|
ITWeb/개발일반 2013. 1. 11. 13:56
문서가 너무 잘되어 있어서 그냥 링크만 걸어 봅니다. [MongoDB Original API] http://www.mongodb.org/display/DOCS/Java+Tutorial [Springframework API] http://www.springsource.org/spring-data/mongodb http://www.mkyong.com/mongodb/spring-data-mongodb-hello-world-example/
ITWeb/개발일반 2013. 1. 11. 13:33
몽고 문서에 잘 나와 있내요. http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/ rs0:PRIMARY> use admin switched to db admin rs0:PRIMARY> db.addUser("henry", "1111") { "user" : "henry", "readOnly" : false, "pwd" : "16c0f96a725f2b331d1a0359c7305d81", "_id" : ObjectId("50ef9510cfc8ac6e4cc62ae2") } rs0:PRIMARY> show dbs admin 0.203125GB demo 0.203125GB local 6.0126953125GB rs0:PRIMARY> use demo switched to db demo rs0:PRIMARY> db.addUser("henry", "1111") { "user" : "henry", "readOnly" : false, "pwd" : "16c0f96a725f2b331d1a0359c7305d81", "_id" : ObjectId("50ef9542cfc8ac6e4cc62ae3") } rs0:PRIMARY> db.auth("henry", "1111") 1 rs0:PRIMARY>
ITWeb/개발일반 2013. 1. 11. 11:52
본 내용은 보안이 전혀 고려되지 않은 단순 설치 및 분산구성 테스트를 목적으로 작성되었습니다. 그러니 꼭 보안 관련 내용을 반영 하시기 바랍니다. ^^; 추후 보안 관련 내용도 올려 보도록 하겠습니다. 참고문서▷
[다운로드 및 설정]
# 32bits
curl http:
# 64bits
curl http:
tar -xvzf mongo.tgz
mv mongodb-linux-i686- 2.2 . 2 ../apps/
cd ../apps/
ln -s mongodb-linux-i686- 2.2 . 2 mongodb
cd mongodb
mkdir data
mkdir conf
mkdir logs
cd conf
vi mongodb.conf
dbpath=/home/user/apps/mongodb/data
logpath=/home/user/apps/mongodb/logs/mongodb.log
logappend= true
verbose= true
#bind_ip= 127.0 . 0.1
port= 27017
fork= true
rest= true
#auth= true
#noauth= true
[실행]
./bin/mongod --config conf/mongodb.conf
[접속]
./bin/mongo localhost: 27017
[중지]
# mogod 로 중지
mongod --config conf/mongodb.conf --shutdown
# console 에서 아래 명령어 실행
db.shutdownServer()
# Ctrl+C, kill - 2 PID, kill - 15 PID 로 중지, kill - 9 PID 사용 시 데이터 깨질 수 있음
# kill 시그널 number
1 ) SIGHUP 2 ) SIGNT 3 ) SIGQUIT 4 ) SIGILL
5 ) SIGTRAP 6 ) SIGIOT 7 ) SIGBUS 8 ) SIGPPE
9 ) SIGKILL 10 ) SIGUSR1 11 ) SIGSEGV 12 ) SIGUSR2
13 ) SIGPIPE 14 ) SIGALRM 15 ) SIGTERM 17 ) SIGCHLD
18 ) SIGCONT 19 ) SIGSTOP 20 ) SIGTSTP 21 ) SIGTTIN
22 ) SIGTTOL 23 ) SIGURG 24 ) SIGXCPU 25 ) SIGXFSZ
26 ) SIGVTALRM 27 ) SIGPROF 28 ) SIGWINCH 29 ) SIGIO
30 ) SIGPWR
|
▷
[Replica 설정]
cd apps/mongodb
mkdir -p srv/mongodb/rs0- 0 srv/mongodb/rs0- 1 srv/mongodb/rs0- 2
mkdir logs conf
cd conf
vi mongodb0.conf mongodb1.conf mongodb2.conf
dbpath=/home/user/apps/mongodb/srv/mongodb/rs0- 0
logpath=/home/user/apps/mongodb/logs/mongodb0.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 27017
fork= true
rest= true
replSet=rs0
dbpath=/home/user/apps/mongodb/srv/mongodb/rs0- 1
logpath=/home/user/apps/mongodb/logs/mongodb1.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 27018
fork= true
rest= true
replSet=rs0
dbpath=/home/user/apps/mongodb/srv/mongodb/rs0- 2
logpath=/home/user/apps/mongodb/logs/mongodb2.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 27019
fork= true
rest= true
replSet=rs0
[실행]
./mongod --config ../conf/mongodb0.conf
./mongod --config ../conf/mongodb1.conf
./mongod --config ../conf/mongodb2.conf
[접속]
./mongo 10.101 . 254.223 : 27017
[RepliSet 구성]
# mongodb.conf 로 구성하는 경우
replSet=rs0/ 10.101 . 254.223 : 27017 , 10.101 . 254.223 : 27018 , 10.101 . 254.223 : 27019
# command 로 구성 하는 경우
./mongo 10.101 . 254.223 : 27017
MongoDB shell version: 2.2 . 2
connecting to: 10.101 . 254.223 : 27017 /test
> rs.status();
{
"startupStatus" : 3 ,
"info" : "run rs.initiate(...) if not yet done for the set" ,
"errmsg" : "can't get local.system.replset config from self or any seed (EMPTYCONFIG)" ,
"ok" : 0
}
> rs.initiate();
{
"info2" : "no configuration explicitly specified -- making one" ,
"me" : "10.101.254.223:27017" ,
"info" : "Config now saved locally. Should come online in about a minute." ,
"ok" : 1
}
> rs.conf();
{
"_id" : "rs0" ,
"version" : 1 ,
"members" : [
{
"_id" : 0 ,
"host" : "10.101.254.223:27017"
}
]
}
rs0:PRIMARY> rs.add( "10.101.254.223:27018" );
{ "ok" : 1 }
rs0:PRIMARY> rs.add( "10.101.254.223:27019" );
{ "ok" : 1 }
rs0:PRIMARY> rs.status();
{
"set" : "rs0" ,
"date" : ISODate( "2013-01-10T08:35:22Z" ),
