make sure SE linux is FSCKING turned off.
vi /etc/sysconfig/selinux # centos – set last line to DISABLED
setenforce 0
make sure SE linux is FSCKING turned off.
vi /etc/sysconfig/selinux # centos – set last line to DISABLED
setenforce 0
Defending this script has become my biggest nightmare in the last few months. Black listing mostly works for denial of service from poorly written bots. I blacklist amazon, web hosts, many foreign countries, without hesitation, not just one IP but their whole allocation.
Fail2ban was able to block some portion of these but isn’t very flexible or robust so it often missed the boat.
I’d been struggling to keep my server load at reasonable levels due to the constant barrage of hits. When the bot writers got more clever about number of hits per IP per time these methods quickly failed to stem the tide.
Fortunately the ultimate defense is to require a simple webserver password to access wp-login.php. Implementing the following took my sever load back to normal overnight.
# this blerb should work in a .htaccess file or under a virtual host portion of an apache # config file # # Protect wp-login <Files wp-login.php> AuthUserFile /home/site_name/.htpasswd AuthName "Private access" AuthType Basic require valid-user </Files> #use htpasswd or website tools to create the above .htpasswd file
However many of the wordpress sites on my box use wp-login.php to handle authentication/authorization for private portions of the sites so distributing a second password to all the users didn’t make sense. So a clever use of mod_rewrite was needed for those other sites.
WARNING: You might not be happy if you use the below without adding an additional rule as all your attempts to login will just redirect back to the login page.
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .(wp-login).php* RewriteRule (.*) http://%{SERVER_NAME}/$1 [R=301,L] </IfModule>
specifically truncating flac files, you can trim off the front of the file with
flac --skip=0:45 file.flac -o file-short.flac
or trim off the back with
flac --until=-0:45.5 file-short.flac -o file-short2.flac
plug in headphones (antenna), and use nextradio app to control it.
the 64 bit driver needs 32 bit libraries, read your install instructions very carefully
I used this as a starting point
http://askubuntu.com/questions/505446/how-to-install-ubuntu-14-04-with-raid-1-using-desktop-installer
I did my own pairs of /boot and / partions on my real disks sda and sdb, then installed mdadm and created the md0 and md1 raids from the command line then ran ubiquity -b
(my /boot is not encrypted, but / is)
used md1 as a encrypted volume which I then mounted as /
#I then used the first guide’s steps to chroot into the new disk, and setup grub
grub-install /dev/sda
grub-install /dev/sdb
#but added steps from
http://blog.asiantuntijakaveri.fi/2014/12/headless-ubuntu-1404-server-with-full.html
to make sure the initrd knew how to mount my encrypted /
#these steps help initrd find my software raid
mkdir -p /dev/md
ln -s /dev/md0 /dev/md/0
ln -s /dev/md1 /dev/md/1
ln -s /dev/md0p1 /dev/md/0p1
ln -s /dev/md1p1 /dev/md/1p1
#make grub easier to deal with
/etc/default/grub (change silent to vervbose, comment out the HIDDEN lines, set the bootwait=10, nosplash, bootdegraded=true
/etc/grub.d/10_linux (set quickboot and quietboot to zero)
add some things to the end of /etc/default/grub
GRUB_TERMINAL_OUTPUT=console
GRUB_TERMINAL=console
GRUB_GFXPAYLOAD=text
GRUB_GFXPAYLOAD_LINUX=keep
#tweaks to get the crypto stuff into initrd
echo “CRYPTSETUP=y” >> /etc/initramfs-tools/initramfs.conf
sed -i -e’s|^setup=”no”$|setup=”yes”|g’ /usr/share/initramfs-tools/hooks/cryptroot
#then rebuild initrd
update-initramfs -c -k all
#then confirm that your initrd has the crypt stuff
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptroot
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptsetup
# Update grub.cfg
update-grub
then exit the chroot and umount and reboot
nvidia driver
sudo add-apt-repository -y ppa:xorg-edgers/ppa
sudo apt-get update
sudo apt-get install nvidia-340
e19
sudo add-apt-repository ppa:niko2040/e19
sudo apt-get update
sudo apt-get install enlightenment
amazon prime movies in mozilla
sudo add-apt-repository ppa:mjblenner/ppa-hal
sudo apt-get update
sudo apt-get install hal
netflix just works with a modern chrome
GIMP is my new goto for editing pdfs, not as good as the real thing — it edits by drawing graphics over the page — rather than typing in forms on the page — but for filling out basic paper forms it can work well.
