

Wie schön ist das Leben:)

In den letzten Wochen stolpere ich immer wieder über Nichts, im TV, in Reportagen und Gesprächen. Und immer dreht es sich um die Frage, was das Nix überhaupt sei.

Nichts – Wikipedia

Die Wissenschaft ist überzeugt unser bizarres Universum besteht zu 95% aus Nichts, aus Anti- Energie, Anti- Materie und Dunkler Materie. Also sind nur 5% sichtbar. Wo spielt sich unser Dasein also ab? Auf 5% Realitaet! Das erinnert an Douglas Adams.

Die Menschheit denkt Dual. Unser Dasein definiert sich aus sich selbst heraus: SEIN! Das Fehlen von ETWAS  scheint den menschlichen Verstand soweit zu überfordern, dass er nicht nur Gott erschafft, sondern auch seinen Widersacher. Kein Licht ohne Dunkel! Laut wissenschaftlicher These ist das DUNKEL aber auch ein Energiezustand. Diesen können wir nur nicht erfassen.

Keine Angst, ich werde nicht esoterisch.

Unser Gehirn ist mit der Vorstellung des NICHTS völlig überfordert. Wir existieren und definieren uns durch SEIN. Der Tod, das absolute Ende ist dem Menschen unvorstellbar. Die Unendlichkeit des Universums ist schon so eine Sache, bei der unser Hirn aussetzt. Deshalb leben wir in einer Kugel, gibt es Götter etc… . Denn es besteht ein Unterschied zwischen Leere und NichtSEIN.

Wenn ich nun dem NIX eine Existenz zugestehe, die ich zu 95% nicht mitkriege, weil ich mich nur blöd in meinen zwei bis vier Dimensionen bewege, ja was dann?

Aber wenn das NIX nun auch ganz real nichts ist, ja was denn dann?

Sind Träume wirklich nur Schäume, ja was wenn nicht?

DON´T PANIC

Ecchi scenes

Other screenshots

Giới thiệu và cài đặt OpenSSH

Bài viết này có thể áp dụng cho hầu hết các Linux distro, tuy nhiên có vài câu lệnh được thực hiện trên hệ thống ubuntu, nếu thực hiện trên hệ thống khác, có thể bạn sẽ phải thay đổi vài chi tiết.

SSH ?

SSH là giao thức cho phép kết nối vào máy tính xuyên qua network, SSH được cài đặt theo mặc định trên hầu hết các bản phân phối linux, tuy nhiên để hệ thống cho phép kết nối thì bạn cần cài đặt gói openssh-server, thông tin chi tiết tại trang chủ http://www.openssh.com

cài đặt OpenSSH:

$sudo apt-get install openssh-server

Kiểm tra OpenSSH:

$ps -e | grep ssh

Câu lệnh này sẽ liệt kê tất cả các tiến trình đang hoạt động trong hệ thống, lọc danh sách này và chỉ hiển thị tiến trình có chứa từ “ssh”, bạn sẽ thấy kết quả tương tự như sau:

717 ? 00:00:00 sshd

Điều này có nghĩa là OpenSSH đang hoạt động, nếu bạn không thấy gì từ câu lệnh trên thì hãy khởi động ssh như sau

$sudo /etc/init.d/ssh start

Cấu hình SSH:

Cấu hình SSH server, đầu tiên bạn cần chỉnh sửa hút xíu file cấu hình của OpenSSH, file cấu hình này thường nằm trong /etc/ssh/sshd_config, bạn có thể dùng trình soạn thảo nào đó như gedit, nano, vim …. bất cứ trình nào mà bạn thấy dể sử dụng, ỏ đây tôi dùng gedit

$sudo gedit /etc/ssh/sshd_config

Cấu hình này được định nghĩa theo mặc định, Bây giờ OpenSSH đã hoạt động tốt, bạn có thể kết nối vào hệ thống, nhưng vì lý do bảo mật nên bạn cần phải định nghĩa lại theo cách riêng, tùy thuộc vào chính sách bảo mật riêng, trong bài viết này tôi chỉ gợi ý một vài điều khi cần chỉnh sửa cấu hình này.

