make sure SE linux is FSCKING turned off.
vi /etc/sysconfig/selinux # centos – set last line to DISABLED
setenforce 0
wp-login.php
Defending this script has become my biggest nightmare in the last few months. Black listing mostly works for denial of service from poorly written bots. I blacklist amazon, web hosts, many foreign countries, without hesitation, not just one IP but their whole allocation.
Fail2ban was able to block some portion of these but isn’t very flexible or robust so it often missed the boat.
I’d been struggling to keep my server load at reasonable levels due to the constant barrage of hits. When the bot writers got more clever about number of hits per IP per time these methods quickly failed to stem the tide.
Fortunately the ultimate defense is to require a simple webserver password to access wp-login.php. Implementing the following took my sever load back to normal overnight.
# this blerb should work in a .htaccess file or under a virtual host portion of an apache # config file # # Protect wp-login <Files wp-login.php> AuthUserFile /home/site_name/.htpasswd AuthName "Private access" AuthType Basic require valid-user </Files> #use htpasswd or website tools to create the above .htpasswd file
However many of the wordpress sites on my box use wp-login.php to handle authentication/authorization for private portions of the sites so distributing a second password to all the users didn’t make sense. So a clever use of mod_rewrite was needed for those other sites.
WARNING: You might not be happy if you use the below without adding an additional rule as all your attempts to login will just redirect back to the login page.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .(wp-login).php*
RewriteRule (.*) http://%{SERVER_NAME}/$1 [R=301,L]
</IfModule>
editing flac files from the command line
specifically truncating flac files, you can trim off the front of the file with
flac --skip=0:45 file.flac -o file-short.flac
or trim off the back with
flac --until=-0:45.5 file-short.flac -o file-short2.flac
virgin mobile samsung galaxy s5 has working FM radio tuner
plug in headphones (antenna), and use nextradio app to control it.
canon multifunction linux 64 bit
the 64 bit driver needs 32 bit libraries, read your install instructions very carefully
14.04 software raid and encryption
I used this as a starting point
http://askubuntu.com/questions/505446/how-to-install-ubuntu-14-04-with-raid-1-using-desktop-installer
I did my own pairs of /boot and / partions on my real disks sda and sdb, then installed mdadm and created the md0 and md1 raids from the command line then ran ubiquity -b
(my /boot is not encrypted, but / is)
used md1 as a encrypted volume which I then mounted as /
#I then used the first guide’s steps to chroot into the new disk, and setup grub
grub-install /dev/sda
grub-install /dev/sdb
#but added steps from
http://blog.asiantuntijakaveri.fi/2014/12/headless-ubuntu-1404-server-with-full.html
to make sure the initrd knew how to mount my encrypted /
#these steps help initrd find my software raid
mkdir -p /dev/md
ln -s /dev/md0 /dev/md/0
ln -s /dev/md1 /dev/md/1
ln -s /dev/md0p1 /dev/md/0p1
ln -s /dev/md1p1 /dev/md/1p1
#make grub easier to deal with
/etc/default/grub (change silent to vervbose, comment out the HIDDEN lines, set the bootwait=10, nosplash, bootdegraded=true
/etc/grub.d/10_linux (set quickboot and quietboot to zero)
add some things to the end of /etc/default/grub
GRUB_TERMINAL_OUTPUT=console
GRUB_TERMINAL=console
GRUB_GFXPAYLOAD=text
GRUB_GFXPAYLOAD_LINUX=keep
#tweaks to get the crypto stuff into initrd
echo “CRYPTSETUP=y” >> /etc/initramfs-tools/initramfs.conf
sed -i -e’s|^setup=”no”$|setup=”yes”|g’ /usr/share/initramfs-tools/hooks/cryptroot
#then rebuild initrd
update-initramfs -c -k all
#then confirm that your initrd has the crypt stuff
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptroot
lsinitramfs /boot/initrd.img-3.13.0-40-generic | grep cryptsetup
# Update grub.cfg
update-grub
then exit the chroot and umount and reboot
nvidia driver
sudo add-apt-repository -y ppa:xorg-edgers/ppa
sudo apt-get update
sudo apt-get install nvidia-340
e19
sudo add-apt-repository ppa:niko2040/e19
sudo apt-get update
sudo apt-get install enlightenment
amazon prime movies in mozilla
sudo add-apt-repository ppa:mjblenner/ppa-hal
sudo apt-get update
sudo apt-get install hal
netflix just works with a modern chrome
quick and easy pdf editing
GIMP is my new goto for editing pdfs, not as good as the real thing — it edits by drawing graphics over the page — rather than typing in forms on the page — but for filling out basic paper forms it can work well.
