Install Oracle 11gR2 Express Edition on Ubuntu Linux 11.04 (64-bit) Howto

original link https://forums.oracle.com/forums/thread.jspa?threadID=2227554

Install Oracle 11gR2 Express Edition on Ubuntu Linux 11.04 (64-bit) Howto

Version: B
Author: Dude, 24. May 2011

The following are step by step instructions how to install Oracle 11gR2 Express Edition (Beta) under Linux Ubuntu 11.04, 64-bit.
Access to the Internet is required.

The instructions cover the following additional topics:

– Converting Red Hat based Oracle XE installer to Ubuntu.
– Work-around for missing /sbin/chkconfig tool.
– Install Oracle XE into a different directory or disk volume.
– Relocate and configure the Oracle user and default login directory.
– Uninstall, reconfigure and perform first database backup.
– Notes and web links.
– Troubleshooting

A) System Setup and Prerequisites
A.1. System Access

You will need terminal command line, root and system console access to perform the setup tasks.

To open a Terminal at the system console:

Menu Applications > Accessories > Terminal

The following commands will enable remote ssh login with root access:

sudo apt-get install openssh-server
sudo passwd root

Verify:
ssh root@xe_server_host_name

A.2. Software Prerequisites

The following is required in order to install Oracle 11gR2 XE:

sudo apt-get install alien libaio1 unixodbc

The following is not required, but it will fix backspace and arrow keys in case you prefer using the vi-editor:

sudo apt-get install vim

A.3. System Swap space

Minimum swap space required is 2 GB. You can increase swap space if necessary using a swap file:

To analyze current swap space and memory configuration:
sudo cat /proc/meminfo

To install a 1 GB swapfile named swapfile in /, for example:
sudo dd if=/dev/zero of=/swapfile bs=1024 count=1048576
(this may take a while)
sudo mkswap /swapfile
sudo swapon /swapfile
sudo cp /etc/fstab /etc/fstab.orig
sudo echo ‘/swapfile swap swap defaults 0 0’ >> /etc/fstab

Verify:
sudo swapon -a
sudo swapon -s

A.4. Kernel Parameters

Oracle 11g XE requires the following additional kernel parameters:

sudo nano /etc/sysctl.d/60-oracle.conf

(Enter the following)

# Oracle 11g XE kernel parameters
fs.file-max=6815744
net.ipv4.ip_local_port_range=9000 65000
kernel.sem=250 32000 100 128
kernel.shmmax=536870912

(Save the file)

Note: kernel.shmmax = max possible value, e.g. size of physical RAM.

Verify: sudo cat /etc/sysctl.d/60-oracle.conf

Load new kernel parameters:
sudo service procps start

Verify:
sudo sysctl -q fs.file-max
-> fs.file-max = 6815744

A.5. Oracle Installation Directory

The current Oracle Installation Guide uses the same directory like in previous versions: /usr/lib/oracle/xe/app/oracle/product/11.2.0/server. However, the current Beta installation uses Oracle Flexible Architecture (OFA) and installs into /u01/app/oracle/product/11.2.0/xe. Due to size limitations of Oracle XE it may not be necessary to store the installation to a specific directory or separate volume, but it is possible:

Install Oracle XE to separate disk volume:

From the system console menu: System > Administration > Disk Utility
Select “ext3″ filesystem for Oracle compatibility and specify a Volume label, e.g. Oracle.
Notice the device name e.g. /dev/sdb

Get the drive UUID:
sudo blkid
e.g. /dev/sdb: UUID=”d19a2d8f-da43-4802-8bdb-0703c855e23a”

Modify /etc/fstab to automatically mount the volume at system startup:
sudo cp /etc/fstab /etc/fstab.original
sudo nano /etc/fstab

(Add the following, using determined UUID, for exmple)

UUID=d19a2d8f-da43-4802-8bdb-0703c855e23a /u01 ext3 defaults,errors=remount-ro 0 1

(Save the file)

Create the mount-point, mount the new volume and set ownership and privileges:
sudo mkdir /u01
sudo mount -a
sudo chown root:root /u01
sudo chmod 755 /u01

Verify:
df -h
or restart the system

You can also install Oracle XE into a specific directory:

Create a symbolic link to store the installation into an existing directory, for instance:
sudo mkdir /home/oracle-xe
sudo ln -s /home/oracle-xe /u01

C) Oracle 11g XE Download and Installation
C.1. Download and convert the Installer from Red Hat to Ubuntu

Please see section E.3. to download the Oracle 11gR2 XE installer.
Select the version listed for Linux x64.

sudo unzip linux.x64_11gR2_OracleXE.zip
sudo alien –to-deb –scripts oracle-xe-11.2.0-0.5.x86_64.rpm
(This may take a while)

C.2. Create a special chkconfig script

The Red Hat based installer of Oracle XE 11gR2 beta relies on /sbin/chkconfig, which is not used in Ubuntu. The chkconfig package available for the current version of Ubuntu produces errors and my not be safe to use. Below is a simple trick to get around the problem and install Oracle XE successfully:

Create /sbin/chconfig:
sudo nano /sbin/chkconfig

(Cut and paste the following)

