Apache2 Suexec module comes with at least 2 flavors in many distributions of Linux. – apache2-suexec-pristine: Apache HTTP Server standard suexec program for mod_suexec – apache2-suexec-custom: Apache HTTP Server configurable suexec program for mod_suexec Many times when I’ve been trying to use the standard mod_suexec with mod_fcgi (useful for WordPress installations),the mod_suexec complains that the …
Category: Linux
Linux Tips and tricks, either for desktop or internal system.
Finding the absolute path of a running script
In bash scripts we often need to know in which directory the running script is found especially when the script is in the $PATH and may be occurring in multiple places: Here is a reliable way to find it out: Based on this site: http://stackoverflow.com/questions/4774054/reliable-way-for-a-bash-script-to-get-the-full-path-to-itself # Absolute path to this script. /home/user/bin/foo.sh SCRIPT=$(readlink -f $0) …
Installing wp_cli
wp_cli is a really good PHP script which helps installing the latest WordPress version in an htdocs. Here is how to install it in a Linux system: This will install wp_cli PHP script as /usr/local/bin/wp in the system. (Logged in as root) cd /tmp wget https://raw.github.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod 755 wp-cli.phar mv wp-cli.phar /usr/local/bin/wp To get the …
Ubuntu: apt-get update: Hash sum mismatch
According to many admins, this error can occur when the mirror repository is either overloaded or not up-to-date. The solution proposed is to change mirror repositories this way: sed -i ‘s/de.archive.ubuntu.com/archive.ubuntu.com/g’ /etc/apt/sources.list apt-get update
Installing VSFTPD for FTP-SSL web sites upload on Ubuntu
In order to force an exclusive use of the SSL/TLS connectivity to users here is how to install it: Note: This tutorial was base from this site: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps Install the vsftpd package sudo apt-get install vsftpd Edit the /etc/vsftpd.conf configuration file and add the following at the end of the file or alternatively adapt the …
Installing GlusterFS 3.6 in Ubuntu 14.04 Server LTS
Note: In case you have an regular(3.0.5-1) version of GlusterFS to upgrade, it is recommended to run the following command in order to make sure the older version gets cleaned-up does not interfere with the new one. apt-get purge glusterfs-client glusterfs-server Depending on whether you have Debian or Ubuntu use one of the following installations: …
Install a multisite(WPMU) WordPress with wp_cli
Prerequisites: – Create a new fcgi driven user in Linux system(in this case usrblog) useradd -s /bin/bash -d /www/clients/mywpsite.com/htdocs/ usrblog passwd usrblog – Install a Virtual host which uses suexec and fcgi in Apache/NginX – Create a new database in MySQL (we will call it myblog) – Create a new mysql user and assign the …
PAM-Mysql user authentication in Ubuntu 14.04 LTS Server
Introduction: As I was wanting to set-up a cluster of web servers based on Apache2 and fcgi I realized that I didn’t want to have to create/delete/update each individual fcgi user in each web server. Therefore I decided to authenticate the fcgi users through MySQL (in fact MariaDB). I’ve done that many years back but …
Groupoffice: No modules available
Problem: Once in a while right after I logged in Group Office I get the error message: No modules available. Here is a URI that refreshes the cache: https://my.groupoffice.com/groupoffice/index.php?r=maintenance/upgrade
Encrypt a password with different encryption methods
Situation: I happen to have configured a Linux system with MySQL database and wanted to enter a password in the password field in the DB. Here is a way I found. This will output in the terminal the encrypted string you can then enter directly in the password field via phpmyadmin or mysql client. Note: …
Usefull commands of LVM
Just to make sure I don#t forget where to find such useful set of commands for the LVM I copied it here integrally from: https://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/LV_create.html 4.4.1. Creating Logical Volumes To create a logical volume, use the lvcreate command. You can create linear volumes, striped volumes, and mirrored volumes, as described in the following subsections. If …
Selectively blocking / redirecting HTTP requests per country of origin with Apache
If you need to block or redirect requests that are originated from certain countries, here is a good method using geoIP information. Install the GeoIP binaries and Apache module: apt-get install geoip-bin libgeoip1 libapache2-mod-geoip a2enmod geoip service apache2 restart Example of blocking requests from germby(DE) in a VirtualHost configuration: SetEnvIf GEOIP_COUNTRY_CODE DE BlockCountry Deny from …
phpmyadmin: The mcrypt extension is missing. Please check your PHP configuration.
