Author: admin

Linux, NGinX, Security, Wordpress

Redirecting HTTP to HTTPS in NginX

Here is a working method of redirecting any requested HTTP URL to HTTPS in NginX VirtualHosts that handles both HTTP and HTTPS. For example, to have a single vhost support both HTTP and HTTPS you have normally the following directives: # Support for HTTP and HTTPS listen 80; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.myserver.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.myserver.com/privkey.pem; …

Apache, Linux, MAC OS X, Postfix, Security, Windows, Wordpress

Testing SSL Connections with SSLyze, Nmap or OpenSSL

Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …

MAC OS X

Trouble installing an older version of MAC OS X

Introduction: You downloaded Yosemite or El Capitan Mac OS X and decided to install it a month or so later. As you start to install it and you get the error message: “This copy of the Install OS X Yosemite(El Capitan) application can’t be verified. It may have been corrupted or tampered with during downloading.” …

Linux

Checking the Health of LSI Logic / Symbios Logic MegaRAID SAS 2108 RAID Controller

Introduction: This HowTo show how to check the health of Hard Disks connected to a ‘LSI Logic/Symbios Logic MegaRAID SAS 2108’ RAID controller. We look for its presence in the system: lspci | grep RAID Example Result: 01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05) Bingo!, we can …

Linux

Debian Jessie official repositories list

Here are the official repositories for Linux Debian Jessie (8.0). This should be entered in the file: /etc/apt/sources.list # Debian Jessie deb http://security.debian.org/ jessie/updates main deb-src http://security.debian.org/ jessie/updates main deb http://ftp.at.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.at.debian.org/debian/ jessie main contrib non-free To make sure the GPG key is also saved locally to avoid Key error …

Linux, XEN

Creating a new Xen Debian virtual machine from scratch

Introduction: In this tutorial a new virtual machine based on Debian Jessie distribution will be created from scratch with minimal components. Assumption: The Xen Hypervisor should already be installed and running in the main system (DOM0). Creating the Xen Virtual Machine This virtual machine will be created with the xen tools which bootstraps the creation …

Linux, XEN

Installing Xen 4.4 on Ubuntu Server 14.04 LTS (Trusty)

Introduction: This HowTo assumes that the Internet access from VMs via DOM0 and the private LAN are done using the Bridge method. In the previous versions of Xen installation the bridges were dynamically built via the Xen scripts, in this version the bridges are built permanently as the DOM0 boots up. DOM0:xenbr0(eth0) —bridging==>> DOMUs:eth0 DOM0:pdummy0(dummy0) …

Linux, MySQL

Create a new database and use in MySQL/MariaDB

These commands will create a new database in MySQL/MariaDB including a new user/password with full access to the DB. mysql -p -u root Enter the MySQL root password. mysql> CREATE DATABASE dbname CHARACTER SET utf8 COLLATE utf8_bin; mysql> GRANT ALL PRIVILEGES ON dbname.* TO ‘user’@’localhost’ IDENTIFIED BY ‘password’; mysql> FLUSH PRIVILEGES; mysql> QUIT

GlusterFS, Linux, Monitoring, Security

Reporting SMART status of RAID disks

Reference site: http://www.cyberciti.biz/faq/linux-checking-sas-sata-disks-behind-adaptec-raid-controllers/ Note: Although Hardware RAID controllers made by other hardware manufacturers here I use Adaptec as an example: Install the software: apt- get install smartmontools Curious which company the RAID controller is from? Find out which RAID controller you have: lspci | grep ‘RAID’ Result: 01:00.0 RAID bus controller: Adaptec Device 028b (rev …

Bash, Linux

Using SS tool for network troubleshooting

Introduction: The following article is been copied completely 1 to 1 (full plagiat!!)from the following site inn order to be able to refer to it here in case the article disappears from Internet access or moves location. http://www.linux-magazine.com/Issues/2015/181/Querying-Sockets-with-ss Linux Magazine. Article from Issue 181/2015 Author(s): Chris Binnie The unassuming ss utility is easy to understand …

Bash, Linux, Monitoring, Security

Preventing a bash script from running concurrently

Introduction: In order to prevent a bash script instance from running more than once concurrently, here is a small tip on how to write the script. Script template: #!/bin/bash # Prevents that an instance of the script starts while another instance of it is still running scriptname=$(basename $0) lockfile=”/tmp/${scriptname}.lock” if [ -e $lockfile ]; then …