#!/bin/bash
# Oracle 11gR2 XE installer chkconfig hack for Debian by Dude
file=/etc/init.d/oracle-xe
if [[ ! `tail -n1 $file | grep INIT` ]]; then
echo >> $file
echo ‘### BEGIN INIT INFO’ >> $file
echo ‘# Provides: OracleXE’ >> $file
echo ‘# Required-Start: $remote_fs $syslog’ >> $file
echo ‘# Required-Stop: $remote_fs $syslog’ >> $file
echo ‘# Default-Start: 2 3 4 5’ >> $file
echo ‘# Default-Stop: 0 1 6’ >> $file
echo ‘# Short-Description: Oracle 11g Express Edition’ >> $file
echo ‘### END INIT INFO’ >> $file
fi
update-rc.d oracle-xe defaults 80 01

(Save the file)

Set appropriate execute privileges:
chmod 755 /sbin/chkconfig

Note: You should remove the /sbin/chkconfig file after successful installation of Oracle XE.

C.3. Install and configure Oracle XE

sudo dpkg –install ./oracle-xe_11.2.0-1.5_amd64.deb
/etc/init.d/oracle-xe configure
(This will take a while)

Remove the /sbin/chkconfig script, which is no longer needed.
sudo rm /sbin/chkconfig

C.4. Relocate and Configure the Oracle user login

The Oracle XE installer specifies /u01/app/oracle as the login directory for the Oracle user. Although not really necessary, the following will relocate the Oracle user $HOME to a standard location and create standard /etc/skel login files:

Exit all Oracle user sessions:
sudo /etc/init.d/oracle-xe stop
sudo kill -9 `ps -ef | grep oracle | grep -v grep | awk ‘{print $2}’`
sudo userdel oracle
sudo useradd -s /bin/bash -G dba -g dba -m oracle
sudo passwd oracle

Verify:
sudo id oracle
-> uid=1001(oracle) gid=1001(dba) groups=1001(dba)

C.5. Setup Oracle environment variables

In order to use sqlplus and other tools, the Oracle account requires certain environment variables. The following will set these variables automatically at every interactive Oracle login:

sudo echo ‘. /u01/app/oracle/product/11.2.0/xe/bin/oracle_env.sh’ >> /home/oracle/.bashrc

C.6. Oracle sudo root access

It is not essential to allow the Oracle user to use sudo, but it is convenient:

usermod -G admin oracle

Verify:
id oracle
-> uid=1001(oracle) gid=1001(dba) groups=1001(dba),120(admin)
sudo su –
-> Enter Oracle account password

C.7. Oracle 11g XE Post-installation

After you install Oracle Database XE, its graphical user interface is only available from the local server, but not remotely.
The following will correct the problem if necessary:

Login as user Oracle or use:
su – oracle
sqlplus / as sysdba

At the SQL prompt, enter the following command:
EXEC DBMS_XDB.SETLISTENERLOCALACCESS(FALSE);
exit

D) Unintstall, Reconfigure and Troubleshooting
D.1. Uninstall Oracle 11g XE

The following will completely uninstall and remove Oracle 11g XE:

Login as user root:
sudo su –
/etc/init.d/oracle-xe stop
dpkg –purge oracle-xe
rm -r /u01/app
rm /etc/default/oracle-xe
update-rc.d -f oracle-xe remove

D.2. Reconfigure Oracle 11g XE

Type the following in a terminal window:

/etc/init.d/oracle-xe stop
sudo rm /etc/default/oracle-xe
/etc/init.d/oracle-xe configure

D.3. Enable Archivelog mode and perform a database backup

Login as user Oracle:
su – oracle
sqlplus / as sysdba

At the SQL prompt, enter the following commands:
shutdown immediate
startup mount
alter database archivelog;
alter database open;
exit

Login to system console of the Oracle user account:
Select Applications > Oracle Database 11g Express Edition > Backup Database

E) Notes
E.1. Oracle 11g XE limitiations overview

– It will consume, at most, processing resources equivalent to one CPU.
– Only one installation of Oracle Database XE can be performed on a single computer.
– The maximum amount of user data in an Oracle Database XE database cannot exceed 11 GB.
– The maximum amount of RAM that Oracle XE uses cannot exceed 1 GB, even if more is available.
– HTTPS is not supported natively with the HTTP listener built into Oracle Database XE.

E.2. Documentation and Links

Official documentation for Oracle 11gR2 XE can be found at:
http://www.oracle.com/pls/xe112/homepage

E.3. Oracle 11g XE downloads

The Installer is available from the Oracle Technology Network at:
http://www.oracle.com/technology/products/database/xe
http://www.oracle.com/technetwork/database/express-edition/downloads/index.html

E.4 APEX links and archives

The APEX archives can be found at:
http://www.oracle.com/technetwork/developer-tools/apex/application-express/all-archives-099381.html
The APEX download site is:
http://www.oracle.com/technetwork/developer-tools/apex/downloads/index.html

F) Troubleshooting

… in progress

Regards and best of luck!

Edited by: Dude on May 25, Version B: various corrections. chkconfig package (A.2.) not required.

Access XML data using LINQ to XML

Takeaway: Tony Patton focuses on what he thinks is one of the more exciting aspects of the LINQ technology: working with XML. LINQ to XML allows you to create, read, and write XML-based data.