This was the error message I got in PhpMyadmin in Ubuntu 14.04-2. The mcrypt extension is missing. Please check your PHP configuration. So I found the following solution in: http://askubuntu.com/questions/460837/mcrypt-extension-is-missing-in-14-04-server-for-mysql/477608#477608 First, I’m not really sure that this directory needs to be created, but since it’s in php.ini configuration, I’d rather make sure all will work …
Relay emails for specific destinations
In the last couple of years many large email providers have started to refuse emails coming from certain IP addresses or according to certain other criteria. It is difficult to know for what reason certain emails are refused access with the server answer: ….refused to talk to me: 554…. The list of these emails destinations(which …
Proxy Internet access via SSH tunnels and and tsocks
Description: I came across a situation where I needed to install software on a server that didn’t have internet access, except for the apt-get commands which are only reaching specific Internet addresses (allowed by the firewall). So in our network there is a Linux server that does have full Internet access. The idea here is …
Installing NginX 1.9.2 in Ubuntu server 14.04.2 LTS
Since the version of NginX in Ubuntu Server 14.04.2 is only 1.4.6, we need to tell APT to install the more recent version of nginx directly from the NginX maintainer. Steps: Add the following lines in /etc/apt/sources.lst deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx From your server download the signing key add it to …
Adding IPs to a network Interface in Linux
Sometimes we need to add extra IPs to a network interface to handle HTTPS requested by mechanisms that don’t support SNI. There are many ways to do that but here are the one I prefer. Extra IP belonging to a different subnet In order to be able to add an extra IP belonging to another …
Uninstalling VMWare Player/Workstation in Linux
Reference: http://askubuntu.com/questions/151099/how-to-uninstall-vmware-player sudo vmware-installer -l sudo vmware-installer -u PRODUCT-NAME With the first command you can see what products you have. With the second you can choose which product uninstall.
Install TeamViewer in Debian Wheezy
Teamviewer is a very good and stable remote desktop with many clients software form almost any platform. Here I explain how I got TeamViewer to run on a headless Debian Wheezy server. Reference: https://www.teamviewer.com/en/help/363-Wie-installiere-ich-TeamViewer-auf-meiner-Linux-Distribution.aspx#multiarch Steps: – Install the VNC desktop on the Debian Server for a particular user as per the instructions shown here: https://tipstricks.itmatrix.eu/installing-linux-remote-terminal-using-vnc-on-a-debian-server/ …
Downloading tar.gz files from the Linux command line
Sometimes we need to download a file from Internet using the bash command line. here are some suggestions: Using WGET: wget {URL} eg. wget https://my.server.com/downloads/file.tar.gz Using CURL: (Fancy progress info given as the download progresses and will unpack it at the same time) curl -L –progress {URL} | tar xz eg. curl -L –progress https://my.server.com/downloads/file.tar.gz …
Undeleting a directory from SVN repository
Situation: A directory had been deleted a while ago from the repository and we want it back without interfering with commits that were since made in other parts of the repository, and without having to have the repository in the workspace. Reference: http://svnbook.red-bean.com/en/1.8/svn.branchmerge.basicmerging.html#svn.branchmerge.basicmerging.undo Solution: – Find out which revision of the commit it was that …
Installing GitLab (MySQL based) on Ubuntu 14.04.2 LTS Server
Note: Instructions based on but have been modified in a few places to make it work with mySQL: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md and https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/database_mysql.md Extra related Info: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/doc/install/installation.md https://www.linode.com/docs/applications/development/gitlab-on-ubuntu-14-04 and https://www.digitalocean.com/community/tutorials/how-to-set-up-gitlab-as-your-very-own-private-github-clone#database-setup STEPS adduser –disabled-login –gecos ‘GitLab’ git apt-get install -y build-essential zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev curl openssh-server redis-server checkinstall libxml2-dev libxslt-dev libcurl4-openssl-dev libicu-dev logrotate python-docutils …
Can’t connect to VSFTPD with Filezilla
Problem: Because of some incompatibility of the default use of cyphers in VSFTPD FileZilla cannot connect to it. Solution: Edit the VSFTPD configuration file /etc/vsftpd.conf and add the following directive: ssl_ciphers=HIGH Restart VSFTPD server and use the default settings for new FTP connection with incryption of ‘explicit FTP over TLS’.
