Thursday, April 29, 2021

Checking if our password is based on a dictionary word on linux command line

There is a package in linux that can be used to check the our password, if it is based on a dictionary word, and that is libcrack (or libcrack2 in debian based).

To install the package:
  • In redhat family:
# yum install cracklib -y
  • In debian family:
# apt install libcrack2

To use, just run cat and pipe it against cracklib-check command, and supply your password after that. Do not forget to type ctrl-d or ctrl-c to get back to the shell, once done.
$ cat | cracklib-check

password 

password: it is based on a dictionary word
$ cat | cracklib-check

Xeir3oongex*

Xeir3oongex*: OK

Thursday, April 22, 2021

Adding Rules to Firewalld before Starting It

This is really useful if we want to start firewalld via ssh. If we start firewalld without allowing ssh, we will be locked out from the machine.

The solution is, to use a command called firewall-offline-cmd. This tool acts similarly with firewal-cmd, except it works during the daemon is dead.

To avoid being locked out of a remotely accessed, we should first allow ssh in firewalld

$ sudo firewall-offline-cmd --add-service ssh

We are now safe to start firewalld

$ sudo systemctl start firewalld

Once started, we can make the rule permanent on firewalld restart 

$ sudo firewall-cmd --add-service ssh --permanent

Make firewalld start automatically on every server boot 

$ sudo systemctl enable firewalld


Wednesday, April 21, 2021

Changing Kernel on Next Boot

To choose which kernel version you want to boot into on next reboot, below are the steps


1. Check what kernel version is available

# grep ^menuentry /etc/grub.cfg

2. Choose which kernel that you want to boot from, remember that the list from the above command start from 0. Let's say we want to choose the second kernel

# grub2-set-default 1

3. Rebuild grub.cfg

# grub2-mkconfig -o /boot/grub2/grub.cfg

4. Reboot the server

# reboot 


You server will reboot to the kernel version that you choose above. 

Sunday, April 18, 2021

Running php-fpm and Nginx in Docker

Php-fpm is an advanced and highly efficient processor for php. In order for your php files to be viewable in a web browser, php-fpm needs to be coupled with a web server, such as nginx. In this tutorial we will show how to setup php-fpm and nginx is docker.

1. Create a directory for your files 

$ sudo mkdir phpfpm

2. Create a network for the containers to use. This makes sure that we can use container's name in the configuration file.

$ docker network create php-network

3. Create nginx config file

$ cd phpfpm

$ cat > default.conf <<EOF

server {

    listen  80;    

# this path MUST be exactly as docker-compose.fpm.volumes,

    # even if it doesn't exist in this dock.

    root /complex/path/to/files;

    location / {

        try_files $uri /index.php$is_args$args;

    }

    location ~ ^/.+\.php(/|$) {

        fastcgi_pass fpm:9000;

        include fastcgi_params;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 

    }

}

EOF

4. Create an index.php file with some random php code (we are using phpinfo() to make it easier)

$ cat > index.php <<EOF

<?php phpinfo(); ?> 

EOF

5. Run a php-fpm container, in detached and intaractive mode, using php-network, and we mount /home/user/phpfpm to /var/www/html in container

$ docker run -dit --name fpm --network php-network -v /home/user/phpfpm:/var/www/html

6. Run an nginx container in detached and intaractive mode, using php-network, and we mount /home/user/phpfpm/default.conf to /etc/nginx/conf.d/default.conf in container

$ docker run -dit --name nginx --network php-network -v /home/user/phpfpm/default.conf:/etc/nginx/conf.d/default.conf -p 80:80 nginx

7. Open a browser, and browse to http://localhost, you should now be able to see the PHPinfo page. 

Of course, there is an easier way to set this up using docker-compose. We will cover that in another post.


Saturday, April 17, 2021

Hiding Apache2 (httpd) Version in HTTP Header

One of the basic concept of cybersecurity, is to hide as much information about your system from the public view. For apache2 (httpd), this is pretty easy to do.

1. First, open /etc/httpd/conf/httpd.conf

$ sudo vi /etc/httpd/conf/httpd.conf

2. Then, append below lines to the file

...

ServerTokens Prod

ServerSignature Off

3. Save the file

4. Test the configuration, to make sure no typo error that can cause httpd to fail to start
$ sudo httpd -t

5. Restart httpd to activate the settings

$ sudo systemctl restart httpd

6. Finally, you can verify the visibility of the webserver's version number using curl or wget 

$ curl --head http://www.mydomainname.com

...

Server: Apache

... 

 

Thursday, April 15, 2021

Checking Web Server Version Using Command Line

We usually use these methods to verify what is being displayed in our HTTP header to the public. There are 2 tools that can be used, curl and wget.

To use wget:
$ wget --server-response --spider http://www.mydomain.com
...
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
...

To use curl:
$ curl --head http://www.mydomain.com
...
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
...

Wednesday, April 14, 2021

Accessing MTP Mounted Device Via Command Line

When you connect your android phone to a linux box using usb cable, the storage of the phone will appear in your file manager (thanks to automount). It is easily accesible from there, but what if you want to access it via command line? Where is it located?

To know the location of the MTP mounted storage, you need to know your user id

$ id

uid=1000(user) gid=1000(user) groups=1000(user),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),114(lpadmin),134(sambashare)

From the above command, the user ID is 1000. The MTP mounted device can be accessed at /run/user/<user ID>/gvfs

$ ls /run/user/1000/gvfs/

'mtp:host=Android_Android_28f5d3440504'

Just go to the 'mtp:host=Android_Android_28f5d3440504' directory (the name might differ), and you will see your phone's storage.

 

 

 

 

Thursday, April 1, 2021

Getting Access Denied Error when Using systemctl as root

 I got this error in one of our server, when trying to restart nginx

# systemctl status nginx

Failed to get properties: Access denied


Does not make sense, I am a root user. After some searching, a few suggestions came. 

The first suggestion was to restart systemctl daemon:

# systemctl daemon-reexec


That did not work for me. Another solution is to disable selinux temporarily, but this also did not work for me:

# setenforce 0 


The last thing that I tried (that actually worked) was to sending sigterm to systemd, and it will restart by itself:

# kill -TERM 1


If you guys happened to encounter this sort of error, you can try all the above. Some might suit you better than the other.

Installing elinks in CentOS 8

Elinks is a text based web browser, and it is now available in powertools repository. Powertools repository is not enabled by default, thus elinks is not available to be installed just by using standard yum install command.


List all available repositories

$ sudo yum repolist --all

...

powertools

...


Install elinks while enabling powertools repository temporarily

$ sudo yum install --enablerepo=powertools elinks -y

...

Installed:

  elinks-0.12-0.58.pre6.el8.x86_64                                                     gpm-libs-1.20.7-15.el8.x86_64                                                    

Complete!


Congratulations, you can now use elinks to view any website, but only in text based mode.