How to fix pass store is uninitialized on Ubuntu Linux in Docker setup

March 28, 2024 ~ tadmin

The error message you’re seeing, “pass store is uninitialized“, indicates that the `pass` utility, which Docker uses for secure password storage, hasn’t been set up yet. To initialize `pass` and resolve this error, follow these steps:

**Install Pass**: If you haven’t already, ensure that the `pass` password manager is installed on your system. You can do this on a Debian-based system (like Ubuntu) using:
```
   sudo apt-get update
   sudo apt-get install pass
   
```
Initialize the Password Store: The password store needs to be initialized with a GPG key. If you don’t have a GPG key yet, you’ll need to create one:
- Generate a GPG Key (if needed):
```
     gpg --full-generate-key
     
```
  Follow the prompts to create your key. You’ll be asked to provide a name, email, and a passphrase. Remember or securely store the passphrase, as it’s needed to unlock the key.
- List GPG Keys:
  After creating a GPG key, list your available GPG keys to find the ID of the key you want to use with `pass`:
```
     gpg --list-secret-keys --keyid-format LONG
     
```
  Look for a line that looks like `sec rsa4096/KEY_ID_HERE 202X-XX-XX [SC]`. The `KEY_ID_HERE` part is your key ID.
- Initialize Pass:
  With your GPG key ID, initialize the `pass` store:
```
     pass init "KEY_ID_HERE"
     
```
Verify Initialization: To verify that `pass` has been initialized and is working, try adding a test entry:
```
   pass insert docker-credential-helpers/test
   
```
When prompted, enter a test password. You can then list the contents of your password store:
```
   pass
   
```
Configure Docker to Use `pass`: Ensure Docker is configured to use `pass` by checking your `~/.docker/config.json` file. It should have a line that specifies `pass` as the credsStore or credential helper:
{
"credsStore": "pass"
}

By following these steps, you should be able to initialize `pass` for Docker credential storage and resolve the “pass store is uninitialized” error. If you encounter any issues along the way, the error messages provided by each command can often give clues on how to proceed.

Secure Your Web Development Workflow: Generating and Using PGP Keys in phpStorm IDE on Linux

March 19, 2024 ~ tadmin

In today’s digital age, security is paramount, especially when it comes to web development. As developers, we handle sensitive information regularly, from user credentials to proprietary code. One way to enhance the security of your development workflow is by using Pretty Good Privacy (PGP) keys. In this guide, we’ll walk through the process of generating and utilizing PGP keys within the popular phpStorm IDE on a Linux environment.

Why using PGP Keys?

PGP keys provide a robust method for encrypting and decrypting sensitive data, ensuring confidentiality and integrity. By utilizing PGP keys, you can securely communicate with other developers, sign commits to verify authenticity, and encrypt sensitive files.

Step 1: Install GnuPG

Before generating PGP keys, ensure that GnuPG (GNU Privacy Guard) is installed on your Linux system. Most distributions include GnuPG in their package repositories. You can install it using your package manager:

sudo apt-get update
sudo apt-get install gnupg

Step 2: Generate PGP Keys

Open a terminal window and enter the following command to generate a new PGP key pair:

gpg --full-generate-key

Follow the prompts to select the key type and size, specify the expiration date, and enter your name and email address. Ensure to use the email associated with your phpStorm IDE account.

Step 3: Configure phpStorm

Open phpStorm and navigate to File > Settings (or PhpStorm > Preferences on macOS).
In the Settings window, expand the “Version Control” section and select “GPG/PGP.”
Click on the “Add” button and browse to the location of your PGP executable (usually `/usr/bin/gpg`).
Click “OK” to save the configuration.

Step 4: Import Your PGP Key

Back in the terminal, export your PGP public key:

gpg --export -a "Your Name" > public_key.asc

Import the exported public key into phpStorm:

In phpStorm, go to File > Settings > Version Control > GPG/PGP.
Click on the “Import” button and select the `public_key.asc` file.
phpStorm will import the key and associate it with your IDE.

Step 5: Start Using PGP Keys

Now that your PGP key is set up in phpStorm, you can start utilizing its features:

Signing Commits: When committing changes to your version control system (e.g., Git), phpStorm will prompt you to sign your commits using your PGP key.
Encrypting Files: You can encrypt sensitive files before sharing them with collaborators, ensuring that only authorized individuals can access their contents.
Verifying Signatures: phpStorm will automatically verify the signatures of commits and files, providing an extra layer of trust in your development process.