"myState" : 1 ,
"members" : [
{
"_id" : 0 ,
"name" : "10.101.254.223:27017" ,
"health" : 1 ,
"state" : 1 ,
"stateStr" : "PRIMARY" ,
"uptime" : 295 ,
"optime" : Timestamp( 1357806905000 , 1 ),
"optimeDate" : ISODate( "2013-01-10T08:35:05Z" ),
"self" : true
},
{
"_id" : 1 ,
"name" : "10.101.254.223:27018" ,
"health" : 1 ,
"state" : 5 ,
"stateStr" : "STARTUP2" ,
"uptime" : 28 ,
"optime" : Timestamp( 0 , 0 ),
"optimeDate" : ISODate( "1970-01-01T00:00:00Z" ),
"lastHeartbeat" : ISODate( "2013-01-10T08:35:20Z" ),
"pingMs" : 0
},
{
"_id" : 2 ,
"name" : "10.101.254.223:27019" ,
"health" : 1 ,
"state" : 6 ,
"stateStr" : "UNKNOWN" ,
"uptime" : 17 ,
"optime" : Timestamp( 0 , 0 ),
"optimeDate" : ISODate( "1970-01-01T00:00:00Z" ),
"lastHeartbeat" : ISODate( "2013-01-10T08:35:21Z" ),
"pingMs" : 107 ,
"errmsg" : "still initializing"
}
],
"ok" : 1
}
rs0:PRIMARY>
|
▷
[Shard & Collection]
database : Database Name
collection : Table Name (Object Name)
[Config Server 구성]
config server 폴더 생성
[ mongodb]$ mkdir -p configsvr0
[ mongodb]$ mkdir -p configsvr1
[ mongodb]$ mkdir -p configsvr2
[ mongodb]$ pwd
/home/user/apps/mongodb/srv/mongodb
[설정]
- mongodb-configsvr0.conf
dbpath=/home/user/apps/mongodb/srv/mongodb/configsvr0
logpath=/home/user/apps/mongodb/logs/mongodb-configsvr0.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 37017
fork= true
rest= true
- mongodb-configsvr1.conf
dbpath=/home/user/apps/mongodb/srv/mongodb/configsvr1
logpath=/home/user/apps/mongodb/logs/mongodb-configsvr1.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 37018
fork= true
rest= true
- mongodb-configsvr2.conf
dbpath=/home/user/apps/mongodb/srv/mongodb/configsvr2
logpath=/home/user/apps/mongodb/logs/mongodb-configsvr2.log
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 37019
fork= true
rest= true
[실행]
./mongod --config ../conf/mongodb-configsvr0.conf --configsvr
./mongod --config ../conf/mongodb-configsvr1.conf --configsvr
./mongod --config ../conf/mongodb-configsvr2.conf --configsvr
[Mongos 구성]
[폴더생성]
cd apps/mongodb
mkdir -p srv/mongodb/shard
[설정]
conf/mongodb-shard.conf
dbpath=/home/user/apps/mongodb/srv/mongodb/shard
logpath=/home/user/apps/mongodb/logs/mongodb-shard.log
configdb= 10.101 . 254.223 : 37017 , 10.101 . 254.223 : 37018 , 10.101 . 254.223 : 37019
logappend= true
verbose= true
bind_ip= 10.101 . 254.223
port= 47017
fork= true
rest= true
[실행]
./mongo 10.101 . 254.223 : 47017
MongoDB shell version: 2.2 . 2
connecting to: 10.101 . 254.223 : 47017 /test
mongos> use admin
switched to db admin
mongos> db.runCommand({addShard: "rs0/10.101.254.223:27017,10.101.254.223:27018,10.101.254.223:27019" })
{ "shardAdded" : "rs0" , "ok" : 1 }
mongos> db.runCommand({listshards: 1 })
{
"shards" : [
{
"_id" : "rs0" ,
"host" : "rs0/10.101.254.223:27017,10.101.254.223:27018,10.101.254.223:27019"
}
],
"ok" : 1
}
mongos> show dbs
admin (empty)
config 0 .046875GB
mongos> use demo
switched to db demo
mongos> db.createCollection( "tbl_demo" )
{ "ok" : 1 }
mongos> db.tbl_demo.validate();
{
"raw" : {
"rs0/10.101.254.223:27017,10.101.254.223:27018,10.101.254.223:27019" : {
"ns" : "demo.tbl_demo" ,
"firstExtent" : "0:2000 ns:demo.tbl_demo" ,
"lastExtent" : "0:2000 ns:demo.tbl_demo" ,
"extentCount" : 1 ,
"datasize" : 0 ,
"nrecords" : 0 ,
"lastExtentSize" : 8192 ,
"padding" : 1 ,
"firstExtentDetails" : {
"loc" : "0:2000" ,
"xnext" : "null" ,
"xprev" : "null" ,
"nsdiag" : "demo.tbl_demo" ,
"size" : 8192 ,
"firstRecord" : "null" ,
"lastRecord" : "null"
},
"deletedCount" : 1 ,
"deletedSize" : 8016 ,
"nIndexes" : 1 ,
"keysPerIndex" : {
"demo.tbl_demo.$_id_" : 0
},
"valid" : true ,
"errors" : [ ],
"warning" : "Some checks omitted for speed. use {full:true} option to do more thorough scan." ,
"ok" : 1
}
},
"valid" : true ,
"ok" : 1
}
mongos> db.tbl_demo.save({ "username" : "henry" })
mongos> db.tbl_demo.find()
{ "_id" : ObjectId( "50ef785abb4a5b4a3a99acac" ), "username" : "henry" }
mongos> use admin
switched to db admin
mongos> db.runCommand({enablesharding: "demo" })
{ "ok" : 1 }
