Page 2 of 18

Gif: Illustration of Manual transmission.

Here’s a gif, from internet illustrating manual gear transmission.

How_Manual_transmission_works

Installing .NET Framework 3.5 on Windows Server 2012 and Windows Server 2012 R2

There might be requirements of installing .Net Framework 3.5 in Windows Server 2012 and Windows Server 2012 R2, and you will most likely run into problems while installing it.

If you are trying to install .NET Framework 3.5 from the Server Manager GUI, you will see this when installing the feature:

“Do you want to specify an alternate source path? One or more installation selections are missing source files…”

Confirm

 

 

To solve this, you can either:

1. Go to a command prompt and enter this:

dism /online /enable-feature /featurename:NetFX3 /all /Source:d:sourcessxs /LimitAccess

Note: Source should be the Windows installation disc. In my case, this was located on D:

command

2. Go down to “Specify an alternate source path” and enter “d:sourcessxs” as the path.

addroles

addroles

Now you can proceed with installation.

How to execute a test continuously for specified duration without bothering no. of times using JMETER?

Scenario:

Do you have the following scenario to execute by Jmeter and not able to find the solution?

Having HTTP Request / REST Request in a test plan, required to execute the test for 1 hour duration without bothering repetition , and to

  • Find the application robustness and consistency to bear max load?
  • Find no. of requests application can handle for the specified duration?

and you would have

  • tried giving in scheduler but not worked as it executes for the number of threads specified In thread group.
  • tried giving in Duration but not worked. So what is next?

Solution:

  • Check ‘Forever’ check box in Thread group
  • Give Duration as ‘3600’ in Scheduler section of Thread Group

image

Enjoy Testing  Smile

MySQL an introduction and basic tutorial

MySQL is a Open source database management systems. It ‘s a powerful database management system with a lot of flexibility. This tutorial covers basic introduction to MySQL. In this tutorial I’m using Centos operating system for installing MySQL.

Installing MySQL in centos

MySQL can be installed using yum repository, and can be installed using the below comment.

#yum install mysql-server

image

Once the installation is complete, you can start mysql using the below comment.

#/etc/init.d/mysqld start

No password is set by default during MySQL installation.

For setting up password for MySQL for the first time use mysqladmin to set root password

mysqladmin -u root password NEWPASSWORD

eg: mysqladmin –u root password Password123

Accessing MySQL Shell

MySQL prompt can be accessed using the below command

#mysql –u root –p

and enter the MySQL password created.

image

Now we are in MySQL prompt.

How to list databases?

type ‘show databases’ at mysql prompt.

image

How to create a database?

Syntax: create database <dbname>

image

How to access a database?

Syntax: use <dbname>

image

How to delete a database?

Syntax: drop database <dbname>

image

Apache JMeter HTTP(S) Test Script Recorder

In this tutorial we are planning to explain step by step on how to record HTTP/HTTPS sessions.

Setup Instructions

  1. Go to JMETER_HOME/bin and start JMETER with jmeterw.cmd and jmeter in linux/unix.
  2. Select “Test Plan”, right click on “Test Plan” and add a new thread group: Add > Threads  (Users) > Thread Group.

image

3.  Select “Thread Group” right click, “Add –> Config Element –> HTTP Request Defaults”

image

4.  In new HTTP Request Defaults element: Server name – enter “host to be tested”, path can be left blank.

image

5. Right click on the “Thread Group” and add a recording controller: Add > Logic Controller >Recording Controller.

image

6.  Next, select WorkBench, Right click on WorkBench and add the recorder: Add -> Non-Test Elements -> HTTP(S) Test Script Recorder

image

7. On HTTP(S) Test Script Recorder, click the “Add” button in “URL Patterns to Include”. This will create a blank entry; enter “.*.html”. you can specify URL patterns to include and exclude such as *.html, *.js, which you would like to record.

image

8.  Right click on “HTTP(S) Test Script Recorder” and add a listener: Add -> Listener –> View Results Tree

image

9. Return to HTTP(S) Test Script Recorder, and click the “Start” button at the bottom.

This will start the JMeter proxy server which is used to intercept the browser requests. A file called ApacheJMeterTemporaryRootCA.crt will be generated in jmeter/bin folder. Install this certificate in your browser.

