Must Reads

Install ClamAV on CentOS 7 with Ansible

This HowTo shows how to install ClamAV and schedule scans using Ansible. There are Ansible modules for this but it’s so simple that you might as well just do it yourself. Create your playbook. Put the following into a file called “ansible-play-install-clamav.yml”. — – hosts: all sudo: yes tasks: –

Read more

Secure WordPress the Hardcore Way

I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts

Read more

Tripwire on CentOS 7

Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The

Read more

Add & Remove CloudWatch Alarms with AWS CLI

All sysadmins need to know the state of the servers they look after. CloudWatch lets sysadmins monitor their Amazon AWS resources and be alerted when things go wrong. And by wrong, i mean “out of the norm”. For example, if the CPU goes above a percentage, we should be notified

Read more

Remotely access MySQL on an OpenShift server

OpenShift doesn’t allow remote access to MySQL gear. You have to use IPTables to work around this limitation. The good news is that it’s a simple process. This article is a walk-through showing how i’ve done it. First we need to get the application ID of the OpenShift application we’re

Read more

Ansible Variables – a 5 minute Intro

Ansible supports “variables” just like any scripting language. Actually, Ansible uses the YAML format and YAML supports variables. Confused, don’t be. It’s simple. You don’t need to know YAML to use Ansible and i bet you’ve already got things working with Ansible enough that you’re ready to start expanding your

Read more

Hacking Redhat in times of Panic

We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d prevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore

Read more

Restrict access to Multiple files in Apache

Apache has plenty of access control features that can help prevent unauthorised access to key parts of your site. This article is about giving a 404 (access denied) response when someone tries to access specific files on your site. In the examples below, we’ll be restricting access to two PHP

Read more

One to One NAT. A “Checklist”

There’s a million things you need to do to get one-to-one NAT working. This is my checklist – a list that’s saved my bacon many-a-time. Let’s suppose the situation is that you have a single host with multiple virtual machine running in it. The host has a network connection to

Read more

How to run a command at a given time

Sometimes we want to run a single command at a later time. We could use Cron but that’s more for running commands every day, week, month, etc. Instead we can use the “at” command. The “at” command works in 24 hour time. So to run something at “12:15” means running

Read more

Varnish 4 as a Load Balancer

Varnish makes a great load balancer with a very simple configuration process, tolerance features and exceptional caching performance. Things have changed between version 3 and 4 so this article gives an example of how to build a load balancer with Varnish 4. vcl 4.0; import std; import directors; #Specify the

Read more

Google Docs in Offline mode (G-Suite)

Google puts offline settings all over the place. It would be nice if there was a button in the G-Doc interface somewhere that said “Enable offline more for my documents” but sadly there isn’t. But it’s not hard to enable. Here’s how: In this example, i’ve used “example.com” as my

Read more

Solution to CORS with Apache

This is how to resolve the CORS issue on an Apache server. The short of it is that a web page may require the browser to make Jquery calls to another server which rightfully rings alarm bells. Add the following to the Apache vhost on the target server – where

Read more

Install VirtualBox on CentOS and RHEL

This article demonstrates how to install VirtualBox on CentOS 7 and RHEL systems. cd /etc/yum.repos.d/ wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo rpm -Uvh http://epel.mirror.net.in/epel/7/x86_64/e/epel-release-7-8.noarch.rpm Install required packages: yum install gcc make patch dkms qt libgomp yum install kernel-headers kernel-devel fontforge binutils glibc-headers glibc-devel Check where the kernel headers went. We need that for a

Read more

Install Vagrant on CentOS 7 and RHEL

This article demonstrates how to install Vagrant on CentOS 7 and RHEL. Note that as of recently, Vagrant is installed differently. Download it for your OS here “https://www.vagrantup.com/downloads.html”. The following is only if you want to do it the old way. sudo yum install ruby sudo gem install vagrant Find

Read more

Send SSH commands from PHP 5.6 (php56w)