Đầu tiên là Port, trong hệ thống của chúng ta có tất cả 65535 port, mổi port giống như một cửa để hệ thống có thể giao tiếp với bên ngoài, ví dụ: khi bạn lướt web trên một browser, yêu cầu này đi ra ngoài theo port 80 (80 là port mặt định của http) và web server nào đó sẽ gửi trả lởi vào hệ thống của bạn theo port 80, 1024 port đầu tiên dùng để xác định giao thức, port 22 theo mặc định của SSH, điều này sẽ không tốt cho lắm, vì vậy bạn cần đổi port này với một port nào đó nằm trong giới hạn < 65535, theo lời gợi ý bạn nên đặt trong giới hạn từ 1500-5000.

Bạn có thể tham khảo danh sách các port tại:

http://www.iana.org/assignments/port-numbers

# What ports, IPs and protocols we listen for

Port 2000

Lưu lại cấu hình này và khởi động lại OpenSSH

$sudo /etc/init.d/ssh restart

Để kiểm tra kết quả, kết nối vào hệ thống của bạn theo port 2000

$ssh -p 2000 <address> -l <account> 

Leute, Leute! Gibt es denn eine Religion, die bei der anfallenden Zunahme von Sinn-Abwesenheit überhaupt etwas sagen kann? Keine Religion vermag dem Leben, wie es ist, zu begegnen. Das Leben ist so groß und gar nicht deutbar – auch nicht mit Religion. Was also, können wir tun? Klar, meine Spezialität ist, mich auf mein Meditationskissen zu setzen. Heute morgen jedoch entfuhr mir ein unwilliges “Ach, ist doch alles Quatsch!” Auch das, kann sehr befriedigend sein: Sich einfach gegen die Sinn-Abwesenheit auflehnen und das Universum anpöbeln. Und: weinen, weinen, weinen.

Từ khi upgrade lên Ubuntu 9.10 Karmic Koala thì không hiểu sao stardict (bộ từ điển) không hoạt động được bình thường, khởi động với quyền root thì tốt … tôi thừ reinstall lại xem sao …. nhưng kết quả vẫn không khả quan, vậy là tôi gỡ nó ra khỏi máy luôn, tôi gõ:

$sudo apt-get autoremove stardict

sau đó tôi xóa thư mục .stardict trong home directory

$sudo rm -rf .stardict

rồi tôi install lại

$sudo apt-get install stardict

tôi thử khởi động stardict xem thừ có tiến bộ chút nào không, tôi click vào biểu tượng của em nó …. hên quá, mọi chuyện lại bình thường, hoạt động tốt.



Ecchi scenes

Other screenshots

1. Hiển thị nội dung tập tin

$cat caigiday.txt

2. Thay đổi thư mục

$cd /home

3. Đổi quyền sở hữu tập tin theo nhóm

$chgrp <group> <caigiday.txt>

4. Đổi quyền truy xuất tập tin

$chmod +x caigiday.txt

5. Sao chép tập tin

$cp caigiday.txt caigiday_new.txt

6. Hiển thị ngày giờ hiện tại

$date

7. Hiển thị tình trạng các ổ đĩa

$df

8. Liệt kê nội dung trong thư mục

$dir
hoặc
$ls /thư mục nào

8. In kích thước thư mục

$du -h /bin

9. In dòng text

$echo in cái gì ….

10. Thoát khỏi shel

$exit

11. Tìm kiếm chuổi text

$fgrep “chuổi cần tìm” taptin.txt
hoặc
$grep “chuổi cần tìm” taptin.txt

12. Tìm tập tin

$find / -name “tim cai gi.txt”

tìm “tìm cái gì.txt” trong thư mục root “/”