I have covered the basics about .NET Language-Integrated Query (LINQ) and provided information on working with a SQL Server backend via LINQ. This article focuses on what I think is one of the more exciting aspects of the LINQ technology: working with XML. LINQ to XML offers a cleaner approach to working with XML than the more cumbersome non-LINQ approaches.

The basics about LINQ to XML

LINQ to XML is a built-in LINQ data provider available in .NET 3.5. It is offered via the System.Xml.Linq namespace. LINQ to XML allows you to create, read, and write XML-based data. The XML data source may be a file, in-memory XML, or a remote resource accessed via protocols like HTTP.

The XDocument class in the System.Xml.Linq namespace includes various methods and properties that simplify working with XML data. The following list provides a sampling of these methods and properties:

  • Add: Allows you to add an element to the XML document.
  • AddFirst: Adds a new element to the top of the XML document.
  • Ancestors: Accesses the ancestors for an element.
  • Descendants: Accesses the descendant elements of a particular element.
  • Element: Accesses an individual element within the XML document.
  • FirstNode: Returns the first child node of an element.
  • IsAfter: Determines if the current node appears after a specified node in terms of document order.
  • IsBefore: Determines if the current node appears before a specified node in terms of document order.
  • LastNode: Returns the last child node of an element.
  • NextNode: Returns the next sibling node of the current node.
  • PreviousNode: Returns the previous sibling node of the current node.
  • RemoveNodes: Removes child nodes from a document or element.
  • Root: Gets the root element of the XML Tree for this document.
  • Save: Allows you to serialize the XDocument object to a file, TextWriter object, or XmlWriter object.
  • WriteTo: Allows you to write an XML document to an XmlWriter object.

These methods and properties are only the tip of the iceberg of working with LINQ to XML. The System.Xml.Linq namespace includes classes for every aspect of XML and many more, including XComment, XDeclaration, XElement, XName, XNamespace, XElement, and XObject. MSDN offers more information on the System.Xml.Linq namespace.

LINQ to XML is much simpler to use than other approaches such as using the XmlReader and XmlWriter classes within the System.Xml namespace. The best way to demonstrate ease-of-use is through an example.

In action

The XML in the following example defines an XML document with a root node called site. This root node contains one or more nodes called sites that include elements called name and url. The site element includes an attribute called technical.

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<sites>
<site technical="true">
<name>TechRepublic</name>
<url>techrepublic.com.com</url>
</site>
<site technical="true">
<name>News</name>
<url>www.news.com</url>
</site>
<site technical="true">
<name>CNET</name>
<url>www.cnet.com</url>
</site>
<site technical="false">
<name>GameSpot</name>
<url>www.gamespot.com</url>
</site>
</sites>

The data from the XML document is loaded, and the values stored in the name and url elements are displayed. The following C# code loads the XML from a local file into an XDocument object. The XDocument is used to select the items to display via its Descendants property in the from clause. I will basically query each of the site elements within the XML document. Finally, a foreach block is used to loop through every element loaded via the select statement and displayed via the Console object.

XDocument xmlDoc = XDocument.Load(@"c:sites.xml");
var q = from c in xmlDoc.Descendants("site")
select (string)c.Element("name") + " -- " +(string)c.Element("url");
foreach (string name in q) {
Console.WriteLine("Site: " + name);
}

The next example takes the concept further by filtering data via a where clause. The code snippet selects and displays only those site elements with a true value in its technical attribute. The where clause uses the Attribute property to check for the desired value.

XDocument xmlDoc = XDocument.Load(@"c:sites.xml");
var q = from c in xmlDoc.Descendants("site")
where c.Attribute("technical").Value == "true"
select (string)c.Element("name") + " ==>" + (string)c.Element("url");
foreach (string name in q) {
Console.WriteLine("Site: " + name);
}

LINQ allows you to define anonymous types on the fly, so let’s take the example a bit further. This next code snippet defines an anonymous type on the fly with two properties: name and url. It is created with the new keyword used in the select clause, and the properties are defined within the body of the new statement denoted by curly braces. The new type is accessed in the foreach block with each property used to display values.

XDocument xmlDoc = XDocument.Load(@"c:sites.xml");
var q = from c in xmlDoc.Descendants("site")
where c.Attribute("technical").Value == "true"
select new {
name = c.Element("name").Value,
url = c.Element("url").Value
};
foreach (var obj in q) {
Console.WriteLine ("Site: " + obj.name + " -- " + obj.url);
}

The results of a LINQ query can be used as a data source for a user interface control or another object. The following code uses the results of the previous query to bind to a GridView object. The GridView control is contained on the following ASP.NET page:

<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>LINQ to XML</title>
</head>
<body>
<form id="frmLINQtoXML" runat="server">
<div>
<asp:GridView ID="gvSites" runat="server"></asp:GridView>
</div></form></body></html>

The following code populates the GridView control:

public partial class _Default : System.Web.UI.Page {
protected void Page_Load(object sender, EventArgs e) {
XDocument xmlDoc = XDocument.Load(@"c:sites.xml");
var q = from c in xmlDoc.Descendants("site")
where c.Attribute("technical").Value == "true"
select new {
name = c.Element("name").Value,
url = c.Element("url").Value
};
gvSites.DataSource = q;
gvSites.DataBind();
} } }

This simple approach to accessing XML has many possibilities, including easily pulling data from an RSS feed, a Word document via WordML, or any other data source and easily binding to a user interface control for presentation.