mongos> db.runCommand({shardcollection: "demo.tbl_demo" , key:{_id: 1 }});
{ "collectionsharded" : "demo.tbl_demo" , "ok" : 1 }
mongos> db.printShardingStatus();
--- Sharding Status ---
sharding version: { "_id" : 1 , "version" : 3 }
shards:
{ "_id" : "rs0" , "host" : "rs0/10.101.254.223:27017,10.101.254.223:27018,10.101.254.223:27019" }
databases:
{ "_id" : "admin" , "partitioned" : false , "primary" : "config" }
{ "_id" : "demo" , "partitioned" : true , "primary" : "rs0" }
demo.tbl_demo chunks:
rs0 1
{ "_id" : { $minKey : 1 } } -->> { "_id" : { $maxKey : 1 } } on : rs0 Timestamp( 1000 , 0 )
mongos>
|
ITWeb/개발일반 2013. 1. 10. 14:32
오늘 구현하던 코드에 들어간 내용인데.. 가끔 생각 나지 않을 때가 있어서.. ^^; 이래서 늙으면 ㅠ.ㅠ;; InputStream is = new FileInputStream("c://finename"); InputStreamReader isr; BufferedReader br; StringBuffer strBuff = new StringBuffer(); String appendMsg = "Good Afternoon!!\n";
isr = new InputStreamReader(is); br = new BufferedReader(isr); char[] c = new char[(int) file.getSize()];
// 전체 파일 내용 fetch br.read(c);
// 파일 내용을 string buffer 로 복사 strBuff.append(c);
br.close(); isr.close(); is.close();
---------------------------------------------------------------------------------------------
// string buffer -> string -> byte 로 형 변환 byte[] msg = String.valueOf(strBuff).getBytes();
ITWeb/개발일반 2013. 1. 4. 10:37
Reference▷
- MSSQL JDBC Driver Download 받기
http:
- JDK 1.6 .x 이상에서는 sqljdbc4.jar 사용 권장
- JDK 1.6 . 0 29 버전에서는 excuteQuery 수행 시 hang 걸리는 이슈가 있어 버전 업그레이드 필요 (reference url 참고)
- exe 파일 실행 후 적절한 위치에 압축 해제
- spring mvc maven project 생성
- 해당 project 의 java build path 에서 libraries 내 add external jars 로 sqljdbc4.jar 추가
- maven local repository 에 sqljdbc4.jar 설치
. command 창에서 실행
. mvn install:install-file -DgroupId=com.microsoft.sqlserver -DartifactId=sqljdbc4 -Dversion= 4.0 -Dpackaging=jar -Dfile=D:\Application\sqljdbc_4. 0 \sqljdbc_4. 0 \kor\sqljdbc4.jar
- pom.xml 에서 local repository 와 dependency 설정 추가
<dependency>
<groupId>com.microsoft.sqlserver</groupId>
<artifactId>sqljdbc4</artifactId>
<version> 4.0 </version>
</dependency>
<repositories>
<repository>
<id>local</id>
<name>local</name>
<url>file:
</repository>
</repositories>
- spring mvc project 내 jdbc 관련 설정
jdbc.driverClassName=com.microsoft.sqlserver.jdbc.SQLServerDriver
jdbc.url=jdbc:sqlserver:
jdbc.username=nnote
jdbc.password= 1111
|
create table xe_documents (
document_srl bigint IDENTITY( 1 , 1 ) not null ,
title varchar( 256 ),
content varchar( 256 ),
user_id varchar( 256 ),
nick_name varchar( 256 ),
email_address varchar( 256 ),
regdate datetime,
CONSTRAINT pk_xe_documents_srl PRIMARY KEY( "document_srl" )
);
insert into xe_documents(title,content,user_id,nick_name,email_address, regdate)
values( '제목' , '내용' , '사용자아이디' , 'henry' , 'henry@naver.com' , SYSDATETIME() );
select *
from xe_documents
|
ITWeb/개발일반 2012. 11. 23. 12:00
[Memcached 설치]
※ Reference
http:
http:
※ 설치
(root권한)
sudo yum install libevent libevent-devel
(user권한)
cd dist
wget http:
tar -zxvf memcached- 1 .x.x.tar.gz
cd memcached- 1 .x.x
./configure --prefix=/usr/local/memcached --with-libevent=/usr/lib/
make && make test
(root권한)
sudo make install
※ 설정
cd /etc
sudo vi memcached.conf
-m 16
-p 11311
-u nobody
-l 127.0 . 0.1
※ init script 생성
(user권한)
mkdir -p /home/USER/dist/memcached_script
cd /home/USER/dist/memcached_script
wget http:
tar xvfz memcached_script.tar.gz
chmod 755 /usr/local/bin/start-memcached
chmod 755 /etc/init.d/memcached
(root 권한)
cd /usr/local/bin
sudo ln -s /usr/local/memcached/bin/memcached memcached
cd /home/USER/dist/memcached_script
sudo mv start-memcached /usr/local/bin/start-memcached
sudo mv memcached /etc/init.d/memcached
※ 실행
sudo /usr/local/bin/start-memcached or
/usr/local/memcached/bin/memcached -d -r -m 64 -l 서버IP( 10.101 . 254.223 ) -p 11211
- 실행 권한 root or user
- 단일 서버에 Multi instance 실행
/usr/local/memcached/bin/memcached -d -r -m 64 -l 서버IP( 10.101 . 254.223 ) -p 11211
/usr/local/memcached/bin/memcached -d -r -m 64 -l 서버IP( 10.101 . 254.223 ) -p 11311
/usr/local/memcached/bin/memcached -d -r -m 64 -l 서버IP( 10.101 . 254.223 ) -p 11411
