guy labs guy labs

WELCOME TO MY BLOG

Mount FTP directory with TLS and backup files in Ubuntu 13.04

Linux
/by
This howto shows you how we can download FTP files over TLS and backup them automatically. I have several Wordpress websites which are running on remote servers where I just have FTP access. I installed a Wordpress plugin (http://wordpress.org/plugins/backwpup/) which makes daily backups and now I want to store them on my server at home. First we need to install curlftpfs by executing the following command: Next we need to test if the FTP mount works with curlftpfs. To test this execute the following command: If your username or password contains special characters you need to convert them. For example you need to convert an @ to %40. You can use this converter: http://www.w3schools.com/tags/ref_urlencode.asp If you get the following error: You need to download the server certificate with the following command: and add it to the options of curlftpfs: Now the mount should work and if you browse into the /mnt directory you should see the files which are in the specified directory on your FTP server. Update 06.03.2014: After a comment on this post about how to hide the password from the process list I add the following addition from the FAQ of the curlFtpFS project website: You can put the user and password in a .netrc file in the home directory of the user that executes CurlFtpFS. It can have 600 permission. It's still clear text but at least is not accessible by all. The format is: Ok now it's time to create a simple backup script which copies the backups to a local folder...

Install ClamAV antivirus in Ubuntu Server and Client

Linux
/by
In this how to we will install ClamAV antivirus on an Ubuntu client and a server. First we will install it on the client with the following command: This will install ClamAV and the GUI frontend ClamTK. You can configure daily scans and virus definition updates inside this tool. To install ClamAV on an Ubuntu server we start by installing ClamAV and the daemon by executing the following commands: Next we need to reconfigure the ClamAV base package, update the virus definitions and start the daemon. Execute the following commands: Next we need to create a shell script which scans a specific directory and sends an email if a virus is found. Place that shell script inside the user home of the root user or somewhere else. I placed it inside /home/clamav. Ok now create a file with the command 'sudo vi clamav-scan.sh' and enter the following content: Next we need to make the file executable with the following command: After that we add this file as a cronjob which executes every night at 3am: Substitute the {PATH-TO-SCRIPT} placeholder with the path where the clamav-scan.sh script is stored. Next we infect the folder you want to scan with the EICAR test virus. For that create a text file and add the following content to it: Store it and then run the created clamav-scan.sh to see if the virus is found and the mail is sent. After everything worked as it should, delete the test virus text file. But be aware: The clamav-scan.sh script identifies the viruses and doesn't delete them, that has to be done manually. Ok...

Create a software RAID1 with mdadm on an active Ubuntu 13.04 till 16.10 hard drive

Linux
/by
Today we want to create a RAID1 array with an active Ubuntu 13.04 till 16.10 hard drive. I installed my server without a RAID array on a single hard drive. And now, after spending a lot of hours configuring it, I want to create a RAID1 array to have a security if one of the hard drives fail. Create a simple RAID1 array is easy with mdadm, but creating it with a hard drive that has data on it isn't that simple. I created the following howto with the help of this older blog post about the same problem: http://feeding.cloud.geek.nz/posts/setting-up-raid-on-existing Use this article with caution because this is the solution for my machine and I don't know if it works on other machines, but I gave my best to test everything in a virtual machine and on my server with the UEFI boot mechanism. Also create a backup of your hard disk first: Create a CloneZilla disk image Ok let's start and we first need to install the following packages: If you havent already installed postfix, set the option 'no configuration' for the postfix installation dialog. First attach your new hard drive (best to have one with the same size or bigger) and then execute the following commands to copy the partitions of /dev/sda to the second drive (in my case /dev/sdb): If you have a GPT partition table you need to install gdisk and copy the partition table with the following commands: The first command here copies the partition table from /dev/sda to...

guy brûlé: my music productions

Personal
/by
Hi, today I want to share my music productions with you. I've produced the tracks back in 2011. Comments are welcome  :grin: If you want to listen to sets please go to my soundcloud account: https://soundcloud.com/guybrule Cheers and happy...

How to resize a VirtualBox hard drive in Ubuntu 13.04

Linux
/by
Lately at work I needed to install Microsoft SQL Server on my Windows 7 virtual machine, and it was just to big for the free space left on my virtual hard drive. So I searched a way to resize it without spending too much time. You just need to open a terminal, browse to your .vdi virtual drive and then execute the following command: Inside the example command I resize the Windows-7-SP1-64-Bit.vdi virtual drive to a complete size of 30 GB (30'000 MB). Don't forget to format the free space or resize the partition with gparted or any other partitioning tool. I hope this helps someone  :wink: Have a nice...

How to harden WordPress

Infrastructure
/by
  Last week my Wordpress instances were hacked. I first got an email that a new user registered on my site (on which I disabled the user registration). Then I checked it and the user had admin right, which was very suspicious. Two days later I got an email from my provider which said that my websites were hacked. I needed to revert all the backups and invest a lot of time to fix everything. (All the password changes etc.) And that is why I write this article now to help others to harden their Wordpress instance such that they don't have to go through this like I did. Ok first we need to set the correct file and folder permissions. To do that connect to your server via SSH and execute the following commands in the root of your Wordpress installation folder: These two commands set the permissions such that folders are readable and executable by all and that the owner can modify it. The same is applied to files, except that no file is set to executable. If you don't have SSH access you can surely set the permissions with your FTP software. (My favorite is FileZilla.) Next thing to do is to secure the wp-admin folder. First of all you can add SSL encryption to this specific folder if your host supports this. My host supports it but I don't want to pay that much just for SSL :wink: . Here is the official page about the Wordpress SSL encryption: http://codex.wordpress.org/Administration_Over_SSL What...

