AGIX Discussion Security HowTo's

The Solution to Australia’s Cyber Security Threats

The cyber security threats are increasing and the solution either isn’t known or very poorly communicated to those who can actually make a difference. The later is my assumption and the topic of this article. No matter how many resources the authorities have, no matter how technologically advanced they are,

Read more
All Linux HowTo's Security HowTo's

Change an Active Directory password from Linux

This is how to change your Windows (Active Directory) password from a Linux system. First make sure you have “smbpasswd” installed. If not, install the “samba-common” package via YUM. The command to change your password is: smbpasswd -r dc.example.com The above specifies the domain controller that you want to change

Read more
All Linux HowTo's

How to add new maps to Minecraft | Linux Server

This article explains how to add new maps to Minecraft. We’re working with a Linux server and we’re going to download maps from public download sites. We’re starting with a working Linux Mincraft server. See how to start from scratch with Minecraft on Linux here “https://www.agix.com.au/minecraft-server-linux-centos-7/”. So far i’m yet

Read more
Windows HowTo's

“The filename, directory name, or volume label syntax is incorrect” when you add a hard drive to Windows 2008 R2 / 2012 backup

If you are using Windows backup and want to back up to multiple USB drives, you may receive the above error when configuring the second additional USB drive. If you do, execute the following steps to add it manually. Run Command Prompt under an administrator elevation. Run the following command

Read more
Security HowTo's

Which VPN is best for your business?

A great article worth your time to read taking into account recent Edwin Snowden comments. The article compares the popular VPN types in use today. The best one? OpenVPN followed closely by IKEv2 (+IPSec). Personally i’d go for IKEv2 if i had a mixed environment (Windows and Macs) and if

Read more
AGIX Discussion

Configure the TP-Link (MR6400) | Telstra 4G service with Static/Public IP

For times when standard broadband isn’t available, 4G may be a viable short term solution. This article notes what you need in order to get your service working. In this article we’ve used the TP-Link TL-MR6400 4G router. It has no ADSL capability. It has 4 ethernet ports, supports 802.11n

Read more
Security HowTo's

Secure WordPress the Hardcore Way

I’ve written about wordpress plenty of times and this time is on how to secure a wordpress installation. Specifically, i have been responsible for a few sites that’ve recently been hacked. Essentially the “bad guys” found a way to upload some files onto the sites and then execute php scripts

Read more
Security HowTo's

Tripwire on CentOS 7

Tripwire is a great tool to monitor your server for changes. Skip past my rant to get into the guts of it. Otherwise, enjoy! We all use wordpress because it’s easy to install, there’s plenty of people out there to create themes and it’s so easy to work with. The

Read more
All Linux HowTo's

Ansible Variables – a 5 minute Intro

Ansible supports “variables” just like any scripting language. Actually, Ansible uses the YAML format and YAML supports variables. Confused, don’t be. It’s simple. You don’t need to know YAML to use Ansible and i bet you’ve already got things working with Ansible enough that you’re ready to start expanding your

Read more
Security HowTo's

Hacking Redhat in times of Panic

We recently had a client who couldn’t sudo to become root. They received an error indicating that the “/etc/sudoers” file was corrupt. Being security minded people, they’d prevented the root user from logging in via SSH – which is a good idea by the way. Their only options were to restore

Read more
All Linux HowTo's

Export and List your EC2 IP Addresses and other details The Easy Way

Amazon doesn’t allow you to list or export your EC2 details using their web interface, at least not yet. Until then you have to use the “aws” command. Otherwise known as the “aws cli”. But it’s easier than you think. Get the “aws” cli tool from here: Windows: http://docs.aws.amazon.com/cli/latest/userguide/installing.html#install-msi-on-windows Mac

Read more
All Linux HowTo's

Varnish 4 as a Load Balancer

Varnish makes a great load balancer with a very simple configuration process, tolerance features and exceptional caching performance. Things have changed between version 3 and 4 so this article gives an example of how to build a load balancer with Varnish 4. vcl 4.0; import std; import directors; #Specify the

Read more
All Linux HowTo's

Install VirtualBox on CentOS and RHEL

This article demonstrates how to install VirtualBox on CentOS 7 and RHEL systems. cd /etc/yum.repos.d/ wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo rpm -Uvh http://epel.mirror.net.in/epel/7/x86_64/e/epel-release-7-8.noarch.rpm Install required packages: yum install gcc make patch dkms qt libgomp yum install kernel-headers kernel-devel fontforge binutils glibc-headers glibc-devel Check where the kernel headers went. We need that for a

