Linux

How to test and patch your server for the Shellshock exploit

To test your system to see if it is vulnerable to the ShellShock exploit, run the following command from the command line:

env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check'

If the reply from the command says “Vulnerable”, you should patch it immediately! The fix is actually quite simple and only takes a minute or so.

 

CentOS, Fedora, Redhat

Log into your server as root

yum update -y

 

Debian, Ubuntu, Mint

sudo apt-get update && sudo apt-get install --only-upgrade bash

That’s it! You can re-run the test command to verify your server has been successfully patched.

 
 
 

By admin on September 26, 2014 | Linux, Security | A comment?

How to create a CSR (Certificate Signing Request) in Linux using OpenSSL

Before you can purchase or create your own self signed SSL certificate, you must first create a CSR (Certificate Signing Request) and a Private Key. These two files much be created simultaneously or the resulting SSL certificate will not work.

As root, run the following command:

openssl req -nodes -newkey rsa:2048 -keyout sub.domain.com.key -out sub.domain.com.csr
Generating a 2048 bit RSA private key
............+++
.......................+++
writing new private key to 'sub.domain.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:State
Locality Name (eg, city) [Default City]:City
Organization Name (eg, company) [Default Company Ltd]:Business Name or Domain.com
Organizational Unit Name (eg, section) []:optional
Common Name (eg, your name or your server's hostname) []:sub.domain.com
Email Address []:optional

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Enter
An optional company name []:Enter

With the above command, both the CSR (sub.domain.com.csr) and Private Key (sub.domain.com.key) files are created.

It is important to note in the above example to use the fully qualified domain name (FQDN) for the “Common Name”. If you are going to use the certificate with www.domain.com, enter “www.domain.com”. If you are using an alternate subdomain, such as orders, type “orders.domain.com”.

Some SSL providers may create certificates that work for both domain.com and www.domain.com, but there is no guarantee this will work for you.

By admin on September 16, 2014 | Apache | A comment?

How to Resize a Linux Cloud Disk Size After an Upgrade

Scope

This article was written to outline the steps required to resize the disk space on a Codero Cloud instance that had previously been upgraded to a larger size.

 

Requirements

A Codero Cloud account
A running Codero Cloud instance that had previously been upgraded to a larger size.

 

Procedure

 

Log In

Log into your cloud instance as root using SSH

 

Verify upgraded size

You can verify the size of the drive had been upgraded by running the following command:

# fdisk -l /dev/xvda
Sample Output:

Disk /dev/xvda: 39.7 GB, 39728447488 bytes
255 heads, 63 sectors/track, 4830 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x000c1698
...

The available disk is 39.7GB

 

Verify current disk size

Check the current size of the disk by running the df (disk free) command

df -h
Sample Output:

Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda3       19G  1.1G   17G   6% /
tmpfs           497M     0  497M   0% /dev/shm
/dev/xvda1      485M   64M  396M  14% /boot

In this example the current usable disk size is 19G

 

Resize the disk

Resize the disk using the resize2fs command

# resize2fs /dev/xvda3
Sample Output

By admin on July 18, 2014 | Cloud, Linux | A comment?

How to use the nano command line editor in Linux

This article is designed to provide a few basic instructions for using the Linux nano command line editor. While nano does not offer the power of editors such as vi or vim, it works great for day to day editing where advanced features are not required.

Install nano

CentOS, Fedora, Redhat

sudo yum install nano

Ubuntu, Debian

sudo apt-get install nano

 

Start nano

nano /path/to/file/filename

 

Basic Editing

Using the nano editor is similar to most graphical editors you have used. Use the arrow keys to navigate the file, and type text as required. You can even use the Delete and Backspace buttons.

The keyboard is always in “insert” mode. You cannot de-select this to change to “over-strike” mode.

 

Keyboard shortcuts

Cancel: If you accidentally enter a command, you can cancel it anytime by pressing Ctrl+c to return to the editor.

 
Exit: Ctrl+x
If you have not saved your work, you will be promted to before exiting the program.

Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ?

Press y to save or n to exit without saving.

