Must Reads

Create a Data Backup Plan. What, When & Where

This article covers server backups and guides you through the process of designing a backup plan. The process will result in a data backup plan that the business is comfortable with. How much data and time can your business lose without damaging your reputation and income? When a disaster hits,

Read more

How to add new maps to Minecraft | Linux Server

This article explains how to add new maps to Minecraft. We’re working with a Linux server and we’re going to download maps from public download sites. We’re starting with a working Linux Mincraft server. See how to start from scratch with Minecraft on Linux here “https://www.agix.com.au/minecraft-server-linux-centos-7/”. So far i’m yet

Read more

Minecraft server on Linux CentOS 7

This article shows how to run a Minecraft server on CentOS or Redhat 7. We’re going to download Minecraft, put it in the right place, open the right firewall ports, start Minecraft with sensible settings and run it in a state that we can change things later without having to

Read more

Baseline Security Template | Servers

This article is a template for you to copy and modify to fit your business needs. The security baseline described here is for a business. Scope This document described the baseline security posture of business servers. The server may be in the cloud or local infrastructure. The operating system is

Read more

Which VPN is best for your business?

A great article worth your time to read taking into account recent Edwin Snowden comments. The article compares the popular VPN types in use today. The best one? OpenVPN followed closely by IKEv2 (+IPSec). Personally i’d go for IKEv2 if i had a mixed environment (Windows and Macs) and if

Read more

Baseline Security Template | Workstations

This article is a template for you to copy and modify to fit your business needs. The security baseline described here is for a business. Scope This document described the baseline security posture of business workstations. A workstation is either a desktop computer or laptop or similar. A workstation is

Read more

When the Cloud is a bad thing

For those of you who follow my articles, you’d know that i’m a fan of the cloud. But more than that i’m a fan of using the right tool for the job. The decision on whether or not to use the cloud in your business should be an informed one.

Read more

How to hide your Online activity

It’s pretty simple to hide what you’re doing online. You’ve basically got two options, a) use a VPN, and b) use TOR. I’ll discuss both here. I’m simply sharing this information to answer questions. I’m not suggesting you use this for any dark reasons. Be good! The simplest way to

Read more

Install ClamAV on CentOS 7 with Ansible

This HowTo shows how to install ClamAV and schedule scans using Ansible. There are Ansible modules for this but it’s so simple that you might as well just do it yourself. Create your playbook. Put the following into a file called “ansible-play-install-clamav.yml”. — – hosts: all sudo: yes tasks: –

Read more

Secure WordPress the Hardcore Way

I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts

Read more

Tripwire on CentOS 7

Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The

Read more

Add & Remove CloudWatch Alarms with AWS CLI

All sysadmins need to know the state of the servers they look after. CloudWatch lets sysadmins monitor their Amazon AWS resources and be alerted when things go wrong. And by wrong, i mean “out of the norm”. For example, if the CPU goes above a percentage, we should be notified

Read more

Remotely access MySQL on an OpenShift server

OpenShift doesn’t allow remote access to MySQL gear. You have to use IPTables to work around this limitation. The good news is that it’s a simple process. This article is a walk-through showing how i’ve done it. First we need to get the application ID of the OpenShift application we’re

Read more

Ansible Variables – a 5 minute Intro

Ansible supports “variables” just like any scripting language. Actually, Ansible uses the YAML format and YAML supports variables. Confused, don’t be. It’s simple. You don’t need to know YAML to use Ansible and i bet you’ve already got things working with Ansible enough that you’re ready to start expanding your

Read more

Hacking Redhat in times of Panic

We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d prevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore

Read more

Restrict access to Multiple files in Apache

Apache has plenty of access control features that can help prevent unauthorised access to key parts of your site. This article is about giving a 404 (access denied) response when someone tries to access specific files on your site. In the examples below, we’ll be restricting access to two PHP

Read more

One to One NAT. A “Checklist”

There’s a million things you need to do to get one-to-one NAT working. This is my checklist – a list that’s saved my bacon many-a-time. Let’s suppose the situation is that you have a single host with multiple virtual machine running in it. The host has a network connection to

Read more

How to run a command at a given time

Sometimes we want to run a single command at a later time. We could use Cron but that’s more for running commands every day, week, month, etc. Instead we can use the “at” command. The “at” command works in 24 hour time. So to run something at “12:15” means running

Read more

Varnish 4 as a Load Balancer

Varnish makes a great load balancer with a very simple configuration process, tolerance features and exceptional caching performance. Things have changed between version 3 and 4 so this article gives an example of how to build a load balancer with Varnish 4. vcl 4.0; import std; import directors; #Specify the

