You can use it to connect to your local MAMP and also to remote LAMP mysql servers (via SSH). Why is this so awesome?

Well, not only is it 100 times faster than that phpMyAdmin, but you can edit your DB super easily, like a spreadsheet. It is a snap to filter/search/order a table for viewing and editing.

Caveat emptor: what I am about to show you can do tremendous damage. You can accidentally kill your entire application, so BACK YOUR DATABASES UP! Test on a copy first.

You can do simple things like turn 1′s to 0′s and quickly disable a drupal module faster than drush can (but watch out if you don’t know your dependencies).

Edit your system table in Sequel Pro

I had this interesting and daunting problem:
I am working on this site for a soccer league that has a couple hundred teams and I realize that I need to modify a whole slew of node titles based on values that appear in their CCK fields.
Many of the Organic Group Group nodes (each team is a group)
Views Bulk Operations gets me part, but not all the way quickly enough for this one-time operation.

I’m not crafty enough to write a join and update statement across all these tables, but I do already have a view listing Teams and CCK fields for Division and Type.

Hey, if I scroll down to the bottom of the view, I can copy the query right from views into Sequel Pro!

Holy Moly. It just works. As it should.

Edit the result of a sequel statement created with views

Now I can just go down the list and edit my node titles.
Sweet.

Because there was a pattern here, I ended up using  the fabulous auto nodetitle module and tokens. I temporarliy added a pattern to the node titles of my team content type and used views bulk operations to update some of my node titles. After the update, i set the pattern to be used only if the title was blank.

Even though I solved my use case another way, I can see plenty of use for this technique in the future. Great way to fix typos in content, for example.

I’m going to show you how to use phpMyAdmin to back up and restore MySQL databases. In my next post, I’ll show you how to graduate to doing the same thing using the command line.

I use MAMP to develop websites locally. I’ve written about this before here. The examples I’ll be showing come from the phpMyAdmin packaged with MAMP, but apply just as well to any other environment.

phpMyAdmin without the MAMP frame

First things first. Let’s work so we can see what we’re doing.I’m going to assume that you’re able to download and install MAMP or MAMP Pro on your own. The phpMyAdmin URL that you from the MAMP default webstart page gets you to the URL:

http://localhost/MAMP/frame.php?src=%2FphpMyAdmin%2F%3Flang%3Den-iso-8859-1&language=English

which looks gives you a framed version of the phpMyAdmin. The framing takes up a lot of screen real estate.

Instead, use http://localhost/phpMyAdmin and you’ll get something that looks much more pleasing:

dumping a database with phpMyAdmin

Select a database from the drop-down menu on the left hand side of phpMyAdmin. Or, Navigate to “home” by clicking the little house under the phpMyAdmin logo in the top left and hit the blue Databases link in the longish list there.

Ok, so now we see the tables in our database. Press the Export tab at the top. We’re going to export this database.

Let’s review the options you should select to get nice, compact, and legible SQL.

The first column, in the Export fieldset, is pretty straight forward. By default all the tables in your database will be selected. SQL is the format you want too.

“Disable foreign key checks” isn’t always necessary. I do a lot of CiviCRM work. Restoring a CiviCRM database will fail unless this option is enabled in your export.

“Add DROP TABLE / DROP VIEW” will delete your table on import before recreating it.

Extended inserts and Complete insterts gives you a smaller file and more compacted, easy to read view.

Click “Save as file” and use “gzipped” compression for the smallest files.

In the File name template, I add %D, which spits out today’s date. I add a little hypen before to seperate it from the database name and MAMP after, so I know it was a local dump and not from my live server. This format would give me a file like: mysql-06_02_09_MAMP.sql.gz

To restore your databse, click on the import tab, click the browse button, select your file, press go. I’ll spare you the screenshot.

I’ve been doing work implementing and configuring  CiviCRM. Joe, the principal JMA, is on the advisory board, and many of his clients leverage this solution to manage their constituents.

I’ve also been doing a lot of sysadmin work: Linux server administration, Subversion repository managment, etc. Generally, I figure things out; make things work. I’m enjoying not being the lead on every project I work on, and it’s helping me achieve more balance in my life, I think.

Update RMPs with APT

APT (Advanced Package Tool) is a dependency tool originally developed for Debian, but packaged to work with RPMs (Package Manager) and is similar to YUM (Yellowdog Updater Modified). APT commands connect to a repositoristory to not only install, or update requested packages, but also any required dependent packages. You can also keyword search the repository to find packages based on functionality.

First things first,

# update the db of available rpms.
# Do this before running the other commands.
apt-get update

# upgrade currently installed rpms to the most stable version
apt-get upgrade

I got a

Resolving: The following packages have been kept back

message, meaning that one of the updated packages has a dependency which does not currently exist on my system. and so ran

apt-get dist-upgrade

to install these new dependencies as well as update the package.

Secure remote login

1. Run SSH daemon on a non-standard port

Run SSHd on a non-standard port. Since most automated attacks only attempt to connect on (the standard) port 22, this can be an effective way to hide from many attackers. To configure this, just change the Port line in /etc/ssh/sshd_config. I was digging around trying to find pico, the text editor I’m used to. It wasn’t installed and wasn’t in the APT repository. I don’t like emacs or vi so much, but a bit of google revealed that nano is exactly the same as pico.

