Paragraph pr27 = new Paragraph();
pr27.setIndentationLeft(20); //整段縮20
pr27.setLeading(11, 0); //行距縮小
pr27.setFirstLineIndent(-20.0f); //首行凸排
pr27.add(new Chunk( "一、聰明的你一定想到了,配合第一類第八課所教的項目符號/編號來用,是不是天作之合呢?", catFont));

 

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

參考來源 https://www.linkedin.com/pulse/5-key-attributes-performance-tune-jdbc-connection-pool-malhotra/

https://commons.apache.org/proper/commons-dbcp/configuration.html

監控方法

https://wiki.apache.org/tomcat/FAQ/Monitoring

http://www.jcgonzalez.com/java-monitor-jdbc-connection-pool-servlet

 

你有connection leaks可以看這裡

Here is a quick guide to performance tune JDBC connection pool using 5 key attributes in Tomcat application server. Many java based applications where we observe database connection leaks can be tuned by applying these settings.

The 2 basic attributes listed below are used to define a minimum and maximum range of connections that can be allocated from JDBC connection pool to connect to a database server:

Connection最多maxActive 初始值initialSize

• initialSize: The initial number of connections that are created when the pool is started (Default value is 10)

• maxActive: The maximum number of active connections that can be allocated from this pool (Default value is 100)

Note: Sizing of these 2 attributes become increasingly important when the application server is running in a cluster mode (multiple instances) because every instance/node can make maxActive connections which could be a potential overhead at database end. The best way to judge optimal settings is to run the test at peak load and observe numActive attribute value of the connection pool.

5 Key Attributes to performance tune Tomcat JDBC Connection Pool:

  • >>evict remove  abandoned connections  <<

These attributes enable pool sweeper ability of Tomcat server to evict/remove abandoned connections and move them back to JDBC connection pool for re-use thus avoiding max connection timeout issues.

1. maxWait: The maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. The exception would appear in application server logs which would look like "Timeout waiting for idle object" only after maxWait time has been reached. Default value is 30000 (30 seconds)

2. minEvictableIdleTimeMillis: The minimum amount of time an object may sit idle in the pool before it is eligible for eviction. This value needs to be determined basis on the type of application, like for an eCommerce or banking application the value would be different as compared to a reporting application. Default value is 60000 (60 seconds).

3. timeBetweenEvictionRunsMillis: The number of milliseconds to sleep between runs of the idle connection validation/cleaner thread. It dictates how often we check for idle, abandoned connections, and how often we validate idle connections. This value should not be set under 1 second as it could cause overhead on Tomcat server. Default value is 5000 (5 seconds).

4. removeAbandoned: This Flag is used to remove abandoned connections if they exceed removeAbandonedTimeout. If set to true a connection is considered abandoned and eligible for removal if it has been in use longer than the removeAbandonedTimeout. Setting this to true can recover database connections from applications that fail to close a connection. Default value is false.

5. removeAbandonedTimeout: Timeout in seconds before an abandoned (in use) connection can be removed. This value should be set to the longest running query your applications might have to avoid any unexpected customer experience. Default value is 60 (60 seconds). 

Note: To enable pool sweeper ability "timeBetweenEvictionRunsMillis > 0" AND "removeAbandoned=true" AND "removeAbandonedTimeout > 0" condition should be met.

So, a typical setting in server.xml would look like:

initialSize="5" maxActive="200" maxWait="30000" minEvictableIdleTimeMillis="60000" timeBetweenEvictionRunsMillis="10000" removeAbandoned="true" removeAbandonedTimeout="180"

migasun 發表在 痞客邦 留言(0) 人氣()

▲top
來源 : http://atozoracle.blogspot.tw/2009/01/how-to-check-any-deadlock-and-other.html
 
Normally deadlock generates dump file and automatically is released by oracle system process
 
1) check v$session
sqlplus> select sid, serial#, username, command, lockwait, osuser from v$session where lockwait is not null
 
 
2) To kill a locked session, first need to find sid, serial and use
 
sqlplus>alter system kill session 'sid, serial#';
 
