web development and system administration of Linux
If you need to add existing user to existing group use usermod command.
1. Check current user groups using id command:
# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin)
2. Add existing user to group using usermod command:
# usermod -a -G wheel serveradmin
3. Check if user has been added to group using id command:
# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin),11(wheel)
To set up SSH login without passwords using keys:
1. Generate key using ssh-keygen utility. Keys will be saved in this example in ~/.ssh/ folder. File ~/.ssh/id_rsa is your private key. File ~/.ssh/id_rsa.pub is your public key.
2. Add public key to ~/.ssh/authorized_keys on server where you want to login without password using command:
# ssh-copy-id -i ~/.ssh/id_rsa.pub user@shkodenko.com
3. Now you can login as user to example host shkodenko.com without password using your public key using command:
# ssh user@shkodenko.com
To verify if OpenSSL protocol version 3 is disabled you can run command:
# openssl s_client -connect www.shkodenko.com:443 -ssl3
If you will see answer like below:
CONNECTED144:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139824221411144:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
When SSL3 is disabled.
To hide real bind 9 version add directive to /etc/named.conf configuration file.
Inside options { }; block add version directive:
version “BIND custom version”;
To check bind version using dig utility:
# dig chaos txt version.bind @NS_Server_IP
where NS_Server_IP your name server IP or host name
To change time zone on server run commands:
# sudo mv /etc/localtime /etc/localtime.bak # sudo ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
First command backups currently selected timezone file.
Second is setting desired time zone (America/Los_Angeles in this example).
To archive master branch of git repository into zip file the following commands can be used:
# cd /path/to/repository # git archive --format zip --output /path/to/backup/repository_backup.zip master
To view list of archived files use command:
# unzip -l /path/to/backup/repository_backup.zip
I have described viewing zip files in my post List files and folders inside Java jar archive.
To decode SSL certificate the following command can be used:
# openssl x509 -in shkodenko.crt -noout -text
Example command output:
# openssl x509 -in COMODORSADomainValidationSecureServerCA.crt -noout -text |more
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
2b:2e:6e:ea:d9:75:36:6c:14:8a:6e:db:a3:7c:8c:07
Signature Algorithm: sha384WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Validity
Not Before: Feb 12 00:00:00 2014 GMT
Not After : Feb 11 23:59:59 2029 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8e:c2:02:19:e1:a0:59:a4:eb:38:35:8d:2c:fd:
01:d0:d3:49:c0:64:c7:0b:62:05:45:16:3a:a8:a0:
c0:0c:02:7f:1d:cc:db:c4:a1:6d:77:03:a3:0f:86:
f9:e3:06:9c:3e:0b:81:8a:9b:49:1b:ad:03:be:fa:
4b:db:8c:20:ed:d5:ce:5e:65:8e:3e:0d:af:4c:c2:
b0:b7:45:5e:52:2f:34:de:48:24:64:b4:41:ae:00:
97:f7:be:67:de:9e:d0:7a:a7:53:80:3b:7c:ad:f5:
96:55:6f:97:47:0a:7c:85:8b:22:97:8d:b3:84:e0:
96:57:d0:70:18:60:96:8f:ee:2d:07:93:9d:a1:ba:
ca:d1:cd:7b:e9:c4:2a:9a:28:21:91:4d:6f:92:4f:
25:a5:f2:7a:35:dd:26:dc:46:a5:d0:ac:59:35:8c:
ff:4e:91:43:50:3f:59:93:1e:6c:51:21:ee:58:14:
ab:fe:75:50:78:3e:4c:b0:1c:86:13:fa:6b:98:bc:
e0:3b:94:1e:85:52:dc:03:93:24:18:6e:cb:27:51:
45:e6:70:de:25:43:a4:0d:e1:4a:a5:ed:b6:7e:c8:
cd:6d:ee:2e:1d:27:73:5d:dc:45:30:80:aa:e3:b2:
41:0b:af:bd:44:87:da:b9:e5:1b:9d:7f:ae:e5:85:
82:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:BB:AF:7E:02:3D:FA:A6:F1:3C:84:8E:AD:EE:38:98:EC:D9:32:32:D4
X509v3 Subject Key Identifier:
90:AF:6A:3A:94:5A:0B:D8:90:EA:12:56:73:DF:43:B4:3A:28:DA:E7
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: X509v3 Any Policy
Policy: 2.23.140.1.2.1
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.comodoca.com/COMODORSACertificationAuthority.crl
Authority Information Access:
CA Issuers – URI:http://crt.comodoca.com/COMODORSAAddTrustCA.crt
OCSP – URI:http://ocsp.comodoca.com
Signature Algorithm: sha384WithRSAEncryption
4e:2b:76:4f:92:1c:62:36:89:ba:77:c1:27:05:f4:1c:d6:44:
9d:a9:9a:3e:aa:d5:66:66:01:3e:ea:49:e6:a2:35:bc:fa:f6:
dd:95:8e:99:35:98:0e:36:18:75:b1:dd:dd:50:72:7c:ae:dc:
77:88:ce:0f:f7:90:20:ca:a3:67:2e:1f:56:7f:7b:e1:44:ea:
42:95:c4:5d:0d:01:50:46:15:f2:81:89:59:6c:8a:dd:8c:f1:
12:a1:8d:3a:42:8a:98:f8:4b:34:7b:27:3b:08:b4:6f:24:3b:
72:9d:63:74:58:3c:1a:6c:3f:4f:c7:11:9a:c8:a8:f5:b5:37:
ef:10:45:c6:6c:d9:e0:5e:95:26:b3:eb:ad:a3:b9:ee:7f:0c:
9a:66:35:73:32:60:4e:e5:dd:8a:61:2c:6e:52:11:77:68:96:
d3:18:75:51:15:00:1b:74:88:dd:e1:c7:38:04:43:28:e9:16:
fd:d9:05:d4:5d:47:27:60:d6:fb:38:3b:6c:72:a2:94:f8:42:
1a:df:ed:6f:06:8c:45:c2:06:00:aa:e4:e8:dc:d9:b5:e1:73:
78:ec:f6:23:dc:d1:dd:6c:8e:1a:8f:a5:ea:54:7c:96:b7:c3:
fe:55:8e:8d:49:5e:fc:64:bb:cf:3e:bd:96:eb:69:cd:bf:e0:
48:f1:62:82:10:e5:0c:46:57:f2:33:da:d0:c8:63:ed:c6:1f:
94:05:96:4a:1a:91:d1:f7:eb:cf:8f:52:ae:0d:08:d9:3e:a8:
a0:51:e9:c1:87:74:d5:c9:f7:74:ab:2e:53:fb:bb:7a:fb:97:
e2:f8:1f:26:8f:b3:d2:a0:e0:37:5b:28:3b:31:e5:0e:57:2d:
5a:b8:ad:79:ac:5e:20:66:1a:a5:b9:a6:b5:39:c1:f5:98:43:
ff:ee:f9:a7:a7:fd:ee:ca:24:3d:80:16:c4:17:8f:8a:c1:60:
a1:0c:ae:5b:43:47:91:4b:d5:9a:17:5f:f9:d4:87:c1:c2:8c:
b7:e7:e2:0f:30:19:37:86:ac:e0:dc:42:03:e6:94:a8:9d:ae:
fd:0f:24:51:94:ce:92:08:d1:fc:50:f0:03:40:7b:88:59:ed:
0e:dd:ac:d2:77:82:34:dc:06:95:02:d8:90:f9:2d:ea:37:d5:
1a:60:d0:67:20:d7:d8:42:0b:45:af:82:68:de:dd:66:24:37:
90:29:94:19:46:19:25:b8:80:d7:cb:d4:86:28:6a:44:70:26:
23:62:a9:9f:86:6f:bf:ba:90:70:d2:56:77:85:78:ef:ea:25:
a9:17:ce:50:72:8c:00:3a:aa:e3:db:63:34:9f:f8:06:71:01:
e2:82:20:d4:fe:6f:bd:b1
[root@server ~]#
To connect to remote MySQL server via SSH tunnel run commands:
# ssh -L 3307:1.2.3.4:3306 taras@1.2.3.4
Where 3307 local port, 1.2.3.4 remote MySQL server IP, 3306 remote MySQL port, taras – valid SSH user name.
To check if tunnel connection has been set up:
# lsof -i :3307
Connect to remove MySQL server using local SSH tunnel:
# mysql --port 3307 -h 127.0.0.1 -u db_user -p db_name
To decode CSR the following command can be used:
# openssl req -in shkodenko.csr -noout -text
To set up persistent IPTables rules on Debian GNU/Linux 7 (wheezy)
install package using command:
# apt-get install iptables-persistent
Save current IPTables rules using command:
# /etc/init.d/iptables-persistent save
Edit /etc/iptables/rules.v4 file for IPv4 and
/etc/iptables/rules.v6 for IPv6 rules.
To apply new rules run command:
# /etc/init.d/iptables-persistent reload
Loading iptables rules… IPv4… IPv6…done.
To view current IPTables rules:
# iptables -vnL --line-numbers |more
