Weakening Cybersecurity to Help Catch Criminals – Hurts the Rest of Us!
There is talk of weakening Cybersecurity in an attempt to make it easier for authorities to listen in on criminal communications. The two obvious arguments against this are a) weakening security hurts everyone, and b) criminals will simply shift to other methods of communication. I will discuss both of those
Read moreAustralia to Introduce Laws to Weaken Cybersecurity
https://www.schneier.com/blog/archives/2017/07/australia_consi.html#comments I’ll be writing more on this in the coming days. I honestly hope this is not how it plays out. Share This:
Read moreHow to Limit SSH Users to RSYNC and SCP using RSSH
This article demonstrates how easy it is to limit users SSH’ing into your system to just Rsync and/or SCP. We’re using CentOS 6 for this demo. For example, suppose you want to allow users (or a script on a remote system) to SCP or Rsycn files to and from a
Read moreThe Case For Regulating Information Technology Services and Products in Australia
In this article, I am arguing that a regulated Information Technology industry will result in higher quality systems and software and a new focus on security. Australia is about to create a new cyber warfare division within the Australian Defence Force. Whilst the details are still secret, the objectives will
Read moreCreate a Data Backup Plan. What, When & Where
This article covers server backups and guides you through the process of designing a backup plan. The process will result in a data backup plan that the business is comfortable with. How much data and time can your business lose without damaging your reputation and income? When a disaster hits,
Read moreWindows 10 Sign-in Options Disabled
If you are trying to enable PIN or Fingerprint login options and you find that these options are disabled (with the message “Some settings are managed by your organization”), this is because it is done by Microsoft design. To resolve this you need to enable the “Turn on convenience PIN
Read moreHow to add new maps to Minecraft | Linux Server
This article explains how to add new maps to Minecraft. We’re working with a Linux server and we’re going to download maps from public download sites. We’re starting with a working Linux Mincraft server. See how to start from scratch with Minecraft on Linux here “https://www.agix.com.au/minecraft-server-linux-centos-7/”. So far i’m yet
Read moreMinecraft server on Linux CentOS 7
This article shows how to run a Minecraft server on CentOS or Redhat 7. We’re going to download Minecraft, put it in the right place, open the right firewall ports, start Minecraft with sensible settings and run it in a state that we can change things later without having to
Read moreWindows Server 2012 R2 WSUS Console Error (Reset Node Error)
Hi all, If you are getting a Reset Node Error when you are opening your WSUS console on Windows Server 2012 R2, first attempt to restart all associated Windows services (Update Services, WID / SQL, etc.). If that has not fixed it, open a command prompt with elevated privileges and
Read moreHow to add a volume to a running CentOS/Redhat 7 Linux EC2
This article walks you through adding a volume to a CentOS 7 / Redhat 7 EC2 while it’s running. In this example we’re going to replace the “/var/log” directory with a larger one to prevent the system from running out of disk space due to large logs. Log into AWS
Read more“The filename, directory name, or volume label syntax is incorrect” when you add a hard drive to Windows 2008 R2 / 2012 backup
If you are using Windows backup and want to back up to multiple USB drives, you may receive the above error when configuring the second additional USB drive. If you do, execute the following steps to add it manually. Run Command Prompt under an administrator elevation. Run the following command
Read moreBaseline Security Template | Servers
This article is a template for you to copy and modify to fit your business needs. The security baseline described here is for a business. Scope This document described the baseline security posture of business servers. The server may be in the cloud or local infrastructure. The operating system is
Read moreWhich VPN is best for your business?
A great article worth your time to read taking into account recent Edwin Snowden comments. The article compares the popular VPN types in use today. The best one? OpenVPN followed closely by IKEv2 (+IPSec). Personally i’d go for IKEv2 if i had a mixed environment (Windows and Macs) and if
Read moreBaseline Security Template | Workstations
This article is a template for you to copy and modify to fit your business needs. The security baseline described here is for a business. Scope This document described the baseline security posture of business workstations. A workstation is either a desktop computer or laptop or similar. A workstation is
Read moreSSL isn’t the saviour you thought it was
Think SSL protects websites? Think again. Check out this article and proof-of-concept “https://www.xudongz.com/blog/2017/idn-phishing/”. Try it yourself. Check out this article. Share This:
Read moreWhen the Cloud is a bad thing
For those of you who follow my articles, you’d know that i’m a fan of the cloud. But more than that i’m a fan of using the right tool for the job. The decision on whether or not to use the cloud in your business should be an informed one.