*** you need have dba priviledge to kill sessions
 
 
3. To find which SQL has lock wait
 
sqlplus>select sql_text from v$sqltext where (address,hash_value) in (select sql_address,sql_hash_value from v$session where lockwait is not null) order by address, hash_value, piece

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

Oracle Client 的 ODBC連線設定Oracle的連線設定不對,常常會造成中文字碼讀出時變成亂碼的狀況,以下是Client的相關設定流程和步驟 :

(1)安裝Oracle Client
(2)檢查Oracle profile的連線時間設定(注意Time Out會影響連線穩定度)
(3)檢查Oracle帳號權限是否可讀取全部之Owner/Table,且有變更之權限
(4)設定Client端之ODBC連線
(5)檢查ODBC連線之編碼設定是否與Oracle編碼相同
    Register 位置
        /HKEY_LOCAL_MACHINE/SOFTWARE/ORACLE/HOME0/NLS_LANG
            Value = “TRADITIONAL CHINESE_TAIWAN.ZHT16DBT”
            Value = “TRADITIONAL CHINESE_TAIWAN.UTF8”
            Value = American.America.US7ASCII 
(6)檢查Client端電腦之環境變數(非必要)
【開始】->【我的電腦】按右鍵->【內容】->【進階】->【環境變數】->【新增】
    新增變數名稱 NLS_LANG,變數值設定如下:
        Big5設定為 TRADITIONAL CHINESE_TAIWAN.ZHT16DBT
        UTF8設定為 TRADITIONAL CHINESE_TAIWAN.UTF8
 
(7)設定Client端電腦之Oracle tnsnames.ora
    開啟C:\Oracle\Ora81\network\ADMIN\tnsnames.ora

(8)以Oracle ODBC test測試Client端之ODBC連線是否正常

 

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

./runInstaller -ignoreSysPrereqs

 

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

--欄位長度不足

alter materialized view MIFARENOREG_ACTIVE_USER_SNAP modify (TITLE_CODE varchar2(50));
begin
dbms_mview.refresh('MIFARENOREG_ACTIVE_USER_SNAP');

end;

--CREATE SNAPSHOT

create snapshot RD_HUMAN_VACATION_LOG_SUM
REFRESH
START WITH TO_DATE('2009-05-27 09.09.36','yyyy-mm-dd hh24.mi.ss')
NEXT (sysdate+1)
AS SELECT a.* from HUMAN_VACATION_LOG_SUM a;

 

--手動更新SNAPSHOT
EXEC DBMS_SNAPSHOT.REFRESH('SNAPSHOT_NAME');

 

--更改snapshot的時間
alter snapshot W00_ACCT_EX_VIEW2
refresh
START WITH to_date(to_char(sysdate+1,'dd-mm-yyyy')|| ' 03:05:30','dd-mm-yyyy
hh24:mi:ss')
NEXT to_date(to_char(sysdate+1,'dd-mm-yyyy')|| ' 03:05:30','dd-mm-yyyy
hh24:mi:ss')

migasun 發表在 痞客邦 留言(0) 人氣()

  • 個人分類:SQL
▲top

=REPT(0,8-LEN(A1))&A1

 

字串左邊補滿8個0

migasun 發表在 痞客邦 留言(0) 人氣()

▲top
Tony's Blog: 安裝 Redmine (CentOS + Apache + Ruby on Rails + Redmine)
blog.tonycube.com
 
http://blog.tonycube.com/2013/11/redmine-centos-apache-ruby-on-rails.html

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

http://blog.xuite.net/hankohya34/blog/63566791-Windows+%E9%81%A0%E7%AB%AF%E6%A1%8C%E9%9D%A2%E5%88%B0CentOS

 

Windows 遠端桌面到CentOS

 

yum install gcc pam-devel openssl-devel

yum install autoconf automake libtool

yum install libX11-devel libXfixes-devel

yum install xrdp

 

wget http://sourceforge.net/projects/xrdp/files/xrdp/0.6.0/xrdp-v0.6.0.tar.gz/download

tar zxvf xrdp-v0.6.0.tar.gz

cd xrdp-v0.6.0

./bootstrap

./configure

make

make install

 