Apache, Linux, NGinX, NGinX, Wordpress

Issue free and CA signed SSL certificates for web servers from LetsEncrypt

Introduction: SSL Certificates provide two functions: 1. Authentication 2. Encryption Encryption can be achieved without authentication but, for some reason, someone decided to join them together in one certificate. It seem to make sense for banks and serious e-commerce sites which need to be properly authenticated. Therefore when the HTTPS protocol got developed it was …

Apache, Linux, NGinX, NGinX

Configuring HAproxy load balancer in Ubuntu 14.04

Goal: In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers. In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. SSLCertificates: The certificates for all virtualhosts being proxied are stored as one PEM format …

GIT, Linux

Installing a newer git version in Debian/Ubuntu

Introduction: In many cases where Git is involved it’s possible ethat your distribution doesn’t offer the version of git that is appropriate to the software you want to run. In this case you can install from sources. Here is one method fro example to install the version 2.4.3. Steps: Remove packaged Git apt-get remove git …

Uncategorized

Installing Debian backports in Debian Wheezy

Login as root and run the following commands: cd /etc/apt echo “deb http://http.debian.net/debian wheezy-backports main” > /etc/apt/sources.list.d/backport.list apt-get update gpg –keyserver pgpkeys.mit.edu –recv-key 7638D0442B90D010 gpg -a –export 7638D0442B90D010 | apt-key add – (should get the ‘OK’ as answer) Installing a single package from backports: apt-get -t wheezy-backports install {package-name}

Uncategorized

Installing Java 8.x in Debian Wheezy or Ubuntu 14.04(Trusty)

Here are the commands to install Java 8.x into Debian Wheezy via the repository and PPA. cd /etc/apt/ echo “deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main” | tee /etc/apt/sources.list.d/webupd8team-java.list echo “deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main” | tee -a /etc/apt/sources.list.d/webupd8team-java.list apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv-keys EEA14886 apt-get update apt-get install oracle-java8-installer

MAC OS X

How to upgrade your Mac from a rotary(regular) hard disk to an SSD.

Introduction: Very often friends that have a Mac or PC tell me that they need to buy a new Mac/PC because the present one has become too slow. Generally these machines have no internal SSD installed as system hard disk. In this case I often recommend to install an SSD instead of buying a new …

Linux, MySQL

Resetting MySQL passwords in Linux Debian/Ubuntu

In Linux Debian/Ubuntu an extra user debian-sys-maint which also has all the access rights is used for maintenance. It can also be used to reset users passwords especially the root password when lost. Here are some tips regarding resetting them. Resetting the ‘root’ passwordmysqladmin -u root -p password “MyNewPass”ORmysql -u debian-sys-maint -p update mysql.user set …

Apache, Linux, Security

Limiting the number of connected clients on a VirtualHost in Apache

Problem: When a DDOS attack or a burst of requests are coming at the same time in my Apache2 Web server, the whole server can run out of RAM and crash. Possible solution: Limit the number of simultaneous connections to your Web server per VirtualHost Method: One simple and effective method done directly on the …

Apache, Linux

Using mod_cluster in Apache

The newly discovered Apache module mod_cluster seems to offer many advantages compared to mod_jk which could be used in the new Apache/Jboss environment. The following features are listed: – Dynamic configuration of httpd workers – Server-side load balance factor calculation – Fine grained web-app lifecycle control – AJP is optional – Compatible staring at JBoss …

Apache, Linux

Configuring Apache to handle WebSocks

WebSocks is supported by Apache starting at version 2.4.xx. Here are some minimal configuration for Apache 2.4.xx. in Ubuntu 14.04.x Install the proper modules: a2enmod proxy a2enmod proxy_wstunnel Configure the VirtualHost (only the WebSock part is shown here) # Make sure the backend server gets the right URL in ‘Location:’ http Header ProxyPreserveHost On # …