Extending dynamically Linux RAMs in VMWare VM without rebooting
Situation: Need to raise the amount of RAM in a VMWare VM without rebooting. Solution: – In VMWare interface: Raise the amount of RAM for the VM – In the Linux VM: Run the following script: #!/bin/bash # This script enables in system the unrecognized RAMs deleteline () { echo -ne $dellineup } ### check …
Update the number of CPU dynamically in a VMWare VM
Situation: I’ve come across a situation where I needed to LIVE-raise the number of CPUs for a VMWAre Linux VM without having to reboot. Solution: – In VMAre ris the number of CPUs – In the Linux VM do the following: – Save the following script into /root/bin/ directory (It was take from this article: …
Installing DMARC filtering in Debian Wheezy
Principle: DMARC is a bit of a strange animal. It serves as a filter against SPAM but only according to the rules given by the owner of the domain sending emails. So, for example, if I send emails as sender me@example.com using a mail client program via my mail server , in order that my …
Copying all files including hidden files in Linux command
PROBLEM: If you use the command cp or mv on hidden files you will notice that the hidden files won’t get ‘seen’ and therefore not copied or moved. The problem doesn’t belong to cp or mv but to bash. Bash doesn’t include the hidden files in the globbing expansion. for example: mkdir ~/temp1 ~/temp2 touch …
Anti-SPAM mail filtering using SPF on Debian Wheezy
Install the package: apt-get install postfix-policyd-spf-perl Add this line to /etc/postfix/main.cf: policy-spf_time_limit = 3600s Add the following lines to /etc/postfix/master.cf: policy-spf unix – n n – – spawn user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl In /etc/postfix/main.cf, find the smtpd_recipient_restrictions section, and, immediately after permit_mynetworks (and permit_sasl_authenticated, if you’re using that), add: check_policy_service unix:private/policy-spf, Restart Postfix and check your logs …
TCP Load balancing email/web servers with NginX
I’ve got 2 synchronized email servers running and, in order to make sure I don’t have to change the servername settings of my mail client in case one server goes down, I was looking for a straight TCP layer load balancer. There are a few software packages on the market that can do that , …
Using CURL for sending crafted HTTP POST authenticated queries
CHALLENGE: I came across a situation where I needed to send an HTTP request using the POST method with some POST data but after I have authenticated with name and password. SOLUTION:(using curl tool) The trick here is to preserve the SESSIONID of the authenticated response for the second POST request. EXAMPLE: I needed to …
How to create a USB stick bootable on OS X
This article is based on the following How-to in Ubuntu site: http://www.ubuntu.com/download/desktop/create-a-usb-stick-on-mac-osx We would encourage Mac users to download Ubuntu Desktop Edition by burning a CD. But if you prefer to use a USB stick, please follow the instructions below. Note: this procedure requires that you create an .img file from the .iso file you …
Hard disk resize and sync without rebooting
Description: Sometimes I need to resize a virtual disk for a virtual machine without having to reboot the machine. For the kernel to recognize that a virtual disk has changed size. Here are the step to do that: Unmount the concerned partition: Eg. /dev/sdb1 umount /dev/sdb1 Find out which SCSI devices are involved: ls /sys/class/scsi_device/ …
Upgrading a single package in Debian/Ubuntu
Here is simple command that allows to upgrade one or more defined Debian packages without upgrading any of the others: apt-get –only-upgrade install <PackageName> [<PackageName>] …
Installing Xen 4.4 on Ubuntu Server 14.04 LTS (Trusty) in a Hetzner server with 8 IPs subnet
Hetzner Germany has very fast and not expensive rentals of Hardware servers available. In order to communicate internally via private network between Xen-DOMUs and DOM0, normally one would install Xen DOM0 network with bridge networking as follows: DOM0:xenbr0(eth0) ===bridging===>> DOMUs:eth0 BUT!!!! PROBLEM: Because of the configuration of the network switches at Hetzner, one hardware server …
Resuming files copy after break with rsync
In my work, I often need to transfer large files from my MAC desktop to a Linux server in Internet. Since the Internet connection is often broken and changes IP, transferring of large files really can be difficult. That is where rsync come to the rescue by saving the already transferred part of the file …
Monitoring latency time of http requests
Here is a simple but useful command which shows the latency time of http requests. You can adjust the delay between repeats as well as the URL being queried. Reference: http://www.shellhacks.com/en/Check-a-Website-Response-Time-from-the-Linux-Command-Line host=”www.google.de”; delay=5; while true ; do echo -n “Response time for http://$host:” ;curl -s -w %{time_total}\\n -o /dev/null http://$host ;sleep $delay; done Results: Response …
Wandisco SVN(Subversion) installation on Debian Wheezy
To my experience, compiling the latest Subversion from Collab site is quite some work. As an alternative to this, Wandisco site offers for free the (almost)-newest version of subversion package for Debian. It’s already compiled, tested and ready for production. Since Debian Wheezy doesn’t quite have the proper versions of packages necessary to install these …
Resolve the IP from a hostname
As a Linux administrator I often need to resolve hostnames into IPs specially in scripts. Using the command ‘host’ the sytem will resolve the IP only through the resolver libraries omitting to look into the /etc/hosts file. The same is true for the command ‘nslookup’ and ‘dig’. A good trick is to use the command …
Changing the keyboard layout of Terminal in Ubuntu
Even if you install Ubuntu with the proper keyboard, it could happen that the terminal application is still set to EN-USA Layout. To change the keyboard at the terminal level, login as root and issue this command from in the terminal: dpkg-reconfigure keyboard-configuration Then reboot Linux.