Read more

Google Docs in Offline mode (G-Suite)

Google puts offline settings all over the place. It would be nice if there was a button in the G-Doc interface somewhere that said “Enable offline more for my documents” but sadly there isn’t. But it’s not hard to enable. Here’s how: In this example, i’ve used “example.com” as my

Read more

Solution to CORS with Apache

This is how to resolve the CORS issue on an Apache server. The short of it is that a web page may require the browser to make Jquery calls to another server which rightfully rings alarm bells. Add the following to the Apache vhost on the target server – where

Read more

Install VirtualBox on CentOS and RHEL

This article demonstrates how to install VirtualBox on CentOS 7 and RHEL systems. cd /etc/yum.repos.d/ wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo rpm -Uvh http://epel.mirror.net.in/epel/7/x86_64/e/epel-release-7-8.noarch.rpm Install required packages: yum install gcc make patch dkms qt libgomp yum install kernel-headers kernel-devel fontforge binutils glibc-headers glibc-devel Check where the kernel headers went. We need that for a

Read more

Install Vagrant on CentOS 7 and RHEL

This article demonstrates how to install Vagrant on CentOS 7 and RHEL. Note that as of recently, Vagrant is installed differently. Download it for your OS here “https://www.vagrantup.com/downloads.html”. The following is only if you want to do it the old way. sudo yum install ruby sudo gem install vagrant Find

Read more

Send SSH commands from PHP 5.6 (php56w)

This article explains how to send SSH commands (SSH, SCP, SFTP) to a remote server using php. In this example we have a working php56w installation with Apache. We’re using CentOS 7. SELinux is enabled. Download the libraries: https://sourceforge.net/projects/phpseclib/files/phpseclib1.0.5.zip/download Unzip the files into a new library directory: # Go to

Read more

OpenSSL urgent upgrade notice

The OpenSSL team have released an advisory to upgrade to version 1.1.0c. Read the notice here: “https://www.openssl.org/news/secadv/20161110.txt”. Redhat’s article can be found here: “https://access.redhat.com/security/cve/cve-2016-7054”. Severity: High TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue

Read more

Migrating Moodle to Enterprise LMS

This article explains how to migrate your Moodle to Enterprise LMS. My objective here is to migrate the entire Moodle including theme, plugins, users and course data from my Moodle to eLMS. I need SSH (command line) access to my Moodle for this to work because i need to backup

Read more

Load Testing with Siege

This article is a walk-through of how to use Siege to load (or performance) test a website. In this example the target is the Magento application. The question is “how many visitors can the target site handle while keeping page maximum load times below 10 seconds”? There are add-on tools

Read more

Auditors that ask stupid questions | IT

Honestly, the next time i am on the receiving end of an IT audit and am asked if the workstations have antivirus installed, i’ll go crazy! It’s like all auditors who aren’t “real auditors” simply go through the same old questions and fail to ask the questions that matter. I

Read more

Rsync and the “Argument list too long” problem

If you try to rsync a subset of many files from a single directory, you might get the error “Argument list too long”. Actually, you can get this error with many bash commands. This article explains how to work around it. rsync -avz /images/* cdn.example.com:/images/ -bash: /usr/bin/rsync: Argument list too

Read more

Varnish, Apache and NginX – Side by Side

This article explains how Varnish, Apache and NginX fit together and/or differ. Varnish is an excellent cache and speeds up web-sites significantly. Terminate the HTTP connection at Varnish on port 80 and point Varnish internally to an NginX server listening for HTTP on port 81 (they can’t both be on

Read more

Create a Samba3 simple printer server

In this article we’re adding a Samba 3 server to a Workgroup and configuring the Samba server to serve a printer. This article includes CUPS but not Printer Drivers. I’ve made some comments at the end of this article which are worth your time to read if you need direction

Read more

WordPress Multisite example for SysAdmins

If you’re a system administrator and you’ve been asked to create a WordPress Multisite, you’re in the right place. You simply need to add the following line to the “wp-cofig.php” file right above the “/* That’s all, stop editing! Happy blogging. */” line. define(‘MULTISITE’, true); define(‘SUBDOMAIN_INSTALL’, true); define(‘DOMAIN_CURRENT_SITE’, ‘blog.example.com’); define(‘PATH_CURRENT_SITE’,

Read more

Scanners remember everything

As part of your IT Security policy, you should consider that modern scanners (possibly part of a multi function device) have hard disks which store scanned documents. These hard disks would allow others who acquire your discarded scanner to view your scanned documents. My suggestion is to remove the hard