13. Liệt kê tồng quát tình trạng bộ nhớ

$free

14. Liệt kê nhóm người dùng

$groups

15. Hiển thị phần đầu tập tin

$head -2 taptingi.txt
in hai dòng đầu tiên trong tập tin

16. Hiển thị tên của máy

$hostname

17. Kết thúc tiến trình

$kill <ID>
ID của tiến trình

$killall <ten tien trinh>

18. tạo kết nối đến tập tin

$ln -s data.txt link.txt

19. Xem cách sử dụng câu lệnh cần dùng

$man <câu lệnh gì>

20. In MD5 của tập tin

$md5sum taptin.txt

21. Tạo thư mục

$mkdir <thư mục gì>

22. Liệt kê và đến số dòng trong tập tin

$nl taptin.txt

23. Tìm ID tiến trình của chương trinh đang hoạt động

$pidof <tên của tiến trình>

24. Kiểm tra mạng/hệ thống

$ping http://tantoan.wordpress.com

// thỉnh thoảng có vài website sẽ không ping được vì admin dùng tường lữa chặn các gói icmp

25. Hiển thị cây quan hệ các tiến trình

$pstree

26. Hiển thị thư mục hiện tại

$pwd

27. Xóa tập tin

$rm taptin.txt

28. Xóa thư mục

$rm thumuc

29. Shutdown hệ thống

$shutdown -h now

30. Restart hệ thống

$reboot

31. In tình trạng tập tin

$stat taptin.txt

32. In tên hệ thống, phiên bản kernel, ngày giờ, bộ xử lý.

$uname -a

33. Ai đang đăng nhập & đang làm gì

$w

34. In số dòng trong tập tin

$wc -l taptin.txt

45. Tìm đường dẫn thư viện/mã nguồn/chương trình

$whereis bash

I can understand your frustration when it comes to getting rid of head lice. Yes I have been there before too much like you, with my daughter. The endless battles night after night, trying to treat head lice and kill nits.

Check out this Video!

Home Remedies For Head Lice – A Non Toxic Lice Solution. – Funny home videos are a click away
Be warned lice shampoos and conditioners are toxic chemicals and not good for children at all!

I thought I had things under control and managed they came back!

I have spent countless hours using a head lice comb and buying head lice shampoo only to find out later the problem was my technique.

The only absolute way of stopping nits and lice life cycle, is to shave your child’s head.

That was not an option for me at all, my daughter has beautiful long hair so shaving her head was NOT the head lice remedy. Imagine how your child would feel bald and what they would go through at school. They would be the laughing stock of the whole school.

Do you really want to get that embarrassing letter from the school nurse! Telling you your child has head lice.

They will call you and tell you not to have your child come back until the head lice and head lice nits are gone.

What I was suggested from a friend of mine to check out a natural home remedies for head lice removal. This natural home remedy had worked for them. I looked up the site and followed the step by step instructions which were easy to follow.

After many failed attempts at head lice treatment products. I was frustrated and wanted to get this problem solved forever!

Finally a head lice remedy that had worked! It was easy to follow and
guaranteed!

TRY IT TODAY!

Gone are the days of spending $7 for a little bottle of shampoo every 3 days that did no work for lice.

Gone are the days of purchasing a special electric nit comb at a cost of $20 at the drug store.

I’m sure you have been told about a great Head lice shampoo.

I bet the did not tell you that most of the lice shampoos are toxic!

I personally have battled with these lill critters many times using several different over the counter shampoos. I even sat my own child down and told her we might have to cut her hair off if we can’t get this under control.
You can carry on with your current methods of TOXIC Head Lice Treatment but be for warned! Those little bugs and nit eggs are tough to get rid of. They are immune to many of the lice shampoos now!

Your child may not be scratching there head for 2 days after the lice treatment BUT?

Did you get rid of the nits?? Are you sure you got them all??

Do you want to end head lice for good!

HEAD LICE FACTS

The average adult lice lay 8 eggs a day. Not to mention the eggs
they do lay are next to impossible to get out. The lice eggs are glued
(laid) to the base of a hair shaft close to the scalp and the natural glue is better than crazy glue.

If you look at a picture of head lice they are one tough bug. There
flat skinny bodies are tough to pick up in a nit comb. The ones you do get in a lice comb are just the adults but the lice nits remain.

I was suggested Home Remedies for Head Lice by a close friend of mine after her kids had head lice. I thought sure just another wives tale of using teetree oil and mayonnaise. To my surprise it was not that at all.

It was a total NON TOXIC natural head lice treatment that got the job done. I’m not just talking about getting rid of the adult lice but totally killing lice. Even the nits did not have a chance with

Home Remedies for Head Lice.

