Showing category "2 Easy Step to Enable SSL" (Show all posts)
Posted by Mohamed Adam on Tuesday, February 21, 2012,
In :
SSH
 Backing up your website or blog can be an expensive and arduous task, requiring a variety of plugins,
or additional plans from your hosting provider – but it needn’t be
really. If you have SSH acces...
Continue reading ...
Posted by Mohamed Adam on Tuesday, February 21, 2012,
In :
SSH
25 Best SSH Commands / Tricks1) Copy ssh keys to user@host to enable password-less ssh logins.
ssh-copy-id user@host
To generate the keys use the command ssh-keygen
2) Start a tunnel from some machine’s port 80 to your local post 2001
ssh -N -L2001:localhost:80 somemachine
Now you can acces the website by going to http://localhost:2001/
3) Output your microphone to a remote computer’s speaker
dd if=/dev/dsp | ssh -c arcfour -C username@host dd of=/dev/dsp
This will output the sound fr... Continue reading ...
Permissions - Part II Working with PermissionsNow that you should have the basics of file permissions down, this section includes some "tips and tricks" that I use to ensure that permissions are properly set on servers. Home DirectoriesMost admins overlook the setting of permissions on user's home directories. I believe, this is because most admins do not have a good understanding of Unix Permissions (especially those coming from a Windows background). Because of this, most Linux Servers are d... Continue reading ...
File & Directory Permissions on LinuxSpecial BitsSo far, you have been shown the basic manipulation of file and directory permissions. However, there are quite a few circumstances which these will not be enough for the situation. For instance, what if you have a few people that have different "Default Groups", but are members of another group and you need them to all have write access to certain files. Or what if you have some less knowledgeable users that may accidentally delete other people... Continue reading ...
20 Things to Plan for an IT Disaster Recovery
Implementing a disaster recovery solution is dependent on three factors — 1) time 2) resources 3) dollar amount. Most organization doesn’t even think about DR when the IT infrastructure and applications are running without any issues. Most of them think about DR only when something breaks that created a major negative impact on the business.
If you are a sysadmin, or someone who is responsible for keeping the IT running,... Continue reading ...
Posted by Mohamed Adam on Friday, September 16, 2011,
In :
htop
HTOP:
htop is just like top, but on steroids. Once you are used to htop, you’ll never go back to top again. htop is a ncurses-based process viewer. You can interact with the htop using mouse. You can scroll vertically to view the full process list, and scroll horizontally to view the full command line of the process. This article explains 15 essential htop command examples.
Install Htoptop command is available on all Linux system by default. To use htop, you need to install it first. Go to htop ... Continue reading ...
2 Easy Steps to Enable SSL / HTTPS on Tomcat Server
If you are running tomcat server that runs only on HTTP, follow the 2 easy steps mentioned below, to configure tomcat for SSL.
1. Create Keystore using Java keytoolFirst use the keytool to create a java keystore as shown below. Make sure to note down the password that you enter while creating the keystore. # $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
Enter keystore password:
Re-enter new password:
What is your first and last name?...
SELinux Features: - Restricts access by subjects (users and/or processes) to objects (files)
- Provides Mandatory Access Controls (MACs)
- MACs extend Discretionary Access Controls (DACs (Standard Linux Permissions))
- Stores MAC permissions in extended attributes of file systems
- SELinux provides a way to separate: users, processes (subjects), and objects, via labeling, and monitors/controls their interaction
- SELinux is integrated into the Linux kernel
- Implements sandboxes for subjects and objects
- Default RH...
How do I determine CPU and Memory utilization, based on running processes in Linux using TOP?
Top command provides a real-time look at what is happening with your system. Top produces so much output that a new user may get over whelmed with all that’s presented and what it means. Let’s take a look at TOP one line at a time.
The first line in top: top - 22:09:08 up 14 min, 1 user, load average: 0.21, 0.23, 0.30 “22:09:08″ is the current time; “up... Continue reading ...
Here is the quick facts and comparison of Ext3 and Ext4 File systems: Hope this helps..!
Features | Ext3 | Ext4 | Stands For | Ext3 stands for third extended file system. | Ext4 stands for fourth extended file system. | Introduced | It was introduced in 2001. | It was introduced in 2008. | Kernel Support | Supports from Linux Kernel 2.4.15 | Supports from Linux Kernel 2.6.19 | Maximum individual file size supported | Maximum individual file size can be from 16 GB to 2 TB | Maximum individual file size can be from 16 GB to 16 TB | Maximu... |
Continue reading ...