Read more

Changing the speed and duplex of Ethernet

This article shows how to set and change the speed and duplexing of an Ethernet device. You can see more examples at “http://www.cyberciti.biz/faq/linux-change-the-speed-and-duplex-settings-of-an-ethernet-card/”. View the current settings: mii-tool The output will be something similar to the following. Notice only physical network devices are listed. eth0: negotiated 1000baseT-FD flow-control, link ok

Read more

Upgrade php-fpm to version 7 on CentOS 7

This article demonstrates how to upgrade php-fpm to 7.0. This information is based on “https://webtatic.com/packages/php70/”. Get the repositories ready: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm Do the upgrade: yum install yum-plugin-replace yum replace php-common –replace-with=php70w-common Confirm your work: php -v Share This:

Read more

Extend XFS filesystem on CentOS 7 and RHEL 7

This article shows how to expand a filesystem on a CentOS 7 or Redhat Enterprise Linux 7 system by adding a second disk/filesystem. The disk in this example is “/dev/sda” and it has two filesystems on it “/dev/sda1” and “/dev/sda2”. There is plenty of unused disk space available no “/dev/sda”.

Read more

Creating a Hello World program in Assembly Language in 5 minutes

This article walks you through the process of building a very simple program in assembly language in 5 minutes. Tutorial programs usually go by the name “Hello World” because that’s all they print out to the screen. Plenty of this information came from: http://www.tutorialspoint.com/assembly_programming/assembly_environment_setup.htm. Install the tools. yum install nasm

Read more

Minimal Squid as a Transparent Proxy

This article demonstrates how to configure a Squid transparent proxy. We’re using CentOS or Redhat here but the configuration its self will work on any distribution. Note that Debian related distributions call it “squid3” while Redhat related distributions just call it “squid”. A few extra notes. We’re going to be

Read more

Hide Apache version information (CentOS and RHEL 6)

This is a short howto to hide the Apache version information on a CentOS or similar server. Open the file “/etc/httpd/conf/httpd.conf” and change the following options to be as detailed below: ServerTokens ProductOnly ServerSignature Off Now restart Apache and the version should be hidden. Share This:

Read more

Securing Apache SSL on CentOS 7

This howto describes how to keep an Apache server up to date with SSL security. Test your own server at: https://www.ssllabs.com/ssltest/analyze.html Run the above SSL scan first and then, if you score less than an “A”, continue on to make these changes. Edit the following in your “/etc/httpd/conf.d/ssl.conf”: SSLProtocol +TLSv1.2

Read more

Build an EC2 using Ansible Step By Step

This article explains step by step how to create (spin up) an EC2 instance within AWS using Ansible and a few extras. Unlike 100% of other articles out there, this one actually demonstrates how to do it. Pay attention to the date of this article because things DO change over

Read more

Show top requests on Varnish

When logged into the Varnish server, you can see which requests are most common using the commands below. These will help determine popular content and also assist with troubleshooting during high-load times. The following command shows the requests from the Internet to Varnish: varnishtop -i TxURL The following command shows

Read more

Simple Ping Monitor – Windows

Just a simple script thrown together to record the time and date of an outage on a server using ping from a Windows machine. You can view the data in Excel from this script if you set excel to separate the file using carriage returns. @ECHO OFF echo Monitoring Server

Read more

Force SSHd to allow keys only, no passwords

This article is an example of a “/etc/ssh/sshd_config” file that forces the use of SSH keys. Password logins are disabled. Root logins are disable too. Tip for testing: You can login as root, apply these settings and then test it with a second session – this won’t kick you off

Read more

Letsencrypt With Apache and CentOS7

This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and

Read more

Disable logging for Named/Bind

This article demonstrates how to disable logging for the bind / named service. Why? Because you may not like DNS errors filling up your logs. Unlike most of our articles, this is not focused on CentOS or Redhat. Add the following to the end of you “/etc/named.conf”. This file sometimes

Read more

Simple Rsyslog/MySQL Log Viewer in PHP

I’ve previously documented how to configure Rsyslog to store logs in MySQL which gives a good tutorial on setting up MySQL as the Rsyslog backend and also remote logging to that Rsyslog server. To extend on that, you can easily view and filter the logs using the php web-app below.

