How to verify matching private key with a certificate

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5

WHMCS Security Advisory

A potential security issue has been discovered whereby it may be possible for a malicious user to inject a specially crafted combination of variables leading to unexpected results. The issue revolves around the Smarty templating system and template related processing.

> Patch Download Link: http://www.whmcs.com/go/21/download

Patch will work for all versions of WHMCS 4.x.

Buy WHMCS cheap at Licensepal.com

Plesk 10.X fails to start after upgrade !

Service of the sw-cp-server cannot be started after the Parallels Plesk Panel upgrade. The sw-cp-server fails to start with the following error:
/etc/init.d/sw-cp-server start
Starting SWsoft control panels server…Duplicate config variable in conditional 0 global: var.sso_username
2011-04-14 05:48:16: (configfile.c.838) source: /usr/share/sw-cp-server/applications-conf.sh line: 72 pos: 11 parser failed somehow near here: (EOL)
2011-04-14 05:48:16: (configfile.c.838) source: /etc/sw-cp-server/config line: 13 pos: 1 parser failed somehow near here: (EOL)
Things to try
1. Check the number of the sw-sso packages installed on the server:
# rpm -qa |grep sw-sso

2. If this command shows 2 packages, the oldest version of the sw-sso package should be removed from the server.
# rpm -qa |grep sw-sso
sw-sso-2.2-r3488
sw-sso-2.7-11062309

If only one sw-sso package is installed do not remove it.
# rpm -e sw-sso-2.2-r3488

3. After removing the extra package, you should be able to start service on the sw-cp-server and access the control panel.

Flush DNS cache

This morning I was doing some work with one of my website transfer and to see the changes on my MacBook laptop I knew I would need to flush the DNS cache so I wouldn’t have to wait for the cache to expire.
So for anyone else who needs to know the commands here they are:

OS X <= 10.5.1 (Mac OSX versions 10.5.1 and before)

lookupd -flushcache

OS X >= 10.5.2 (Mac OSX Leopard)

dscacheutil -flushcache

In Linux, the nscd daemon manages the DNS cache. To flush the DNS cache, restart the nscd daemon.

To restart the nscd daemon, use the command

/etc/rc.d/init.d/nscd restart

In Microsoft Windows, you can use the command to flush the DNS resolver cache:

C:\>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
You can also use the command to view the DNS resolver cache.

ipconfig /displaydns

Hope that will help anyone out there who needs to flush their dns cache.

Linux Configuration and Diagnostic Tools



untitled




System and Network Configuration

* linuxconf – A GUI interactive interface available on Redhat 6.0 or later which includes netconf configuration.
* netconf – A GUI interactive interface available on Redhat 6.0 and later.
* kbdconf – A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
* mouseconfig – A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
* timeconfig – A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
* kernelcfg – A Redhat kernel configuration utility to be started from X.
* stty – Used to configure and print the console devices.
* setterm – Set terminal attributes.
* vmstat – Report statistics on virtual memory.

X Configuration

* XF86Setup – A newer X configuration program with a GUI interface which modifies the “/etc/X11/XF86Config” configuration file.
* xf86config – An older X configuration program with a text based interface. It also modifies the “/etc/X11/XF86Config” configuration file.
* Xconfigurator – The Redhat tool used during system setup to configure X.
* SuperProbe – A program that probes the video card to determine its type for use with setting up X.
* xvidtune – This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Library and kernel Dependency Management

Library management:
* ldd – Used to determine shared libraries used by binary files. Type “ldd /bin/ls” to see the shared libraries used by the “ls” command.
* ldconfig – Used to update links and cache for system use of the most recent runtime shared libraries.

Kernel Management:

* lsmod – List currently installed kernel modules.
* depmod – Creates a dependency file, “modules.dep” in the directory “/lib/modules/x.x.x”, later used by modprobe to automatically load the relevant modules.
* insmod – Installs a loadable kernel module into the running kernel.
* rmmod – Unloads modules, Ex: rmmod ftape
* modprobe – Used to load a module or set of modules. Loads all modules specified in the file “modules.dep”.

General Diagnostic
System resources

* free – Show system memory availability and usage
* df – Show the amount of disk free space on each mounted filesystem.
* du – Show disk usage
* lspci – List PCI devices
* pnpdump – Lists ISA PNP device resource information.
* vmstat – Reports virtual memory statistics.

Other:

* env – List the current environment variables.
* printenv – Print a copy of the environment.
* set – Shows how the environment is set up. This command can be very useful when debugging the environment.
* runlevel – List the current and previous runlevel.
* uname – Print system information. In my case, it prints “Linux”.
* dmesg – Show the last kernel messages printed during the last boot.

Auto lock your Mac when you walk away

We geeks all have some sort of bluetooth device on us like your Nokia N80 or your new iPhone (which I will be getting and LOVE) so why not take advantage of one of these as a beacon to your computer. With a small application you can set your computer to detect the proximity of your device and perform actions based on when it comes in or goes out of range.

I’m using the free utility Proximity to do the detection. You could even unlock the computer when you come back in range, but I just want it to lock when I walk away since I always forget. With a small AppleScript that’s easy:

tell application “ScreenSaverEngine” to activate

That’s all there is to it and it works great.

#!/bin/bash

I think the number one skill a sysadmin should have is a solid understanding of shells and shell scripting. The Advanced Bash-Scripting Guide is a good place to start or take a refresher. From the introduction:

A working knowledge of shell scripting is essential to anyone wishing to become reasonably proficient at system administration, even if they do not anticipate ever having to actually write a script. Consider that as a Linux machine boots up, it executes the shell scripts in /etc/rc.d to restore the system configuration and set up services. A detailed understanding of these startup scripts is important for analyzing the behavior of a system, and possibly modifying it.

Not to mention I’ll bet every sysadmin is doing some menial tasks over and over again instead of automating or simplifying them with a script. Sometimes you just don’t realize it. For instance, I can’t tell you how many times I’ve typed a loooong find command to recursively set AFS permissions and I just wrote a wrapper to do it with just two parameters the other day. That one script will literally save me minutes each week. Keep at it and you’ll save hours a week.

10 mental blocks keeping you from being a kick-ass sysadmin

Ok, it’s actually an article about 10 Mental Blocks to Creative Thinking but isn’t creative thinking a huge part of being a kick-ass sysadmin? Here’s what I thought of when I read each point, but I highly recommend that you read the whole article and look for ways it applies to you.

In terms of what mindset you should be in:

  1. There is almost always more than one right answer.
  2. Don’t be so rigid with your logic that you become blind to other possibilities.
  3. Always question everything – “why” or “why not”.
  4. Always ask “what if” and explore ideas even if they don’t seem feasible on the surface.
  5. Make time to play. You’ll be amazed at what problems you solve when you’re not at your desk.
  6. Never say “That’s not part of my job” and explore and learn about as much as you can.
  7. Try to think about things differently than everyone else at the table is.
  8. There is no black and white, only gray, and that’s ok.
  9. It’s ok to be wrong and you will be. It’s ok to make mistakes and you will. Learn from it.
  10. If you think you can’t do it, then you can’t. You won’t really know unless you try.