Normally I would be embarrassed telling you about my head lice battle I have had.

I just had to tell you that I truly found have found the best NON TOXIC Home Remedies for Head Lice.

Thanks Vikki! Your natural remedies for head lice worked!

My Daughter & I

My name is Dwane and I had to pass on this wonderful information about some good home remedies for head lice.

I can understand your frustration when it comes to getting rid of head lice. Yes I have been there before too much like you, with my daughter. The endless battles night after night, trying to treat head lice and kill nits.

Check out this Video!

Home Remedies For Head Lice – A Non Toxic Lice Solution. – Funny home videos are a click away
Be warned lice shampoos and conditioners are toxic chemicals and not good for children at all!

I thought I had things under control and managed they came back!

I have spent countless hours using a head lice comb and buying head lice shampoo only to find out later the problem was my technique.

The only absolute way of stopping nits and lice life cycle, is to shave your child’s head.

That was not an option for me at all, my daughter has beautiful long hair so shaving her head was NOT the head lice remedy. Imagine how your child would feel bald and what they would go through at school. They would be the laughing stock of the whole school.

Do you really want to get that embarrassing letter from the school nurse! Telling you your child has head lice.

They will call you and tell you not to have your child come back until the head lice and head lice nits are gone.

What I was suggested from a friend of mine to check out a natural home remedies for head lice removal. This natural home remedy had worked for them. I looked up the site and followed the step by step instructions which were easy to follow.

After many failed attempts at head lice treatment products. I was frustrated and wanted to get this problem solved forever!

Finally a head lice remedy that had worked! It was easy to follow and
guaranteed!

TRY IT TODAY!

Gone are the days of spending $7 for a little bottle of shampoo every 3 days that did no work for lice.

Gone are the days of purchasing a special electric nit comb at a cost of $20 at the drug store.

I’m sure you have been told about a great Head lice shampoo.

I bet the did not tell you that most of the lice shampoos are toxic!

I personally have battled with these lill critters many times using several different over the counter shampoos. I even sat my own child down and told her we might have to cut her hair off if we can’t get this under control.
You can carry on with your current methods of TOXIC Head Lice Treatment but be for warned! Those little bugs and nit eggs are tough to get rid of. They are immune to many of the lice shampoos now!

Your child may not be scratching there head for 2 days after the lice treatment BUT?

Did you get rid of the nits?? Are you sure you got them all??

Do you want to end head lice for good!

HEAD LICE FACTS

The average adult lice lay 8 eggs a day. Not to mention the eggs
they do lay are next to impossible to get out. The lice eggs are glued
(laid) to the base of a hair shaft close to the scalp and the natural glue is better than crazy glue.

If you look at a picture of head lice they are one tough bug. There
flat skinny bodies are tough to pick up in a nit comb. The ones you do get in a lice comb are just the adults but the lice nits remain.

I was suggested Home Remedies for Head Lice by a close friend of mine after her kids had head lice. I thought sure just another wives tale of using teetree oil and mayonnaise. To my surprise it was not that at all.

It was a total NON TOXIC natural head lice treatment that got the job done. I’m not just talking about getting rid of the adult lice but totally killing lice. Even the nits did not have a chance with

Home Remedies for Head Lice.

Normally I would be embarrassed telling you about my head lice battle I have had.

I just had to tell you that I truly found have found the best NON TOXIC Home Remedies for Head Lice.

Thanks Vikki! Your natural remedies for head lice worked!

Dwane J.

[wordless wednesday]

Trong hệ thống Linux/Windows, mổi chương trình/shell khi hoạt động sẽ tạo ra một/nhiều tiến trình (processes) với các luồng (Thread) khác nhau, những tiến trình này có nhiều trạng thái như: đang được sử lý, tạm dừng, bị hủy.. tùy thuộc vào tính hoạt động của tiến trình mà Linux & CPU xử lý theo nhiều trạng thái khác nhau.
Linux cung cấp một số công cụ hỗ trợ người dùng điều khiển những tiến trình này, chỉ người sử dụng (User) khởi động tiến trình mới có thể điều khiển tiến trình, trừ khi có sự can thiệp của người/nhóm có quyền cao nhật là root.