啟動 xrdp

/etc/xrdp/xrdp.sh start

關閉

/etc/xrdp/xrdp.sh stop

 

防火牆設定

vim /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j ACCEPT

 

restart

/etc/init.d/iptables restart

 

 

 

5.改變預設的 Xwindows 和語系

/etc/xrdp/startwm.sh 裡可以更改遠端連線的預設語系和 Xwindow

這個我沒有去更改,詳情請參考我用來參考的網頁

 

出現:

connecting to 127.0.0.1 5910

error – problem connecting

要先安裝vnc-server

yum install vnc-server

 

vim /etc/sysconfig/vncservers

VNCSERVERS="2:root"

VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost"

 

設定密碼

vncpasswd

migasun 發表在 痞客邦 留言(0) 人氣()

▲top

http://centoshelp.org/security/securing-sshd/

Securing sshd

This howto outlines a few extra steps that can be taken to further secure a SSH server, chiefly from the constant onslaught of automated brute-force password attacks.

Applicable to Centos Versions:

  • Centos 5.x
  • Centos 6.x

Requirements

An SSH server should already be installed and running. If it is not, do the following:
yum install openssh-server
service sshd start

Doing the Work

Most of the steps below involve editing the global SSH server configuration file located at /etc/ssh/sshd_config, and the access control tcpwrapper configuration files /etc/hosts.allow and /etc/hosts.deny. Use your favorite editor to modify these files as root.

Summary of Steps:

Some or all of the following steps may be taken to secure your SSH server. The steps are sorted roughly in order of entirely sensible precaution to completely paranoid:

  1. Choose a strong password
  2. Install “DenyHosts” to auto-block bad clients
  3. Change the default port
  4. Disable insecure Protocol 1; allowing only Protocol 2
  5. Disable root login
  6. Reduce MaxStartups
  7. Reduce LoginGraceTime
  8. Allow only specific users or groups to connect
  9. Allow only specific IP addresses to connect
  10. Allow only users with keys to connect; no passwords allowed
  11. Bind the ssh server to a specific network interface

Steps Explained:

    1. If you do nothing else, it is of utmost importance to choose strong passwords for all accounts, especially root, since it is the #1 attacked account. It is very enlightening to see the accounts on your system that attackers have been targeting lately; to do this either use the lastb command to quickly see recent failed logins of all types, or, better, parse /var/log/secure to get stats only for failed ssh logins. Three examples:
[root@nano ~]# ### top 5 most recently attacked accounts

[root@nano ~]# lastb | awk '{print $1}' | sort | uniq -c | sort -rn | head -5
     29 root
     24 admin
     16 sales
     14 test
     14 staff

[root@nano ~]# ### top 5 most attacked accounts

[root@nano ~]# awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $1}' /var/log/secure* | sort | uniq -c | sort -rn | head -5
    723 root
     66 admin
     45 test
     39 ftpuser
     34 mysql

[root@nano ~]# ### top 5 attacker IP addresses (obscured for privacy)

[root@nano ~]# awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5
   1042 193.251.XXX.XXX
    556 85.21.XXX.XXX
    373 218.189.XXX.XXX
    284 121.156.XX.XXX
    228 121.140.XX.XXX
Centos uses pam_cracklib.so to force normal users to choose semi-strong passwords of 6 characters or more when changing their passwd, but root can still choose weak passwords anytime he wants (but will be warned). Also note that the first user account added to the system after an installation (using firstboot) is allowed to be weak if you ignore the warning.

 

You may want to use a utility called “john the ripper” to audit the strength of passwords on your system – if it cracks any too quickly, they’re too weak.