Read moreHow to hide your Online activity
It’s pretty simple to hide what you’re doing online. You’ve basically got two options, a) use a VPN, and b) use TOR. I’ll discuss both here. I’m simply sharing this information to answer questions. I’m not suggesting you use this for any dark reasons. Be good! The simplest way to
Read moreCreate backups (AMIs) of all running EC2s using a Bash Script
This article shows how you can backup all of your running EC2 instances using a Bash script. In this example we’re ensuring the machines are not rebooted at any time in the process. Also, these images are AMI file that we’d eventually delete because they will simply grow in numbers
Read moreBrowser Power | Comparing Firefox, Chrome and Safari on MacOS
It’s completely silly to compare web browser power usage over anything short of hours of usage by people doing the same thing. In this short article i simply leave the browser windows open for a short period of time, idle, and using websites that i use daily. So yes, this
Read moreConfigure the TP-Link (MR6400) | Telstra 4G service with Static/Public IP
For times when standard broadband isn’t available, 4G may be a viable short term solution. This article notes what you need in order to get your service working. In this article we’ve used the TP-Link TL-MR6400 4G router. It has no ADSL capability. It has 4 ethernet ports, supports 802.11n
Read moreFind and Fix MySQL Performance Problems with Indexes
So you have a MySQL database and it’s running like a dog. A slow dog, not one of those fast ones. This article is for you. Actually, this article is more of a story about a recent problem a client had with a large Magento database that had become too
Read moreInstall ClamAV on CentOS 7 with Ansible
This HowTo shows how to install ClamAV and schedule scans using Ansible. There are Ansible modules for this but it’s so simple that you might as well just do it yourself. Create your playbook. Put the following into a file called “ansible-play-install-clamav.yml”. — – hosts: all sudo: yes tasks: –
Read moreHow to Expire (disable) a User Account using Ansible
I dare you to find just one other article explaining how to expire a user account using Ansible. You didn’t and that’s why you’re here. An amazingly undocumented (well, there is doco but it’s rubbish) facility that’s more important than creating the user account in the first place. This is
Read moreSecure WordPress the Hardcore Way
I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts
Read moreTripwire on CentOS 7
Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The
Read moreAdd & Remove CloudWatch Alarms with AWS CLI
All sysadmins need to know the state of the servers they look after. CloudWatch lets sysadmins monitor their Amazon AWS resources and be alerted when things go wrong. And by wrong, i mean “out of the norm”. For example, if the CPU goes above a percentage, we should be notified
Read moreRemotely access MySQL on an OpenShift server
OpenShift doesn’t allow remote access to MySQL gear. You have to use IPTables to work around this limitation. The good news is that it’s a simple process. This article is a walk-through showing how i’ve done it. First we need to get the application ID of the OpenShift application we’re
Read moreTired of waiting, have the results emailed to you
Some commands take longer to complete than your willing to wait. In times like this you can have the results emailed to you with this very simple trick. Here’s a basic example: echo “apples” | mail -s “test” me@example.com – The above would send the email right away with the
Read moreAnsible Variables – a 5 minute Intro
Ansible supports “variables” just like any scripting language. Actually, Ansible uses the YAML format and YAML supports variables. Confused, don’t be. It’s simple. You don’t need to know YAML to use Ansible and i bet you’ve already got things working with Ansible enough that you’re ready to start expanding your
Read moreHacking Redhat in times of Panic
We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d prevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore
Read moreRestrict access to Multiple files in Apache
Apache has plenty of access control features that can help prevent unauthorised access to key parts of your site. This article is about giving a 404 (access denied) response when someone tries to access specific files on your site. In the examples below, we’ll be restricting access to two PHP
Read moreExport and List your EC2 IP Addresses and other details The Easy Way
Amazon doesn’t allow you to list or export your EC2 details using their web interface, at least not yet. Until then you have to use the “aws” command. Otherwise known as the “aws cli”. But it’s easier than you think. Get the “aws” cli tool from here: Windows: http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-msi-on-windows Mac
