Introduction: I use a Relay SMTP service for sending my emails but I want to use it only for certain conditions like the sender address or the receiver address. Here is how it’s done: Relay to relay host depending on sender address Add in /etc/postfix/main.cf Create file /etc/postfix/relayhost_map and add this content: Run the following …
Category: Linux
Linux Tips and tricks, either for desktop or internal system.
Creating SOCKS Web Proxy using SSH
Introduction: It is known that one can use SSH to create a Tunnel but SSH has more tricks in its sleeves. It can be used to create a SOCKS based Web proxy. The full explanation is really clearly shown in this article: Thanks to the author for that. https://ma.ttias.be/socks-proxy-linux-ssh-bypass-content-filters/ Basics: Prerequisites: A Linux server in …
Setting up networking on Ubuntu 18.04 for Xen Hypervisor
Introduction: For a long time I have been using ifconfig and /etc/network/interfaces and tools to setup the network of Ubuntu servers. After I have installed a brand new Ubuntu 18.04 I could not use that tool any more, at least without making some system changes. So I finally decided to adapt and see what I …
Configuring Apache for Magento to show different Store Views in from different URLs/Domains.
Introduction: In the following example I try to set environment variables according to the incoming request’s ‘HTTP_HOST’ value. The following example pertains to Magento Webshop software which offers a different Store view for every domain configured to land in the main store. Prerequisites: – Magento is been configured, apart from its default Store View, to …
Repairing MySQL InnoDB databases
Introduction: This post is a copy of the wonderful following post: https://blackbird.si/mysql-corrupted-innodb-tables-recovery-step-by-step-guide/https://blackbird.si/mysql-corrupted-innodb-tables-recovery-step-by-step-guide/ Here are some important exerts from it: MySQL – Corrupted InnoDB tables recovery – Step by step guide Posted in Databases By Alen Krmelj On March 19, 2013, 5-6 minutes InnoDB tables don’t get corrupted easily, but when they do, it usually happens …
Listing all email addresses in a file with grep
The following grep command will list all email addresses from a text file and sort them per names without allowing for repetition(-u unique) The following grep command will list all email addresses from a text file and sort them per domain without allowing for repetition(-u unique)
Adding a new SSD to already Mega LSI RAID controller
I had asked Hetzner for the installation of an extra SSD(‘960 GB SATA SSD Datacenter Edition’) to an already existing RAID 1 array which is where the system is installed in a dedicated Linux server. All I want is to be able to access the drive separately from the already existing RAID drives. I got …
Docker Firewall script for DOCKER-USER iptables Chain
Description: Since we can’t protect docker advertised ports on docker using a normal firewall like UFW against attacks from Internet, a script has been written to do just that. Reading the comments in the script does gives an idea of how it works. The only thing to do is to fill in the variables in …
Deleting UFW Rules backwards.
Intro: Sometimes one has a lot of ‘V6’ rules that need to be deleted. UFW does allow to delete the rules but only one by one, which can be time consuming. Here is a short bash script that does the trick of deleting them. IMPORTANT NOTE: In order for this script to work as desired …
Installing SNMP in Ubuntu 18.04
Here are the simple steps to install SNMP in Ubuntu 18.04 Reference: https://support.auvik.com/hc/en-us/articles/204221884-How-to-enable-SNMP-on-Linux-based-servers-workstations Next, using your text editor, edit /etc/snmp/snmpd.conf to look like this: # this will make snmpd listen on all interfaces # Or make it listen only to the local private network interface eg. eth0(192.168.100.3) # a read only community ‘local’ and the …
Linux Mint 19.3 disabling the menu pop on Mac ‘Left Command’ Press
Introduction: After having installed Linux Mint 19.3 on an old MacBook Pro, I wanted to disable the Menu pop-up function on the ‘Left Command’ key press. Solution: Delete the following entry in the Settings Editor(in the settings menu): xfce4-keyboard-shortcuts –>> /commands/custom/Super_L | xfce4-popup-wiskermenu Calveat: First I could not delete the command. Then I simply deleted …
Linux Mint 19.3 on MacBook Pro: Set F1-F12 as default function without pressing ‘Fn’
