rubysecurity.org

Anecdotes from a Linux Systems Administrator. /root

Home About Books Blog Portfolio Archive

Tag Cloud


Currently Reading

MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104
MCA Microsoft Certified Associate Azure Administrator Study Guide: Exam AZ-104
308 / 435 Pages


Latest Book Reviews

Latest Posts


April 27, 2014

Apache - Directory index forbidden by Options directive

by Alpha01

By default, the CentOS Apache configuration does not allow index directory listings. So I enabled Indexes Option on the directory that I wanted allow this feature within my custom vhost. To my surprise after I made the Apache config update, directory listing was not working and I was still getting the default CentOS Apache welcome page.

Error

[Sat Apr 26 14:42:11 2014] [error] [client 192.168.100.1] Directory index forbidden by Options directive: /www/mysecureshit/

It turns out the default /etc/httpd/conf.d/welcome.conf file option overrides the +Indexing Options that I explicitly enabled within my custom vhost.

#
# This configuration file enables the default "Welcome"
# page if there is no default index page present for
# the root URL.  To disable the Welcome page, comment
# out all the lines below.
#
<LocationMatch "^/+$">
    Options -Indexes
    ErrorDocument 403 /error/noindex.html
</LocationMatch>

Fix

Delete /etc/httpd/conf.d/welcome.conf.

Tags: [ apache centos ]
March 22, 2014

Emergency reboot in Linux via SysRq

by Alpha01

When your Linux system has completely shit itself, and an emergency reboot needs to be made. Linux Magic System Request Keys to the rescue.

[root@server1 ~]# echo "1" > /proc/sys/kernel/sysrq
[root@server1 ~]# echo "b" > /proc/sysrq-trigger

Resources

Tags: [ monitoring ]
March 15, 2014

Reverse DNS Slave Setup

by Alpha01

So a few months back, I enabled reverse DNS on my home BIND server. One thing that I forgot to implement was the additional slave DNS reverse setup. Like many things in BIND, the slave reverse setup was a dead simple process.

It’s simply just a matter of adding the following entry to the slave’s named.conf with the updated master’s DNS IP specified in the masters directive and reload BIND.

zone "1.168.192.in-addr.arpa" IN {
        type slave;
        file "etc/zones/db.192.168.1.255.bak";
        allow-query { any; };
        masters { MasterDNSIP; };
};
Tags: [ bind ]
March 1, 2014

Installing gmond in Solaris 11

by Alpha01

Package is installed using OpenCSW

Install the installation source

root@solaris:~# pkgadd -d http://get.opencsw.org/now

I updated my PATH via ~/.profile

export PATH=/usr/bin:/usr/sbin:/opt/csw/bin

Install the CSWgangliaagent package

root@solaris:~# pkgutil --install CSWgangliaagent

Enable the service in SMF

root@solaris:~# svcadm enable svc:/network/cswgmond:default
Tags: [ solaris ganglia ]
February 18, 2014

Setting up a Git Server in CentOS 6.5

by Alpha01

1). Install git

[root@svn ~]# yum install git

2). Add the developers group, all git users will be part of this group.

[root@svn ~]# groupadd developers

3). Create the git user which will own all the repos.

[root@svn ~]# useradd -s /sbin/nologin -g developers git
[root@svn ~]# passwd git
Changing password for user git.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

4). Update Permissions.

[root@svn ~]# chmod 2770 /home/git/

5). Create an empty Git repo.

[root@svn project1]# git init --bare --shared
Initialized empty shared Git repository in /home/git/project1/

6). Update file ownership and permissions.

[root@svn project1]# chown -R git .
[root@svn project1]# chmod 2770 /home/git/project1

7). Create a git user account.

[root@svn git]# useradd -s /usr/bin/git-shell -g developers -d /home/git tony
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@svn git]# passwd tony
Changing password for user tony.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.

Usage

At this point a regular user should be able to checkout the project1 repo from the Git server.

tony@apha05:~$ mkdir ~/testing_shit/git_test
tony@apha05:~$ cd ~/testing_shit/git_test && git init
tony@apha05:~/testing_shit/git_test$ git remote add origin tony@svn:/home/git/project1

Note: Interestingly enough, an initial first commit has to be made onto the repo in order for any regular user to be able to push the repo, ie master branch. I received the following error when trying do so.

Error

tony@apha05:~/testing_shit/git_test$ git push origin master
tony@svn's password: 
error: src refspec master does not match any.
error: failed to push some refs to 'tony@svn:/home/git/project1'

Fix

tony@apha05:~/testing_shit/git_test$ git commit -m 'Initial'
[master (root-commit) 7bb7337] Initial
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 README.txt

tony@apha05:~/testing_shit/git_test$ git push origin master
tony@svn's password: 
Counting objects: 3, done.
Writing objects: 100% (3/3), 209 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To tony@svn:/home/git/project1
 * [new branch]      master -> master
Tags: [ git centos ]