Follow these steps to change the proxy ignore list on your Ubuntu installation:
1. Install the dconf-editor:
sudo apt-get install dconf-tools
2. Start the dconf-editor and navigate to System -> Proxy; add your hosts to ignore to the ignore-hosts value.
Logoff and logon for changes to take effect
Your can inspect your current settings with:
env | grep proxy
Enable temporary proxy for apt-get by editing (create it if not exist /etc/apt/apt.conf and add the line (change username, password, host and port):
Acquire::http::Proxy "http://uname:upwd@yourhost:port/";
Install the tsocks application:
sudo apt-get install tsocks
Remove the line added in the step before from from /etc/apt/apt.conf
Edit the /etc/socks.conf file and change the default server to the IP address of your socks server (a domain name does not work!); if applicable also change the port number for your socks connection.
Now to use this new socks proxy go ahead and execute:
sudo tsocks apt-get update
Even though you have removed the proxy settings from the /etc/apt/apt.conf file this should still update your apt list.
Using the WordPress Editor is a good way to mess up your WordPress installation. Inexperienced users can use this Editor to take the website offline by making one single typo. If you don’t want this to happen you can disable the editor. Add the line below to your wp-config.php:
define('DISALLOW_FILE_EDIT', true);
In its default settings, Contact Form 7 allows all users except subscriber users to have access to the administration panel; but allows only administrator and editor users to edit contact forms. You might feel that you would want to change this setting to restrict access even more, so I will show you how to do this in this article.
For example, let’s change access to allow only administrator users access and editing rights. You can do this by editing your wp-config.php and inserting these lines:
define( 'WPCF7_ADMIN_READ_CAPABILITY', 'manage_options' );
define( 'WPCF7_ADMIN_READ_WRITE_CAPABILITY', 'manage_options' );It is best not to SSH into your diskstation with your admin or root account. Create a separate user for this with the appropriate permissions. The steps below outline the procedure to create a new user with SSH access to your diskstation.
1. Create a user through the webinterface, DSM, of your diskstation.
2. Open a (root) terminal on your diskstation and edit the password file:
vi /etc/passwd
The last line in this file is your new user. The user cannot login because the shell is set to /sbin/nologin. Change the /sbin/nologin to /bin/ash
Copy the $HOME/.profile to /var/services/homes/[new user]
Edit this .profile file and change the value of $HOME to /var/services/homes/[new user]
3. Now you can login to your diskstation with SSH and username / password:
ssh newuser@diskstation.local
4. To automate the login procedure create an rsa public/private key pair (this should be done on your local machine; not your diskstation). For this to work be sure to enable the “User home service” on your diskstation (press User Home button on user control panel).
# Keep the defaults if possible; filename is id_rsa; remember your passphrase! ssh-keygen
5. Copy the public part of the key to your NAS to $HOME/.ssh
6. Create an authorized key file and set file permission to user-read only:
cd $HOME/.ssh cat [your_public_key_file] >> authorized_keys chmod 400 authorized_keys rm [your_public_key_file]
7. Exit your terminal
8. SSH again to your diskstation; type your passphrase and you are in:
ssh newuser@diskstation.local
This article describes a way to setup a regular backup for your MySQL databases. This method uses the crontab to schedule backup jobs (you could also use the logrotate method).
The database backups are stored in separate files. Once database backup is completed the file is zipped and password encrypted with openssl.
First create a .my.cnf file in your home directory with the following contents:
[client] user=backup password=1234567890
Make sure the file is only readable by your self:
chown 600 ~/.my.cnf
Next create a SQL user as shown below:
mysql> grant lock tables,select,reload,show databases,event on *.* to 'backup'@'localhost' identified by '1234567890'; mysql> flush privileges;
Create a folder in for example /var/backups/ and name it mysql
mkdir /var/backups/mysql
Create a script called backup_mysql_dbs.sh at a suitable location, for example your $HOME/cron/scripts folder (make it NOT world readable / writeable):
#!/bin/bash
BACKUPDEST=/var/backups/mysql
if [ ! -d "$BACKUPDEST" ]; then
echo "$BACKUPDEST does not exist, exiting"
exit 1
fi
# Remove backup files older dan 7 days
/usr/bin/find $BACKUPDEST/*.sql.gz.enc -type f -mtime +5 -exec rm {} \;
# Backup all mysql databases to separate files. The files are gzipped and encoded with a password.
umask 077
/usr/bin/mysql -Ne "show databases" | grep -v schema |
while read db; do
CDATE=`date '+%Y-%m-%d-%H%M%S'`
/usr/bin/mysqldump --skip-events --events $db | /bin/gzip | /usr/bin/openssl aes-256-cbc -salt -k $CDATE > $BACKUPDEST/$db.$CDATE.sql.gz.enc;
done
Now it is time to add a cron.d file; go to /etc/cron.d and add a crontab file, e.g. backup_mysql, with the following contents:
# /etc/cron.d/anacron: crontab entries for the anacron package MAILTO=user@host.ext M H * * * root /var/www/backup_mysql_dbs.sh
Replace the M and H with minute and hour you want the backup to be performed.
That’s it; your mysql databases are backedup at the sepcified interval.
Chroot keeps the user in his login / home directory when logging in. This is not default behavior. In the default setup of SFTP you can CD anywhere on the system!
1. Create a new group
groupadd sftpusers
2. Create users who want to SFTP
useradd -g sftpusers -s /usr/sbin/nologin guestuser passwd guestuser
3. Modify the the /etc/ssh/sshd_config file and comment out the following line:
Subsystem sftp /usr/libexec/openssh/sftp-server
4. Add the following line directly below the line you have commented out:
Subsystem sftp internal-sftp
5. Add the following lines at the end of /etc/ssh/sshd_config:
Match Group sftpusers
ChrootDirectory /var/www/%u
ForceCommand internal-sftp
6. Users start in the /var/www directory; this directory should be owned by root (see below) with chmod 755:
ll -ld /var/www drwxr-xr-x 11 root root 4096 jun 30 13:39 /var/www/
7. Create a new directory with the same name as the username you just added:
mkdir /var/www/guestuser
8. Make sure that this new directory is also owned by root (see below):
ll -ld /var/www/guestuser drwxr-xr-x 3 root www-data 4096 aug 14 18:18 /var/www/guestuser
10. Create a subfolder below /var/www/guestuser for example www and set user ownership to guestuser and groupowner ship to www-data. Set access right two 2755 ( 2=set group id, 7=rwx for owner (guestuser), 5=rx for group (www-data), 5=rx for world (including apache www-data user):
ll -ld /var/www/guestuser drwxr-sr-x 2 guestuser www-data 4096 okt 1 17:02 /var/www/guestuser/www/
9. Restart the ssh server:
service sshd restart
If the directories have not the correct ownership a message will appear in /var/log/auth.log:
Aug 14 18:18:29 hostname sshd[24996]: fatal: bad ownership or modes for chroot directory "/var/www/guestuser"
This article describes how to setup a basic firewall configuration on your linux box with iptables.
Check your current setup with:
sudo iptables -L
Reset the default firewall rules:
sudo iptables -F
Setup the most basic firewall with the script below. This script only allows ssh connections (which are being logged in /var/log/syslog); adjust the script to allow communications through other ports.
Both the OUTPUT and INPUT chain have a default log rule at the end of the chain.
#!bin/sh IPTABLES=/sbin/iptables $IPTABLES -F ### Set default policies for INPUT, OUTPUT and FORWARD chain to DROP $IPTABLES -P INPUT DROP $IPTABLES -P OUTPUT DROP $IPTABLES -P FORWARD DROP ####### INPUT chain ###### ### State tracking rules $IPTABLES -A INPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID" --log-ip-options --log-tcp-options $IPTABLES -A INPUT -m state --state INVALID -j DROP $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ### ACCEPT rules for connections in $IPTABLES -A INPUT -p tcp --dport 22 -j LOG --log-prefix "SSH CONNECTION" $IPTABLES -A INPUT -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT ### default INPUT LOG rule $IPTABLES -A INPUT -j LOG --log-prefix "LOG " --log-ip-options --log-tcp-options ####### OUTPUT chain ###### ### State tracking rules $IPTABLES -A OUTPUT -m state --state INVALID -j LOG --log-prefix "DROP INVALID" --log-ip-options --log-tcp-options $IPTABLES -A OUTPUT -m state --state INVALID -j DROP $IPTABLES -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT ### ACCEPT rules for connections out $IPTABLES -A OUTPUT -p tcp --dport 22 --syn -m state --state NEW -j ACCEPT ### default OUTPUT LOG rule $IPTABLES -A OUTPUT -j LOG --log-prefix "LOG " --log-ip-options --log-tcp-options
Saving your iptables configuration (answer Yes to both questions):
sudo apt-get install iptables-persistent
Start the persistency service:
sudo service iptables-persistent start
Changes to your configuration can be stored by using the command
sudo service iptables-persistent save
Or reload the current configuration:
sudo service iptables-persistent reload
More detailed information can be found here.
Add google fonts to your system; simple and fast
Create a shape with a 3d effect; simple and fast with The Gimp