Install Adaptec ACC-RAID utility – arcconf – in Ubuntu 14.04
In order to be able to control the Apaptec AACRAID Raid controller in Ubuntu one need to install the program arcconf from third party as follows: Ref: https://www.thomas-krenn.com/de/wiki/Adaptec_arcconf_unter_Ubuntu_installieren wget -O – http://archive.thomas-krenn.com/tk-archive.gpg.pub | sudo apt-key add – cd /etc/apt/sources.list.d wget http://archive.thomas-krenn.com/tk-main.list wget http://archive.thomas-krenn.com/tk-optional.list apt-get update apt-get install arcconf Getting info on the installed RAID controller: …
Bootstrapping Ubuntu 14.04 for VM use.
This short tutirial only takes care of installing Ubuntu 14.04 in a directory. More preparations are needed before the system can run and they will only be listed here but not explained… for now. # Bootstrapping UBUNTU 14.04 LTS # present Settings # Installation destination of Ubuntu: /dev/sda2 # Temporary work space for bootsctrap: /dev/sda3, …
Proxy Rewrite to an URL with a non valid Cert
If we do a Proxy Rewrite to an URL with a non valid Cert, we have to deactivate the SSL validation in the vhost where the Proxy Rewrite resides as follows: SSLProxyEngine On SSLProxyVerifyDepth 0
Entering a new certificate in Java Keystore
Using JDK 1.5 or below Ref: http://stackoverflow.com/questions/4217107/how-to-convert-pfx-file-to-keystore-with-private-key OpenSSL can do it all. This answer on JGuru is the best method that I’ve found so far. Firstly make sure that you have OpenSSL installed. Many operating systems already have it installed as I found with Mac OS X. The following two commands convert the pfx file …
Changing keyboard layout in Ubuntu/Debian Linux comand line
Ref: http://askubuntu.com/questions/209597/how-do-i-change-keyboards-from-the-command-line You can find all the different keymaps in the following location: /usr/share/keymaps/i386/ or /usr/share/kbd/keymaps/i386/ To change the keyboard layout (e.g. to German) in the Linux command line, type the following command: loadkeys de For X: setxkbmap de To make these changes system wide, assuming you’re using Ubuntu, you can use the following: sudo …
Instal Skype in Xubuntu 14.10 LTS
Unfortunately there is no .deb installation for Skype under XUbuntu that I know of. The best I found is to install the support of 32Bit environment and then install the standard 32 Bit skype as follows: Based on ref: http://askubuntu.com/questions/343047/installing-skype-on-ubuntu-13-04-64-bit sudo dpkg –add-architecture i386 sudo add-apt-repository “deb http://archive.canonical.com/ $(lsb_release -sc) partner” sudo apt-get update sudo …
Verifying a SSL certificate chain
In order to see if an SSL web site has the proper SSL Certificate chain, this simple command can help: echo “” | openssl s_client -showcerts -servername web.site.com -connect web.site.com:443 -CApath /etc/ssl/certs/ Example: echo ” ” | openssl s_client -showcerts -servername tipstricks.itmatrix.eu -connect tipstricks.itmatrix.eu:443 -CApath /etc/ssl/certs Result:(most important extract from full result) CONNECTED(00000003) depth=2 C …
Installing GITLAB-Omnibus in Debian Wheezy
Introduction: The instructions here have been based on the site: https://about.gitlab.com/downloads/. I did what is shown there but it didn’t work immediately. I had to do the following tweaks and then it all worked fine so far. IMPORTANT: In order to stay updated see the last par at the end of this article for instruction …
Dump only headers of HTTP request and response
In roder to only get the headers of any HTTP request and response here is a smal command that does it well: Eg. curl -sv http://my.website.com/index.html >/dev/null
Inspecting an initrd filesystem
Purpose: Just in case you need to know the content of the filesystem used by the kernel at boot time (initrd), here is some instructions on how to uncompress it into a temporary directory. Some explanation: This initrd file system is a plain file tree structure in a CPIO format compressed by gzip. At boot …
NGINX: [emerg]: getgrnam(“…….”) failed in /etc/nginx/nginx.conf:1
As I installed nginx 1.6.x from Debian dotdeb repository, the daemon nginx started automatically using the user ‘www-data‘. As I wanted to change this user in the configuration file /etc/nginx/nginx.conf from: user www-data; TO user appuser; NGinX didn’t want to start any more and found the following line in the error logs: [emerg]: getgrnam(“appuser”) failed …
Find the USB drive information using smartmontools in Debian
You have inserted some drives in a USB port and want to know some information about the drive: Example: Command to find the list of storage devices: fdisk -l Result: Disk /dev/sda: 999.2 GB, 999156310016 bytes 255 heads, 63 sectors/track, 121473 cylinders, total 1951477168 sectors Units = sectors of 1 * 512 = 512 bytes …
ModSecurity: Rules must have at least id action