Read moreSetup a web server, git and directory permissions like a pro
Developers love by Git (or any repo, really) but we sysadmins generally don’t care. If the web-server is running and the modules are available, we’re happy! But there are times when a developer asks that a web-server be provisioned with the necessary php modules and also a place for them
Read moreOne to One NAT. A “Checklist”
There’s a million things you need to do to get one-to-one NAT working. This is my checklist – a list that’s saved my bacon many-a-time. Let’s suppose the situation is that you have a single host with multiple virtual machine running in it. The host has a network connection to
Read moreHow to run a command at a given time
Sometimes we want to run a single command at a later time. We could use Cron but that’s more for running commands every day, week, month, etc. Instead we can use the “at” command. The “at” command works in 24 hour time. So to run something at “12:15” means running
Read moreVarnish 4 as a Load Balancer
Varnish makes a great load balancer with a very simple configuration process, tolerance features and exceptional caching performance. Things have changed between version 3 and 4 so this article gives an example of how to build a load balancer with Varnish 4. vcl 4.0; import std; import directors; #Specify the
Read moreExperiences with pfSense in a business with internal servers
I can’t say enough good about pfSense. Having said that, i’m not against Cisco devices, Linux and BSD and other proprietary firewall devices and systems. But the PF does stand out as a great option. Like always, it’s about the right tool for the job and in this is what
Read moreSSL Certificate files. What are they and why do i care?
To have a website secured with SSL, the administrator needs to generate some files, send them off to an authority, get more file back and put them on the server where they are used to provide the security of SSL. Obvious. But the questions is, “what are these files?”. First
Read morepfSense v Cisco v Linux / BSD as a Router and Firewall
Which is better for your small business router/firewall? We’re comparing pfSense, Cisco and Linux / BSD. I realise pfSense is based on BSD. I realise there are millions of ways to configure a Linux or BSD server. And i realise there are hundreds of Cisco router/firewall models. That’s not the
Read moreView past performance of a RHEL or CentOS system
You can easily see how hard (or not) a Redhat or CentOS system was running on any given day within the past month. For example, if you want to know how hard a system was working three days ago, you can. Here’s how. The “sar” command shows “todays” performance. It
Read moreGoogle Docs in Offline mode (G-Suite)
Google puts offline settings all over the place. It would be nice if there was a button in the G-Doc interface somewhere that said “Enable offline more for my documents” but sadly there isn’t. But it’s not hard to enable. Here’s how: In this example, i’ve used “example.com” as my
Read moreSolution to CORS with Apache
This is how to resolve the CORS issue on an Apache server. The short of it is that a web page may require the browser to make Jquery calls to another server which rightfully rings alarm bells. Add the following to the Apache vhost on the target server – where
Read moreInstall VirtualBox on CentOS and RHEL
This article demonstrates how to install VirtualBox on CentOS 7 and RHEL systems. cd /etc/yum.repos.d/ wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo rpm -Uvh http://epel.mirror.net.in/epel/7/x86_64/e/epel-release-7-8.noarch.rpm Install required packages: yum install gcc make patch dkms qt libgomp yum install kernel-headers kernel-devel fontforge binutils glibc-headers glibc-devel Check where the kernel headers went. We need that for a
Read moreInstall Vagrant on CentOS 7 and RHEL
This article demonstrates how to install Vagrant on CentOS 7 and RHEL. Note that as of recently, Vagrant is installed differently. Download it for your OS here “https://www.vagrantup.com/downloads.html”. The following is only if you want to do it the old way. sudo yum install ruby sudo gem install vagrant Find
Read moreSet the inode limit in /etc/fstab for tmpfs on a CentOS or Redhat server
This article explains how to set the inode limit on a tmpfs on a CentOS or RHEL server. The default inode limit may be too small if you intend to store many small files on it. The following will set the tmpfs resource to 2GB with a default inode limit
Read moreSend SSH commands from PHP 5.6 (php56w)
This article explains how to send SSH commands (SSH, SCP, SFTP) to a remote server using php. In this example we have a working php56w installation with Apache. We’re using CentOS 7. SELinux is enabled. Download the libraries: https://sourceforge.net/projects/phpseclib/files/phpseclib1.0.5.zip/download Unzip the files into a new library directory: # Go to
Read moreOpenSSL urgent upgrade notice