Inroduction: After having installed Linux Mint 19.3 on an old MacBook Pro I wanted to be able to use the function keys without having to press on the ‘Fn’ key Here is the answer: Reference: https://www.reddit.com/r/linuxmint/comments/4cecsz/set_f1f12_as_default_function_without_pressing_fn/ Solution: You can run a simple command to change the behavior. Therefore to get what I wanted the command …
Using Postfix to deliver mail using SMTP Authentication
Reference: https://www.linode.com/docs/email/postfix/postfix-smtp-debian7/ Open or create the /etc/postfix/sasl_passwd file, using your favorite text editor: Add your destination (SMTP Host), username, and password in the following format: If you want to specify a non-default TCP Port (such as 587), then use the following format: Create the hash db file for Postfix by running the postmap command: If …
APT ‘Not Found [IP: 2001:67c:1562::15’
Reference: https://ubuntuforums.org/showthread.php?t=2282646 If you encounter such errors of fetching packages with apt/apt-get: E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-release-upgrader/python3-distupgrade_18.04.36_all.deb 404 Not Found [IP: 91.189.88.142 80] E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-release-upgrader/ubuntu-release-upgrader-core_18.04.36_all.deb 404 Not Found [IP: 91.189.88.142 80] E: Unable to fetch some archives, maybe run apt-get update or try with –fix-missing? Then do the following to give precedence …
Using UFW as IP Blacklist
Introduction: There are instances where a service provider is taking care of the Firewall which is working between Internet and the rented server. In this case only certain standard ports will be made available to access the rented server. But what if you need a general use ‘blacklist’ firewall that will filter out abusive traffic …
GRUB on EUFI capable System
Introduction:New PCs are often equipped of the UEFI(Universal EFI) capable booting. Some SSD drives will even not boot in Linux the Legacy MBR mode. So in order to make the PC boot properly we need to:– Create an EFI Partition– Install GRUB(Boot loader) on it Create the EFI Partition:Create an EFI capable Boot partition of …
Minimize the Digests shown Headers in Mailman 2.1.xx
Problem: Digests in Mailman are composed of a lots of unneeded headers which clutter the messages. Solution: Edit the Mailman configuration file manually as follows: WARNING !!!: These headers are part of a the ‘RFC 1153’ which if changed can have unpredictable or unwanted effects. So here I kept the headers: Date:, From:, Subject:, Keywords(if …
Configuring Domain Relaying with ISPConfig 3.1.xx
Intention: Redirect (reroute) specific email addresses via, for example, an SMTP service: Steps: – Enter the destination domain in the Advanced Routing Table (Email ==> Email Accounts/Email Routing) – Enter the same destination domain in the (Email ==> Global Filters / Relay Recipients) as @domain Example: eg. rerouting all emails of destination domain mydomain.com via …
No Type list in ISPConfig 3.1.11
Problem: The brand new version of ISPConfig 3.1.11 when I add or modify an email transport, no value is displayed anymore on “type”. Solution: Ref: https://git.ispconfig.org/ispconfig/ispconfig3/issues/4924 Edit /usr/local/ispconfig/interface/web/mail/mail_transport_edit.php Change this line: $app->tpl->setVar($rec, null, true); to this: $app->tpl->setVar($rec); and should work again.
Resetting MySQL/MariaDB root password in Ubuntu 16.04/18.04
Introduction: In case you have forgotten the ‘root’ password in MySQL/MariaDB(10.0.x) you can reset the password as follows: Ref: https://kofler.info/root-login-problem-mit-mariadb/ STEPS: Stop the currently running MySQL/MariaDB service mysql stop Start MySQL/MariaDB in non-protected mode: mysqld_safe –skip-grant-tables –skip-networking & Login as root in MySQL/MariaDB mysql -u root Set the new root password: For MySQL Previous to …
Installing the missing mcrypt module for PHP 7.2
Inroduction: Because of the module mcrypt for PHP neot being maintained since a bout 10 years the PHP team has decided to drop it from the PHP version 7.2 on. For PHP applications that need this module here are the instructions to compile and install it for PHP 7.2. Reference: https://lukasmestan.com/install-mcrypt-extension-in-php7-2/ STEPS: We need to …
Changing the mailman subscribers ‘moderation’ bit on the command line
Intro: In my mailman installation with over 3K subscribers I could not find why the web interface didn’t allow me to change the ‘moderation’ bit of subscribers, or any other property. So I found this tool which allows me to the ‘moderation’ bit for any subscriber using the command line. Sinc ethe Python module for …
