Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Just another Linux/Server blog.. with some other stuff thrown in there! - 100% NOT FOR PROFIT

Android

These are the Droid you're looking for :)

  • Adopted Storage
    • Access Adopted Storage SD Card via USB from PC - MAC - Computer

      Ok So I decided to try Marshmallow because my widgets stopped loading and I found out about Adoptable Storage.

      Once you enable this though, it formats your SD card, so you back up your data fist, with the intention of moving it right back of course.

      BUT after you format the card and plug in the device to your computer, you only have access to Internal Storage. (Drop down notifications and select USB Charging and change to MTP [Media Transfer Protocol].

    • Remove all Apps from Adoptable - Adopted - Storage - SD card to Internal SD

      Ok this post will probably get lost in googles results due to everybody searching for the opposite problem. Marshmallow presented me with the opposite problem, I have plenty of internal storage and external and don't need apps running from ExtSD. It seems that after making a shared storage pool, it chooses to save/run some apps from the SD card and there appears to be no way to change this default behavior.

  • Control Kodi From Android
    1. On Android download from here https://play.google.com/store/apps/details?id=org.xbmc.kore&hl=en
    2. On Kodi go to Settings >> Services >>
    3. Enable Web Server
  • Create Chrome Bookmark Widget - Old Widget Disappeared

    The new way to create a bookmark widget is to navigate to the site and then open the settings and hit “Add Page to Home-Screen”

  • Fastboot
    • Fastboot Commands
      C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot --help
      usage: fastboot [ <option> ] <command>
      
      commands:
        update <filename>                        Reflash device from update.zip.
        flashall                                 Flash boot, system, vendor, and --
                                                 if found -- recovery.
        flash <partition> [ <filename> ]         Write a file to a flash partition.
        flashing lock                            Locks the device. Prevents flashing.
        flashing unlock                          Unlocks the device. Allows flashing
                                                 any partition except
                                                 bootloader-related partitions.
        flashing lock_critical                   Prevents flashing bootloader-related
                                                 partitions.
        flashing unlock_critical                 Enables flashing bootloader-related
                                                 partitions.
        flashing get_unlock_ability              Queries bootloader to see if the
                                                 device is unlocked.
        flashing get_unlock_bootloader_nonce     Queries the bootloader to get the
                                                 unlock nonce.
        flashing unlock_bootloader <request>     Issue unlock bootloader using request.
        flashing lock_bootloader                 Locks the bootloader to prevent
                                                 bootloader version rollback.
        erase <partition>                        Erase a flash partition.
        format[:[<fs type>][:[<size>]] <partition>
                                                 Format a flash partition. Can
                                                 override the fs type and/or size
                                                 the bootloader reports.
        getvar <variable>                        Display a bootloader variable.
        set_active <suffix>                      Sets the active slot. If slots are
                                                 not supported, this does nothing.
        boot <kernel> [ <ramdisk> [ <second> ] ] Download and boot kernel.
        flash:raw boot <kernel> [ <ramdisk> [ <second> ] ]
                                                 Create bootimage and flash it.
        devices [-l]                             List all connected devices [with
                                                 device paths].
        continue                                 Continue with autoboot.
        reboot [bootloader]                      Reboot device [into bootloader].
        reboot-bootloader                        Reboot device into bootloader.
        help                                     Show this help message.
      
      options:
        -w                                       Erase userdata and cache (and format
                                                 if supported by partition type).
        -u                                       Do not erase partition before
                                                 formatting.
        -s <specific device>                     Specify a device. For USB, provide either
                                                 a serial number or path to device port.
                                                 For ethernet, provide an address in the                                           form <protocol>:<hostname>[:port] where                                           <protocol> is either tcp or udp.
        -p <product>                             Specify product name.
        -c <cmdline>                             Override kernel commandline.
        -i <vendor id>                           Specify a custom USB vendor id.
        -b, --base <base_addr>                   Specify a custom kernel base
                                                 address (default: 0x10000000).
        --kernel-offset                          Specify a custom kernel offset.
                                                 (default: 0x00008000)
        --ramdisk-offset                         Specify a custom ramdisk offset.
                                                 (default: 0x01000000)
        --tags-offset                            Specify a custom tags offset.
                                                 (default: 0x00000100)
        -n, --page-size <page size>              Specify the nand page size
                                                 (default: 2048).
        -S <size>[K|M|G]                         Automatically sparse files greater
                                                 than 'size'. 0 to disable.
        --slot <suffix>                          Specify slot suffix to be used if the
                                                 device supports slots. This will be
                                                 added to all partition names that use
                                                 slots. 'all' can be given to refer
                                                 to all slots. 'other' can be given to
                                                 refer to a non-current slot. If this
                                                 flag is not used, slotted partitions
                                                 will default to the current active slot.
        -a, --set-active[=<suffix>]              Sets the active slot. If no suffix is
                                                 provided, this will default to the value
                                                 given by --slot. If slots are not
                                                 supported, this does nothing. This will
                                                 run after all non-reboot commands.
        --unbuffered                             Do not buffer input or output.
        --version                                Display version.
        -h, --help                               show this message.
  • Fix No Live Stream in ZMNinja

    Manually add

    /cgi-bin/nph-zms

    To path to cgi-bin inside ZM Settings.

  • Flashing Files

    Flashing files via ODIN or Custom Recovery like TWRP

    • Dirty Flashing Steps

      Note: Dirty Flashing is updating a ROM without doing a factory reset. When minor changes are done this is fine, but major revisions should be clean installed.

      1. Wipe Cache/Dalvik Cache
      2. Install ROM + GAPPS + Kernel
      3. Reboot

    • Dirty Flash with Adopted Storage

      Just wanted to share that I successfully dirty flashed (updated) my AOKP MM Rom and didn’t loose any files on my Adopted Storage SD Card!

      To upgrade with adopted storage on KTLE their is currently no supported Recovery that can access SD card. So you need to move the files to /data/media/0[/TEMP] (I like to make a folder here called TEMP, but you don’t have to!)

    • TeamWin - TWRP

      https://twrp.me/

  • Kernel
  • Pixel XL Marlin
  • Remove USB plugged-unplugged & Low Battery Sound - TouchWiz

    Root Browse and rename/delete

    /system/media/audio/ui and Charger_Connection.ogg and TW_Low_Battery.ogg

    For Battery Saver Notification check out http://repo.xposed.info/module/de.defim.apk.hidebatterylowalert

  • XPosed Framework

Atlassian Software

CentOS - RHEL - SL - SHMZ

Code Version Control

  • Git
    • Git-Daemon Ubuntu 16.04 - Init Script

      Create Git-Daemon User w/ Home Dir of Git Repo of /srv/git/

      useradd -m -d /srv/git -r -s "$(type -p git-shell)" gitdaemon
      cat << 'EOL'>/etc/default/git-daemon
      # Defaults for git-daemon initscript
      # sourced by /etc/init.d/git-daemon
      # installed at /etc/default/git-daemon by the maintainer scripts
      
      #
      # This is a POSIX shell fragment
      #
      
      GIT_DAEMON_ENABLE=true
      GIT_DAEMON_USER=gitdaemon
      #GIT_DAEMON_DIRECTORY=/var/cache/git
      GIT_DAEMON_BASE_PATH=/srv/git/
      GIT_DAEMON_DIRECTORY=/srv/git/
      
      # Additional options that are passed to the Daemon.
      GIT_DAEMON_OPTIONS="--export-all --enable=receive-pack"
      EOL
    • GitLab
      • Install GitLab Ubuntu 16
        cat << 'EOL' >gitlab_install_ubuntu16.sh
        sudo apt-get install -y curl openssh-server ca-certificates postfix
        curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash
        sudo apt-get install -y gitlab-ce
        sudo gitlab-ctl reconfigure
        EOL
        chmod +x gitlab_install_ubuntu16.sh
        ./gitlab_install_ubuntu16.sh
    • Install CGit Ubuntu 16.04
      cat << 'EOL >cgit_git_install_ubuntu16.sh
      apt-get update
      apt-get install -y git git-core cgit
      ln -s /etc/apache2/mods-available/cgi.load /etc/apache2/mods-enabled/cgi.load
      a2enmod rewrite
      service apache2 restart
      EOL
      chmod +x cgit_git_install_ubuntu16.sh
      ./cgit_git_install_ubuntu16.sh

      make the URL domain.com/git vs /cgit

Custom Grub Entries

This is for Custom Grub Entries to boot ISO's directly from HD vai Linux Loopback. A great feature, all servers should have a rescue ISO in the grub menu!

Customize LiveISO's

  • Basics of Creating a LiveISO

    Most of my guides relating to Creating a Custom LiveISO will follow this template, as such, I will just link back to this page in those articles and only put the relevant information in that article.

    Definitely check out my section on Custom Grub Entries to boot LiveISO's from HD!

    Pre-Req:

  • Customize CloneZilla LiveISO

    Please read Basics of Customizing LiveISO's

    AutoStart SSH :

    sudo nano /tmp/squashfs-root/etc/ocs/ocs-live.conf
  • Customize Parted Magic LiveISO

    Read the Basics of Customizing LiveISO

    Parted Magic will run scripts placed in the ISO under /pmagic/pmodules/scripts/ and/or if you extract the FileSystem it will run anything placed inside

    /tmp/squashfs-root/root/.config/openbox/autostart.d/*
    • PMagic mkgriso Script - UnTouched

      While I prefer to use ISOMaster to edit ISO's, here is PMagics inhouse mkgriso Script.