The OpenSSL team have released an advisory to upgrade to version 1.1.0c. Read the notice here: “https://www.openssl.org/news/secadv/20161110.txt”. Redhat’s article can be found here: “https://access.redhat.com/security/cve/cve-2016-7054”. Severity: High TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue
Read moreMigrating Moodle to Enterprise LMS
This article explains how to migrate your Moodle to Enterprise LMS. My objective here is to migrate the entire Moodle including theme, plugins, users and course data from my Moodle to eLMS. I need SSH (command line) access to my Moodle for this to work because i need to backup
Read moreLoad Testing with Siege
This article is a walk-through of how to use Siege to load (or performance) test a website. In this example the target is the Magento application. The question is “how many visitors can the target site handle while keeping page maximum load times below 10 seconds”? There are add-on tools
Read moreAuditors that ask stupid questions | IT
Honestly, the next time i am on the receiving end of an IT audit and am asked if the workstations have antivirus installed, i’ll go crazy! It’s like all auditors who aren’t “real auditors” simply go through the same old questions and fail to ask the questions that matter. I
Read moreDo this every time you log into a Linux server
This is a list of things i do every time i log into a Linux server. It’s habit now and something you might consider doing too. Essentially we want to know who’s on the server, what the server state is and how different it is to normal. Check who’s on
Read moreRsync and the “Argument list too long” problem
If you try to rsync a subset of many files from a single directory, you might get the error “Argument list too long”. Actually, you can get this error with many bash commands. This article explains how to work around it. rsync -avz /images/* cdn.example.com:/images/ -bash: /usr/bin/rsync: Argument list too
Read moreInbound and Outbound SMTP Design for No Spam
Spam starts and ends with us technicians. It’s our servers that get compromised and it’s our servers that receive it at the other end. With this in mind, we need to ensure only “good” email is going out to the Internet and only “good” email coming in from the Internet.
Read moreVarnish, Apache and NginX – Side by Side
This article explains how Varnish, Apache and NginX fit together and/or differ. Varnish is an excellent cache and speeds up web-sites significantly. Terminate the HTTP connection at Varnish on port 80 and point Varnish internally to an NginX server listening for HTTP on port 81 (they can’t both be on
Read moreNew Moodle Hosting with High Availability – Free for now
AGIX is proud to be part of a very exciting project to build the Rolls-Royce or Moodle hosting services. The business is called Enterprise LMS (www.enterpriselms.com) and AGIX has been working with the eLMS team to get the new platform up and running and ready for use. Right now the
Read moreCreate a Samba3 simple printer server
In this article we’re adding a Samba 3 server to a Workgroup and configuring the Samba server to serve a printer. This article includes CUPS but not Printer Drivers. I’ve made some comments at the end of this article which are worth your time to read if you need direction
Read moreWordPress Multisite example for SysAdmins
If you’re a system administrator and you’ve been asked to create a WordPress Multisite, you’re in the right place. You simply need to add the following line to the “wp-cofig.php” file right above the “/* That’s all, stop editing! Happy blogging. */” line. define(‘MULTISITE’, true); define(‘SUBDOMAIN_INSTALL’, true); define(‘DOMAIN_CURRENT_SITE’, ‘blog.example.com’); define(‘PATH_CURRENT_SITE’,
Read moreScanners remember everything
As part of your IT Security policy, you should consider that modern scanners (possibly part of a multi function device) have hard disks which store scanned documents. These hard disks would allow others who acquire your discarded scanner to view your scanned documents. My suggestion is to remove the hard
Read moreChanging the speed and duplex of Ethernet
This article shows how to set and change the speed and duplexing of an Ethernet device. You can see more examples at “http://www.cyberciti.biz/faq/linux-change-the-speed-and-duplex-settings-of-an-ethernet-card/”. View the current settings: mii-tool The output will be something similar to the following. Notice only physical network devices are listed. eth0: negotiated 1000baseT-FD flow-control, link ok
Read moreSample NginX & php-fpm configuration with SSL on CentOS 7 and RHEL 7
This article shows an example configuration for NginX with php-fpm on CentOS 7. This is not a HowTo but rather something for you to copy/paste to help you on your way. The website domain is “www.example.com” and we’re serving SSL as well. You can ignore that part if you like.
