- SE37 - View source of RFC
- ST22 - View runtime errors
- SM31 - View table
- VK13 - View pricing conditions
- XD03 - View customer master data
- MM03 - View material master data
- VA03 - View order
Friday, October 4, 2013
Handy transactions for SAP SD
These are just a few transactions that I have ended up using quite often when working with SAP SD.
Wednesday, July 17, 2013
CentOS 6.2 Minimal Setup - Part 3 - IPTables
The next step is to lock down which protocols and ports can access our machine.
See http://wiki.centos.org/HowTos/Network/IPTables for a great explanation of IPTables.
So to do this we create a script that will alter IPTables. We create the script as root user and save it in the /root folder. We will call it myfirewall. Once run chmod 700 mfirewall.
The contents of our myfirewall will be the following.
Important points to note:
1) We have the SSH port set to 2022. This is normally 22 so make sure your script has the correct port. This will be set in /etc/ssh/sshd_config.
2) This firewall configured for tomcat running standalone, ie without apache in front. Therefore traffic will come to the machine via ports 80 (http) or 443 (https) and will be re-routed to 8080 and 8443.
3) By default we will drop any input or forward traffic. By default we will allow any outbound traffic.
See http://wiki.centos.org/HowTos/Network/IPTables for a great explanation of IPTables.
So to do this we create a script that will alter IPTables. We create the script as root user and save it in the /root folder. We will call it myfirewall. Once run chmod 700 mfirewall.
The contents of our myfirewall will be the following.
#!/bin/bash # # iptables example configuration script # # Flush all current rules from iptables # iptables -F # # Allow SSH connections on tcp port 2022 # This is essential when working on remote servers via SSH to prevent locking yourself out of the system # iptables -A INPUT -p tcp --dport 2022 -j ACCEPT # port 8080 allow iptables -A INPUT -p tcp --dport 8080 -j ACCEPT # port 80 allow iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# port 443 allow
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# port 8443 allow
iptables -A INPUT -p tcp --dport 8443 -j ACCEPT
# forward from port 80 to 8080
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080
# forward from port 443 to 8443
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
iptables -t nat -A PREROUTING -p udp -m udp --dport 443 -j REDIRECT --to-ports 8443
iptables -A INPUT -p icmp -j ACCEPT # # Set default policies for INPUT, FORWARD and OUTPUT chains #
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # # Set access for localhost # iptables -A INPUT -i lo -j ACCEPT # # Accept packets belonging to established and related connections # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # # Save settings # /sbin/service iptables save # # List rules # iptables -L -v
Important points to note:
1) We have the SSH port set to 2022. This is normally 22 so make sure your script has the correct port. This will be set in /etc/ssh/sshd_config.
2) This firewall configured for tomcat running standalone, ie without apache in front. Therefore traffic will come to the machine via ports 80 (http) or 443 (https) and will be re-routed to 8080 and 8443.
3) By default we will drop any input or forward traffic. By default we will allow any outbound traffic.
CentOS 6.2 Minimal Setup - Part 2 - SSH
Now that you have networking enabled on your machine the first thing to do is lock it down so that no one can access it too easily. I think the best way to do this is by disabling access to the root user via SSH and disabling password authentication for SSH. I am no linux expert but at least doing this stops anyone running a brute force attack against your machine or logging in with a hijacked password. For anyone to log in they would need the private key.
See http://wiki.centos.org/HowTos/Network/SecuringSSH for a great rundown on everything I am doing here.
Create new user
So first create the user that you will use to login to the machine.
In this case we created a new group admin. And then we created a user called carl and assigned this group admin.
Create public/private keys
Now, as the user just created, create public/private keys. Then put the public key in the authorized_keys file for the user. Copy the private key (id_rsa) to somewhere on your local machine to use later on.
ssh-keygen -t rsa
chmod 700 .ssh
chmod 600 .ssh/id_rsa
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
Test Key
If you are using Windows you can use putty to test connecting to the server.
First convert the private key from the previous step to a putty format using puttygen.
Then create a connection to your server specifying the user you created and the private putty key.
When specifying the connection you will need to supply:
- Session - Host Name (or IP Address) - IP Address or host name of your machine
- Connection - Data - Auto-login username - username you created previously. In this example it is carl.