      #!/bin/sh
      
      # mkgriso : make isolinux iso
      # ===========================
      
      # Copyright 2013 Patrick J. Verner, Waupaca, WI, USA
      # All rights reserved.
      #
      # Redistribution and use of this script, with or without modification, is
      # permitted provided that the following conditions are met:
      #
      # 1. Redistributions of this script must retain the above copyright
      #    notice, this list of conditions and the following disclaimer.
      #
      #  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
      #  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
      #  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
      #  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
      #  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
      #  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
      #  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
      #  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
      #  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
      #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
      
      # Written by Dick Burggraaff (burdi01)
      
      # ------------------------------------------------------------------------------
      
      # To remaster this ISO do the following:
      
      # Copy the ISO to the current directory:
      # # mkdir /tmp/cdrom
      # # mount -o loop pmagic_2015_08_12.iso /tmp/cdrom
      # # cp -a /tmp/cdrom .
      # # umount /tmp/cdrom
      
      # Apply your changes to cdrom/......
      
      # Run this script:
      # # sh cdrom/mkgriso
      
      # ------------------------------------------------------------------------------
      
      V=pmagic_2015_08_12T ; ISO=$(readlink -f $(dirname $0)/../$V.iso)
      [ ".$1" != "." ]  &&  ISO="$1"                      # for pmagic_save_cd_session
      
      B="-b boot/syslinux/isolinux.bin -c boot/syslinux/isolinux.boot"
      B="$B -no-emul-boot -boot-load-size 4 -boot-info-table"
      
      if [ -x "$(which genisoimage 2> /dev/null)" ]; then
         M=genisoimage
         E="-eltorito-alt-boot -e EFI/boot/efiboot.img -no-emul-boot"
      else
         M=mkisofs
         E=""
      fi
      
      if ! $M -hide-rr-moved -l -v -d -N -R -J -V "Parted Magic" \
              $B $E -o $ISO $(dirname $0) ; then
         exit 1
      fi
      
      [ ".$E" = "." ]  &&  echo ">>> $M does not support efi booting"
      echo ">>> $ISO created"
      exit 0
  • Customizing Ubuntu LiveISO

    This is a bit different then other ISO's. The Ubuntu LiveISO is meant for "checking out" Ubuntu, but they expect you to install it to USB to get persistence, this is not my goal. I want a custom ISO that I can load into RAM that has been modified to suit my needs.

    My main purpose for this is to run TeamViewer in a Ubuntu LiveOS in RAM. But that is another long post regarding remote deployment of server with no admin at the other end.

DD-WRT

  • General DD-WRT
    • Backup or Restore DD-WRT NVRAM.Bin over SSH

      Backing Up:

       nvram backup /tmp/nvram.bin

      Restoring:

    • Change Country Code in DD-WRT Router - Unlock ALL Channels

      Note: Depending on where you live, certain channels are illegal to use, but if you say, move or buy a used router from out of country, this could be usefull. Also I don't think the Gov't is going to show up if you use channel 13 in your basement, but you have been warned!

      Also Note: Some WiFi NIC's are blocked from Accessing channels, so even if you unlock channel 13, your IPad may not connect to it!

    • Create Samba/SMB Share - DD-WRT V3

      Enable USB Via GUI

      Services >> USB >>
      * Core USB Support [ENABLED]
      * USB Printer Suport [DISABLED]
      * USB Storage Supoort [ENABLED]
      * Automatic Drive Mount [ENABLED]
      * Run-on-mount Script Name [BLANK]
      * Mount this partition to /jiffs [BLANK]
      * Mount this partition to /opt [BLANK]
      * Use SES Button to remove drives [DISABLED]?
    • Custom DDNS - DD-WRT - CRON - WGET

      Ok First you need to find an http(s) link that could be used in a browser to update your IP. Ask your DDNS provider. 

      For NameCheap : http://dynamicdns.park-your-domain.com/update?domain=freesoftwareservers.com&password=<DynamicPWD>&host=<Subnet/@/WWW>

      Just Navigate to Administration >> Management >> Cron >> Enable >> Insert code >> Apply Settings

    • Edit DNSMasq.conf from DD-WRT Command Line - CLI

      First to restart DNSMasq use:

      killall dnsmasq
      dnsmasq --conf-file=/tmp/dnsmasq.conf

      There are a few things to note:

    • Enable SSH to DD-WRT with RSA Key

      Go to WebUI >> Services >> Services and then insert key in the format below, just ssh-rsa key in one line of code. Default Username is ROOT!

      ssh-rsa [key]
    • Find Kernel and GCC version - DD-WRT
      cat /proc/version
    • Increase Wireless Signal Strength in DD-WRT Router

      Note: If you increase the Wi-Fi output, but your device has the same output back to router, it doesn't really help now does it? I find this EXTREMELY useful though for using TWO DD-WRT Wireless Repeaters!

      Go to Wireless >> WL# Advanced >> Advanced Settings >> TX Power

      Insert new number, understand this WILL increase the heat your chip creates and therefor lower the lifespan of device. But if your like me, I get new hardware before anything breaks, and the Linksys EA6500 I use was under 50$ on eBay refurbished. I *think* that I have had errors @ 125 in summer where router just stopped working, and I unplugged it to cool down (It was HOT) and then plugged it back in and it worked again, that was before I had a second DD-WRT router to act as the AP for my repeater. Now I have them both at 100 and since it's not trying so hard to talk to the AP I can lower the repeaters TX down to 100 and keep temps down. Depends on where you live, what climate the routers will be in etc etc. AC Server Room, you should be OK. Hawaii in September, maybe not!

    • Resolve Internal Domain Name on DD-WRT Router

      Go to Services >> Services and enable DNSMasq. The Additional DNSMasq Option format is like this:

      address=/machine_or_domain_name/[optional_second_name]/ip_address

      DD-WRT-DNSMasq
       
      I am still a little fuzzy on Local DNS as to what it does and when it should be used. Trail and Error for now!

    • Restart DNSMasq DD-WRT Command Line
      killall dnsmasq
      dnsmasq --conf-file=/tmp/dnsmasq.conf
    • Set Static IP in DD-WRT Router

      Static IP's are set via the MAC Address which can be found in many ways, if the device is connected, you can UnMasq MAC and check the Sys-Info Page under Status. Anyway, lets assume you have your MAC Address(s) ready.

      Go to Services >> Services and under DHCP Server hit Add.

      Fill in MAC Address >> Hostname (Doesn't HAVE to Match, but its good practice) >> IP Address and leave Client Lease Time blank (Blank = Forever)

    • Set up OpenVPN on DD-WRT using Ubuntu Server OpenVPN keys

      # Config DD-WRT for OpenVPN

      [NOTE]This is a WIP. Currently things like remote desktop accross lan, ssh and other things work. But browsing router WebUI/Network Shares do not. But I can remote desktop and then view remote shares.

      - I will remove this when this is 100% working, please comment if you figure it out.

    • Unmasq DD-WRT Sys-Info MAC Address

      Lets say you wanted to set a Static IP in DD-WRT. First you need the MAC Addresses, or perhaps you just want to see who's connected via the Sys-Info Page. Whatever your reason, by default DD-WRT masqs the MAC address under Status >> Sys-Info.

      To unmask the MAC address(s) go to Administration >> Management >> Web Access >> *Disable* "Info Site MAC Masking" >> Apply Settings

    • View All Network Interfaces DD-WRT CLI
      /sbin/ifconfig -a
    • Wireless Repeater Bridge - DD-WRT

      [UPDATES] As I use this a lot, I have learned a few things.

      One, do not configure DHCP/Basic Settings first. Configure one NIC as a repeater and save and then go to Basic Settings, you will notice DHCP is gone and WAN is set to Disabled (if not apply settings before configuring further). It takes care of this for you and correctly configures it. This is better/preferred then manually configuring the basic settings page yourself. This is a GUI glitch IMO, but I love the GUI.

  • Linksys EA-6500
    • Enable Cisco Light Linksys EA6500

      The DD-WRT disables the Cisco Light. But some people like it on, here is how.

      Note: I don't think this has any "if then" statements like it usually would, IE: If Wi-Fi was down it would normally blink, I'm *NOT SURE* but I don't think this will happen via this command. Read LED DD-WRT Scripts for more information and options.

    • Install DD-WRT on Linksys EA6500

      NOTE : THIS IS FOR V1, read comments Regarding V2. Untested as I have V1 only.

      The Linksys EA6500 is a great piece of hardware that came with bad firmware IMO. But its been on eBay refurbished for some time now for ~30$!! So that is a steal, currently I have 2, one as a wireless repeater with the TX increased on both to 100 and it works like a charm! *Read guide at bottom about Wireless Repeaters*

    • Resolve Two 2.4Ghz NICs DD-WRT - Linksys EA6500

      I had to restore OEM Firmware, factory reset, disable SimpleTap (I forget where it is, and I am not going back to OEM!, I think its under Wireless Tab.) Then I uploaded DD-WRT Again... But It worked!

    • Restore Linksys EA6500 Firmware - Bricked - Using TFTP

      Linksys has an official TFTP Utility.

      Set Static IP and Hardwire in. (Attempt a 30-30-30 Reset, but it may not work if truly bricked, Mine was flashing Cisco repeatedly, but this worked and brought back OEM FW)

      Linksys Guide.