Install BIND 9 in Ubuntu 13.04

Linux
/by
  Hi, today I want to show you how to install BIND 9 in Ubuntu 13.04. I have installed it on my own server at home, such that I am able to use the DNS names for my applications which I use from the outside. For example git.guylabs.ch etc. It also boosts the performance if you have an internal DNS server, because now the request doesn't need to be resolved on a public DNS name server anymore. Ok lets get started. First of all we need to install the necessary package by executing the following command: Next we need to add forwarder DNS name servers which are used when the internal name server cannot resolve the DNS name requested. For that open up the file /etc/bind/named.conf.options as root and add or uncomment the two name server IP addresses to the forwarders block. (Here we use the public DNS name server IP's from Google) After that we need to add the local name server and the search domains to the static local interface. To do this open up the file /etc/network/interfaces as root and add the following two properties to the static defined interface. (It's good to have the DNS server configured with a static IP address. If you don't know how to do this, please read this article) Next we need to define the zones for our local domain. For that open up the /etc/bind/named.conf.local as root and add the following two code blocks and adapt it for your environment. (In this example we use the network 192.168.1.0. And the...

My server

Personal
/by
Hi folks, in my posts I always talk about my server and now I want to reveal the secret and show you my little home server and it's configuration. When we renovated the flat we added a selfmade homecontrol system which controls light and sound in each room. For that I wrote a small Java application which controls everything. And this application needs to run on a small server attached to a touchscreen to turn the light etc. on and off. So the server needed to be small, silent and powerful enough to host some developer applications etc. So here is the configuration of my server: Intel Core i7 3770K BOX, 3.5GHz, LGA 1155, 4C/8T, unlocked Asus P8Z77-M PRO, Z77, LGA1155, PCI-E 3.0, SLI/CFX, mATX 3x Western Digital Red, 64MB, 1TB, SATA-3, 24/7 NAS Corsair Vengeance LP, 4x8GB, DDR3-1600, CL10@1.5V be quiet! Pure Power L7-430W, 80 plus Bronze Xigmatek Gigas mATX-Cube - Black Zotac GT-610 Zone Edition 1GB DDR3, PCI-E x16 2.0 Noctua NH-U12P SE2, Sockel 1366/1155/AM3 It looks like a big server but the case (the Xigmatek Gigas mATX-Cube) is just 278x322x396 mm (WxHxD). I also wanted to have enough memory and a RAID 1 configuration for the hard disks in case a hard disk failure occurs. The rest is just standard except the CPU cooler which is a huge and extremely silent Noctua cooler. I can just recommend you such a nice CPU cooler. Right now when we have a room temperature of arround 30° degrees celsius the CPU has something arround 52° degrees celsius. So a quite good result for such...

Cisco SG200-08 and NFS

Infrastructure
/by
  Today I want to tell you a little story about the Cisco SG200-08 8 Port switch and mounting a NFS share. I bought a Cisco ISA550W router lately, configured it and I thought it could be a good idea to upgrade the firmware of all switches and other devices I have at home. So I did this too with the SG200-08 switch. I upgraded from 1.0.5.1 to the 1.0.6.2 firmware. Everything went well but the next day I wanted to mount a NFS share from my server and it hanged after executing the mount command. Then the debug journey began... I double checked everything on the new ISA550W but the failure wasn't there. Then I checked the whole NFS configuration and thought it could also be the newly installed bind9 DNS server. After a configuration ping pong between all three devices I started with the process of elimination. I first connected the laptop directly with the server. (No switch and no router) Then it worked. And I did that till I found out that the SG200-08 Cisco switch is causing the problem. The small googling session afterwards told me that the new firmware 1.0.6.2 was causing the problem and a workaround is to downgrade to the 1.0.5.1 firmware. (https://supportforums.cisco.com/thread/2203589) So I did that and tada it worked again. It is quite disappointed of Cisco to release such a broken firmware. Now I hope the ISA550W is doing it's job well  :wink: Maybe this post helps someone out there don't spend hours of debugging like I...

Configure a static IP in Ubuntu 13.04

Linux
/by
    Today we want to configure Ubuntu to use a static IP address instead of a dynamic one (from a DHCP server). 1. To do this we first need to switch from the default dhcp mode to the static mode. Open up the /etc/network/interfaces file and remove everything and add the following: Ok lets go through the properties we set here: The first two lines configure the loopback interface. These are default and shouldn't be touched, unless you have a specific purpose. The next two lines configure the eth0, the default wire connected interface. As you see it configures this it as static interface. The properties we set till the dns properties should be self-explanatory. The last the properties are about the DNS server. If you have a locally installed one you can configure it here with the dns-search and the dns-domain property. If you don't have one you can use the ones from Google, namely 8.8.8.8,8.8.4.4 Save the file and exit the editor. 2. Ok now we need to delete the old config which generates the resolv.conf file and we need to remove the DHCP client. Please execute the following commands: 3. Ok no it's time to restart the network interface with the following command: This command executes the two packed command in order, such that we don't get disconnected while executing a ifdown and then we can't start it with the ifup. (In case you are connected via SSH) You can check the result by opening the nohup.out file in the folder where you ran the previous command. 4. Now we...