- Connection - SSH - Auth - private key for authentication - Path to the private putty key.
If you can connect then everything is okay and you can then continue with the next step to lock down SSH.
Modify SSH Config
Edit /etc/ssh/sshd_config and make the following changes.
PermitRootLogin no
AllowUsers carl
Port 2022
PasswordAuthentication no
Now it should be that only the user carl can SSH into the machine and authentication will be done using the private key of this user.
See http://wiki.centos.org/HowTos/Network/SecuringSSH for a great rundown on everything I am doing here.
Create new user
So first create the user that you will use to login to the machine.
In this case we created a new group admin. And then we created a user called carl and assigned this group admin.
Create public/private keys
Now, as the user just created, create public/private keys. Then put the public key in the authorized_keys file for the user. Copy the private key (id_rsa) to somewhere on your local machine to use later on.
ssh-keygen -t rsa
chmod 700 .ssh
chmod 600 .ssh/id_rsa
cat .ssh/id_rsa.pub >> .ssh/authorized_keys
chmod 600 .ssh/authorized_keys
Test Key
If you are using Windows you can use putty to test connecting to the server.
First convert the private key from the previous step to a putty format using puttygen.
Then create a connection to your server specifying the user you created and the private putty key.
When specifying the connection you will need to supply:
- Session - Host Name (or IP Address) - IP Address or host name of your machine
- Connection - Data - Auto-login username - username you created previously. In this example it is carl.
- Connection - SSH - Auth - private key for authentication - Path to the private putty key.
If you can connect then everything is okay and you can then continue with the next step to lock down SSH.
Modify SSH Config
Edit /etc/ssh/sshd_config and make the following changes.
PermitRootLogin no
AllowUsers carl
Port 2022
PasswordAuthentication no
Now it should be that only the user carl can SSH into the machine and authentication will be done using the private key of this user.
Friday, May 17, 2013
CentOS 6.2 Minimal Setup - Part 1 - Enable Networking
I am going to describe the steps I go through to setup my clean CentOS 6.2 Minimal install so that it can run my app on tomcat using mysql as the database.
The first thing I need to do is enabled the networking, which by default is disabled.
So first I need to decide if I am going to use DHCP or Static configuration for the IP address. If this was my production machine it would be fixed. If it was my development or test server that is running on my local machine as a Virtual Machine it would be DHCP.
DHCP
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file.
Make the following changes:
NM_CONTROLLER="no"
ONBOOT="yes"
BOOTPROTO="dhcp"
So it should look something like the following except the HWADDR will be different.
Then restart the network service using service network restart.
STATIC
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file.
Make the following changes:
NM_CONTROLLER="no"
ONBOOT="yes"
BOOTPROTO="static"
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
The IPADDR and NETMASK will have been provided by your hosting company.
Edit the /etc/sysconfig/network file.
Make the following changes:
HOSTNAME=server1
GATEWAY=xxx.xxx.xxx.xxx
The GATEWAY will have been provided by your hosting company.
Edit the /etc/resolv.conf file.
Make the following changes:
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
The 2 nameservers will have been provided by your hosting company.
Edit the /etc/hosts file.
Make the following change:
xxx.xxx.xxx.xxx server1.mydomain.com server1
The IP Address will be the same one entered for the IPADDR in /etc/sysconfig/network-scripts/ifcfg-eth0.
Test with hostname and hostname -f to make sure configured correctly. So for hostname you should see server1. And for hostname -f you should see server1.mydomain.com.
Then restart the network service using service network restart.
The first thing I need to do is enabled the networking, which by default is disabled.
So first I need to decide if I am going to use DHCP or Static configuration for the IP address. If this was my production machine it would be fixed. If it was my development or test server that is running on my local machine as a Virtual Machine it would be DHCP.
DHCP
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file.
Make the following changes:
NM_CONTROLLER="no"
ONBOOT="yes"
BOOTPROTO="dhcp"
So it should look something like the following except the HWADDR will be different.
Then restart the network service using service network restart.
STATIC
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 file.
Make the following changes:
NM_CONTROLLER="no"
ONBOOT="yes"
BOOTPROTO="static"
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
The IPADDR and NETMASK will have been provided by your hosting company.
Edit the /etc/sysconfig/network file.
