Skip to content
Apr 25 14

Stunnel

by admin

stunnel is a SSL wrapper that allows you to make non-SSL aware daemons to have SSL. Here is an example on how to install stunnel on Ubuntu and write the config files for both server and client side.

Server:

1. Install stunnel

$ apt-get install stunnel4

2. Create file /etc/stunnel/test.conf

cert = /etc/stunnel/test.pem
debug = 7
output = /var/log/stunnel4/stunnel-test.log
pid = /run/stunnel-test.pid
foreground = yes

[test]
accept  = 3308
connect = 127.0.0.1:3306
TIMEOUTclose = 0

Client: ( completely different machine )

1. Install stunnel

$ apt-get install stunnel4

2. Create file /etc/stunnel/test.conf

debug = 7
output = /var/log/stunnel4/stunnel-test.log
pid = /run/stunnel-test.pid
foreground = yes
client = yes

[test]
accept  = 127.0.0.1:3307
connect = <stunnel server>:3308
TIMEOUTclose = 0

Valid .pem file ( certificate ): ( refer to SSL Certificates ( via OpenSSL ) )

-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
 
Apr 18 14

SSL Certificates ( via OpenSSL )

by admin

1. Generate Your Private Key:

$ openssl genrsa -des3 -out server.key 2048

2. Remove the PassPhrase From Your Private Key:

$ cp server.key server.key.secure
$ openssl rsa -in server.key.secure -out server.key

3. Certificate Signing Request (CSR):

$ openssl req -new -key server.key -out server.csr

4. Sign Your Certificate Signing Request ( Self-sign ):

$ openssl x509 -req -days 365 -in server.csr -signkey \
        server.key -out server.crt

-or-

4. Sign Your Certificate using a Certificate Authority:
https://www.rapidsslonline.com/ – $17.95/year
( or your choice )

5. Install Your Certificate and Private Key
Apache:

SSLProtocol           all
SSLCertificateFile    /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
SSLCACertificateFile  /etc/apache2/ssl/intermediate.crt

Exim:

tls_advertise_hosts   = *
tls_certificate       = /opt/exim/ssl/server.crt
tls_privatekey        = /opt/exim/ssl/server.key

Add intermediate.crt to end of server.crt

Dec 7 13

TmpFs ( Temporary File Storage )

by admin

tmpfs    /var/spool/squid    tmpfs    noatime,size=256m    0    0
	tmpfs			-
	/path/to/folder/	-
	tmpfs			-
	noatime,size=256m	-
	0			-
	0			-

Nov 16 13

Securing /run/shm

by admin


As you maybe aware /run/shm allows executables, im going to show you how to secure /run/shm by adding noexec.

First when you run ‘mount’ you are going to get an output like so:

$ mount
tmpfs on /run      type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none  on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none  on /run/shm  type tmpfs (rw,nosuid,nodev)

Notice the /run/shm only has rw,nosuid,nodev

So, where is noexec?

Linux distro like ubuntu( maybe more ) now uses /lib/init/fstab for default settings:

# /lib/init/fstab: static file system information.
#
# These are the filesystems that are always mounted on boot, you can
# override any of these by copying the appropriate line from this file into
# /etc/fstab and tweaking it as you see fit.  See fstab(5).
#
# <file system> <mount point>             <type>          <options>                    <dump> <pass>
...
none            /run                      tmpfs           noexec,nosuid,size=10%,mode=0755  0 0
none            /run/lock                 tmpfs           nodev,noexec,nosuid,size=5242880  0 0
none            /run/shm                  tmpfs           nosuid,nodev                      0 0

Do not edit /lib/init/fstab

We now goto /etc/fstab and add the following line:

none                    /run/shm      tmpfs    noexec,nosuid,nodev                    0 0

Execute:

$ mount -o remount /run/shm

Now:

$ mount
tmpfs on /run      type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none  on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none  on /run/shm  type tmpfs (rw,noexec,nosuid,nodev)

You should be now set.

Jul 4 13

Exim

by admin


Test how exim will route a given address:

# exim -bt alias@example.com

List whats in the queue:

# exiqgrep

Remove a message from the queue:

# exim -Mrm <message-id> [ <message-id> ... ]

Freeze a message:

# exim -Mf <message-id> [ <message-id> ... ]

Thaw a message:

# exim -Mt <message-id> [ <message-id> ... ]

Feb 24 13

Install Python

by admin

Python:

# apt-get install python

Python ( w/ MySQL support )

# apt-get install python-mysqldb

Python ( w/ Sqlite support )

# apt-get install python-sqlite
Feb 24 13

Install PHP

by admin

PHP:

# apt-get install php5 php5-cgi php5-cli

PHP ( w/ MySQL support )

# apt-get install php5-mysql

PHP ( w/ Sqlite support )

# apt-get install php5-sqlite
Feb 24 13

Install Perl

by admin

Perl ( Usually debian based has perl already installed, but here is the command ):

# apt-get install perl

Perl ( w/ MySQL support )

# apt-get install libdbd-mysql-perl

Perl ( w/ PHP Serialization support )

# apt-get install libphp-serialization-perl
Feb 24 13

Install Apache

by admin

Apache:

# apt-get install apache2

When you install Apache it should start up automatically.

