Category Archives: Linux

Linux

Linux – Block SSH and FTP Access to Specific IP and Network Range in Linux

I’m not sure why but someone in China must think my Linux server contains massive secrets and sometimes even when using fail2ban it seems to be bogged down by attempts to login as root to my SSH by brute force attack which leaves me scratching my head as to if anyone really allows root access to SSH.

Anyhow, the goal is to just reject these jokers at a transport level on the firewall.

The article on how to do this is here.

The relevant commands are:

firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -m tcp --source 192.168.1.100/24 -p tcp --dport 22 -j REJECT
firewall-cmd --reload
Linux

Linux – Open Established connections

When you need to see what/who is connected to the server use this:
Point in time:
netstat -nap | grep EST
Ongoing:
watch ‘netstat -nap | grep EST’

Linux

A Rather Pleasant Experience

So my home Linux server has been running for about half a year without a reboot on FC19 and being a glutton for punishment I decided to give fedup a try again. This time I’m happy to say that it was an enjoyable experience.

read more »

Linux

Online File Storage and Management

I’ve been looking for some time trying to find a nice and easy file management server I could host that would give me the same abilities as a ‘Drop Box’ or ‘Google Drive’.  Finally stumbled on an open source server that does just that, it’s called Pydio and installs on a standard LAMP server and gives you that capability.  So far I’m really impressed, it has the drag and drop features that you’ve come to expect and does a heck of a job.

Linux

fedup

So I finally got around to looking at Fedora’s page and realized that once again it’s time for an upgrade.  This time (moving from 17 to 18) there is a new utility called fedup (Fedora Update) that streamlines the transition from one version to another.  The documentation can be found here and so far it’s doing a bang up job.

Linux

Installing Fedora Core 16 from USB

So as I’ve said we’ve been replacing all the computers here at work and that’s lead to a plethora of spare computers, I mean it’s to the point of overflow as even I am looking at them all wondering what the hell to do with them all.

So I was on Staples site the other day and found the coolest thing, it’s a hot swap bay that you can use to read all the data on those 40 gig drives that are multiplying around here like Tribbles.  Then it occurred to me that I could use it to format each of the half dozen 40 gig drives with a different OS.  Whoo Hoo we have achieved nerdvana!!!  A different OS every week and just label the drive with what’s on it.  True greatness.  In any case FC16 is going to be the first and here is how you make an installation USB for it from the good folks over at fedoraproject.org:

  1. Download the LiveUSB Creator program for Windows from http://fedorahosted.org/liveusb-creator.
  2. Either: click the Browse button under the Use existing LiveCD label, browse to the location where you previously downloaded a Fedora Live ISO file, and select that file.
    select a Fedora Live ISO file from the drop-down menu that LiveUSB Creator presents under the Download Fedora label. Note that image files are large and that it is probably impractical to use LiveUSB Creator to download an image file if you do not have a broadband connection to the Internet.
  3. Click Create Live USB.

     

     

     

Linux

MediaTomb Media Server

I bought a new 4 bedroom house that has 2 living room back in September and I’m just now getting around to furnishing it.  The one thing I got was a new Toshiba TV.  I noticed that you could plug a USB flash drive into it and so I put one in and launch the media player on the TV and was shocked to see my tablet on there.  After some investigating these new TV’s are UPnP aware and have a media player that can play from a UPnP server.  Turns out it’s incredibly easy to do this on FC16 using MediaTomb as the server.  Let me relay the steps to doing this.

  1. In this case I’m using FC16 stock install with MySQL installed, let me point out it’s the default MySQL install, see the post on starting MySQL to hear about that nightmare, this is the reason that I had to do that.
  2. Instal MediaTomb by typing ‘yum install mediatomb’.  This will also create the mediatomb user in the system that the service will use to run as (although not the home directory which is a great place to house the media, more later on this point).
  3. You’ll have to create a new MySQL database, this should be second nature but if not here is a link to the documentation on it.
  4. Now you’ll have to edit the mediatomb.conf which is located /etc/mediatomb.conf directory.  It’s nice and easy as the only thing you really need to do is bind it to an interface with the MT_INTERFACE =”[interface]”.  To find what you need to put in here, do an ifconfig and put in whatever is the active network connection is.  Oh make note of the MT_PORT number while you are here.
  5. Now we are ready to start the service, done by typing ‘service mediatomb start’ into BASH.  By extension stop, restart and status work too.
  6. You are up and running and from the server type in the following in for the URL:  http://localhost:[MT_PORT] where the port is what you made note of in the mediatomb.conf in step 4.
  7. You can now use the UI (user interface) to add directories to the server.