After compiling ModSecurity 2.8.0 with Apache 2.4.10 I got the the folowing error when trying to start Apache2: ModSecurity: Rules must have at least id action After Google-ing it I found this site that explains what went wrong: https://evilazrael.de/content/modsecurity-rules-must-have-least-id-action According to this site the labeling(identification) of the rules was optional till the version 2.7.0, after …
APT repositories pgp keys issues
Thsi article is taken form : http://blog.nachtarbeiter.net/2009/06/08/add-missing-gpg-public-key-to-debians-apt/ Add missing GPG public key to Debian’s apt. If you get a message like this while installing a new package through apt… GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY C514AF8E4BA401C3 First copy the number that comes …
Unlocking dpkg database
Under Debian Squeeze I ran the command dpkg -i bash_4.1-3+deb6u1_amd64.deb and got the following error message: dpkg: status database area is locked by another process Solution: 1 – make sure you are not already runnning any package administration program in another bash session like with dpkg or apt-get or aptitude 2 – If no other …
Bash bug ‘Shellshock’ Debian Squeeze packages
For those who still have Debian Squeeze and wonder where to find the fixed Bash Debian package for the dangerous bash bug (http://www.bbc.co.uk/news/technology-29361794)you can find it here: 64 Bit: ftp://ftp.fr.debian.org/debian/pool/main/b/bash/bash_4.1-3+deb6u2_amd64.deb 32 Bit: ftp://ftp.fr.debian.org/debian/pool/main/b/bash/bash_4.1-3+deb6u2_i386.deb Want to test your Bash to see if it is fixed? Run the command: test=”() { echo Hello; }; echo Buggy” bash …
Installing Shinken in Debian Wheezy
Debian Wheezy does offer the installation of the full (a bit old)shinken, BUT it doesn’t offer the Installation of the WebUI. Here is a better way to install everything including pnp4nagios and check_mk in one go: STEPS: Install Shinken wget http://www.shinken-monitoring.org/install -O /tmp/install_shinken.sh cd /tmp && sh install_shinken.sh Configure shinken vim /usr/local/shinken/etc/shinken-specific.cfg Change the http://YOURSERVERNAME/ …
Installing Icinga2, pnp4nagios, NRPE Agent and Graphite in Debian Wheezy
Since Icinga2 is not part of the stable version of Debian Wheezy we need to install it from the wheezy-backports. Therefore the following steps are suggested: Add the backports to the Debian repositories list: mcedit /etc/apt/sources.list Add the following lines: deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free deb-src http://ftp.debian.org/debian/ wheezy-backports main contrib non-free Update the repo …
Changing the domain name of WordPress
SITUATION: You’ve had a WordPress site since a while and want to change its URL by which it is called. WordPress needs to have a constant URL to be able to work. If you just configure the web server to use another URL, it won’t work. The original URL stored in your WordPress database, which …
Install Xen 4.1 on Debian Wheezy in a Hetzner Dedicated server
Hetzner Germany has very fast and not expensive rentals of Hardware servers available. In order to communicate internally via private network between Xen-DOMUs and DOM0, normally one would install Xen DOM0 network with bridge networking as follows: DOM0:xenbr0(eth0) — bridging==>> DOMUs:eth0 DOM0:xenbr1(dummy0) —bridging==>> DOMUs:eth1 BUT!!!! PROBLEM: Because of the configuration of the network switches at …
lftp –> Fatal error: Certificate verification: Not trusted
Very usefull tip found at: http://anils-tips.blogspot.com.au/2011/05/lftp-fatal-error-certificate.html $ lftp user@test.ftp.com:/directory Password: cd: Fatal error: Certificate verification: Not trusted To disable certificate verification in lftp, Edit ~/.lftp/rc and add: set ssl:verify-certificate no
Testing internet speed on Linux command line
This small script does a fairly good Upload/download speed test of your Internet connection: Note: This is a Python script. So you’ll need first to make sure you have Python installed in your system. Get the script: wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py Make it runnable chmod +x speedtest-cli Run it ./speedtest-cli Have fun
Switching from xm(xend) XenToolStack to XL XenToolStack in Delian Wheezy
Introduction: While I upgraded my Xen DOM0 from Squeeze to Wheezy it was recommended to switch from the Xend(xm) Toolstack to XL Toolstack. Because I found very little info on how to do the switch. So here is a way do it on Wheezy. Here we are assuming that you have installed Xen 4.1 Hypervisor …
Archiving all incoming/outgoing mails using Sieve
The following custom Sieve script can be used to make a copy of every email a user sends or receives. In the example, the user is user@domain.com and the copy of the .MSG file is saved in the spyfolder directory. if envelope :contains [“from”,”to”] “user@domain.com” { fileinto “c:\\spyfolder”; keep; } Note: Be careful to monitor …
Blocking user to send sensitive information using Sieve
