Category Archives: Commands

Auto Added by WPeMatico

Be Careful with LetsEncrypt!

 

I must say, like a lot of people I love the idea of a free SSL Certificate.  So I thought this would be great for my site.  So I downloaded the LetsEncrypt package on to an Ubuntu 15.10 box.  The server was running Apache2, and was pretty much stock.  When I applied the cert to the site, it was super easy.  I was very impressed with the ‘–apache’ option.  I then updated my URLs in WordPress to HTTPS.  That’s it I was up and running in a few min.  I was pretty happy at this point.

Then, I realized it broke all of the other services I had on the machine that were public facing.  I had several.  Even ones with their own certs were breaking.  So I decided to remove it…. After removing it from Apache completely I noticed an issue.  All of my users that had been to the site; were getting redirected still.  Somehow it is keeping the redirct with the cert/data that is installed when the cert is installed from visiting the site.

Long story short, I had many people that thought my site was down.  I even moved servers; and it still happened. I tried clearing browser cache, DNS Cache on my MAC, from another IP. Finally after a reinstall (probably not needed, but quicker); I was able to actually load my site without the redirect.  I am sure there is something here I am not seeing; but to be honest I didn’t feel like spending all my time dealing with browser settings.

If anyone would like to let me know how they get around this I would like to know.

I hope this helps those who are thinking of trying out LetsEncrypt.  I am not saying its a bad product; or idea.  I love the install and the idea of it.  However, the practical implementation is not there yet.  For those reading this keep in mind that it is still in Beta as of this article.  So this might eventually go away.

P.S. – To those on the LetsEncrypt project, I appreciate all the work; and I hope you take this criticism positively. A good uninstall path is needed before I think this will go mainstream on monolithic boxes.  Maybe its ok with a 12 factor applications.

Sincerely,

Matthew Curry

NAOMI Updated Pics

Here is the latest picture I have of the ‘Semi-Portable’ version of NAOMI.

This includes the following:

  • 30AH Battery @ 2.2a (tested)
    • 35AH LiON Cells “Quick Drain”
  • Touch Screen 7″
    • Mounted Externally in own case
      • Not Permanent, built for bench
  • RPI2
  • 1TB USB 3.0 Hard Drive
  • Bluetooth Dongle
    • Not Shown
  • Powered USB Hub
    • Replaced/Rebuilt for one with switched ports
  • Logitech C170 USB Camera/Mic

TCPDUMP with Date for Wireshark

Just another handy snippet:

It will date the output, and also put it in a handy pcap for Wireshark.

tcpdump -i eth1 -s0 -v -w /tmp/capture_`date +%d_%m_%Y__%H_%I_%S`.pcap

*Note: Should work on all Linux distros (make sure to have the right network interface selected, Ex: eth1); it might have to be slightly modified for Mac. Windows can go DIAF.

 

Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.

This is just a snippet I have used before to identify some malicious code on web servers.  This will not work on everything; but it will give you a way to find suspect files.  It is easy to cron in a script with others to make a nice daily report if you have those concerns.

#!/bin/bash
# Malware Search Script
# 11/1/15 – Matthew D. Curry
# Matt@MattCurry.com

echo “Search entire server for Q4 2015 obfuscated PHP malware of unknown origin.”

find / -name *.php -exec grep -Hn .1.=…….0.=…….3.=…….2.=…….5.= {} ;

 

Hope this helps, enjoy.

Remove Spaces (or any character) from File Names in Linux

This is actually a pretty common thing to run into in a Linux file system.  It is especially prevalent in the files that are moved from another operating system (Usually Windows).  So if you get files that need to have a space or a character removed, the below snipped is a very simple, and handy way to fix this issue.

└─(11:26:40)-(~/Example)->ls
file 1.txt
file – 2.txt

So, from here we want to rename the file “file 1.txt” to “file_1.txt”.  This would be done as follows:

rename ‘s/ /_/g’ file 1.txt

This will remove any spaces in the file-name listed.  If you want to do all the files in a directory:

rename ‘s/ /_/g’ *

Here is an example output if we run it on all the files in the directory (as seen above):

└─(11:33:59)-(~/Example)->ls
file_1.txt
file_-_2.txt

 

Note:  If you are new to Linux; and you haven’t heard of the “sed” command, that is the syntax used in the command.  If you get comfortable with this, then you can easily learn sed, which is a great tool to have on the command line.

Want to use DNF? What to expect…

DNF actually DOES stand for something… Not sure where that started.

DNF stands for Dandified yum

DNF started showing up in Fedora 18, and Fedora 20 was the first Linux distro that welcomed users to utilize  DNF in place of YUM.

The technical challenges of DNF are that there is little or no support for features:

  • Debug
  • Verbose output
  • Enable Repository
  • Exclude packages during install
  • No effect of –skip-broken switch
  • The command resolvedep unavailable
  • The option skip_if_unavailable is ON by default
  • Dependency resolving process is not visible in Command Line
  • Parallel downloads in future release
  • Undo History
  • Delta RPM
  • Bash completion
  • Auto-remove
  • many others…

 

In short, if you drink the cool-aid then you should run this in a lab only.  I know people that try to run this stuff in production.  You are just asking for a serious problem. Other than that, I hope it gets there, DNF is just too new.

The Nightmare of Azkaban with Hive (Hadoop)

I have been working on a deployment of Azkaban for about a week now; and getting the server up and running was easy.  However I have had many major issues with Azkaban since day one.  I feel like sharing this could help someone else if they decide to use it.

Pros:

  • It has dependency flows that are easy to use.
  • ACLs
  • Pretty Graphs
  • Scheduling (Kinda its purpose)
  • Good API

Cons:

  • Hive/Pig and Possibly other Jobtypes simply do not work.
    • After many hours of searching I found there is a bug in the jobtypes plugin, and it has not been fixed.
      • You must completely recompile with the newer version to have these job types work.
    • The Newest version of Azkaban is no where close to the version they have on their site.
      • This also is not compiled, you will have to do it manually.
    • The Documentation is full of errors, bad links, and omissions (at best).
      • Not to mention it is all for 2.5, when 3.x is out.
      • SSL Keystore Doc Links are all bad (major setup step).
    • No Packages for YUM/APT/ZYPPER/etc
      • I would have thought someone would have done this by now
        • I created some using FPM
    • No INIT script built. (Azkaban Init Script)

So, in closing as you can see the project has good intentions but that’s about it.  Its not ready for prime time, and they really need to get their stuff together.  If it were cleaned up and recompiled, and packaged.  It would probably be an OK product. However, the lack of organization and communication will be what prevent me from recommending this for any of my personal customers going forward.  I hope this helps anyone considering this product.

 

Sincerely,
Matthew Curry