This article explains how to send SSH commands (SSH, SCP, SFTP) to a remote server using php. In this example we have a working php56w installation with Apache. We’re using CentOS 7. SELinux is enabled. Download the libraries: https://sourceforge.net/projects/phpseclib/files/phpseclib1.0.5.zip/download Unzip the files into a new library directory: # Go to

Read more

OpenSSL urgent upgrade notice

The OpenSSL team have released an advisory to upgrade to version 1.1.0c. Read the notice here: “https://www.openssl.org/news/secadv/20161110.txt”. Redhat’s article can be found here: “https://access.redhat.com/security/cve/cve-2016-7054”. Severity: High TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue

Read more

Migrating Moodle to Enterprise LMS

This article explains how to migrate your Moodle to Enterprise LMS. My objective here is to migrate the entire Moodle including theme, plugins, users and course data from my Moodle to eLMS. I need SSH (command line) access to my Moodle for this to work because i need to backup

Read more

Load Testing with Siege

This article is a walk-through of how to use Siege to load (or performance) test a website. In this example the target is the Magento application. The question is “how many visitors can the target site handle while keeping page maximum load times below 10 seconds”? There are add-on tools

Read more

Auditors who ask IT people stupid questions

Honestly, the next time i am on the receiving end of an IT audit and am asked if the workstations have antivirus installed, i’ll go crazy! It’s like all auditors who aren’t “real auditors” simply go through the same old questions and fail to ask the questions that matter. I

Read more

Rsync and the “Argument list too long” problem

If you try to rsync a subset of many files from a single directory, you might get the error “Argument list too long”. Actually, you can get this error with many bash commands. This article explains how to work around it. rsync -avz /images/* cdn.example.com:/images/ -bash: /usr/bin/rsync: Argument list too

Read more

Varnish, Apache and NginX – Side by Side

This article explains how Varnish, Apache and NginX fit together and/or differ. Varnish is an excellent cache and speeds up web-sites significantly. Terminate the HTTP connection at Varnish on port 80 and point Varnish internally to an NginX server listening for HTTP on port 81 (they can’t both be on

Read more

Create a Samba3 simple printer server

In this article we’re adding a Samba 3 server to a Workgroup and configuring the Samba server to serve a printer. This article includes CUPS but not Printer Drivers. I’ve made some comments at the end of this article which are worth your time to read if you need direction

Read more

WordPress Multisite example for SysAdmins

If you’re a system administrator and you’ve been asked to create a WordPress Multisite, you’re in the right place. You simply need to add the following line to the “wp-cofig.php” file right above the “/* That’s all, stop editing! Happy blogging. */” line. define(‘MULTISITE’, true); define(‘SUBDOMAIN_INSTALL’, true); define(‘DOMAIN_CURRENT_SITE’, ‘blog.example.com’); define(‘PATH_CURRENT_SITE’,

Read more

Scanners remember everything

As part of your IT Security policy, you should consider that modern scanners (possibly part of a multi function device) have hard disks which store scanned documents. These hard disks would allow others who acquire your discarded scanner to view your scanned documents. My suggestion is to remove the hard

Read more

Changing the speed and duplex of Ethernet

This article shows how to set and change the speed and duplexing of an Ethernet device. You can see more examples at “http://www.cyberciti.biz/faq/linux-change-the-speed-and-duplex-settings-of-an-ethernet-card/”. View the current settings: mii-tool The output will be something similar to the following. Notice only physical network devices are listed. eth0: negotiated 1000baseT-FD flow-control, link ok

Read more

Upgrade php-fpm to version 7 on CentOS 7

This article demonstrates how to upgrade php-fpm to 7.0. This information is based on “https://webtatic.com/packages/php70/”. Get the repositories ready: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm Do the upgrade: yum install yum-plugin-replace yum replace php-common –replace-with=php70w-common Confirm your work: php -v Share This:

Read more

Extend XFS filesystem on CentOS 7 and RHEL 7

This article shows how to expand a filesystem on a CentOS 7 or Redhat Enterprise Linux 7 system by adding a second disk/filesystem. The disk in this example is “/dev/sda” and it has two filesystems on it “/dev/sda1” and “/dev/sda2”. There is plenty of unused disk space available no “/dev/sda”.