The following article uses examples to show how to block users from sending attachments containing sensitive information (e.g. financial information) to the outside world. The script blocks attachments with certain names by flagging particular words. Scenario: – Your domain is widget.com – The administrator wants to block attachments with the word customer in the filename …
Force sending mails using SSL/TLS
Introduction: In some cases it might be requested to transfer emails to another mail server using encryption (SSL/TLS). Here is a way to do it using Sieve language which Dovecot supports: Use a sieve script to conditionally send encrypted messages. The script would insert a header element, called X-Requires-SSL, prompting SMTPDS (the Delivery Service) to …
Debian Wheezy vsFTPd: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()
It means that the user which connects to the vsFTPd server should not be allowed to write in its root directory. vsftpd-2.3.5 disallow login with writable root directory because of possible glibc vulnerabilities If you already have enabled the TSL connection then the same error message will look like this: “Unsupported record version Unknown-48.48” Here …
Install a PERL module from CPAN
You can install the modules which ever is needed for you using the following command. Example to install the module: RRDs(RRDSimple) perl -MCPAN -e ‘install RRD::Simple’
Controlling the conntrack of kernel iptables
As unpleasant as it might be when you get an DDOS/DOS attack of high magnitude many things can go wrong. One of them which is often not seen is the filling of the ‘conntrack’ table in the kernel. The DDOS attack might stop and nevertheless the web site still not available for a while, while …
Dynamically change Apache response content
Although the example below doesn’t quite represent a very good one in terms of real life problem, nevertheless it shows how to implement a dynamic web server response content modification. These replacements are done in application server responses before they leave Apache web server. In this example we are dynamically replacing parts of the URI …
Benchmark your IO in Debian Servers
In order to have a better idea of what is the IO performance on an Internet server here is a small tool that would make relative good IO(disk performance) tests. apt-get install iozone3 iozone -I -T -t 5 -r 64k -s 2G -i 0 -i 1 -i 2 -c -e The results are easy to …
Creating a XEN machine and Installing Group Office in Debian Wheezy
Introduction In this Tutorial I will explain the steps I did to create a Xen Virtual Machine with minimal packages and then install the latest Group Office Web based Collaboration software. You’ll need to be fluent in Linux and Xen because I don’t explain much here. Note: My hypervisor is Xen 4.0 in Debian Squeeze …
vhosts calling themselves behind load balancer
PROBLEM: If a virtualhost configured behind a load balancer originated http/https, requests using the proxy module in destination to the Internet IP of the virtual host, the route of the packet would then have to be: Vhost ==ProxyModule==>> LoadBalancer ==>> Loop to itself ==>> Vhost For technical reasons I needed to avoid this route. This …
Changing the terminal keyboard type and language in Debian Wheezy
dpkg-reconfigure keyboard-configuration
Mounting extVFAT in Linux
If the kernel has not yet the capability of of handling exFAT filesystem here is how to add it as a user space capability in a Debian/Ubuntu system: sudo -s apt-add-repository ppa:relan/exfat apt-get install fuse-exfat
Adding dynamicall a new Virtual Disk in Linux in VMWare
for i in $(ls /sys/class/scsi_host); do echo “- – -” > /sys/class/scsi_host/$i/scan ; done
Some tools for SSL certificates
Checking that a certificate is paired to the key Example: openssl rsa -noout -modulus -in mycert.key |openssl md5 33c63cb62080fdf2bc06c47a59e02917 openssl x509 -noout -modulus -in mycert.crt |openssl md5 33c63cb62080fdf2bc06c47a59e02917 Both results should be the same Generating a certificate for VSFTP openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem Creating a self signed …
Setting-up Chroot for SSH and for SFTP
There are many ways to create Chroot for SSH here are 2 good links for that. http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-ssh-env.en.html http://www.howtoforge.com/chrooted_ssh_howto_debian Note: Here some more info on the subject. The following article is based on an extract of the following site: http://www.howtoforge.com/restricting-users-to-sftp-plus-setting-up-chrooted-ssh-sftp-debian-squeeze Enabling chrooted SSH Enabling chrooted SSH is a bit complicated because we must set up a …
Turning OFF security checks in SSH server
In order to turn OFF security checks in SSH connections set the folwoing configuration in the SSH server in /etc/ssh/sshd_config: UserKnownHostsFile=/dev/null StrictHostKeyChecking=no LogLevel=error This will also work if key forwarding is set as well.