By integrating PGP keys into your phpStorm workflow, you bolster the security of your web development projects, safeguarding sensitive data and ensuring the integrity of your codebase. Take the necessary steps today to fortify your development environment and embrace the power of encryption. Happy coding!

Counting the Number of Files in a Folder with Efficiency

March 15, 2024March 15, 2024 ~ tadmin

Managing folders with a massive number of files can be a daunting task, especially when you need to quickly assess how many files are contained within. Thankfully, there are efficient ways to tackle this challenge using command-line tools.

Using `ls` and `wc`

One approach is to leverage the combination of `ls` and `wc` commands. By navigating to the target directory and executing a couple of commands, you can obtain the file count promptly.

cd /path/to/folder_with_huge_number_of_files1
ls -f | wc -l

Here’s a breakdown of what each command does:

`ls -f`: Lists all files in the directory without sorting.
`wc -l`: Counts the number of lines output by `ls`.

This method efficiently calculates the total number of files within the specified directory.

Using Perl Scripting

Alternatively, Perl provides another powerful option for counting files within a directory. With a concise script, you can achieve the same result with ease.

cd /path/to/folder_with_huge_number_of_files2
perl -e 'opendir D, "."; @files = readdir D; closedir D; print scalar(@files)."\n";'

In this Perl script:

`opendir D, “.”`: Opens the current directory.
`@files = readdir D;`: Reads the contents of the directory into an array.
`closedir D;`: Closes the directory handle.
`print scalar(@files).”\n”;`: Prints the count of files.

Both methods provide efficient solutions for determining the number of files in a directory, catering to different preferences and workflows.

Next time you find yourself grappling with a folder overflowing with files, remember these handy techniques to streamline your file management tasks.

Linux IPTables: limit the number of HTTP requests from one IP per minute (for CentOs, RHEL and Ubuntu)

March 6, 2024 ~ tadmin

Protecting Your Web Server: Implementing IP-based Request Limiting with IPTables on Linux

In the face of relentless cyber attacks, safeguarding your web server becomes paramount. Recently, our server encountered a barrage of requests from a single IP address, causing severe strain on our resources. To mitigate such threats, we employed IPTables, the powerful firewall utility in Linux, to enforce restrictions on the number of requests from individual IPs.

IPTables Rule Implementation (For CentOS/RHEL)

In our case, the lifesaving rule we implemented using IPTables was:

-A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

This rule effectively limits the number of simultaneous connections from a single IP address to port 80. Once the threshold of 20 connections is breached, any further connection attempts from that IP are rejected with a TCP reset.

To apply this rule, follow these steps:

Edit IPTables Configuration File. Open the file `/etc/sysconfig/iptables` using your preferred text editor.
Add the Rule. Insert the above rule above the line that allows traffic to port 80.
Save the Changes. Save the file and exit the text editor.
Restart IPTables Service. Execute the following command to apply the changes:
```
# /sbin/service iptables restart
```

Upon completion, the IPTables service will be restarted, enforcing the new rule and restoring stability to your server.

Additional Example for Ubuntu Linux Distro

For Ubuntu Linux users, the process is slightly different. Below is an example of implementing a similar IPTables rule to limit requests from a single IP address on port 80:

sudo iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset

This command accomplishes the same objective as the previous rule but is formatted for Ubuntu’s IPTables syntax.

Conclusion

In the ever-evolving landscape of cybersecurity, proactive measures like IP-based request limiting are crucial for safeguarding your web infrastructure. By leveraging the capabilities of IPTables, you can fortify your defenses against malicious attacks and ensure the uninterrupted operation of your services.

How to Identify IP Addresses Sending Many Requests in Ubuntu Linux

February 28, 2024 ~ tadmin

In today’s interconnected world, network security is paramount. One aspect of network security involves identifying and monitoring IP addresses that may be sending an unusually high volume of requests to your system. In Ubuntu Linux, several tools can help you accomplish this task effectively.

Using netstat

One of the simplest ways to identify IP addresses sending many requests is by using the `netstat` command. Open a terminal and enter the following command:

sudo netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr

This command will display a list of IP addresses that have initiated numerous TCP connections to your system, sorted by the number of connections.