Install CERTBOT in Ubuntu-16-04-xenial and Debian Stretch
Intro: Here is a 1-to-1 copy of the article on how to install certbot in Ubuntu 16.04 and Debian Stretch Ubuntu 16.04 HOWTO: Install On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you’ll need to do is apt-get the following packages. $ sudo apt-get …
Configuring Letsencrypt in ISPConfig 3.1
Intro: Since a while now the wonderful idea of creating the service Letsencrypt has made lots of admins happy. Here is how we can also use Letsencrypt with ISPConfig 3.1. Ref: https://www.howtoforge.com/community/threads/ssl-how-to-for-ispconfig-3-with-letsencrypt.74738/ STEPS: Define ISPconfig to use the new SSL certificate with symbolic links. (If you don’t know how to use symbolic links this how-to …
Rectify mailman URLs after a hostname change
Intro: I had to change the server name of my mailman server. I changed it in /etc/mailman/mm_cfg.py as follows: # Default domain for email addresses of newly created MLs DEFAULT_EMAIL_HOST = ‘mailman.myserver.com’ #————————————————————- # Default host for web interface of newly created MLs DEFAULT_URL_HOST = ‘mailman.myserver.com’ BUT! Some links in the mailman site were OK …
Blocking hosts blacklist and iptables
Intro: I happen to have sone attacks coming from specific hosts which I decided to block access to the server. Here is how I did it using a script which deletes and reload a full iptables CHAIN based on a file containing a list of IPs/Ranges. STEPS: Create a file called blacklist.txt with one IP/Range …
Blocking reception of full TLDs
Intro: Lately I was receiving a lot of spam from a ‘.date’ TLD sources and wanted to block all these emails using Postfix. Here is a solution found at: https://serverfault.com/questions/728641/blacklisting-tld-in-postfix/728658 Steps: Install the Postfix PCRE dictionary apt-get install postfix-pcre Configure postfix postconf -e smtpd_sender_restrictions=pcre:/etc/postfix/rejected_domains postconf -e reject_unauth_destinations=pcre:/etc/postfix/rejected_domains Edit the new file /etc/postfix/rejected_domains with the following …
OpenDKIM doesn’t start after Upgrade from Jessie to Stretch
Introduction: After having done a dist-upgrade fo Jessie to Stretch OpenDKIM didn’t start any more. After research I found the answer which worked for me in this site: https://serverfault.com/questions/847435/cant-change-opendkim-socket-in-debian-stretch-in-etc-default-opendkim INFO: I’m using the ‘inet’ socket for the communication between Postfix and OpenDKIM at port 12345. eg. My config in of OpenDKIM in Postfix: milter_default_action = …
Verifying PHP syntax.
After an upgrade from php 5.6 to 7.0/7.1 many php scripts gave me trouble. So I looked for a way to test the php syntax before errors showed up later when the sites are live. I found this one which is quite helpful: find . -name “*.php” -exec php -l {} \; 1>/dev/null
Some Zabbix tools
Introduction: In order to debug some Zabbix problems here are some tools I gathered to help. Requirements: Installation of the package zabbix-get in the monitoring server apt-get install zabbix-get Installation of the package zabbix-agent in the monitored hosts. apt-get install zabbix-agent TIP: In order to programmatically (using bash for example) create scripts that monitor anything …
piwik: Could not open input file: ./console
Introduction: In order to know the location of the visits your website received before you started using Piwik with GeoIP you need to run a command. The reference to this command is at: https://piwik.org/faq/how-to/faq_167/ Problem: Unfortunately after having logged in as root in the server this command gave me the following error: Could not open …
Prepare Debian Stretch for Installing GlusterFS 3.12
In order to install this version of GlusterFS we need to add the repositories: Ref: https://download.gluster.org/pub/gluster/glusterfs/LATEST/Debian/ echo deb [arch=amd64] http://download.gluster.org/pub/gluster/glusterfs/3.12/LATEST/Debian/stretch/apt stretch main > /etc/apt/sources.list.d/gluster.list wget -O – http://download.gluster.org/pub/gluster/glusterfs/3.12/rsa.pub | apt-key add – apt-get update apt-get install glusterfs-server xfsprogs Format the dedicated partition for GlusterFS synchronized data: eg. /dev/xvda3 mkfs.xfs -f -i size=512 /dev/xvda3 Example of …
Transferring IMAP account mails and folders to another IMAP account on another server … or locally.