Các tiến trình trong hệ thống được tổ chức có trật tự theo một cấu trúc nhất định (tùy thuộc vào nền hệ điều hành mà cấu trúc này được tổ chức khác nhau). Với tiến trình số 1 với giá trị init, init là tiến trình đầu tiên mà Linux khởi động khi boot vào hệ thống, tất cả tiến trình dùng chung tài nguyên mà ở đây là CPU theo các thuật toán đa luồng (các dòng hệ điều hành hiện đại như LINUX, MAC, WINDOWNS đều hỗ trợ đa luồng).

1. pstree command:

Lệnh pstree cho kết quả mối liên hệ giữa các tiến trình “cha” và “con” (tạm gọi như vậy vì một tiến trình khi khởi động có thể sinh ra nhiều tiến trình “con”, và từ những tiến trình “con” này có thể sinh ra nhiều tiến trình “cháu”).

thesun@thesun:~$ pstree
init─┬─NetworkManager─┬─dhclient
│ └─{NetworkManager}
├─acpid
├─apache2───5*[apache2]
├─atd
├─avahi-daemon───avahi-daemon
├─bonobo-activati───{bonobo-activati}
├─clamd───{clamd}
├─console-kit-dae───63*[{console-kit-dae}]
├─cron
├─cupsd
├─2*[dbus-daemon]

Câu lệnh pstree cho bạn một cách nhìn tổng quá về các tiến trình đang hoạt động như kết quả trên, để xem chi tiết, gắn thêm tham số -a, sử dụng tham số -H + ID, kết quả sẽ tô đậm tiến trình xác định trước với ID, VD: pstree -H 2576 (2576 là ID của tiến trình, mổi tiến trình có ID khác nhau tùy theo thời gian lúc tiến trình khởi động, ID này không cố định, mà thay đổi, ví dụ ở đây: 2576 là ID của apache đang hoạt động trong hệ thống của tôi), dùng tham số -p để liệt kê cây tiến trình với ID , tham số -u xem tiến trình thuộc quyền sở hữu của người sử dụng nào, có thể đóng gói các tham số này vào câu lệnh ngắn gọn:

pstree -apu

2. ps command:

Lệnh ps liệt kê danh sách các tiến trình đang hoạt động trong hệ thống, nếu bạn không thêm vài tham số thì ps sẽ liệt kê các shell hiện hành:

thesun@thesun:~$ ps
PID TTY TIME CMD
3646 pts/0 00:00:00 bash
4795 pts/0 00:00:00 top
5683 pts/0 00:00:00 ps

Sử dụng tham số x để liệt tất cả các tiến trình

thesun@thesun:~$ ps x
PID TTY STAT TIME COMMAND
1930 ? Ssl 0:00 gnome-session
2306 ? Ss 0:02 /usr/lib/scim-1.0/scim-launcher -d -c simple -e all -f socket –no-
2682 ? Ss 0:00 /usr/lib/scim-1.0/scim-helper-manager
2683 ? Ssl 0:07 /usr/lib/scim-1.0/scim-panel-gtk –display :0.0 -c socket -d –no-s
2685 ? Ss 0:03 /usr/lib/scim-1.0/scim-launcher -d -c socket -e socket -f x11
2690 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/db

PID: ID của tiến trình, đây là số duy nhất dùng cho mổi tiến trình.
TTY: Terminal hay console nào mà tiến trình được khởi động, dấu “?” có nghĩa là tiến trình không khởi động từ Terminal/console.
STAT: Trạng thái tiến trình, S (sleeping – đang ngủ), R (running – đang hoạt động), D (dead – tiến trình không thể khởi động), Z (zombie – tiến tình kết thúc).
TIME: Khoản thời gian CPU dành cho tiến trình – khoản thời gian này có độ tương đối dựa trên các thuật toán định sẵn.
COMMAND: Câu lệnh đầy đủ để khởi động tiến trình.