Note: If you browser already uses a proxy, then you need to configure JMeter to use that proxy before starting JMeter, using the command-line options -H and -P.

Configure Firefox To Use JMeter Proxy

We will use Firefox as our browser when using the JMeter HTTP(S) Test Script Recorder because, unlike Chrome and some other browsers, it does allows you to override system-wide configuration for its proxy settings.

Configure Firefox to use localhost (127.0.0.1) on port 8080 as its proxy for all traffic by following these steps:

  1. Open Firefox
  2. Go to the Preferences menu
  3. Click on the Advanced tab
  4. Then Network tab
  5. In the “Connection” section, click on “Settings…”
  6. Select the “Manual proxy configuration” radio button
  7. Set HTTP Proxy to “localhost” and Port to “8080”
  8. Check “Use this proxy server for all protocols”
  9. Click OK and exit the Preferences menu

Note: When Firefox is configured to use JMeter’s Script Recorder as a proxy, it will only work properly if the Script Recorder is running.

Recording HTTP Requests

Now that our test plan’s HTTP(S) Test Script Recorder is running, and Firefox is configured to use it as a proxy, the HTTP requests that Firefox sends will be recorded. Let’s test it out.

In Firefox, go to your server’s homepage (the same server that you configured in your JMeter HTTP Request Defaults):

http://your_domain.com/

Now there should be a little triangle next to your Recording Controller. Click on it to expand and show the requests that it has recorded. You should see the HTTP requests that were recorded, depending on which URL Patterns you have included and excluded. Feel free to browse your site to record more requests.

As you can see, a lot of requests were created. You may refine the list of HTTP requests by simply deleting unwanted entries here.

If you do not see any entries under your Recording Controller, you will want to review your URL Patterns in the HTTP(S) Test Script Recorder (Hint: Remove all includes and excludes to record everything).

Once you are done recording, click the “Stop” button at the bottom of the HTTP(S) Test Script Recorder window. Note that Firefox will no longer be able to reach any pages (because it is configured to use port 8080 as a proxy)–configure it to use “No proxy” if you want to function normally.

Run Your Test Plan

Once you are happy with the test plan you have recorded, save it, then run it. It will function exactly like a manually created test, so you can configure it, delete, and add items to make it match your desired test case more closely.

Microsoft Antimalware for Azure services available for free

The solution is built on the same antimalware platform as Microsoft Security Essentials [MSE], MicrosoftForefront Endpoint Protection, Microsoft System Center Endpoint Protection and Windows Defender for Windows 8.0 and higher. Microsoft Antimalware for Azure is a single-agent solution for applications and tenant environments, designed to run in the background without human intervention. You can deploy protection based on the needs of your application workloads, with either basic secure-by-default or advanced custom configuration, including antimalware monitoring. When you deploy and enable Microsoft Antimalware for Azure for your applications, the following core
features are available:
Real-time protection – monitors activity in Cloud Services and on Virtual Machines to detect and block malware execution.
Scheduled scanning – periodically performs targeted scanning to detect malware, including actively running programs.
Malware remediation – automatically takes action on detected malware, such as deleting or quarantining malicious files and cleaning up malicious registry entries.
Signature updates – automatically installs the latest protection signatures (virus definitions) to ensure protection is up-to-date on a pre-determined frequency.
Antimalware Engine updates – automatically updates the Microsoft Antimalware engine.
Antimalware Platform updates – automatically updates the Microsoft Antimalware platform.
Active protection – reports telemetry metadata about detected threats and suspicious resources to Microsoft Azure to ensure rapid response to the evolving threat landscape, as well as enabling real-time synchronous signature delivery through the Microsoft Active Protection System (MAPS).

Samples reporting – provides and reports samples to the Microsoft Antimalware service to help refine the service and enable troubleshooting.
Exclusions – allows application and service administrators to configure certain files, processes, and drives to exclude them from protection and scanning for performance and/or other reasons.
Antimalware event collection – records the antimalware service health, suspicious activities, and remediation actions taken in the operating system event log and collects them into the customer’s Azure Storage account.

Microsoft Antimalware in Azure workflow – enable, configure, and monitor

image


How to enable and configure Microsoft Antimalware for Azure virtual machines?

There are multiple ways to do this, in this section I’m will let you know how to enable it using Azure management portal while provisioning a virtual machine.