Linux

Install Java7 Runtime Engine in Debian Squeeze

Introduction: Debian Squeeze has only Java6 available. So here is one method to install Java7 on Debian Squeeze. Method 1: TARBAL. Steps cd /usr/src wget –no-cookies –no-check-certificate –header “Cookie: oraclelicense=accept-securebackup-cookie” “http://download.oracle.com/otn-pub/java/jdk/7u72-b14/jre-7u72-linux-x64.tar.gz” tar -xvzf jre-7u72-linux-x64.tar.gz mkdir /usr/lib/jvm mv /usr/src/jre1.7.0_72 /usr/lib/jvm/ ln -s /usr/lib/jvm/jre1.7.0_72/ /usr/lib/jvm/java-7-oracle cd /etc/alternatives mv java java.6 ln -s /usr/lib/jvm/java-7-oracle/bin/java java java -version

Apache, Linux, Wordpress

Customizing apache2-suexec-custom

Apache2 Suexec module comes with at least 2 flavors in many distributions of Linux. – apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec – apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec Many times when I’ve been trying to use the standard mod_suexec with mod_fcgi (useful for WordPress installations),the mod_suexec complains that the …

Bash, Linux

Finding the absolute path of a running script

In bash scripts we often need to know in which directory the running script is found especially when the script is in the $PATH and may be occurring in multiple places: Here is a reliable way to find it out: Based on this site: http://stackoverflow.com/questions/4774054/reliable-way-for-a-bash-script-to-get-the-full-path-to-itself # Absolute path to this script. /home/user/bin/foo.sh SCRIPT=$(readlink -f $0) …

Apache, Linux, Security

Installing VSFTPD for FTP-SSL web sites upload on Ubuntu

In order to force an exclusive use of the SSL/TLS connectivity to users here is how to install it: Note: This tutorial was base from this site: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps Install the vsftpd package sudo apt-get install vsftpd Edit the /etc/vsftpd.conf configuration file and add the following at the end of the file or alternatively adapt the …

GlusterFS, Linux

Installing GlusterFS 3.6 in Ubuntu 14.04 Server LTS

Note: In case you have an regular(3.0.5-1) version of GlusterFS to upgrade, it is recommended to run the following command in order to make sure the older version gets cleaned-up does not interfere with the new one. apt-get purge glusterfs-client glusterfs-server Depending on whether you have Debian or Ubuntu use one of the following installations: …

Linux, Wordpress

Install a multisite(WPMU) WordPress with wp_cli

Prerequisites: – Create a new fcgi driven user in Linux system(in this case usrblog) useradd -s /bin/bash -d /www/clients/mywpsite.com/htdocs/ usrblog passwd usrblog – Install a Virtual host which uses suexec and fcgi in Apache/NginX – Create a new database in MySQL (we will call it myblog) – Create a new mysql user and assign the …

Linux, MySQL

PAM-Mysql user authentication in Ubuntu 14.04 LTS Server

Introduction: As I was wanting to set-up a cluster of web servers based on Apache2 and fcgi I realized that I didn’t want to have to create/delete/update each individual fcgi user in each web server. Therefore I decided to authenticate the fcgi users through MySQL (in fact MariaDB). I’ve done that many years back but …

Linux

Usefull commands of LVM

Just to make sure I don#t forget where to find such useful set of commands for the LVM I copied it here integrally from: https://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/LV_create.html 4.4.1. Creating Logical Volumes To create a logical volume, use the lvcreate command. You can create linear volumes, striped volumes, and mirrored volumes, as described in the following subsections. If …

Apache, Linux

Selectively blocking / redirecting HTTP requests per country of origin with Apache

If you need to block or redirect requests that are originated from certain countries, here is a good method using geoIP information. Install the GeoIP binaries and Apache module: apt-get install geoip-bin libgeoip1 libapache2-mod-geoip a2enmod geoip service apache2 restart Example of blocking requests from germby(DE) in a VirtualHost configuration: SetEnvIf GEOIP_COUNTRY_CODE DE BlockCountry Deny from …

Apache, Linux

phpmyadmin: The mcrypt extension is missing. Please check your PHP configuration.