※ 실행 스크립트
#!/usr/bin/perl -w
# start-memcached
# 2003 / 2004 - Jay Bonci <jaybonci @debian .org>
# This script handles the parsing of the /etc/memcached.conf file
# and was originally created for the Debian distribution.
# Anyone may use this little script under the same terms as
# memcached itself.
use strict;
if ($> != 0 and $< != 0 ) {
print STDERR "Only root wants to run start-memcached.\n" ;
exit;
}
my $etcfile = shift || "/etc/memcached.conf" ;
my $params = [];
my $etchandle;
# This script assumes that memcached is located at /usr/bin/memcached, and
# that the pidfile is writable at /var/run/memcached.pid
my $memcached = "/usr/local/bin/memcached" ;
my $pidfile = "/var/run/memcached.pid" ;
# If we don't get a valid logfile parameter in the /etc/memcached.conf file,
# we'll just throw away all of our in-daemon output. We need to re-tie it so
# that non-bash shells will not hang on logout. Thanks to Michael Renner for
# the tip
my $fd_reopened = "/dev/null" ;
sub handle_logfile {
my ($logfile) = @_ ;
$fd_reopened = $logfile;
}
sub reopen_logfile {
my ($logfile) = @_ ;
open *STDERR, ">>$logfile" ;
open *STDOUT, ">>$logfile" ;
open *STDIN, ">>/dev/null" ;
$fd_reopened = $logfile;
}
# This is set up in place here to support other non -[a-z] directives
my $conf_directives = {
"logfile" => \&handle_logfile
};
if (open $etchandle, $etcfile) {
foreach my $line (<$etchandle>) {
$line =~ s/\#.*
$line = join ' ' , split ' ' , $line;
next unless $line;
next if $line =~ /^\-[dh]/o;
if ($line =~ /^[^\-]/o) {
my ($directive, $arg) = $line =~ /^(.*?)\s+(.*)/;
$conf_directives->{$directive}->($arg);
next;
}
push @$params , $line;
}
}
unshift @$params , "-u root" unless (grep $_ eq '-u' , @$params );
$params = join " " , @$params ;
if (-e $pidfile) {
open PIDHANDLE, "$pidfile" ;
my $localpid = <PIDHANDLE>;
close PIDHANDLE;
chomp $localpid;
if (-d "/proc/$localpid" ) {
print STDERR "memcached is already running.\n" ;
exit;
} else {
`rm -f $localpid`;
}
}
my $pid = fork();
if ($pid == 0 ) {
reopen_logfile($fd_reopened);
exec "$memcached $params" ;
exit( 0 );
} elsif (open PIDHANDLE, ">$pidfile" ) {
print PIDHANDLE $pid;
close PIDHANDLE;
} else {
print STDERR "Can't write pidfile to $pidfile.\n" ;
}
|
ITWeb/개발일반 2012. 9. 3. 14:39
simscan 설치 시 option 설명 http://www.inter7.com/simscan/README
옵션 설명
--enable-user=유저명 (simscan을 유저를 셋팅한다. 기본값으로 simscan)
--enable-clamav=y|n
(clamav 를 이용한 스캐닝. 기본값으로 y 이다.)
--enable-clamdscan=clamdscan의 PTAH
--enable-custom-smtp-reject=y|n
(바이러스 이름을 포함하여 리턴 메시지를 보내도록한다)
주의 – 위의 옵션을 사용하기 위해서는 소스디렉토리/contrib/qmail-queue-custom-error.patch
의 패치를
Qmail에 해주어야 한다. 또한 나중에 설명되는 옵션중에 하나인
–enable-dropmsg
의 값이 y이면 안된다.)
--enable-per-domain=y|n
( 많은 도메인에 대해서 메일서비스를 하고 있으며 각각에 대한 simscan 의 설정을
하고자 한다면 y를
택하도록 한다.)
--enable-attach=y|n
( 첨부파일에 대해서 체크를 할 것인지의 여부를 정한다. /var/qmail/control/ssattach 파일안에 필터링할 파일명이나 확장자를 넣어주면 된다.)
