Tag Archives | Linux

My WSL/BASH setup

Not sure if this a “Bootstrap” or not, but I wanted to have my WSL/Bash home directory match my windows home directory. This is the code that I use when I setup a new WSL/BASH instance.

This will find your home directory via PowerShell and put it in a variable “$WINHOME”.

Then I make make soft links to the directories in my “My Documents”.

Finally, I add the first part to my .bashrc. (lines 1-4)


WINHOME=/mnt/$(powershell.exe -noprofile -noninteractive -command '& {(gci env:USERPROFILE).Value}')
WINHOME=$(echo $WINHOME | sed 's/\\/\//g' | sed 's/\r$//' | sed 's/\://g' )
WINHOME=$(echo ${WINHOME/C/c})
export WINHOME=$WINHOME

ln -s $WINHOME/Documents
ln -s $WINHOME/Downloads
0

My SSL/Certificate Cheatsheet

Whenever a certificate needs to be renewed, I always have to scramble to remember how to update/renew. I finally put a cheat sheet together.

I decided I will do all cert related stuff form Linux. Here are some commands:

To request a new csr with a new key:

openssl req -newkey rsa:2048 -keyout yourcompany.com.key -out yourcompany.com.csr

Generating a 2048 bit RSA private key
.............................................................................................+++
.............+++
writing new private key to 'stratgovadvisors.com'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company name
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:*.yourcompany.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

To request a new csr with an existing key:

openssl req -new -key yourcompany.com.key -out yourcompany.com.csr 

To make a PFX form a Private key and a cert:

openssl pkcs12 -export -out yourcompany.com.pfx -inkey yourcompany.com.key -in yourcompany.com.crt

To extract Private key and Cert from a PFX (3 steps)

Export the private key

openssl pkcs12 -in yourcompany.com.pfx -nocerts -out yourcompany.com.pem -nodes

Export the certificate

openssl pkcs12 -in yourcompany.com.pfx -nokeys -out yourcompany.com.crt

Remove the passphrase from the private key

openssl rsa -in yourcompany.com.pem -out yourcompany.com.key 
0

Using Let’s Encrypt, cerbot-auto with Apache on CentOS 6

There are plenty of better documented examples out there, so this is more of a note to self.

cd /opt
mkdir YourDir
cd YourDir/
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

/certbot-auto --apache certonly -d www.FirstDomain.com -d FirstDomain.com -d www.SecondDoamin.com -d SecondDoamin.com -d www.ThirdDoamin.com -d ThirdDoamin.com -d www.FourthDomain.com -d FourthDomain.com

The name on the cert will be the first domain you list int he command above. All the other names will be part of the SAN cert.

And to renew, cron this up:
/opt/YourDir/certbot-auto renew

0

BASH script to change the Security Keys and SALTs in a wp-config.php file

I wanted to automatically change the Security Keys/SALTS when provisioning a new WordPress site. WordPress.com has a service that spits back random values. (https://api.wordpress.org/secret-key/1.1/salt/). The script below CURLs the values and then modifies a wp-config.php file with the new random values.

SALTS=$(curl -s https://api.wordpress.org/secret-key/1.1/salt/)
while read -r SALT; do
SEARCH="define('$(echo "$SALT" | cut -d "'" -f 2)"
REPLACE=$(echo "$SALT" | cut -d "'" -f 4)
echo "... $SEARCH ... $SEARCH ..."
sed -i "/^$SEARCH/s/put your unique phrase here/$(echo $REPLACE | sed -e 's/\\/\\\\/g' -e 's/\//\\\//g' -e 's/&/\\\&/g')/" /Path/To/Your/wp-config.php
done <<< "$SALTS"

Don’t remember where I got the pieces of this, but here it is, I have been using it for a while and it seems to work well.
Hope that helps someone.

My Debian/Raspberry Pi cheat sheet (translations from CentOS)

I have worked on Solaris and RedHat/CentOS (although Solaris was many years ago, so I  should just admit that I no longer know where anything is). I find Debian to be a different dialect than RedHat. This post is going to serve as my translation cheat sheet.

