l!nux – Page 4 – m0rd0r's bl0g

How to install WordPress in Slackware Linux

May 252011

WordPress is so far the blog software that I liked most. Tried few others, but this one beats them with easiness and intuitive work. Supports tons of good stuff and is very often updated by the developers team.

I assume you already have latest Apache and MySQL installed. If you don’t, please get the latest packages from Slackware and install them:

su
cd /root
mkdir /temp
cd temp
wget ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/httpd-2.2.17-i486-3.txz
wget ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mysql-5.1.56-i486-1.txz
installpkg httpd-2.2.17-i486-3.txz
installpkg mysql-5.1.56-i486-1.txz
cd /etc/rc.d/
chmod +x rc.httpd
chmod +x rc.myslqd
cd ../httpd
echo "Include /etc/httpd/mod_php.conf" >> httpd.conf
sed 's/index.html/index.php/' httpd.conf > httpd.conf.new
mv httpd.conf httpd.conf.old
mv httpd.conf.new httpd.conf 

cd ../rc.d/
./rc.httpd start
./rc.mysqld start
sudo -u mysql mysql_install_db
./rc.mysqld restart

(Edit 01 march 2012) You may also need to edit httpd.conf and enable the php application manually by typing this in the end of file:

AddType application/x-httpd-php .php

(Missed it, and added it thanks to gr1ph for posting it in LinuxQuestions forum).

There, you are set with a web server and a database server. If you are using an old Slackware, I suggest full update to -current. First of all, latest Apache has all the security quirks and perks for a lazy Administrator like me and mod-PHP built-in which can be enabled with 1 command in total. And second – What I’ve learned in the last 10 years of system administration is “Don’t be a victim to exploits of old and obsolete software packages, when you are running your own servers”. The script kiddies never sleep. My own server is scanned for open exploits 10 to 15 times each day.

There was once a bug, that created the directories in /var/lib/mysql with owner root:root. Please check if this is so and make them to mysql:mysql. No databases will be created if you leave them this way and even your root account will not be able to use the mysql. (you may want to have a look at this guide too)

chown -R mysql:mysql /var/lib/mysql

If you know or can do alone all of the above – The WordPress itself in few steps.

su
cd /root/temp
wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
cp -R wordpress /srv/httpd/htdocs/

mysql -u root -p
CREATE DATABASE wpbase;
GRANT ALL PRIVILEGES ON wpbase.* TO "wordpressuser"@"localhost"
 IDENTIFIED BY "0neExtremelyCompl3xPassword";
FLUSH PRIVILEGES;
exit

cd /srv/httpd/htdocs/wordpress
mv wp-config-sample.php wp-config.php
mcedit wp-config.php

What we need in this config file? Imagine you did everything I suggested above, the file should look like this:

define('DB_NAME', 'wpbase');
define('DB_USER', 'wordpressuser');
define('DB_PASSWORD', '0neExtremelyCompl3xPassword');
define('DB_HOST', 'localhost');
define('DB_CHARSET', 'utf8');
define('DB_COLLATE', '');

… but of course, I suggest you don’t use the user and password from this howto 🙂 at least I did not.

So, that’s it. Everything in the backend is set and working.

The only thing left is to set WordPress from its wp-admin panel. Start a browser and go to this address http://127.0.0.1/wordpress/wp-admin/install.php
Set the title of your new blog and setup an user and password for login (not necessarily the same as the ones we used above, this will be your web-admin user). When you are done, check http://127.0.0.1/wordpress/index.php your new blog is there.

If this whole article is a bit hard and look like gibberish in japanese – try installing it in Windows. It’s not “that hard”.

How to make transparent bridge with Slackware Linux.

l!nux Comments Off

May 182011

What is a transparent bridge and why to use it?

Few lines of dry theory first:

Transparent bridges are used for various tests and security applications.
Sniffing traffic. (I did this a lot when I worked as QA)
Delaying traffic and adding loss for testing purposes.
Logging part of the traffic, without the user notice.
Firewalling packets, not intended for your network without additional routing.
Other, we don’t want/need explained (as shaping your GF PC, because she uses too much BW for music while you play MMORPG, or simply spying on her chat logs.)

