Category: Linux

  • gpg: failed to start the dirmngr

    When i add a key with apt-key command, i get error

    root@ip-172-31-47-128:~# apt-key adv –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    Executing: /tmp/apt-key-gpghome.0BP6Ro2t54/gpg.1.sh –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    gpg: failed to start the dirmngr ‘/usr/bin/dirmngr’: No such file or directory
    gpg: connecting dirmngr at ‘/tmp/apt-key-gpghome.0BP6Ro2t54/S.dirmngr’ failed: No such file or directory
    gpg: keyserver receive failed: No dirmngr
    root@ip-172-31-47-128:~#

    To fix this, run

    apt -y install dirmngr

    Once installed, apt-key command worked properly.

    root@ip-172-31-47-128:~# apt-key adv –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    Executing: /tmp/apt-key-gpghome.BLNQkuFGIQ/gpg.1.sh –recv-keys –keyserver keys.gnupg.net E1F958385BFE2B6E
    gpg: key E1F958385BFE2B6E: public key “X2go Debian/Ubuntu Packaging ” imported
    gpg: Total number processed: 1
    gpg: imported: 1
    root@ip-172-31-47-128:~#

    See Install x2go server in Debian 9

  • Install Remote Desktop in Debian/Ubuntu

    To install and use Linux remote server as desktop, first install lite weight desktop environment like XFCE on your server.

    apt update
apt install xfce4 -y

    Install XRDP

    apt install xrdp

    You need to create a user to be used for desktop.

    useradd -m -s /bin/bash desktop

    Set password for the user

    passwd desktop

    Now login as this user and create .xsession file.

    su - desktop
echo xfce4-session >~/.xsession

    Exit out of this user 

    exit

    Restart XRDP

    service xrdp restart

    Now you will be able to connect to this server with any RDP client like you connect to Windows Server (Windows Remote Desktop).

  • Desktop

  • Security

    ZAP Attack Proxy – open source software to detect vulnerability.
    Disable PHP insecure functions with disable_functions
    Find IP with Most Access from Apache Log
    Monitor file changes in your Website
    inotifywait
    Stop xmlrpc.php attack on Cpanel Server
    Stop SSH bruteforce with endlessh
    https://suricata.io

    Check for hacker files

    find ./ -name '*.php' -exec grep 'Spy Shell' {} \; -print
find ./ -name '*.php' -exec grep 'system(' {} \; -print
find ./ -name '*.php' -exec grep 'exec(' {} \; -print
find ./ -name '*.php' -exec grep 'passthru(' {} \; -print

    Disable PHP Files on Upload folder

    
deny from all

  • Disable PHP insecure functions with disable_functions

    When hacking vulnerable web sites, hackers use PHP functions that allow program execution or disk access to get access to server.

    Some most commonly used functions are exec, shell_exec and system. These commands allow hackers to execute program as web server user. Most applications may not need these functions, so these functions can be safely disabled with out affecting functionality of your web site.

    To disable insecure functions, create a file php.ini with following content

    disable_functions = "exec,passthru,shell_exec,system,proc_open,popen,parse_ini_file,show_source"
allow_url_fopen = Off
allow_url_include = Off

    If you have dedicated server or VPS, you can disable these functions server wide by editing php.ini of your server.

    Once change is made, make sure it is working properly by checking phpinfo page.

  • Install MongoDB 4 on CentOS 7

    Create file

    vi /etc/yum.repos.d/mongodb-org-4.0.repo

    Add 

    [mongodb-org-4.0]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/testing/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-4.0.asc

    Install MongoDB with

    yum install -y mongodb-org

    Set MongoDB to start on boot.

    chkconfig mongod on

    Start MongoDB

    service mongod start

  • Enable Gzip in Amazon Linux

    To verify Apache module is loaded, run 

    [root@ip-172-31-29-220 ~]# apachectl -M | grep deflate
 deflate_module (shared)
[root@ip-172-31-29-220 ~]#

    Create file

    vi /etc/httpd/conf.d/gzip.conf

    Add following content

    
  # Restrict compression to these MIME types
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xml+rss
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE image/png
  AddOutputFilterByType DEFLATE image/gif
  AddOutputFilterByType DEFLATE image/jpeg

  # Level of compression (Highest 9 - Lowest 1)
  DeflateCompressionLevel 9

  # Netscape 4.x has some problems.
  BrowserMatch ^Mozilla/4 gzip-only-text/html

  # Netscape 4.06-4.08 have some more problems
  BrowserMatch ^Mozilla/4\.0[678] no-gzip

  # MSIE masquerades as Netscape, but it is fine
  BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

  
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary

    Restart Apache with

    service httpd restart

    To verify gzip is working, run

    curl -I -H 'Accept-Encoding: gzip,deflate' http://YOUR-SITE-URL/ 2>/dev/null | grep gzip

    You will see something like

    NOTE: gzip compression only works if you have a reasonably large file. If your file is very small, then gzip won’t do anything.

    See gzip

  • Install Google Chrome in Ubuntu

    To install Google Chrome Browser in Ubuntu, run

    wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
dpkg -i google-chrome-stable_current_amd64.deb
apt install -f

    Google Chrome

  • Download a site using SFTP

    To download all content of a web site using SFTP, use

    lftp sftp://USERNAME@IP_ADDR:22 -e 'mirror --verbose --use-pget-n=8 -c /remote/path/ /local/path/'

    You may encounter lftp Fatal error: Host key verification failed error if you have connected to this SFTP server before. In such case, just login to sevrer using SSH, this will add the key to your known_hosts file.

    In this example, i am downloading all files from SFTP server. I used . for remote path as i need everything on FTP home folder downloaded.

    SFTP download lftp

    See lftp

  • Disable Signup Notification in vShare Youtube Clone

    vShare youtube clone script allow you to start your own video sharing web site. You can get the script from

    https://www.vshare.in

    To disable Signup notification for admin, run following SQL.

    update sconfig set svalue="0" where soption="notify_signup";

    See vShare Youtube Clone Script

  • wget

    Mirroring a site with wget
    wget print content to screen
    wget force IPv4/6 download

    Download Multiple Files

    To download multiple files from FTP server, run

    wget ftp://backup2.serverok.in/backup1/*.tar.gz --ftp-user=USER --ftp-password=PASSWORD

    Download all files in a folder

    wget -r -l1 --no-parent http://cloud.serverok.in/public/

    Download Entire Website

    wget \
 --recursive \
 --no-clobber \
 --page-requisites \
 --html-extension \
 --convert-links \
 --restrict-file-names=windows \
 --domains example.com \
 --no-parent \
     www.example.com

    Or

    wget --mirror --convert-links --adjust-extension --page-requisites --no-parent https://domain.com/

    Download with Limit Rate

    wget -c --limit-rate=60k http://dn.serverok.in/1.mkv

    This limits the download rate to 60.0KB/s

    Back to Linux Commands

  • Mirroring a site with wget

    To mirror a web site for local viewing, you can use

    wget --mirror --convert-links --html-extension --wait=2 -o log http://www.domain.com

    –convert-links = After downloading, convert the links suitable for local viewing.