Read more

Limiting access by IP to SSH on CentOS7 and RHEL7

This article explains how to use TCPWrappers to control which hosts can connect to a server using SSH. The two files we’ll be using are “/etc/hosts.allow” and “/etc/hosts.deny”. As the names imply, we’re controlling which “hosts” can access the server, not which users. Find out more here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html Why not

Read more

Rsyslog and MySQL on CentOS7 and Redhat 7

This article explains how to create an Rsyslog server that logs to MySQL (MariaDB). We’ve used CentOS 7 for this article. A few tips to save you time: 1. If you’re logging from a remote node to this server, make sure you have proper host names because that’s what ends up

Read more

ClamAV on CentOS7/Redhat7 – Periodic disk scans

This article explains how to install and configure periodic scans with ClamAV on CentOS7 or Redhat (RHEL) 7 servers. Much of this came from “https://ismailyenigul.wordpress.com/2015/01/05/install-clamav-on-centos-7/”. I’ve updated this article with a work-around for the (seemingly common) cron issue. Clamscan doesn’t seem to run from “/etc/cron.d/whatever” but does from “crontab -e”. Install

Read more

Restricting access to Apache with htaccess

The .htaccess file can restrict access to web browsers to specific things. I’ve written about this (on this blog) previously. However, here i talk about file types. The snippets below are (or can be) the entire contents of the .htaccess file. Prevent access to bash files that shouldn’t be in

Read more

Small business IT security

Recently i wrote about the importance of a sensible IT setup for small businesses. See it here http://www.agix.com.au/?p=5422. I discussed security but skipped a-lot to keep it simple. This document goes further into depth. A well thought and simple computer network goes a long way to good security but the

Read more

Small Business IT Bible – This is the right way.

I update this article periodically to keep it current. The principles never change though.  Who should read this? Those who are responsible for small business IT systems. Do things the right way. When staff ask why things aren’t as simple or easy as they’d like, you know their expectations of business

Read more

Stop DDoS attack using IPTables

A distributed denial of service attack (or DDoS) will either bring your server down or significantly degrade its performance. This article explains a quick way to tackle the problem. The IPTables firewall rules that follow ensure packets are limited to a set number per period of time. This rule will

Read more

Configure NTP Client Gentoo

Just a quick reference for setting up your Gentoo server to get its time from an NTP server either local or on the Internet. Get NTP onto the machine emerge –ask -jv ntp Edit the NTP config vi /etc/ntp.conf Comment out the servers that you do not need and add

Read more

Create a self-signed Apache/HTTPS certificate on CentOS

Create the key and set a passphrase: openssl genrsa -des3 -out server.key 2048 Create the csr file making sure the CN (common name) matches whatever domain name it represents such as “www.agix.local”. This requires the passphrase from the step above: openssl req -new -key server.key -out server.csr Remove the passphrase:

Read more

Import data into AWS’s MySQL – clean it first

You’ve dumped a DB from MySQL and didn’t use the “–no-triggers” option. Now you’re trying to import your data into RDS MySQL which complains that: ERROR 1227 (42000) at line xxx: Access denied; you need (at least one of) the SUPER privilege(s) for this operation You can solve this by

Read more

How to find where MySQL puts error logs

MySQL will use the “/etc/my.cf” file to learn where to put its error log file. However, if you don’t specify it, you don’t have access to the filesystem or you’re simply confused, try this. First log into MySQL and then run the following: mysql> show global variables like ‘log_error’; +—————+————————————–+

Read more

Backup Your DVD Collection with Linux

This post will show you how create a self contained machine that will backup your DVD collection without any effort from you (apart from placing the disc in the drawer). This is just a quick and simple script that was designed to help convert a 500+ strong collection of DVDs

Read more

The CIS Redhat RHEL 7 Security Recommendations

https://benchmarks.cisecurity.org/tools2/linux/CIS_Red_Hat_Enterprise_Linux_7_Benchmark_v1.1.0.pdf The above link is to the CIS (Center for Internet Security) PDF document for Redhat Enterprise Linux version 7. It’s essentially a “good practices” document that one should follow when hardening a RHEL 7 server. Share This:

Read more

Reset the root password in CentOS/Redhat 7

The process to reset the root password when you’ve forgotten it has changed in version 7 of Redhat and CentOS Linux. First you need to reboot and temporarily edit the Grub2 boot loader. Add the following to the end of the line starting with “Linux16”: rd.break enforcing=0 Boot using your

Read more

Custom Log Rotations

This article demonstrates how to add directories to your log rotation plan. For example, you may have a directory where you put custom logs for your applications or perhaps you want to rotate Magento (shopping platform) logs. You can use this method. You have to decide your retention and rotation

Read more