How to install Node.js on Ubuntu/CentOS

If you want to easy install Node.js on Ubuntu or RHEL – based systems such as CentOS, I’m just gonna point you towards Nodesource. It’s the easiest thing to do since sliced bread.

However, if you’re into more heavy development and you would like an RVM-like setup, you can try NVM. You will be able to run multiple Node.js versions side by side and more granular control.

Enjoy!

CentOS7 disable ipv6

For the time being this has to stay off for clarity sake:

Add:
net.ipv6.conf.all.disable_ipv6 = 1
to /etc/sysctl.conf

then type: sysctl -p

Done.

CentOS7 change hostname

I started switching recently (i know i should have probably started earlier but meh, was busy) switching boxes to CentOS7. Changing the hostname is slightly different now:

[[email protected] ~]# hostnamectl status
Static hostname: beast1.domain.com
Icon name: computer-desktop
Chassis: desktop
Machine ID: e289f5250bd548609d5989766573ab49
Boot ID: 844dbb05561c4c599aad84d9f685d0e8
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64

So in order to change the hostname you would do:

hostnamectl set-hostname my.new.hostname

Done!

Install OSSEC – Ubuntu

Over the years i kept increasing the number of servers i manage and although running operations from Windows is a breeze, i setup an Ubuntu 14.10 desktop inside VMWare so i have a local platform for testing new stuff i want to implement, and maybe make things slightly easier since i spend most of my time in the linux terminal.

Today i have been playing with OSSEC, and here’s a quick tutorial on how to get the stuff rolling:

1 – First off you will need a bunch of dependencies. Since my local install is a vanilla desktop, from which i am typing right now, there’s a bunch of things to setup:

apt-get install build-essential apache2 libapache2-mod-php5 apache2-utils zlib1g-dev libssl-dev

If there’s dependencies that you are missing at some point, do yourself a favor and install apt-file. It will make searching for packages that would satisfy that dependency a breeze.

apt-get install apt-file
Let’s say you’re missing zlib.h, all you have to do is apt-file search zlib.h. Done

2 – Get the sources for the server and the web ui from git:

cd /opt

git clone https://github.com/ossec/ossec-hids.git

git clone https://github.com/ossec/ossec-wui.git

3 – Install OSSEC

cd /opt/ossec-hids;./install.sh

The only parameters you would usually have to modify is the e-mail address, and the server type. I chose “local” for my installation, but feel free to type help and read on the different options.

4 – Install ossec-wui – the web interface:

cd /opt/;mv ossec-wui /var/www/html;cd /var/www/html/ossec-wui;./setup.sh

Nothing to modify here, and i suggest you leave the paths the same for both ossec and wui

5 – Fix some permissions stuff:

usermod -a -G ossec www-data

cd /var/www/html/ossec;chgrp www-data tmp;chmod 770 tmp

6 – Start apache;

service apache2 start

7 – Open up the browser, go to http://localhost/ossec-wui and voila, you should see the system logs … logged

Upgrade perl 5.12 / 5.14 to 5.16 or later on FreeBSD – How to

So if you’re me, and you’re using ports for everything on a FreeBSD server, you will notice pretty soon that the perl is kinda out of date, compared to current.

What can we do about it ? It’s fairly easy but it took a few trial and errors till i got the things rolling:

pkg set -o lang/perl5.14:lang/perl5.16 or pkg set -o lang/perl5.12:lang/perl5.16

portupgrade -o lang/perl5.16 -f perl-5.14.\* or  portupgrade -o lang/perl5.16 -f perl-5.12.\*

portupgrade -rf perl*

Do, did, done

RVM How To

This is the easiest stuff ever:

curl -sSL https://get.rvm.io | bash

[[email protected] ~]# rvm install 1.9.3

Searching for binary rubies, this might take some time.
Found remote file https://rvm.io/binaries/centos/5/x86_64/ruby-1.9.3-p484.tar.bz2
Checking requirements for centos.
Installing requirements for centos.
Updating system.
Installing required packages: libyaml-devel, libffi-devel………
Requirements installation successful.
ruby-1.9.3-p484 – #configure
ruby-1.9.3-p484 – #download
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 10.3M 100 10.3M 0 0 3253k 0 0:00:03 0:00:03 –:–:– 3320k
ruby-1.9.3-p484 – #validate archive
ruby-1.9.3-p484 – #extract
ruby-1.9.3-p484 – #validate binary
ruby-1.9.3-p484 – #setup
ruby-1.9.3-p484 – #making binaries executable.
ruby-1.9.3-p484 – #downloading rubygems-2.2.2
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 404k 100 404k 0 0 2886k 0 –:–:– –:–:– –:–:– 9.8M
No checksum for downloaded archive, recording checksum in user configuration.
ruby-1.9.3-p484 – #extracting rubygems-2.2.2.
ruby-1.9.3-p484 – #removing old rubygems.
ruby-1.9.3-p484 – #installing rubygems-2.2.2……………
ruby-1.9.3-p484 – #gemset created /usr/local/rvm/gems/[email protected]
ruby-1.9.3-p484 – #importing gemset /usr/local/rvm/gemsets/global.gems..
ruby-1.9.3-p484 – #generating global wrappers.
ruby-1.9.3-p484 – #gemset created /usr/local/rvm/gems/ruby-1.9.3-p484
ruby-1.9.3-p484 – #importing gemsetfile /usr/local/rvm/gemsets/default.gems evaluated to empty gem list
ruby-1.9.3-p484 – #generating default wrappers.
[[email protected] ~]# ruby -v
ruby 1.9.3p484 (2013-11-22 revision 43786) [x86_64-linux]

RVM style multiple Python versions on the same server – Centos5

Hi, so i need to setup some services that use Python 2.7.6, however, since i am using the same Centos5.10 machines that i can’t reload, and i don’t really need to reload them since they are working fine (don’t fix what’s not broken), and on Centos5 you have 2.4.3, and if you decide to upgrade it, you will most likely screw a lot of things in the process, here’s a nice tutorial on how to work things out, using a similar approach to Ruby’s Version Manager or RVM:

1 – Create a user of your choosing, and login as said user.

2 – git clone git://github.com/yyuu/pyenv.git .pyenv

3 – Add env variables to your bash profile (i assume you should be using the bash shell, if you’re using another shell not sure how that goes):

echo ‘export PYENV_ROOT=”$HOME/.pyenv”‘ >> ~/.bash_profile
echo ‘export PATH=”$PYENV_ROOT/bin:$PATH”‘ >> ~/.bash_profile
echo ‘eval “$(pyenv init -)”‘ >> ~/.bash_profile

4 – Logout and relog, or restart shell. I find relog to be the choice for me as i usually have consoles opened for long periods of time, so i might forget and control+D and then miss my settings and wonder why.

5 – Install the Python version you need!

pyenv install 2.7.6

6 – Setup your new installed version as default:

pyenv local 2.7.6

7 – Enjoy your new Python installation!

FreeBSD pkgng how to

So as it seems, in 2014 a bunch of changes happened in FreeBSD:

First off we have the pkg_* system being deprecated. The switch to pkgng is pretty straightforward though, and i upgraded 2 servers without issues:

1 – cd /usr/ports/ports-mgmt/pkg && make install distclean

2 – mkdir -p /usr/local/etc/pkg/repos

3 – pico /usr/local/etc/pkg/repos/FreeBSD.conf

add the following to that file:

FreeBSD: {
url: “pkg+http://pkg.FreeBSD.org/${ABI}/latest”,
mirror_type: “srv”,
enabled: yes
}

4 – cp /usr/local/etc/pkg.conf.sample /usr/local/etc/pkg.conf

5 – run pkg2ng to convert the db: pkg2ng

6 – pico /etc/make.conf and add the following line:

WITH_PKGNG=yes

You’re done!

I can has diacritice wordpress

Aveam nevoie de diacritice in wordpress, de fapt eu nu aveam nevoie ca mie nu imi place sa scriu cu diacritice dar in fine.

