Category: Linux

  • Adding IP Range in CentOS 6

    To add an IP range in CentOS 6 server, create file

    vi /etc/sysconfig/network-scripts/ifcfg-eth0-range0
    

    Add

    IPADDR_START=67.198.150.171
    IPADDR_END=67.198.150.174
    CLONENUM_START=0
    

    Replace IP with your actual start and end IP.

    Restart network service with

    service network restart
    
  • gpg: failed to start the dirmngr

    When i add a key with apt-key command, i get error

    root@ip-172-31-47-128:~# apt-key adv –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    Executing: /tmp/apt-key-gpghome.0BP6Ro2t54/gpg.1.sh –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    gpg: failed to start the dirmngr ‘/usr/bin/dirmngr’: No such file or directory
    gpg: connecting dirmngr at ‘/tmp/apt-key-gpghome.0BP6Ro2t54/S.dirmngr’ failed: No such file or directory
    gpg: keyserver receive failed: No dirmngr
    root@ip-172-31-47-128:~#

    To fix this, run

    apt -y install dirmngr
    

    Once installed, apt-key command worked properly.

    root@ip-172-31-47-128:~# apt-key adv –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    Executing: /tmp/apt-key-gpghome.BLNQkuFGIQ/gpg.1.sh –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    gpg: key E1F958385BFE2B6E: public key “X2go Debian/Ubuntu Packaging ” imported
    gpg: Total number processed: 1
    gpg: imported: 1
    root@ip-172-31-47-128:~#

    See Install x2go server in Debian 9

  • Install Remote Desktop in Debian/Ubuntu

    To install and use Linux remote server as desktop, first install lite weight desktop environment like XFCE on your server.

    apt update
    apt install xfce4 -y
    

    Install XRDP

    apt install xrdp
    

    You need to create a user to be used for desktop.

    useradd -m -s /bin/bash desktop
    

    Set password for the user

    passwd desktop
    

    Now login as this user and create .xsession file.

    su - desktop
    echo xfce4-session >~/.xsession
    

    Exit out of this user

    exit
    

    Restart XRDP

    service xrdp restart
    

    Now you will be able to connect to this server with any RDP client like you connect to Windows Server (Windows Remote Desktop).

  • Security

    ZAP Attack Proxy – open source software to detect vulnerability.
    Disable PHP insecure functions with disable_functions
    Find IP with Most Access from Apache Log
    Monitor file changes in your Website
    inotifywait
    Stop xmlrpc.php attack on Cpanel Server
    Stop SSH bruteforce with endlessh
    https://suricata.io

    Check for hacker files

    find ./ -name '*.php' -exec grep 'Spy Shell' {} \; -print
    find ./ -name '*.php' -exec grep 'system(' {} \; -print
    find ./ -name '*.php' -exec grep 'exec(' {} \; -print
    find ./ -name '*.php' -exec grep 'passthru(' {} \; -print
    

    Disable PHP Files on Upload folder

    
    deny from all
    
    
  • Disable PHP insecure functions with disable_functions

    When hacking vulnerable web sites, hackers use PHP functions that allow program execution or disk access to get access to server.

    Some most commonly used functions are exec, shell_exec and system. These commands allow hackers to execute program as web server user. Most applications may not need these functions, so these functions can be safely disabled with out affecting functionality of your web site.

    To disable insecure functions, create a file php.ini with following content

    disable_functions = "exec,passthru,shell_exec,system,proc_open,popen,parse_ini_file,show_source"
    allow_url_fopen = Off
    allow_url_include = Off
    

    If you have dedicated server or VPS, you can disable these functions server wide by editing php.ini of your server.

    Once change is made, make sure it is working properly by checking phpinfo page.