A better way

Many developers espouse the merits of using LINQ to SQL over regular ADO.NET to work with backend databases; however, there are also a lot of developers who seem happy with the LINQ alternative to working with XML. LINQ to XML is a much simpler and often intuitive approach to XML data, and it is more efficient than using the DOM API via the XmlDocument object. It also brings a database-type approach to XML with the select, where, and from clauses for choosing data.

Have you taken a peek at the new LINQ features available in .NET? If so, do you envision using it to work with XML? Share your thoughts and experience with the Visual Studio Developer community.

Tony Patton began his professional career as an application developer earning Java, VB, Lotus, and XML certifications to bolster his knowledge.

Install Glassfish on Ubuntu

From: http://www.nabisoft.com/tutorials/glassfish/installing-glassfish-301-on-ubuntu

I did not create a new user and group for it

This Tutorial will explain how to install a Glassfish 3.0.1 Server on an Ubuntu Server. It will also cover some but not all security concerns. The steps have been executed successfully on both Ubuntu 8.04 LTS and Ubuntu 10.04 LTS Server edition (64-bit). But it should also work for later versions (also for desktop versions). I have tested everything by using Parallels Virtual Machines – you might want to use Virtual Machines as well. You can use this tutorial for setting up a Glassfish server which is reachable via internet for everybody. Both Ubuntu root servers and Ubuntu virtual servers should be fine for this tutorial, so you can choose any hosting package offered by the provider of your choice. In all cases you need to make sure to have root access to your server. You should also be familiar with the Unix/Linux command line because you will have to execute lots of commands on the shell. After having this tutorial completed you can use your new Glassfish installation to host your own JEE 6 compliant applications.

Table of content:

Creating this tutorial meant a lot of effort. Consider the time spent to find out about the security concerns described here… I hope it will help others. If you have any questions do not hesitate to contact me. Any feedback is welcome! Also feel free to leave a comment (see below). For helping me to maintain my tutorials any donation is welcome. But now enough words – enjoy the tutorial.

1. Setting up the OS environment

Before you start doing anything you should think about a security concept. A detailed security concept is out of scope for this tutorial. Very important from security point of view is not to run your Glassfish server as root. This means you need to create a user with restricted rights which you can use for running Glassfish. Once you have added a new user, let’s say glassfish, you might also want to add a new group called glassfishadm. You can use this group for all users that shall be allowed to “administer” your Glassfish in full depth. In full depth means also modifying different files in the Glassfish home directory. Below you find user and group related commands that you might want to use.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
#Add a new user called glassfish
sudo adduser --home /home/glassfish --system --shell /bin/bash glassfish
#add a new group for glassfish administration
sudo groupadd glassfishadm
#add your users that shall be Glassfish adminstrators
sudo usermod -a -G glassfishadm $myAdminUser
#in case you want to delete a group some time later (ignore warnings):
#delgroup glassfishadm

Glassfish allows some of the configuration tasks to be managed via a web based Administration GUI. We will simply call it AdminGUI from now on. You can reach the AdminGUI by visiting http://www.yourserver.com:4848/ in your browser (please replace http://www.yourserver.com with localhost or where ever your Glassfish server is). As you can see port 4848 is used. Of course, we don’t want anyone to access our AdminGUI. Therefore we have to restrict acces to the AdimnGUI. A way do this is to block port 4848 via the firewall. Anything you can do via AdminGUI is also available via the asadmin tool that ships with Glassfish. So you don’t have to worry about not being able to configure Glassfish if you block the AdminGUI.

Usually you want to run Glassfish on port 80. But since we don’t suggest to run Glassfish as root we cannot run Glassfish on port 80. But there are still ways to run Glassfish as a non-root user and still receiving http requests on port 80. One option could be mod_jk, but this would only be another component that needs to be managed. An easy way is to use a simple iptables redirection rule, that redirects requests on port 80 to port 8080 (http) and requests on port 443 to port 8181 (https).

You should make sure that you do not block other important ports, for example your ssh port which usually runs on port 22. Changing the ssh port to some other is actually a good idea, but for now we wil simply suggest your ssh port is 22. Another helpfull iptables rule related to your ssh port 22 is to slow down connection tries from an ip if they fail 3 times. I found a rule for that on the web and added it below. Although I will not mention it here you should also use other techniques and tools to secure your ssh port. I will post a tutorial about that later if I find the time.

