Archive for the linux Category

HTST – Strict Transport Security

Sunday, May 1st, 2016 | Permalink

I recently stumbled across a pretty cool, but also painful if you don’t know it, functionality within the HTTP/S protocol.

It is called HTST or HTTP Strict Transport Security. Basically it tells the browser over a header to request everything from this server only via HTTPS instead of HTTP.
The first request will set something like a cookie, but it is, depending on the browser, not a regular cookie. For example Safari stores this information in a file called HTST.plist.

The header sets a lifetime like for a cookie.

In my specific case, I had an entire server redirected to https by a rewrite rule, but one specific URL redirected to http. HTST avoided that drastically and it took me a few hours and some external help to figure this out.

Details about my case can be found here.

SOLVED – tftpd-hpa won’t start after upgrade

Saturday, July 25th, 2015 | Permalink

I just ran into an old TFTPD-HPA bug from 2009, that is still not fixed.

What happened:

Upgrading my Raspberry PI and using it as a PXE Boot server resulted in TFTPD-HA not starting with an error message like this:

Jul 23 12:12:32 xxxx in.tftpd[27342]: cannot open IPv6 socket, disable IPv6: Address family not supported by protocol
Jul 23 12:12:32 xxxx in.tftpd[27342]: Cannot set nonblock flag on socket: Bad file descriptor

This problem is also mentioned here in more detail.

Apparently the TFTPD-HPA tries to support IPv6 even that the kernel is not. See bug note.

The only thing you need to do is to start the daemon only in IPv4 mode.

edit your /etc/init.d/tftpd-hpa file.

Change the line (in my case 58) from

start-stop-daemon --start --quiet --oknodo --exec ${DAEMON} -- \
--listen --user ${TFTP_USERNAME} --address ${TFTP_ADDRESS} \
${TFTP_OPTIONS} ${TFTP_DIRECTORY}

to

start-stop-daemon --start --quiet --oknodo --exec ${DAEMON} -- \
--listen --ipv4 --user ${TFTP_USERNAME} --address ${TFTP_ADDRESS} \
${TFTP_OPTIONS} ${TFTP_DIRECTORY}

and finally:

service tftp-hpa restart

This should solve the issue and only provide support for IPv4.

How to check if a SSL certificate is valid using command line

Friday, January 18th, 2013 | Permalink

Quite easy:

openssl s_client -connect www.google.com:443

Shred – How to format a disk save on a rented machine

Thursday, November 8th, 2012 | Permalink

There is lots and lots of hosting companies that ask you for a couple of dollars and give you your own machine for that.
This is normally the cheapest way to have your “own” server in the internet.

After a couple of years, you realize that there is a better deal including better hardware at some other hoster or even the same.
So you decide to move your stuff over.

Now you want to cancel the current contract, but what is happening to the data that is on that server. Simply deleting is not really a solution. There are plenty of reports of harddisks turning up on ebay and the new owner has no problem restoring your data.

There is a solution to that called shred. It is a basic tool that is available with all popular linux distributions.

The easiest way is to use the following command. shred /dev/sda -f -v -z

This will overwrite your harddisk 25 times with garbage and it is really, really hard to get your data back.

Here is the shred man page.

How to copy all files including hidden ones on linux

Sunday, April 8th, 2012 | Permalink

I tried to copy all files using the cp under linux. Unfortunately in the usual case this is only copying the normal files. Things like .htaccess or .ssh directories are not being copied.

There is a simple solution for that. Just add the following line to the bash / shell you want to do the copy from.

shopt -s dotglob

This sets kind of a “global / all files”.

Happy birthday Linux

Saturday, September 17th, 2011 | Permalink

Today, exactly 20 years ago, Linus Torvald released the first version of his kernel which is today known as Linux.

You can read his initial message to a minix newsgroup by following the link.

His release not for 0.2 can he found here.

Thank you Linus for starting with Linux and thank you to everyone who participated in creating a free and super stable operating system within the last 20 years. Awesome job and keep doing what you are doing!

Happy birthday Linux!

Hetzner EQ4 Xen Server Routing Problem with own subnet

Thursday, July 28th, 2011 | Permalink

I ran into the problem that I couldn’t get my DomU’s on a Hetzner EQ4 to connect to the internet.

Unfortunately this is because of the strange network settings Hetzner is using. There is a German manual how to set up a XEN server in their environment, but it is missing one really important part. Hetzner limits the access on their network equipment to the MAC address of your server. Hetzner is not giving you the possibility to set / create new MAC addresses for subnets.

Assuming you are using Debian Squeeze and your server is already set up, you will have to set a point to point connection in the Dom0 and each DomU.

DomO has the regular ip 178.x.x.x and one from the subnet 88.x.x.x – gateway is 178.x.x.1.
Edit the /etc/network/interfaces and add pointtopoint 178.x.x.1 after gateway. This should be the same ip address as your gateway.

For the routing you need one ip address of your subnet on the Dom0 installed. This will also be your default gateway for all DomU’s.

Add the default gateway as a pointopoint connection on every DomU and it should work.

Don’t forget to restart network or reboot the machine and instances.

Heartbeat GUI for Mac OS X – no way, sorry!

Thursday, June 18th, 2009 | Permalink

I really tried it for at least 10 hours. Installing everything needed including all the libs, compilers and whatever. I even hacked the configure files and copied all the libs manually. No WAY!

If someone has a solutions. Please comment!!!

My solution right now is to use X11 and connect to another server. Not the best solutions I would say.

Search and Replace on command-line for several files

Wednesday, January 7th, 2009 | Permalink

Here is a little helper which can be used to search and replace Words in several files at one time.
For this we use perl on the command-line.
perl -p -i.bak -e "~s|search|replace|" file1.txt file2.txt file3.txt
The system will add a .bak file for each file so you have the old stuff too.

problem with permalinks in wordpress on plesk – strato virtual server

Tuesday, August 12th, 2008 | Permalink

This took me a while!
We installed a wordpress on the strato virtual machine and changed the permalink structure, but it didn’t work.
My first thought was that there must be something wrong with mod_rewrite. Seems like apache is not reporting if a module isn’t loaded but tried to use.
As Plesk is doing a good job with it’s user interface, they are not using a standard apache installation with mods-enabled & mods-availible.
After searching for a while I found a file called /etc/sysconfig/apache2.

In my case it’s line 84:

APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 perl python suexec"

This is telling the apache which modules have to loaded, as you can see there is nothing like rewrite.
Edit this line:

APACHE_MODULES="rewrite actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5 perl python suexec"

Restart apache with:
/etc/init.d/apache2 restart
And it works.