Checking whether a security cipher (ECDSA) is available

Posted on January 29, 2013 by vicki

[root@ssltest test]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.3 (Santiago)
[root@ssltest test]# openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
[root@ssltest test]# openssl ciphers -v | grep ECDSA

Posted in Linux, OPENSSL and TLS | Comments Off on Checking whether a security cipher (ECDSA) is available

hardcode the WordPress siteurl to dev.mysite.com

Posted on January 29, 2013 by vicki

When creating a dev version of a wordpress site, put the following in your wp-config for an immediate fix:

define(‘WP_HOME’,’http://dev.mysite.com’);
define(‘WP_SITEURL’,’http://dev.mysite.com’);

Another option is to edit the wp_options table as follows:

select * from wp_options where option_name=’siteurl’;

update option_value set option_value=”http://newsite.com” where option_name = ‘siteurl’;

Posted in Linux | Comments Off on hardcode the WordPress siteurl to dev.mysite.com

Translating Apache’s SSL Cipher Suite Directive

Posted on January 28, 2013 by vicki

You can translate that to a readable list of algorithms with this command: openssl ciphers -v ‘ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP’

Read more on this site: http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/

Posted in Linux, OPENSSL and TLS | Comments Off on Translating Apache’s SSL Cipher Suite Directive

Timezones in MySQL

Posted on January 22, 2013 by vicki

Timezone
[root@server02 ~]# date 
Fri Feb 24 02:11:38 CST 2012
MySQL time-zone:
mysql> show global variables like ‘%time_zone%’;

+——————+——–+

| Variable_name | Value |

+——————+——–+ 

| system_time_zone | CST |

| time_zone | SYSTEM |

+——————+——–+

2 rows in set (0.00 sec)

mysql> show variables like ‘%time_zone%’;

+——————+——–+

| Variable_name | Value |

+——————+——–+

| system_time_zone | CST |

| time_zone | SYSTEM |

+——————+——–+

2 rows in set (0.00 sec)

The MySQL timezone is inherited from the server’s timezone.

PHP timezone is CST (also inherited from the server timezone).

[root@server02 ~]# php 2>/dev/null


< ?php 
echo date_default_timezone_get(); 
?>

America/Chicago

Posted in Linux | Comments Off on Timezones in MySQL

testing your site

Posted on January 17, 2013 by vicki

Here are a couple of websites you can use to verify whether the site slowness is common for most clients or just your local network.

http://host-tracker.com/
http://internetsupervision.com

Posted in Linux | Comments Off on testing your site

How to check sessions

Posted on January 16, 2013 by vicki

#Add this script to the DocRoot and browse to it. The session_id shouldn’t change if it is preserving sessions

< ?php
// DONT FORGET TO CHECK FOR VARNISH RUINING EVERYTHING
ini_set( ‘display_errors’, 1);
session_start();

echo ‘HOSTNAME: ‘ . gethostname() . ‘ ‘;
echo ‘SESSION: ‘ . session_id() . ‘ ‘;

if (isset($_SESSION[‘counter’])) {
$_SESSION[‘counter’]++;
} else {
$_SESSION[‘counter’] = 1;
}

echo ‘
DUMP SESSION:
‘;
echo ‘

';
print_r($_SESSION);
echo '

‘;

phpinfo();
?>

Posted in Linux | Comments Off on How to check sessions

SSH Agent stuff

Posted on January 10, 2013 by vicki

Use the -i option to specify a new key

ssh -i newkey root@108.166.84.188

How to strip a passphrase from an openssl key

cp filename.key filename.key.encrypted
openssl rsa -in filename.key -out filename.key.nopass
cp filename.key.nopass filename.key

How to add or change a passphrase to an openssl key

If you created an openssl key without a password or if you need to change the password:

ssh-keygen -p -f ~/.ssh/id_rsa

———————————————————————————————–

Starting the SSH Agent

There are two ways to start the ssh-agent. Either will do the trick.

Start the ssh-agent using backquotes to pass information about the agent back to the shell.