E-Mail - Linux

  • MSMTP - Ubuntu - CentOS

    SSMTP is no longer developed, but the two best options I found so far are SSMTP and MSMTP. 

    MSMTP is still developed and is good at forwarding e-mails TO:ROOT onto user@domain.com

    BUT MSMTP doesn't support the "mail -s" command, which everybody knows. 

  • PostFix - Ubuntu - CentOS

    This is a simple PostFix setup for only sending outbound e-mails and forwarding e-mails sent to root.

    Note: For G-Mail you may need to allow un-secure Applications.

    Ubuntu :

  • SSMTP - Ubuntu - CentOS

    SSMTP is no longer developed, but the two best options I found so far are SSMTP and MSMTP. 

    MSMTP is still developed and is good at forwarding e-mails TO:ROOT onto user@domain.com

    BUT MSMTP doesn't support the "mail -s" command, which everybody knows. 

HyperVisors

Jenkins

Linux - Generic

  • Add SSH Host Key to Known_Hosts

    REPLACE DOMAIN

    sshhost=host1
    domain=domain.com
    ssh -oBatchMode=yes -oStrictHostKeyChecking=no fakeuser@$sshhost.$domain 
    ssh -oBatchMode=yes -oStrictHostKeyChecking=no fakeuser@$sshhost

    Remove Offending Entry 

  • Automatically reboot server with high CPU Load - Linux
    cat << 'EOL' >/usr/local/bin/load_checker.sh
    #!/bin/bash
    # Original Script found here
    # https://www.christophe-casalegno.com/2015/07/14/how-to-automatically-take-an-action-if-the-load-average-is-too-high/
    # Modified by FreSoftwareServers
    #
    
    # Variables
    llimit=2
    alert=fresoftwareservers@gmail.com
    
    # Currnet System
    host=`hostname -f`
    date=`date`
    
    # Current Load
    load=`cat /proc/loadavg | awk {'print $1'} | cut -d "." -f1`
    
    echo "$llimit"
    
    if test "$load" -ge "$llimit"
    
    then
    
    
    # Take Immediate Action
    reboot
    
    # Send E-mail Alert and insert into loadavg.log
    echo "The Load Average has reached $load on $host" | mail -s "$host : High Load Average Alert" "$alert"
    echo "$date : The Load Average has reached $load1 and $load2 on $host" >> /var/log/loadavg.log
    
    echo "ok" 1>&2
    
    fi
    EOL
    chmod +x /usr/local/bin/load_checker.sh
    /usr/local/bin/load_checker.sh
  • Bashrc Aliases

    Here are a list of my commonly used Alias's. I always use alias once I get a command to work correctly! Some of these are just improvements like for example alias cp="rysnc ...." overrides the systems use of cp but rysnc is way better!

    [Updated] Rsync is not Always better :-P, turns out rsync over NFS doesn't work well unless you use rsync 192.168.1.42:/files instead of just using rsync over the nfs mounts.

  • BINDing directories

    BINDing directories is similar to creating another Hard Link. I find it useful when say for example, CIFS or Deluge has issues getting too far up the file tree due to permissions. I will create a directory under /srv/samba and bind the high directories. Certain programs see symlinks *soft links* and won't act correctly that is where Bind comes into play!

  • Cannot accept non-LF line endings in 'svn:log' property - SVN Migration
    sed -e '/^svn:log$/,/^PROPS-END$/ s/\x0D/ /' -e '/^svn:ignore$/,/^PROPS-END$/ s/\x0D/\n/' svn.dump > svn.dump.repaired

    Replace carriage return control character (0x0D). It can usually be inserted by typing “CTRL + V, CTRL + M” with Hex Value.

    https://spin.atomicobject.com/2014/09/22/svn-server-migration/

  • Cat Text to File - EOL - Without opening text editor

    To Create a NEW FILE:

    Note: Without quotes around EOL it will expand variables vs put them in script!.

    cat << 'EOL' >/tmp/filename
    echo "this will be the first and only line in /tmp/filename"
    EOL
  • Clone SSH Host Key to new Server

    Remove Offending Entries:

    sed -i '119d' ~/.ssh/known_hosts

    Add Host_Key to new Server:

  • Create Custom UPStart Init.D Script
    nano /etc/init.d/[script]
     /etc/init.d/[script]
    #! /bin/sh
    # This is a generic Init Script
    # This is a comment/note
    
    #Edit these variables!
    #variable1=
    
    
    case "$1" in
      start)
        echo "Description of code for script starting"
        [command1]
        [command2]
        ;;
      stop)
        echo "Description of code run when stopping/shutting down script"
        [command1]
        [command2]
        ;;
      *)
        echo "Usage: /etc/init.d/[script] {start|stop}"
        exit 1
        ;;
    esac
    
    exit 0
  • Cron Troubleshooting

    I recently setup root=sysalert@domain.com at work on all our servers and got a TON of e-mails to start troubleshooting, decided to keep logs in case any of the guides I found ever go down.

  • Dirty Cow

    If you don't have GIT installed, then you need to use an alternative like wget/curl etc.

    git clone https://github.com/gbonacini/CVE-2016-5195
    cd CVE-2016-5195/
    make clean
    make
    ./dcow

    Testing:

  • Disable Laptop Sleep Lid Close - Server - SystemD
    sudo sh -c 'echo "HandleLidSwitch=ignore" >> /etc/systemd/logind.conf' && reboot
    
  • Disable StrictHostKeyChecking SSH

    This does NOT require restart of SSH

    cat << 'EOL'>~/.ssh/config
    Host *
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null
        LogLevel=quiet
    EOL
    chmod 400 ~/.ssh/config

    https://askubuntu.com/questions/87449/how-to-disable-strict-host-key-checking-in-ssh/385187#385187

  • Download Entire YouTube Playlists - Extract Audio - Linux

    https://github.com/rg3/youtube-dl/blob/master/README.md#readme

    sudo curl -L https://yt-dl.org/downloads/latest/youtube-dl -o /usr/local/bin/youtube-dl
    sudo chmod a+rx /usr/local/bin/youtube-dl
    
    youtube-dl #URL

    Thats it, worked for me in under 5 minutes! Love Linux!

  • Find All Local Users

    Non System Accts:

    awk -F'[/:]' '{if ($3 >= 1000 && $3 != 65534) print $1}' /etc/passwd

    All Local Users:

  • Find Grub Version - Grub2 vs Legacy
    grub-install -V

    (If that fails, you are using Legacy)

    grub-install -v  
     
    grub-install (GNU GRUB 1.98-1ubuntu13)
    
    
  • Find is Linux System in BIOS or UEFI
    cat << 'EOL' >biosoruefi.sh
    #!/bin/bash
    [ -d /sys/firmware/efi ] && echo UEFI || echo BIOS
    EOL
    chmod 777 biosoruefi.sh
    ./biosoruefi.sh
  • Find Offending line in Known_Hosts - buffer_get_string_ret: buffer_get failed key_from_blob: can't read key type

    This is related to a corrupted known_hosts file, generally a new line character.

    But ssh user@hostname doesn't help you figure out which line is the issue.

    Try using ssh-key -f "~/.ssh/known_hosts" -R <hostname>

  • Fix Gparted Stuck Searching Partitions - New Disk

    Ok so this may or may not work, just a fix that worked for me!

    Open up terminal (I was using Parted Magic) and type:

    ps -ef | egrep "dosfsck|ntfs"
  • Fix PhP date.timezone is not set
    sudo nano /etc/php5/apache2/php.ini
    You file location may be different, but the below will likely be the same.

    /etc/php5/apache2/php.ini Time Zone Formats

  • Generate Entropy - Ubuntu

    This worked great for me In Ubuntu when working with PGP.

    This is run BEFORE entropy is needed in a separate Terminal then the Entropy One.

    sudo apt-get update && echo y | sudo apt-get install rng-tools && sudo rngd -r /dev/urandom
  • Grant Passwordless Shutdown to a User
    sudo visudo && sudo service sudo restart
    user_name ALL=(ALL) NOPASSWD: /sbin/poweroff, /sbin/reboot, /sbin/shutdown 
  • If service isn't running do - Script
    #!/bin/bash
    
    sleep 30s
    
    success="$(service mysql status | grep SUCCESS)"
    
    while [ -n "$success" ];do
    
    sleep 5s
    
    success="$(service mysql status | grep SUCCESS)"
    
    done
    
    if [ -z "$success" ]; then
    pcs cluster stop
    
    echo "$HOSTNAME was part of the PaceMaker HA Cluster for Virtual_IP, but SQL wasn't running. Please check SQL Cluster" | mail -s "SQL Cluster - Floating IP - Problem Detected" freesoftwareservers@gmail.com
    
    fi
    
    
    nano /usr/local/bin/sql_ip_check.sh
    chmod +x /usr/local/bin/sql_ip_check.sh
  • Installing Linux on BIOS Raid doesn't boot - Cant find root/boot partition

    After installed just fire up a LiveISO. I like Parted Magic.