Make the following changes:
HOSTNAME=server1
GATEWAY=xxx.xxx.xxx.xxx
The GATEWAY will have been provided by your hosting company.
Edit the /etc/resolv.conf file.
Make the following changes:
nameserver xxx.xxx.xxx.xxx
nameserver xxx.xxx.xxx.xxx
The 2 nameservers will have been provided by your hosting company.
Edit the /etc/hosts file.
Make the following change:
xxx.xxx.xxx.xxx server1.mydomain.com server1
The IP Address will be the same one entered for the IPADDR in /etc/sysconfig/network-scripts/ifcfg-eth0.
Test with hostname and hostname -f to make sure configured correctly. So for hostname you should see server1. And for hostname -f you should see server1.mydomain.com.
Then restart the network service using service network restart.
Friday, May 10, 2013
Install CentOS 6.2 Minimal on VMware Player 4.0.2
I needed to create a virtual machine running CentOS 6.2 Minimal on VMware Player (4.0.2). The version I wanted to install was only using 512 MB of RAM so it used the text installer. However I kept getting the error "./run_upgrader.sh: line 21: file: command not found" when the machine rebooted.
After much googling and hair pulling I discovered the following entry in the release notes for CentOS 6.2 Minimal () under the section 5. Known Issues.
So I created the virtual machine without specifying the ISO I wanted to install. I just specified the disk space, RAM, etc.
Then once the machine was created, before restarting it again, I wen to the machine settings and modified the CD/DVD (IDE) settings. Here I specified the ISO of CentOS 6.2 Minimal.
After this I started the machine and ran through the install wizard. After the installation the virtual machine reboots without any problems.
After much googling and hair pulling I discovered the following entry in the release notes for CentOS 6.2 Minimal () under the section 5. Known Issues.
So I created the virtual machine without specifying the ISO I wanted to install. I just specified the disk space, RAM, etc.
Then once the machine was created, before restarting it again, I wen to the machine settings and modified the CD/DVD (IDE) settings. Here I specified the ISO of CentOS 6.2 Minimal.
After this I started the machine and ran through the install wizard. After the installation the virtual machine reboots without any problems.
Thursday, May 2, 2013
Convert ColdFusion application to Java
A little while back I was given the task of converting and old legacy ColdFusion application to a shiny, new Java one. I was also given very little time to do this. This application has now been at least 1 year live and only run into one issue that was due to the conversion. I thought I would just jot down a few points about the conversion process.
The first issue that came up was about what technology / frameworks to use in the new application. At the time GWT was a favoured web framework by one team and being pushed as the right choice. I ended up using Struts2, JSP and jQuery which ended up working really well because it was a request driven solution. A component driven framework, like GWT, would have required me to rewrite huge parts of the ColdFusion request driven logic. This would have no doubt introduced lots of bugs and extra time into the project. This was also something I wanted to avoid as well because there was little documentation or knowledge about the logic of the original ColdFusion application. In the end I believe it was absolutely the right choice given the time constraints and wishes just to "convert it to Java".
In addition I used Spring and Hibernate because I had used them lots before and having them running on Tomcat was nothing new.
Converting the ColdFusion code was pretty straightforward.
The first issue that came up was about what technology / frameworks to use in the new application. At the time GWT was a favoured web framework by one team and being pushed as the right choice. I ended up using Struts2, JSP and jQuery which ended up working really well because it was a request driven solution. A component driven framework, like GWT, would have required me to rewrite huge parts of the ColdFusion request driven logic. This would have no doubt introduced lots of bugs and extra time into the project. This was also something I wanted to avoid as well because there was little documentation or knowledge about the logic of the original ColdFusion application. In the end I believe it was absolutely the right choice given the time constraints and wishes just to "convert it to Java".
In addition I used Spring and Hibernate because I had used them lots before and having them running on Tomcat was nothing new.
Converting the ColdFusion code was pretty straightforward.
- I would take a .cfm file and convert that to a .jsp.
- Any of the scripting I would move out into a Struts2 action which would set attributes in the request that could be used by the JSP.
- The logic from the action I would further remove and put into beans that were controlled by Spring.
- I replaced any CFQUERY calls with a DAO layer using Hibernate that was configured using JPA annotations.
- Most of the Spring beans had JUnit tests run against them to ensure they worked as expected.
Subscribe to:
Posts (Atom)