với tham số u, ps liệt kê các tiến trình riêng của người dùng hiện tại, tuần xuất CPU, phần trăm bộ nhớ …như:

thesun@thesun:~$ ps -ux
Warning: bad ps syntax, perhaps a bogus ‘-’? See http://procps.sf.net/faq.html
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
thesun 1930 0.0 0.3 25524 6584 ? Ssl 08:35 0:00 gnome-session
thesun 2306 0.0 0.0 4808 1524 ? Ss 08:35 0:03 /usr/lib/scim-1.0/scim-launch
thesun 2682 0.0 0.0 4400 804 ? Ss 08:35 0:00 /usr/lib/scim-1.0/scim-helper
thesun 2683 0.1 0.3 106156 8052 ? Ssl 08:35 0:08 /usr/lib/scim-1.0/scim-panel-
thesun 2685 0.0 0.0 6112 1892 ? Ss 08:35 0:04 /usr/lib/scim-1.0/scim-launch

tham số a sẽ liệt kê tất cả tiến tình của tất cả người dùng trong hệ thống.

Trong một số trường hợp khi bạn khởi động một chương trình nào đó từ terminal thì trình này sẽ khóa terminal mà bạn khởi động, vì vậy sẽ không nhập thêm được gì vào terminal này, theo đó bạn có thể khởi động thêm một terminal khác hoặc là ngồi nhâm nhi một tách trà nóng hoặc ly cafe để đợi chương trình bên trên hoạt động xong, thêm vào kí tự “&” vào sau câu lệnh nếu bạn không muốn terminal bị khóa.

ví dụ: $totem &

Như vậy terminal sẽ thông báo ID của chương trình khởi động và bạn có thể làm việc tiếp với cửa sổ terminal này, dùng jobs để xem các shell trong trong cùng terminal session.

Trong môi trường Linux, các tiến trình được quản lý theo ID, vì vậy để điều khiển các tiến trình này, bạn cần quan tâm & làm việc với ID, tuy nhiên ID là những con số ngẫu nhiên mà Linux cấp cho tiến trình, vì vậy biết tên của tiến trình cũng là cách hay để biết được ID của tiến trình đó, như đề cập bên trên với ps hay pstree command, kết hợp với grep <tên tiến trình>.

ví dụ: $ps -ef | grep totem

bằng cách này bạn có thể lấy được ID của tiến trình mà totem đang hoạt động, và kể từ đây muốn điều khiển totem thì hãy làm việc với ID của nó.

Kill command:

Dùng kill -l để liệt kê cấu trúc của Kill, Bạn có thể thấy một danh sách nhiều lựa chọn:
1) SIGHUP: gửi đến tiến trình yêu cầu restart sau khi kết thúc.
19)SIGSTOP: ngắt tiến trình cho đến khi có yêu cầu SIGCONT
vd: $kill -19 <ID>

Whatsnew: http://www.opensolaris.com/learn/features/whats-new/200906/
Download: http://www.opensolaris.com/get/index.jsp

Chắc hẳn những tín đồ của Cisco Sys khi nghe tựa đề này thì cũng biết đó là gì ? Dynamips & Dynagen là bộ công cụ dùng để giả lập Router cisco, chi tiết xem tại http://dynagen.org

Đây là bộ công cụ tuyệt vời nếu muốn học các chứng chỉ của Cisco, tuy là giả lập router nhưng chạy được OS thật của router, Đây cũng là cách tiết kiệm chi phí, đa số các CCIE cũng dùng Dynamips & Dynagen như là bửu bối để demo khi muốn triển khai, design network, kiểm tra lỗi ….

May mắn là bộ công cụ này có cả hai phiên bản cho Windows & Linux.

Cài đặt

$sudo apt-get install dynamips dynagen

để làm được bài lab, bạn cần tạo file ten_file.net và những IOS (hệ điều hành) của router. Bạn có thể lên google.com để tìm các IOS này như phiên bản tôi có là c7200-adventerprisek9-mz.124-11.T.bin

Giả lập router:

$dynamips c7200-adventerprisek9-mz.124-11.T.bin

Bạn sẽ thấy những dòng quen thuộc của router Cisco….

Ngoài ra Bạn có thể tạo file *.net với cấu hình gồm nhiều Router, Switch, Firewall cho bài lab của mình.