  • logon to Azure management portal at https://manage.windowsazure.com
  • To create a new virtual machine, click New, Compute, Virtual Machine, From Gallery, as shown below.

image

  • Select the Microsoft Windows Server image on the choose an image page.
  • Click the right arrow and input the Virtual Machine configuration.
  • Check the Microsoft Antimalware checkbox under Security Extensions on the Virtual Machine configuration page.
  • Click the Submit button to enable and configure Microsoft Antimalware for Azure Virtual Machines with the default configuration settings.

image

Browser vendors scrapping SSLv3 in wake of poodle attack

With the latest finding from Google researchers , browser vendors are scrapping SSLv3 in wake of poodle attacks.  For more information on poodle attack check this link http://www.technix.in/sslv3-poodle-attack/.

Officials at mozilla has confirmed in a blog post that only 0.3% of https connection with Firefox uses SSLv3. They are planning to remove fully SSLv3 in the upcoming release of Firefox 34 and is expected to be released by November 25. The code to disable it is landing to in the nightly releases. And as an additional precaution, Firefox35 will support a generic TLS downgrade mechanism known as SCSV. if this is supported by the server, it prevents attacks that rely on insecure fallback.

Google security officials said that Chrome has supported the SCSV mechanism since February, but warned that disabling SSLv3 will cause problems for site owners who still support the protocol.

“Disabling SSL 3.0 support, or CBC-mode ciphers with SSL 3.0, is sufficient to mitigate this issue, but presents significant compatibility problems, even today. Therefore our recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevents attackers from inducing browsers to use SSL 3.0. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0 and so may help prevent future attacks,” said Bodo Möller, one of the Google researchers who developed the attack.

“Google Chrome and our servers have supported TLS_FALLBACK_SCSV since February and thus we have good evidence that it can be used without compatibility problems. Additionally, Google Chrome will begin testing changes today that disable the fallback to SSL 3.0. This change will break some sites and those sites will need to be updated quickly.”

Microsoft issued an advisory about the POODLE attack on Tuesday but didn’t announce any specific plans for disabling the protocol in Windows or Internet Explorer. IE 6, an ancient version of the company’s browser, is the only major browser that doesn’t support anything newer than SSLv3.

“This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers,” Microsoft’s advisory says.

SSLv3 – Poodle Attack

Researchers at Google has discover a new attack on the SSLv3 protocol, which takes advantage of an issue with the protocol that enables a network attacker to recover the plain text communications of the victim.

The attack is known as POODLE. The technique takes advantage of the fact that when a secure communication attempts fails, servers will fall back to older protocols such as SSLv3, in an attempt to continue communication with the remote client/server. An attacker who can trigger a connection failure can then force the use of SSLv3 and attempt the attack.

The easiest fix for the attack is to disable SSLv3, but that has compatibility implications for browsers especially older ones. Recommended response is to support TLS_FALLBACK_SCSV. This is a mechanism that solves the problems caused by retrying failed connections and thus prevent attackers from inducing browsers to use SSLv3. It also prevents downgrades from TLS 1.2 to 1.1 or 1.0.

This new attacks affects a wide range of software, including OpenSSL.

Firefox is planning to turn of SSLv3.  As per firefox updates there is only 0.3% of https uses SSLv3. An SSLv3 will be disabled by default in Firefox34 which is expected to release on Nov 25.

Bug in Bash shell allow attackers to execute code on Linux, Unix and Mac OSX

A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks.

The bug, discovered by Stephane Schazelas, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network–based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.

Because of its wide distribution, the vulnerability could be  critical, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Patches have been issued by many of the major Linux distribution vendors for affected versions, including:

  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

A test on Mac OS X 10.9.4 (“Mavericks”) by Ars showed that it also has a vulnerable version of Bash. Apple has not yet patched Bash, though it just issued an update to “command line tools.”

While Bash is often thought of just as a local shell, it is also frequently used by Apache servers to execute CGI scripts for dynamic content (through mod_cgi and mod_cgid). A crafted web request targeting a vulnerable CGI application could launch code on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server. And a malicious DHCP server set up on a network or running as part of an “evil” wireless access point could execute code on some Linux systems using the Dynamic Host Configuration Protocol client (dhclient) when they connect.

There are other services that run on Linux and Unix systems, such as the CUPS printing system, that are similarly dependent on Bash that could be vulnerable.