--enable-spam=y|n (스팸메일에 대한 필터링을 할 것인지에 대한 옵션이다. 스팸어세신에
의해서 status 가 YES인 메일에 대해서는 반송을 하게
될것이다.)
--enable-spam-passthru=y|n
( 스팸 어세신에서 붙은 status값을
무시하고 그냥 통과시키고자 할 경우에 사용한다. 이는 나중에 procmail
이나 maildrop으로 스팸 편지함이나 별도의 디렉토리에 스팸 메일을 저장하고자 한다면
유용하게 사용될 수 있을 것이다.)
--enable-spam-hits=점수 (기본값으로 10 이
셋팅되며 스팸 어세신에서 정한 값을 넣으면 될 것이다.)
--enable-spamc=PTAH
(spamc 바이너리파일의 위치를 잡아준다. 자동으로
잡을것이다…^^)
--enable-spamc-args
(spamc 에 필요한 옵션을 지정할 수 있다.
필자의 경우에 퍼포먼스를 위해 spamd 를 소켓을 사용하게 하였으며 소켓의 위치는 /tmp/spamd 였다, 쌍따옴표로 지정한다는 점에 주의 하라)
Ex)
--enable-spamc-args=”-U /tmp/spamd”
--enable-dropmsg=y|n
(스팸 메일에 대한 메시지를 sender 에게
보내지 않겠다는 옵션이다.)
--enable-quarantinedir=디렉토리위치( 스팸,바이러스
메일을 따로 저장해둘 디렉토리를 지정한다)
--enable-received=y|n
( 메일헤더에 received를 추가할
것인지에 대한 옵션이다. 버전정보 및 처리시간이 기록되어진다.)
Additional information and a guide can be found at
http://qmailwiki.inter7.com/index.php?title=Simscan
= Overview =
SimScan is a simplified scanner for qmail similar to qmail-scanner and qscand.
It uses clamav, trophie, and/or spamassassin. It also supports attachment
blocking by extension. Simscan is written entirely in C to ensure maximum
speed. There are several options to allow simscan to scan per domain, and
reject spam mail.
= Requirements =
# ripmime (If you plan on using attachment blocking)<br>
# qmail with qmail-queue patch<br>
# clamav (optional)<br>
# spamassassin (optional)<br>
# trophie (or sophie) (both optional)
= How it works =
* Simscan creates a temporary working directory. You can specify the base
working directory with the --enable-workdir=/path. The default location
of this base is the /var/qmail/simscan directory. The temporary working
directory under this bass directory is named as
"unix time in seconds" . "microseconds" . "process id".
The email is read into a temporary file named "msg.unixtime.micro.pid.
* ripmime is called to break this file into separate mime parts.
* Optionally (--enable-attach) the mime message parts are checked against
the list of attachments to block.
Put the list of attachments in /var/qmail/control/ssattach or place the list
in the /var/qmail/control/simcontrol file for per-domain blocking.
This file gets read each time simscan is kicked off.
* clamdscan is called to check all the files in the working directory.
The return code of clamdscan is checked to see if it found a virus.
If it did, simscan exits back to qmail-smtpd with a permenent error,
causing the mail to be bounced back to the sender.
* Optionally (--enable-spam) spam assassin is called via spamc.
The email returned by spamc is checked X-Spam-Flag: header. If this header
contains "YES", the spam is rejected. You can reject instead on the calculated
hit count value by adding the --enable-spam-hits. SimScan checks for both
"hits=" and "score=" so that both old and new versions of spamassassin are
supported.
* Optionally (--enable-per-domain) enable per domain clamav and
spamassassin processing. You will need to edit /var/qmail/control/simcontrol
to define what domains get what scans. Further details on editing this file
are below.
Then run /var/qmail/bin/simscanmk to build the cdb files that simscan
uses. The changes will take effect immediately.
* Finally, if all of the above succeeds then the msg file is passed on to
qmail-queue. And the working directory and all the temporary files are deleted,
unless the SIMSCAN_DEBUG environment variable is set.
= Configuration Options =
Following is a list of all of the configure options and defaults:
--enable-user=<user> Change the user for simscan.
Default: simscan.
--enable-clamav=y|n Turn on clamav scanning. default yes.
--enable-clamdscan=PATH Full path to clamdscan program.
--enable-custom-smtp-reject=y|n Return smtp reject message with virus name.
--enable-per-domain=y|n Turn on per domain based checking.
--enable-attach=y|n Turn on attachment scanning. default no.
--enable-spam=y|n Turn on spam scanning. default no.
--enable-spam-passthru=y|n Pass spam email thru or reject
Default: disable (reject)
--enable-spamc-user=y|n Set user option to spamc.
--enable-spam-hits=number Reject spam above this hit level.
Default 10.0
--enable-spamc=PATH Full path to spamc program.
--enable-spamc-args=ARGS Arguments to pass to spamc.
--enable-dropmsg=y|n Drop message in case of virus/spam found.
Don't return error to sender.
Default: disable (return error)
--enable-quarantinedir=DIR Directory to keep spam and/or infected emails
Default: disabled
--enable-qmaildir=DIR Base qmail directory /var/qmail.
--enable-workdir=DIR Directory to unpack emails
Default: /var/qmail/simscan
--enable-qmail-queue=PATH Full path to qmail-queue program.
--enable-trophie-path=PATH Full path to the trophie binary.
--enable-trophie-socket=PATH Full path to the trophie socket.
--enable-ripmime=PATH Full path to ripmime program.