 
Save: Ctrl+o
To continue using the current file name, simply press Enter
To save to a new file name, enter the new name, then press Enter

 
Search: Ctrl+w
Enter the text you are searching for and press Enter
To search for additional instances of the same text, simply press Ctrl+w again followed by Enter

 
Search and Replace: Ctrl+\ (backslash)
Type the text to search for and press Enter.
Next type the text you are going to replace it with, then press Enter.
Before any text is replaced, the program will highlight the next intance it finds of the text to replace and will prompt you with the following question:

Replace this instance?

Press y to replace the displayed instance and move to the next.
Press n to skip and move to the next instance.
Press a to replace all instances found in the file.

By admin on July 5, 2014 | Linux | A comment?

How to use a2ensite and a2dissite with rpm based apache systems

One thing this author prefers, it is the Debian (apt-get) style use of a2ensite and a2dissite to enable and disable hosted domains. This guide will show you how to set up a similar system in rpm based (Redhat, Fedora, CentOS, etc) systems.

Set up instructions

To setup a similar system on your rpm based server, simply follow the steps outlined below.

Create the folder structure

As root, run the following commands:

mkdir /etc/httpd/sites-available
mkdir /etc/httpd/sites-enabled

Edit httpd.conf

The first step is to include the sites-enabled folder in your httpd.conf file.

nano /etc/httpd/conf/httpd.conf

Now add the following line at the bottom of the file and save the file.

Include sites-enabled/*.*

Restart apache to use the new setting

service httpd restart

Create the a2ensite and a2dissite commands

Create the following files and add the content displayed.

a2ensite

nano /usr/local/bin/a2ensite
#! /bin/bash

# bash script to use debian style vhosts
# vhost file must be in /etc/httpd/sites-available
# script will make a softlink to /etc/httpd/site-enabled
# and restart httpd
# use a2dissite to remove the link

AVAILABLE="/etc/httpd/sites-available"
ENABLED="/etc/httpd/sites-enabled"
FILE="$1"

if [ -f $AVAILABLE/$FILE ]
then
    	if [ -s $AVAILABLE/$FILE ]
        then
            	ln -s $AVAILABLE/$FILE $ENABLED/$FILE
                service httpd restart
        else
            	echo "File $FILE is empty. No action taken"
        fi
else
    	echo "File $FILE does not exist. No action taken"
fi

a2dissite

nano /usr/local/bin/a2dissite
#! /bin/bash

# bash script to use debian style vhosts
# vhost file must be in /etc/httpd/sites-available
# script will delete a softlink from /etc/httpd/site-enabled
# and restart httpd
# use a2ensite to restore the link

AVAILABLE="/etc/httpd/sites-available"
ENABLED="/etc/httpd/sites-enabled"
FILE="$1"

if [ -f $ENABLED/$FILE ]
then
    	rm -f $ENABLED/$FILE
        service httpd restart
else
    	echo "File $FILE does not exist. No action taken"
fi

Set the files as executable

chmod 744 /usr/local/bin/a2ensite
chmod 744 /usr/local/bin/a2dissite

How to use

The examples below assume you named the domain virtual configuration files after the domain name.

These versions of a2ensite and a2dissite differ from the Debian (apt-get) system by automatically restarting apache upon success. With apt-get based systems, you need to manually restart apache.

Create the virtual host configuration file

This can be used as a very basic, yet functioning virtual host configuration file:

nano /etc/httpd/sites-available/domain.com
<VirtualHost *:80>
        ServerAdmin     admin@domain.com
        ServerName	domain.com
        ServerAlias     www.domain.com
        DocumentRoot    /var/www/vhosts/domain.com/httpdocs/
        ErrorLog        /var/www/vhosts/log/error_log
        TransferLog     /var/www/vhosts/log/access_log
        LogLevel warn
</VirtualHost>

Enable a site

a2ensite domain.com

Disable a site

a2dissite domain.com
By admin on April 28, 2014 | Apache | A comment?

How to add an additional IP in Debian or Ubuntu

View Current Network Settings

Before we start, lets take a look at the current settings.

cat /etc/network/interfaces
auto eth0
iface eth0 inet static
address 123.34.45.56
netmask 255.255.255.0
gateway 123.34.45.1
hwaddress 00:12:34:56:78:9A
dns-nameservers 69.64.66.11 69.64.66.10

auto lo
iface lo inet loopback

 

Configure Updated Settings

Before proceeding, a couple of variables need to be defined.