Read more
All Linux HowTo's

Install Vagrant on CentOS 7 and RHEL

This article demonstrates how to install Vagrant on CentOS 7 and RHEL. Note that as of recently, Vagrant is installed differently. Download it for your OS here “https://www.vagrantup.com/downloads.html”. The following is only if you want to do it the old way. sudo yum install ruby sudo gem install vagrant Find

Read more
All Linux HowTo's Scripting HowTo's

Send SSH commands from PHP 5.6 (php56w)

This article explains how to send SSH commands (SSH, SCP, SFTP) to a remote server using php. In this example we have a working php56w installation with Apache. We’re using CentOS 7. SELinux is enabled. Download the libraries: https://sourceforge.net/projects/phpseclib/files/phpseclib1.0.5.zip/download Unzip the files into a new library directory: # Go to

Read more
All Linux HowTo's Scripting HowTo's

OpenSSL urgent upgrade notice

The OpenSSL team have released an advisory to upgrade to version 1.1.0c. Read the notice here: “https://www.openssl.org/news/secadv/20161110.txt”. Redhat’s article can be found here: “https://access.redhat.com/security/cve/cve-2016-7054”. Severity: High TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue

Read more
All Linux HowTo's

Load Testing with Siege

This article is a walk-through of how to use Siege to load (or performance) test a website. In this example the target is the Magento application. The question is “how many visitors can the target site handle while keeping page maximum load times below 10 seconds”? There are add-on tools

Read more
All Linux HowTo's

WordPress Multisite example for SysAdmins

If you’re a system administrator and you’ve been asked to create a WordPress Multisite, you’re in the right place. You simply need to add the following line to the “wp-cofig.php” file right above the “/* That’s all, stop editing! Happy blogging. */” line. define(‘MULTISITE’, true); define(‘SUBDOMAIN_INSTALL’, true); define(‘DOMAIN_CURRENT_SITE’, ‘blog.example.com’); define(‘PATH_CURRENT_SITE’,

Read more
Security HowTo's

Scanners remember everything

As part of your IT Security policy, you should consider that modern scanners (possibly part of a multi function device) have hard disks which store scanned documents. These hard disks would allow others who acquire your discarded scanner to view your scanned documents. My suggestion is to remove the hard

Read more
All Linux HowTo's

Changing the speed and duplex of Ethernet

This article shows how to set and change the speed and duplexing of an Ethernet device. You can see more examples at “http://www.cyberciti.biz/faq/linux-change-the-speed-and-duplex-settings-of-an-ethernet-card/”. View the current settings: mii-tool The output will be something similar to the following. Notice only physical network devices are listed. eth0: negotiated 1000baseT-FD flow-control, link ok

Read more
All Linux HowTo's

Upgrade php-fpm to version 7 on CentOS 7

This article demonstrates how to upgrade php-fpm to 7.0. This information is based on “https://webtatic.com/packages/php70/”. Get the repositories ready: rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm Do the upgrade: yum install yum-plugin-replace yum replace php-common –replace-with=php70w-common Confirm your work: php -v

Read more
All Linux HowTo's

Creating a Hello World program in Assembly Language in 5 minutes

This article walks you through the process of building a very simple program in assembly language in 5 minutes. Tutorial programs usually go by the name “Hello World” because that’s all they print out to the screen. Plenty of this information came from: http://www.tutorialspoint.com/assembly_programming/assembly_environment_setup.htm. Install the tools. yum install nasm

Read more
All Linux HowTo's Security HowTo's

Securing Apache SSL on CentOS 7

This howto describes how to keep an Apache server up to date with SSL security. Test your own server at: https://www.ssllabs.com/ssltest/analyze.html Run the above SSL scan first and then, if you score less than an “A”, continue on to make these changes. Edit the following in your “/etc/httpd/conf.d/ssl.conf”: SSLProtocol +TLSv1.2

Read more
AGIX Discussion

IaaS Alternatives to AWS (Google Cloud, Microsoft Azure and IBM Softlayer)

Amazon has a head-start with AWS IaaS services. We use AWS at AGIX by default because we know what they have to offer and we know what to expect with pricing and performance. We also have automation tools that work well with their stack. We’re often asked for alternatives for comparison