Utilizing tcpdump

Another powerful tool for network analysis is `tcpdump`. In the terminal, execute the following command:

sudo tcpdump -nn -c 1000 | awk '{print $3}' | cut -d. -f1-4 | sort | uniq -c | sort -nr

This command will capture the last 1000 packets and display a list of IP addresses involved in those packets, sorted by packet count.

Monitoring with iftop

If you prefer a real-time view of network traffic, `iftop` is an excellent option. If you haven’t installed it yet, you can do so with the following command:

sudo apt install iftop

Once installed, simply run `iftop` in the terminal:

sudo iftop

`iftop` will display a live list of IP addresses sending and receiving the most traffic on your system.

By utilizing these tools, you can effectively identify IP addresses that may be engaging in suspicious or excessive network activity on your Ubuntu Linux system. Monitoring and promptly addressing such activity can help enhance the security and performance of your network environment.

Stay vigilant and keep your systems secure!

Linux OpenSSL generate self-signed SSL certificate and Apache web server configuration

February 21, 2024 ~ tadmin

In a previous post, we covered the creation of a CSR and key for obtaining an SSL certificate. Today, we’ll focus on generating a self-signed SSL certificate, a useful step in development and testing environments. Follow along to secure your website with HTTPS.

Generating the SSL Certificate

To create a self-signed SSL certificate, execute the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout www.shkodenko.com.key -out www.shkodenko.com.crt

This command generates a self-signed certificate valid for 365 days.

Configuring Apache

Next step, let’s configure Apache to use the SSL certificate. Add the following configuration to your virtual host file:

<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName shkodenko.com
ServerAlias www.shkodenko.com
DocumentRoot /home/shkodenko/public_html
ServerAdmin webmaster@shkodenko.com

SSLEngine on
SSLCertificateFile /etc/ssl/certs/www.shkodenko.com.crt
SSLCertificateKeyFile /etc/ssl/private/www.shkodenko.com.key

CustomLog /var/log/apache2/shkodenko.com-ssl_log combined

<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>

<Directory /home/shkodenko/public_html>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
</IfModule>

This configuration sets up SSL for your domain, specifying the SSL certificate and key files.

Checking Syntax and Restarting Apache

Before restarting Apache, it’s crucial to check the configuration syntax:

apachectl -t

If the syntax is correct, restart Apache to apply the changes:

systemctl restart apache2

service apache2 restart

Ensure your website now loads with HTTPS. You’ve successfully generated a self-signed SSL certificate and configured Apache to use it!

Linux chkconfig and service: managing autostart and service state

February 20, 2024 ~ tadmin

In Red Hat-like Linux systems such as Red Hat Enterprise Linux, CentOS, Fedora (up to version 15), and similar distributions, service management often involves the use of the /sbin/chkconfig command.

To view the status of the NFS (Network File System) service, you can use the following command:

/sbin/chkconfig --list nfs

This command displays a list indicating whether the NFS service is enabled or disabled for each runlevel (0 through 6).

To enable the NFS service, execute:

/sbin/chkconfig nfs on

To verify the status of the NFS service, rerun the previous command:

/sbin/chkconfig --list nfs

Now, you can see that the NFS service is enabled for the appropriate runlevels.

To disable the NFS service from starting automatically, use:

/sbin/chkconfig nfs off

Check the status once more to confirm the changes:

/sbin/chkconfig --list nfs

To view the autoload status of all services on the system, use:

/sbin/chkconfig --list | more

For a comprehensive list of available command options, you can refer to the help documentation:

/sbin/chkconfig --help

Additionally, you can manage the NFS service directly using the `/sbin/service` command with various options:

/sbin/service nfs [start|stop|status|restart|reload|force-reload|condrestart|try-restart|condstop]

Some commonly used options include:

start: Start the service.
status: Check the current state of the service.
restart: Restart the service.
reload: Apply new configurations without restarting.

Linux useradd passwd: create accounts with access to a specific folder

February 9, 2024 ~ tadmin

How to Create an Additional FTP Account with Access to a Specific Subfolder

Sometimes, managing access to specific directories on your server is essential for security and organization purposes. One common scenario is creating an additional FTP account with access limited to a particular subfolder. In this guide, we’ll walk through the steps to achieve this on a Linux-based system.