Introduction: The other day I was asked to install a completely new email server and transfer all the email accounts from the old mail server to the new one. I noticed that since the new mail server was using a different mail INBOX format I had to do some research and found this really good …
Installing Filebeat, Logstash, ElasticSearch and Kibana in Ubuntu 14.04
PREPARATIONS #Ref: https://www.elastic.co/guide/en/logstash/current/installing-logstash.html First install Java 8 in Ubuntu 14.04 # Ref: https://www.liquidweb.com/kb/how-to-install-oracle-java-8-on-ubuntu-14-04-lts/ apt-get install python-software-properties software-properties-common apt-add-repository ppa:webupd8team/java apt-get update apt-get install oracle-java8-installer java -version Result: java version “1.8.0_144” Java(TM) SE Runtime Environment (build 1.8.0_144-b01) Java HotSpot(TM) 64-Bit Server VM (build 25.144-b01, mixed mode) Facilitate updating of all packages via APT repositories apt-get install …
TCP Proxying using socat
Introduction: Lately I’ve had to create a pure bidirectional TCP Proxy for a project. For this there are lots of alternatives like haproxy, nginx, cat and socat and others. Because of the simplicity of the command I decided to use socat but will also show the command for cat as well. The NCAT method: The …
Disabling the admin security password confirmation in Jira and Confluence
Introduction: Although in Jira and Confluence the WebSudo, requesting the confirmation of the administrator’s password, are neat security features if you are working in a company where the chances of someone fiddling around with your computer are high. BUT in a very small company, where this risk is almost none, this feature has proven very …
Hardening the SSL security in Apache, Dovecot and Postfix
Introduction: After having gotten a report from OpenVAS that my SSL security level of the mail server were medium, I looked for ways to improve this. I found very good sites which helps me making these improvements: https://weakdh.org/sysadmin.html https://wiki.dovecot.org/SSL/DovecotConfiguration Click to access applied-crypto-hardening.pdf Based on this site and extending to cover dovecot mail service here …
Whitelisting Hosts in Postfix/Amavis
Introduction: I have an email server with very strong spam filtering and every now and then it does see the emails that I send from our own networks as SPAM. In order to bypass the SPAM scanner for those networks without bypassing the virus scanning of Amavis I found these instructions in Internet at: http://verchick.com/mecham/public_html/spam/bypassing.html#1 …
Mounting a remote directory using SSHFS in Debian Jessie
Introduction: If you want to mount a directory on a remote server via Internet NFS can be quite a challenge to protect. A good solution would then be to use SSHFS. Here is a shot Howto for Debian Jessie. Note: In Wheezy and in Jessie before I did an upgrade to the kernel 3.16.0-4-amd64, the …
Installing TeamPass in Debian Jessie
Introduction: TeamPass is a very good Web application which can store securely Passwords for single person or teams. Here are the steps I used to install it in Debian Jessie. These instructions can also be used with no or minimal changes to install TeamPass in other Debian or Ubuntu systems. These instruction are partly based …
SSH doesn’t accept my key since upgrade Mac OS X to Sierra
Introduction: I have two MacBooks. One that still has Mavericks OS X and one that I just upgrade to Sierra OS X. Since the upgrade I can’t connect via SSH to one of my Linux servers using the RSA/DSA Keys any more. It always asks for a password. After adding the ‘-v’ option to the …
Making a PC bootable USB stick using an .iso file on MAC
Introduction: Although Mac has been changed a lot since the days of Free-BSD it is still Unix and has lots of commands that are very compatible with the ones of its brother Linux. So here are the commands done in the Mac terminal which creates a bootable USB drive using an ISO file as the …
pygrub: Unable to find partition containing kernel
Introduction: Lately after I upgraded many packages in a Xen 4.4 DOMU VM the pygrub could not boot the VM any more. During the security update, the installed grub2(grup-pc), which never created any problems before with pygrub, got updated and suddenly it did create problems to boot the VM. Here is the error message I …
Force reboot a remote Linux server
Introduction: After having tried to do a reboot of a remote Linux server via the command reboot which had no effect, I tried to find a command that would force the server to reboot immediately. I found the commands that do exactly that at: https://major.io/2009/01/29/linux-emergency-reboot-or-shutdown-with-magic-commands/ Commands: echo 1 > /proc/sys/kernel/sysrq echo b > /proc/sysrq-trigger This …
Upgrading Apache2 from Debian Wheezy to Jessie
Introduction: As I tried to make a full distribution upgrade from Wheezy to Jessie the upgrade of Apache2 didn’t go well at all: dpkg kept coming up with dependencies errors and post-install scripts errors. Unfortunately I don’t have a sample of these errors here. Since I had to dist-upgrade over 30 servers of the same …
Switch database type from H2 to MySQL in Atlassian Jira
Introduction: After having tested Jira and decided to keep it for production it is very recommended to change the type of database used by Jira. The default database at delivery time is H2(local file dB) and in this HOW-TO I describe what I had to do to execute that switch under Debian Jessie. Steps: References: …
Display MySQL databases types in bash
Based on the site: http://stackoverflow.com/questions/213543/how-can-i-check-mysql-engine-type-for-a-specific-table Here is a bash command that will display the databases types(innoDB or MyISAM) of all the MySQL databases except for the defaults ones(mysql, etc) for i in $(mysql -u root -p -e “show databases;” | egrep -v ‘Database|information_schema|mysql|performance_schema’); do echo “——————–$i——————–“; mysql -u root -p -e “use $i; show table …
Enable TRIM for SSD in Linux
Introduction: Although some new SSDs are capable of TRIMming themselves for the ones that can’t you can enable the ‘discard’ option in the kernel for the SSDs in the system. This will do two things: – Enable a regular TRIMming of the SSD for each mountpoint you enabled in the /etc/fstab – Allow to run …
Changing Linux system password in bash script
Introduction: I created a script that creates a full email account for a new user including setting the password. I was looking for a way to change/set the password programmatically in the script using clear text passwords provided in variables. I took this information for the man page of chpasswd Some solution examples: Changing/setting the …
‘init: plymouth-upstart-bridge main process ended, respawning’ error messages at boot.