Password Protect Your Webserver Pages
Managing user access to a Linux Intranet server is painless and quick as long as you know the basics of .htaccess files.Yet, I find some new administrators get frustrated by the lack of complete information on the internet. In some HOWTO guides, details regarding .htaccess are given, without mentioning that Apache must be configured and offering solutions. My hope is that this brief article gives a complete look at managing access with th... Continue reading ...
Beginner Server Administrator Commands
Command | Summary Use | arp | Command mostly used for checking existing Ethernet connectivity and IP address Most common use: arp This command should be used in conjunction with the ifconfig and route commands. It is mostly useful for me to check a network card and get the IP address quick. Obviously there are many more parameters, but I am trying to share the basics of server administration, not the whole book of commands.
| df | Display filesystem information Most common... |
Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
Kickstart
###KickStart [Unattended Installation]###
Kickstart helps to install system unattended. It uses kickstart configuration file and dhcp service for this.
In windows systems kickstart file is known as answer file.
###These are the steps happening.###
Server[dhcp+ks] client
1. asks IP and location of kickstart file
2.gives the info
3. Takes the ks.cfg file and mounts share of OS
###dhcp [nfs/ftp/http] + ks.cfg [nfs]... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
phpmyadmin
First of all add the rpmforge repository to user system. Explained hereNow : [root@localhost ~]# yum install phpmyadmin [root@localhost html]# vi /usr/share/phpmyadmin/config.inc.php And add the blowfish secret, $cfg['blowfish_secret'] = 'a8b7dafdferHJHJ^&U^45776TIUuiYc6d'; http://127.0.0.1/phpmyadmin/Now edit the phpmyadmin configuration file for apache [root@eastonch /]# vi /etc/httpd/conf.d/phpmyadmin.conf Order Deny,Allow ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
RAID
The following article explains what is Raid, what are important levels and how to install and configure a raid device in a linux system using the software mdadm. This is tested in Redhat rhel5 and also works with other distributions as fedora, centos etc.
What is RAID?
RAID is redundant array of independent or inexpensive disks. It is mainly used for data protection. It protects our data storage from failures and dat... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
Squid
Installing and configuring squid internet proxy can be found in the following link. http://helpinlinux.blogspot.com/2010/04/how-to-install-and-configure-squid.htmlAfter configuring the Squid proxy, You can install and configure Dansguardian.
Dansguardian is an add-on for squid. DG is having lots of list files to which we can add and remove entries easily. No need to write complicated ACL rules in squid.
DG acts a...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
Squid
This post explains how to enable user authentication on a squid proxy.
Suppose you have an ip 1.2.3.4 to be enabled for a user test_user
Syntax :
acl acl_name proxy_auth username REQUIRED
tcp_outgoing_address ipaddress acl_name
http_access allow acl_name
eg:-
acl auth_user2 proxy_auth test_user REQUIRED
tcp_outgoing_address 1.2.3.4 auth_user2
http_access allow auth_user2
And also you can create passwords for the users by using the following command
#htpa... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
Log Server
This article will explain installing and configuring a syslog log server in redhat enterprise linux. It'll work in other redhat distributions like centos, fedora etc.
Centralized log server (syslog server)
Suppose we have a server and 5 client machines. And we want to monitor the logs of all those client machines. In situations like this, we will use centralized server as a log server. Whatever events are ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
System Admin
The following post explains how to set ch attribute on a file.
root@me [~]# chattr +i /etc/fstab
root@me [~]# lsattr /etc/fstab
----i--A----- /etc/fstab
root@me [~]# chattr -i /etc/fstab
root@me [~]# lsattr /etc/fstab
-------A----- /etc/fstab
root@me [~]#
The letters "acdijsuADST" select the new attributes for the files: append only (a), compressed (c), no dump (d), immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u),no ... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
This post explains how to write a rule to reject something in iptables and how to log the working of iptables
First of all enable iptables loging in /etc/syslog.conf
#vi /etc/syslog.conf
kern.* /var/log/firewall
:wq
Restart the syslog daemon.
#service syslog restart
Create the log file specified in /etc/syslog.conf
#touch /var/log/firewall #log file.
Now Define the rules in following order. Log rule must be first.
This is a simple rule which will block response t... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
System Admin
This post explains how to block all ips except one accessing your system through ssh. Here we are using iptables firewall for blocking and allowing ips. These rules are tested on Centos linux and will work with other linux distros like redhat, fedora, etc.
Suppose you have your main server with ip 192.168.1.10
And you want to allow access from 192.168.1.4 only
Here is the rules :
Initial state [all accept]
root@test [~]# iptables -L
Chain IN... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
The following post explains how to setup a NTP server and client on redhat linux systems like rhel5. It will also work on centos, fedora, Suse linux etc.