Pt cei care va crizati de faptul ca ati schimbat collation la baza de date si diacriticele tot nu merg, quick hint: tabelele nu se schimba, doar ce e creat nou ramane cu collation pe care l-ati pus. So, avem un tool super fain, de schimbat collation pe toate tabelele din db:

* Download: http://www.phoca.cz/phoca-changing-collation/
* Download mirror: http://www.mediafire.com/?nmrzznjnddj

Happy blogging cu diacritice. De fapt happy commenting voi cu diacritice, ca mie nu imi trebe.

disable http TRACE – how to

Disabling the HTTP TRACE method

The HTTP TRACE request method causes the data received by IBM HTTP Server from the client to be sent back to the client, as in the following example:

$ telnet 127.0.0.1 8080
Trying…
Connected to 127.0.0.1.
Escape character is ‘^]’.
TRACE / HTTP/1.0
Host: foo
A: b
C: d

HTTP/1.1 200 OK
Date: Mon, 04 Oct 2004 14:07:59 GMT
Server: IBM_HTTP_SERVER
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
A: b
C: d
Host: foo

Connection closed.

The TRACE capability could be used by vulnerable or malicious applications to trick a web browser into issuing a TRACE request against an arbitrary site and then send the response to the TRACE to a third party using web browser features.
Making the required configuration changes

IBM HTTP Server can be configured to disable normal TRACE request processing so that the request fails with 403 (forbidden) and any private information sent in the TRACE request does not appear in the response. The way to disable normal TRACE request processing is to add several mod_rewrite directives to the web server configuration file, at main scope as well as in every container. Here is an example:


# disable TRACE in the main scope of httpd.conf
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* – [F]



# disable TRACE in the www.example.com virtual host
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* – [F]

mod_rewrite must be active for these directives to be accepted. If mod_rewrite is not already active in your configuration:
IBM HTTP Server 1.3 customers: Even if mod_rewrite is already enabled, check the instructions for allowing it to take precedence over the WebSphere plug-in.

* How to enable mod_rewrite

Verifying that TRACE is disabled

After TRACE has been disabled according to the instructions above, a TRACE request will be responded to with HTTP status code 403 (FORBIDDEN).
Using telnet to verify the configuration for a non-SSL web server port

The telnet command provided with most operating systems can be used to verify that the configuration changes to disable TRACE have been made. Note that telnet can only be used to test non-SSL ports, since it does not have the capability to perform the SSL handshake or to encrypt the data.

$ telnet 127.0.0.1 8080
Trying…
Connected to 127.0.0.1.
Escape character is ‘^]’.
TRACE / HTTP/1.0
A: b
C: d
Host: foo

HTTP/1.1 403 Forbidden
Date: Mon, 04 Oct 2004 14:23:31 GMT
Server: IBM_HTTP_SERVER
Connection: close
Content-Type: text/html; charset=iso-8859-1

< !DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

403 Forbidden

Forbidden

You don’t have permission to access /
on this server.


Connection closed.

The information sent by the client is no longer echoed, and the request fails with HTTP status code 403.

If the response to the TRACE request continues to result in a response with status code 200, verify that the required directives were added to all containers and the main scope of the configuration file, and also verify that the web server has been restarted to activate the updated configuration.
Using the openssl command to verify the configuration for an SSL-enabled web server port

openssl is a command-line program which is part of the OpenSSL toolkit. It is not distributed with IBM HTTP Server. It is a typical component of a Linux system, and it is available for other platforms. A package for AIX can be obtained from the AIX Toolbox for Linux Applications site (follow the link labeled AIX Toolbox Cryptographic Content) and is already installed on many AIX systems. Refer to http://www.openssl.org for availability on other operating systems.

There may be other tools available for testing the TRACE configuration on an SSL port. openssl is used as an example here because it is freely available.

Unlike telnet, the openssl command can be used to perform the SSL handshake with the web server, at which point the TRACE command can be entered. Here is an example:

$ /usr/linux/bin/openssl s_client -connect 127.0.0.1:8444
CONNECTED(00000003)
depth=0
/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP
verify error:num=18:self signed certificate
verify return:1
depth=0
/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP
verify return:1

Certificate chain
0 s:/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP
i:/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP

Server certificate
—–BEGIN CERTIFICATE—–
MIICUzCCAbygAwIBAgIEQFxItjANBgkqhkiG9w0BAQQFADBuMQswCQYDVQQGEwJV
UzEOMAwGA1UEERMFMjc2MDcxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdo
MQwwCgYDVQQKEwNJQk0xDTALBgNVBAsTBG0weGExEzARBgNVBAMTClRSQVdJQ0st
VFAwHhcNMDQwMzE5MTMzNTUwWhcNMDYxMjE1MTMzNTUwWjBuMQswCQYDVQQGEwJV
UzEOMAwGA1UEERMFMjc2MDcxCzAJBgNVBAgTAk5DMRAwDgYDVQQHEwdSYWxlaWdo
MQwwCgYDVQQKEwNJQk0xDTALBgNVBAsTBG0weGExEzARBgNVBAMTClRSQVdJQ0st
VFAwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL20PHlKPcWPANcH8cQ5j2Ev
40p8HZhY4lQMY7rYebDlglJikMCLBePMkkMsWOAz+Wwk/jsxsw7XLyC+qPdoDZbc
ggsZUHNwzn8/sJh3WSbKJwkSxC4hBHmO0IweDOp/LtIWjTLEeVqWDUUFoA+xMvMq
GAf48YVlKynAI6dqnCgbAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAV+c9cSYaZCoU
MM6GVw9sro2uWAEqc+D+iqTPtIn76P8UZOSZZEfMXNXHc1lR8iytVcFf7uv8Yob2
2332citn82TU7PF9pAG8jOQfhtQgoLjgAYg8UNmQscJLkjeJDU0LeV7u7Czo/whp
4l1bQA/0aqkrIl5UrTDoxqOBUPbx93c=
—–END CERTIFICATE—–
subject=/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP
issuer=/C=US/2.5.4.17=27607/ST=NC/L=Raleigh/O=IBM/OU=m0xa/CN=TRAWICK-TP

No client certificate CA names sent

SSL handshake has read 739 bytes and written 310 bytes

New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID:
0000643E040608CBB4770730058AD640E7D7DBF9585858584270B25900000001
Session-ID-ctx:
Master-Key:
AB897789790FFA0917335A49A6A272A162159B854EA2A9C21C1754607B412126AF09F521B0D4102387F80BC60B42FB5A
Key-Arg : None
Start Time: 1114681945
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)

TRACE / HTTP/1.0 < ----------- data to be entered starts here A: b C: d Host: fooHTTP/1.1 403 Forbidden <----------- web server response starts here Date: Thu, 28 Apr 2005 09:52:29 GMT Server: IBM_HTTP_Server/2.0.47.1-PK01070 Apache/2.0.47 (Unix) Content-Length: 306 Connection: close Content-Type: text/html; charset=iso-8859-1

403 Forbidden

Forbidden

You don’t have permission to access /
on this server.


IBM_HTTP_Server/2.0.47.1-PK01070 Apache/2.0.47 (Unix) Server
at foo Port 8444


read:errno=0
$

TRACE and OPTIONS

The OPTIONS method can be used by a client to determine which methods are allowed. Even when TRACE is disabled using the mod_rewrite method above, the OPTIONS response will report that TRACE is enabled. However, TRACE will be rejected with a 403 error before it is processed, and the potentially harmful behavior of TRACE — echoing input data to the response — won’t be allowed.
For more information…

More background information on the concerns with TRACE is provided at http://www.apacheweek.com/issues/03-01-24#news.
The HTTP TRACK method

The TRACK method is a type of request supported by Microsoft web servers. It is not RFC compliant and is not supported directly by IBM HTTP Server. The method may be utilized as part of a cross-site scripting attack. See Vulnerability Note VU#288308 for more information.

Even though IBM HTTP Server does not support the TRACK method natively, it is possible for plug-in modules to provide support for it. To disable this capability for plug-in modules, in addition to disabling the TRACE method, add these two additional directives after the existing RewriteCond and RewriteRule directives which are used to disable TRACE:

RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* – [F]

Here is a full example showing the directives to disable both TRACE and TRACK:


# disable TRACE and TRACK in the main scope of httpd.conf
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* – [F]
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* – [F]



# disable TRACE and TRACK in the www.example.com virtual host
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* – [F]
RewriteCond %{REQUEST_METHOD} ^TRACK
RewriteRule .* – [F]