I installed a new Ubuntu 14.04 as a Xen server and found out that on booting the following messages repeated itself many times, [ 2.811553] init: plymouth-upstart-bridge main process (191) terminated with status 1 [ 2.812789] init: plymouth-upstart-bridge main process ended, respawning [ 2.874117] init: plymouth-upstart-bridge main process (210) terminated with status 1 [ 2.875167] …
Discover live hosts on a network under Linux
There are lost of tools available to scan a network and list the IPs of the hosts that are live. Here is one that I find quite cool using nmap with the following command(for example for the LAN network 192.168.100.0/24): Reference: http://security.stackexchange.com/questions/36198/how-to-find-live-hosts-on-my-network nmap 192.168.100.0/24 -n -sP | grep report | awk ‘{print $5}’ the result …
Installing Xen Hypervisor 4.8 on Debian Jessie
Introduction: I was looking for a way to install Xen 4.8 in Jessie because in some of the newest Processors Intel series called Skylake the default version of Xen Hypervisor on Jessie (4.4) results in endless booting loops. NOTE: If you already had the Xen 4.4(original installed) no worries the version 4.4 will not be …
Forcing pam users to use only FTPS and block SFTP/SSH
Introduction: I needed to force certain PAM users(configured in /etc/passwd) to use FTPS and block them from using SSH or SFTP. Here is a solution I found in: http://askubuntu.com/questions/93411/simple-easy-way-to-jail-users Solution: Add to /etc/shells a new shell: vim /etc/shells Add one line: /bin/false Save. For each user you want to deny ssh/sftp, change the user’s shell: …
Upgrading GlusterFS from 3.2(Debian) to 3.4 for Debian Wheezy
Reference: https://download.gluster.org/pub/gluster/glusterfs/3.4/LATEST/Debian/wheezy/ Packages of GlusterFS 3.4.7 for Debian wheezy are available here from the Gluster Community… Add the GPG key to apt: wget -O – http://download.gluster.org/pub/gluster/glusterfs/3.4/LATEST/Debian/wheezy/pubkey.gpg | apt-key add – Add the source: echo deb http://download.gluster.org/pub/gluster/glusterfs/3.4/LATEST/Debian/wheezy/apt wheezy main > /etc/apt/sources.list.d/gluster.list Update package list: apt-get update Install: apt-get install [ glusterfs-server | glusterfs-client ] Packages from …
Ubuntu 16.10 : xenconsole: Could not read tty from store: Success
Introduction: After having had some stability problems, with running Xen DOMUs under Ubuntu 16.04/Xen 4.6, I decided to upgrade to Ubuntu 16.10/Xen 4.7. Unfortunately, as I tried to start any of the DOMUs with the option -c to see the console content, the following error message was displayed and I got kicked out and no …
Extending SSD life expectancy by tuning Firefox
Introduction: If you are using Firefox and SSD drive(s) then according to this site: https://www.servethehome.com/firefox-is-eating-your-ssd-here-is-how-to-fix-it/ it is very recommended to make the small configuration change in Firefox to extend the life of your SSD. Reason: SSD Drives do have a lifespan depending on how many times we write to it. Therefore the function of regular …
Displaying the list of all ‘at’ jobs and their respective commands
Introduction: The command atq gives me the list of at jobs waiting to be executed and their execution times. Each line starting with the job number. The command at -c JobNumber gives me the content of the job including the environment variables. What I wanted is a command that would give me the list of …
Monitoring Linux server with iPhone/iPad
Introduction: Although Apple doesn’t have too many apps that support Linux admins, here is one that just came back on the market with a rebound on 26 Oct. 2016 with a new look, features and bug fixes: The iStat3 Server for Linux and iStat3 for iOS made by Bjango PTY Ltd. This app will display …
Resolving Mysql error: Too many open files
Introduction: As I upgraded from Mysql 5.5 to 5.6 suddenly some sites were showing the following error: …… Too many open files The issue has to do with the present limitations given to the system and PAM system to open max 1024 files. After doing some research I found this site below here which is …
Upgrading php from 5.4 to 5.6 in Debian Wheezy
In order to upgrade PHP from 5.4 to 5.6 we need to use the DOTDEB repositories by which many other packages will also be upgraded. Here are the steps. References: https://www.dotdeb.org/instructions/ STEPS: Edit the file /etc/apt/sources.lst and add the following lines: deb http://packages.dotdeb.org wheezy all deb-src http://packages.dotdeb.org wheezy all deb http://packages.dotdeb.org wheezy-php56-zts all deb-src http://packages.dotdeb.org …
LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes
Lately I updated the Ubuntu 12.04 where I run Zimbra 8.x and found that the log file of ‘clamd’ process was filling incredibly fast with the follwoing error line and the emails received’s subject were tagged with ‘**UNCHECKED**’ LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net Finally I found a solution …
Preferring use of ipv4 instead of ipv6 for DNS IP resolution in Debian
The last time I did an apt-get update in a specific Debian Wheezy I could not connect to the repositories because apt was preferring to use the IPv6 first. So here is a simple solution to system-wide add a preference to ipv4 in DNS IP resolution: Edit the file /etc/gai.conf and add the following line …
