» ubuntu の記事

~ install mcrypt in ubuntu ~

connie 2013.01.22 Post on (2013.01.22) | ubuntu | | No Comments 
apt-get install php5-mcrypt
/etc/init.d/apache2 restart

 

~ 用RootKit Hunter來找linux漏洞 ~

connie 2013.01.05 Post on (2013.01.05) | ubuntu | | No Comments

先安裝RootKit Hunter 

cd /tmp
wget http://ncu.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.0/rkhunter-1.4.0.tar.gz
tar -xvf rkhunter-1.4.0.tar.gz
cd rkhunter-1.4.0
./installer.sh --layout default --install
cd /usr/local/bin
mv rkhunter /usr/bin/

之後update db 

rkhunter --update
rkhunter --propupd

之後要修改/etc/rkhunter.conf 

nano /etc/rkhunter.conf

加入hidden file whitelist 

SCRIPTDIR=/usr/local/lib/rkhunter/scripts

ALLOWHIDDENDIR="/etc/.java"
ALLOWHIDDENDIR="/dev/.udev"

ALLOWHIDDENFILE="/dev/.initramfs"

SCRIPTWHITELIST=/usr/bin/unhide.rb

Scan Machine 方法 

rkhunter --checkall

完成 

rm -r rkhunter-1.4.0
rm -r rkhunter-1.4.0.tar.gz

 

~ Apache 上配置多張 SSL Cert ~

connie 2012.12.28 Post on (2012.12.28) | ubuntu | | No Comments

有好多人會以為配置SSL virtual Host 時,會同普通http virtual Host 一樣,
copy 多一set virtual host 改servername , restart 就完成.

但你好快會發現有問題出現
假設你有2個SSL site, 同樣都有cert的.
SSL Site B 會使用了 Site A 張cert

要解決這個問題有三個可行的方法

  1. use Wildcard SSL
  2. set different port listener
  3. use mod_guntls mod

總之要點係每個SSL VirtualHost 都要有獨立的IP:PORT組合,不然就要用wildcard SSL

~ Ubuntu Firewall Setting ~

connie 2012.12.27 Post on (2012.12.27) | ubuntu | | No Comments

以下cmd 需要在有root權的acc使用

Install ufw 

sudo apt-get install gufw

Check firewall status 

ufw status

Turn on Firewall 

ufw enable

Turn off Firewall 

ufw disable

Allow a port 

ufw allow [port number]

Allow an ip address 

ufw allow from [ip address]

Allow a specific ip address and port 

ufw allow from [ipaddress] to any port [port number]

Allow ip address range 10.120.0.1 – 10.120.0.255 to port 22 

ufw allow from 10.0.0.0/24 to any port 22

Blocking a port 

ufw deny port [port number]

To remove a deny or allow rule 

ufw delete deny  [port number]

~ install awstats on ubuntu ~

connie 2012.12.26 Post on (2012.12.26) | ubuntu | | No Comments 
sudo apt-get install awstats

Copy the config file for new site (should name as wstats.yourdomain.ext.conf) 

cp /etc/awstats/awstats.conf /etc/awstats/awstats.yourdomain.ext.conf

Open the config file, and modify these lines 

#Path to access.log for your domain
LogFile="/var/log/apache2/access.log"
#I recommend '1' for more detailed information
LogFormat=1
SiteDomain="yourdomain.ext"
HostAliases="localhost 127.0.0.1 yourdomain.ext"

For running the first time use 

/usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext

For update 

/usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext -update

apache setting
  

<VirtualHost *:80>
ServerName ***.***.***.***
DocumentRoot /var/www/
<Directory "/var/www/">
Options FollowSymLinks
AllowOverride ALL
Order allow,deny
Allow from all
</Directory>
Alias /awstatsclasses/ "/usr/share/awstats/lib/"
Alias /awstats-icon/ "/usr/share/awstats/icon/"
Alias /awstatscss "/usr/share/doc/awstats/examples/css"
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
ScriptAlias /awstats/ /usr/lib/cgi-bin/
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
</VirtualHost>

/etc/init.d/apache2 reload

0 */3 * * * root /usr/lib/cgi-bin/awstats.pl -config=yourdomain.ext -update &gt;/dev/null

~ ubuntu SCP commard ~

connie 2012.12.21 Post on (2012.12.21) | ubuntu | | No Comments 
Get File from remote server 

scp [username]@[hostaddress]:/remotefile /newlocalfile

upload File to remote server  

scp [localfilename] [username]@[hostaddress]:/newfilename

 

~ Create a SSL Certificate on Apache for Ubuntu 12.04 ~

connie 2012.12.20 Post on (2012.12.20) | ubuntu | | No Comments

1]Activate the SSL Module

sudo a2enmod ssl
sudo service apache2 restart

2]create a new directory where we will store the server key and certificate

sudo mkdir /etc/apache2/ssl

3]Create a Self Signed SSL Certificate
this certificate will expire after one year.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

4]The most important line is “Common Name”. Enter your official domain name here or, if you don’t have one yet, your site’s IP address.
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com
Email Address []:[email protected]

5]Set Up the Certificate

sudo nano /etc/apache2/sites-available/default-ssl
ServerName example.com:443
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

6]Activate the New Virtual Host

sudo a2ensite default-ssl
sudo service apache2 reload
| HOME | Next Page »

Smiley face

April 2024
S M T W T F S
 123456
78910111213
14151617181920
21222324252627
282930