Read more

Creating a Hello World program in Assembly Language in 5 minutes

This article walks you through the process of building a very simple program in assembly language in 5 minutes. Tutorial programs usually go by the name “Hello World” because that’s all they print out to the screen. Plenty of this information came from: http://www.tutorialspoint.com/assembly_programming/assembly_environment_setup.htm. Install the tools. yum install nasm

Read more

Minimal Squid as a Transparent Proxy

This article demonstrates how to configure a Squid transparent proxy. We’re using CentOS or Redhat here but the configuration its self will work on any distribution. Note that Debian related distributions call it “squid3” while Redhat related distributions just call it “squid”. A few extra notes. We’re going to be

Read more

Hide Apache version information (CentOS and RHEL 6)

This is a short howto to hide the Apache version information on a CentOS or similar server. Open the file “/etc/httpd/conf/httpd.conf” and change the following options to be as detailed below: ServerTokens ProductOnly ServerSignature Off Now restart Apache and the version should be hidden. Share This:

Read more

Securing Apache SSL on CentOS 7

This howto describes how to keep an Apache server up to date with SSL security. Test your own server at: https://www.ssllabs.com/ssltest/analyze.html Run the above SSL scan first and then, if you score less than an “A”, continue on to make these changes. Edit the following in your “/etc/httpd/conf.d/ssl.conf”: SSLProtocol +TLSv1.2

Read more

Build an EC2 using Ansible Step By Step

This article explains step by step how to create (spin up) an EC2 instance within AWS using Ansible and a few extras. Unlike 100% of other articles out there, this one actually demonstrates how to do it. Pay attention to the date of this article because things DO change over

Read more

Show top requests on Varnish

When logged into the Varnish server, you can see which requests are most common using the commands below. These will help determine popular content and also assist with troubleshooting during high-load times. The following command shows the requests from the Internet to Varnish: varnishtop -i TxURL The following command shows

Read more

Simple Ping Monitor – Windows

Just a simple script thrown together to record the time and date of an outage on a server using ping from a Windows machine. You can view the data in Excel from this script if you set excel to separate the file using carriage returns. @ECHO OFF echo Monitoring Server

Read more

Force SSHd to allow keys only, no passwords

This article is an example of a “/etc/ssh/sshd_config” file that forces the use of SSH keys. Password logins are disabled. Root logins are disable too. Tip for testing: You can login as root, apply these settings and then test it with a second session – this won’t kick you off

Read more

Letsencrypt With Apache and CentOS7

This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and

Read more

Disable logging for Named/Bind

This article demonstrates how to disable logging for the bind / named service. Why? Because you may not like DNS errors filling up your logs. Unlike most of our articles, this is not focused on CentOS or Redhat. Add the following to the end of you “/etc/named.conf”. This file sometimes

Read more

Simple Rsyslog/MySQL Log Viewer in PHP

I’ve previously documented how to configure Rsyslog to store logs in MySQL which gives a good tutorial on setting up MySQL as the Rsyslog backend and also remote logging to that Rsyslog server. To extend on that, you can easily view and filter the logs using the php web-app below.