Step 1: Creating the User Account

First, let’s create a new user account using the `useradd` command. Replace `ftp_taras_web` with your desired username and `/home/taras/public_html` with the path to the subfolder you want to grant access to.

sudo useradd -d /home/taras/public_html -g taras -o -s /bin/false -u 10001 ftp_taras_web

Here’s a breakdown of the parameters used in the command:

-d, -home HOME_DIR: Specifies the home directory for the new user.
-g, -gid GROUP: Sets the initial login group for the user.
-o, -non-unique: Allows the creation of a user account with a duplicate UID.
-s, -shell SHELL: Specifies the login shell for the user.
-u, -uid UID: Sets the numerical value of the user’s ID.

Step 2: Setting the Password

Next, set a password for the newly created FTP account using the `passwd` command:

sudo passwd ftp_taras_web

Step 3: Generating a Complex Password

For enhanced security, consider using a password generator to create a strong and complex password for the FTP account.

Step 4: Verifying User Data

You can verify the user’s information using the `id` and `finger` commands:

id ftp_taras_web

uid=1001(taras) gid=1001(taras) groups=1001(taras)

finger ftp_taras_web

Login: taras Name:
Directory: /home/taras Shell: /bin/bash
Last login Wed Dec 26 13:48 (EET) on pts/4 from 192.168.2.1
No mail.
No Plan.

This will display details such as the user ID, group ID, home directory, and login shell.
By following these steps, you can efficiently manage access permissions for specific directories on your server, ensuring a secure and organized environment.

Trimming the Last Character from a String in Bash

February 5, 2024 ~ tadmin

Trimming the Last Character from a String in Bash.

In the world of shell scripting, manipulating string variables is a common task. One interesting challenge you might encounter is removing the last character from a string. This task might seem simple at first glance, but it showcases the flexibility and power of Bash scripting.

Let’s dive into a practical example to illustrate how this can be achieved efficiently.

Scenario

Imagine you have a string stored in a variable, and you need to remove the last character of this string for your script’s logic to work correctly. For instance, you might be processing a list of filenames, paths, or user inputs where the trailing character needs to be omitted.

Solution

Bash provides several ways to manipulate strings. One of the simplest and most elegant methods to remove the last character from a string is using parameter expansion. Here’s a quick script to demonstrate this approach:

#!/bin/bash

# Original string
str1="foo bar"
echo "String1: ${str1}"

# Removing the last character
str2="${str1%?}"
echo "String2: ${str2}"

In this script:

We define a string variable `str1` with the value “foo bar”.
We then use `${str1%?}` to create a new variable `str2` that contains all characters of `str1` except for the last one. The `%?` syntax is a form of parameter expansion that removes a matching suffix pattern. In this case, `?` matches a single character at the end of the string.

How It Works

The `${variable%pattern}` syntax in Bash is a form of parameter expansion that removes the shortest match of `pattern` from the end of `variable`. The `?` in our pattern is a wildcard that matches any single character. Thus, `${str1%?}` effectively removes the last character from `str1`.

Alternative Approaches

Although the method shown above is succinct and effective for our purpose, Bash offers other string manipulation capabilities that could be used for similar tasks. For example:

Substring Extraction: `echo “${str1:0:${#str1}-1}”`
sed: If you prefer using external tools, `sed` can also achieve this: `echo “$str1” | sed ‘s/.$//’`

Each method has its use cases, depending on the complexity of the operation you’re performing and your personal preference.

Conclusion

Removing the last character from a string in Bash is straightforward with parameter expansion. This technique is just one example of the powerful string manipulation capabilities available in Bash. Experimenting with these features can help you write more efficient and effective scripts.

Mastering Program Search in Linux: A Guide to Using whereis, find, and locate Commands

January 29, 2024 ~ tadmin

To locate a specific program in your system, the `whereis` command is often the most efficient choice. For instance, if you’re searching for the ‘ls’ program, simply enter:

whereis ls

This command will display results such as:

ls: /bin/ls /usr/share/man/man1p/ls.1p.gz /usr/share/man/man1/ls.1p.gz

Alternatively, you have other commands at your disposal, although they might be slower. One such option is the `find` command, which can be used as follows:

find / -type f -name "ls"

Another useful command is `locate`, which searches for any file names containing ‘ls’ in their path. The syntax is straightforward:

locate ls

However, `locate` tends to return a lengthy list of results, which can be challenging to navigate without filtering the output with tools like `grep` or using pagination commands such as `more` or `less`. This extra step is necessary for easier readability of the output.