Read more
All Linux HowTo's

Show top requests on Varnish

When logged into the Varnish server, you can see which requests are most common using the commands below. These will help determine popular content and also assist with troubleshooting during high-load times. The following command shows the requests from the Internet to Varnish: varnishtop -i TxURL The following command shows

Read more
Scripting HowTo's

Simple Ping Monitor – Windows

Just a simple script thrown together to record the time and date of an outage on a server using ping from a Windows machine. You can view the data in Excel from this script if you set excel to separate the file using carriage returns. @ECHO OFF echo Monitoring Server

Read more
All Linux HowTo's Security HowTo's

Letsencrypt With Apache and CentOS7

This article demonstrates how to add Letsencrypt SSL certificates to a CentOS 7 apache server. Some information for this article was obtained (and simplified) from here: https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-centos-7 This is the minimum you’d do to get Letsencrypt working on your CentOS 7 or RHEL 7 server. We’re keeping SELinux on and

Read more
All Linux HowTo's

Disable logging for Named/Bind

This article demonstrates how to disable logging for the bind / named service. Why? Because you may not like DNS errors filling up your logs. Unlike most of our articles, this is not focused on CentOS or Redhat. Add the following to the end of you “/etc/named.conf”. This file sometimes

Read more
All Linux HowTo's Security HowTo's

Limiting access by IP to SSH on CentOS7 and RHEL7

This article explains how to use TCPWrappers to control which hosts can connect to a server using SSH. The two files we’ll be using are “/etc/hosts.allow” and “/etc/hosts.deny”. As the names imply, we’re controlling which “hosts” can access the server, not which users. Find out more here: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/s1-tcpwrappers-access.html Why not

Read more
All Linux HowTo's Security HowTo's

ClamAV on CentOS7/Redhat7 – Periodic disk scans

This article explains how to install and configure periodic scans with ClamAV on CentOS7 or Redhat (RHEL) 7 servers. Much of this came from “https://ismailyenigul.wordpress.com/2015/01/05/install-clamav-on-centos-7/”. I’ve updated this article with a work-around for the (seemingly common) cron issue. Clamscan doesn’t seem to run from “/etc/cron.d/whatever” but does from “crontab -e”. Install

Read more
Security HowTo's

Small business IT security

Recently i wrote about the importance of a sensible IT setup for small businesses. See it here http://www.agix.com.au/?p=5422. I discussed security but skipped a-lot to keep it simple. This document goes further into depth. A well thought and simple computer network goes a long way to good security but the

Read more
AGIX Discussion All Linux HowTo's Windows HowTo's

Small Business IT Bible – This is the right way.

I update this article periodically to keep it current. The principles never change though.  Who should read this? Those who are responsible for small business IT systems. Do things the right way. When staff ask why things aren’t as simple or easy as they’d like, you know their expectations of business

Read more
All Linux HowTo's

Configure NTP Client Gentoo

Just a quick reference for setting up your Gentoo server to get its time from an NTP server either local or on the Internet. Get NTP onto the machine emerge –ask -jv ntp Edit the NTP config vi /etc/ntp.conf Comment out the servers that you do not need and add

Read more
All Linux HowTo's Security HowTo's

Create a self-signed Apache/HTTPS certificate on CentOS

Create the key and set a passphrase: openssl genrsa -des3 -out server.key 2048 Create the csr file making sure the CN (common name) matches whatever domain name it represents such as “www.agix.local”. This requires the passphrase from the step above: openssl req -new -key server.key -out server.csr Remove the passphrase:

Read more
All Linux HowTo's

Ansible Playbook to add script to Cron.monthly (or whatever) in Redhat/CentOS

This playbook will add the script “myscript.sh” to the target machine(s) “/etc/cron.monthly” directory thereby having it run each month by cron. You can simply change the location to have it go into one of the other cron.x locations. I’ve used ansible version “ansible 1.9.4”. — – hosts: all sudo: yes

Read more
All Linux HowTo's

Apache won’t start – Name or service not known: mod_unique_id

Minor cause of frustration when you are installing Apache on a server that some one else has configured, is that if they have not setup the hosts file correctly apache will refuse to start. The error is in /var/log/apache2/error_log and looks like below: Name or service not known: mod_unique_id: unable

Read more