Now we have created a lot of rules. You could enter them always one by one, but we don’t want this kind of effort. I suggest to enter the following iptables rules in a separate file which contains all of our iptables related ideas we discussed so far:

File: iptables.DISABLE_4848.rules
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash
# ATTENTION: flush/delete all existing rules
iptables -F
################################################################
# set the default policy for each of the pre-defined chains
################################################################
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# allow establishment of connections initialised by my outgoing packets
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# accept anything on localhost
iptables -A INPUT -i lo -j ACCEPT
################################################################
#individual ports tcp
################################################################
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 8181 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
#uncomment next line to enable AdminGUI on port 4848:
#iptables -A INPUT -p tcp --dport 4848 -j ACCEPT
################################################################
#slow the amount of ssh connections by the same ip address:
#wait 60 seconds if 3 times failed to connect
################################################################
iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --name sshprobe --set -j ACCEPT
iptables -I INPUT -p tcp -i eth0 --dport 22 -m state --state NEW -m recent --name sshprobe --update --seconds 60 --hitcount 3 --rttl -j DROP
#drop everything else
iptables -A INPUT -j DROP
################################################################
#Redirection Rules
################################################################
#1. redirection rules (allowing forwarding from localhost)
iptables -t nat -A OUTPUT -o lo -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A OUTPUT -o lo -p tcp --dport 443 -j REDIRECT --to-port 8181
#2. redirection http
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
#3. redirection https
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8181
################################################################
#save the rules somewhere and make sure
#our rules get loaded if the ubuntu server is restarted
################################################################
iptables-save > /etc/my-iptables.rules
iptables-restore < /etc/my-iptables.rules
#List Rules to see what we have now
iptables -L

I suggest to create a file called iptables.DISABLE_4848.rules which contains exactly everything from the code box above. Then you could also create a file called iptables.ENABLE_4848.rules which has line 28 uncommented (everything else is just the same). Of course, you have to make both files executable with the command chmod +x $filename (please replace $filename). Then you can simply run one of the scripts when ever you want to disable or enable the AdminGUI on port 4848, i.e. sudo ./iptables.DISABLE_4848.rules

Please also do not forget that all your iptables rules should also be activated if your Ubuntu server is restarted. Otherwise you would have to remember to run you iptables rules manually after each restart. If you forget to run them all manually, or if you have simply forgotten that your server has been restarted, then your firewall is open for everyone. If you are lucky nothing will happen, if not you might get some successful instrusion attacks. Lines 58 and 59 will help you to make sure your rules are automatically loaded after each restart. But this is not everything for iptables configuration on startup. You also need to create a file at /etc/network/if-pre-up.d/iptablesload and one at /etc/network/if-post-down.d/iptablessave. For more information please have a look at the official Ubuntu help sites for iptables. The following two code boxes show the content of our two files. As you can see in both code boxes line 2 is refering to the file /etc/my-iptables.rules, which we have defined in line 58 and 59 of our files iptables.DISABLE_4848.rules and iptables.ENABLE_4848.rules respectively. I have added /sbin/ in front of the iptables commands (see below) because i was facing the problem that iptables commands without /sbin/ could not be found at the time when the files iptablesload or iptablessave were executed during the Ubuntu server startup process.

File: /etc/network/if-pre-up.d/iptablesload
1
2
3
#!/bin/sh
/sbin/iptables-restore < /etc/my-iptables.rules
exit 0
File: /etc/network/if-post-down.d/iptablessave
1
2
3
4
5
6
#!/bin/sh
/sbin/iptables-save -c > /etc/my-iptables.rules
if [ -f /etc/iptables.downrules ]; then
   /sbin/iptables-restore < /etc/iptables.downrules
fi
exit 0

Finally you have to make sure that both files are executable. For that you only need to execute the following commands once.

bash commands:
1
2
sudo chmod +x /etc/network/if-post-down.d/iptablessave
sudo chmod +x /etc/network/if-pre-up.d/iptablesload

At this point you can try what happens if you reboot your Ubuntu server (sudo reboot). After Ubuntu has restarted just try sudo iptables -L on the shell. It should show you the rules we have defined. You should see something like this if you hit sudo ./iptables.DISABLE_4848.rules before rebooting:

command output for: sudo iptables -L
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW recent: UPDATE seconds: 60 hit_count: 3 TTL-Match name: sshprobe side: source
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW recent: SET name: sshprobe side: source
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:8181
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
DROP       all  --  anywhere             anywhere
Chain FORWARD (policy DROP)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Your firewall settings are loaded automatically whenever Ubuntu is starting up. We can continue with the next steps. Please do not forget that these are only some minimum firewall settings. For maximum security you might need to add your own iptables rules.

2. Setting up Java

The next step is to set up Java. Glassfish requires at least JDK 6. It is certified with JDK 1.6.0_20. Any JDK above JDK 1.6.0_20 should also work fine. I suggest to remove the ObenJDK first if you have it installed and install the Sun JDK and JRE.

Bash commands (Ubuntu 8.04 LTS):
1
2
3
4
5
6
7
8
9
10
11
12
#remove OpenJDK if installed
sudo apt-get remove openjdk-6-jre openjdk-6-jdk
#install Sun JDK
sudo apt-get install sun-java6-jdk  sun-java6-jre
#get rid of several automatically installed packages that are not needed anymore
sudo apt-get autoremove
#check JDK by looking in the /etc/alternatives/ directory
cd /etc/alternatives
ls -lrt java*

For Ubuntu 10.04 LTS you have to change line five to the following (see Ubuntu 10.04 LTS Release Notes for more details):

Bash commands (Ubuntu 10.04 LTS):
1
2
3
4
5
6
7
8
9
10
11
12
#maybe you have to execute this here first, else
#add-apt-repository might fail
sudo apt-get install python-software-properties
#add new repository that contains sun java
sudo add-apt-repository "deb http://archive.canonical.com/ lucid partner"
#update to know about new repository
sudo apt-get update
#now install Sun JDK
sudo apt-get install sun-java6-jdk  sun-java6-jre

