Monday, January 25, 2021

Replacing Newline with Space

Let's say we have a list of words like below
$ cat animals
cat
fish
zebra
monkey

and we want it to be arranged in one horizontal line, separated by space. We can achieve that by using tr command.
$ cat animals | tr "\n" " " 
cat fish zebra monkey

What happened is, \n (symbol for newline), will be replaced with " ", which is symbol for space. 

Sunday, January 24, 2021

Generating Certificate Signing Request (CSR) for Multi Domain

For multi domain, we have to create a config file for openssl command to refer to, since the interactive mode would not, by default ask for multi domain in a CSR creation.


To create the config file, please follow below command (this example is for mydomain.com)

$ cat >> www-portal.mydomain.conf <<EOF

[req]

distinguished_name = req_distinguished_name

req_extensions = v3_req

prompt = no

[req_distinguished_name]

C = MY

ST = Selangor

L = Cyberjaya

O = MyCompany

OU = Software Development Division

CN = www.mydomain.com

[v3_req]

keyUsage = keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names

[alt_names]

DNS.1 = portal.mydomain.com

EOF


Run openssl CSR creation command against the config file

$ openssl req -new -newkey rsa:2048 -nodes -keyout www-portal.mydomain.key -out www-portal.mydomain.csr -config www-portal.mydomain.conf


Once generated, we can send the CSR to the Certificate Authority (usually SSL provider), to get our cert. This one CSR is usable for 2 domains, which are www.mydomain.com and portal.mydomain.com.


Generating a Certificate Signing Request (CSR) for a Single Domain

To generate a certificate signing request (CSR), you need to have openssl package installed. Please refer here for the instruction on how to install it.


Once you have openssl installed, please use below command to create a CSR with key for mydomain.com. 

$ openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.com.key -out mydomain.com.csr

Press Enter and you will need to provide a few information regarding the CSR. The information are as follows:

  1. Common Name: The FQDN (fully-qualified domain name) you want to secure with the certificate. For example: mydomain.com
  2. Organization: The full legal name of your organization including the corporate identifier. For example: MyCompany Co
  3. Organization Unit (OU): Your department such as 'Information Technology' or ‘Website Security.’
  4. City or Locality: The locality or city where your organization is legally incorporated. Do not abbreviate. For example: Cyberjaya
  5. State or Province: The state or province where your organization is legally incorporated. For example: Selangor
  6. Country: The official two-letter country code where your organization is legally incorporated. For example: MY

Once the CSR has been generated, we can provide it to the SSL provider, so that they can use it to provide the SSL for your domain. Please be mindful to keep the key file, because we will need it during our SSL setup.

Friday, January 22, 2021

Installing Openssl Application to Use SSL Functions

The openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. 


To install openssl in ubuntu or debian:

$ sudo apt install openssl -y


To install openssl in RHEL, CentOS or Fedora:

$ sudo yum install openssl -y


Tuesday, January 19, 2021

How to Redirect HTTP Traffic to HTTPS in httpd on CentOS

The easiest way is to do it using the VirtualHost configuration, if you have control over it. 

Edit your virtualhost configuration for that domain, in CentOS it is usually located in /etc/httpd/conf.d/mydomain.conf:

<VirtualHost *:80>
   ServerName www.mydomain.com
   Redirect / https://www.mydomain.com
</VirtualHost>

<VirtualHost _default_:443>
   ServerName www.mydomain.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
...
</VirtualHost>

The most important line is the "Redirect" line which will redirect all http traffic to https.

Once done, save the file.

Do not forget to run syntax test of the configuration files.
# httpd -t

And reload the service
# systemctl reload httpd

Sunday, January 3, 2021

Force Logout Other User from Linux

First, we need to know the username. This can easily be done using w command

# w

12:34:31 up 36 days, 14:14,  2 users,  load average: 0.07, 0.02, 0.00

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

ironman   pts/0    ::1              12:34    2.00s  0.01s  0.01s w

root     pts/3    10.29.25.230     12:22    7.00s  0.13s  0.00s bash


Let's say we want to log out ironman from our server. What we have to do is to use a command called pkill against that user.

# pkill -u ironman 


All processes that is owned by that user will be killed. 
# w

12:34:31 up 36 days, 14:14,  2 users,  load average: 0.07, 0.02, 0.00

USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT

root     pts/3    10.29.25.230     12:22    7.00s  0.13s  0.00s bash


The ironman user is no longer logged in. Easy peasy.