  • Install MongoDB 4 on CentOS 7

    Create file

    vi /etc/yum.repos.d/mongodb-org-4.0.repo
    

    Add

    [mongodb-org-4.0]
    name=MongoDB Repository
    baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/testing/x86_64/
    gpgcheck=1
    enabled=1
    gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc
    

    Install MongoDB with

    yum install -y mongodb-org
    

    Set MongoDB to start on boot.

    chkconfig mongod on
    

    Start MongoDB

    service mongod start
    
  • Enable Gzip in Amazon Linux

    To verify Apache module is loaded, run

    [root@ip-172-31-29-220 ~]# apachectl -M | grep deflate
     deflate_module (shared)
    [root@ip-172-31-29-220 ~]# 
    

    Create file

    vi /etc/httpd/conf.d/gzip.conf
    

    Add following content

    
      # Restrict compression to these MIME types
      AddOutputFilterByType DEFLATE text/plain
      AddOutputFilterByType DEFLATE text/html
      AddOutputFilterByType DEFLATE application/xhtml+xml
      AddOutputFilterByType DEFLATE text/xml
      AddOutputFilterByType DEFLATE application/xml
      AddOutputFilterByType DEFLATE application/xml+rss
      AddOutputFilterByType DEFLATE application/x-javascript
      AddOutputFilterByType DEFLATE text/javascript
      AddOutputFilterByType DEFLATE text/css
      AddOutputFilterByType DEFLATE image/png
      AddOutputFilterByType DEFLATE image/gif
      AddOutputFilterByType DEFLATE image/jpeg
    
      # Level of compression (Highest 9 - Lowest 1)
      DeflateCompressionLevel 9
    
      # Netscape 4.x has some problems.
      BrowserMatch ^Mozilla/4 gzip-only-text/html
    
      # Netscape 4.06-4.08 have some more problems
      BrowserMatch ^Mozilla/4\.0[678] no-gzip
    
      # MSIE masquerades as Netscape, but it is fine
      BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    
      
        # Make sure proxies don't deliver the wrong content
        Header append Vary User-Agent env=!dont-vary
      
    
    

    Restart Apache with

    service httpd restart
    

    To verify gzip is working, run

    curl -I -H 'Accept-Encoding: gzip,deflate' http://YOUR-SITE-URL/ 2>/dev/null | grep gzip
    

    You will see something like

    NOTE: gzip compression only works if you have a reasonably large file. If your file is very small, then gzip won’t do anything.

    See gzip

  • Install Google Chrome in Ubuntu

    To install Google Chrome Browser in Ubuntu, run

    wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
    dpkg -i google-chrome-stable_current_amd64.deb
    apt install -f
    

    Google Chrome

  • Download a site using SFTP

    To download all content of a web site using SFTP, use

    lftp sftp://USERNAME@IP_ADDR:22 -e 'mirror --verbose --use-pget-n=8 -c /remote/path/ /local/path/'

    You may encounter lftp Fatal error: Host key verification failed error if you have connected to this SFTP server before. In such case, just login to sevrer using SSH, this will add the key to your known_hosts file.

    In this example, i am downloading all files from SFTP server. I used . for remote path as i need everything on FTP home folder downloaded.

    SFTP download lftp

    See lftp

  • Disable Signup Notification in vShare Youtube Clone

    vShare youtube clone script allow you to start your own video sharing web site. You can get the script from

    https://www.vshare.in

    To disable Signup notification for admin, run following SQL.

    update sconfig set svalue="0" where soption="notify_signup";
    

    See vShare Youtube Clone Script

  • wget

    Mirroring a site with wget
    wget print content to screen
    wget force IPv4/6 download

    Download Multiple Files

    To download multiple files from FTP server, run

    wget ftp://backup2.serverok.in/backup1/*.tar.gz --ftp-user=USER --ftp-password=PASSWORD

    Download all files in a folder

    wget -r -l1 --no-parent http://cloud.serverok.in/public/

    Download Entire Website

    wget \
     --recursive \
     --no-clobber \
     --page-requisites \
     --html-extension \
     --convert-links \
     --restrict-file-names=windows \
     --domains example.com \
     --no-parent \
         www.example.com

    Or

    wget --mirror --convert-links --adjust-extension --page-requisites --no-parent https://domain.com/

    Download with Limit Rate

    wget -c --limit-rate=60k http://dn.serverok.in/1.mkv

    This limits the download rate to 60.0KB/s

    Back to Linux Commands