    edit /etc/grub/grub.conf

    [root@localhost ~]# cat /boot/grub/grub.conf
    # grub.conf generated by anaconda
    #
    # Note that you do not have to rerun grub after making changes to this file
    # NOTICE:  You have a /boot partition.  This means that
    #          all kernel and initrd paths are relative to /boot/, eg.
    #          root (hd1,0)
    #          kernel /vmlinuz-version ro root=/dev/mapper/isw_eajhcidchc_Volume0p3
    #          initrd /initrd-version.img
    #THE BELOW LINE WAS COMMENTED OUT AND UNCOMMENTING IT FIXED THE ISSUE###
    boot=/dev/mapper/isw_baiehbdebb_Volume1
    default=0
    timeout=5
    splashimage=(hd1,0)/grub/splash.xpm.gz
    hiddenmenu
    title CentOS (2.6.18-194.11.1.el5)
            root (hd1,0)
            kernel /vmlinuz-2.6.18-194.11.1.el5 ro root=LABEL=/
            initrd /initrd-2.6.18-194.11.1.el5.img
    [root@localhost ~]#
  • Install NMap - Ubuntu - CentOS
    su root

    Ubuntu

    apt-get -y update
    apt-get install -y make gcc g++
  • Keep VGA Console Always Alive - Grub Param

    Ubuntu

    sudo sed -i 's/\(^GRUB_CMDLINE_LINUX_DEFAULT=\).*/\GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"/' /etc/default/grub && sudo update-grub2 
    sudo sed -i 's/\(^GRUB_CMDLINE_LINUX_DEFAULT=\).*/\GRUB_CMDLINE_LINUX_DEFAULT="consoleblank=0"/' /etc/default/grub && grub2-mkconfig -o /boot/grub2/grub.cfg
  • Mount Disks in FSTAB

    FSTAB is basically a utility that runs mount commands @ boot. You basically take the command line to mount a disk and insert it into FSTAB. But It has a BUNCH of configurable parameters.

    Fstab is also used for mounting things like BINDing Directories.

    I prefer to mount via label, but you can mount via UUID. UUID's can change if you say move the files to a new disk. So I stick with Labels and use GParted  to Label each drive.

  • Parted CLI - GTP - EXT 4 - Properly Alligned
    parted /dev/sdb
    mklabel gpt
    mkpart primary 2048s 100%
    align-check optimal 1
    quit
    mkfs.ext4 /dev/sdb1
  • Pass MYSQL Username and Password via CLI in a FILE - NO USER INTERACTION

    #Password File for SQL

    Parameter:

    --defaults-extra-file=/path/filename
  • Port Forward Vyatta

    Note : Rule # are whatever you want, its just a "label", so are firewall names (I think).

    This translates port 5060 coming in on the public IP to the Private IP on port 5060, doing both tcp and udp.

    configure
    set nat destination rule 42 description SIP_FORWARD_TEST
    set nat destination rule 42 destination address '173.12.182.125'
    set nat destination rule 42 destination port 5060
    set nat destination rule 42 inbound-interface 'eth5'
    set nat destination rule 42 protocol tcp_udp
    set nat destination rule 42 translation address '10.1.8.32'
    set nat destination rule 42 translation port '5060'
    commit
    save
  • Ports and Commands to Open or Close them - FirewallD

    Installing FirewallD CentOS 7

    yum install firewalld -y
    systemctl status iptables
    systemctl stop iptables
    systemctl mask iptables
    systemctl start firewalld
    systemctl enable firewalld.service
    systemctl status firewalld

    NTP:

  • Ports and Commands to Open or Close them - UFW

    UFW(Uncomplicated FireWall) comes pre-installed on Ubuntu 14, but many are moving to FireWallD and IPTables which I will update this as I migrate as well.

    The syntax of UFW Is:

    Ports:

  • PowerPanel PWRSTATD - Confirugations

    XYMon CyberPower Monitoring Ubuntu

    XYMon CyberPower Monitoring CentOS

    Install PWRSTAT

  • Random GREP - SED - AWK - CAT - FIND - XARGS

    Well, hard to think of a title, this will probably only ever get read by me, but its super random search patters with grep/awk and who knows what else

    grep -Eo '[0-9]+' file | sort -rn | head -n 1 = highest number
    grep -o '^[^ ]*' = Grep up till first space
    grep -o '[0-9]*' = grep #'s one per line
    grep -o '"[^"]\+"' >> text.file = Output Grep in double Quotes "RESULTS"
    cut -d' ' -f17,20 = Cut out everything except #'s in one line
    percent=$(awk "BEGIN { pc=100*${var1}/${var2}; i=int(pc); print (pc-i<0.5)?i:i+1 }") # Divide 2 Numbers and set varible to percent
  • Replace drive in MDADM Software Raid

    In this example:

    md0
    sda = failed/replaced
    sdb = working
    "Fail and remove drive from Raid"
  • RSync - Common Flags

    RSync is a great tool!

    To run it in the backgroun use:

    nohup [rysnc command] > nohup.log &
  • RSync Entire FileSystem and Restore on New Server

    Backing up is simple and should be done live, but not under use.

    Borrowed from this Arch Linux Guide, with a bit more troubleshooting I had to do.

    In this example the backup folder is mounted on a separate drive @ /mnt/exthd/rsync.

  • Run Command after Boot - RC.Local & Cron

    There are two ways to do this I currently use.

    A) Use Crontab in conjuction with @reboot (I use this to run a command as a specific user because each user gets a crontab)

    crontab -e
  • Send E-Mail via BusyBox v1.19.4 - CLI - G-Mail and Comcast
    cat << 'EOL'>sendmail_busybox.sh
    #!/bin/sh
    FROM="username@gmail.com"
    AUTH="username"
    PASS="password"
    FROMNAME="Parted Magic LiveISO"
    TO="username@gmail.com"
    IP="$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
    
    SUBJECT="Parted Magic LiveISO Running"
    BODY="The PartedMagic LiveISO is Running a VNC server on $IP:60 PASS_WD=PartedMagic"
    
    SENDMAIL=/sbin/sendmail
    #G-Mail
    SERVER=smtp.gmail.com
    #Comcast Business
    #SERVER=smtp.hmc1.comcast.net
    #Comcast Residential
    #smtp.comcast.net
    PORT=587
    
    echo "Subject: $SUBJECT
    From: \"$FROMNAME\" <$FROM>
    Date: $(date -R)
    
    $BODY
    
    " |  "$SENDMAIL" \
    -H"exec openssl s_client -quiet -connect $SERVER:$PORT -tls1 -starttls smtp" \
    -f"$FROM" -au"$AUTH" -ap"$PASS" $TO 
    EOL
    chmod +x sendmail_busybox.sh
    ./sendmail_busybox.sh
  • Unpack - Unzip - OVA - Linux CLI
    tar -xvf example.ova
  • Vaildate IP and run script or set static IP via dhclient.conf - IP issues Check
    nano ~/valid_ip.sh && chmod 777 ~/valid_ip.sh
    #!/bin/bash
    
    ip=10.1.10.4
    
    if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
      echo "success"
    else
      ifdown eth0 && ifup eth0 && ifconfig
    fi 
    nano /etc/dhcp/dhclient.conf 
  • While Loop that Never Ends - Bash
    #!/bin/bash
    
    start=start
    while [ $start = "start" ]
    do
    
    count=0
    var=true
    while [ $var = "true" ]
    do
    echo "var=$var"
    var=false
    count=$(( $count + 1 ))
    done
    
    
    echo "var=$var"
    echo "Restarting While Loop"
    done

Mac OS

Microsoft Office - VBA - Macros

https://docs.microsoft.com/en-us/office/vba/api/overview/ 

My Tech Toys

Network Monitoring

  • NTop
    • Install and Setup NtoPNG - nprobe collector - Netflow - SQL DB - Ubuntu 14.04

      This is the basic installation which will monitor the local network:

      cat << 'EOL' >n2png_ubuntu14.sh
      wget http://www.nmon.net/apt-stable/14.04/all/apt-ntop-stable.deb
      dpkg -i apt-ntop-stable.deb
      apt-get update
      apt-get -y install pfring nprobe ntopng ntopng-data n2disk nbox nmap mysql-server
      cat << 'LOE' >/etc/ntopng/ntopng.conf
      #Variables
      --interface=eth0
      --http-port=3000
      #Listen on the following network(s), can be comma separated
      --local-networks="10.0.0.0/8,192.168.0.0/16,172.16.0.0/12"
       
      #NetFlow Listening Port for NProbe Flow
      #This is how NProve and Ntopng talk
      --interface="tcp://127.0.0.1:5556"
      
      #Static
      --pid-path=/var/run/ntopng.pid
      --daemon
      --dns-mode=1
      --data-dir=/var/tmp/ntopng
      --disable-autologout
      --sticky-hosts=all 
      --community
       
      #NGinX Proxy
      --http-prefix "/ntop"
      
      #--disable-login=1
      #--disable-alerts
      LOE
      touch /etc/ntopng/ntopng.start
      ufw allow 3000/tcp
      iptables -A INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
      update-rc.d ntopng enable
      echo "#############################################"
      echo "Run netstat -tulpn | grep :3000 after reboot!"
      echo "Visit http://domain.com:3000"
      echo "Default username/password = admin/admin"
      echo "Check out FreeSoftwareServers.com :)"
      echo "#############################################"
      reboot
      EOL
      chmod +x n2png_ubuntu14.sh
      ./n2png_ubuntu14.sh
    • Install Ntop - Debian Squeeze - Vyatta

      Install Debian Squeeze backport repo and then just:

      apt-get install ntop
    • NTop - DD-WRT - RFlow

      Enable RFlow on DD-WRT:

      Services >> RFlow >> Apply Settings

      Install NTop - Ubuntu 

  • Security Monitoring
    • Find all NFS Shares on LAN - NMAP
      nmap 192.168.1.0/24
      Starting Nmap 7.12 ( https://nmap.org ) at 2016-12-15 20:53 EST
      Nmap scan report for accounting.freesoftwareservers.com (192.168.1.217)
      Host is up (0.000018s latency).
      Not shown: 994 closed ports
      PORT     STATE SERVICE
      22/tcp   open  ssh
      25/tcp   open  smtp
      111/tcp  open  rpcbind
      139/tcp  open  netbios-ssn
      445/tcp  open  microsoft-ds
      2049/tcp open  nfs
      MAC Address: 00:0C:29:60:45:75 (VMware)
      
      
    • Find all SMB Shares on LAN
      apt-get install -y smbclient
      smbtree
    • Find Windows Hostname - MAC - From Linux CLI
      nbtscan IP
    • Grep Netstat for IPs excluding local IP - NFS Example

      Example for NFS:

      HOSTIP="$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')"
      NFS="$(netstat -an | grep 2049 | grep "ESTABLISHED" | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep -v "$HOSTIP")"
    • Monitor Currently Mounted NFS exports from Server
      netstat -an | grep 2049 | grep "ESTABLISHED"
      showmount -a

      NFS Monitoring Script 

    • Monitor Currently Mounted SMB Shares from Server
      smbstatus --shares

      SMB Monitoring Script:

      #!/bin/bash
      
      #SMB Mount Monitoring
      SMB=($(smbstatus --shares | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b"))
      
      echo "#####################" >> /tmp/hacker.info
      echo "SMB Mount(s) Mounted!" >> /tmp/hacker.info
      echo "#####################" >> /tmp/hacker.info
      for i in "${SMB[@]}"
       do
              echo "#####################" >> /tmp/hacker.info
              echo "HACKER DETECTED W/ IP $i" >> /tmp/hacker.info
              echo >> /tmp/hacker.info
              nbtscan "$i" >> /tmp/hacker.info
              nslookup "$i" >> /tmp/hacker.info
              arp -a "$i" >> /tmp/hacker.info
              echo >> /tmp/hacker.info
      done
      
      echo "#####################" >> /tmp/hacker.info
      echo "SMB General Information" >> /tmp/hacker.info
      echo >> /tmp/hacker.info
      echo "smbstatus" >> /tmp/hacker.info
      smbstatus >> /tmp/hacker.info
      echo >> /tmp/hacker.info
      echo "End SMB Information" >> /tmp/hacker.info
      echo "#####################" >> /tmp/hacker.info
      
      
    • Monitor Outgoing SSH Attempts with IPTables
      iptables -I OUTPUT -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j LOG --log-prefix "Outgoing SSH connection" && tail -F /var/log/syslog | grep "Outgoing SSH connection"
  • XYMon AKA Hobbit AKA Big Brother
    • 3rd Party XYMon Custom Scripts
    • Compile Latest Source Code - XYMon
    • My XYMon Custom Scripts
      • Adaptec RAID Monitor - XYMon - Ubuntu

        Install ARCConf Ubuntu

        Install ARCConf CentOS

        sudo visudo && sudo service sudo restart
        
      • Asterisk - XYMon - CentOS

        I have 2 Asterisk Check examples, one I use for a simple 1 line setup that makes sure the phone is registered and either "Idle" or "InUse" the other checks for a SIP and Device state is "OK".

        Note: For CentOS 7 you may need to disable the follwing line in /etc/sudoers to run script in Cron.

        #Defaults requiretty
      • Custom Script Template - XYMon

        Does it require Sudo? Grany XYMon PWDless Sudo Access

        sudo visudo && sudo service sudo restart
        
        xymon  ALL=(ALL)      NOPASSWD: /path/2/binary
        
      • CyberPower - UPS Monitoring
      • ESXi 6 - Ram - CPU - Disk Check - NTP - XYMon - Ubuntu

        This is meant to be run from XYMon as a Server-Side Script.

        Many Many Many thanks to the following :

          Creators of pyVmomi :

        https://github.com/vmware/pyvmomi

      • MariaDB - Galera Cluster - XYMon Check

        CentOS:

        http://galeracluster.com/documentation-webpages/monitoringthecluster.html

        In my setup, all "checks" will be done from the SQL Arbitrator VM.

      • MySQL Replication Script - XYMon

        Credit:

        https://gist.github.com/roadst4r/2cb42793c0a7f9a7237a#file-mysql_repl_check-sh
        https://gist.github.com/ssimpson89/7207165
        https://yashwantkumarsingh.wordpress.com/2015/05/06/mysql-replication-monitoring-by-a-bash-script-with-xymon/

        cat << 'EOL' >/etc/xymon/.sqlpwd 
        [mysql] 
        user=[USER] 
        password=[PASSWORD]
      • MYSQL - XYMon - Ubuntu - Simple Select Check
        sudo nano /usr/lib/xymon/client/ext/mysql_select_check.sh
        
        #!/bin/sh
        
        COLUMN=mysql				# THIS IS WHERE XYMON GETS COLUMN NAME
        COLOR=green				# By default, everything is OK
        MSG="SELECT * FROM [TABLENAME] LIMIT 1;" # The comamnd from var
        
        #In this test, if var = empty = RED
        var="$(mysql --defaults-extra-file=/etc/xymon/.sqlpwd -e "SELECT * FROM [TABLENAME] LIMIT 1;")"
        cmd="$(service mysql status)"
        
        if [ -z "$var" ]
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        
        exit 0
        
      • NTop XYMon Monitoring Script

        Ubuntu (This is as if running on XYMon Server)

        See Custom Script template if running on separate host

        cat << 'EOL' >/usr/lib/xymon/client/ext/ntop.sh
        #!/bin/sh
        
        #This tag goes in hosts.cfg
        HOSTTAG=ntop
        COLUMN=$HOSTTAG
        
        ##XYMon Configs -- Leave Alone##
        $XYMONHOME/bin/xymongrep $HOSTTAG | while read L
           do
              set $L# To get one line of output from xymongrep
        
              HOSTIP="$1"
              MACHINEDOTS="$2"
              MACHINE=`echo $2 | $SED -e's/\./,/g'`
        
              COLOR=green
              MSG="$HOSTTAG status for host $MACHINEDOTS"
        
        ##Begin Custom If/Then Script##
        
        #In this test, if var = empty = RED
        var="$(netstat -tulpn | grep nprobe)"
        var1="$(netstat -tulpn | grep ntopng)"
        cmd="$(netstat -tulpn | grep 'ntopng\|nprobe')"
        
        
        if [ -z "$var" ] || [ -z "$var1" ]
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        ""
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        ""
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        done
        
        exit 0
        
        EOL
      • NTP XYMon Script

        Note: XYMon alteady can do NTP checks, and timedatectl isn't on old servers, but I like this output better. If you put an NTP tag in xymon/hosts.cfg it will use IT'S test and not this one, if you do that, you'd need to drop that test and re-do this one.

        Install NTP

        Ubuntu 14 :

      • OpenVPN - XYMon - Ubuntu
        sudo chmod 777 /etc/openvpn/openvpn-status.log
        
        sudo nano /usr/lib/xymon/client/ext/vpn.sh
        
        #!/bin/sh
        
        COLUMN=vpn									# THIS IS WHERE XYMON GETS COLUMN NAME
        COLOR=green									# By default, everything is OK
        MSG="service openvpn status | grep running" # The comamnd from var
        
        #In this test, if var = empty = RED
        
        var="$(service openvpn status | grep running)"
        cmd="$(cat /etc/openvpn/openvpn-status.log)"
        
        if [ -z "$var" ]
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        
        exit 0
        
      • PaceMaker - HA XYMon Script

        This is a very simple script, since the cluster I made this for only has a floating IP resource. I might build a more complicated one at a later date.

        Note: This is for CentOS

        nano /usr/share/xymon-client/ext/ha.sh
      • SmartTools Monitor for XYMon
      • TeamViewer - XYMon - Ubuntu
        sudo visudo && sudo service sudo restart
        
        xymon  ALL=(ALL)      NOPASSWD: /usr/bin/teamviewer
        
        sudo nano /usr/lib/xymon/client/ext/teamviewer.sh
        
      • XYMon - Monitor Git-Daemon Status

        This is for Ubuntu 16 as thats what I am using ATM.

        cat << 'EOL' >/usr/lib/xymon/client/ext/git.sh
        #!/bin/sh
        
        COLUMN=git			
        COLOR=green				
        MSG="Git-Daemon Status Check" 
        
        #In this test, if var = empty = RED
        var="$(service git-daemon status | grep running)"
        cmd="$(service git-daemon status)"
        
        
        if [ -z "$var" ]
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        ""
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        ""
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        
        exit 0
        
        EOL
        
        sudo chown xymon:xymon /usr/lib/xymon/client/ext/git.sh
        sudo chmod 777 /usr/lib/xymon/client/ext/git.sh
        cat << 'EOL' >/etc/xymon/clientlaunch.d/git.cfg
        [git]
         ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
         CMD $XYMONCLIENTHOME/ext/git.sh
         LOGFILE $XYMONCLIENTHOME/logs/git.log
         INTERVAL 15m
        EOL
        sudo chmod 777 /etc/xymon/clientlaunch.d/*
        sudo chown xymon:xymon /etc/xymon/clientlaunch.d/*
        /usr/lib/xymon/client/bin/xymoncmd /usr/lib/xymon/client/ext/git.sh
      • XYMon - Simple Monitor NFS Mount

