CentOS – How to Configure the Software Update Application to Use a Proxy Server

To get the Software Update application in CentOS to use a web proxy server, add the following line to the /etc/yum.conf file:

proxy=http://www.theProxyServer.com:port/

Replace “www.theProxyServer.com:port” with the URL and port number of the proxy service running on the proxy server. The “/” at the end is important so don’t forget to add it.

Xserve MegaRAID – How to Create a RAID Volume

To set up a MegaRAID with Raid 5 on an Xserve follow these steps:

1. Boot the server from OSX Server CD

2. Open the Terminal application

3. Type in the command

megaraid -create auto

4. Close the Terminal application

5. Open the Disk Utility application

6. Create a new partition on the new RAID drive with the Disk Utility application

7. Reinstall the operating system with the Mac OS X server CD or DVD

8. Done

Xserve MegaRAID – How to Stop a Consistency Check

If on reboot the server does a consistency check of the RAID, this process can take a very long time. It may take upwards of 8 or more hours. There isn’t really any indication an Xserve is doing a consistency check on reboot. What happens is the Xserve boots to a gray screen or if you try to hold down the option key the screen will just sit there like it is searching for bootable partitions. Every once in a while you will see the drive activity lights blink but other than that there is no real indication the consistency check is running.

If you want to abort the consistency check and prevent it from automatically running on the next reboot of the server you can boot from a Tiger/Leopard installation CD/DVD and then launch the terminal app from that. Then you need to manually start and then stop a consistency check. After you stop the consistency check, this resets whatever flag the Xserve reads which tells it to automatically run the consistency check on reboot. So now when you reboot the Xserve it should not try to run the consistency check and instead proceed with booting the server normally. Here are the commands to manually start and stop the consistency check:

megaraid -chkcon ld -start
megaraid -chkcon ld -stop

In the commands above, replace “ld” with the logical drive number of the RAID you want to check. You can get the logical drive number by running the command:

megaraid -showconfig

Basic SQL Injection Exploit with PHP

Here is an example of a basic login function which is taught in a lot of PHP tutorials. The purpose of this code is to prevent someone from viewing a web page unless they provide a valid username/password in a form. The username/password is stored in a MySQL database.

$username = $_POST["username"];
$password = $_POST["password"];$query = "SELECT * FROM users WHERE Username = '" . $username . "' AND Password = '" . $password . "'";
$result = mysql_query($query);
$validated = false;
while ($rs = mysql_fetch_array($result))
{ $validated = true; }

If a programmer does not do any input validation and uses the very basic username/password authentication example shown above, the following SQL code placed in the “password” field of a web application using code like this will usually give you access to the protected area:

foo' OR 'a'='a

The presence of this vulnerability in the code may allow a malicious
person to execute other SQL commands such as editing or deleting the
data in your database.

Shadow of hand over keybaord