Old Posts

Restoring Web Applications for edrandall.co.uk Section A - Install & Configure the WebServer with SSL Support Install the required ubuntu webserver packages aptitude install apache2 php5 php5-mcrypt php5-curl Create the following webserver configuration files: * /etc/apache2/conf.d/ejr-servers.conf NameVirtualHost 192.168.2.2:443 * /etc/apache2/sites-available/restore.edrandall.co.uk ServerName restore.edrandall.co.uk <VirtualHost 192.168.2.2:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key DocumentRoot /var/www/ <Directory "/var/www"> Order deny,allow Deny from all Authname "restore.edrandall.co.uk" AuthUserFile /var/www/.htpasswd AuthType Basic Require valid-user Allow from 192.168.2. Satisfy Any </Directory> </VirtualHost> * /etc/apache2/ports....

A) iptables script #!/bin/bash ipt=$(which iptables) #Flush all existing rules $ipt -F #Set default policies $ipt -P INPUT DROP $ipt -P OUTPUT ACCEPT $ipt -P FORWARD DROP $ipt -A INPUT -i lo -j ACCEPT #Allow stuff back in that we’ve sent out $ipt -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #Allow inbound SSH to this box $ipt -A INPUT -p tcp --dport 22 --source 172.16.0.0/16 -j ACCEPT #Save the rules /sbin/service iptables save #Show the rules $ipt --list -n -v Test (from desktop machine):...

Creating an Encrypted Disk Partition Created a new logical partition (/dev/vda5) which is 500MB in size After a reboot, check the partition is there and looks okay: fdisk -cul /dev/vda Prepare the partition for encryption (enter YES and passphrase when prompted): cryptsetup luksFormat /dev/vda5 Unlock the encrypted partition cryptsetup luksOpen /dev/vda5 encpartition Have a look in the /dev/mapper directory, there’s an entry for /dev/mapper/encrypted partition: lrwxrwxrwx. 1 root root 7 Feb 21 12:24 /dev/mapper/encpartition -> ....

Download the epel packages from: http://fedoraproject.org/wiki/EPEL Edit the files: /etc/yum.repos.d/epel-repo and /etc/yum.repos.d/epel-testing.repo Uncomment the following line: #baseurl=http:// Comment the following line (Otherwise yum won’t find the epel packages and won’t work properly.): mirrorlist=http:// Install cobbler: yum install cobbler policycoreutils-python-2.0.83-19.18.el6.i686 Install mod_python for apache yum install mod_python Install dhcp yum install dhcp Install syslinux and syslinux-tftpboot yum install syslinux syslinux-tftpboot Cobbler and SELinux don’t play nice together. Whilst it is possible to configure cobbler to work with selinux, it is easier to disable it altogether....

I know there’s many ways to do this, but I quite like this method for a batch file rename: ls foo*.jpg | awk '{print("mv "$1" "$1)}' | sed 's/foo/bar/2' | /bin/bash If you want to do a dry run first, then just omit the pipe to bash: ls foo*.jpg | awk '{print("mv "$1" "$1)}' | sed 's/foo/bar/2'

Sometimes SCP, SFTP or other methods of file transfer aren’t available. Using netcat and tar, files can be archived and sent over the network on the fly, like this: On the destination server: mkdir /destination/directory cd /destination/directory nc -l 7000 | tar x On the source server: cd /source/directory tar cf - * | nc destination-hostname 7000

Its useful to have a dedicated logfile which contains details of packets which are dropped or rejected by your iptables firewall. This will allow to you see when connection attempts are being made to your server by IP addresses which are being blocked. This can also be extremely useful when troubleshooting your iptables firewall. If you’re not up to speed with iptables, then you’ll need to find another guide to work through....

On the primary DB node: Enable binary logging in my.cnf: [mysqld] log_bin=mysql-bin server-id=1 Restart MySQL /etc/init.d/mysqld restart Create a user for replication: mysql> GRANT REPLICATION SLAVE ON *.* TO 'user'@'1.2.3.4' IDENTIFIED BY 'slavepass'; Find filename of binlog: mysql> show master status; Do the mysqldump of the database you want to replicate: mysqldump -c –create-options -u root -ppassword –lock-tables databasename > dump.sql Copy the sql file over to the slave: scp dump....

USB hard disks are often allocated different device names by Linux each time the system boots. For example: what is currently recognized as /dev/sda1 may well end up being /dev/sdb1 after a reboot. To get round this, it is possible to mount disks by label rather than device name by taking the following steps (as root): First of all, you need to see if the partition in question already has a label:...

Creating a self-signed certificate for an apache server is fairly straightforward. The following steps show you how to do it on an ubuntu / debian based system running apache: If it doesn’t already exist, make the directory for the key, csr and certificate to go in: mkdir /etc/apache2/ssl Go to that directory: cd /etc/apache2/ssl Generate the private key (Enter a passphrase when prompted, we’ll remove this later) openssl genrsa -des3 -out server....