Making rpcbind(previously portmap, port 111) more secure
Introduction: I often use NFS files system between servers of the same internal network. But because having rpcbind open to Internet is considered insecure, I needed to protect it. I could have done this with the firewall, but since the only service I wanted to protect from Internet access I didn’t want to bother with …
Blocking all traffic from individual countries using IPSet and IPTables
Introduction: As I looked at the syslog I found too often that SSH login attacks are coming either from China or from Russia. Having enough of that, and anyway not expecting any traffic from any of these countries, although I use fail2ban still I decided to block any traffic coming from these 2 countries. Fail2ban …
Adding a new service to Linux systemd
Since the System V is slowly being phased out one most likely needs to learn how to get along with SYSTEMD which is much more powerful. For example, one useful feature is to automatically restart services that stop on their own. Such features are found for example in BluePill etc. With Systemd there is no …
Resetting MariaDB root password in Ubuntu 16.04 LTS
Introduction: Becasue it’s such a good article and don’t want to lose it, this following article is a full copy (with maybe some minor changes) taken from this site: http://tecadmin.net/steps-to-reset-mariadb-root-password-in-linux/# Step 1: Stop MariaDB Service First we need to stop MariaDB service using following command. # /etc/init.d/mysql stop Shutting down MySQL. [ OK ] Step …
Installing GRUB2 on mdadm software Raid in Debian Wheezy/Jessie
Principle: If you look at the result of the command df -h and you are using the mdmadm software RAID 1 then you can only see the /dev/mdx partitions. eg. Filesystem Size Used Avail Use% Mounted on /dev/md2 1.8T 524G 1.2T 31% / udev 10M 0 10M 0% /dev tmpfs 3.1G 288K 3.1G 1% /run …
Enabling SPDY and Strict-Transport-Security to NginX in Ubuntu 14.04
In Ubuntu 14.04 NginX is been compiled with the SPDY capability. To use it one must enable it inside the server {…} block for each virtual host. eg. server { server_name mprofi.com www.mprofi.com; root /var/www/mprofi.com; index index.php; # # Added to handle HTTP and HTTPS and SPDY listen 80; listen 443 ssl spdy; ssl_certificate /etc/letsencrypt/live/www.mysite.com/fullchain.pem; …
Activating SPDY in Apache 2.4 (Ubuntu 14.04)
SPDY is a new protocol created by Google and given to the Apache Foundation which allows faster Web traffic under SSL. Apache 2.4 is SPDY capable but its module is not included in Ubuntu 14.04 LTS Server. Here are some instructions that allow to get, install and enable SPDY feature foe Apache 2.4 under Ubuntu …
Installing Webmin in Debian 8(Jessie)
These instructions are a ‘Plagiat’ of the site: http://www.christophe-casalegno.com/2015/07/14/how-to-install-webmin-on-debian-8/ To install webmin on Debian 8 just follow this instructions : cd /root wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc echo “deb http://download.webmin.com/download/repository sarge contrib” >> /etc/apt/sources.list echo “deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib” >> /etc/apt/sources.list apt-get update apt-get -y install webmin If it’s too long for you, you can …
Some DOCKER Commands
Here are a few basic Docker commands: Also see: https://github.com/wsargent/docker-cheat-sheet Installing the latest Docker environment in Linux: curl -sSL https://get.docker.com/ | sh Start the docker terminal in OSX bash –login ‘/Applications/Docker/Docker Quickstart Terminal.app/Contents/Resources/Scripts/start.sh’ Info: Container Names without ‘/’ in the name refers to basic public containers templates Containers Names with a ‘/’ refers to user …
Useful ps options
Here are some (growing) tricks in order to get the maximum of the PS command: I set the command’s options in an alias to simplify the running of it. alias psa=’ps –headers axf -o pid,ppid,pri,state,user:15,group:15,nlwp,%cpu,%mem,rss,vsz,maj_flt,time,start,comm’ # One advantage of this above command is that it displays the username in its full length even if it’s …
Fixing Spamassassin in Debian Jessie(8)
Introduction: For a long time under Debian Wheezy Spamassassin was running quite well until I upgraded the system to Jessie. That is when Spamassassin(spamd) started to crash every now and then without giving much reasons why. Cause of error message: Looking in the system logs(/var/log/syslog) I found the following error: spamd[7490]: util: refusing to untaint …
Using HTTPS as proxy backend in Apache 2.4
Introduction: In Apache 2.4 in a Vhost in order to be able to proxy to a backend with HTTPS using either a self-signed or expired certificate on the backend we need to include the following directives: SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLProxyCheckPeerName off SSLProxyCheckPeerExpire off You also need to enable the required Apache2 modules …
Redirecting HTTP to HTTPS in NginX
