tag:blogger.com,1999:blog-72386780893167261132023-11-16T07:40:50.561-08:00Linux for EveryoneStarted this Blog to share my experience while working on various issues of linux servers and cloud technologies. Here in this blog you can find solutions to different errors we as system admin can face during our daily work. So stay tuned.
Also you can go through my start-up to buy Hosting Products like SSL, Wordpress and VPS or Linux and Windows servers at affordable prices.Unknownnoreply@blogger.comBlogger20125tag:blogger.com,1999:blog-7238678089316726113.post-60532631250324842352023-09-27T00:23:00.003-07:002023-09-28T05:18:26.837-07:00Resolving IP SKU Requirements When Adding Azure VMs to Load Balancers<p><span style="font-family: verdana;"><span style="font-size: small;">When it comes to configuring Azure Virtual Machines (VMs) within a Load Balancer (LB) environment, there are essential requirements that need to be addressed to ensure optimal performance and reliability. One common challenge faced by Azure users is the necessity of configuring IP SKUs correctly. In this blog post, we'll explore this requirement, its importance, and provide a solution to address it effectively.</span></span></p><p><span style="font-family: verdana;"><span style="font-size: small;"></span></span></p><div class="separator" style="clear: both; text-align: center;"><span style="font-size: small;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIsS9x3kuhr20zrCikmQ297jWYqtvkDvbRQdz1HVZygiSh4O04E3W8Vo2av-hU0Gl74sY_hB9N4450LPIwmrgBaUVfRMm480faFRqnTWtKfntkGbZJkienin984D4-SYQcdy39KeG0Ge4vabFoS6aQQE3QSVTZEZ1yCkZS85HvAB1SbPEqO02THk0c-2I/s1024/draw%20a%20simple%20a%200.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1024" data-original-width="1024" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIsS9x3kuhr20zrCikmQ297jWYqtvkDvbRQdz1HVZygiSh4O04E3W8Vo2av-hU0Gl74sY_hB9N4450LPIwmrgBaUVfRMm480faFRqnTWtKfntkGbZJkienin984D4-SYQcdy39KeG0Ge4vabFoS6aQQE3QSVTZEZ1yCkZS85HvAB1SbPEqO02THk0c-2I/w640-h640/draw%20a%20simple%20a%200.png" width="640" /></a></span></div><p></p><p><b><span style="font-size: medium;">Understanding the IP SKU Requirement</span></b><span style="font-family: verdana;"> </span></p><p><span style="font-size: small;"><span style="font-family: verdana;">The IP SKU (Service Key Update) requirement plays a pivotal role in the proper functioning of your Azure infrastructure, particularly within the context of Load Balancers. Here's what you need to know</span>:</span><br /></p><ul style="text-align: left;"><li><span style="font-family: verdana;"><span style="font-size: small;">IP Should Be in Standard SKU</span></span></li></ul><p><span style="font-family: verdana;"><span style="font-size: small;">When adding Azure VMs to a Load Balancer, it's highly recommended to utilize public IP addresses configured with the Standard SKU. The Standard SKU offers an array of advanced capabilities, including enhanced traffic management and load balancing options. By using Standard SKU, you ensure a higher degree of performance and reliability for your VMs within the Load Balancer setup.</span></span><br /></p><ul style="text-align: left;"><li><span style="font-family: verdana;"><span style="font-size: small;">Upgrading from Basic Public IP SKU to Standard SKU</span></span></li></ul><p><span style="font-family: verdana;"><span style="font-size: small;">In some instances, you may have initially created your VMs with a basic public IP SKU. If this is the case, it becomes necessary to upgrade your public IP addresses to the Standard SKU to meet the requirements of your Load Balancer.</span></span> <br /></p><p><span style="font-size: medium;"><b>How to Change the IP SKU</b><span style="font-family: verdana;"> </span></span></p><p><span style="font-size: small;"><span style="font-family: verdana;">To make this transition from a basic to a Standard SKU, you can utilize Azure PowerShell. Below is the PowerShell command that facilitates this transformation:</span></span><span style="font-size: x-small;"><br /><br /><span style="background-color: #fce5cd;">$rg = 'Your-Resource-Group-Name'<br />$name = 'Your-Public-IP-Resource-Name'<br />$newsku = 'Standard'<br />$pubIP = Get-AzPublicIpAddress -Name $name -ResourceGroupName $rg<br />$pubIP.Sku.Name = $newsku<br />Set-AzPublicIpAddress -PublicIpAddress $pubIP</span><br /><br /></span><span style="font-size: small;"><span style="font-family: verdana;">This PowerShell script allows you to effortlessly change the IP SKU of your public IP address. It's a powerful feature that was not available in the past but was introduced by Microsoft in response to valuable feedback from Azure users.