Default web site on apache when browsing with IP

#Default site when browsing with IP address

  DocumentRoot /var/www/vhosts/defaultsite
  ServerName  your server ip

 

Shell script to backup mysql database

Taking all mysql db backup is very simple if you use this small shell scripts, just create a file named mysqlbackup.sh and paste the all the text below:

#!/bin/bash
#
NOW=$(date +”%m-%d-%Y”) # mm-dd-yyyy format
FILE=”" # used in a loop

BAK=”/home/backups/mysql” # Path to backup dir

### Server Setup ###
#* MySQL login user name *#
MUSER=”dbbackup”

#* MySQL login PASSWORD name *#
MPASS=”password”

#* MySQL login HOST name *#
MHOST=”localhost”

#* MySQL binaries *#
MYSQL=”$(which mysql)”
MYSQLDUMP=”$(which mysqldump)”
GZIP=”$(which gzip)”

# get all database listing
DBS=”$($MYSQL -u $MUSER -h $MHOST -p$MPASS -Bse ‘show databases’)”

# start to dump database one by one
for db in $DBS
do
 FILE=$BAK/$db-backkup.$NOW-$(date +”%T”).gz
 # gzip compression for each backup file
 $MYSQLDUMP -u $MUSER -h $MHOST -p$MPASS $db | $GZIP -9 > $FILE
done

Create a cron job that will execute this script regularly at a specific time, in my case i set it to 22:30 PM every night and here is my cron job

30 22 * * * sh  /path/to/your/mysqlbackup.sh

Create another cron job that will execute at a specific time to clean your backup files older than 5 days

25 22 * * * find /home/backups/mysql/ -name ‘*.sql’ -and -mtime +4 | xargs rm -f

That’s it.

 

Downgrading php 5.3 to php 5.2 using yum on centos 5.4

First you need to allow downgrade for yum and for that you need to install yum-allowdowngrad utility program, but its very easy to install, Just issue the following command:

#yum install yum-allowdowngrade

Now add a line to your  yum.conf file, its located in /etc/yum.conf
#vi /etc/yum.conf
showdupesfromrepos=1

After that list all php packages:

yum list php

If php 5.2.8 is available, remove new one:

yum remove php

and install an old one:

yum –allow-downgrade install php-5.2.8

You are done.

 

How to install subversion 1.6.6 on CentOS 5.4

Step-1: Download all the required .rpm file from this location(http://the.earth.li/pub/subversion/summersoft.fay.ar.us/pub/subversion/latest/1.6.6/rhel5/i386/) to your local drive.

step-2: Remove Cadaver: yum remove cadaver

Step-3: Remoe old Neon and Neon Devel: yum remove neon neon-devel

Step-4: Install latest version of neon: rpm-Uvh neon-0.28.4-1.i386.rpm

Step-5: Install latest version of neon devel: rpm -Uvh neon-devel-0.28.4-1.i386.rpm

Step-6: Remove sqlite-devel: yum remove sqlite-devel

Step-7: Install latest sqlite and sqlite-devel: yum install sqlite sqlite-devel

Step-8: Install latest subversion and mod_dav_svn:

to be continued……….

 

How to install sun java JDK

alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_17/bin/java 100

alternatives –install /usr/bin/jar jar /usr/java/jdk1.6.0_17/bin/jar 100

alternatives –install /usr/bin/javac javac /usr/java/jdk1.6.0_17/bin/javac 100

Set JAVA_HOME / PATH for all user

You need to setup global config in /etc/profile OR /etc/bash.bashrc file for all users:
# vi /etc/profile
Next setup PATH / JAVA_PATH variables as follows:
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin
export PATH=$PATH:/usr/java/jdk1.5.0_07/bin

 

How to create a self-signed SSL Certificate with OpenSSL

Overview

The following is an extremely simplified view of how SSL is implemented and what part the certificate plays in the entire process.

Normal web traffic is sent unencrypted over the Internet. That is, anyone with access to the right tools can snoop all of that traffic. Obviously, this can lead to problems, especially where security and privacy is necessary, such as in credit card data and bank transactions. The Secure Socket Layer is used to encrypt the data stream between the web server and the web client (the browser).

SSL makes use of what is known as asymmetric cryptography, commonly referred to as public key cryptography (PKI). With public key cryptography, two keys are created, one public, one private. Anything encrypted with either key can only be decrypted with its corresponding key. Thus if a message or data stream were encrypted with the server’s private key, it can be decrypted only using its corresponding public key, ensuring that the data only could have come from the server.

If SSL utilizes public key cryptography to encrypt the data stream traveling over the Internet, why is a certificate necessary? The technical answer to that question is that a certificate is not really necessary – the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority (CA), ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Step 1: Generate a Private Key

The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus

…………………………………………………++++++

……..++++++

e is 65537 (0×10001)

Enter PEM pass phrase:

Verifying password – Enter PEM pass phrase:

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for “Common Name (e.g., YOUR name)”. It is important that this field be filled in with the fully qualified domain name of the server to be protected by SSL. If the website to be protected will be https://public.akadia.com, then enter public.akadia.com at this prompt. The command to generate the CSR is as follows:

openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [GB]:CH

State or Province Name (full name) [Berkshire]:Bern

Locality Name (eg, city) [Newbury]:Oberdiessbach

Organization Name (eg, company) [My Company Ltd]:Akadia AG

Organizational Unit Name (eg, section) []:Information Technology

Common Name (eg, your name or your server’s hostname) []:public.akadia.com

Email Address []:martin dot zahn at akadia dot ch

Please enter the following ‘extra’ attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

cp server.key server.key.org

openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r–r– 1 root root 745 Jun 29 12:19 server.csr

-rw-r–r– 1 root root 891 Jun 29 13:22 server.key

-rw-r–r– 1 root root 963 Jun 29 13:22 server.key.org

Step 4: Generating a Self-Signed Certificate

At this point you will need to generate a self-signed certificate because you either don’t plan on having your certificate signed by a CA, or you wish to test your new SSL implementation while the CA is signing your certificate. This temporary certificate will generate an error in the client browser to the effect that the signing certificate authority is unknown and not trusted.