I would be derelict in my reporting without telling you the last steps but at this point the server is up and running so here is the rest of the story.

You’ll need to get the media over there.  I’d recommend FTP (see related post).  And you’ll need a directory to store this media.  What I did was create a /home/mediatomb and then uploaded the media via FTP.  Just chown the media to mediatomb and place it in this directory and then using the user interface specify /home/mediatomb as the directory to check, do so recrusive and I’m using the timed (I’ve heard bad things about Inotify and MP3’s set to full and recursive.  I didn’t include hidden anything and left the scan interval at 30 minutes (1800 seconds).

That’s it, you’re done.  I put about 110Gb of music into the directory and it took about 3 or 4 hours to move, and it’s now in the process of scanning them in no apparent order.  I’m not sure how long it will take but will try to update if I can figure it out.  But if you’re anything like me it’s time to go make a drink and I’ll check back on it tomorrow when I can almost guarantee that it’ll be done:)  Okay here is the update, takes about as long as it does to transfer as it does to index.

Linux

FTP on Fedora Core 16

As you know one of the important reasons that you have a Linux server is so you can use it to store and transfer files.  File Transfer Protocol is your friend in this case.  The basic flavor you get when you install FTP on FC16 is VSFTP or (very secure file transfer protocol).  Now my first glance opinion on this wasn’t favorable, this primarily stems from the fact that there is no webmin module that can control this server and  I have no idea how to use it.  Turns out I was wrong and the damn thing is so simple to use even I was shocked when I figured it out.  Here is a quick list of commands for working with the service.

Use the chkconfig command to start the service at boot:  chkcongif vsftpd on

Starting, stopping and restarting like so:
service vsftpd start
service vsftpd stop
service vsftpd restart

Viewing the status:
service vsftpd status
pgrep vsftpd (this will give you the process Id’s)

I’m going to give a shout out to http://www.linuxhomenetworking.com and the article here for shedding light on the situation.  I’ll have to do some poking around on their site.  Very helpful:)

Linux

Installing a SSL certificate in a LAMP environment

Wow, if you’re reading this you are doing so over a 256 bit encrypted link.  To give you an idea of what that means my bank only uses 128 bit encryption.  Now for a while I was doing this with a self signed certificate.  But then you run into all kinds of hassles that when you send a link to your non-geek friend they get all upset because they get a warning when they try to go to it.  Aside from that hassle (which I can live with) I ran into an issue with the flash uploader on my Gallery 3 site.  It seems that if you have a self signed certificate the flash uploader will not work leaving the only way to upload anything to the server was the ‘server add’ option that would have meant I whole bunch of work that I just didn’t feel like doing right now.

The Solution?  Get a signed certificate from a CA.  Yeah that seems a little obvious but here’s the thing.  I’m not selling anything meaning I’m not making anything and I don’t really want to pay for it.  Free SSL certificates?  Turns out yes they do exist.  I went with StartSSL and was very pleased with the experience.  The first thing I had to do was start by validating my email and getting a certification for that and then it was time to get the SSL/TLS Server cert.  Here is how I did it so I’ll know how to do it next time.

Telnet into the server and issue the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout myserver.key -out server.csr

This will give you two files.
myserver.key: this is your encryption key.
server.csr: this is the Certificate Signing Request that you will submit to the CA

In my case (running Fedora Core 16) I placed the myserver.key file in the /etc/pki/tls/private/ directory.
When you submit it to the CA, they will have you cut and paste the returned text into a ssl.cert file. Get that onto your server and I put it in /etc/pki/tls/certs/. Then you need to find the ssl.conf file and change the SSLCertificateFile and SSLCertificateKeyFile file locations and names. Save the file, restart Apache and you are good to go.

UPDATE
Okay, got home and got a message that I missed a couple of files.  To this end let me say these are the files that were missing:

SSLCertificateChainFile /usr/local/apache/conf/sub.class1.server.ca.pem
SSLCACertificateFile /usr/local/apache/conf/ca.pem

I put them into /etc/pki/tls and just linked them in the ssl.conf and it worked fine and seemed to fix any issues I saw so don’t forget to do this next time.