Secure WordPress the Hardcore Way

I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts

Read more

Tripwire on CentOS 7

Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The

Read more

Hacking Redhat in times of Panic

We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d┬áprevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore

Read more

Linux Must Reads

Install ClamAV on CentOS 7 with Ansible

This HowTo shows how to install ClamAV and schedule scans using Ansible. There are Ansible modules for this but it’s so simple that you might as well just do it yourself. Create your playbook. Put the following into a file called “ansible-play-install-clamav.yml”. — – hosts: all sudo: yes tasks: –

Read more

Secure WordPress the Hardcore Way

I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts

Read more

Tripwire on CentOS 7

Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The

Read more

Add & Remove CloudWatch Alarms with AWS CLI

All sysadmins need to know the state of the servers they look after. CloudWatch lets sysadmins monitor their Amazon AWS resources and be alerted when things go wrong. And by wrong, i mean “out of the norm”. For example, if the CPU goes above a percentage, we should be notified

Read more

Remotely access MySQL on an OpenShift server

OpenShift doesn’t allow remote access to MySQL gear. You have to use IPTables to work around this limitation. The good news is that it’s a simple process. This article is a walk-through showing how i’ve done it. First we need to get the application ID of the OpenShift application we’re

Read more

Ansible Variables – a 5 minute Intro

Ansible supports “variables” just like any scripting language. Actually, Ansible uses the YAML format and YAML supports variables. Confused, don’t be. It’s simple. You don’t need to know YAML to use Ansible and i bet you’ve already got things working with Ansible enough that you’re ready to start expanding your

Read more

Hacking Redhat in times of Panic

We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d┬áprevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore

Read more

Restrict access to Multiple files in Apache

Apache has plenty of access control features that can help prevent unauthorised access to key parts of your site. This article is about giving a 404 (access denied) response when someone tries to access specific files on your site. In the examples below, we’ll be restricting access to two PHP

Read more

One to One NAT. A “Checklist”

There’s a million things you need to do to get one-to-one NAT working. This is my checklist – a list that’s saved my bacon many-a-time. Let’s suppose the situation is that you have a single host with multiple virtual machine running in it. The host has a network connection to

Read more

How to run a command at a given time

Sometimes we want to run a single command at a later time. We could use Cron but that’s more for running commands every day, week, month, etc. Instead we can use the “at” command. The “at” command works in 24 hour time. So to run something at “12:15” means running

Read more