Here is a working method of redirecting any requested HTTP URL to HTTPS in NginX VirtualHosts that handles both HTTP and HTTPS. For example, to have a single vhost support both HTTP and HTTPS you have normally the following directives: # Support for HTTP and HTTPS listen 80; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/www.myserver.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.myserver.com/privkey.pem; …
Testing SSL Connections with SSLyze, Nmap or OpenSSL
Introduction: OpenSSL is a great tool to check SSL connections to servers. The difficulty here is when one want a full scan of all possible SSL Cyphers and protocols used by a server. That is where SSLyze comes in handy. This tool is a Python script which will scan the target host/port for SSL handshake …
Verifying the validity of an NFS mount
Introduction: Every now and then if an NFS mount is no more connected to the server or something goes wrong with the NFS connection, running the command ‘ls mountpoint’ hangs the terminal till I press CTRL-C. So I tried to figure out a script that will be run as cron job and will tell me …
Checking the Health of LSI Logic / Symbios Logic MegaRAID SAS 2108 RAID Controller
Introduction: This HowTo show how to check the health of Hard Disks connected to a ‘LSI Logic/Symbios Logic MegaRAID SAS 2108’ RAID controller. We look for its presence in the system: lspci | grep RAID Example Result: 01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05) Bingo!, we can …
Debian Jessie official repositories list
Here are the official repositories for Linux Debian Jessie (8.0). This should be entered in the file: /etc/apt/sources.list # Debian Jessie deb http://security.debian.org/ jessie/updates main deb-src http://security.debian.org/ jessie/updates main deb http://ftp.at.debian.org/debian/ jessie main contrib non-free deb-src http://ftp.at.debian.org/debian/ jessie main contrib non-free To make sure the GPG key is also saved locally to avoid Key error …
Creating a new Xen Debian virtual machine from scratch
Introduction: In this tutorial a new virtual machine based on Debian Jessie distribution will be created from scratch with minimal components. Assumption: The Xen Hypervisor should already be installed and running in the main system (DOM0). Creating the Xen Virtual Machine This virtual machine will be created with the xen tools which bootstraps the creation …
Installing Xen 4.4 on Ubuntu Server 14.04 LTS (Trusty)
Introduction: This HowTo assumes that the Internet access from VMs via DOM0 and the private LAN are done using the Bridge method. In the previous versions of Xen installation the bridges were dynamically built via the Xen scripts, in this version the bridges are built permanently as the DOM0 boots up. DOM0:xenbr0(eth0) —bridging==>> DOMUs:eth0 DOM0:pdummy0(dummy0) …
Recursively delete files securely: shredding
Description: Every administrator should know that when we delete a file on the hard disk, almost nothing is really deleted. The space used by the files is simply put back on the list of ‘free to use‘ space in the filesystem and will no more appear in the directory listing. This means forensic tools can …
Create a new database and use in MySQL/MariaDB
These commands will create a new database in MySQL/MariaDB including a new user/password with full access to the DB. mysql -p -u root Enter the MySQL root password. mysql> CREATE DATABASE dbname CHARACTER SET utf8 COLLATE utf8_bin; mysql> GRANT ALL PRIVILEGES ON dbname.* TO ‘user’@’localhost’ IDENTIFIED BY ‘password’; mysql> FLUSH PRIVILEGES; mysql> QUIT
Reporting SMART status of RAID disks
Reference site: http://www.cyberciti.biz/faq/linux-checking-sas-sata-disks-behind-adaptec-raid-controllers/ Note: Although Hardware RAID controllers made by other hardware manufacturers here I use Adaptec as an example: Install the software: apt- get install smartmontools Curious which company the RAID controller is from? Find out which RAID controller you have: lspci | grep ‘RAID’ Result: 01:00.0 RAID bus controller: Adaptec Device 028b (rev …
Using SS tool for network troubleshooting
Introduction: The following article is been copied completely 1 to 1 (full plagiat!!)from the following site inn order to be able to refer to it here in case the article disappears from Internet access or moves location. http://www.linux-magazine.com/Issues/2015/181/Querying-Sockets-with-ss Linux Magazine. Article from Issue 181/2015 Author(s): Chris Binnie The unassuming ss utility is easy to understand …
Preventing a bash script from running concurrently
Introduction: In order to prevent a bash script instance from running more than once concurrently, here is a small tip on how to write the script. Script template: #!/bin/bash # Prevents that an instance of the script starts while another instance of it is still running scriptname=$(basename $0) lockfile=”/tmp/${scriptname}.lock” if [ -e $lockfile ]; then …
Issue free and CA signed SSL certificates for web servers from LetsEncrypt
Introduction: SSL Certificates provide two functions: 1. Authentication 2. Encryption Encryption can be achieved without authentication but, for some reason, someone decided to join them together in one certificate. It seem to make sense for banks and serious e-commerce sites which need to be properly authenticated. Therefore when the HTTPS protocol got developed it was …
Creating a web certificate CSR file.