Expanding a VMWare external volume
Description: The task here is simply to raise the zize of a data volume attached to a VMWare virtual machine. Steps: 1. Stop the instance that is attached to the volume to be expanded. 2. Create a snapshot of the volume. 3. Create a new volume from the snapshot. There you have the possibility to …
Limiting connections per Virtual Host with mod_bw
Introduction: In order to limit the number of simultaneous connections to a Web server (for the whole server) the following Core directive is used in our Live web servers, limiting it to 2000 simultaneous connections per web server. MaxClients 2000 In the case of wanting to limit the number of simultaneous connections per VirtualHost we …
Installing extFAT in Linux Mint(Debian/Ubuntu)
This article is based on the following link of which I’m really thanful: https://paraaether.wordpress.com/2012/09/08/mount-exfat-filesystems-under-linux-mint-ubuntu/ Problem: Lately a new file system format meant for external flash-memory cards, Camera ssd cards and Smart phones is been develloped by Microsoft called ‘extFAT’. It allows to overcome the barrier of 4GB for single files and is more efficient for …
snmpd error on subcontainer ‘ia_addr’ insert (-1)
This message is flooding my syslog on each snmp query. snmpd[3916]: error on subcontainer ‘ia_addr’ insert (-1) snmpd[3916]: error on subcontainer ‘ia_addr’ insert (-1) snmpd[3916]: error on subcontainer ‘ia_addr’ insert (-1) To avoid it you have to change the log level of the services. In debian squeeze edit /etc/default/snmpd and change these lines: SNMPDOPTS=’-Lsd -Lf …
Configuring Debian Wheezy Xen 4.1 Hypervisor
Introduction: When I upgraded from Debian Lenny Xen 3.2.1 to Squeeze Xen 4.0, except for the DOMu hard disks names (from /dev/hdax to /dev/xvdax), I had very little changes to do and all went pretty well. Lately I wanted to upgrade from Squeeze Xen 4.0 to Wheezy Xen 4.1 and I had a few very …
Rebuild MySQL replication slave LIVE from master
Problem: You have 2 MySQL servers in the configuration Master ==>> Slave and the slave has gone very badly out of sync with the master. Normally it’s no real problem if you can lock the master tables, make a dump of the databases of the master and import them back into the slave. But the …
Encryp and decrypt files using GnuPG, Mcrypt and OpenSSL
Although there are many tutorials concerning encrypting files sometimes one wants just to encrypt/decrypt files with only a passphrase. This what this article is about. This article is based on the great tutorials found at: http://bitflop.com/document/86. For a fuller Tutorial on GnuPG: http://bitflop.com/document/129 Thanks to the author for the good work. GnuPG Encryption: $ gpg …
Redirect POST requests
Since quite a while it was not possible to use the Apache mod_rewrite to redirect POST resquests. After the browser received a redirect response code 301(permanent) or 302(temporary) from a POST request it redirected the request to the new URL but using a GET method. After research I found out that since some time the …
Converting character sets in text
Following a problem I had when trying to checkout old files from CVS repository I found out how to display the hex value of certain characters and how to convert them as well. Most older filenames have been encoded with the character set ISO-8859-1(latin-1) or ISO-8859-2(European) or ISO-8859-15(European+EURO sign). Mopst new systems are working with …
Installation of GIT, Gitolite and Gitweb in Debian Squeeze
Note: This tutorial is based on this very good site, thanks for the work: http://geroldm.com/2011/10/howto-setup-gitolite-in-debian/ Introduction: This is a simple and step by step tutorial on how to install GIT server and Gitolite in Debian Squeeze.Since GIT has no authentication/authrization methods on its own Gitolite does fill in. Gitolite allows to control new creation of …
Some useful commands for Zimbra
Show the expiry date of the installed certificate: Run as root user: /opt/zimbra/bin/zmcertmgr viewdeployedcrt all |grep notAfter Restart all the Zimbra services Run as zimbra user: zmcontrol stop ; zmcontrol start Check the status of all running Zimbra services: Run as zimbra user: zmcontrol status Display the version of the current Zimbra: Run as zimbra …
Configuring Zimbra to deliver mail using SSL/TLS
Reference: http://wiki.zimbra.com/index.php?title=Outgoing_SMTP_Authentication#Enable_TLS ssh root@server.mydomain.com su – zimbra zmlocalconfig -e postfix_smtp_tls_security_level=may zmcontrol restart Sent an email to normal postfix server: Check the headers of received email: Received: from server.mydomain.com (static.66.240.40.188.clients.your-server.de [188.40.240.66]) by mail.mydomain.com (Postfix) with ESMTPS id E457F3E09E for ; Fri, 19 Apr 2013 23:35:31 +0200 (CEST) Sent to GMAIL server: Received: from server.mydomain.com (static.66.240.40.188.clients.your-server.de. [188.40.240.66]) …
Basics of Linux Logical Volume Manager
Concept: Physical Volume(PV): Real partition which can be assigned to a pool of resource to create/manage logical volumesLogical Volume Group(LG): Pool of resources (partitions) which can be used to create/manage Logical volumesLogical Volumes(LV): Logical Partitions which can be formatted and used just like a normal partition. The difference is that these Logical Partitions can be …
php5-cgi fills up memory, too many processes.
