SSLEngine on
SSLCertificateFile /etc/apache2/ssl/cert.pem
SSLCertificateKeyFile /etc/apache2/ssl/cert.pem
SSLCACertificateFile /etc/apache2/ssl/ca-certs.pem
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on # Ciphers specified by the server take precedence
# Optional, defaults to off
SSLInsecureRenegotiation off # Mitigates CVE-2009-3555
SSLCompression off # Mitigates CRIME and ...This is a running collection of syslog settings for various applications
Apache natively has the ability to send error logs to syslog, but if that method is used then the severity of each message is not uniform and searching is slightly more involved. By piping error logs to logger ...
Using mod_remoteip and modifying apache's log format, real client IP addresses can easily be captured
LoadModule remoteip_module modules/mod_remoteip.so
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For # YMMV for different load balancers
RemoteIPInternalProxy 127.0.0.1
</IfModule>
Replace the remote hostname variable, %h ...
The proper versions of apache and OpenSSL are installed to support SNI but when multiple SSL certificates are configured in apache you get the following errors in the error.log and apache fails to start.
[ssl:emerg] [pid 48715] AH02242: Init: Multiple RSA server certificates not allowed
[ssl:emerg ...apachectl -S
apachectl -M
apachectl -V
apachectl -t
php -t
php -i
php -m
php --ini
sudo mysql_secure_installation
sudo mysqld_safe
SELECT user FROM mysql.user;
GRANT ALL PRIVILEGES ON <database>.* TO <newuser>@<hostname> IDENTIFIED BY '<password>';
SET PASSWORD FOR '<user>'@'<hostname>'=PASSWORD ...I've found that getting passive FTP transfers to work has often been the most frustrating part of setting up a server. Because of that, here are instructions for configuring passive mode for the most popular FTP servers.
vi /etc/proftpd.conf
PassivePorts 30000 50000
vi /etc/vsftpd ...find . -iname 'version.php' -exec grep '$wp_version' '{}' \;
Rsyslog has the ability to filter messages by pattern matching properties within a message.
:[property], [!][compare type], "[string]"
So to match all proftpd logs and send them to a specific file, we can search the app-name property for proftpd
:app-name, isequal, "proftpd" /var/log/proftpd/proftpd.log
~
That would be ...
When specifying the location to an htpasswd file, the path must be relative to the webserver's ServerRoot. Shared hosting often doesn't provide access to the ServerRoot nor do they tell their account holders what it is. Well, chances are it's /usr/local/apache/. Now that we know ...
1. Install exim 2. Install spamassassin 3. Install courier
sudo apt-get install exim4-daemon-heavy
sudo dpkg-reconfigure exim4-configure
Reduce banner information
vi /etc/exim4/exim4.conf.template
# Add
smtp_banner = $smtp_active_hostname ESMTP
If not required, disable ipv6
vi /etc/exim4/exim4.conf.template
# Add
disable_ipv6 ...Shellinabox is a browser based, login shell, built using css, html and javascript and it runs entirely over HTTP. At a high level, shellinabox is very similar to an SSH shell session. They both utilize the /etc/passwd user database, they both make use of PAM, and they both execute ...
So the question at hand is, how can we setup Webmin to create websites and have an ftp user that can manage the sites with minimal overhead? This can be done in 3 steps:
Zpanel keeps it's control panel and client configurations in the same file /etc/zpanel/configs/apache/httpd-vhosts.conf. When changes are made to any of the panel's domains, this file is automatically updated. This overwrites any changes to the panel's vhost config as well.
To avoid having ...
Commit all files in the working tree that have been modified
git commit -am 'commit message'
Commit a file individually
git commit -m 'commit message'
Only commit changes staged in the index, not all modified files
git commit -m 'commit message'
rsync is used to copy files and tar is used for compression
Sometimes there's nothing better than receiving an email from some long forgotten cronjob and having it formatted in nice readable HTML. Well it's alot tougher than it should be to make that happen.
The only way I've found to accomplish this is to inject 'Content-Type' headers into ...
Create a single .pem file containing both the private (key) and public (cert) keys.
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout site.pem -out site.pem
Create an certificate signing request
openssl req -new -newkey rsa:2048 -nodes -keyout site.key -out site ...Logstash is a log processing supertool written in ruby and packaged using the java implementation of ruby, jruby. In other words, it's a ruby app that runs on java. Logstash accepts just about any type of data you can throw at it (apache logs file, syslog data, Windows logs ...
The getenv() function is used to parse enviroment variables created by the webserver executing the php code, including HTTP Headers.
<?php
$client_ip = getenv('REMOTE_ADDR');
$user_agent = getenv('HTTP_USER_AGENT');
echo "Client IP: $client_ip</br>"
echo "User Agent: $user_agent</br>"
?>
Using conditional statements, the headers can be parsed and then actions taken based ...
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule (.*) http://www.domain.com$1 [R=301,L]
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
while true; do echo "It Never Ends"; done
The key is the placement of the semicolons.
while true; do ((x++)); echo $x `date +%T`; done
while true; do echo "Can you feel it?" | mail -s 'SMTP Test' [email protected]; done
This guide is for a dual NIC machine. The machine will use iptable's NAT feature to act as a router/gateway. This guide does not require editing of the system's routing table.
1) Enable routing in the kernel
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward = 1 # Uncomment ...In an effort to minimize a system's footprint, providers will sometimes rip out the language files. This will cause irritating locale errors such as:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "",
LC_ALL = (unset),
LANG = "",
are supported and installed on your system.
perl ..."Nagios is an open source computer system monitoring, network monitoring and infrastructure monitoring software application. Nagios offers monitoring and alerting services for servers, switches, applications, and services. It alerts the users when things go wrong and alerts them when the problem has been resolved." -- wikipedia
Nagios is relatively easy to ...
Ncat is a modernized implementation of the classic Netcat (nc) networking tool. The current version of nc, which is 1.10, was initially released in 1996 by "The Hobbit". A lot's changed since '96. Thankfully, the wonderful people at The Nmap Project decided that to solve modern problems you ...
nc -vlp port
Server side, opens a socket and closes it once file is transferred
nc -vlp port -q 0 < file.send
Client side
nc -v server port > file.receive
Server side, opens a socket and waits to receive ...
Configuring a port forward with iptables takes 2 rules, a PREROUTING rule and a FORWARD rule. The heavy lifting is accomplished by the PREROUTING rule on the nat table. The FORWARD rule simply allows traffic across the FORWARD chain on the filter table.
iptables -A PREROUTING -t nat -i [external_iface ...Sed's primary function is to search for and replace text; we call this process "substitution". Additionally, sed can easily append, insert and delete text. The syntax can be somewhat intimidating to the new user.
sed 'command/pattern/replacement/flags' file.txt
sed '\pattern\|line_number command/input_text/' file.txt
The ...
Opens a shell on intermediary host and forwards a port to remote host through SSH's secure channel. The forwarded port is accessible on the local machine via localhost:port
ssh -L localport:remotehost:remoteport [email protected]_host