3. Downloading and Installing Glassfish

Now we can download Glassfish. I suggest to switch the user now to glassfish, which we have created in the first step. We want to download the Glassfish zip installation file to /home/glassfish/downloads/. Afterwards the zip file has to be extracted and the content can be moved to /home/glassfish/ – this is everything needed for installing Glassfish. Usually the zip file is extracted to a directory called ./glassfishv3/. Make sure to move the content of ./glassfishv3/ and not ./glassfishv3/ itself to /home/glassfish/.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#if you dont't have "unzip" installed run this here first
sudo apt-get install unzip
#now switch user to the glassfish user we created (see step 1)
sudo su glassfish
#change to home dir of glassfish
cd /home/glassfish/
#create new directory if not already available
mkdir downloads
#go to the directory we created
cd /home/glassfish/downloads/
#download Glassfish and unzip
wget http://download.java.net/glassfish/3.0.1/release/glassfish-3.0.1.zip
unzip glassfish-3.0.1.zip
#move the relevant content to home directory
mv /home/glassfish/downloads/glassfishv3/* /home/glassfish/
#if something has not been moved, then move it manually, i.e.:
mv /home/glassfish/downloads/glassfishv3/.org.opensolaris,pkg /home/glassfish/.org.opensolaris,pkg
#exit from glassfish user
exit
#change group of glassfish home directory to glassfishadm
sudo chgrp -R glassfishadm /home/glassfish
#just to make sure: change owner of glassfish home directory to glassfish
sudo chown -R glassfish /home/glassfish
#make sure the relevant files are executable
sudo chmod -R +x /home/glassfish/bin/
sudo chmod -R +x /home/glassfish/glassfish/bin/

At this point you can give it a try and start you Glassfish server. But do not forget to stop it again before you continue with the next steps. Here are the commands for starting and stopping Glassfish:

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
12
13
#now switch user to the glassfish user
sudo su glassfish
#start glassfish
/home/glassfish/bin/asadmin start-domain domain1
#check the output...
#stop glassfish
/home/glassfish/bin/asadmin stop-domain domain1
#check the output...
#exit from glassfish user
exit

4. Setting up an init script

Let’s create an init script for now. It helps you to start, stop and restart your Glassfish easily. We also need this to make Glassfish start up automatically whenever Ubuntu is rebooting. The file we need to create is /etc/init.d/glassfish. For starting and stopping Glassfish we will use the asadmin tool that ships with Glassfish (we used it a little in the previous step). As you can see we do not use the –secure option yet. You should add it later because we will enable https later. Later, if you won’t use –secure, you will get some messages printed to the terminal – adding –securewill supress them.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#create and edit file
sudo vi /etc/init.d/glassfish
#(paste the lines below into the file and save it...):
#! /bin/sh
#if you face any problems add the path to your Java
#this way (see Jeffrey's comments below)
export AS_JAVA=/usr/lib/jvm/java-6-sun
GLASSFISHPATH=/home/glassfish/bin
case "$1" in
start)
echo "starting glassfish from $GLASSFISHPATH"
sudo -u glassfish $GLASSFISHPATH/asadmin start-domain domain1
#we need to use this later when we enable https
#sudo -u glassfish $GLASSFISHPATH/asadmin --secure start-domain domain1
;;
restart)
$0 stop
$0 start
;;
stop)
echo "stopping glassfish from $GLASSFISHPATH"
sudo -u glassfish $GLASSFISHPATH/asadmin stop-domain domain1
#we need to use this later when we enable https
#sudo -u glassfish $GLASSFISHPATH/asadmin --secure stop-domain domain1
;;
*)
echo $"usage: $0 {start|stop|restart}"
exit 3
;;
esac
:

As you can see Glassfish is started with the user glassfish. It’s always a bad idea to run a webserver with root. You should always use a restricted user – in our case this will be the user glassfish. You will learn how to use the script we just created in the next steps.

5. Glassfish autostart: adding init script to default runlevels

The init script is set up. Now we can add it to the default run levels. This way our Glassfish will startup whenever Ubuntu is restarted.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
#make the init script file executable
sudo chmod a+x /etc/init.d/glassfish
#configure Glassfish for autostart on ubuntu boot
sudo update-rc.d glassfish defaults
#if apache2 is installed:
#stopping apache2
sudo /etc/init.d/apache2 stop
#removing apache2 from autostart
update-rc.d -f apache2 remove

From now on you can start, stop or restart your Glassfish like this (Ubuntu will also do it this way):

Bash commands:
1
2
3
4
5
6
7
8
#start
/etc/init.d/glassfish start
#stop
/etc/init.d/glassfish stop
#restart
/etc/init.d/glassfish restart

6. Security configuration before first startup

Even now we should not really use Glassfish in production. We will now begin the configuration of Glassfish itself. You should always run these steps, for example changing the default passwords, enabling https, changing the default ssl certificate to be used for https etc. We will also put our attention on Glassfish obfuscation.Our first step is to change the master password. Glassfish uses it to protect the domain-encrypted files from unauthorized access, i.e. the certificate store which contains the certificates for https communication. When Glassfish is starting up it tries to read such “secured” files – for exactly this purpose Glassfish needs to be provided with the master password either in an intertactive way or in a non-interactive way. I will choose the non-interactive way because we want our Glassfish to start up on Ubuntu reboot as a deamon (in the Windows world this would be called a service). This is necessary so that the start-domain command can start the server without having to prompt the user. To accpmplish this we need to set the savemasterpassword option to true. This option indicates whether the master password should be written to the file system. The file is called master-password and can be found at <DOMAIN-DIR>/config/. To change the master password you have to ensure that Glassfish is not running – only then you can call the command change-master-passwordwhich will interactivly ask you for the new password.