Simple bridge

Basically, we need a Slackware (or any other) Linux box with 2 NICs (network interface cards). In this scenario, we will make a transparent bridge suitable for sniffing traffic and introduce you to some software for this needs. The PC behind the Slackware box should be set with the TCP/IP settings to access the Internet. The bridge we set in front of this PC will be absolutely transparent for any packets passing between the PC and your service provider switch. Have a check if you have the following commands: tc, brctl, tcpdump:

bash-4.1# which tcpdump
/usr/sbin/tcpdump
bash-4.1# which tc
/sbin/tc
bash-4.1# which brctl
/sbin/brctl
bash-4.1#

The packages we need for this are coming with your distribution and no additional software is needed. Those packages are probably already installed. However, if you made minimal install or did not put category Network, now is the time:

wget ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/bridge-utils-1.4-i486-1.txz
wget ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/tcpdump-4.1.1-i486-1.txz
wget ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/iproute2-2.6.37-i486-1.txz
installpkg bridge-utils-1.4-i486-1.txz
installpkg tcpdump-4.1.1-i486-1.txz
installpkg iproute2-2.6.37-i486-1.txz

What’s left to do is to enable the linux box to bridge the connection between the Internet and our PC:

bash-4.1# brctl addbr br01
bash-4.1# brctl addif br01 eth0
bash-4.1# brctl addif br01 eth1
bash-4.1# ifconfig br01 up
bash-4.1# brctl show
bridge name	bridge id		STP enabled	interfaces
br01		8000.00064f295019	no		eth0
							eth1
bash-4.1# ifconfig br01
br01      Link encap:Ethernet  HWaddr 00:06:4F:29:50:19
          inet6 addr: fe80::206:4fff:fe29:5019/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:468 (468.0 b)

bash-4.1#

The bridge is actually up and running after 10 to 15 seconds depending on how fast your Linux box is and what kernel you use. If your ISP is filtering your MAC address in his database, change yours according to the one of your PC’s network card:

bash-4.1# ifconfig br01 hw ether 00:11:22:33:44:55
bash-4.1# ifconfig br01
br01      Link encap:Ethernet  HWaddr 00:11:22:33:44:55
          inet6 addr: fe80::206:4fff:fe29:5019/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:468 (468.0 b)

bash-4.1#

In this case, you need to rewrite your PC’s MAC address with something else (even random one). Because there will be duplicate MAC address and your Linux box will complain about it. With this set, your home PC will have bridged connection to the ISP with one transparent linux box in between.

The sniffing itself, can be done in 2 ways. With tcpdump and with Wireshark. The first is quick and elegant, the second is pretty and powerful.

bash-4.1# tcpdump -c 100 -i br01 -w dumpfile.pcap
tcpdump: WARNING: br01: no IPv4 address assigned
tcpdump: listening on br01, link-type EN10MB (Ethernet), capture size 65535 bytes
100 packets captured
100 packets received by filter
0 packets dropped by kernel
bash-4.1#

The above explained, -c 100 means get 100 packets (c=count), -i br01 does not need explaining and -w writes at a specific dump file. More for the .pcap extension, below.

Capture interfaces

If we want the same done with Wireshark, we need to have some Xorg installed and some neat window manager as xfce4 (my own preference since KDE 4.x become one hell of a process spawning Hydra too big for a pentium 4 single core with some cheap video card). You may get this powerful software from its website. The best part in Wireshark is compatibility with tcpdump files captured with console. They are both based on the library libpcap and don’t need much transformation of the data they operate with.

Captured file

So if you need more depth in the packet analysis, get Wireshark and learn how to use it. If the Linux box has console only (You may prefer it that way), use tcpdump to capture traffic and analyze it in Wireshark. The only minus is, Wireshark is more useful on the bridge, much more interactive and can create an ACL list for you directly from the captured traffic. If you want specific address, that’s bugging you filtered – go to the ACL menu and generate iptables rule with 2 clicks and just apply it. It works like a charm.

Now, if we want to delay the traffic a bit, we need to set some additional rules for traffic control. In a nut shell:

bash-4.1# ping 10.3.71.17
PING 10.3.71.17 (10.3.71.17) 56(84) bytes of data.
64 bytes from 10.3.71.17: icmp_req=1 ttl=128 time=0.128 ms
64 bytes from 10.3.71.17: icmp_req=2 ttl=128 time=0.130 ms
64 bytes from 10.3.71.17: icmp_req=3 ttl=128 time=0.126 ms
64 bytes from 10.3.71.17: icmp_req=4 ttl=128 time=0.131 ms
^C
--- 10.3.71.17 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.126/0.128/0.131/0.014 ms
bash-4.1# tc qdisc add dev eth0 root netem delay 1s 
bash-4.1# ping 10.3.71.17
PING 10.3.71.17 (10.3.71.17) 56(84) bytes of data.
64 bytes from 10.3.71.17: icmp_req=1 ttl=128 time=1000 ms
64 bytes from 10.3.71.17: icmp_req=2 ttl=128 time=1000 ms
64 bytes from 10.3.71.17: icmp_req=3 ttl=128 time=1000 ms
64 bytes from 10.3.71.17: icmp_req=4 ttl=128 time=1000 ms
^C
--- 10.3.71.17 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 3999ms
rtt min/avg/max/mdev = 1000.130/1000.135/1000.149/1.000 ms, pipe 2
bash-4.1#

Lots of other stuff can be done with this bridge and Netem (network emulator) but it is far beyond this simple guide.

