iptables -D (Chain Name) ( RuleNum)
eg.
iptables -D FORWARD 1
You can delete all rules from filter chain by typing :
iptables -F
or from nat table
iptables -F -t nat
Create a Self Signed Certificate :
1. Generate A Server Key : #openssl genrsa -des3 -out server.key 4096
2. Generate the Signing Request using the key above #openssl req -new -key server.key -out server.csr
3.Sign the certificate signing request. #openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
4. Now create a version of key that doesn't need a password : openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
Generating Your Own Certificate Authority :
In order to create your own CA and sign a server certificate with it. Note: Common name of the CA and the Server Certificates must not match.
Steps :
1. Use IP address if you dont have the FQDN.
openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
2.Generate a Server key and request for signing :
openssl genrsa -des3 -out server.key 4096 openssl req -new -key server.key -out server.csr
3.Sign the Certificate signing request with the Self created Authority
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Optional : You can check the keys and certificates :
openssl rsa -noout -text -in server.key openssl req -noout -text -in server.csr
openssl rsa -noout -text -in ca.key openssl x509 -noout -text -in ca.crt
4. Remove password from server.key so that apache doesnot need password :
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
Finally : Copy the files and adjust apache..
- copy the .crt and .key file to /etc/httpd/conf/
- Turn on the SSL engine and reference the server.crt and server.key
- Edit ssl.conf
SSLEngine on
SSLCertificateFile /etc/httpd/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/ssl.key/server.key
configure apache to listen to https :
Listen x.x.x.x:443
LoadModule ssl_module modules/mod_ssl.so
configure SSL
Virtual Host : DocumentRoot "/var/www-ssl/html"
ServerName xxx.xxx.xxx.xxx:443
Now Restart Apache and you have ssl working on your site.
June 14th, 2010
Installing Vnc Server on Linux Machine without monitor
No Comments, Network, by Nishant.
Vnc Installation Without Monitor
Packages Required :
1.vnc
2.vnc-server
3.Desktop Environment KDE or GNOME
Configuring VNC :
1. Add users like normal users.
2. login to each users
3. create password by running vncpasswd
4. It creates .vnc folder
5. Edit /etc/sysconfig/vncservers, and add the following to end of the file
VNCSERVERS="1:amitn 2:someuser"
VNCSRVERARGS[1]="-geometry 640×480" ( for amitn )
VNCSRVERARGS[2]="-geometry 640×480" ( for someuser)
VNCSRVERARGS[1]="-geometry 800×600"
6.Create Xstartup scripts by starting and stopping vncserver as root
/sbin/service vncserver start
/sbin/service vncserver stop
7. Login to each user and edit xstartup script
8. vi .vnc/xstartup
#!/bin/sh
# Add the following line to ensure you always have an xterm available.
( while true ; do xterm ; done ) &
# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc [ -x /etc/vnc/xstartup ] &&
exec /etc/vnc/xstartup [ -r $HOME/.Xresources ]
&& xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic & xterm -geometry 80×24+10+10 -ls -title "$VNCDESKTOP Desktop" & startkde &
June 10th, 2010
Using Rsync to Syncronise files between servers
No Comments, HA & Synchronization, by Nishant.Rsync is a nice utility to synchronize files and folders between two servers securely and efficiently. It only copies the difference so making the process much faster and efficient.
Ok, here i will show you how to setup rsync.
1. Download the rsync package. Click Here
2. Untar the package and enter into the directory.
3. ./configure
4. make
5. Make install
6. Create the configuration file for rsync
#vi /etc/rsyncd.conf
#/etc/rsyncd.conf
secrets file = /etc/rsyncd.secrets
motd file = /etc/rsyncd.motd #Below are actually defaults, but to be on the safe side...
read only = yes
list = yes
uid = nobody
gid = nobody
[out]
comment = comment for your directory
path = /home/rsync/out
[confidential]
comment = For your eyes only
path = /home/rsync/secret-out
auth users = amit,nishant
hosts allow = 192.168.100.100
hosts deny = *
list = false
#save the file.
Now create a script for starting and stopping the daemon :
#vi /etc/init.d/rsyncd
#!/bin/sh
# Rsyncd This shell script takes care of starting and stopping the rsync daemon
# description: Rsync is an awesome replication tool.
# Source function library.
. /etc/rc.d/init.d/functions
[ -f /usr/bin/rsync ] || exit 0
case "$1" in
start)
action "Starting rsyncd: " /usr/bin/rsync --daemon
;;
stop)
action "Stopping rsyncd: " killall rsync
;;
*)
echo "Usage: rsyncd {start|stop}"
exit 1
esac
exit 0
# Now create a symbolic link at /etc/rc.d/rc3.d
#cd /etc/rc.d/rc3.d
#ln -s /etc/init.d/rsyncd rsyncd
Now start rsyncd at the server side
#service rsyncd start
You can issue this command to copy the files :
rsync -avz amit@server name or ip::out /home/rsync/in
or you can use the following command to use ssh
rsync -avz -e ssh rsync@server_ip:/home/rsync/out/ /home/rsync/from_remote
Now you can set this up in a cron.
If you need to get a value for the selected item in a combo box you can use the following function :
onchange=”alert(this.options[this.selectedIndex].text)
if you need the value then just replace text with value .
For example, if you want to redirect the page based on combobox selection :
onchange=”window.location=”http://someadress”+(this.options[this.selectedIndex].text)
May 7th, 2010
Force Install CPAN Module in Linux from CLI
No Comments, Systems Administrator, by Nishant.Force Install CPAN Module
perl -MCPAN -e “CPAN::Shell->force(qw(install HTTP::Cookies));”
May 4th, 2010
Changing the password hashing algorithm to sha-512
No Comments, Systems Administrator, by Nishant.change password hashing algorithm to sha-512
# authconfig –test | grep hashing
# authconfig –passalgo=sha512 –update
Redirect ports in iptables
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport $srcPortNumber -j REDIRECT –to-port $dstPortNumbe
Its convenient to install perl modules from command line. #perl -MCPAN -e shell cpan> install PACKAGE NAME eg.cpan> install HTML::Template
It is possible to bind more than one ip address on a single network interface card in linux.
copy your existing network card configuration file as shown:
#cd /etc/sysconfig/network-scripts
#cp ifcfg-eth0 ifcfg-eth0:1
>>ifcfg-eth0 looks like this :
# File: ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.100.1
NETMASK=255.255.255.0
BROADCAST=192.168.100.255
NETWORK=192.168.100.0
HWADDR=00:8A:4E:34:CF:84
Change the device name and the ip address parameters
File : ifcfg-eth0:1
and
DEVICE=eth0:1
#save the fiel and then restart the network
#service network restart