--enable-received=y|n Simscan should add a received line showing
the version of all scanners that checked
the message
These options are only needed when the received line option (--enabled-received=y)
and the corresponding scanners are enabled as well:
--enable-spamassassin-path=PATH Path to the spamassassin binary
--enable-clamavdb-path=PATH Directory where the clamav master.cvd and
daily.cvd files are saved
--enable-sigtool-path=PATH Path to the sigtool binary
= Configuration Details =
Below are more detailed descriptions of each configuration option.
--enable-user=<user>
This option defines the user that simscan will run as. By default, the
user is 'simscan'.
--enable-clamav=y|n
This option turns clamav scanning on or off. When enabled, an incoming
email will be rejected if a virus is detected in the email.
--enable-clamdscan=PATH
This option defines the path to the clamdscan binary. This is the full
path to the binary.
Note : This option does nothing when clamav is not enabled.
--enable-custom-smtp-reject=y|n
This option turns custom smtp reject messages on and off. When enabled
simscan will place the virus name in the reject message if a virus is
detected.
Note : The qmail-queue-custom-error.patch is needed to make this option
work properly. You can find this patch in the contrib directory.
Note 2 : Enabling dropmsg disables this option
--enable-per-domain=y|n
This option turns per-domain scanning on and off. Per domain scanning
allows the administrator to explicitly state what scanning occurs for
what domain. In addition, attachment scanning can be enabled or disabled
for each domain. Details about how to set up per-domain scanning are
below.
--enable-attach=y|n
This option turns on attachment scanning. Attachment scanning will block
all attachments specified in /var/qmail/control/ssattach. Attachment
scanning is disabled by default.
--enable-spam=y|n
Ths option turns spam scanning on and off. When enabled, simscan allows
mail over a certain spam threshold to be rejected back to the sender.
--enable-spam-passthru=y|n
This option turns spam passthru on and off. When enabled, email
identified as spam via the X-Spam-Status: header will be passed on to the
user instead of rejected.
Note : Enabling spam-hits effectively disables this option.
--enable-spamc-user=y|n
This option turns per-user spamassassin on or off. When enabled, the email
address of the first rcpt to user is sent to spamassassin. This allows
spamassassin to use customized rules and settings for that email.
--enable-spam-hits=number
This option specifies the number of hits a spam must receive to be rejected
by simscan. This option defaults to 10 hits.
Note : This option disables spam passthru
--enable-spamc=PATH
This option specifies the full path to the spamc binary.
--enable-spamc-args=ARGS
This option defines the arguments to pass to spamc. Be sure to place quotes
around the options you define.
--enable-dropmsg=y|n
This option causes messaged to be dropped when a virus/spam is found, rather
than returning a 5xx error to the sender. This option is disabled by default.
Note : This option overrides the Custom SMTP Reject option
Note 2 : If SPAM Passthru is enabled, SPAM will NOT be dropped unless
spam-hits is enabled
--enable-quarantinedir=DIR
This option defined a directory to keep spam and/or infected emails. This
option is disabled by default.
--enable-qmaildir=DIR
This option defines the location of qmail.
--enable-workdir=DIR
This option defines the location of the working directory. Note : The
default directory is /var/qmail/simscan
--enable-qmail-queue=PATH
This option defines the full path and name of the qmail-queue program.
Incoming mail is passed to this program after being scanned by SimScan.
--enable-trophie-path=PATH
This option defines the full path to the trophie binary. This option is only
necessary if the received line option (--enable-received) is chosen.
--enable-trophie-socket=PATH
This option defines the path to the trophie socket. Defining this option
enables trophie scanning.
--enable-ripmime=PATH
This option defines the path to the ripmime program. This program is used
to rip apart emails into files.
--enable-received=y|n
Simscan adds a Received line, showing the runtime, and a version string of
the scanners that checked the message:
Received: by simscan 1.0.6 ppid: 25399, pid: 25400, t: 4.7007s
scanners: attach: 1.0.6 clamav: 0.80/m:27/d:556 trophie: 7.000-1011/218/74141 spam: 2.63
--enable-spamassassin-path=PATH
This option defines the full path to the spamassassin binary. This option
is only necessary if the received line option (--enable-received) is chosen.
--enable-clamavdb-path=PATH
This option defines the full path to clamav master.cvd and daily.cvd files.
This option is only necessary if the received line option (--enable-received)
is chosen.
--enable-sigtool-path=PATH
This option defines the full path to the sigtool binary. This option is only
necessary if the received line option (--enable-received) is chosen.
= Attachment blocking option =
Attachments can be blocked. It is disabled by default.
If you use the per domain scanning as well, look in that section of the
documentation on how to enable the checking.
With only the attachment blocker and NO per domain option it works like
this:
Put the list of attachments in /var/qmail/control/ssattach.
List each attachment on it's own line. For example:
[user@mailserver user]$ cat /var/qmail/control/ssattach
.jpg
.mp3
.scr
.bat
Then configure with:
./configure --enable-attach (with any other options you want)
make
make install-strip
= SpamAssassin options =
-------------------------------------------------
There are four different ways to configure simscan with spamassassin
* no spam processing
This is the default. No spamassassin processing will be done.
* Reject email at smtp level if spamassassin considers it spam. This might reject false positives (good email that looks like spam)
--enable-spam
* Reject email above a "score" of some number, like 15 and pass everything else through to the user.