        CentOS:

        cat << 'EOL' >/usr/share/xymon-client/ext/nfs.sh
        #!/bin/sh
        
        COLUMN=nfs                             
        COLOR=green                             
        MSG="NFS Status"  
        
        #In this test, if var = empty = RED
        var="$(netstat -an | grep 2049 | grep "ESTABLISHED")"
        cmd="$(netstat -an | grep 2049)"
        
        if [ -z "$var" ] 
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        ""
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        ""
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        
        exit 0
        EOL
        
        
        chown xymon:xymon /usr/share/xymon-client/ext/nfs.sh
        chmod 777 /usr/share/xymon-client/ext/nfs.sh
         
        
        cat << 'EOL' >/etc/xymon-client/client.d/nfs.cfg
        [nfs]
         ENVFILE $XYMONCLIENTHOME/etc/xymonclient.cfg
         CMD $XYMONCLIENTHOME/ext/nfs.sh
         LOGFILE $XYMONCLIENTHOME/logs/nfs.log
         INTERVAL 15m
        EOL
         
        chown xymon:xymon /etc/xymon-client/client.d/nfs.cfg
        chmod 777 /etc/xymon-client/client.d/nfs.cfg
        
        /usr/share/xymon-client/bin/xymoncmd /usr/share/xymon-client/ext/nfs.sh
        
        /etc/init.d/xymon-client restart
      • Zabbix XYMon Monitoring Script

        Ubuntu (This is as if running on XYMon Server)

        See Custom Script template if running on separate host

        cat << 'EOL' >/usr/lib/xymon/client/ext/zabbix.sh
        #!/bin/sh
        
        #This tag goes in hosts.cfg
        HOSTTAG=zabbix
        COLUMN=$HOSTTAG
        
        ##XYMon Configs -- Leave Alone##
        $XYMONHOME/bin/xymongrep $HOSTTAG | while read L
           do
              set $L# To get one line of output from xymongrep
        
              HOSTIP="$1"
              MACHINEDOTS="$2"
              MACHINE=`echo $2 | $SED -e's/\./,/g'`
        
              COLOR=green
              MSG="$HOSTTAG status for host $MACHINEDOTS"
        
        ##Begin Custom If/Then Script##
        
        #In this test, if var = empty = RED
        var="$(netstat -tulpn | grep zabbix_server)"
        var1="$(netstat -tulpn | grep zabbix_agent)"
        cmd="$(netstat -tulpn | grep zabbix)"
        
        
        if [ -z "$var" ] || [ -z "$var1" ]
        
        then
        
        COLOR=red
        MSG="${MSG}
        FAILED
        ""
        "${cmd}"
        "
        else
        
        MSG="${MSG}
        SUCCESS
        ""
        "${cmd}"
        "
        fi
        
        # Leave the rest of script alone
        # Tell Xymon about it
        $XYMON $XYMSRV "status $MACHINE.$COLUMN $COLOR `date`
        
        ${MSG}
        "
        done
        
        exit 0
        
        EOL
      • ZoneMinder - XYMon - Ubuntu
        sudo visudo && sudo service sudo restart
        
        xymon   ALL=(ALL) NOPASSWD:ALL
        
        sudo nano /usr/lib/xymon/client/ext/zoneminder.sh
        
    • Tips and Tricks


      Simple check for script that outputs goot/bad.html on XYMon-Server:

      I then created a localhost with an descriptive name for an http check.

      127.0.0.1 API-TEST # http://127.0.0.1/good.html

      Simple but it works!

    • XYMon-Client
      • CentOS - RHEL
        • XYMon-Client CentOS 6 - WGET 4.3.10

          CentOS 6 (Not Test on 5)

          wget http://heanet.dl.sourceforge.net/project/xymon/Xymon/4.3.10/RHEL6/xymon-client-4.3.10-1.x86_64.rpm
          rpm -Uvh xymon-client*.rpm
          

          Configure Host:

        • XYMon-Client CentOS 7 - YUM

          CentOS 7

          nano /etc/yum.repos.d/xymon.repo &&  yum install epel-release.noarch -y && yum install xymon-client.x86_64 -y
          

          /etc/yum.repos.d/xymon.repo

      • Install XYMon-Client Windows

        Many Thanks to JMac for his guide I am basically just copying.

        Project has been dead for some time, but is hosted @ SourceForge. Lastest Version is v.13 ATM. (7-31-16).

        Since this project seems dead, I am hosting my own 7zip file with the installer + a reg file to easily change host-name.

      • Install XYMon Vyatta

        Just add Debian Repo then....

        apt-get install xymon-client
      • OpenSuse - SLES

        These Repo's seem to be updated with the latest client, and I don't use SLES much. Infact only with the VMA for VMWare, but it was so easy to find the repos, if all OpenSuse pages are like this, I'd almost want to switch! (I'm too far dedicated to Ubuntu at the moment though, so I'd need a good reason!)

      • Ubuntu - Debian
        • XYMon-Client APT-GET

          Note Client is really old, I rec installing newer version, I have pre-compiled deb w/ init.d scripts in a zip.

          Replace :

          CLIENTHOSTNAME="###########" 
        • XYMon-Client Compiled Deb

          This is where I will keep Compiled Deb's + init.d scripts in zips + install links. If you want you can Compile Deb Yourself.

          sudo su
          
          apt-get update
          apt-get install -y wget unzip
          cd ~
          rm xymon-client*.deb
          wget https://www.freesoftwareservers.com/wiki/files/3965361/10649781/1/1485784808484/XYMon_Client_4.3.27.zip
          unzip XYMon*.zip
          
          cd XYMon-Client*
    • XYMon-Server
      • Install XYMon-Server Ubuntu

        Note: I will always use Ubuntu for the Server, not only am I comfortable with Ubuntu, but the package maintainer seems to be as well. I will however have lots of guides for Clients since all clients should be monitored!

        • Add UPTIME Column for all Linux Guests

          Just add "--uptime-status" to /etc/xymon/tasks.cfg and it will add it for all servers!

          nano /etc/xymon/tasks.cfg && service xymon restart

          Find:

        • APT-GET Install XYMon - Ubuntu
          sudo apt-get update && sudo apt-get install -y apache2 php5 libapache2-mod-php5 php5-mcrypt xymon
          
          sudo ufw allow 1984/tcp && sudo ufw allow 1984/udp
          sudo cp /etc/apache2/conf.d/xymon /etc/apache2/conf-available/xymon.conf
          sudo ln -s /etc/apache2/conf-available/xymon.conf /etc/apache2/conf-enabled/
          sudo ln -s /etc/apache2/mods-available/authz_groupfile.load /etc/apache2/mods-enabled/
          sudo ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled/
          sudo ln -s /etc/apache2/mods-available/cgi.load /etc/apache2/mods-enabled/
          sudo ln -s /var/lib/xymon /var/www/html/xymon
          sudo nano /etc/apache2/conf-available/xymon.conf
          
        • Install XYMon - Compiled 4.3.27 Version - Ubuntu 14

          Note: I had issues with installing this, thankfully the client seems to work fine. I have included a tar file with the missing html files that don't seem to appear in /var/lib/xymon/www/. You can try skipping the line that cp *html /var/lib/xymon/www and see if it works for you! If not, just CP over the files. It will be a little weird, but you will see my home XYMon page for a few minutes till XYMon refreshes, then you will just see the XYMon host itself. Make sure /etc/default/xymon and /etc/xymon/hosts.cfg match!

  • Zabbix

Network Protocols

PHP

Raspberry Pi - Raspbian OS

Structured Query Language (SQL)

  • General SQL
  • Install PHPMyAdmin

    Ubuntu 16

    cat << 'EOL' >phpmyadmin.sh
    sudo apt-get update
    sudo apt-get install -y phpmyadmin php-mbstring php-gettext
    sudo phpenmod mcrypt
    sudo phpenmod mbstring
    sudo systemctl restart apache2
    EOL
    chmod +x phpmyadmin.sh
    ./phpmyadmin.sh

    CentOS 7

  • MariaDB
  • MySQL
    • Comments Removed - Default My.CNF - Ubuntu 14 Default

      This was created from a default Ubuntu 14 MySQL Installation

      cat << 'EOL'>/etc/mysql/my.cnf
      #
      # The MySQL database server configuration file.
      #
      [client]
      port            = 3306
      socket          = /var/run/mysqld/mysqld.sock
      
      [mysqld_safe]
      socket          = /var/run/mysqld/mysqld.sock
      nice            = 0
      
      [mysqld]
      bind-address            = 127.0.0.1
      #log_bin                        = /var/log/mysql/mysql-bin.log
      #binlog_do_db           = include_database_name
      #server-id              = 1
      
      
      user            = mysql
      pid-file        = /var/run/mysqld/mysqld.pid
      socket          = /var/run/mysqld/mysqld.sock
      port            = 3306
      basedir         = /usr
      datadir         = /var/lib/mysql
      tmpdir          = /tmp
      lc-messages-dir = /usr/share/mysql
      skip-external-locking
      skip-external-locking
      
      
      key_buffer              = 16M
      max_allowed_packet      = 16M
      thread_stack            = 192K
      thread_cache_size       = 8
      myisam-recover         = BACKUP
      #max_connections        = 100
      #table_cache            = 64
      #thread_concurrency     = 10
      query_cache_limit       = 1M
      query_cache_size        = 16M
      log_error = /var/log/mysql/error.log
      #log_slow_queries       = /var/log/mysql/mysql-slow.log
      #long_query_time = 2
      #log-queries-not-using-indexes
      
      expire_logs_days        = 10
      max_binlog_size         = 100M
      #binlog_ignore_db       = include_database_name
      #ssl-ca=/etc/mysql/cacert.pem
      #ssl-cert=/etc/mysql/server-cert.pem
      #ssl-key=/etc/mysql/server-key.pem
      
      [mysqldump]
      quick
      quote-names
      max_allowed_packet      = 16M
      
      [mysql]
      #no-auto-rehash 
      
      [isamchk]
      key_buffer              = 16M
      
      !includedir /etc/mysql/conf.d/
      EOL
      
      
    • Execute MySQL Command from CLI

      Flags:

      -h = remote host = default is localhost
      -u = username = default is root
      -p = prompt for username 
      -ppassword = password in CLI
      -e = exec
      "database" = specify Database
      mysql -h "hostaddress" -u "username" -p "database-name" -e "CMDS"
    • Install MySQL 5.7 on Ubuntu 14
      cat << 'EOL' >installmysql5.7ubuntu14.sh
      wget http://dev.mysql.com/get/mysql-apt-config_0.6.0-1_all.deb
      dpkg -i mysql-apt-config_0.6.0-1_all.deb
      apt-get update
      apt-get install mysql-server
      EOL
      chmod +x installmysql5.7ubuntu14.sh
      ./installmysql5.7ubuntu14.sh
    • MySQL - Replication Setup Scripts

      Master Setup

      cat << 'EOL' >/root/sqlmaster.sh
      #!/bin/bash
      
      MASTER=192.168.1.211
      DATABASE=newdatabase
      SLAVEUSER=root
      SLAVEHOST=sql2.freesoftwareservers.com
      PASSWORD=password
      SERVERID=1
       
      
      apt-get update
      apt-get install -y mysql-server mysql-client
      service mysql start
      
      sed -i '/bind-address/s/^#//g' /etc/mysql/my.cnf    
      sed -i -e "s/127.0.0.1/ $MASTER/g" /etc/mysql/my.cnf
      sed -i '/server-id/s/^#//g' /etc/mysql/my.cnf 
      sed -i -e "s/= 1/= $SERVERID/g" /etc/mysql/my.cnf
      sed -i '/log_bin/s/^#//g' /etc/mysql/my.cnf 
      sed -i '/binlog_do_db/s/^#//g' /etc/mysql/my.cnf 
      sed -i -e "s/include_database_name/ $DATABASE/g" /etc/mysql/my.cnf 
      
      service mysql stop
      service mysql start
      
      mysql -p"$PASSWORD" -e "GRANT REPLICATION SLAVE ON *.* TO '$SLAVEUSER'@'$SLAVEHOST' IDENTIFIED BY '$PASSWORD';FLUSH PRIVILEGES;"
      mysql -p"$PASSWORD" -e "CREATE DATABASE $DATABASE;FLUSH TABLES WITH READ LOCK;"
      POS=`mysql -p"$PASSWORD" -A --skip-column-names -e"SHOW MASTER STATUS;" | awk '{print $2}'`
      mysqldump -p"$PASSWORD" --opt "$DATABASE" > "$DATABASE".sql
      mysql -p"$PASSWORD" -e "UNLOCK TABLES;"
      echo
      echo "DONT FORGET TO CHANGE POS IN SECOND SCRIPT!!!!!!"
      echo "You need to set $POS in second script, so write it down!"
      echo "DONT FORGET TO CHANGE POS IN SECOND SCRIPT!!!!!!"
      echo
      scp -oStrictHostKeyChecking=no "$DATABASE".sql "$SLAVEUSER"@"$SLAVEHOST":/tmp/
      EOL
      chmod +x /root/sqlmaster.sh
      /root/sqlmaster.sh
    • Test Remote SQL Access
      mysql -u root -p -h 192.168.1.211

Ubuntu-Debian

Note: I mostly use Ubuntu, but its Debian Based!

  • Emby
  • FFMPEG
    • Add or Remove Audio and Add or Remove Subtitles Recursively with FFMPEG

      This script is for removing unwanted audio streams or subtitle streams, or adding subtitles, and also has the capability to merge 2 files keep the video from one and the audio from the other!

      Note: This script DOES NOT CONVERT anything, as that takes a lot of time and always looses quality. The point of this script is to be extremely fast. It almost certainly requires the use of FileBot FileRenamer.

    • Install FFMPEG Ubuntu 14.04 Server

      Note that FFMPeg doesn't seem to have official repositories, so the links may not work. If it fails, please comment and I will research newer methods!

      --Older (What I use)

      echo "" | sudo add-apt-repository ppa:fnu/main-fnu && sudo apt-get update && echo y | sudo apt-get dist-upgrade && sudo apt-get install -y ffmpeg
  • General Ubuntu-Debian
  • HandBrake
  • Kodi - Ubuntu
  • MDADM
  • Networking
  • PleX
  • Security
    • Fail2Ban
      • Fail2ban monitor HTPASSWD / HTACCESS authorization

        Install Fail2Ban and look for this option in jail.local
         

        #
        # HTTP servers
        #
        
        [apache]
        
        enabled  = true
        port     = http,https
        filter   = apache-auth
        logpath  = /var/log/apache*/*error.log
        maxretry = 2
        Always test by trying to block yourself. A good place to look is
        
      • Install and Configure Fail2Ban - Ubuntu
        sudo apt-get install -y fail2ban && sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local && sudo nano /etc/fail2ban/jail.local && sudo service fail2ban restart

        The jail.local is well commented, read through and enable what you need!

  • TeamViewer
  • Untouched Default Files
    • Untouched 000-default.conf - Ubuntu Server 14.04 x64
              # The ServerName directive sets the request scheme, hostname and port that
              # the server uses to identify itself. This is used when creating
              # redirection URLs. In the context of virtual hosts, the ServerName
              # specifies what hostname must appear in the request's Host: header to
              # match this virtual host. For the default virtual host (this file) this
              # value is not decisive as it is used as a last resort host regardless.
              # However, you must set it for any further virtual host explicitly.
              #ServerName www.example.com
      
              ServerAdmin webmaster@localhost
              DocumentRoot /var/www/html
      
              # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
              # error, crit, alert, emerg.
              # It is also possible to configure the loglevel for particular
              # modules, e.g.
              #LogLevel info ssl:warn
      
              ErrorLog ${APACHE_LOG_DIR}/error.log
              CustomLog ${APACHE_LOG_DIR}/access.log combined
      
              # For most configuration files from conf-available/, which are
              # enabled or disabled at a global level, it is possible to
              # include a line for only one particular virtual host. For example the
              # following line enables the CGI configuration for this host only
              # after it has been globally disabled with "a2disconf".
              #Include conf-available/serve-cgi-bin.conf
      
      
      # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
      
      
    • Untouched - Default .bashrc - Ubuntu 14.04
      sudo rm ~/.bashrc && sudo nano ~/.bashrc && sudo chown $USER:$USER ~/.bashrc && sudo chmod 644 ~/.bashrc && sudo source ~/.bashrc
      # ~/.bashrc: executed by bash(1) for non-login shells.
      # see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
      # for examples
      
      # If not running interactively, don't do anything
      case $- in
          *i*) ;;
            *) return;;
      esac
      
      # don't put duplicate lines or lines starting with space in the history.
      # See bash(1) for more options
      HISTCONTROL=ignoreboth
      
      # append to the history file, don't overwrite it
      shopt -s histappend
      
      # for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
      HISTSIZE=1000
      HISTFILESIZE=2000
      
      # check the window size after each command and, if necessary,
      # update the values of LINES and COLUMNS.
      shopt -s checkwinsize
      
      # If set, the pattern "**" used in a pathname expansion context will
      # match all files and zero or more directories and subdirectories.
      #shopt -s globstar
      
      # make less more friendly for non-text input files, see lesspipe(1)
      [ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
      
      # set variable identifying the chroot you work in (used in the prompt below)
      if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
          debian_chroot=$(cat /etc/debian_chroot)
      fi
      
      # set a fancy prompt (non-color, unless we know we "want" color)
      case "$TERM" in
          xterm-color) color_prompt=yes;;
      esac
      
      # uncomment for a colored prompt, if the terminal has the capability; turned
      # off by default to not distract the user: the focus in a terminal window
      # should be on the output of commands, not on the prompt
      #force_color_prompt=yes
      
      if [ -n "$force_color_prompt" ]; then
          if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
              # We have color support; assume it's compliant with Ecma-48
              # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
              # a case would tend to support setf rather than setaf.)
              color_prompt=yes
          else
              color_prompt=
          fi
      fi
      
      if [ "$color_prompt" = yes ]; then
          PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
      else
          PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
      fi
      unset color_prompt force_color_prompt
      
      # If this is an xterm set the title to user@host:dir
      case "$TERM" in
      xterm*|rxvt*)
          PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
          ;;
      *)
          ;;
      esac
      
      # enable color support of ls and also add handy aliases
      if [ -x /usr/bin/dircolors ]; then
          test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
          alias ls='ls --color=auto'
          #alias dir='dir --color=auto'
          #alias vdir='vdir --color=auto'
      
          alias grep='grep --color=auto'
          alias fgrep='fgrep --color=auto'
          alias egrep='egrep --color=auto'
      fi
      