Bash commands:
1
2
3
4
5
6
#switch user to glassfish (stay with this user for complete Step 6!)
sudo su glassfish
#change master password, default=empty
/home/glassfish/bin/asadmin change-master-password --savemasterpassword=true
#prompt: choose your new master password ==> myMasterPwd

The next step is to change the administration password with change-admin-password. Because this command is a remote command we need to ensure that Glassfish is running before we can execute the command. Since we want “automatic login” we will create an admin password file allowing us to login without being asked for credetials.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#now we have to start Glassfish
/home/glassfish/bin/asadmin start-domain domain1
#change admin password
/home/glassfish/bin/asadmin change-admin-password
#1. enter "admin" for user (default)
#2. hit enter because default pwd is empty
#3. choose you new pwd ==> myAdminPwd
#login for automatic login...
/home/glassfish/bin/asadmin login
#prompt:
#user = admin
#password = myAdminPwd
#==> stores file to /home/glassfish/.asadminpass
#now stop Glassfish
/home/glassfish/bin/asadmin stop-domain domain1

Glassfish is coming with a pre-configured certificate which is used for ssl (https). You can see it in the keystore.jks file if you check for the alias s1as. But that also means that everybody else can get this certificate, the public key, private key, etc. With that information you could never be safe because “others” could “read” your data sent to Glassfish via https. That means you should always make sure to replace that pre-configured s1as entry in your keystore. But you should not delete it as long as the alias “s1as” is still in use (and it is by default in use for https…). I faced some strange behaviour as I did not think of that at the beginning when I simply deleted s1as – learn from my mistake and do not delete it for now… But we can help us with generating a new alias first (myAlias) and when ever needed or wanted we could change each occurrence of s1as to myAlias (i.e. via admin console) and then we could finally delete that s1as.

The following code box shows you the commands we need for modifying our Glassfish keystore. As you can see we first delete our pre-configured s1as entry (Glassfish mustn’t be running!). Later a new s1as entry is generated – it is now unique for us!

Bash commands:
1
2
3
4
5
6
7
#create new cert for https
cd /home/glassfish/glassfish/domains/domain1/config/
keytool -list -keystore keystore.jks -storepass myMasterPwd
keytool -delete -alias s1as -keystore keystore.jks -storepass myMasterPwd
keytool -keysize 2048 -genkey -alias myAlias -keyalg RSA -dname "CN=nabisoft,O=nabisoft,L=Mannheim,S=Baden-Wuerttemberg,C=Germany" -validity 3650 -keypass myMasterPwd -storepass myMasterPwd -keystore keystore.jks
keytool -keysize 2048 -genkey -alias s1as -keyalg RSA -dname "CN=nabisoft,O=nabisoft,L=Mannheim,S=Baden-Wuerttemberg,C=Germany" -validity 3650 -keypass myMasterPwd -storepass myMasterPwd -keystore keystore.jks
keytool -list -keystore keystore.jks -storepass myMasterPwd

Now we want to enable https for the admin console. Once we have done that we can be sure that nobody can listen to our data sent via https because nobody else has our certificate, i.e. nobody can decrypt our password used for entering the admin console via browser (in case someone cought our data packages). But this is not all we want to do here. We want to change some of the default JVM Options and we want to make our Glassfish not telling too much (“obfuscation”).

The first JVM Option we will change is replacing the -client option with the -server option. I expect the java option -server to be the better choice when it comes to performance. I have also decided to change -Xmx512m (Glassfish default) to a higher value: -Xmx2048m. Furthermore I have added -Xms1024m. For more information about these options please check the documentation for the java launcher options.
All JVM Options so far are optional. But at least adding -Dproduct.name=”” is a good idea for everyone. If you would not add this then each http/https response will contain a header field like this: Server: GlassFish Server Open Source Edition 3.0.1
This is some great piece of information for hackers – that’s why you should disable it. We do not want Glassfish to talk too much for security reasons!

We also don’t want Glassfish to send the header X-Powered-By: Servlet/3.0 because this is telling everyone we are using a Servlet 3.0 container and that we are (of course) using Java. So we have to disable sending x-powered-by in the http/https headers – this is accomplished with the last three asadmin commands in the code box below. Now our Glassfish is working in silent mode – it is not telling too much any more. Glassfish obfuscation accomplished.

