Month: July 2011

OpenSSL Tricks

by

Create a strong CSR and private key
openssl req -new -nodes -newkey rsa:2048 -out server.crt -keyout server.key

 

Parsing out the data within a certificate
openssl asn1parse -in server.crt

Checking a certificate/key modulus to see if they correspond
openssl rsa -in server.key -modulus -noout | openssl md5
openssl x509 -in server.crt -modulus -noout | openssl md5

Convert a key from PEM -> DER
openssl rsa -inform PEM -in key.pem -outform DER -out keyout.der

Convert a key from DER -> PEM
openssl rsa -inform DER -in key.der -outform PEM -out keyout.pem

Remove the password from an encrypted private key
openssl rsa -in server.key -out server-nopass.key

Reviewing a detailed SSL connection
openssl s_client -connect 192.168.1.1:443

Rebuilding the initial ram disk (initrd)

by

Installing new hardware may mean that new kernel need to be loaded when your server boots up. There’s a two step process to making a new initrd file:

 

First, add the appropriate line to your /etc/modules.conf or /etc/modprobe.conf which corresponds to your new kernel module.

Next, rebuild the initial ram disk after making a backup of the current one:

# cp /boot/initrd-`uname -r`.img /boot/initrd-`uname -r`.img.bak
# mkinitrd -f initrd-`uname -r`.img `uname -r`

Reboot the server now and make sure the new driver is loaded properly.

Register to Red Hat Network

by

rhn_register that will register your server over at RHN.

 

Well if you want to upgrade your kernel… you’ll have to edit the config to NOT skip the kernel

up2date –configure
type 24
and then type C and hit enter
and then hit enter again

Type:
up2date -p
that will update the packages your server to reflect the packages available to update over at RH.

Then type
up2date -u
and it will install any updates that are available

But remember you’ll have to setup an account over at Red Hat Network — if you haven’t already, type rhn_register, and that will register your server over at RHN.

And that’s it!

Adding IP aliases in FreeBSD

by

One question I hear quite often is “how do I add IP aliases in FreeBSD?” It’s not terribly intuitive, but you can follow these steps:

Example:
Server’s primary IP: 192.168.1.11

Additional IP’s to add: 192.168.1.12, 192.168.1.13, and 192.168.1.14

 

Boot-time configuration:
Add it to /etc/rc.conf first (so you don’t forget). In this example, we have a Realtek card called rl0:
ifconfig_rl0="inet 192.168.1.11 netmask 255.255.255.0"
ifconfig_rl0_alias0="inet 192.168.1.12 netmask 255.255.255.0"
ifconfig_rl0_alias1="inet 192.168.1.13 netmask 255.255.255.0"
ifconfig_rl0_alias2="inet 192.168.1.14 netmask 255.255.255.0"

IMPORTANT NOTE: Start with the number 0 (zero) any time that you make IP alias configurations in /etc/rc.conf.
This is BAD form:

ifconfig_rl0="inet 192.168.1.11 netmask 255.255.255.0"
ifconfig_rl0_alias1="inet 192.168.1.12 netmask 255.255.255.0"
ifconfig_rl0_alias2="inet 192.168.1.13 netmask 255.255.255.0"
ifconfig_rl0_alias3="inet 192.168.1.14 netmask 255.255.255.0"

If you do it the wrong way (which means starting alias with anything but alias0), only the primary comes up. Keep that in mind.

Bringing up the new IP’s:
You can do things the extraordinarily dangerous way:
# /etc/rc.network restart

Or, you can follow the recommended steps:
# ifconfig rl0 alias 192.168.1.12 netmask 255.255.255.0
# ifconfig rl0 alias 192.168.1.13 netmask 255.255.255.0
# ifconfig rl0 alias 192.168.1.14 netmask 255.255.255.0

Test your work:
Any good system administrator knows to test things once their configured. Make sure to ping your new IP’s from a source on your network and outside your network (if possible/applicable).

DirectAdmin : Apache won’t start after update on FreeBSD

by

An issue with php/apache is causing apache not to start in FreeBSD. It segfaults and core dumps, logged in the /var/log/httpd/error_log.

