Apache + php + mysql cannot connect to remote DB Permission denied

October 1st, 2016

Long story short, ’cause I’m very busy setting up some major stuff:

setsebool -P httpd_can_network_connect_db 1

Took me hours to zero in, and eventually that came from the same old

sealert -a /var/log/audit/audit.log

Related posts

Control DropBox access with iptables

March 24th, 2016

I have a few VMs on my network which do not require internet access. However I received a requirement to allow dropbox on them.
My iptables rules are configured to either allow full internet, or one at all.
So After some poking around, I managed to set up forward rules so that specific VMs get dropbox. from here: http://superuser.com/a/1056155/70234
a basic iptables for this scneario looks like this:

*filter
:partinet - [0:0]
:dropbox - [0:0]
-A partinet -p icmp -j ACCEPT

-A dropbox -p tcp -d 162.125.32.129 -j ACCEPT
-A dropbox -p tcp -s 162.125.32.129 -j ACCEPT
-A dropbox -p tcp -d 162.125.17.131 -j ACCEPT
-A dropbox -p tcp -s 162.125.17.131 -j ACCEPT

-A FORWARD -s 192.168.1.x -j partinet
-A FORWARD -d 192.168.1.x -j partinet
-A FORWARD -s 192.168.1.x -j dropbox
-A FORWARD -d 192.168.1.x -j dropbox

COMMIT

and in order to properly support all/most dropbox IPs, I found this blog: https://blog.varonis.com/detect-dropbox-network/ which pointed me to http://whois.arin.net/rest/org/DROPB/nets
so I computed the following iptables rules for my dropbox chain (the list needs to be maintained, of course. I may or may not write a script to automate the creation of these rules based on the arin.net page):

-A dropbox -i eth1 -o eth0 -p tcp -d 162.125.0.0/16 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.125.0.0/16 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.216.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.216.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.217.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.217.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.218.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.218.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 199.47.219.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 162.47.219.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.160.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.160.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.161.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.161.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.162.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.162.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.163.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.163.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.164.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.164.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.165.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.165.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.166.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.166.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.167.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.167.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.168.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.168.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.169.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.169.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.170.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.170.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.171.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.171.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.172.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.172.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.173.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.173.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.174.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.174.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 108.160.175.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 108.160.175.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 205.189.0.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 205.189.0.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 209.99.70.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 209.99.70.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.64.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.64.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.65.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.65.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.66.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.66.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.67.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.67.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.68.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.68.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.69.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.69.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.70.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.70.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.71.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.71.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.72.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.72.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.73.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.73.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.74.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.74.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.75.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.75.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.76.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.76.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.77.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.77.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.78.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.78.0/24 -j ACCEPT
-A dropbox -i eth1 -o eth0 -p tcp -d 45.58.79.0/24 -j ACCEPT
-A dropbox -i eth0 -o eth1 -p tcp -s 45.53.79.0/24 -j ACCEPT

Related posts

FireDAC MsSQL server compound field/column

March 17th, 2016

So I bumped into this problem with firedac (8.0.x) where I had a table like


CREATE TABLE test(
col1 integer,
col2 integer,
col3 AS ISNULL(col1, col2)
)

and when inserting or updating the col1 or col2 fields, the dataset would not update the col3.
I did quite some debugging and found that there is no support in FireDAC for mssql server for compound fields. There is some in firebird though.
So spending some more time in debugging, I managed to find a workaround by subclassing the dataset like this:


type
TADQuery = class(uADCompClient.TADQuery)
private
FOnAfterInitFieldDefs: TNotifyEvent;
protected
procedure InternalInitFieldDefs; override;
public
property OnAfterInitFieldDefs: TNotifyEvent read FOnAfterInitFieldDefs write FOnAfterInitFieldDefs;
end;

procedure TADQuery.InternalInitFieldDefs;
begin
inherited;

if Assigned(FOnAfterInitFieldDefs) then
FOnAfterInitFieldDefs(self);
end;

... in formcreate or wherever ...

qrySomething.OnAfterInitFieldDefs := DoAfterInitFieldDefs;

procedure TForm1.DoAfterInitFieldDefs(Sender: TObject);
var i: integer;
col: TADDatSColumn;
begin
for i := 0 to TDataSet(Sender).FieldDefs.Count - 1 do
if TDataSet(Sender).FieldDefs[i].Name = 'col3' then
begin
col := TADDataSet(Sender).Table.Columns.ColumnByName('col3');
col.Options := col.Options + [coAfterInsChanges, coAfterUpdChanged];
col.Attributes := col.Attributes + [caDefault];
end;
end;

Enjoy.

Related posts

conta ro fa-ti PFA… ba nu, mai bine nu. Sau poate totusi da?

January 12th, 2016

nici eu nu stiu ce sa aleg….
conta-ro-contradictie

Related posts

How to remove password from committed svn revision

June 6th, 2015

Or pretty much make any changes to a committed revision.

You start by checking out the revision and doing an md5sum and a sha1sum on the desired file(s). You will need these hashes.
Next is to make your desired changes to the file(s) and then run another md5sum and sha1sum on them. You will need these hashes too.
Note also the file sizes in bytes if you make changes: before and after.