      # some more ls aliases
      alias ll='ls -alF'
      alias la='ls -A'
      alias l='ls -CF'
      
      # Add an "alert" alias for long running commands.  Use like so:
      #   sleep 10; alert
      alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
      
      # Alias definitions.
      # You may want to put all your additions into a separate file like
      # ~/.bash_aliases, instead of adding them here directly.
      # See /usr/share/doc/bash-doc/examples in the bash-doc package.
      
      if [ -f ~/.bash_aliases ]; then
          . ~/.bash_aliases
      fi
      
      # enable programmable completion features (you don't need to enable
      # this, if it's already enabled in /etc/bash.bashrc and /etc/profile
      # sources /etc/bash.bashrc).
      if ! shopt -oq posix; then
        if [ -f /usr/share/bash-completion/bash_completion ]; then
          . /usr/share/bash-completion/bash_completion
        elif [ -f /etc/bash_completion ]; then
          . /etc/bash_completion
        fi
      fi
      
      
      
      
    • Untouched default-ssl.conf - Ubuntu Server 14.04 x64
              
                      ServerAdmin webmaster@localhost
      
                      DocumentRoot /var/www/html
      
                      # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
                      # error, crit, alert, emerg.
                      # It is also possible to configure the loglevel for particular
                      # modules, e.g.
                      #LogLevel info ssl:warn
      
                      ErrorLog ${APACHE_LOG_DIR}/error.log
                      CustomLog ${APACHE_LOG_DIR}/access.log combined
      
                      # For most configuration files from conf-available/, which are
                      # enabled or disabled at a global level, it is possible to
                      # include a line for only one particular virtual host. For example the
                      # following line enables the CGI configuration for this host only
                      # after it has been globally disabled with "a2disconf".
                      #Include conf-available/serve-cgi-bin.conf
      
                      #   SSL Engine Switch:
                      #   Enable/Disable SSL for this virtual host.
                      SSLEngine on
      
                      #   A self-signed (snakeoil) certificate can be created by installing
                      #   the ssl-cert package. See
                      #   /usr/share/doc/apache2/README.Debian.gz for more info.
                      #   If both key and certificate are stored in the same file, only the
                      #   SSLCertificateFile directive is needed.
                      SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
                      SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
      
                      #   Server Certificate Chain:
                      #   Point SSLCertificateChainFile at a file containing the
                      #   concatenation of PEM encoded CA certificates which form the
                      #   certificate chain for the server certificate. Alternatively
                      #   the referenced file can be the same as SSLCertificateFile
                      #   when the CA certificates are directly appended to the server
                      #   certificate for convinience.
                      #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
      
                      #   Certificate Authority (CA):
                      #   Set the CA certificate verification path where to find CA
      #   certificates for client authentication or alternatively one
                      #   huge file containing all of them (file must be PEM encoded)
                      #   Note: Inside SSLCACertificatePath you need hash symlinks
                      #                to point to the certificate files. Use the provided
                      #                Makefile to update the hash symlinks after changes.
                      #SSLCACertificatePath /etc/ssl/certs/
                      #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
      
                      #   Certificate Revocation Lists (CRL):
                      #   Set the CA revocation path where to find CA CRLs for client
                      #   authentication or alternatively one huge file containing all
                      #   of them (file must be PEM encoded)
                      #   Note: Inside SSLCARevocationPath you need hash symlinks
                      #                to point to the certificate files. Use the provided
                      #                Makefile to update the hash symlinks after changes.
                      #SSLCARevocationPath /etc/apache2/ssl.crl/
                      #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
      
                      #   Client Authentication (Type):
                      #   Client certificate verification type and depth.  Types are
                      #   none, optional, require and optional_no_ca.  Depth is a
                      #   number which specifies how deeply to verify the certificate
                      #   issuer chain before deciding the certificate is not valid.
                      #SSLVerifyClient require
                      #SSLVerifyDepth  10
      
                      #   SSL Engine Options:
                      #   Set various options for the SSL engine.
                      #   o FakeBasicAuth:
                      #        Translate the client X.509 into a Basic Authorisation.  This means that
                      #        the standard Auth/DBMAuth methods can be used for access control.  The
                      #        user name is the `one line' version of the client's X.509 certificate.
                      #        Note that no password is obtained from the user. Every entry in the user
                      #        file needs this password: `xxj31ZMTZzkVA'.
                      #   o ExportCertData:
                      #        This exports two additional environment variables: SSL_CLIENT_CERT and
                      #        SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
                      #        server (always existing) and the client (only existing when client
                      #        authentication is used). This can be used to import the certificates
                      #        into CGI scripts.
                      #   o StdEnvVars:
                      #        This exports the standard SSL/TLS related `SSL_*' environment variables.
                      #        Per default this exportation is switched off for performance reasons,
       #        because the extraction step is an expensive operation and is usually
                      #        useless for serving static content. So one usually enables the
                      #        exportation for CGI and SSI requests only.
                      #   o OptRenegotiate:
                      #        This enables optimized SSL connection renegotiation handling when SSL
                      #        directives are used in per-directory context.
                      #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                      <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                      SSLOptions +StdEnvVars
                      
                      
                                      SSLOptions +StdEnvVars
                      
      
                      #   SSL Protocol Adjustments:
                      #   The safe and default but still SSL/TLS standard compliant shutdown
                      #   approach is that mod_ssl sends the close notify alert but doesn't wait for
                      #   the close notify alert from client. When you need a different shutdown
                      #   approach you can use one of the following variables:
                      #   o ssl-unclean-shutdown:
                      #        This forces an unclean shutdown when the connection is closed, i.e. no
                      #        SSL close notify alert is send or allowed to received.  This violates
                      #        the SSL/TLS standard but is needed for some brain-dead browsers. Use
                      #        this when you receive I/O errors because of the standard approach where
                      #        mod_ssl sends the close notify alert.
                      #   o ssl-accurate-shutdown:
                      #        This forces an accurate shutdown when the connection is closed, i.e. a
                      #        SSL close notify alert is send and mod_ssl waits for the close notify
                      #        alert of the client. This is 100% SSL/TLS standard compliant, but in
                      #        practice often causes hanging connections with brain-dead browsers. Use
                      #        this only for browsers where you know that their SSL implementation
                      #        works correctly.
                      #   Notice: Most problems of broken clients are also related to the HTTP
                      #   keep-alive facility, so you usually additionally want to disable
                      #   keep-alive for those clients, too. Use variable "nokeepalive" for this.
                      #   Similarly, one has to force some clients to use HTTP/1.0 to workaround
                      #   their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
                      #   "force-response-1.0" for this.
                      BrowserMatch "MSIE [2-6]" \
                                      nokeepalive ssl-unclean-shutdown \
                                      downgrade-1.0 force-response-1.0
                      # MSIE 7 and newer should be able to use keepalive
                      BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
      
              
      
      
      # vim: syntax=apache ts=4 sw=4 sts=4 sr noet
      
      
      
  • ZoneMinder

VoIP

Web-Browser

This stuff had no real category, as the guides really only apply to stuff you do in a web-browser which is OS independent.

Windows

WordPress

  • Backup WordPress Sites with CRON
  • Change WordPress URL and Fix broken Images

    So I have my own server, so I have access to all permissions, etc also I know that no other admin changed anything. Through trial and error I found this to be the only way to properly change site URL.

    Modify wp-config.php

    define('WP_HOME','http://example.com');
    define('WP_SITEURL','http://example.com');
  • Fail2Ban WordPress Installation

    There are plugin's for this, but it is not needed!

    cd /etc/fail2ban/filter.d && sudo nano wordpress.conf && sudo service fail2ban restart
    # Fail2Ban configuration file
    #
    # Author: Charles Lecklider
    #
    
    [INCLUDES]
    
    # Read common prefixes. If any customizations available -- read them from
    # common.local
    before = common.conf
    
    
    [Definition]
    
    _daemon = wordpress
    
    # Option:  failregex
    # Notes.:  regex to match the password failures messages in the logfile. The
    #          host must be matched by a group named "host". The tag "<HOST>" can
    #          be used for standard IP/hostname matching and is only an alias for
    #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
    # Values:  TEXT
    #
    failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
                ^%(__prefix_line)sBlocked authentication attempt for .* from <HOST>$
                ^%(__prefix_line)sBlocked user enumeration attempt from <HOST>$
                ^%(__prefix_line)sPingback requested from <HOST>$
    
    # Option:  ignoreregex
    # Notes.:  regex to ignore. If this regex matches, the line is ignored.
    # Values:  TEXT
    #
    ignoreregex =
    
    [wordpress]
    enabled = true
    filter = wordpress
    logpath = /var/log/auth.log
    port = http,https
  • Installing WordPress - Ubuntu

    This guide is probably not necessary, but more for my reference. WordPress is extremely simple to install and their guides are easy to follow. But here we go!

    Note: WordPress does not get installed, its downloaded and moved somewhere Apache can serve it. This makes it very easy to have multiple WordPress installs on one server!

  • Install Wordpress - CentOS 7

    Pre-Req :

    You need a user who isn't root who can run Sudo, if needed use the following:

    adduser wordpress && passwd wordpress && gpasswd -a wordpress wheel
  • Self Hosted Site Uploading
  • Styling Options


  • No labels