The process of buying an SSL certificate for a web site is usually as follows: – You create a secret key and CSR files using the method showm in this post. – You cut and paste the content of the CSR file into a field in a SSL Vendor web site – The SSL vendor …
Scanning for viruses on a Debian/Ubuntu server
Situation: Although most viruses would be mostly harmless in a Linux environment if the viruses are just files laying around, BUT since a server is meant to SERVE it is one of the best place to spread the viruses to other systems where it could do damages. Solution: Scan the system or certain vulnerable directories …
Configuring HAproxy load balancer in Ubuntu 14.04
Goal: In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers. In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. SSLCertificates: The certificates for all virtualhosts being proxied are stored as one PEM format …
Example of using UFW firewall in Debian/Ubuntu
Introduction: I just started to use the firewall UFW which is a terminal commands based firewall. The tool seemed a bit difficult to understand at first but with a bit of trying and errors I finally got something working. So here is what I did. I install the UFW firewall: apt-get install ufw Assumption: I …
Installing pure-ftpd in Debian/Ubuntu
Difficulty with FTP servers and firewall: If you configure a firewall for a host which runs an FTP server you normally need to leave the ports 1024-65365 range open, since you never know which port the FTP server will use to send data to the FTP client. This situation is quite critical if you have …
Installing a newer git version in Debian/Ubuntu
Introduction: In many cases where Git is involved it’s possible ethat your distribution doesn’t offer the version of git that is appropriate to the software you want to run. In this case you can install from sources. Here is one method fro example to install the version 2.4.3. Steps: Remove packaged Git apt-get remove git …
Resetting MySQL passwords in Linux Debian/Ubuntu
In Linux Debian/Ubuntu an extra user debian-sys-maint which also has all the access rights is used for maintenance. It can also be used to reset users passwords especially the root password when lost. Here are some tips regarding resetting them. Resetting the ‘root’ passwordmysqladmin -u root -p password “MyNewPass”ORmysql -u debian-sys-maint -p update mysql.user set …
Fine tune Ubuntu TCP stack for web server
The following tips taken from the site will help reduce the TCP latency of Ubuntu as a web server : http://www.cyberciti.biz/faq/linux-tcp-tuning/
Limiting the number of connected clients on a VirtualHost in Apache
Problem: When a DDOS attack or a burst of requests are coming at the same time in my Apache2 Web server, the whole server can run out of RAM and crash. Possible solution: Limit the number of simultaneous connections to your Web server per VirtualHost Method: One simple and effective method done directly on the …
Using mod_cluster in Apache
The newly discovered Apache module mod_cluster seems to offer many advantages compared to mod_jk which could be used in the new Apache/Jboss environment. The following features are listed: – Dynamic configuration of httpd workers – Server-side load balance factor calculation – Fine grained web-app lifecycle control – AJP is optional – Compatible staring at JBoss …
Configuring Apache to handle WebSocks
WebSocks is supported by Apache starting at version 2.4.xx. Here are some minimal configuration for Apache 2.4.xx. in Ubuntu 14.04.x Install the proper modules: a2enmod proxy a2enmod proxy_wstunnel Configure the VirtualHost (only the WebSock part is shown here) # Make sure the backend server gets the right URL in ‘Location:’ http Header ProxyPreserveHost On # …
Install Java7 Runtime Engine in Debian Squeeze
Introduction: Debian Squeeze has only Java6 available. So here is one method to install Java7 on Debian Squeeze. Method 1: TARBAL. Steps cd /usr/src wget –no-cookies –no-check-certificate –header “Cookie: oraclelicense=accept-securebackup-cookie” “http://download.oracle.com/otn-pub/java/jdk/7u72-b14/jre-7u72-linux-x64.tar.gz” tar -xvzf jre-7u72-linux-x64.tar.gz mkdir /usr/lib/jvm mv /usr/src/jre1.7.0_72 /usr/lib/jvm/ ln -s /usr/lib/jvm/jre1.7.0_72/ /usr/lib/jvm/java-7-oracle cd /etc/alternatives mv java java.6 ln -s /usr/lib/jvm/java-7-oracle/bin/java java java -version
Verifying the integrity of files with md5sum
In order to transfer files and be sure that they were not compromised on their way to their destinations a method of ‘checksumming’ the file’s content can help. Under Linux the tool is called ‘md5sum’. Here is how to use it. For example to check the integrity of the downloaded Ubuntu Linux .iso file. md5sum …