Read moreUpgrade php-fpm to version 7 on CentOS 7
This article demonstrates how to upgrade php-fpm to 7.0. This information is based on “https://webtatic.com/packages/php70/”. Get the repositories ready: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm Do the upgrade: yum install yum-plugin-replace yum replace php-common –replace-with=php70w-common Confirm your work: php -v Share This:
Read moreExtend XFS filesystem on CentOS 7 and RHEL 7
This article shows how to expand a filesystem on a CentOS 7 or Redhat Enterprise Linux 7 system by adding a second disk/filesystem. The disk in this example is “/dev/sda” and it has two filesystems on it “/dev/sda1” and “/dev/sda2”. There is plenty of unused disk space available no “/dev/sda”.
Read moreCreating a Hello World program in Assembly Language in 5 minutes
This article walks you through the process of building a very simple program in assembly language in 5 minutes. Tutorial programs usually go by the name “Hello World” because that’s all they print out to the screen. Plenty of this information came from: http://www.tutorialspoint.com/assembly_programming/assembly_environment_setup.htm. Install the tools. yum install nasm
Read moreMinimal Squid as a Transparent Proxy
This article demonstrates how to configure a Squid transparent proxy. We’re using CentOS or Redhat here but the configuration its self will work on any distribution. Note that Debian related distributions call it “squid3” while Redhat related distributions just call it “squid”. A few extra notes. We’re going to be
Read moreHide Apache version information (CentOS and RHEL 6)
This is a short howto to hide the Apache version information on a CentOS or similar server. Open the file “/etc/httpd/conf/httpd.conf” and change the following options to be as detailed below: ServerTokens ProductOnly ServerSignature Off Now restart Apache and the version should be hidden. Share This:
Read moreSecuring Apache SSL on CentOS 7
This howto describes how to keep an Apache server up to date with SSL security. Test your own server at: https://www.ssllabs.com/ssltest/analyze.html Run the above SSL scan first and then, if you score less than an “A”, continue on to make these changes. Edit the following in your “/etc/httpd/conf.d/ssl.conf”: SSLProtocol +TLSv1.2
Read moreBuild an EC2 using Ansible Step By Step
This article explains step by step how to create (spin up) an EC2 instance within AWS using Ansible and a few extras. Unlike 100% of other articles out there, this one actually demonstrates how to do it. Pay attention to the date of this article because things DO change over
Read moreIaaS Alternatives to AWS (Google Cloud, Microsoft Azure and IBM Softlayer)
Amazon has a head-start with AWS IaaS services. We use AWS at AGIX by default because we know what they have to offer and we know what to expect with pricing and performance. We also have automation tools that work well with their stack. We’re often asked for alternatives for comparison
Read moreShow top requests on Varnish
When logged into the Varnish server, you can see which requests are most common using the commands below. These will help determine popular content and also assist with troubleshooting during high-load times. The following command shows the requests from the Internet to Varnish: varnishtop -i TxURL The following command shows
Read moreSimple Ping Monitor – Windows
Just a simple script thrown together to record the time and date of an outage on a server using ping from a Windows machine. You can view the data in Excel from this script if you set excel to separate the file using carriage returns. @ECHO OFF echo Monitoring Server
Read moreHow to remotely access a non-pubilc RDS within AWS (CentOS7 & RHEL7)
This article explains how to get around the problem of remote access to a non-public RDS database within Amazon’s AWS. The problem is that RDS databases can be set to public or private when being created but are not easy to change later due to DNS issues. There are ways
Read moreForce SSHd to allow keys only, no passwords
This article is an example of a “/etc/ssh/sshd_config” file that forces the use of SSH keys. Password logins are disabled. Root logins are disable too. Tip for testing: You can login as root, apply these settings and then test it with a second session – this won’t kick you off
Read moreGentoo – Failed to emerge sys-devel/automake-1.11.6-r1
Just lately I reinstalled my Gentoo server and when it came to putting Handbrake back on the system Portage began complaining that it was failing to emerge automake version 1.11.6. After checking the system I could see that I already had version 1.15 but that should not be causing the
Read moreLetsencrypt With Apache and CentOS7
This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and
Read moreDisable logging for Named/Bind
This article demonstrates how to disable logging for the bind / named service. Why? Because you may not like DNS errors filling up your logs. Unlike most of our articles, this is not focused on CentOS or Redhat. Add the following to the end of you “/etc/named.conf”. This file sometimes
Read moreSimple Rsyslog/MySQL Log Viewer in PHP
I’ve previously documented how to configure Rsyslog to store logs in MySQL which gives a good tutorial on setting up MySQL as the Rsyslog backend and also remote logging to that Rsyslog server. To extend on that, you can easily view and filter the logs using the php web-app below.