Read more

Limiting access by IP to SSH on CentOS7 and RHEL7

This article explains how to use TCPWrappers to control which hosts can connect to a server using SSH. The two files we’ll be using are “/etc/hosts.allow” and “/etc/hosts.deny”. As the names imply, we’re controlling which “hosts” can access the server, not which users. Find out more here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html Why not

Read more

Rsyslog and MySQL on CentOS7 and Redhat 7

This article explains how to create an Rsyslog server that logs to MySQL (MariaDB). We’ve used CentOS 7 for this article. A few tips to save you time: 1. If you’re logging from a remote node to this server, make sure you have proper host names because that’s what ends up

Read more

ClamAV on CentOS7/Redhat7 – Periodic disk scans

This article explains how to install and configure periodic scans with ClamAV on CentOS7 or Redhat (RHEL) 7 servers. Much of this came from “https://ismailyenigul.wordpress.com/2015/01/05/install-clamav-on-centos-7/”. I’ve updated this article with a work-around for the (seemingly common) cron issue. Clamscan doesn’t seem to run from “/etc/cron.d/whatever” but does from “crontab -e”. Install

Read more

Restricting access to Apache with htaccess

The .htaccess file can restrict access to web browsers to specific things. I’ve written about this (on this blog) previously. However, here i talk about file types. The snippets below are (or can be) the entire contents of the .htaccess file. Prevent access to bash files that shouldn’t be in

Read more

Small business IT security

Recently i wrote about the importance of a sensible IT setup for small businesses. See it here http://www.agix.com.au/?p=5422. I discussed security but skipped a-lot to keep it simple. This document goes further into depth. A well thought and simple computer network goes a long way to good security but the

Read more

Small Business IT Bible – This is the right way.

I update this article periodically to keep it current. The principles never change though.  Who should read this? Those who are responsible for business IT systems. Do things the right way. When staff ask why things aren’t as simple or easy as they’d like, you know their expectations of business IT

Read more

Stop DDoS attack using IPTables

A distributed denial of service attack (or DDoS) will either bring your server down or significantly degrade its performance. This article explains a quick way to tackle the problem. The IPTables firewall rules that follow ensure packets are limited to a set number per period of time. This rule will

Read more

Configure NTP Client Gentoo

Just a quick reference for setting up your Gentoo server to get its time from an NTP server either local or on the Internet. Get NTP onto the machine emerge –ask -jv ntp Edit the NTP config vi /etc/ntp.conf Comment out the servers that you do not need and add

Read more

Create a self-signed Apache/HTTPS certificate on CentOS

Create the key and set a passphrase: openssl genrsa -des3 -out server.key 2048 Create the csr file making sure the CN (common name) matches whatever domain name it represents such as “www.agix.local”. This requires the passphrase from the step above: openssl req -new -key server.key -out server.csr Remove the passphrase:

Read more

Import data into AWS’s MySQL – clean it first

You’ve dumped a DB from MySQL and didn’t use the “–no-triggers” option. Now you’re trying to import your data into RDS MySQL which complains that: ERROR 1227 (42000) at line xxx: Access denied; you need (at least one of) the SUPER privilege(s) for this operation You can solve this by

Read more

How to find where MySQL puts error logs

MySQL will use the “/etc/my.cf” file to learn where to put its error log file. However, if you don’t specify it, you don’t have access to the filesystem or you’re simply confused, try this. First log into MySQL and then run the following: mysql> show global variables like ‘log_error’; +—————+————————————–+

Read more

Backup Your DVD Collection with Linux

This post will show you how create a self contained machine that will backup your DVD collection without any effort from you (apart from placing the disc in the drawer). This is just a quick and simple script that was designed to help convert a 500+ strong collection of DVDs

Read more

The CIS Redhat RHEL 7 Security Recommendations

https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf The above link is to the CIS (Center for Internet Security) PDF document for Redhat Enterprise Linux version 7. It’s essentially a “good practices” document that one should follow when hardening a RHEL 7 server. Share This:

Read more

Reset the root password in CentOS/Redhat 7

The process to reset the root password when you’ve forgotten it has changed in version 7 of Redhat and CentOS Linux. First you need to reboot and temporarily edit the Grub2 boot loader. Add the following to the end of the line starting with “Linux16”: rd.break enforcing=0 Boot using your