--enable-spam --enable-spam-hits=15
* Do not reject anything. Pass the spamassassin processed message through to the user
--enable-spam --enable-spam-passthru
In addtion you can enable per user preference processing for email with just one recipient. Add the following option
--enable-spamc-user
Look at the rc.spamd sample startup script for spamd options that work with vpopmail and per user preferences. Also look at the contrib directory for patches to spamassassin to make vpopmail/per user processing work.
= Trophie/Sophie option =
To enable the trophie virus scanner :
./configure --enable-trophie-socket=/path/to/the/socket \
--enable-trophie-path=/path/to/trophie/binary
As sophie uses the same interface it may work as well,
but is not tested!
= How SMTP rejection works =
There are currently three options for handling SMTP rejection. SMTP
rejection occurs when a virus is detected, or when the spam score is
over the spam-hits level.
The default rejection option is to reject with a standard 5XX reject
message. This rejection message looks as follows :
554 mail server permanently rejected message (#5.3.0)
If --enable-dropmsg is used, messages are dropped with no rejection
message. The connection is simply closed without warning.
If --enable-custom-smtp-reject is used, messages are rejected with
a custom message. You will need to apply the qmail-queue-custom-error.patch
patch located in the contrib directory in order to make this work.
For virus rejection, the message contains the name of the virus such as :
Your email was rejected because it contains the Worm.Bagle.AU virus
For spam rejection, the message is more generic, merely stating that
the message was rejected because it was considered spam :
Your email is considered spam (53.5 spam-hits)
For attachment rejection, the message contains the name of the
attachment :
Your email was rejected because it contains a bad attachment: trojan.exe
= Enable Per Domain processing =
To enable per domain processing :
./configure --enable-per-domain (with any other options you want)
make
make install-strip
Edit the /var/qmail/control/simcontrol text file
You can enable/disable clam/spam/trophie/attachments per domain
and per user and set a default for the whole machine.
Here is an example:
[user@mailserver user]$ cat /var/qmail/control/simcontrol
postmaster@example.com:clam=yes,spam=no,attach=.txt:.com
example.com:clam=no,spam=yes,attach=.mp3
:clam=yes,spam=yes,trophie=yes,spam_hits=20.1
The third line sets the default for the whole machine to
enable clam,trophie, spam scanning, and sets the reject level for
spam hits to 20.1.
The second line sets clam off and spam on for the example.com domain and
disallows .mp3 files for the attachment scanner
The first line sets clam on and spam off for postmaster@example.com and
.txt and .com files for the attachment names.
The order of precedence is:
email address (overrides all)
domain (overrides default)
default (only used if not overridden by domain or email address.
First the sender address will be looked up and then the recipients.
Without any matches, no scans will be done.
Then run /var/qmail/bin/simscanmk to build the simcontrol.cdb file.
You can rebuild this files at any time. The simscanmk program can safely
update the cdb files while the system is running.
Qmail extensions are handled like this: the address is broken into their
parts and are looked up. test-list-owner@test.ch looks up:
test@test.ch
test-list@test.ch
test-list-owner@test.ch
= Security =
The simscan program is restricted to running setuid simscan
to protect the rest of the system. It does all of it's work
in the /var/qmail/simscan directory (default location).
The simscan program runs setuid simscan. It does all of it's work
in the /var/qmail/simscan directory which is owned by simscan.
= Permissions and ClamAntiVirus =
To get ClamAV to play nicely with simscan's permissions you have two options:
* run clamd as root
* Add clamav to simscan's group. Then clamav will have access
to the working directory and it's files. On Linux like systems:
usermod -G simscan clamav
= How to chain additional scanning programs with simscan =
When simscan finishes it expects to call a program that reads
the file descriptors like qmail-queue does. You can configure
simscan to call a different program. By default the configure
script picks up the path to your qmail-queue program, which
is normally /var/qmail/bin/qmail-queue. Use this configure option:
--enable-qmail-queue=PATH
where PATH is full path to qmail-queue program.
I do not know why you would want to have another scanning process happen,
but you can sure configure it before compiling.
= How to Disable/Enable simscan for smtp connections by IP ranges =
Use the standard tcp.smtp text file to set or not set the QMAILQUEUE
environment variable per IP ranges. qmails smtp server is normally
run via tcpserver with the -x option to the constant database file
tcp.smtp.cdb.
Example:
Turn simscan off for our machines loopback address (127.*.*.*).<br>
Disable it for hypothetical local linux users on the 192.168.1.* lan.<br>
Enable it for hypothetical local windows users on the 192.168.2.* lan.<br>
Finally, we enable simscan(clamav/spamassassin) for all those untrusted
internet email senders.
Example tcp.smtp file contents:
[user@mailserver user]$ cat tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT=""
192.168.2.:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/simscan"
:allow,QMAILQUEUE="/var/qmail/bin/simscan"
This tcp.smtp file then needs to be compiled into the tcp.smtp.cdb file
using your systems method of generating it. If you only need the rules
in the tcp.smtp file you can compile it with this command:
[user@mailserver user]$ cd /to/directory/where/your/tcp.smtp.cdb file lives
[user@mailserver user]$ /usr/local/bin/tcprules tcp.smtp.cdb tempfile < tcp.smtp
Once compiled, the rules take effect immediately. Actually it
takes effect on every new smtp connection.