Read moreLimiting access by IP to SSH on CentOS7 and RHEL7
This article explains how to use TCPWrappers to control which hosts can connect to a server using SSH. The two files we’ll be using are “/etc/hosts.allow” and “/etc/hosts.deny”. As the names imply, we’re controlling which “hosts” can access the server, not which users. Find out more here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html Why not
Read moreRsyslog and MySQL on CentOS7 and Redhat 7
This article explains how to create an Rsyslog server that logs to MySQL (MariaDB). We’ve used CentOS 7 for this article. A few tips to save you time: 1. If you’re logging from a remote node to this server, make sure you have proper host names because that’s what ends up
Read moreClamAV on CentOS7/Redhat7 – Periodic disk scans
This article explains how to install and configure periodic scans with ClamAV on CentOS7 or Redhat (RHEL) 7 servers. Much of this came from “https://ismailyenigul.wordpress.com/2015/01/05/install-clamav-on-centos-7/”. I’ve updated this article with a work-around for the (seemingly common) cron issue. Clamscan doesn’t seem to run from “/etc/cron.d/whatever” but does from “crontab -e”. Install
Read moreRestricting access to Apache with htaccess
The .htaccess file can restrict access to web browsers to specific things. I’ve written about this (on this blog) previously. However, here i talk about file types. The snippets below are (or can be) the entire contents of the .htaccess file. Prevent access to bash files that shouldn’t be in
Read moreSmall business IT security
Recently i wrote about the importance of a sensible IT setup for small businesses. See it here http://www.agix.com.au/?p=5422. I discussed security but skipped a-lot to keep it simple. This document goes further into depth. A well thought and simple computer network goes a long way to good security but the
Read moreSmall Business IT Bible – This is the right way.
I update this article periodically to keep it current. The principles never change though. Who should read this? Those who are responsible for small business IT systems. Do things the right way. When staff ask why things aren’t as simple or easy as they’d like, you know their expectations of business
Read moreStop DDoS attack using IPTables
A distributed denial of service attack (or DDoS) will either bring your server down or significantly degrade its performance. This article explains a quick way to tackle the problem. The IPTables firewall rules that follow ensure packets are limited to a set number per period of time. This rule will
Read moreConfigure NTP Client Gentoo
Just a quick reference for setting up your Gentoo server to get its time from an NTP server either local or on the Internet. Get NTP onto the machine emerge –ask -jv ntp Edit the NTP config vi /etc/ntp.conf Comment out the servers that you do not need and add
Read moreCreate a self-signed Apache/HTTPS certificate on CentOS
Create the key and set a passphrase: openssl genrsa -des3 -out server.key 2048 Create the csr file making sure the CN (common name) matches whatever domain name it represents such as “www.agix.local”. This requires the passphrase from the step above: openssl req -new -key server.key -out server.csr Remove the passphrase:
Read moreTest the remote server certificates for SMTP and HTTPS
Test the remote servers HTTPS certificate: openssl s_client -showcerts -connect www.agix.local:443 Test the remote servers SMTP STARTTLS certificate: openssl s_client -connect mail.agix.local:25 -starttls smtp Share This:
Read moreAnsible Playbook to add script to Cron.monthly (or whatever) in Redhat/CentOS
This playbook will add the script “myscript.sh” to the target machine(s) “/etc/cron.monthly” directory thereby having it run each month by cron. You can simply change the location to have it go into one of the other cron.x locations. I’ve used ansible version “ansible 1.9.4”. — – hosts: all sudo: yes
Read moreImport data into AWS’s MySQL – clean it first
You’ve dumped a DB from MySQL and didn’t use the “–no-triggers” option. Now you’re trying to import your data into RDS MySQL which complains that: ERROR 1227 (42000) at line xxx: Access denied; you need (at least one of) the SUPER privilege(s) for this operation You can solve this by
Read moreApache won’t start – Name or service not known: mod_unique_id
Minor cause of frustration when you are installing Apache on a server that some one else has configured, is that if they have not setup the hosts file correctly apache will refuse to start. The error is in /var/log/apache2/error_log and looks like below: Name or service not known: mod_unique_id: unable
Read moreAndrew Galdes – discussion panel at Torrens University open day
The Torrens University Open Day was held on Saturday the 16th of Jan. I was honoured to be asked to participate in a discussion panel for young entrepreneurs. The discussions ranged from experiences to advice and later meeting one on one to discuss personal situations and how to achieve goals.