  1. I use the  bash complete string below with ssh and ping. It was not working under Debain. Turns out that the host names are hashed in the known_hosts files under Debian. I had to add “HashKnownHosts no” to my .ssh/config and then re-populate the known_hosts file.
    complete -W "$(sed -e 's/^  *//' -e '/^#/d' -e 's/[, ].*//' -e '/\[/d' ~/.ssh/known_hosts | sort -u)" ssh ping
    
  2. Debian on arm does not seem to have sysvconfig so I need to go into /etc/init.d/script name to start,stop,restart,status a service
  3. To stop a service from running at boot “update-rc.d -f smb remove” (chkconfig smb off)
  4. To start a service at boot “update-rc.d nfs defaults” (chkconfig nsf off)
  5. cat /etc/debian_version = cat /etc/redhat-release
  6. More to come

Update DynDNS from the command line

My router is not updating DynDNS correctly, so I wanted to use a simple cron job to do the same. Here is a simple BASH/Shell script to update DynDNS:

IP=$(curl -s icanhazip.com)
curl -v -k -u username:password “https://members.dyndns.org/nic/update?hostname=DNSHOSTNAME.dyndns.org&myip=$IP”

How to setup a remote syslog server in CentOS 6

I wanted to have a cisco device send it’s logs to a Centos box for troubleshooting. I just wanted to do a “tail -f” against the error logs. Seems that syslog is now rsyslog in Centos 6. To setup rsyslog to accept syslog logs from other devices, you need to:

1. uncomment out the following lines (not the description lines, the ones that start with “$”)

# Provides UDP syslog reception
$ModLoad imudp.so
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp.so
$InputTCPServerRun 514

2. Add a line or two like these below to say where you want the logs written:

:fromhost-ip,startswith,’192.168.1.’ /var/log/remote.log
& ~
:fromhost-ip,isequal,”192.168.1.33″ /var/log/servername.log
& ~

3. service restart rsyslogd

4. add a hole in iptables for 514 (UDP and TCP)

-A INPUT -m state –state NEW -m udp -p udp –dport 514 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 514 -j ACCEPT

5. service iptables restart

6. create a new logrotate.d config file in /etc/logrotate.d:

/var/log/remote.log
{
daily
rotate 5
missingok
notifempty
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

How the cloud failed me.

We host our Linux boxes on Rackspace’s Cloud Server platform. We pay extra per month to use their Redhat Linux images. In return we receive all our patches and updates through Rackspace’s RHN Satellite server. Our thinking was that, we could purchase a Redhat support contract, and  since we were running Redhat we would have OS/Application support if needed.

We were every happy with the service until the cloud failed me.

It all started when the new WordPress 3.2 required PHP 5.2.4 or higher. Redhat 5.5 only shipped with 5.1.x. I needed to update my Redhat VMs to 5.6 as Redhat 5.6 had PHP 5.3.x. BUT. Rackspace decided not to deploy 5.6. They said it is coming, but weeks later I still can’t access it.

They suggested I go to a non supported repo and install it from there. But that defeats the whole purpose of using Redhat on their VMs – I would not have a support path – Redhat would not support a package that was not in their repo (understandably).

I was forced to buy Redhat support contracts for my servers. Now, we are paying twice for updates, with a support contract and with Rackspace’s extra cost per VM for running Redhat.

We have all heard that “forced upgrades” is a downside of cloud services.

This is the opposite – their cloud service is holding me back.

My SugarCRM install proceedure for CentOS

We are evaluating CRM products at work, and I wanted to get an idea what SugarCRM looks like. Below are the steps I used to install Sugar CRM community edition. I already had LAMP up and running

Download sugarCRM: wget http://www.sugarforge.org/frs/download.php/7746/SugarCE-6.1.2.zip

Extract the zip and move to /var/www. Create a virtual host for it in /etc/http/conf.d/

Upgrade php to a 5.2.x version (I set the repo to disabled by default)

yum update –enablerepo c5-testing
service httpd restart

function SetFolderPerms {
find $1 -type d -exec chmod 775 {} \;
find $1 -type d -exec chown apache {} \;
find $1 -type f -exec chmod 664 {} \;
find $1 -type f -exec chown apache {} \;
}

SetFolderPerms /var/www/sugar/htdocs/config.php
SetFolderPerms /var/www/sugar/htdocs/custom
SetFolderPerms /var/www/sugar/htdocs/data/
SetFolderPerms /var/www/sugar/htdocs/cache
SetFolderPerms /var/www/sugar/htdocs/modules/

Visit the site you setup in the virtaul host and run through the wizard.

Very easy!