Read more

Custom Log Rotations

This article demonstrates how to add directories to your log rotation plan. For example, you may have a directory where you put custom logs for your applications or perhaps you want to rotate Magento (shopping platform) logs. You can use this method. You have to decide your retention and rotation

Read more

Removing the Magento var/log/system.log

This article discussed removal of the “var/log/system.log” Magento log file. You can find this file in your Magento installation path. A command such as the following would help: find /var/www -name “system.log” Tip: replace “/var/www” with the path to your Magento installation. Removing the “system.log” file has no effect from

Read more

Failed to write to disk Owncloud

After a fresh install of Owncloud you may get the following error after uploading a file larger than a couple of MB. “Failed to Write to Disk” This is a pretty quick and easy one to fix, it is just a setting in the php.ini file, for example on Gentoo

Read more

Testing SMTP from the CLI

This article will show two ways to test your SMTP server from the command line in Linux, these tests are very useful when setting up a new server and you just want to make sure you have it working before you continue on. Lets get started In this first example

Read more

Resetting a forgotten Owncloud password

To reset a forgotten owncloud password (Including the admin account) you can do the following. As root on your server enter the following command replacing $USER with the username of the account sudo -u www-data php /var/www/html/owncloud/occ user:resetpassword $USER You will be prompted to enter a new password and then

Read more

Quick Bash Tip – Creating Test Files

Need some test files sure you could use the below method: touch file{“1″,”2″,”3”} But why do that when you could just let bash do the work for you and use the following: touch file{1..100} I don’t want blank files to test with, they need to have some data in them..

Read more

Freeing Space on Gentoo

Gentoo machines (and Linux boxes in general) have a very nice habit of living for a long time and needing constant maintenance, while this is great it also means that they can go for long periods of time without a clean up and can start chewing up space on your

Read more

Add a New or Existing user to Multiple Groups using Ansible

There are several popular search results for this answer but they all skip the important part – and are incorrect as a result. — – hosts: all sudo: yes tasks: – user: name=myuser comment=”My User” groups=wheel,group1,group2 append=yes This is where they are (and likely you are) going wrong. The “groups”

Read more

Things to do when low on Disk Space

Whenever i get an alert from a system-monitoring tool like Munin or Nagios, it’s almost always a disk usage issue. Unfortunately the issue is usually cause by developers who don’t clean-up after deployments or accumulate temp files without a means to remove them when no longer needed. But there is

Read more

Create a .img file linux

Simple article to help you create a .img file that you can use to do some testing of different technologies or add to a virtual machine your hosting for more storage space or anything else you might need a .img file for. dd if=/dev/zero of=/home/brad/Desktop/test.img bs=1M Now you can use

Read more

Encrypt the things, Use of Cryptsetup

With all of the scary and some what questionable things that have made it into the news lately we cannot stress enough, you need to use encryption. Encryption on everything network traffic, passwords and storage media to list a few. This article is going to tell you how to setup

Read more

Internet of Things – We’ve got it wrong

I keep reading article where businesses have created “things” that can be accessed and controlled via the Internet such as the garage door, air conditioner and pot-plant watering systems. But all they’re doing is adding a module to an existing appliance to get a wow response and hope it sells.

Read more

Ansible as a Puppet Replacement

AGIX is a Linux only (well, 90%) service business so we spend every day installing, upgrading, changing and troubleshooting Linux servers of all types for clients across the world. For the past two years we’ve been using Puppet where suitable and have found it reasonably useful. But as time goes

Read more

Using GlusterFS from a Linux Workstation or Server

This is a very short HowTo to access a GlusterFS Volume from a workstation or Server. This document continues from “http://www.agix.com.au/easily-install-configure-glusterfs-on-redhat-centos/“. It will make more sense if you read that first. mkdir /mnt/gluster mount -t glusterfs 10.0.0.11:/gvol0 /mnt/gluster Where “10.0.0.11” is the IP address of any Gluster server. And “gvol0”

Read more