Problem Description: I just solved a strange situation where peu-à-peu the number of php5-cgi processes kept on increasing till all the RAMS were used and the system went to a crawl no more responding to web requests. Cause: After the maximum number of requests got reached for a php5-cgi requests the process gets detached from …
Converting Windows text files to Linux
Here is a small overview of how (in)compatible computer operating systems are. Normal text files end the lines as follows: Windows: CR+LF Linux: LF OS X: CR In order to convert line ends here are few tricks I extracted from this page(many thanks to the author): http://kb.iu.edu/data/acux.html dos2unix and unix2dos The utilities dos2unix and unix2dos …
Deleting files securely
To erase files recursively in a specific directory with best security and make it almost impossible to recover any of the files in that directory, run the following command: cd /dir/where/to/delete/files/ find . -type f | while read file ; do shred –verbose –remove –zero -n 10 $file ; done I say almost because the …
WARN: nodename xxxx uuid changed yyyy
Reference: This a complete ‘copy’ of the very useful info page at this link: http://www.pc-professionals.com/blog/cloning-a-linux-heartbeat-3-node/ Some heartbeat problems when starting: While setting up a Linux Heartbeat failover cluster, you may be tempted to set up one server node and clone the machine to create the other nodes that will make up your cluster. This is …
Install Geotrust certificate in Zimbra 8.x
The best way to install a RapidSSL cert is via the CLI as the root user. Reference: (18-12-2012 @ 23:39 BST) http://elijahpaul.co.uk/2012/12/installing-a-rapidssl-certificate-on-zimbra-8-0/#.UVjDBhlSP5g 1. Start by logging into your Zimbra servers CLI via SSH. 2. As root begin by generating a Certificate Signing Request (CSR). Below replace ‘mail.yourdomain.com’ with the FQDN of your Zimbra server. /opt/zimbra/bin/zmcertmgr …
Configuring DKIM Authentication in Zimbra
Configuring Zimbra 8.x to use DKIM Authentication Example for ‘mydomain.com’ ssh root@zimbra.mydomain.com su – zimbra Creating the DKIM keys for a domain: /opt/zimbra/libexec/zmdkimkeyutil -a -d mydomain.com Example of result: 50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED._domainkey IN TXT ( “v=DKIM1; k=rsa; ” “p=MIGfMA0GCSqGSIb3DQEBAQUCA4GNADCBiQKBgQDodIcoFWJsfsSzsdINY/ZiOKn3qKLt+qmEl1cDYApi0PCHwQmqTl9mhRKs3obfgN8O9nT227CDg9NI7MMu8r0fOatQRQ1YHesDmHIo1lELioDNd5QZPg1AUum0CPsDuR+YI5AG5wZhZ4c3ei0Uv3cu4aTIhGrRgnD081sysJ5vZwIDAQAB” ) ; —– DKIM key 50F0EEFE-AB8C-11E2-B7AE-FC2CE654A0ED for mydomain.com IMPORTANT: Enter the above result as TXT field in the …
Verifying Web Server certificates
In the world of so many types and variations of available certificates it is sometimes difficult to be sure that the components of a certificate are fitting together. For this purposes here are some commands that will help. Verifying the a certificate chain Whether the certificates are WEB certificates or CA(Certificate of Authority) all the …
Install Geotrust/RapidSSL certificate in Zimbra 8.0.x
This How-to is based on the following page and after failing to install myself my commercial certificate I feel very grateful for his contribution: http://elijahpaul.co.uk/2012/12/installing-a-rapidssl-certificate-on-zimbra-8-0/#.UVjDBhlSP5g The best way to install a RapidSSL cert is via the CLI as the root user. 1. Start by logging as root superuser into your Zimbra servers CLI via SSH. …
Display UUID of a partition in Debian Squeeze
To display the UUID of all the found partitions in system and their /dev/… equivalent issue the command: ls -l /dev/disk/by-uuid/