NOTE: It is best to use the same size in replaced values, because I haven’t found a good way to update the size. Yet…

Next, you dump the repo.
#svnadmin dump /path/to/repo > dump_file

Now you alter it. First the values:
#sed "s/password/XXXXXXXX/g" dump_file > dump_file_tmp
NOTE: see how the number of chars in the password matches the number of X’es? This is important as it keeps the file size intact.

next the hashes
#sed -e "s/orig_md5/altered_md5/" -e "s/orig_sha1/altered_sha1/" dump_file_tmp > dump_file_ok
NOTE: for both md5 and sha1.

Be careful, if you have more values, use the -e parameter to sed and pass each value as a separate expression, OR, use other file names, because if you keep changing the same dump file you will end up having only changed the last value.
Same with hashes.

Now you backup the old repo
#mv /path/to/repo /path/to/repo_backup

Create it clean
#svnadmin create /path/to/repo

And load the altered dump file
#svnadmin load dump_file_ok

Now you can verify the affected revisions to confirm the changes. All should be good, if not, you have the backup, and try again, paying much attention to every detail I wrote above.

Depending on your set, you may need to
#chown -R svn_user:svn_group /path/to/repo

and also re-checkout your working copy.

Related posts

Found 1st site that shares/sells your email address

May 13th, 2015

I’ve been using unique email addresses to sign-up to sites for some months now. As a result, one of them managed to share/sell my email address to a 3rd party. I don’t really care if they sold it or not, or if they have some statement in their policies or what not stating that you agree with them sharing or whatever. It’s WRONG.

I’ve made a new account on the publi24 dot ro site, which is a romanian ads/listings site and which shared/sold my email address to romimo dot ro who email me via bounce dot tele dot net
Yes, they appear to be under the same company, but it is still WRONG.

That’s what they call “legal spamming”. I which they both go out of business.

Related posts

VMWare ESXi force MAC Address re-generation

April 2nd, 2015

This is on 5.1u2

I don’t know how this happened as I am doing these steps every time, yet today the newly created VM with added templated disk is getting the same MAC address every time.

I tried the solutions with deleting those 5 entries form the fwx file, to no avail.

The next logical thing to do is to move the VM to another folder. I simply renamed the VM container folder. And that solved my problem.

BUT, renaming the folder back, surprise, gets the old MAC address and UUIDs back! I don’t know why and I don’t have time to figure it out, so I just leave it in new folder and choose “I copied it” when powering on the VM.

Related posts

[Solved] Adobe Reader 11 on Windows XP SP3 does not start

October 21st, 2014

So I had to setup a brand new WinXP SP3 and amongst other things, I installed Adobe Reader 11. But it wouldn’t start. It plain simply didn’t work.
I already had .NET framework 4 installed so that puzzled me. Googling showed up a bunch of irrelevant posts.
Then finally I figured… lets RTFM. (that’s normally the last thing you do when you’re an IT person).
And obviously, it’s there. Minimum requirements: IE 7. WinXP SP3 comes with IE6 by default.

So, download IE 8 (use a 3rd party site since WinXP is no longer supported by MS and as such they no longer offer IE7 nor 8 to download) and problem solved.

Enjoy.

Related posts

ESXi: vmware workstation 10 bridged network not working

August 23rd, 2014

So You installed a virtual machine solution (of any kind, in this case VMWare WorkStation) inside a gues running on a VMWare ESX or ESXi, and using bridge netw9orking is not working for you inside the guest from the virtual host.

If you tried all the solutions on the net pertaining to host issues (firewall, vpn software, etc) there is one issue pertaining to the ESX/ESXi host itself:
– by default, the virtual NIC has promiscuous mode disabled.
Which means that traffic coming from a VM which is not of its IP will be discarded.

So, solution is to go in vsphere client, to the esxi configuration page, Networking, click on “Properties” on your desired switch, click Edit in the ports tab, then go to Security tab and set promiscuous mode to “accept”.

Enjoy.

Related posts

Delphi: Unit X was compiled with a different version of Y

May 29th, 2014

The dreaded message everybody gets every now and then.

The classic solution is:
– find all related pas and dcu files on your HDD and make sure there is only 1 copy of each.

However, sometimes this is not sufficient and that is because there is also a DCP and/or a BPL that was built with that unit somewhere on the IDE searchPath found before the one you are building. So you delete all pas/dcu, build the package and still get the error. This happens when you build a package which depends on the package in which the unit resides. And that is because when building packages, delphi will look at the DCP, not the DCUs (when the DCP is linked of course).
So basically the same problem as with the DCU.

In conclusion, the actual complete solution is to
– search and remove all affected DCUs
– make sure there is only 1 version of the PAS
– search and remove all affected BPLs and DCPs

Sometimes, you will need to close the IDE, and then when you start it again you may receive the other dreaded message: “Cannot load package”.

Now, it’s time to search for that package in the registry, specifically in the
– “Disabled Packages” key
– “Known Packages” key
– “Package Cache” key
Best is to remove it from everywhere. Then you re-install it once you manage to compile everything.

Related posts