This was the error message I got in PhpMyadmin in Ubuntu 14.04-2. The mcrypt extension is missing. Please check your PHP configuration. So I found the following solution in: http://askubuntu.com/questions/460837/mcrypt-extension-is-missing-in-14-04-server-for-mysql/477608#477608 First, I’m not really sure that this directory needs to be created, but since it’s in php.ini configuration, I’d rather make sure all will work …

Linux

Proxy Internet access via SSH tunnels and and tsocks

Description: I came across a situation where I needed to install software on a server that didn’t have internet access, except for the apt-get commands which are only reaching specific Internet addresses (allowed by the firewall). So in our network there is a Linux server that does have full Internet access. The idea here is …

Linux, NGinX, NGinX

Installing NginX 1.9.2 in Ubuntu server 14.04.2 LTS

Since the version of NginX in Ubuntu Server 14.04.2 is only 1.4.6, we need to tell APT to install the more recent version of nginx directly from the NginX maintainer. Steps: Add the following lines in /etc/apt/sources.lst deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx From your server download the signing key add it to …

Linux, Monitoring

Install TeamViewer in Debian Wheezy

Teamviewer is a very good and stable remote desktop with many clients software form almost any platform. Here I explain how I got TeamViewer to run on a headless Debian Wheezy server. Reference: https://www.teamviewer.com/en/help/363-Wie-installiere-ich-TeamViewer-auf-meiner-Linux-Distribution.aspx#multiarch Steps: – Install the VNC desktop on the Debian Server for a particular user as per the instructions shown here: https://tipstricks.itmatrix.eu/installing-linux-remote-terminal-using-vnc-on-a-debian-server/ …

Bash, Linux

Downloading tar.gz files from the Linux command line

Sometimes we need to download a file from Internet using the bash command line. here are some suggestions: Using WGET: wget {URL} eg. wget https://my.server.com/downloads/file.tar.gz Using CURL: (Fancy progress info given as the download progresses and will unpack it at the same time) curl -L –progress {URL} | tar xz eg. curl -L –progress https://my.server.com/downloads/file.tar.gz …

Linux, SVN

Undeleting a directory from SVN repository

Situation: A directory had been deleted a while ago from the repository and we want it back without interfering with commits that were since made in other parts of the repository, and without having to have the repository in the workspace. Reference: http://svnbook.red-bean.com/en/1.8/svn.branchmerge.basicmerging.html#svn.branchmerge.basicmerging.undo Solution: – Find out which revision of the commit it was that …

GIT, Linux

Installing GitLab (MySQL based) on Ubuntu 14.04.2 LTS Server

Note: Instructions based on but have been modified in a few places to make it work with mySQL: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md and https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/database_mysql.md Extra related Info: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md https://www.linode.com/docs/applications/development/gitlab-on-ubuntu-14-04 and https://www.digitalocean.com/community/tutorials/how-to-set-up-gitlab-as-your-very-own-private-github-clone#database-setup STEPS adduser –disabled-login –gecos ‘GitLab’ git apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate python-docutils …

Linux, Windows

Can’t connect to VSFTPD with Filezilla

Problem: Because of some incompatibility of the default use of cyphers in VSFTPD FileZilla cannot connect to it. Solution: Edit the VSFTPD configuration file /etc/vsftpd.conf and add the following directive: ssl_ciphers=HIGH Restart VSFTPD server and use the default settings for new FTP connection with incryption of ‘explicit FTP over TLS’.

Bash, Linux, VMWare, XEN

Extending dynamically Linux RAMs in VMWare VM without rebooting

Situation: Need to raise the amount of RAM in a VMWare VM without rebooting. Solution: – In VMWare interface: Raise the amount of RAM for the VM – In the Linux VM: Run the following script: #!/bin/bash # This script enables in system the unrecognized RAMs deleteline () { echo -ne $dellineup } ### check …

Bash, Linux

Copying all files including hidden files in Linux command

PROBLEM: If you use the command cp or mv on hidden files you will notice that the hidden files won’t get ‘seen’ and therefore not copied or moved. The problem doesn’t belong to cp or mv but to bash. Bash doesn’t include the hidden files in the globbing expansion. for example: mkdir ~/temp1 ~/temp2 touch …

Linux, Postfix

Anti-SPAM mail filtering using SPF on Debian Wheezy

Install the package: apt-get install postfix-policyd-spf-perl Add this line to /etc/postfix/main.cf: policy-spf_time_limit = 3600s Add the following lines to /etc/postfix/master.cf: policy-spf unix – n n – – spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl In /etc/postfix/main.cf, find the smtpd_recipient_restrictions section, and, immediately after permit_mynetworks (and permit_sasl_authenticated, if you’re using that), add: check_policy_service unix:private/policy-spf, Restart Postfix and check your logs …