Read moreHow to find where MySQL puts error logs
MySQL will use the “/etc/my.cf” file to learn where to put its error log file. However, if you don’t specify it, you don’t have access to the filesystem or you’re simply confused, try this. First log into MySQL and then run the following: mysql> show global variables like ‘log_error’; +—————+————————————–+
Read moreBackup Your DVD Collection with Linux
This post will show you how create a self contained machine that will backup your DVD collection without any effort from you (apart from placing the disc in the drawer). This is just a quick and simple script that was designed to help convert a 500+ strong collection of DVDs
Read moreInstall and Test Tomcat7 on CentOS7 and RHEL7
This is a quick HowTo for Tomcat7 on Redhat Enterprise Linux and CentOS 7. The shortest answer to how to install Tomcat7 is to download it, extract it and start it. It runs natively on port 8080 so adjust your firewall accordingly or change the port that Tomcat wants to
Read moreThe CIS Redhat RHEL 7 Security Recommendations
https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf The above link is to the CIS (Center for Internet Security) PDF document for Redhat Enterprise Linux version 7. It’s essentially a “good practices” document that one should follow when hardening a RHEL 7 server. Share This:
Read moreReset the root password in CentOS/Redhat 7
The process to reset the root password when you’ve forgotten it has changed in version 7 of Redhat and CentOS Linux. First you need to reboot and temporarily edit the Grub2 boot loader. Add the following to the end of the line starting with “Linux16”: rd.break enforcing=0 Boot using your
Read moreInstalling and using VNCServer with only SSH open
This tutorial demonstrations how to install and use VNC without direct access to the VNC server. In this article we only have SSH access to the server. This means we have no option but to use VNC in a secure manner – via SSH. Install VNCServer and the desktop environment
Read moreSSH Tunnelling – Access services behind a firewall indirectly
This one-liner illustrates how to use SSH to tunnel through a firewall that allows only SSH. In this example, we’ll access the website on the other side of that server. Why do this? If the remote server “remote.server” has a firewall on it or between your workstation and that server
Read moreCreate a ZFS filesystem & Extend it over a new disk on CentOS or Redhat
In this tutorial we’re going to create a ZFS filesystem on Disk1 and then extend it to Disk2. We’re not going to worry about redundancy because this is a tutorial but ZFS does support common RAID types. We’ll configure ZFS for RAID0 (no parity, no redundancy). In the real world,
Read moreChrooting SCP with SELinux Enabled on Redhat/CentOS
This article demonstrates how to Chroot users for SSH file copies (SCP and RSYNC) on a CentOS or Redhat server. The same process can be used for SSH logins but there needs to be some dependancies in place for that. Try the following site for more details on those dependancies
Read moreCustom Log Rotations
This article demonstrates how to add directories to your log rotation plan. For example, you may have a directory where you put custom logs for your applications or perhaps you want to rotate Magento (shopping platform) logs. You can use this method. You have to decide your retention and rotation
Read more