deny access to .bash_profile .bashrc .bash_history apache

by Siru // October 7, 2014 // No Comments

Hello all,

You would have come across a situation where you had pointed the website to user’s home directory, where the user’s default files like .bash_profile .bashrc .bash_logout and .bash_history will be accessible from browser, which is a security drawback. We can deny access to those files by adding the below configuration file either in main httpd.conf file or virtualhost configuration just below DocumentRoot directive for the respective domains. This will deny access to web clients from viewing the contents of any filename that starts with .bash

  
       <Files ~ "^\.bash">
            Order allow,deny
            Deny from all
            Satisfy All
       </Files>

Thanks for viewing https://helpinlinux.com

Apache ssl passphrase automatic

by Siru // September 28, 2014 // No Comments

Hello all,

hope you are having tough time remembering the pass phrase that you created for apache ssl creation. Well, not anymore. We can disable pass phrase prompt on every apache restart by regenerating the key file without a pass phrase. This topic is made assuming that you already know the pass phrase.

[root@localhost.com ~]# /etc/init.d/httpd restart

Stopping httpd:                                            [OK]
Starting httpd: Apache/x.x.x mod_ssl/x.x.x (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server localhost.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.
                                                           [  OK  ]

Let’s overcome the above issue.

All we need is to regenerate the key file using our openssl command as shown below.

First let’s take a backup of the key file, for redundency.

[root@localhost.com]# cp -arp /etc/ssl/old.key /etc/ssl/old.key.bak

Now, we will generate the new pass phrase less key as mentioned below.

[root@localhost.com]#  openssl rsa -in /etc/ssl/old.key -out /etc/ssl/new.key
Enter pass phrase for /home/ssl/old.key:
writing RSA key
[root@localhost.com]#

Now, let’s replace the old key with the newly created one and restart apache.

[root@localhost.com]# mv /etc/ssl/new.key /etc/ssl/old.key
[root@localhost.com]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

It should restart without prompting the pass phrase, if not you have missed something.

Reference: http://mnx.io/blog/removing-a-passphrase-from-an-ssl-key/

Thanks for viewing https://helpinlinux.com

cannot login to any tty Linux

by Siru // September 22, 2014 // No Comments

Hello all,

It been days since I have posted stuffs, I am posting a new issue which I have come across from a client’s system. He come to me saying he is unable to login to Linux machine using root account, and asked me to reset the password. I have logged into console and booted the machine in single usermode and reset the password. However, after booting in normal mode when I enter the password it logs in and disconnects immediately and prompts me to enter username and password again. Sounds fishy right ? I have spend around 2 hours figuring out what has gone wrong. I have checked pam configuration, passwd file entry and everything using cat command. I saw everything was perfect., then later I added a new user and checked and I was able to login to the new account and not any of the old accounts including root account, then I opened the /etc/passwd file using vi command, guess what I have got ? See below.

Wow, its in Windows format. Looks like my client or his IT person has downloaded and uploaded the file from windows machine. We can either manual remove the ^M entries at the end of all lines or use the below command provided you have installed dos2unix package in your system.

#dos2unix /etc/passwd

This will fix the issue and you will now be able to login to the machine without issues.

Thanks for viewing https://helpinlinux.com

E: Internal Error, No file name for libc6

by Siru // July 19, 2014 // No Comments

Hello,

This is a known issue at Ubuntu, where you are not allowed to update or install any packages on the server.

root@machine:~# apt-get upgrade php5*
Reading package lists... Done
Building dependency tree
Reading state information... Done
You might want to run 'apt-get -f install' to correct these.
The following packages have unmet dependencies:
libuuid1 : Breaks: libuuid1:i386 (!= 2.20.1-1ubuntu3.1) but 2.20.1-1ubuntu3 is installed
libuuid1:i386 : Breaks: libuuid1 (!= 2.20.1-1ubuntu3) but 2.20.1-1ubuntu3.1 is installed
E: Unmet dependencies. Try using -f.

To fix this you can do the following command.

sudo apt-get clean

sudo apt-get install -fy

sudo dpkg -i /var/cache/apt/archives/*.deb

sudo dpkg --configure -a

reference: http://forumubuntusoftware.info/viewtopic.php?f=104&t=8611

Thank you for viewing https://helpinlinux.com

Creating Amazon Relational Database Service instance

by Siru // May 12, 2014 // No Comments

Hello,

The following steps will help us create RDS instance in AWS. I personally don’t recommend having RDS unless you are building a very high database cluster environment. You can use EC2 and instance database services, Just because it costs nearly double to that of your EC2 instance and has very limited level of access. Reference: http://dba.stackexchange.com/questions/34525/amazon-rds-for-mysql-vs-installing-mysql-on-an-amazon-ec2-instance .

1. Login to Amazon Web Services and choose Services, you will have various services that are offered by Amazon choose RDS from that, as shown below.

2. Once you clicked on it, you will be taken to a page similar to the one shown below. Choose instance tab from this.

3. Click on Launch DB instance from the page similar to the one shown below.

4. Now, you need to choose your database software preferences, I am choosing MySQL for now.

5. If you are using your server for production which requires better IO performance for read and write data, I recommend you to click “Yes, use Multi-AZ Deployment for high availability”(yes, it costs you more).

6. Now, choose/provide all the database information as shown in the image below.

7. Enable backup if you wish to, you will need to mention the database maintenance time if any, that do not overlap with the database backup time.

8. Review and launch.

Yay !!! You have your RDS server now. You a MySQL client to connect to the database server, the hostname will be a fully qualified domain name that you can see from the instance.