Linux, NGinX, NGinX, Postfix

TCP Load balancing email/web servers with NginX

I’ve got 2 synchronized email servers running and, in order to make sure I don’t have to change the servername settings of my mail client in case one server goes down, I was looking for a straight TCP layer load balancer. There are a few software packages on the market that can do that , …

Apache, Linux, Monitoring, NGinX

Using CURL for sending crafted HTTP POST authenticated queries

CHALLENGE: I came across a situation where I needed to send an HTTP request using the POST method with some POST data but after I have authenticated with name and password. SOLUTION:(using curl tool) The trick here is to preserve the SESSIONID of the authenticated response for the second POST request. EXAMPLE: I needed to …

Linux, Linux on MACBook, MAC OS X

How to create a USB stick bootable on OS X

This article is based on the following How-to in Ubuntu site: http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx We would encourage Mac users to download Ubuntu Desktop Edition by burning a CD. But if you prefer to use a USB stick, please follow the instructions below. Note: this procedure requires that you create an .img file from the .iso file you …

Linux, VMWare

Hard disk resize and sync without rebooting

Description: Sometimes I need to resize a virtual disk for a virtual machine without having to reboot the machine. For the kernel to recognize that a virtual disk has changed size. Here are the step to do that: Unmount the concerned partition: Eg. /dev/sdb1 umount /dev/sdb1 Find out which SCSI devices are involved: ls /sys/class/scsi_device/ …

Linux, XEN

Installing Xen 4.4 on Ubuntu Server 14.04 LTS (Trusty) in a Hetzner server with 8 IPs subnet

Hetzner Germany has very fast and not expensive rentals of Hardware servers available. In order to communicate internally via private network between Xen-DOMUs and DOM0, normally one would install Xen DOM0 network with bridge networking as follows: DOM0:xenbr0(eth0) ===bridging===>> DOMUs:eth0 BUT!!!! PROBLEM: Because of the configuration of the network switches at Hetzner, one hardware server …

Apache, Bash, Linux, Monitoring, NGinX

Monitoring latency time of http requests

Here is a simple but useful command which shows the latency time of http requests. You can adjust the delay between repeats as well as the URL being queried. Reference: http://www.shellhacks.com/en/Check-a-Website-Response-Time-from-the-Linux-Command-Line host=”www.google.de”; delay=5; while true ; do echo -n “Response time for http://$host:” ;curl -s -w %{time_total}\\n -o /dev/null http://$host ;sleep $delay; done Results: Response …

Linux

Wandisco SVN(Subversion) installation on Debian Wheezy

To my experience, compiling the latest Subversion from Collab site is quite some work. As an alternative to this, Wandisco site offers for free the (almost)-newest version of subversion package for Debian. It’s already compiled, tested and ready for production. Since Debian Wheezy doesn’t quite have the proper versions of packages necessary to install these …

Linux

Install Adaptec ACC-RAID utility – arcconf – in Ubuntu 14.04

In order to be able to control the Apaptec AACRAID Raid controller in Ubuntu one need to install the program arcconf from third party as follows: Ref: https://www.thomas-krenn.com/de/wiki/Adaptec_arcconf_unter_Ubuntu_installieren wget -O – http://archive.thomas-krenn.com/tk-archive.gpg.pub | sudo apt-key add – cd /etc/apt/sources.list.d wget http://archive.thomas-krenn.com/tk-main.list wget http://archive.thomas-krenn.com/tk-optional.list apt-get update apt-get install arcconf Getting info on the installed RAID controller: …

Linux

Entering a new certificate in Java Keystore

Using JDK 1.5 or below Ref: http://stackoverflow.com/questions/4217107/how-to-convert-pfx-file-to-keystore-with-private-key OpenSSL can do it all. This answer on JGuru is the best method that I’ve found so far. Firstly make sure that you have OpenSSL installed. Many operating systems already have it installed as I found with Mac OS X. The following two commands convert the pfx file …