For further reading.

How to configure VLAN with Slackware Linux?

l!nux 5 Responses »

May 162011

This is some basic stuff, when setting a Linux box for networking. Sometimes, there is the need to isolate specific traffic from your router to be seen only by your second NIC, sometimes you just don’t want your NIC to stay in the default VLAN because of frequent network loops killing your PC, you don’t want to give another hundred dollars for 2-port demarcation device or you are small ISP and your backbone provider has appointed a range of VLANs for you and your points of interest around the city, so you have to get the tagged traffic on a Slackware Linux box and untag it for your customers. I’ve often used bridging of VLAN tagged traffic over a test PC in my work as a QA.
Reasons can be found enough for a small novel.
So in few words, when you need your network interface to accept tagged traffic, untag it and then send it to your kernel, that’s how it’s done:

bash-4.1# lsmod | grep 802
bash-4.1# modprobe 8021q
bash-4.1# lsmod | grep 802
8021q                  18128  0
bash-4.1# vconfig add eth3 200
Added VLAN with VID == 200 to IF -:eth3:-
bash-4.1# ifconfig eth3.200 10.0.0.1/16 up
bash-4.1# ping 10.0.155.50 -I eth3.200
PING 10.0.155.50 (10.0.155.50) 56(84) bytes of data.
64 bytes from 10.0.155.50: icmp_req=1 ttl=63 time=0.286 ms
64 bytes from 10.0.155.50: icmp_req=2 ttl=63 time=0.286 ms
64 bytes from 10.0.155.50: icmp_req=3 ttl=63 time=0.275 ms
64 bytes from 10.0.155.50: icmp_req=4 ttl=63 time=0.281 ms
^C
--- 10.0.155.50 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.275/0.282/0.286/0.004 ms
bash-4.1#

802.1q is the name of the protocol, the Kernel module is called 8021q. If the module is already loaded, the modprobe line can be omitted. If you want the module loaded at startup, you can add it in /etc/rc.local or /etc/rc.d/rc.modules (your preference). The first will load the module when everything else is already set. The VLAN configuration will be set regardless the module is loaded AFTER the ifconfig and vconfig have done their jobs.

The vconfig line adds the actual VLAN to Ethernet card 3 (change, according to your setup) and the ifconfig is setting IP address and mask (change to your setup or omit), and is enabling the Ethernet card. Finaly, you get one eth3 and one eth3.200:

bash-4.1# ifconfig eth3
eth3      Link encap:Ethernet  HWaddr 00:0E:2E:72:96:F7 
 inet addr:10.0.0.2  Bcast:10.0.255.255  Mask:255.255.0.0
 UP BROADCAST MULTICAST  MTU:1500  Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
 Interrupt:19 Base address:0xdc00 

bash-4.1# ifconfig eth3.200
eth3.200  Link encap:Ethernet  HWaddr 00:0E:2E:72:96:F7 
 inet addr:10.0.0.1  Bcast:10.255.255.255  Mask:255.0.0.0
 UP BROADCAST MULTICAST  MTU:1500  Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

bash-4.1#

On the same Ethernet card, more VLANs can be enabled by adding them the same way. (no need to load the Kernel module every time, in case you don’t know that) If you need the VLAN removed from your NIC, do the reverse:

bash-4.1# ifconfig eth3.200 down
bash-4.1# vconfig rem eth3.200
Removed VLAN -:eth3.200:-

For some reason, there is no decent configuration example for how to make Slackware enable VLAN on specific NIC in boot process. I’ve made a short script and attached it to rc.local. It executes when everything else is already set, but I did not need it earlier in the first place:

#!/bin/bash

echo "Setting vlans ..."
modprobe 8021q
vconfig add eth3 200
ifconfig eth3.200 10.0.0.5/16 up
echo "... done"

Older Entries Newer Entries

So, that’s it. Everything in the backend is set and working.

Sharing is good:

Sharing is good:

Sharing is good: