Monthly Archives: January 2015

OpenSSL encrypt and decrypt files

cryptoWith the help of OpenSSL you can easily encrypt and decrypt files. This method of encryption is of course  also compatible with the openssl binaries you can download for the Windows platform. Use base64 encoding for better multi-plaform exchange.

Encrypt

Encrypt files with (a password is asked for encrypting):

openssl enc -aes-256-cbc -base64 -in <file to encrypt> -out <encrypted file>

Decrypt

Decrypt files with (a password is asked for decrypting):

openssl enc -aes-256-cbc -base64 -d -in <encrypted file> -out <decrypted file>

The commands above use base64 encoding for storing the encrypted data.

Share

VIM Tips & Tricks

vim-logo-enVim is my favorite text editor on Linux, Mac OS X and even Windows. The vim editor is an enhanced version of vi. Vi works great over slow network ppp modem connections and on systems of limited resources. One can completely utilize vi without departing a single finger from the keyboard. In this post I describe some handy tricks and tips while using Vim.

Encrypt files with vim

With vim it is very easy to encrypt your files. Start vim with the -x command line parameter and the name of a (new) file. Vim will ask for your encryption key (twice). When you save the file it will be encrypted.

The default encryption method is “zip”. You better set the default encryption method to blowfish because this method delivers much strong encryption. Add a line to your .vimrc with the contents set cm=blowfish

:set cul Highlight the line the cursor is one
:set nu Show line numbers
:set nobackup Do not create backup files
:iab AlP ABCDEFGHIJKLMNOPQRSTUVWXYZ AlP expands after pressing <TAB>
ma Create mark with the name a
‘a Goto the mark with the name a
´a,´bw fname Write contents between mark a and mark b to a file with the name fname
%s/needle/haystack/gc Replace all occurences of needle with haystack in the current file asking for confirmation
echo expand(‘~’) Determine your HOME directory
1,$s/$/XXX/ For all lines in the file, append a tripple X (XXX). You could also use % instead of 1,$
%s/^\(.*\)\n\1$/\1/ Find and remove all duplicate lines
%s/ *$/ Remove trailing spaces on all lines in the buffer (%)
‘t,’b!sort Sort all lines between mark t and mark b

List of VIM plugins can be found here.

Useful regular expressions

:g/profile/d  Delete all lines containing “profile” (remove the /d to show the lines that the command will delete)
 :g/^\s*$/d Deleting all lines that are empty or that contain only whitespace
 :v/error\|warn\|fail/d Delete all lines except those that contain “error” or “warn” or “fail
Share

Ubuntu Apache problems on Azure

Apache SSLCipherSuite settings1pix apache-logo

Got the error below in your apache error log when trying to start the Apache server?

[Mon Jan 19 20:19:24 2015] [error] Unable to configure permitted SSL ciphers

Then you have permitted ciphers in your apache.conf  (at /etc/apache2 ) that are not compatible with your openssl configuration (probably version 1.01, check with openssl version). To solve this problem remove the +TLSv1.1:+TLSv1.2 from the line starting with SSLCipherSuite.

Restart your apache server; it should be running now….

Want to get rid of the Apache2 message “Could not reliably determine the server’s fully qualified domain name, using 127.0.0.1 for ServerName”?

Edit your /etc/hosts  file and add the FQDN to the line that contains
127.0.0.1    localhost

 

Share

Ubuntu iptables redirect

computer-firewalliptables redirect

Having trouble ssh-ing on port 22?  Then try to use another port with help of your iptables firewall. With iptables it is possible (among other things) to redirect traffic on an incoming port to another port of your choice.

To save your current firewall setup you could choose to save your configuration with:

sudo iptables-save > ipfw.conf

Restoring your old configurations is as easy as:

sudo iptables-restore < ipfw.conf

Execute the following command to redirect traffic on port 443 to port 22:

sudo iptables -t nat -A PREROUTING -p tcp –dport 443 -j REDIRECT –to-ports 22

Now to create socks a tunnel on the 443 port execute the following command (add the -vvv option to get debugging info from ssh):

# -p443  Port to connect to on the remote host
# -D8080 Specifies a local "dynamic" application-level port forwarding.
# -C     Request compression of all data
# -N     Do not execute a remote command (useful for port forwarding)
# -i ... Identity file to use
sudo ssh -p443 -D8080 -N uid@hostname -C -i /home/uid/.ssh/identity

To use this connection in the browser tell the browser to use a socks proxy on port 8080 or use the tsocks  command to “socksify a tool” for example an ssh session to other servers.

tsocks ssh uid@hostname

 

Share

Mac OS X Yosemite hotkeys

Mac OS XSystem wide / general

Fn + ArrowDown / ArrowUp Page down and page up
Shift + Control + Eject Lock the system
Command + Shift + 3 Screenshot of entire screen, add Control key to save it to clipboard
Command + Shift + 4 Select part of screen to take screenshot from, add Control key to save it to clipboard

In Browser

Command + L Highlight location bar
Command + T Open new tab
Command +, – Zoom in and zoom out
Command + 1,2,…9 Change the current tab

In Finder

Command + Shift + A Goto applications folder
Command + Shift + D Goto desktop folder
Command + 1, 2, 3 or 4 Change finder view
Command + i Get file info
Command + C Place file in buffer
Command + V Copy the file
Command + Option V Move the file

Share

Use logwatch on Ubuntu

GIT logoLogwatch is an application that helps with simple log management by daily analysing and reporting a short digest from activities taking place on your machine. In this post a short manual for installing logwatch on your ubuntu box.

Install logwatch

sudo apt-get install logwatch

Configure logwatch

Edit the configuration file to suit your needs. Especially have a look at the “MailTo”, “MailFrom” and “Detail”.

/usr/share/logwatch/default.conf/logwatch.conf

After logwatch processes the file above at default.conf the file /usr/share/logwatch/dist.conf/logwatch.conf  is being processed. Settings in here will override the settings in default.conf! You most likely want to comment out the line that reads

MailFrom = root

After installation an entry is added to /etc/crond.daily/00logwatch

To execute logwatch from the commandline execute:

/usr/sbin/logwatch --output mail

Mail from logwatch not reaching you? Check your spam folder 🙂

Share

VirtualMin backup fails

virtualminHaving problems backing up your virtual hosts with virtualmin after the upgraded to 4.13 (available around january the seventh 2015)?

The source of the problem is that mysqldumps are now executed under the domain account (for security reasons). As is obvious this does not always work correct. For this moment there is a quick fix thanks to the great support folks at virtualmin.com.

Check here for the quickfix (the restart of the virtualmin server is mandatory :-)).

Share

OwnCloud 7 installation on Ubuntu / VirtualMin

owncloud_logoOwnCloud 7

Store your files, folders, contacts, photo galleries, calendars and more on a server of your choosing. Access them from your mobile device, your desktop, or a web browser. Access your data wherever you are, whenever you need it.

Download the OwnCloud 7 software

Download the OwnCloud 7 software at this location (copy link address of the bz2 file). Use curl to download the file directly to your Ubuntu server:

wget https://download.owncloud.org/community/owncloud-x.y.tar.bz2

Extract the files in your document folder (an OwnCloud directory will be created) with the command:

tar -xjf owncloud-?.?.?.tar.bz2

Now an OwnCloud directory is created. You have to set the ownership of the files manually; do this with the following command:

chown -R [user]:[group] owncloud

After that you have to set the permission a bit more secure by executing the command:

find [owncloud_path] -type d -exec chmod 750 {} \;
find [owncloud_path] -type f -exec chmod 640 {} \;

Use the crontab for scheduled tasks

For better performance and more reliable operation use the system cron tab for OwnCloud scheduled tasks. Add an entry to the OwnCloud user crontab:

crontab -u [owncloud_user] -e

If this is your first crontab edit session choose your favorite editor (mine is vi). Add a line to the end of the crontab temporary file:

*/15  *  *  *  * php -f ~/public_html/owncloud/cron.php

Adding the line above to your crontab takes care for executing the cron.php file every 15 minutes on your system (even when no users visit your site as is the case with the AJAX configuration).

Create the MySQL database

OwnCloud 7 does not store the uploaded files in the MySQL database. It uses the database for user administration. We have to create a MySQL database for the OwnCloud installation. Go to your VirtualMin interface (easiest way to accomplish this). Goto Webmin -> Servers -> MySQL database server  (start MySQL server if needed).

Select Create a new database. Assign the database a name and press Create .
Select “User permissions” and select Create new user . Type a username and password. Type localhost  in the Host field. Select no permissions and press Create .
Return to the database list and choose Database permissions . Choose Create new database permission . Select the database you just created. Type in the Username field the exact same name you typed in the previous step. Type in the Hosts field localhost . Select all permissions and press Create .

Now the database is setup; in the browser navigate to your OwnCloud 7 installation. Fill out the form that appears; press Finish  and you are ready to use OwnCloud 7.

Download a client for your OwnCloud 7 installation. In the example below I use the Mac OS X version.

OwnCloud not in the webroot?

If you don’t install the OwnCloud software in the webroot (ie ~/public_html) then you have to overwrite the webroot. Edit the OwnCloud configuration file at ~/public_html/owncloud/config/config.php. Add an antry to the CONFIG array:

‘overwritewebroot’ => ‘/owncloud’

Increase upload size

Login to your admin account on owncloud. Go to the Admin page. Below File handling specify the new upload size. This setting has to be equal or less than the PHP setting. In virtualmin go to your domain configuration. Select Services -> PHP 5 Configuration -> Resource limits. Increase both the values for “Maximum file upload size” and “Maximum HTTP POST size” to the same value as you have set in the owncloud admin panel.

Add your existing files locally

You can copy your files directly to the owncloud data directory [owncloud_data_directory]/[user]/files/[folder]

After you have copied the files you have to let owncloud know you did this without using the owncloud interface. Owncloud has to rescan his files structure; use this command:

sudo -u [ownclouduser] php /home/[user]/public_html/owncloud/occ files:scan --all

Enable DropBox external storage

With OwnCloud 7 you can enable external storage. With external storage you can access, for example you dropbox files, as if they were part of your OwnCloud. Enable the “External storage app” through the admin interface (Apps).

First you have to tell DropBox about your OwnCloud app. Go to the DropBox developers page. Select the App Console on the left. Configure this page as shown below:
OwnCloud 7

 

 

 

 

 

Select “Create App”.

Enter the OAuth redirect URI as follows:

https://<ownCloud instance>/index.php/settings/personal
https://<ownCloud instance>/index.php/settings/admin

Take note of the AppKey and the App Secret; you have to use this in your OwnCloud configuration:

OwnCloud 7
Select Grant access  and the DropBox screen appears for granting your application access. Press Allow and your configuration is complete; a green light will appear next to the foldername in OwnCloud to indicate correct configuration.

Share