    1. Install Denyhosts which watches the /var/log/secure logfile for invalid ssh login attempts, and if a configurable threshold is crossed, they are automatically blocked by being added to /etc/hosts.deny. Install Denyhosts, and optionally edit the good default configuration in /etc/denyhosts.conf:
yum install denyhosts
chkconfig denyhosts on
service denyhosts start
    1. The vast majority of ssh attacks are directed by compromised zombie machines against ssh servers listening on the default port of “22″. By changing this port to something else you greatly reduce the risk of an automated break-in. Edit /etc/ssh/sshd_config and change the line which reads “Port 22″ to “Port 2222″, or any other unused port of your choosing, preferably above 1024. A line preceded by a ‘#’ is the commented out default value.
#Port 22
Port 2222
    1. SSH speaks two protocols: The old and insecure Protocol 1, and the newer Protocol 2. Almost all SSH clients now speak Protocol 2, so it is best to disable the older one. Edit sshd_config to include only Protocol 2, and not both:
#Protocol 2,1
Protocol 2

Note: This should be unnecessary as only Protocol 2 is enabled by default.

    1. There is no good reason for root to be allowed to interactively login directly; after connecting as a normal user, you can still “su -” to root. edit sshd_config:
#PermitRootLogin yes
PermitRootLogin no
    1. If root login is required – e.g. for remote system backups – you may alternatively permit root to login, but only if using ssh keys, not interactive password entry:
PermitRootLogin without-password
    1. Finally, it’s also possible to limit root access to only be able to run specific commands, such as backup scripts (beyond the scope of this article):
PermitRootLogin forced-commands-only
    1. Limit the maximum number of unauthenticated connections that the ssh server will handle at the same time. The smaller this is, the harder it is for script kiddies to make parallel, coordinated cracking attempts with multiple connections. edit sshd_config and change MaxStartups from the default of “10″ to “3:50:10″. The colon separated values tells the ssh server to, “allow 3 users to attempt logging in at the same time, and to randomly and increasingly drop connection attempts between 3 and the maximum of 10″. Note: this should be increased on servers with substantial numbers of valid ssh users logging in.
#MaxStartups 10
MaxStartups 3:50:10>
    1. Reduce the maximum amount of time allowed to successfully login before disconnecting. The default of 2 minutes is too much time to hold open an unauthenticated connection attempt (see above); 30 seconds is more than enough time to log in:
#LoginGraceTime 2m
LoginGraceTime 30
    1. By default, all valid users on the system are allowed to log in. A more secure policy is to only allow a whitelist of users or groups to log in. For example, to allow only the users “john”, “mary”, “joeblow”, “joeschmoe”, “joejoe”, and any username that starts with “joe” to login, add the following line to sshd_config:
AllowUsers john mary joe*
    1. Alternatively, you may instead allow only users who are members of certain groups to login. For example, to allow only the members of the “sshusers” group to connect, first make sure the group exists (groupadd sshusers) and add your users to it (usermod -a -G sshusers username), then add the following line to sshd_config:
AllowGroups sshusers
    1. Allow only users from certain IP addresses to connect. Before allowing specific IPs, the default policy must first be set to DENY to be effective. edit /etc/hosts.deny and add the following line:
sshd: ALL
    1. Next add to /etc/hosts.allow the networks you want to allow. For example, to allow all 254 hosts on the class C network “192.168.1.*”, all 16million hosts from the class A network “10.0.0.0″, and the lonely IP 24.42.69.101, you would add the following to /etc/hosts.allow:
sshd: 192.168.1.0/255.255.255.0
sshd: 10.0.0.0/255.0.0.0
sshd: 24.42.69.101

You may also allow/deny connections via a firewall, but to maintain sanity it’s best to stick to one method or the other.

    1. To remove the possibility of anybody ever guessing a user’s password, disable password authentication completely, and require that public/private key pairs be used instead. While much more secure than passwords, a user’s private key can still be compromised, especially if not protected by a passphrase. To disable password logins, add the following to sshd_config:
PasswordAuthentication no
    1. By default, the ssh server listens for connections on ALL interfaces (0.0.0.0). If a ssh server is to only be accessible internally, bind it to a LAN IP. For example: edit sshd_config:
ListenAddress 192.168.1.10

Troubleshooting / How To Test

    1. If your changes don’t seem to be working, remember to restart the sshd server, but DO NOT CLOSE THE ACTIVE SSH CONNECTION in case something goes wrong; attempt to make a new connection first, and undo any changes if necessary, or you may find that you’ve remotely locked yourself out of the system.
/etc/init.d/sshd restart

migasun 發表在 痞客邦 留言(0) 人氣()

▲top
1 23...11