Try removing –with-openssl from your configure.php file and recompile php.

cd /usr/local/directadmin/customapache
vi configure.php
#remove –with-openssl from the file, save, exit.
./build clean
./build php n

Possibly a mod_perl issue. Edit the /etc/httpd/conf/httpd.conf
change:

AddModule mod_perl.c

to

#AddModule mod_perl.c

and then restart apache. If you don’t have “AddModule mod_perl.c”, then don’t worry about this entry.
Remove the “LoadModule perl_module /usr/lib/apache/mod_perl.so” if you have it as well.
This won’t affect files in the cgi-bin (I’ve seen very few people actually making use of mod_perl itself).

more info:

Previous workaround for the problem is to remove thp php flags from the httpd.conf files:

cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
perl -pi -e ‘s/php_admin/#php_admin/’ *
echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d
/usr/local/etc/rc.d/httpd restart

One user reported that installing zend solved this problem as well, so try:

cd /usr/local/directadmin/customapache
./build zend

Possibly have to downgrade zend to 2.5.7 from 2.6.2 as well as the zend binaries may not be backwards compatible.

To downgrade to apache 1.3.33 and php 4.3.11, run:

cd /usr/local/directadmin/customapache
./build clean
perl -pi -e ‘s/1.3.34/1.3.33/’ build
perl -pi -e ‘s/1.3.34/1.3.33/’ configure.apache_ssl
perl -pi -e ‘s/2.8.25/2.8.24/’ build
perl -pi -e ‘s/4.4.1/4.3.11/’ build
./build update_data
./build all d

How To Find What Version of PEAR Is Installed in your Linux Apache Server

by

if you want to know what version of PEAR you have, or simply just want to know if you have PEAR installed, simply run the following command in your linux box shell prompt:

pear list

Once you execute the command above, you should see something like this:

Installed packages
===================
Package
Version
State
Archive_Tar
1.1
stable
Console_Getopt
1.2
stable
DB
1.7.6
stable
HTML_Template_IT
1.1
stable
HTTP
1.3.6
stable
Mail
1.1.8
stable
Net_SMTP
1.2.7
stable
Net_Socket
1.0.6
stable
Net_UserAgent_Detect
2.0.1
stable
PEAR
1.3.6
stable
XML_Parser
1.2.6
stable
XML_RPC
1.4.1
stable

If you don’t see anything like the above, then you dont have PEAR installed. However, Good new I have, you can download free at http://pear.php.net

Enable Root Password in Leopard

by


You got a Mac running on Leopard (probably out of the box). You created your account, add in some personal info, and an admin password. Later in life (8 hours gap), you would open your terminal and simply type “su -” for purposes of scripting etc.  just root stuff. This reminds you, “Did i ever had one? I don’t recall any root password.” *did i mention this was me?* 
Well to let you off the hook, it’s not enabled by default. Here’s how to go about enabling root.

Go to: Applications -> Utilities -> Directory Utility

(Be sure to click the padlock to allow you to perform edits.)

Click Edit -> Enable Root Password

Type a new password and retype to confirm.

    You are done.. 🙂


    How to track which site is using the apache processes.

    by

    For apache 1.3, edit your /etc/httpd/conf/httpd.conf and add

    
ExtendedStatus On 
<Location /httpd-status> 
SetHandler server-status 
Order deny,allow 
Deny from all 
Allow from 127.0.0.1
</Location>

     

     

     

    just after the code that says “ServerSignature On”. Save, exit, then restart apache. You can access the stats page by going to http://1.2.3.4/httpd-status where 1.2.3.4 is your server’s IP.

    If you’re running apache 2.x , then it’s already in the file:
    /etc/httpd/conf/extra/httpd.conf
    Change the “Allow from” lines to include your IP.

    Under cPanel servers the code is already present but you need to uncomment it or just add the code :

    <Location /whm-server-status> 
SetHandler server-status 
Order deny,allow 
Deny from all 
Allow from 127.0.0.1
</Location>

    cPanel : Rvsitebuilder installation

    by

    cPanel : Rvsitebuilder installation

    1. If the server has RVSkin installed, update RVSkin to v6.75 up. (Skip this step if you don’t have it).

    perl /root/rvadmin/auto_rvskin.pl

    2. After getting the license confirmation, SSH to the cPanel server as root, download the installer using the command below:

    cd /usr/local/cpanel/whostmgr/docroot/cgi/
    rm -f rvsitebuilderinstaller.tar
    wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
    tar -xvf rvsitebuilderinstaller.tar
    chmod 755 addon_rvsitebuilder.cgi

    3. Open WHM as root user, at the bottom left menu under Plugins section, you can find RVSiteBuilder Installer menu.

    4. Click RVSiteBuilder Installer to begin the installation process.

    5. After complete the installation, you will be sent to RVSiteBuilder Manager automatically.