= Temporary File Management =
Simscan uses unique file names for the message, to/from headers and the
optional spamassassin output. The files are created in the unique simscan
work directory for this process. The files are unlinked along with the
temporary work directory just before we hand/execl all the information to
qmail-queue or on error exits.
data file name
____________ _______________
message fd 0 = msg.X.Y.Z where X = unix seconds
to/from fd 1 = addr.X.Y.Z Y = microseconds
spamassassin = spamc.msg.X.Y.Z Z = simscan process id
fd 0 and fd 1 normally come from the qmail smtp daemon.
Temporary files and directories are not deleted if the SIMSCAN_DEBUG
environment variable is set.
= Sample qmail startup script =
rc.qmail in the contrib directory is our sample qmail startup script. It shows you how you
can set the QMAILQUEUE environment variable to call simscan for
all incoming SMTP email.
Notice that we run our smtp server as root. We also run clamd as root. If you are having permission
problems you may want to consider running both as root.
= Sample spamassassin startup script =
rc.spamd in the contrib directory is a sample spamd startup script.
It sets enables the vpopmail and per user perferences option. It also
sets the spamd socket to /tmp/spamd.sock.
You must use the --enable-spamc-args="-U /tmp/spamd.sock" option to simscan if you use this startup script.
ITWeb/개발일반 2012. 8. 31. 17:40
ITWeb/개발일반 2012. 8. 3. 13:11
1. ARP( Address Resolution Protocol ) Spoofing
ARP 스푸핑은 MAC 주소를 속여 랜에서의 통신 흐름을 왜곡시키는 공격입니다. 공격 대상 컴퓨터와 서버 사이의 트래픽을 공격자의 컴퓨터로 우회시켜 패스워드 정보등 원하는 정보를 획득 할 수 있습니다.
[ARP는..]
접기 ARP( Address Resolutino Protocol ) 은 IP 주소를 물리적 네트워크 주소( Mac Address 가 포함된 형태 )로 변환하는데 사용되는 프로토콜이다. 처음 IP 주소만을 가지고 통신을 시작할 때, 물리주소를 FF-FF-FF-FF-FF-FF 로 채워서 보내는데, 해당 IP 주소에서 요청을 처리할 장비가 결정되고 해당 장비의 Mac Address 가 요청한 쪽으로 전송이 된다. 이 때부터 실제 통신이 시작되는 것이라 볼 수 있다.
접기
DNS 프로토콜은 인터넷 연결시 도메인 주소를 실제 IP 주소로 대응시켜 주는 프로토콜을 말합니다. 정상적인 접속에서는 사용자가 접속하고자 하는 사이트에 대한 IP주소를 (공인된) DNS서버에서 받아와야 합니다. 그러나 공격자가 DNS서버를 장악하거나 사용자와 DNS사이의 트래픽을 스니핑(훔쳐서)하여 공격자가 설정한 임의의 IP주소를 사용자에게 보내 원하는 사이트로 이동시키는 것과 같은 공격이 DNS스푸핑입니다. (원래 접속해야 하는 사이트가 아닌 공격자가 설정한 주소로 접속하게 되어 정보를 빼내기가 쉽다. )
IP 스푸핑은 IP 자체의 보안 취약성을 악용한 것으로 공격자가 자신의 IP주소를 사용자와 신뢰관계가 있는 IP로 속여서 접속하는 공격입니다. IP 스푸핑을 통해 서비스 거부 공격도 수행 가능하며 공격 대상 컴퓨터와 서버사이의 연결된 세션을 끊을수도 있습니다.
[예]
접기 예를 들어, '갑'과 '을'이 서로 정보를 교환할 때 해커가 '갑'으로 가장해 보내는 문서를 빼내는 행위 등이 이에 해당한다.
접기
워치독이란 망간 패킷 교환(IPX)에서 네트웨어 서버가 클라이언트와의 접속 여부를 알기 위해 사용하는 워치독 패킷에 대한 응답을 클라이언트를 대신하여 행하는 기능입니다. 워치독 패킷은 서버가 클라이언트와의 접속 여부를 계속 확인하기 위해 클라이언트에 보내는데, 일정 기간 동안 응답이 없으면 서버와의 세션은 종료됩니다.
이러한 워치독 패킷 사용상에도 많은 클라이언트로 인해 링크가 단절되는 문제가 발생하게 되는데, 이 문제를 해결하기 위해 서버 측에 워치독 스푸핑 라우터를 설치하여 클라이언트를 대신하여 응답하도록 한 것이 워치독 스푸핑입니다.
이메일 스푸핑은 이메일을 보낼 때 보내는 주소를 위조해서 보내는 것으로 스팸 메일이나 바이러스 감염 메일을 보낼 때 악용되는 기법입니다.
ITWeb/개발일반 2012. 7. 9. 20:25
[원본링크] http://subclipse.tigris.org/wiki/JavaHL
Get the right
version!
Before explaining what JavaHL is, it is important that you know
what version you need for the version of Subclipse you are using. JavaHL is part
of Subversion, so it's version matches that of the Subversion command line
client you have installed. Each Subclipse version typically only supports a
single Subversion client version (due to API differences). Make sure you get the
right version of JavaHL for your Subclipse version.
Current Versions
Subclipse Version |
SVN/JavaHL Version |
1.8.x |
1.7.x |
1.6.x |
1.6.x |
1.4.x |
1.5.x |
1.2.x |
1.4.x |
1.0.x |
1.4.x | subversion server 랑 client 랑 version 을 맞춰서 사용을 해야 merge 할때.. 삽질을 안합니다. 참고하세요..;;;
|