# yum install cracklib -y
# apt install libcrack2
$ cat | cracklib-check
password
password: it is based on a dictionary word
$ cat | cracklib-check
Xeir3oongex*
Xeir3oongex*: OK
This is really useful if we want to start firewalld via ssh. If we start firewalld without allowing ssh, we will be locked out from the machine.
The solution is, to use a command called firewall-offline-cmd. This tool acts similarly with firewal-cmd, except it works during the daemon is dead.
To avoid being locked out of a remotely accessed, we should first allow ssh in firewalld
$ sudo firewall-offline-cmd --add-service ssh
We are now safe to start firewalld
$ sudo systemctl start firewalld
Once started, we can make the rule permanent on firewalld restart
$ sudo firewall-cmd --add-service ssh --permanent
Make firewalld start automatically on every server boot
$ sudo systemctl enable firewalld
To choose which kernel version you want to boot into on next reboot, below are the steps
1. Check what kernel version is available
# grep ^menuentry /etc/grub.cfg
2. Choose which kernel that you want to boot from, remember that the list from the above command start from 0. Let's say we want to choose the second kernel
# grub2-set-default 1
3. Rebuild grub.cfg
# grub2-mkconfig -o /boot/grub2/grub.cfg
4. Reboot the server
# reboot
You server will reboot to the kernel version that you choose above.
Php-fpm is an advanced and highly efficient processor for php. In order for your php files to be viewable in a web browser, php-fpm needs to be coupled with a web server, such as nginx. In this tutorial we will show how to setup php-fpm and nginx is docker.
1. Create a directory for your files
$ sudo mkdir phpfpm
2. Create a network for the containers to use. This makes sure that we can use container's name in the configuration file.
$ docker network create php-network
3. Create nginx config file
$ cd phpfpm
$ cat > default.conf <<EOF
server {
listen 80;
# this path MUST be exactly as docker-compose.fpm.volumes,
# even if it doesn't exist in this dock.
root /complex/path/to/files;
location / {
try_files $uri /index.php$is_args$args;
}
location ~ ^/.+\.php(/|$) {
fastcgi_pass fpm:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
EOF
4. Create an index.php file with some random php code (we are using phpinfo() to make it easier)
$ cat > index.php <<EOF
<?php phpinfo(); ?>
EOF
5. Run a php-fpm container, in detached and intaractive mode, using php-network, and we mount /home/user/phpfpm to /var/www/html in container
$ docker run -dit --name fpm --network php-network -v /home/user/phpfpm:/var/www/html
6. Run an nginx container in detached and intaractive mode, using php-network, and we mount /home/user/phpfpm/default.conf to /etc/nginx/conf.d/default.conf in container
$ docker run -dit --name nginx --network php-network -v /home/user/phpfpm/default.conf:/etc/nginx/conf.d/default.conf -p 80:80 nginx
7. Open a browser, and browse to http://localhost, you should now be able to see the PHPinfo page.
Of course, there is an easier way to set this up using docker-compose. We will cover that in another post.
One of the basic concept of cybersecurity, is to hide as much information about your system from the public view. For apache2 (httpd), this is pretty easy to do.
1. First, open /etc/httpd/conf/httpd.conf
$ sudo vi /etc/httpd/conf/httpd.conf
2. Then, append below lines to the file
...
ServerTokens Prod
ServerSignature Off
$ sudo httpd -t
5. Restart httpd to activate the settings
$ sudo systemctl restart httpd
6. Finally, you can verify the visibility of the webserver's version number using curl or wget
$ curl --head http://www.mydomainname.com
...
Server: Apache
...
$ wget --server-response --spider http://www.mydomain.com...Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9...
$ curl --head http://www.mydomain.com...Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9...
When you connect your android phone to a linux box using usb cable, the storage of the phone will appear in your file manager (thanks to automount). It is easily accesible from there, but what if you want to access it via command line? Where is it located?
To know the location of the MTP mounted storage, you need to know your user id
$ id
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),114(lpadmin),134(sambashare)
From the above command, the user ID is 1000. The MTP mounted device can be accessed at /run/user/<user ID>/gvfs
$ ls /run/user/1000/gvfs/
'mtp:host=Android_Android_28f5d3440504'
Just go to the 'mtp:host=Android_Android_28f5d3440504' directory (the name might differ), and you will see your phone's storage.
I got this error in one of our server, when trying to restart nginx
# systemctl status nginx
Failed to get properties: Access denied
Does not make sense, I am a root user. After some searching, a few suggestions came.
The first suggestion was to restart systemctl daemon:
# systemctl daemon-reexec
That did not work for me. Another solution is to disable selinux temporarily, but this also did not work for me:
# setenforce 0
The last thing that I tried (that actually worked) was to sending sigterm to systemd, and it will restart by itself:
# kill -TERM 1
If you guys happened to encounter this sort of error, you can try all the above. Some might suit you better than the other.
Elinks is a text based web browser, and it is now available in powertools repository. Powertools repository is not enabled by default, thus elinks is not available to be installed just by using standard yum install command.
List all available repositories
$ sudo yum repolist --all
...
powertools
...
Install elinks while enabling powertools repository temporarily
$ sudo yum install --enablerepo=powertools elinks -y
...
Installed:
elinks-0.12-0.58.pre6.el8.x86_64 gpm-libs-1.20.7-15.el8.x86_64
Complete!