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable
this is a test

bash_vul

 

 

 

 

 

 

An unaffected (or patched) system will output:

 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.

 

Root Cause of this issue:

  • A flaw was found in the bash functionality that evaluates specially formatted environment variables passed to it from another environment.
    An attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
  • For more information about this vulnerability, refer to the following article:
    Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)

 

Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) (Source Redhat)

In order to avoid exploitation from CVE-2014-6271, ensure that your system is updated to at least the following versions of Bash.

RHSA-2014:1293

  • Red Hat Enterprise Linux 7 – bash-4.2.45-5.el7_0.2
  • Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1
  • Red Hat Enterprise Linux 5 – bash-3.2-33.el5.1

RHSA-2014:1294

  • Red Hat Enterprise Linux 4 Extended Lifecycle Support – bash-3.0-27.el4.2
  • Red Hat Enterprise Linux 5.6 Long Life – bash-3.2-24.el5_6.1
  • Red Hat Enterprise Linux 5.9 Extended Update Support – bash-3.2-32.el5_9.2
  • Red Hat Enterprise Linux 6.2 Advanced Update Support – bash-4.1.2-9.el6_2.1
  • Red Hat Enterprise Linux 6.4 Extended Update Support – bash-4.1.2-15.el6_4.1

RHSA-2014:1295

  • SJIS for Red Hat Enterprise Linux 6 – bash-4.1.2-15.el6_5.1.sjis.1
  • SJIS for Red Hat Enterprise Linux 5 – bash-3.2-33.el5_11.1.sjis.1
  • In order to update to the most recent version of the Bash package run the following command:
# yum update bash
  • Specify the package name in order to update to a particular version of Bash. For example, to update a Red Hat Enterprise Linux 6.5 system run:
# yum update bash-4.1.2-15.el6_5.1
  • The only way to fix it is to install updated Bash packages.
  • The safest & simplest thing to do is to perform a system reboot.
  • Carry out the following operation if system cannot be reboot.
/sbin/ldconfig

Read more information on this @ redhat

Steps to configure Weblogic proxy plugin in IIS6.0

To configure weblogic Proxy plugin in IIS6.0 we need to have mainly two dll’s (iisforward.dll & iisproxy.dll) and iisproxy.ini in the same folder. The mentioned dll’s  (iisforward.dll & iisproxy.dll) are available with the weblogic installation folder.

My environment details

Microsoft windows server 2003(32bit)
IIS6.0
Weblogic 10.3.6

In my setup the dll’s was available in the below location for WL 10.3.6  C:OracleMiddlewarewlserver_10.3serverpluginwin32

Copy the iisforward.dll, proxy.dll to C:Inetpubwwwroot and create a file iisproxy.ini with the below simple configuration.

WebLogicHost=<Weblogic host>
 WebLogicPort=7001
 WlForwardPath=/
 Debug=ALL
 DebugConfigInfo=ON

More plugins can be added based on your requirements, the plugin list can be found here

http://docs.oracle.com/cd/E15051_01/wls/docs103/plugins/plugin_params.html

Now the sample output from  C:Inetpubwwwroot directory looks like below.

sample_out

And in IIS6.0 it looks like below.

iis_basic

I’m using Default website in this example.

Steps

  1. Start IIS, go to ‘Default Web Site”, right click on it and select ‘properties’,                         go to ‘ISAPI Filters’ tab, click on Add
  2. Default-prop

isapi-filter

Enter the name of your choice for the “Filter name” eg: forwarddll

Now click on browse and select “iisforward.dll“,  and click on OK, as shown below.

fwd-dll

Go to the Home Directory, select configuration and select add

add_wlforward

Select browse, then iisproxy.dll from drop down list and for extension use .wlforward

and make sure “Verify that the file exits” is not checked (See last check box on screen above and screen shot below point 6).

Then click OK.

Next go to Web Service Extension and make sure that “All Unknown ISAPI Extensions” are allowed.

WebserviceExt

Here completes the configuration.

Now  you can access you weblogic url via, WLS iis proxy.

for example, in original your application is configured on weblogic port 7001

like:
http://myhost.wlmachine.com:7001/sampleapp
This can be accessed as
http://myhost.wlmachine.com/sampleapp

© 2017 Technix

Theme by Anders NorénUp ↑