admin

Tighten SSL security: SSL certificate chain and SSLCipherSuite

Update SSLCipherSuite

Issue

Clicking the certificate info in chrome, you'll see a message:

"Your connection is encrypted using an obsolete cipher suite."

Solution

vi /etc/httpd/conf/extra/httpd-ssl.conf

Replace SSLCipherSuite with the following:

SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+AESGCM EECDH EDH+AESGCM EDH+aRSA HIGH !MEDIUM !LOW !aNULL !eNULL !LOW !RC4 !MD5 !EXP !PSK !SRP !DSS"

Restart Apache.

service httpd restart

Optional: Update ssl_cipher in directadmin.conf

vi /usr/local/directadmin/conf/directadmin.conf

Replace or add:

Tags: Server admin SSL DirectAdmin

How to install Apache Solr 5.x for use with Drupal

Here's the updated version on how-to install Apache Solr 5.x and get it running with Drupal (WITHOUT Apache Tomcat; as Solr 5.x doesn't support Tomcat anymore).

Install Java 1.8

yum install java-1.8.0-openjdk.x86_64
# or
aptitude install java8-jdk

Create a symlink to wherever your /etc/bashrc or ~/.bashrc has

export JAVA_HOME=/usr/local/jdk

set to.

  
Tags: apache apache solr Drupal Server admin

How to convert database from innodb to InnoDB in phpMyAdmin?

In phpMyAdmin, click the "SQL" tab and paste the following in there--changing your_database to the actual database you want to change.

SET @DATABASE_NAME = 'your_database';

SELECT  CONCAT('ALTER TABLE `', table_name, '` ENGINE=InnoDB;') AS sql_statements
FROM    information_schema.tables AS tb
WHERE   table_schema = @DATABASE_NAME
AND     `ENGINE` = 'innodb'
AND     `TABLE_TYPE` = 'BASE TABLE'
ORDER BY table_name DESC;

Or if that doesn't work, do the following under SSH (change your_database to your actual database name)

Tags: mysql Server admin

Optimized Apache 2.4 httpd.conf

Here is my optimized Apache 2.4.x httpd.conf:

Credits: gregrickaby/The-Perfect-Apache-Configuration: https://github.com/gregrickaby/The-Perfect-Apache-Configuration

NOTICE: Adjusted the <ifmodule filter_module=""> portion, to be compatible with Apache 2.4.

Before:

FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html

After:

Tags: apache Linux apache 2.4 admin

How to install GraphicsMagick with GMagick PHP extension

Let's install GraphicsMagick!

cd /usr/local/src
wget ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/GraphicsMagick-LATEST.tar.gz
tar xvfz GraphicsMagick-LATEST
cd GraphicsMagick-*
./configure --enable-shared
make
make install

Let's test it.

gm version 

If you get this error:

gm: error while loading shared libraries: libGraphicsMagick.so.3: cannot open shared object file: No such file or directory

 Do this to fix:

echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

Ok... Let's install GMagick PHP extension

Tags: Linux admin GraphicsMagick imagemagick

How to install a new drive in Linux larger than 2TB with proper alignment

Let's assume that we already have a primary physical drive in our system (HDD or SDD), and have added a second drive to our box, which we need to partition and mount automatically on boot.

Here's how to that:

Let's see what physical drives we have installed in our server:

ls /dev/sd*

Since this is our 2nd drive, you should see /dev/sdb.

Example:

/dev/sda  /dev/sda1  /dev/sda2  /dev/sda3  /dev/sdb

Let see the currently mounted drives and partition layout:

lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

Here's a full list of all available lsblk options:

Tags: Linux HDD ssd admin fdisk parted performance

How to fix Linux error "read-only file system"

Recently our /etc/fstab got screwed up preventing us from SSH-ing into the server after a reboot. So we were given KVM access to our server.

Once seting up Java to allow unsigned certificates--hint: under the Java Control Panel click the "Security" tab, and slide the "security level" to the bottom "Medium" . We were then greated with a message:

'give root password for maintenance or press ctrl+d to continue"

Come to find out CTRL-C and CTRL-V doesn't work, you have to type the pass by hand--this was very tedious since my root pass is extremely complex.

So once in I soon realized that the system was mounted as "read-only"; meaning that you couldn't make any changes to it; or in other words, completely useless at this state.