Bash commands:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# the commands here change the file at
# /home/glassfish/glassfish/domains/domain1/config/domain.xml
#first we have to start Glassfish
/home/glassfish/bin/asadmin start-domain domain1
# enable https for admin console
/home/glassfish/bin/asadmin set server-config.network-config.protocols.protocol.admin-listener.security-enabled=true
#==> now you have always to use "asadmin --secure ..."
#so enable line 15 and 25 in the file /etc/init.d/glassfish and
#disable in the same file line 13 and 23
#change JVM Options
#list current jvm options
/home/glassfish/bin/asadmin --secure list-jvm-options
#now start setting some important jvm settings
/home/glassfish/bin/asadmin --secure delete-jvm-options -- -client
/home/glassfish/bin/asadmin --secure create-jvm-options -- -server
/home/glassfish/bin/asadmin --secure delete-jvm-options -- -Xmx512m
/home/glassfish/bin/asadmin --secure create-jvm-options -- -Xmx2048m
/home/glassfish/bin/asadmin --secure create-jvm-options -- -Xms1024m
#get rid of http header field value "server" (Glassfish obfuscation)
/home/glassfish/bin/asadmin --secure create-jvm-options -Dproduct.name=""
#restart to take effect
/home/glassfish/bin/asadmin --secure stop-domain domain1
/home/glassfish/bin/asadmin --secure start-domain domain1
#what jvm options are configured now?
/home/glassfish/bin/asadmin --secure list-jvm-options
#disable sending x-powered-by in http header (Glassfish obfuscation)
/home/glassfish/bin/asadmin --secure set server.network-config.protocols.protocol.http-listener-1.http.xpowered-by=false
/home/glassfish/bin/asadmin --secure set server.network-config.protocols.protocol.http-listener-2.http.xpowered-by=false
/home/glassfish/bin/asadmin --secure set server.network-config.protocols.protocol.admin-listener.http.xpowered-by=false
#we are done with user glassfish
exit

7. Run Glassfish

Finally we have come to where we wanted. We have installed, secured and configured our Glassfish installation.

Bash commands:
1
2
3
4
5
#starting glassfish
sudo /etc/init.d/glassfish start
#remove glassfish from autostart
#update-rc.d -f glassfish remove

To change port, modify
kyle@minty ~/glassfish/domains/domain1/config $ vim domain.xml
search 8080, replace with 8180
run localhost:8180

How to filter a sub set of elements as data source

using the datamember property

datamember – Gets or sets the name of the list of data that the data-bound control binds to, in cases where the data source contains more than one distinct list of data items. (Inherited from DataBoundControl.)

xml

<?xml version=”1.0″?>
<invoice created=”1/5/2012 7:07:26 PM”>
<item>
<number>12</number>
<name>chk ball</name>
<total>75</total>
</item>
<item>
<number>34</number>
<name>canadian</name>
<total>100.3</total>
</item>
</invoice>

 

get <item> as data source

 

// Creates a DataSet and loads it with an Xml Content
DataSet aDataSet = new DataSet();
aDataSet.ReadXml(Request.PhysicalApplicationPath + @”Admin\xml\menu1.xml”);
// Bind the DataSet to the grid view
GridView gv = (GridView)sender;
gv.DataSource = aDataSet;
gv.DataMember = “item”;
gv.DataBind();

How to Bind a GridView Control to XML in ASP.NET

from

http://www.devx.com/tips/Tip/31731

In this example, your XML content is assumed to be ready and well formatted. To be compatible with a GridView, the XML document has to have a database-like format (table and records):

 <countries> <country> <name>ANGOLA</name><code>24</code><size>1345 amp</size> </country> <country> <name>BENIN</name><code>204</code><size>435 amp</size> </country> </countries> 
  1. Drag a GridView component from the Toolbox.
  2. Add to your GridView a PreRender event.
  3. Write your code (see below) to bind a DataSet to the GridView.
 public partial class _Default : System.Web.UI.Page { protected void MyGridView_PreRender(object sender, EventArgs e) { // Creates a DataSet and loads it with an Xml Content DataSet aDataSet = new DataSet(); aDataSet.ReadXml(new StringReader(aXmlDoc.OuterXml)); // Bind the DataSet to the grid view GridView gv = (GridView)sender; gv.DataSource = aDataSet; gv.DataBind(); } }

create and write xml file

string file = @”C:\Table.xml”;

XmlDocument doc = new XmlDocument();
if (!File.Exists(file))
{
// XML declaration
Console.Write(“not exists”);
XmlNode decl = doc.CreateNode(XmlNodeType.XmlDeclaration, null, null);
doc.AppendChild(decl);

// root element invoice
XmlElement root = doc.CreateElement(“invoice”);
doc.AppendChild(root);

XmlAttribute created = doc.CreateAttribute(“created”);
created.Value = DateTime.Now.ToString();
root.Attributes.Append(created);

doc.Save(file);

}
else
{
doc.Load(file);
XmlElement root = doc.DocumentElement;
// Sub-element: title
XmlElement title = doc.CreateElement(“title”);
title.InnerText = “Sample XML Document”;
root.AppendChild(title);
doc.Save(file);
}

Loop through to find a specific controls

// loop controls in a panel called pnlFood

// find all controls named food

foreach (Control ctrl in pnlFood.Controls)
{
if (ctrl is food)
{
subtotal += Convert.ToDouble(((food)(ctrl)).sTotal);
}

}