Here are the arguments for the init script:

Start Apache:

# /etc/init.d/apache2 start

Stop Apache:

# /etc/init.d/apache2 stop

Restart Apache:

# /etc/init.d/apache2 restart

Force Reload Apache:

# /etc/init.d/apache2 force-reload

Start Apache htcacheclean:

# /etc/init.d/apache2 start-htcacheclean

Stop Apache htcacheclean:

# /etc/init.d/apache2 stop-htcacheclean

Apache Status:

# /etc/init.d/apache2 status
Apache is running (pid 1611).
Feb 24 13

OpenSSL s_client

by admin

Here is a OpenSSL utility called s_client. Allows you to test SSL/TLS connections.

Testing HTTPS

$ openssl s_client -connect remote:443

Testing SMTP/TLS ( Ports: 25, 587 )

$ openssl s_client -connect remote:25 -starttls smtp

Testing SMTP/TLS ( Ports: 465 )

$ openssl s_client -connect remote:465

Testing POP3/SSL ( Ports: 995 )

$ openssl s_client -connect remote:995

Testing IMAP/SSL ( Ports: 993 )

$ openssl s_client -connect remote:993

Downloads:
Linux (sources) (binaries are provided with your distro)
Windows (binaries)

Feb 24 13

Disposable Email

by admin

Here is a site which allows you to have a disposable email:
Disposable Email – spammail.me

Has 2 Day Retention, Choose from 4 domains

Feb 24 13

Convert Pix

by admin

Here is a cool site which allows you to convert images into different formats
Convert Images – convertpix.com

New features:
2013-02: Resize picture

Read Formats:
art, arw, avi, cals, cgm, cr2, crw, cur, cut, dcm, dcr, djvu, dng, dot, emf, fig, gplt, hpgl, ico, inline, man, mat, mrw, nef, orf, pef, pfa, pfb, pix, pwp, rad, raf, rla, rle, sct, sfw, sid, mrsid, tim, ttf, wmf, wpg, xcf, x3f, aai, avs, bmp, bmp2, bmp3, cin, cmyk, cmyka, dcx, dib, dpx, epdf, epi, eps, epsf, epsi, ept, exr, fax, fits, fpx, gif, gray, hdr, hrz, html, jbig, jng, jp2, jpc, jpeg, miff, mono, mng, m2v, mpeg, mpc, mpr, msl, mtv, mvg, otb, p7, palm, clipboard, pbm, pcd, pcds, pcx, pdb, pdf, pfm, pgm, picon, pict, png, png8, png00, png24, png32, png48, png64, pnm, ppm, ps, ps2, ps3, psb, psd, ptif, rgb, rgba, sgi, sun, svg, tga, tiff, txt, uyvy, vicar, viff, wbmp, webp, x, xbm, xpm, xwd, ycbcr, ycbcra, yuv

Write Formats:
aai, avs, bmp, bmp2, bmp3, cin, cmyk, cmyka, dcx, dib, dpx, epdf, epi, eps, epsf, epsi, ept, exr, fax, fits, fpx, gif, gray, hdr, hrz, html, jbig, jng, jp2, jpc, jpeg, miff, mono, mng, m2v, mpeg, mpc, mpr, msl, mtv, mvg, otb, p7, palm, clipboard, pbm, pcd, pcds, pcx, pdb, pdf, pfm, pgm, picon, pict, png, png8, png00, png24, png32, png48, png64, pnm, ppm, ps, ps2, ps3, psb, psd, ptif, rgb, rgba, sgi, sun, svg, tga, tiff, txt, uyvy, vicar, viff, wbmp, webp, x, xbm, xpm, xwd, ycbcr, ycbcra, yuv, eps2, eps3, info, pam, pcl, shtml, uil

Feb 24 13

LAMP ( Linux Apache, MySQL, PHP/Perl/Python )

by admin

Apache:

# apt-get install apache2

MySQL:

# apt-get install mysql-server mysql-client

PHP: (read more)

# apt-get install php5 libapache2-mod-php5

Perl: (read more)

# apt-get install perl

Python: (read more)

# apt-get install python