Tags: Linux admin fstab java KVM

Deny recursive DNS lookups in named (in newer or older versions of BIND)

For security reasons, it's recommended to disable recursive DNS lookups. Here is how:

Find out your named version

named -v

If your BIND version is at least 9.x then insert the following, between options { }:

        // Deny recursive lookups
        allow-query     { any; };
        allow-transfer  { none; };
        allow-recursion { localhost; };
        recursion yes;

So it looks like something like this:

Tags: named bind Linux admin

How to install CSF (ConfigServer Security & Firewall) with DirectAdmin or WHM

Block IPs with Brute Force Monitor in DirectAdmin using CSF

Source: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm

Regular install of CSF

cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
./install.directadmin.sh

Now login as Admin into directadmin or WHM, and click the link ConfigServer Security & Firewall

You'll probably want to add your WAN IP here--you can find out what it is here: http://www.ip-secrets.com/

Then add your WAN IP into Quick Allow column.

Tags: CSF firewall security Linux Server admin DirectAdmin

wget download all files from a directory with resume

Here is how you download all files from a directory using wget with automatic resume of partially downloaded files (in case your connection gets cut off)

wget -r -c --no-parent http://www.whateveraddress.com/downloads

Keep in mind this will only download files that it can read from that location.  If you need to wget a bunch of files from a directory you have SSH or FTP access to you first have to do the following inside that directory:

vi .htaccess

and paste in the following and save.

Options +Indexes

Now that directory should show all the files in it via a browser.

Tags: Linux admin

How to permanently raise ulimit 'open files' and MySQL 'open_files_limit'

The default ulimit (maximum) open files limit is: 1024--Which is very low, especially for a web server environment hosting multiple heavy database driven sites.

This ulimit 'open files' setting is also used by MySQL. MySQL automatically sets its open_files_limit to whatever the system's ulimit is set to--at default will be 1024.

NOTE: MySQL can NOT set it's open_files_limit to anything higher than what is specified under ulimit 'open files'--you can set it lower, but not above the 'open files' limit.

Anyhow...

This is how we raise the ulimit

To check the limits:


ulimit -a

You will see something like:

Tags: Linux admin mysql

MySQL dump all databases via mysqldump -- the proper way

Here's a command that properly dumps all databases, in case you wanted to restore a full backup.

For whatever reason, many sites are using improper characters ( ' –– ' , ' – ' ) to display this mysqldump command line--copy pasting will throw up an error stating something like:


mysqldump: Got error: 1049: Unknown database '??extended-insert' when selecting the database

Here is a sample of wrong characters, which appear just fine, but won't work:


mysqldump ––extended-insert ––all-databases ––add-drop-database ––disable-keys ––flush-privileges ––quick ––routines ––triggers > all-databases.sql

or


mysqldump –extended-insert –all-databases –add-drop-database –disable-keys –flush-privileges –quick –routines –triggers > /root/all-databases.sql

Tags: mysql linux server admin

Drupal .htaccess rewrite with 'www' but not for sub-domains

Say you have your Drupal's .htaccess set "To redirect all users to access the site WITH the 'www.' prefix", and you added a sub-domain, and it came out looking something like http://www.sub.domain.com. So, most people will NOT want the "www" added to the url in this case. So what do you do? Easy.

Use this instead:


# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} !^(subdomain1|subdomain2|subdomain3)\. [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

So what changed? We simply added this line:

Tags: Drupal Linux admin

How to get 3TB HDD to work with NVIDIA nForce motherboards

If you recently tried installing a 3TB Hard Drive on an NVIDIA nForce motherboard you'll notice that only about 1/3 of the drive is recognized by Windows. The fix is quite simple:

1. Download NVIDIA nForce Drivers 15.58 (64bit) , Download NVIDIA nForce Drivers 15.58 (32bit) or later

2. Install the NVIDIA NFORCE 15.58 drivers and reboot your system after the install is done.

3. You're done. Your PC should be able to see the entire 3TB drive (it should be around 2.72TB)

Tags: admin windows HDD

phpMyAdmin database export "Save as file" template

Whenever you do a database backup using phpMyAdmin, you are presented with a default file name structure for saves, usually like so:

__DB__

which basically gives you the name of the database you just backed up. Which is ok, however, most people would also like the date and time stamp included as well...

So...

This is how it's done... replace the above with :

__DB__-%F-%T

or for newer version of phpMyAdmin

@DATABASE@-%F-%T

__DB__ = name of database Example: my_database
%F = Same as "%Y-%m-%d" (year-month-day) Example: 2009-11-25
%T = time stamp . (24 hour format, hour_minute_second) Example: 11_07_31

which will save a file with the naming structure similar to:

my_database-2009-11-25-11_07_31.sql

You can easily use other date/time structure, to suit your personal preference.

Tags: Linux admin mysql