`eval ssh-agent` runs an ssh-agent by forking a process off your current
login shell. It outputs some commands to set environment variables:
SSH_AUTH_SOCK or SSH2_AUTH_SOCK and SSH_AGENT_PID or SSH2_AGENT_PID. The eval part causes the shell to interpret the commands output by
ssh-agent, thereby setting the environment variables. (If you leave off
the eval, you’ll see the output.) The problem is that, because it got
forked, it is inaccessible to the shell and keeps running until killed
manually. And even then the environment variables remain set until you
unset them.

Start the ssh-agent and spawn a subshell.

ssh-agent bash
(ssh-agent /bin/sh, ssh-agent /bin/csh, ssh-agent $SHELL, ssh-agent
my-shell-script all work too btw)

With this method, the ssh-agent process runs in the foreground, spawning
a subshell and setting the environment variables up automatically. The
rest of the login session runs in the subshell. When the shell is killed
the cleanup is done automatically. Of course, any background processes
run before initiating the ssh-agent in this way are not accessible from
within the subshell.

1) Add root’s identity
ssh-agent bash
(ssh-agent /bin/sh, ssh-agent /bin/csh, ssh-agent $SHELL, ssh-agent
my-shell-script all work too btw)
2) Add the ssh key to the agent
ssh-add ~/.ssh/id_root_dsa
3) Log onto a machine setup to use ssh-keys
ssh -2 -A root@$MACHINENAME

Copying data from one machine to a tape drive on another.

1) Add root’s identity
ssh-agent bash
(ssh-agent /bin/sh, ssh-agent /bin/csh, ssh-agent $SHELL, ssh-agent
my-shell-script all work too btw)
2) Add the ssh key to the agent
ssh-add ~/.ssh/id_root_dsa
3) Pipe the output of tar to a machine setup to use ssh-keys

tar zcvf – /scratch/vickistan/cl-pdk/ |ssh -A root@$MACHINENAME “cat > /dev/nst2″

 

Posted in Linux, SSH | Comments Off on SSH Agent stuff

Webmin foo

Posted on January 9, 2013 by vicki

to change the password, use this command:

which changepassword.pl
/usr/libexec/webmin/changepass.pl /etc/webmin root PASSWORD

http://www.webmin.com/faq.html

Posted in Linux | Comments Off on Webmin foo

Using traceroute

Posted on January 7, 2013 by vicki

/Users/vick4522 ==> traceroute vickistan.com
traceroute to vickistan.com (108.166.91.129), 64 hops max, 52 byte packets
1 72.32.115.226 (72.32.115.226) 172.771 ms 83.839 ms 89.278 ms
2 67.192.56.50 (67.192.56.50) 95.320 ms 95.043 ms 92.113 ms
3 coreb.dfw1.rackspace.net (74.205.108.26) 94.737 ms
corea.dfw1.rackspace.net (74.205.108.10) 109.197 ms
coreb.dfw1.rackspace.net (74.205.108.26) 116.713 ms
4 core3.dfw1.rackspace.net (74.205.108.7) 117.443 ms
core3.dfw1.rackspace.net (74.205.108.23) 121.774 ms
core3.dfw1.rackspace.net (74.205.108.7) 134.359 ms
5 108-166-91-129.static.cloud-ips.com (108.166.91.129) 136.568 ms !Z 141.209 ms !Z 149.034 ms !Z

Since Linux uses UDP for trace-routes, this can originate from a –reject-with icmp-host-prohibited rule in the destination host’s firewall. Some Linux distros have this as a default configuration. To fix this you need to reply with –reject-with icmp-port-unreachable on UDP ports 33434 through 33534 instead.

If a packet is not acknowledged within the expected timeout, an asterisk is displayed.

Posted in Linux | Comments Off on Using traceroute

Percona XtraDB Cluster on cloud

Posted on January 3, 2013 by vicki

http://www.percona.com/software/percona-xtradb-cluster

Posted in Linux | Comments Off on Percona XtraDB Cluster on cloud