Bash, Linux

Changing keyboard layout in Ubuntu/Debian Linux comand line

Ref: http://askubuntu.com/questions/209597/how-do-i-change-keyboards-from-the-command-line You can find all the different keymaps in the following location: /usr/share/keymaps/i386/ or /usr/share/kbd/keymaps/i386/ To change the keyboard layout (e.g. to German) in the Linux command line, type the following command: loadkeys de For X: setxkbmap de To make these changes system wide, assuming you’re using Ubuntu, you can use the following: sudo …

Linux

Instal Skype in Xubuntu 14.10 LTS

Unfortunately there is no .deb installation for Skype under XUbuntu that I know of. The best I found is to install the support of 32Bit environment and then install the standard 32 Bit skype as follows: Based on ref: http://askubuntu.com/questions/343047/installing-skype-on-ubuntu-13-04-64-bit sudo dpkg –add-architecture i386 sudo add-apt-repository “deb http://archive.canonical.com/ $(lsb_release -sc) partner” sudo apt-get update sudo …

Apache, Linux, NGinX

Verifying a SSL certificate chain

In order to see if an SSL web site has the proper SSL Certificate chain, this simple command can help: echo “” | openssl s_client -showcerts -servername web.site.com -connect web.site.com:443 -CApath /etc/ssl/certs/ Example: echo ” ” | openssl s_client -showcerts -servername tipstricks.itmatrix.eu -connect tipstricks.itmatrix.eu:443 -CApath /etc/ssl/certs Result:(most important extract from full result) CONNECTED(00000003) depth=2 C …

GIT, Linux

Installing GITLAB-Omnibus in Debian Wheezy

Introduction: The instructions here have been based on the site: https://about.gitlab.com/downloads/. I did what is shown there but it didn’t work immediately. I had to do the following tweaks and then it all worked fine so far. IMPORTANT: In order to stay updated see the last par at the end of this article for instruction …

NGinX, NGinX

NGINX: [emerg]: getgrnam(“…….”) failed in /etc/nginx/nginx.conf:1

As I installed nginx 1.6.x from Debian dotdeb repository, the daemon nginx started automatically using the user ‘www-data‘. As I wanted to change this user in the configuration file /etc/nginx/nginx.conf from: user www-data; TO user appuser; NGinX didn’t want to start any more and found the following line in the error logs: [emerg]: getgrnam(“appuser”) failed …

Linux

Find the USB drive information using smartmontools in Debian

You have inserted some drives in a USB port and want to know some information about the drive: Example: Command to find the list of storage devices: fdisk -l Result: Disk /dev/sda: 999.2 GB, 999156310016 bytes 255 heads, 63 sectors/track, 121473 cylinders, total 1951477168 sectors Units = sectors of 1 * 512 = 512 bytes …

Apache

ModSecurity: Rules must have at least id action

After compiling ModSecurity 2.8.0 with Apache 2.4.10 I got the the folowing error when trying to start Apache2: ModSecurity: Rules must have at least id action After Google-ing it I found this site that explains what went wrong: https://evilazrael.de/content/modsecurity-rules-must-have-least-id-action According to this site the labeling(identification) of the rules was optional till the version 2.7.0, after …

Linux

APT repositories pgp keys issues

Thsi article is taken form : http://blog.nachtarbeiter.net/2009/06/08/add-missing-gpg-public-key-to-debians-apt/ Add missing GPG public key to Debian’s apt. If you get a message like this while installing a new package through apt… GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY C514AF8E4BA401C3 First copy the number that comes …

Bash, Linux

Unlocking dpkg database

Under Debian Squeeze I ran the command dpkg -i bash_4.1-3+deb6u1_amd64.deb and got the following error message: dpkg: status database area is locked by another process Solution: 1 – make sure you are not already runnning any package administration program in another bash session like with dpkg or apt-get or aptitude 2 – If no other …

Bash, Linux

Bash bug ‘Shellshock’ Debian Squeeze packages

For those who still have Debian Squeeze and wonder where to find the fixed Bash Debian package for the dangerous bash bug (http://www.bbc.co.uk/news/technology-29361794)you can find it here: 64 Bit: ftp://ftp.fr.debian.org/debian/pool/main/b/bash/bash_4.1-3+deb6u2_amd64.deb 32 Bit: ftp://ftp.fr.debian.org/debian/pool/main/b/bash/bash_4.1-3+deb6u2_i386.deb Want to test your Bash to see if it is fixed? Run the command: test=”() { echo Hello; }; echo Buggy” bash …