1) save pdf
2) open pdf with gimp
3) pick your resolution (100 pixels can work well for basic stuff)
4) draw on or, type on your page
5) export back to pdf — can even overwrite the orig file.
centos 6 qmail (just qmail) for local outbound email only
after you’ve already done this: http://rln.d13dns.com/2014/07/19/djbdns-dnscache/
(if you’re not interested in a djbdns dns cache do the first two parts to install daemontools and ucspi)
Install outbound only qmail smtp service to your box with the following:
cd /var/tmp/
yum install gcc gcc-c++ make patch pam-devel openssl* wget -y
yum install vim-common vim-enhanced autoconf automake -y
wget http://www.qmail.org/netqmail-1.06.tar.gz
tar zxf netqmail-1.06.tar.gz
cd netqmail-1.06
mkdir -p /var/qmail/alias
groupadd nofiles
useradd -M -g nofiles -d /var/qmail/alias alias
useradd -M -g nofiles -d /var/qmail qmaild
useradd -M -g nofiles -d /var/qmail qmaill
useradd -M -g nofiles -d /var/qmail qmailp
groupadd qmail
useradd -M -g qmail -d /var/qmail qmailq
useradd -M -g qmail -d /var/qmail qmailr
useradd -M -g qmail -d /var/qmail qmails
make setup check
./config
cat /dev/null > /var/qmail/control/rcpthosts
echo ./Mailbox >/var/qmail/control/defaultdelivery
cat > bin/qmailctl
# cut and paste contents of script from 2.8.2.1
# http://www.lifewithqmail.org/lwq.html#start-qmail
chmod 755 /var/qmail/bin/qmailctl
mkdir -p /var/qmail/supervise/qmail-smtpd/log
mkdir -p /var/qmail/supervise/qmail-send/log
echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/run
echo 'exec /var/qmail/rc' >>/var/qmail/supervise/qmail-send/run
echo '#!/bin/sh' >/var/qmail/supervise/qmail-send/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail' >>/var/qmail/supervise/qmail-send/log/run
cat > /var/qmail/supervise/qmail-smtpd/run
# cut and paste contents of script from 2.8.2.2
# http://www.lifewithqmail.org/lwq.html#start-qmail
# if you get segfaults when you try to start qmail-smtpd
# you need to increase the soft limit in this file (9000000)
# did the trick for me
# change the last line of the above script
# change the "0 smtp" to "127.0.0.1 25"
echo 5 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
echo '#!/bin/sh' > /var/qmail/supervise/qmail-smtpd/log/run
echo 'exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail/smtpd' >> /var/qmail/supervise/qmail-smtpd/log/run
chmod 755 /var/qmail/supervise/qmail-send/run
chmod 755 /var/qmail/supervise/qmail-send/log/run
chmod 755 /var/qmail/supervise/qmail-smtpd/run
chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
mkdir -p /var/log/qmail/smtpd
chown qmaill /var/log/qmail /var/log/qmail/smtpd
ln -s /var/qmail/supervise/qmail-send
/var/qmail/supervise/qmail-smtpd /service
echo '127.:allow,RELAYCLIENT=""' >>/etc/tcp.smtp
/var/qmail/bin/qmailctl cdb
echo '#!/bin/sh' > /var/qmail/rc
echo >> /var/qmail/rc
echo '# Using stdout for logging' >> /var/qmail/rc
echo '# Using control/defaultdelivery from >> /var/qmail/rc
echo '# qmail-local to deliver messages by default >> /var/qmail/rc
echo >> /var/qmail/rc
echo 'exec env - PATH="/var/qmail/bin:$PATH" ' >> /var/qmail/rc
echo 'qmail-start "`cat /var/qmail/control/defaultdelivery`"' >> /var/qmail/rc
chmod 755 /var/qmail/rc
/var/qmail/bin/qmailctl stop ;
/var/qmail/bin/qmailctl start
woe to the passive mode, woe to the active mode
#This always seems to bite me in the ass.
#dont’ forget to :
# modprobe ip_conntrack_ftp
-A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
# -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT
#-A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT
xen xcp xapi change from eth0 to eth1 (after you delete eth0 eth1 becomes eth0 orn reboot)
#get the uuid of the box you want to add the eth1 to
xe vm-list
#list the interfaces that are associated with that box
xe vif-list | grep
#get list of network-uuids to pick from (in my case there are only 2)
xe vif-list |grep network-uuid| sort -u
# make the eth1 interface
vif-create device=1 vm-uuid= network-uuid=
# plug in the eth1 interface (uuid from prior step)
xe vif-plug uuid=
# unplug the eth0 interface (uuid from step 2)
xe vif-unplug uuid=
#delete the eth0 interface (after a reboot your new eth1 will be eth0)
xe vif-destroy uuid=