To generate a temporary certificate which is good for 365 days, issue the following command:

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Signature ok

subject=/C=CH/ST=Bern/L=Oberdiessbach/O=Akadia AG/OU=Information

Technology/CN=public.akadia.com/Email=martin dot zahn at akadia dot ch

Getting Private key

Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

cp server.crt /usr/local/apache/conf/ssl.crt

cp server.key /usr/local/apache/conf/ssl.key

Step 6: Configuring SSL Enabled Virtual Hosts

SSLEngine on

SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt

SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key

SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown

CustomLog logs/ssl_request_log \

“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Step 7: Restart Apache and Test

/etc/init.d/httpd stop

/etc/init.d/httpd stop

 

Generating a Certificate Signing Request (CSR)

This howto describes the instructions to generate a CSR for your Web site. In this guide I use OpenSSL.

Step-1: Create a RSA private key for your Apache server, PEM-formatted:

#openssl genrsa -des3 -out .key 2048

It will ask for a pass phrase, provide a pass phrase of your own here.

Step-2: Create a Certificate Signing Request using the RSA private key created above (output will be PEM format):

#openssl req -new -key .key -out .csr

Note that the Common Name field is the field where the domain name should be stated.

If you want to read your generated .csr file, then issue the following command

#openssl req -text -noout -in .csr

 

How to remove a Hidded Network Adaptor from windows pc

Step-1: Type the following commands at a command prompt

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

Step-2: Open Device Manager enable “Show Hidden Devices” from the View Menu bar

Step-3: Locate the hidden device and uninstall it.

Step-4: Reboot the pc

 

How to configure sendmail for dns based blacklisting

Sendmail can be configured to check and block IP addresses of incoming emails that are found to be listed on one or more DNS blacklists.

This can be achieved by configuring sendmail directive dnsbl or DNS blacklists. During the SMTP handshake and conversation of host’s IP address to sendmail SMTP port,

sendmail can check the connecting hosts for possible black listed IP address from DNS blacklists, lowering down the percentage of incoming SPAM emails.

In this tutorial, i am going to show you how to do that in quick simple and easy steps

Steps on how to configure sendmail to check with DNS Blacklists

Step-1:

Choose which DNS blacklists are active with a high history of reliability for blacklisting IP address. As an example here,

we would be using three DNS blacklists servers

zen.spamhaus.org

list.dsbl.org

combined.njabl.org

You can use your choice of DNS blacklists server sources to suit your needs.

Step-2:

Configure sendmail to use dnsbl sendmail directive. Backup and modify /etc/mail/sendmail.mc and insert the below details

FEATURE(`dnsbl’, `zen.spamhaus.org’, `”550 Refused unsolicited email from ” $`’&{client_addr} ” – Request access at http://www.spamhaus.org/query/bl?ip=” $`’&{client_addr} ‘)dnl

FEATURE(`dnsbl’, `list.dsbl.org’, `”550 Refused unsolicited email from ” $`’&{client_addr} ” – Request access see http://dsbl.org/listing?”$&{client_addr}’)dnl

FEATURE(`dnsbl’, `combined.njabl.org’, `”550 Refused unsolicited email from ” $`’&{client_addr} ” – Request access see http://njabl.org/lookup?$&{client_addr}’)dnl

The above has been customized to reflect the following useful details

a. IP address of the denied computer hosts

b. DNS blacklist server that has been used for checking the denied host

c. Error message with URL site to be shown to computer host for further course of action and why he has been blocked

The above sendmail details would also be reflected to sendmail’s default log file for further statistics and monitoring details.

By default, dnsbl sendmail directive is not included with default sendmail configuration setup.

Step-3:

Recompile and restart sendmail daemon service

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

# service sendmail restart

Monitoring DNS Blacklist Logs with Sendmail

# tailf /var/log/maillog | grep ‘Refused unsolicited’

Counting blocked hosts by Sendmail DNS blacklists

# cat /var/log/maillog | grep ‘Refused unsolicited’ | wc -l

 

How to configure Sendmail as Smart Host

We can configure sendmail to send emails directly to destination host or email server. but, network traffic congestion, destination location, and connectivity issue sometimes affect successful mail delivery.

In this tutorial, we are going to configure Sendmail as a smart email host

i am assuming that you have a existing and working Sendmail Setup

Configuration Steps for Sendmail as Smart Host

To create a smart host from your sendmail, backup and edit your sendmail conf file

# vi /etc/mail/sendmail.cdf

Look for sendmail directive line similar below and modify it

dnl define(`SMART_HOST’, `smtp.your.provider’)dnl

Simply replace ’smtp.your.provider’ with your email gateway server and remove the starting and ending ‘dnl’ words from the line . The new sendmail smart host directive will look like

define(`SMART_HOST’, `you-smtp.your.provider’)

Save and exit.

Recompile sendmail configuration file

# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Restart sendmail daemon service

# service sendmail restart

When an email failed to be delivered, sendmail smart host will act as a fallback failover mechanism on sending failed emails from local sendmail source to smart host STMP server then going to email destination server.