[root@server ~]# rpm -qa | grep ntp
ntp-4.2.2p1-9.el5_3.2
NTP Server IP : 192.168.1.19
Client IP : 192.168.1.60
Client Configuration :
/etc/ntp.conf - primary conf file.
open the /etc/ntp.conf file and give the IP of the NTP server as follows
[root@work1 ~]# vi /etc/ntp.conf
server... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
System Admin
What is the use of screen command in linux? How to use it? The following post explains it.
Screen is a powerful tool useful for working in a remote environment. You can start a screen and execute the commands inside the screen. So even if the connection goes down between your system and remote system, you can later attach to the screen. The command will be working inside the screen.
Installation:
#yum install screen
#screen
Then execute t... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
First of all take the backup of the current timezone settings
mv /etc/localtime /etc/localtime.bkp
Now. Suppose you want to change the timezone to Asia/Kolkatta
ln -sf /usr/share/zoneinfo/Asia/Kolkatta /etc/localtime
Thats it. It should be fixed now.
Posted by Mohamed Adam on Tuesday, September 6, 2011,
The following command will block all the exceeding connections [ more than 3] from any ip address to this machine. This can be used against DDOS attack.
#iptables -A INPUT -p all -m connlimit --connlimit-above 3 -j REJECT
Suppose if you want to block only ssh connections, then use the following command.
iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT
for allowing 2 telnet connections per client... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
MYSQL
Resetting the mysql user password in safemode. Lets see how to reset the password of root user in Centos / redhat linux.
Step1 : Stop the mysql service
#/etc/init.d/mysqld stop
step2 : Enter mysql safemode
#mysqld_safe --skip-grant-tables &
Step3 : Change the password
mysql> update mysql.user set password=PASSWORD("NEWPASSWORD") where User='root';
Step4 : Flush the privileges
mysql> flush privileges;
Step5 : Its over. Now you can quit.
mysql>... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
phpmyadmin
First of all add the rpmforge repository to user system. Explained hereNow : [root@localhost ~]# yum install phpmyadmin [root@localhost html]# vi /usr/share/phpmyadmin/config.inc.php And add the blowfish secret, $cfg['blowfish_secret'] = 'a8b7dafdferHJHJ^&U^45776TIUuiYc6d'; http://127.0.0.1/phpmyadmin/Now edit the phpmyadmin configuration file for apache [root@eastonch /]# vi /etc/httpd/conf.d/phpmyadmin.conf Order Deny,Allow ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
System Admin
To know your public ip. It shows location and other details too. http://whatismyipaddress.com/For checking nameservers, mx record, A record, PTR record and other DNS details. http://www.intodns.com/Example: http://www.intodns.com/randeeppr.meFor checking the accessibility of your ip address or url. It gives ping results from many parts of the world. http://www.just-ping.com/For checking the domain details such as owner of the domain and contact details. http:/...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
In :
MYSQL
Tacking the back up of a database
mysqldump -u username -ppassword database_name > database_name.sql
For example
mysqldump -u root -pabc123 horde > horde.sql
Restoring the database
mysql database_name < database_name.sql
For example
mysql horde < horde.sql
Restart the mysql
/etc/init.d/mysqld restart Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
Steps for setting up apache with subversion [For debian system]
Step 1. Install apache [here 2.0.63] as
./configure --prefix=/usr/local/apache2 --with-port=2080 --enable-dav --enable-dav-fs --enable-rewrite --enable-so
make
make install
/usr/local/apache2/bin/apachectl start
/* make sure these packages are already installed in your system. Autoconf, libtool, phython 2, libxml, zlib, neon */
Install all packages from synaptic. Neon instructions can be get fro... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
This post explains how to install and configure phpmyadmin on ubuntu or debian systems.
Install phpmyadmin using apt-get
#apt-get install phpmyadmin
Copy the phpmyadmin apache configuration file to /etc/apache2/conf.d/
#cp /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/
Or
You can include the configuration file in apache2.conf by adding this line to it
Include /etc/phpmyadmin/apache.conf
No restart apache
#/etc/init.d/apache2 restart
Sometimes you may have to add a blowf... Continue reading ...
Posted by Mohamed Adam on Tuesday, September 6, 2011,
Suppose you have a site abc.com and in the document root directory of abc.com you have a directory "admin" in which you want to restrict the access to others. But you want to give access to clients from some ips.
You can do this by creating a .htaccess file under "admin" directory.
.htaccess file can be like this.
Order Deny,Allow
Deny from all
Allow from IP_address1
Allow from IP_address2
Allow from IP_address3
Allow from IP_address4
Allow from IP_address5
th... Continue reading ...
|
|