EthX:1 = The interface your IP is connected to. If your current IP is set with auto eth0, you will use eth0:1. If your current IP is set with auto eth1, you will need to use eth1:1.
IpAddress = The IP address you are adding to your server.
GatewayIP = The IP address you are adding to your server, but replace the last octet with 1. Example: if your IP address is 123.45.67.89, then gatewayIP = 123.45.67.1

 
Using the variable defined above, you are ready to configure the network adaptor to use your new IP and gateway. Use the nano editor which comes installed by default with Ubuntu and add the following lines underneath dns-nameservers.

sudo nano /etc/network/interfaces
auto EthX:1
iface EthX:1 inet static 
address IpAddress
netmask 255.255.255.0 
gateway GatewayIP

Once you have entered the values correctly, press Ctrl+Enter to save it with the current filename, then press Ctrl+X to exit the editor.

Provided you entered your values correctly, verify the new settings by retyping the cat command:

cat /etc/network/interfaces
auto eth0
iface eth0 inet static 
address 123.34.45.56
netmask 255.255.255.0 
gateway 123.34.45.1 
dns-nameservers 69.64.66.11 69.64.66.10

auto eth0:1
iface eth0:1 inet static 
address 123.45.67.89
netmask 255.255.255.0 
gateway 123.45.67.1

auto lo
iface lo inet loopback

 

Apply setting to Interface

After you have determined the values entered are correct, restart networking with the following command:

sudo service networking restart
stop: Unknown instance: 
networking stop/waiting
administrator@ubuntu:~#

 

Finish

Your IP should now be working correctly.

By admin on March 6, 2014 | Debian / Ubuntu, Linux | A comment?
Tags:

How to partition a drive using fdisk

fdisk is the Linux disk partitioning utility. It should only be ran on unmounted drives, so a Live CD or similar is advised. More…

By admin on October 15, 2013 | Linux | A comment?

How to Mount a Drive in Linux

To mount a disk on boot, you will need to enter the disk/partition information in the fstab file. Before this, you should have the uuid of the partition.

1. Create the mount point

Create the mount point (directory) for the new partition. This is often done in /mnt or /media

mkdir /media/partition_name

2. Determine Drive to mount

Using UUID

Get the uuid of the desired partition by listing all partition uuids using

ls -l /dev/disk/by-uuid

Example Output:

lrwxrwxrwx 1 root root 10 Jan 5 07:36 42c03f8b-35e1-40bd-8661-e59606375863 -> ../../sda5
lrwxrwxrwx 1 root root 10 Jan 5 07:36 77c1e034-8557-4d86-9bb4-8cc41c45f379 -> ../../sda6
lrwxrwxrwx 1 root root 10 Jan 5 07:36 bc733608-976a-4982-8849-2445c6167385 -> ../../sda2
lrwxrwxrwx 1 root root 10 Jan 5 07:36 c443bb27-7ffb-4308-8727-f3504d904c0f -> ../../sda3
lrwxrwxrwx 1 root root 10 Jan 5 07:36 f10dee4e-d3af-4703-91c9-3b9cf24a7f81 -> ../../sda1

Use Drive notation

ls -l /dev/sd*

Example Output:

brw-rw—- 1 root disk 8, 0 Jan 5 07:36 /dev/sda
brw-rw—- 1 root disk 8, 1 Jan 5 07:36 /dev/sda1
brw-rw—- 1 root disk 8, 2 Jan 5 07:36 /dev/sda2
brw-rw—- 1 root disk 8, 3 Jan 5 07:36 /dev/sda3
brw-rw—- 1 root disk 8, 16 Jan 5 07:36 /dev/sdb
brw-rw—- 1 root disk 8, 17 Jan 5 07:36 /dev/sdb1

3. Add to fstab

Locate the partition and uuid you want to mount and add it to /etc/fstab

nano /etc/fstab
UUID= 42c03f8b-35e1-40bd-8661-e59606375863 /media/partition_name ext4 errors=remount-ro 0 1 

or

/dev/sdb1 /media/partition_name ext4 errors=remount-ro 0 1 

example:

/dev/sdb1               /mnt/ssd                ext2    defaults                0 0

4. Manual Mount

Manually mount the partition until the next reboot

mount /dev/sda5 /media/partition_name
By admin on October 9, 2013 | Linux | A comment?