Use this command to verify the SSL certificate for the domain www.somedomain.com
openssl s_client -showcerts -connect www.somedomain.com:443
If the certificate is correctly installed the result should contain at the end:
Verify return code: 0 (ok)
That’s it
I am found of keeping password protected backups and most of the time I lost my super secret password thus unable to open my super important backups 🙂 just kidding.
Like in windows we can simple right click and zip folders/files with passwords in text based terminals of linux I always want the same.
So here is the trick I normally use.
For encrypting a file:
openssl enc -aes-256-cbc -e > out.file
It will ask for password like:
enter aes-256-cbc encryption password: Verifying - enter aes-256-cbc encryption password:
If you want to encrypt a folder with compression (tar.gz)
tar -cz foldername | openssl enc -aes-256-cbc -e > out.tar.gz
Now the important part, decrypting your encrypted files….
openssl enc -aes-256-cbc -d -in out.file > new.file
The Linux Auditing System and auditd are a great way to monitor who and when changes are made to the files in your website. To install and configure follow these steps:
1. Install auditd and related utilities:
yum install audit
2. Make sure auditd is running:
/sbin/chkconfig --list auditd auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
3. Edit /etc/audit/auditd.conf and change:
action_mail_acct = [your email address]
This sets any action emails to go to your preferred address.
4. Edit /etc/audit/audit.rules and add a line like this to the bottom:
-w [path_to_website] -p wa -k [key]
So if you website is located at:
/var/www/vhosts/mysite.com/httpdocs
Then a command like:
-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite
would setup auditing of write and attribute change requests. Events matching this rule would be tagged with the “mysite” key.
/sbin/service auditd restart
Audit logs go to:
/var/log/audit/audit.log
There’s lots of advice on the net about how to setup a server with iptables to allow passive mode FTP. Below is the approach that we’ve found to be most effective.
Start by configuring your FTP daemon to use a fixed range of ports. We use 41361 to 65534 which is the IANA registered ephemeral port range. The exact config depends on what FTP software you’re using:
vsftpd
Edit /etc/vsftpd/vsftpd.conf and add the following lines:
pasv_min_port=49152 pasv_max_port=65534
proftpd
Edit /etc/proftpd.conf and add to the Global section:
...... PassivePorts 49152 65534 ......
Now restart your FTP service so the changes take effect.
Next you’ll need to configure the ip_conntrack_ftp iptables module to load. On Redhat/CentOS just edit /etc/sysconfig/iptables-config and add “ip_conntrack_ftp” to the IPTABLES_MODULES like this:
IPTABLES_MODULES="ip_conntrack_ftp"
Next edit /etc/sysconfig/iptables and add a rule to allow TCP port 21.
The new line is marked in red:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Now restart the iptables service:
/sbin/service iptables restart
You can verify that the correct port range has been registered with lsmod like this:
lsmod | grep conntrack_ftp
and you’ll get something like this:
nf_conntrack_ftp 12913 0 nf_conntrack 79645 4 nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state
And that’s all it takes to get passive mode ftp working behind iptables.
P.S: If your server is behind a physical firewall and you are behind NAT, then you’ll probable need to load the “ip_nat_ftp” iptables module.
RAID hardware failed and both SATA x 2 TB stops working, tried enable/disable RAID controller without luck, Add/Remove drives but no boot, kernel panic and stuck.
Now what I want is to boot one hard disk to restore services so I tried:
fsck /dec/sda
but it gives error
unknown filesystem type 'isw_raid_member'
So the solution is , remove RAID metadata from the drives and boot normally.
dmraid -rE /dev/sda
reboot
And Hard disk start working…..
Last week, Google announced that Gmail users can email their Google+ connections without knowing their email address first. For some, it’s an easy way to stay in touch. For others, it’s a ticket to unwanted email. However you feel, here’s how to turn the feature off, or set it so only the people you want can use it.
Now that the new feature has rolled out to Gmail users (although it hasn’t gotten to Google Apps users, as far as we can see), controlling who can email you is pretty simple:
That’s it.