Now, to connect via ssh I need to use the p switch, replacing 22 below the with the non-standard port number and user and password as required.

ssh -p 22 user@servername

I’ve set up the login as an alias in my .bash_profile (on my local machines). This new port has to be specified in the scp command too. Here is the format (note that the P switch needs to be uppercase here, and that 22 should be replaced with the non-standard port number):

#copy a file
scp -P 22 local/path/filename.ext  user@remoteserver:/remote/path/

#copy a file and rename
scp -P 22 local/path/filename.ext \
    user@remoteserver:/remote/path/filename.ext

#copies a directory
scp -Pr 22 localdirectory  user@server.com:/remote/path/directory/

2. Use ‘hashlimit’ in ‘iptables’

Limits one connection to the SSH port from one IP address per minute with this rule via the command line.

#change the port number to match SSH port
iptables -I INPUT -m hashlimit -m tcp -p tcp --dport 22 \
    --hashlimit 1/min --hashlimit-mode srcip \
    --hashlimit-name ssh -m state --state NEW -j ACCEPT

Then, I set iptables to start at boot via the Webmin control panel (have to say I like Webmin way more than Plesk so far).

3. Use a public-private key and disable password authentiification

Even if you don’t disable password authentification in the end, you’ll be able to log into your server via SSH without typing your password every time with a public-private key pair. If you haven’t already generated an RSA private key, do so now.

ssh-keygen -t rsa

Next, you MUST copy your public key to the server before you can authorize it.

scp -P 22 ~/.ssh/id_rsa.pub user@server.com:~/

ssh to the server, replacing 22 with your non-standard port

ssh -p 22 user@example.com

Now append the public key to your authorized keys file and delete the file you uploaded. Only create the .ssh directory if it doesn’t already exist in your home folder:

cd ~
mkdir .ssh
cat id_rsa.pub >> .ssh/authorized_keys
rm id_rsa.pub

Now make sure permissions are set properly for all necessary files and directories. The go shortcut stands for group and others. In this case, we’re removing write priveliges on the home folder. The +, and – operators add or remove, = assigns. You can also use chmod a, where a stands for all users:

chmod go-w ~
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

If everything is configured properly, you should be able to access your server account through SSH without a password now.

For ultimate protection against brute-force attacks, you can now set PasswordAuthentication to ‘no’ by editing the sshd_config file

nano /etc/ssh/sshd_config

To disable password authentication just for root, use ‘PermitRootLogin without-password’.

4. Restart SSH

with this command (requires the absolute path).

/etc/init.d/sshd restart

Install Denyhosts

Denyhosts provides SSH attack (also known as dictionary based attacks and brute force attacks) prevention and is used by thousands of users worldwide and now has over 27,000 users contributing synchronization data. There is no RPM in the standard repo, neither YUM or APT worked at first.

Solution: use and external repository. The RPMForge guys provide stable, common packages which are missing from the main repos. I added their repositories to my sources by installing their latest RPM. Info here: http://dag.wieers.com/rpm/FAQ.php#B2. I used this command:

rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

then, ran

yum update

as I hadn’t before, and then

yum install denyhosts

though apt-get install would have worked equally well. I checked the instructions here http://denyhosts.sourceforge.net/ssh_config.html and confirmed that my shd server was compiled w/ tcp_wrappers support. That’s not all, though. The installer doesn’t actually do the whole job for you.

#this is where the script looks for config details
mkdir /usr/share/denyhosts

#go there
cd /usr/share/denyhosts/

#Copy the sample configuration file to the real configuration file
cp /usr/share/doc/denyhosts-2.6/denyhosts.cfg-dist \
   /usr/share/denyhosts/denyhosts.cfg

#edit the config file
nano denyhosts.cfg

Uncomment line 379, RESET_ON_SUCCESS = yes and set on line 129, to accommodate my sticky fingers: DENY_THRESHOLD_ROOT = 3. We’ll get back to this file to enable synchronization mode.

#make it possible for DenyHosts to run as a daemon
cp /usr/share/doc/denyhosts-2.6/daemon-control-dist \
   /usr/share/denyhosts/daemon-control

#edit the daemon config
nano daemon-control

#make sure that the daemon control script is executable (by root)
chown root:root daemon-control
chmod 700 daemon-control

#manually start denyhosts to make sure it's working
service denyhosts start

#Check the daemon log to ensure that
#DenyHosts is running successfully
nano /var/log/denyhosts

#Create a symbolic link from /etc/init.d
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts

#use chkconfig to ensure that DenyHosts runs at boot time
chkconfig --add denyhosts

GREAT! Now let’s set up synchronization mode

service denyhosts stop

#Now, configure the last section of the
#denyhosts.cfg file, then restart denyhosts
service denyhosts start

#Check the daemon log to ensure that
#DenyHosts is running successfully
nano /var/log/denyhosts

Dance for joy! Take a break. That was a lot of work.

Set up a Linux Firewall Using IPTables and Webmin

I basically followed the instructions here: http://rimuhosting.com/howto/firewall.jsp. Worth noting: the “hashlimit in IPTables” rule previously mentioned needs to be committed and, upon doing so, makes you skip the default rule configuration as described on the Rimuhosting site. So, I went ahead and reset the firewall, implemented the defaults, clicked “Apply Configuration” then entered the my hashlimit rule via the command line again.