Thank you for viewing https://helpinlinux.com

AWS EC2 instance resources increasing/decreasing

by Siru // May 10, 2014 // No Comments

Hello,

I have searched over the internet and actually couldn’t find a easy post that helps users to increase EC2 instance’s resources. [Note: Please take a snapshot of your instance before changing the plan, just in case if something goes wrong we can restore it where we left].

1. Login to Amazon EC2 interface and select the instance column. You will get a similar view as shown below.

2. Select the desired instance and click on Actions tab, you will get the below options. Click on stop.( yes, you need to stop the instance to change its resources.

3. You will be prompted to confirm stopping of instance.

4. Once you have stopped the instance click on Actions again, where you need to select Change Instance type(which will be disabled when the instance is running). check below.

5. Choose the instance plan to which you want to upgrade/downgrade to and apply {Note: Checking EBS-optimised will get a better IO for your instance, it costs more though).

6. Now, start the instance, it will have the new resources as chosen.

Thank you for viewing https://helpinlinux.com

Disable recursive queries bind in CentOS

by Siru // April 4, 2014 // 11 Comments

Hello,

So, you have a lot of people using your server for name name server queries ? That uses your bandwidth ? Not a problem here is the step to overcome that.

Open the file /etc/named.conf

 vi /etc/named.conf

and add below lines by replacing the old allow-recursion and allow-transfer lines

allow-transfer {“none”;};
allow-recursion {“none”;};
recursion no;

restart the named service using the below command and you are done.

 /etc/init.d/named restart

You test the same using dig command, you should find the following output.

 
[root@ns399932 ~]# dig @127.0.0.1 google.com A

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.1 <<>> @127.0.0.1 google.com A
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<

Thank you for watching

Mounting a new hard drive in linux

by Siru // March 29, 2014 // No Comments

Hello,

In this post I will walk through adding a new hard disk drive in Linux. I added a new 20GB harddisk to the hardware. Then boot the machine. Now you will see the disk in the fdisk -l command as shown below, /dev/sdb.

2. Now let’s create a new partition for mounting it using fdisk command fdisk /dev/sdb.

3. You may use option m to know the list of options as shown below.

4. Now, use option n to add a new partition. Then, enter p for primary partition and e for extended partition, and enter the partition number here I am entering as 3( it can be anything between 1-4 because it is not my primary hard disk, enter the start and end size of the cylinder. Here I have used all the cylinder volume as shown in the screenshot below.

5. Now, enter command p to print the partition tables, and then w to write the partition table information to disk and exit as shown below.

7. Now, format the disk with the required filesystem type. Here I have used ext3 file system to format the disk, as shown below.

8. Let’s create a new folder using mkdir command, I created /disk1 folder and mounted the harddisk with mount /dev/sdb3 /disk1 command, now you can see the mounted disk which consists of 20GB size as shown below.

9. You edit the fstab entry to mount the disk permanently on boot. Please find the screenshot highlighted below, please use mount -a command just to verify if you have entered fstab values correctly, as shown below.

That’s it. You are done 🙂 Thank you for viewing helpinlinux.com

Linux single user mode password reset

by Siru // March 28, 2014 // No Comments

Hello all,

This post helps you in resetting your Linux root password, if you forgot it. Before we get started we want to make sure that we either have a console or direct access to the machine to accomplish this task.

1. Reboot your machine and wait for the below prompt.

2. Press any key and then you will be taken to the below menu.

3. Press key ‘e’ to edit the line as described in the lines of the above screenshot.

4. choose the desired kernel and press ‘e’ again to edit the line and type single at the end of the line as shown below and press enter.

5. Now, you will see the below prompt then press ‘b’ key to boot the machine.

6. The machine will boot and enter into the single user mode as given in the screenshot below. Now, you can reset the password as mentioned in the below two screenshots.

Finally, you are done. Reboot the machine and take the control over. 🙂

Plesk sub domain php downloading pages

by Siru // December 25, 2013 // No Comments

Hello,

There seems to be a bug in plesk where the php in sub domain will not work and in main domain it works.!!. The below are the steps to overcome it.

Open the subdomain’s conf folder at /var/www/vhosts/$domain.com/subdomains/$subdomainname/conf

cd /var/www/vhosts/$domain.com/subdomains/$subdomainname/conf
vi vhost.conf

and add the below config, make sure you change the $domain.com to your domain name and $subdomainname to your subdomain name.

<Directory /var/www/vhosts/$domain.com/$subdomainname>

<IfModule mod_perl.c>
<Files ~ (\.pl$)>
SetHandler perl-script
PerlHandler ModPerl::Registry
Options ExecCGI
allow from all
PerlSendHeader On
</Files>
</IfModule>
<IfModule sapi_apache2.c>
php_admin_flag engine on
</IfModule>

<IfModule mod_php5.c>
php_admin_flag engine on
</IfModule>
<IfModule mod_python.c>
<Files ~ (\.py$)>
SetHandler python-program
PythonHandler mod_python.cgihandler
</Files>
</IfModule>
<IfModule mod_fcgid.c>
<Files ~ (\.fcgi)>
SetHandler fcgid-script
Options +FollowSymLinks +ExecCGI
</Files>
</IfModule>
Options -Includes +ExecCGI

</Directory>

Then execute the below two scripts

/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=$domain.com 
/usr/local/psa/admin/sbin/httpdmng --reconfigure-all

« Older posts

Newer posts »

Help In Linux

Linux Technical Blog

deny access to .bash_profile .bashrc .bash_history apache

Apache ssl passphrase automatic

E: Internal Error, No file name for libc6

Creating Amazon Relational Database Service instance

AWS EC2 instance resources increasing/decreasing

Disable recursive queries bind in CentOS

Mounting a new hard drive in linux

Linux single user mode password reset

Plesk sub domain php downloading pages