Introduction: This HowTo assumes that the Internet access from VMs via DOM0 and the private LAN are done using the Bridge method. In the previous versions of Xen installation the bridges were dynamically built via the Xen scripts, in this version the bridges are built permanently as the DOM0 boots up. DOM0:xenbr0(eth0) —bridging==>> DOMUs:eth0 DOM0:pdummy0(dummy0) …
Category: Linux
Linux Tips and tricks, either for desktop or internal system.
Recursively delete files securely: shredding
Description: Every administrator should know that when we delete a file on the hard disk, almost nothing is really deleted. The space used by the files is simply put back on the list of ‘free to use‘ space in the filesystem and will no more appear in the directory listing. This means forensic tools can …
Create a new database and use in MySQL/MariaDB
These commands will create a new database in MySQL/MariaDB including a new user/password with full access to the DB. mysql -p -u root Enter the MySQL root password. mysql> CREATE DATABASE dbname CHARACTER SET utf8 COLLATE utf8_bin; mysql> GRANT ALL PRIVILEGES ON dbname.* TO ‘user’@’localhost’ IDENTIFIED BY ‘password’; mysql> FLUSH PRIVILEGES; mysql> QUIT
Reporting SMART status of RAID disks
Reference site: http://www.cyberciti.biz/faq/linux-checking-sas-sata-disks-behind-adaptec-raid-controllers/ Note: Although Hardware RAID controllers made by other hardware manufacturers here I use Adaptec as an example: Install the software: apt- get install smartmontools Curious which company the RAID controller is from? Find out which RAID controller you have: lspci | grep ‘RAID’ Result: 01:00.0 RAID bus controller: Adaptec Device 028b (rev …
Using SS tool for network troubleshooting
Introduction: The following article is been copied completely 1 to 1 (full plagiat!!)from the following site inn order to be able to refer to it here in case the article disappears from Internet access or moves location. http://www.linux-magazine.com/Issues/2015/181/Querying-Sockets-with-ss Linux Magazine. Article from Issue 181/2015 Author(s): Chris Binnie The unassuming ss utility is easy to understand …
Preventing a bash script from running concurrently
Introduction: In order to prevent a bash script instance from running more than once concurrently, here is a small tip on how to write the script. Script template: #!/bin/bash # Prevents that an instance of the script starts while another instance of it is still running scriptname=$(basename $0) lockfile=”/tmp/${scriptname}.lock” if [ -e $lockfile ]; then …
Issue free and CA signed SSL certificates for web servers from LetsEncrypt
Introduction: SSL Certificates provide two functions: 1. Authentication 2. Encryption Encryption can be achieved without authentication but, for some reason, someone decided to join them together in one certificate. It seem to make sense for banks and serious e-commerce sites which need to be properly authenticated. Therefore when the HTTPS protocol got developed it was …
Creating a web certificate CSR file.
The process of buying an SSL certificate for a web site is usually as follows: – You create a secret key and CSR files using the method showm in this post. – You cut and paste the content of the CSR file into a field in a SSL Vendor web site – The SSL vendor …
Scanning for viruses on a Debian/Ubuntu server
Situation: Although most viruses would be mostly harmless in a Linux environment if the viruses are just files laying around, BUT since a server is meant to SERVE it is one of the best place to spread the viruses to other systems where it could do damages. Solution: Scan the system or certain vulnerable directories …
Configuring HAproxy load balancer in Ubuntu 14.04
Goal: In this example HTTP requests are proxied directly as HTTP requests to the HTTP web servers. In the case of HTTPS requests, they are handled with the certificates by HAproxy and then proxied to the web servers as HTTP requests. SSLCertificates: The certificates for all virtualhosts being proxied are stored as one PEM format …
Example of using UFW firewall in Debian/Ubuntu
Introduction: I just started to use the firewall UFW which is a terminal commands based firewall. The tool seemed a bit difficult to understand at first but with a bit of trying and errors I finally got something working. So here is what I did. I install the UFW firewall: apt-get install ufw Assumption: I …
Installing pure-ftpd in Debian/Ubuntu
Difficulty with FTP servers and firewall: If you configure a firewall for a host which runs an FTP server you normally need to leave the ports 1024-65365 range open, since you never know which port the FTP server will use to send data to the FTP client. This situation is quite critical if you have …
Installing a newer git version in Debian/Ubuntu
Introduction: In many cases where Git is involved it’s possible ethat your distribution doesn’t offer the version of git that is appropriate to the software you want to run. In this case you can install from sources. Here is one method fro example to install the version 2.4.3. Steps: Remove packaged Git apt-get remove git …
Resetting MySQL passwords in Linux Debian/Ubuntu
In Linux Debian/Ubuntu an extra user debian-sys-maint which also has all the access rights is used for maintenance. It can also be used to reset users passwords especially the root password when lost. Here are some tips regarding resetting them. Resetting the ‘root’ passwordmysqladmin -u root -p password “MyNewPass”ORmysql -u debian-sys-maint -p update mysql.user set …
Fine tune Ubuntu TCP stack for web server
The following tips taken from the site will help reduce the TCP latency of Ubuntu as a web server : http://www.cyberciti.biz/faq/linux-tcp-tuning/
Limiting the number of connected clients on a VirtualHost in Apache
Problem: When a DDOS attack or a burst of requests are coming at the same time in my Apache2 Web server, the whole server can run out of RAM and crash. Possible solution: Limit the number of simultaneous connections to your Web server per VirtualHost Method: One simple and effective method done directly on the …
Using mod_cluster in Apache
The newly discovered Apache module mod_cluster seems to offer many advantages compared to mod_jk which could be used in the new Apache/Jboss environment. The following features are listed: – Dynamic configuration of httpd workers – Server-side load balance factor calculation – Fine grained web-app lifecycle control – AJP is optional – Compatible staring at JBoss …
Configuring Apache to handle WebSocks
WebSocks is supported by Apache starting at version 2.4.xx. Here are some minimal configuration for Apache 2.4.xx. in Ubuntu 14.04.x Install the proper modules: a2enmod proxy a2enmod proxy_wstunnel Configure the VirtualHost (only the WebSock part is shown here) # Make sure the backend server gets the right URL in ‘Location:’ http Header ProxyPreserveHost On # …
Install Java7 Runtime Engine in Debian Squeeze
Introduction: Debian Squeeze has only Java6 available. So here is one method to install Java7 on Debian Squeeze. Method 1: TARBAL. Steps cd /usr/src wget –no-cookies –no-check-certificate –header “Cookie: oraclelicense=accept-securebackup-cookie” “http://download.oracle.com/otn-pub/java/jdk/7u72-b14/jre-7u72-linux-x64.tar.gz” tar -xvzf jre-7u72-linux-x64.tar.gz mkdir /usr/lib/jvm mv /usr/src/jre1.7.0_72 /usr/lib/jvm/ ln -s /usr/lib/jvm/jre1.7.0_72/ /usr/lib/jvm/java-7-oracle cd /etc/alternatives mv java java.6 ln -s /usr/lib/jvm/java-7-oracle/bin/java java java -version
Verifying the integrity of files with md5sum
In order to transfer files and be sure that they were not compromised on their way to their destinations a method of ‘checksumming’ the file’s content can help. Under Linux the tool is called ‘md5sum’. Here is how to use it. For example to check the integrity of the downloaded Ubuntu Linux .iso file. md5sum …