Ubuntu

Page 1 of 212

Try to do a release upgrade I ran into the issue of /boot not having enough free space.  Here is how to resolve that.

 

Check which kernel you are actively using. DO NOT REMOVE THIS ONE!

uname -r

View all kernels installed on your system.

dpkg --list | grep linux-image

Remove the kernels not in use

apt-get purge linux-image-x.x.x.x-generic

Update grub

update-grub2

Reboot

 

To run vhosts under separate UIDs/GIDs in apache is very easy with mpm-itk.  This will help secure your sites on your shared server.

First install apache2-mpm-itk

apt-get install apache2-mpm-itk

Next add a group and user

groupadd web1
useradd -s /bin/false -d /home/web1_admin -m -g web1 web1_admin

Now add this to the end of your vhost for your site. Be sure to place this inside the </virtualhost> tag and not outside of it.

AssignUserId web1_admin web1


For each of your sites you will user a different username and group. Now be sure to set your web directory to the correct user and group.

Example:

chown -R web1_admin:web1 /var/www/website

It is not exactly easy to add a new user to Nagios but this is how it can be done.

 

If using ubuntu you will need to modify /usr/local/nagios/etc/cgi.cfg

The important one to view the information on the web interface is “authorized_for_system_information”.  It should look like this if you are adding multiple users.

authorized_for_system_information=nagiosadmin,cbrown,jcutright

There are more fields that you can use.  These are all the categories that nagiosadmin (the default account) is in.

authorized_for_configuration_information
authorized_for_system_commands
authorized_for_all_services
authorized_for_all_hosts
authorized_for_all_service_commands

Continue reading

Of  course they had to change the way you restart interfaces in Ubuntu 14.04.  Here is how to restart your interface.  Make sure you select the correct interface, the example below is for eth0.  You can check you interface name in ifconfig.

ifdown eth0 && ifup eth0

To add DNS after adding a static IP you will need to set your name servers in /etc/resolvconf/resolv.conf.d/base

Example:

nameserver 8.8.8.8
nameserver 8.8.4.4

Update resolvconf

resolvconf -u

Then restart resolvconf for shits and giggles

service resolvconf restart

Add your namers to /etc/resolvconf/resolv.conf.d/base

nameserver 8.8.8.8
nameserver 8.8.4.4

Then resart resolvconf

service resolvconf restart

Put this at the end of your .bashrc

function cz {
    zonefile=$1
    zone=$(basename $zonefile .zone)
    named-checkzone $zone $zonefile
}

Then you will be able to use cz to check you zone files.

Example:

cbrown$ cz mpl.com.zone

Sometimes working with a directory full of subdirectories and files you need to compare the directories and files to another version of the files.  This comes in extremely useful when restoring a hacked website.  To do this you need to have the old copy and the current copy in two different directories on your system.  Then run the command below replacing DIR1 and DIR2 with the directoires you would like to compare.  This works through the entire directory because of the -r option which stand for recursive.  The -q option suppresses the entire output and only outputs the files the differ.

Continue reading

After setting up your website it is always a good idea to change the directory and file permissions.  This makes it a little harder for an attacker to compromise your site.  For Joomla and Wordpress it is best practice to set your directory permissions to 755 and your file permissions to 644.  In addition to this, Wordpress recommends setting the wp-config.php file to 600.

 

Using the code below, go to the root directory of your website and run the following commands.

 

find . -type f -exec chmod 644 {} \;
find . -type d -exec chmod 755 {} \;

 

 

sudo echo "UseDNS no" >> /etc/ssh/sshd_config

This prevents the server from doing a reverse DNS lookup on the IP address, which apparently takes forever sometimes.

 

Server

Install Dirvish, rsync and ssh on the backup server:

apt-get install dirvish ssh 

/etc/dirvish/master.conf should look something like this:

bank:
        /data/backup
Runall:

expire-default: +15 days
expire-rule:
        #MIN    HR      DOM     MON     DOW     STRFTIME_FMT
        *       *       *       *       1       +3 months
        *       *       1-7     *       1       +1 year
        *       *       1-7     1,4,7,10 1
        *       10-20   *       *       *       +4 days

Create a dirctory where all backup’s will be stored: Continue reading

Page 1 of 212

Categories

Archives