Archive

Archive for the ‘Linux’ Category

Quickie: Problem accessing FTP using PHP

February 9th, 2015 No comments

One of our customer asked me to install and setup software to manage FTP storage via web page. We decided to insall ftp2net free version. I tested it at my testing server and there was no problem at all. At customer server I had problems. Installation went well. But when I tried to log to ftp2net website I received error that connection was refused. I decided to check if Safe mode is on. It was off. Then I checked if PHP restriction allow_url_fopen is on. It was on, so I turned it off. But website still didn’t work. I came to time when I started tcpdump and looked on network interfaces if there is any FTP traffic. There was none. When I tried FTP connection from shell on server, I could connect and I also saw FTP traffic via tcpdump. It was weird. Something blocked initialization of FTP connection for Apache processes.

I found solution after the lunch time 🙂 It was SELinux. It’s security feature for linux kernels. I had to run command:

setsebool -P httpd_can_network_connect 1

This command disables SELinux protection which protected network connection made by httpd/apache processes.

I wanted to spend 10 minutes on this product, but I spent almost half of the day debugging this issue 🙂

Have a nice day,

Quickie: Use pfx certificate in linux

January 27th, 2015 No comments

When you export certificate in Windows with private key, you export it to .pfx file with password. When you want to use this certificate in linux you need to convert pfx file into .crt and .key files. You can use following commands to convert it:

[root@nagios]# openssl pkcs12 -in nagios.pfx -clcerts -nokeys -out nagios.crt
Enter Import Password:
MAC verified OK
[root@nagios]# openssl pkcs12 -in nagios.pfx -nocerts -nodes -out nagios.key
Enter Import Password:
MAC verified OK

Now you have two files .crt and .key which can be used in linux.

That’s all folks,

Categories: Linux, Microsoft, Quickie, Security Tags:

Quickie: Clean up your bash history

September 30th, 2014 No comments

Sometimes when you work on linux in bash you don’t want to leave commands in bash history (.bash_history). Easy way to clean it up it’s to run following command:

HISTSIZE=0

Now your bash history will be not accessible and not saved when you logoff.

 

Problem with random generator /dev/random

June 27th, 2013 No comments

Yesterday called my friend that he wants to migrate one website to his webserver. I’ve created hosting for him and then problem began. When he accessed one .php file browser was “working”, but nothing happened. There was no log about problems on server. Nothing.

So I started to investigate problem. CPU was fine, RAM was fine, disk queue lenght was fine. So I focused on particular .php file. I ran following command:

strace php -f PATH_TO_PHP_FILE

and I saw:

strace PHP file

and this was not moving forward. After couple tens of seconds it was moved one line futher. It looks like problem with /dev/random. When I looked into file crypt.class.php

PHP file source

I saw function mcrypt_create_iv() which creates an initialization vector from random source. And that’s it, random source is defined as /dev/random. You can change source by defining second parameter to value MCRYPT_DEV_URANDOM. When I tested it with second parameter set to value MCRYPT_DEV_URANDOM everything worked like it should. Php file was generated normally. When I tried to do cat /dev/random I received some random characters and after couple tens of second I’ve got more random characters:

Slow /dev/random

So this look like slow /dev/random. When I tried cat /dev/urandom my screen was full of random characters. I started to look for differences between /dev/random and /dev/urandom. Some random generator is implemented in linux kernel which generates random bits into entropy pool. When entropy pool is empty, reads from /dev/random will block until additional random bits are generated. Ublocked/non-blocing random source /dev/urandom will not block when entropy pool is empty (it will reuse existing random bits). You can check how many bits are generated in entropy pool by looking into file cat /proc/sys/kernel/random/entropy_avail. More info here.

So how to make faster generation of random bits into entropy pool? There is daemon which can help you out rng-tools. To make it work in Debian you have to do following:

  • apt-get install rng-tools
  • Edit file /etc/default/rng-tools
  • In file set HRNGDEVICE=/dev/urandom
  • Start up daemon /etc/init.d/rng-tools start

When I started this daemon /dev/random starts generate lots of random characters. 🙂

So this took four hours of my life. I’m working with Linux couple years, but I had no idea between /dev/random and /dev/urandom. I’m smarter now.

Have a nice day,

 

HP-UX problem with disks from SAN

June 14th, 2012 No comments

We had project replacing SAN switches. Customer has one old HP-UX (HP Unix) system. This system is very sensible about SAN changes.

Normal situation

You can see all hardware using command (http://www.bga.org/~lessem/psyc5112/usail/man/hpux/ioscan.1.html):

ioscan -fnC

Read more…

Add Unix commands into Windows

May 29th, 2012 No comments

When I want to feel like guru or I just need to use some Unix based utilities in Windows, I used to install http://www.cygwin.com/. It’s cool. But I recently found out that Windows has native support for Unix based applications.

Read more…

Categories: Linux, Windows Tags: , , ,