Linux, Monitoring

Installing Shinken in Debian Wheezy

Debian Wheezy does offer the installation of the full (a bit old)shinken, BUT it doesn’t offer the Installation of the WebUI. Here is a better way to install everything including pnp4nagios and check_mk in one go: STEPS: Install Shinken wget http://www.shinken-monitoring.org/install -O /tmp/install_shinken.sh cd /tmp && sh install_shinken.sh Configure shinken vim /usr/local/shinken/etc/shinken-specific.cfg Change the http://YOURSERVERNAME/ …

Linux, Monitoring

Installing Icinga2, pnp4nagios, NRPE Agent and Graphite in Debian Wheezy

Since Icinga2 is not part of the stable version of Debian Wheezy we need to install it from the wheezy-backports. Therefore the following steps are suggested: Add the backports to the Debian repositories list: mcedit /etc/apt/sources.list Add the following lines: deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free deb-src http://ftp.debian.org/debian/ wheezy-backports main contrib non-free Update the repo …

Linux, XEN

Install Xen 4.1 on Debian Wheezy in a Hetzner Dedicated server

Hetzner Germany has very fast and not expensive rentals of Hardware servers available. In order to communicate internally via private network between Xen-DOMUs and DOM0, normally one would install Xen DOM0 network with bridge networking as follows: DOM0:xenbr0(eth0) — bridging==>> DOMUs:eth0 DOM0:xenbr1(dummy0) —bridging==>> DOMUs:eth1 BUT!!!! PROBLEM: Because of the configuration of the network switches at …

Linux, Linux on MACBook, Monitoring

Testing internet speed on Linux command line

This small script does a fairly good Upload/download speed test of your Internet connection: Note: This is a Python script. So you’ll need first to make sure you have Python installed in your system. Get the script: wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py Make it runnable chmod +x speedtest-cli Run it ./speedtest-cli Have fun

Linux, XEN

Switching from xm(xend) XenToolStack to XL XenToolStack in Delian Wheezy

Introduction: While I upgraded my Xen DOM0 from Squeeze to Wheezy it was recommended to switch from the Xend(xm) Toolstack to XL Toolstack. Because I found very little info on how to do the switch. So here is a way do it on Wheezy. Here we are assuming that you have installed Xen 4.1 Hypervisor …

Linux, Postfix

Archiving all incoming/outgoing mails using Sieve

The following custom Sieve script can be used to make a copy of every email a user sends or receives. In the example, the user is user@domain.com and the copy of the .MSG file is saved in the spyfolder directory. if envelope :contains [“from”,”to”] “user@domain.com” { fileinto “c:\\spyfolder”; keep; } Note: Be careful to monitor …

Linux, Postfix

Blocking user to send sensitive information using Sieve

The following article uses examples to show how to block users from sending attachments containing sensitive information (e.g. financial information) to the outside world. The script blocks attachments with certain names by flagging particular words. Scenario: – Your domain is widget.com – The administrator wants to block attachments with the word customer in the filename …

Linux, Postfix

Force sending mails using SSL/TLS

Introduction: In some cases it might be requested to transfer emails to another mail server using encryption (SSL/TLS). Here is a way to do it using Sieve language which Dovecot supports: Use a sieve script to conditionally send encrypted messages. The script would insert a header element, called X-Requires-SSL, prompting SMTPDS (the Delivery Service) to …

Linux

Debian Wheezy vsFTPd: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

It means that the user which connects to the vsFTPd server should not be allowed to write in its root directory. vsftpd-2.3.5 disallow login with writable root directory because of possible glibc vulnerabilities If you already have enabled the TSL connection then the same error message will look like this: “Unsupported record version Unknown-48.48” Here …

Apache, Linux

Dynamically change Apache response content

Although the example below doesn’t quite represent a very good one in terms of real life problem, nevertheless it shows how to implement a dynamic web server response content modification. These replacements are done in application server responses before they leave Apache web server. In this example we are dynamically replacing parts of the URI …