1) save pdf
2) open pdf with gimp
3) pick your resolution (100 pixels can work well for basic stuff)
4) draw on or, type on your page
5) export back to pdf — can even overwrite the orig file.
after you’ve already done this: http://rln.d13dns.com/2014/07/19/djbdns-dnscache/
(if you’re not interested in a djbdns dns cache do the first two parts to install daemontools and ucspi)
Install outbound only qmail smtp service to your box with the following:
cd /var/tmp/ yum install gcc gcc-c++ make patch pam-devel openssl* wget -y yum install vim-common vim-enhanced autoconf automake -y wget http://www.qmail.org/netqmail-1.06.tar.gz tar zxf netqmail-1.06.tar.gz cd netqmail-1.06 mkdir -p /var/qmail/alias groupadd nofiles useradd -M -g nofiles -d /var/qmail/alias alias useradd -M -g nofiles -d /var/qmail qmaild useradd -M -g nofiles -d /var/qmail qmaill useradd -M -g nofiles -d /var/qmail qmailp groupadd qmail useradd -M -g qmail -d /var/qmail qmailq useradd -M -g qmail -d /var/qmail qmailr useradd -M -g qmail -d /var/qmail qmails make setup check ./config cat /dev/null > /var/qmail/control/rcpthosts echo ./Mailbox >/var/qmail/control/defaultdelivery cat > bin/qmailctl # cut and paste contents of script from 2.8.2.1 # http://www.lifewithqmail.org/lwq.html#start-qmail chmod 755 /var/qmail/bin/qmailctl mkdir -p /var/qmail/supervise/qmail-smtpd/log mkdir -p /var/qmail/supervise/qmail-send/log echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/run echo 'exec /var/qmail/rc' >>/var/qmail/supervise/qmail-send/run echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/log/run echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail' >>/var/qmail/supervise/qmail-send/log/run cat > /var/qmail/supervise/qmail-smtpd/run # cut and paste contents of script from 2.8.2.2 # http://www.lifewithqmail.org/lwq.html#start-qmail # if you get segfaults when you try to start qmail-smtpd # you need to increase the soft limit in this file (9000000) # did the trick for me # change the last line of the above script # change the "0 smtp" to "127.0.0.1 25" echo 5 > /var/qmail/control/concurrencyincoming chmod 644 /var/qmail/control/concurrencyincoming echo '#!/bin/sh' > /var/qmail/supervise/qmail-smtpd/log/run echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd' >> /var/qmail/supervise/qmail-smtpd/log/run chmod 755 /var/qmail/supervise/qmail-send/run chmod 755 /var/qmail/supervise/qmail-send/log/run chmod 755 /var/qmail/supervise/qmail-smtpd/run chmod 755 /var/qmail/supervise/qmail-smtpd/log/run mkdir -p /var/log/qmail/smtpd chown qmaill /var/log/qmail /var/log/qmail/smtpd ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp /var/qmail/bin/qmailctl cdb echo '#!/bin/sh' > /var/qmail/rc echo >> /var/qmail/rc echo '# Using stdout for logging' >> /var/qmail/rc echo '# Using control/defaultdelivery from >> /var/qmail/rc echo '# qmail-local to deliver messages by default >> /var/qmail/rc echo >> /var/qmail/rc echo 'exec env - PATH="/var/qmail/bin:$PATH" ' >> /var/qmail/rc echo 'qmail-start "`cat /var/qmail/control/defaultdelivery`"' >> /var/qmail/rc chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl stop ; /var/qmail/bin/qmailctl start
#This always seems to bite me in the ass.
#dont’ forget to :
# modprobe ip_conntrack_ftp
-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
# -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#get the uuid of the box you want to add the eth1 to
xe vm-list
#list the interfaces that are associated with that box
xe vif-list | grep
#get list of network-uuids to pick from (in my case there are only 2)
xe vif-list |grep network-uuid| sort -u
# make the eth1 interface
vif-create device=1 vm-uuid= network-uuid=
# plug in the eth1 interface (uuid from prior step)
xe vif-plug uuid=
# unplug the eth0 interface (uuid from step 2)
xe vif-unplug uuid=
#delete the eth0 interface (after a reboot your new eth1 will be eth0)
xe vif-destroy uuid=