</span></span><span style="font-size: x-small;"><br /></span><span style="font-size: medium;"><br /><b>Conclusion</b></span><span style="font-size: x-small;"><br /></span><span style="font-size: small;"><span style="font-family: verdana;">Ensuring that your Azure VMs function seamlessly within a Load Balancer environment hinges on meticulous attention to detail when it comes to IP SKUs. By configuring your public IP addresses with the Standard SKU, you unlock advanced features and achieve improved performance. The ability to upgrade from a basic to a Standard SKU ensures flexibility and scalability in your Azure setup.</span></span></p><p><span style="font-size: small;"><span style="font-family: verdana;">Microsoft's responsiveness to user feedback has resulted in the introduction of essential features like the capability to change IP SKUs. This enhancement simplifies IP management and empowers users to efficiently manage their Azure resources.<br /><br />By adhering to these best practices and leveraging the PowerShell script provided, you can optimize your Azure infrastructure and guarantee the smooth operation of your VMs within a Load Balancer environment.</span></span></p>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-17041130289126734632022-06-03T07:29:00.005-07:002022-06-03T07:29:34.440-07:00arbtd: Package isn't signed with proper key<p> <span style="font-family: verdana;">If you are System Admin and worked on linux machine or servers in your current job or in past.</span></p><p><span style="font-family: verdana;">Chances are you might come across linux service abrtd, even if you have not worked on it. but might be through some other work.</span></p><p><span style="font-family: verdana;">same thing happened to me, while I was doing my regular work of installing php packages on linux <a href="https://shop.nibbanahosting.com/products/vps" target="_blank">servers</a>, i came across this error for which spent couple of hours actually to resolve it. T</span><span style="font-family: verdana;">he error was </span></p><p><span></span></p><a name='more'></a><p></p><p><span style="background-color: white; color: #bf9000; font-family: verdana;">abrtd: Package 'php53u-fpm' isn't signed with proper key</span><span></span></p><!--more--><p></p><p><span style="font-family: verdana;">at that time I was new to linux servers and to this abrtd service (honestly speaking I still dont know much about abrtd service š)</span></p><p><span style="font-family: verdana;">But as it was part of job to find the solutions and apply the fixes and get the required packages installed on servers.</span></p><p><span style="font-family: verdana;">I came managed to solve the issue I faced couple of years back with below steps. Hope some of you might find it useful.</span></p><p><span></span></p><!--more--><span style="font-family: verdana;">Small information about what is actually abrtd is </span><span style="font-family: verdana;">automated bug reporting tool daemon on Linux.</span><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1J40C8o9UqpfJ-Z9TPR93jE0C6gIkkDbtWDWGVb2DGt_n8_d8wT53mqo_jS91XQbgQi6mHOdBj4sGLwbh8Lo-MclNzExOnWqRxGdua7lXuS_PXdjhYgVn4sjxERy_jtQt8rRK1CQRYYYZ5nrZgqZlGFyv_9-InPUYhbbDEE3deVX2pqb_Ake9z5LA/s541/arbtd.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="197" data-original-width="541" height="117" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1J40C8o9UqpfJ-Z9TPR93jE0C6gIkkDbtWDWGVb2DGt_n8_d8wT53mqo_jS91XQbgQi6mHOdBj4sGLwbh8Lo-MclNzExOnWqRxGdua7lXuS_PXdjhYgVn4sjxERy_jtQt8rRK1CQRYYYZ5nrZgqZlGFyv_9-InPUYhbbDEE3deVX2pqb_Ake9z5LA/w320-h117/arbtd.JPG" width="320" /></a></div></div><div><p><span style="font-family: verdana;">If you are using CentOS then look for below file on your server (if you are using debian/ubuntu - locate or find configuration file for abrt on your machine or server</span></p><p></p><ul><li><span style="font-family: verdana;">/etc/abrt/abrt-action-save-package-data.conf</span></li></ul><p></p><p style="text-align: justify;"><span style="font-family: verdana;">You need to then use your favorite editor to edit the file and make changes in it as follows. </span><span style="font-family: verdana;">The value for OpenGPGCheck should be changed from yes to no.</span></p><p></p><ul><li style="text-align: justify;"><span style="font-family: verdana;">OpenGPGCheck = no</span></li></ul><span style="text-align: justify;"><span style="font-family: verdana;">It might also be necessary to change the value of limit coredumpsize</span></span><p></p><div style="text-align: justify;"><ul><li><span style="font-family: verdana;">limit coredumpsize unlimited</span></li></ul></div><div><span style="font-family: verdana;"><div style="text-align: justify;">After editing the file, restart the process with the following command</div><div style="text-align: justify;"><ul><li>service abrtd restart</li></ul><div><br /></div><div><br /></div><div>------------------------------------------------------------------------------------------------</div></div></span></div><p><span></span></p><!--more--><p></p><p><span style="color: #674ea7; font-family: verdana;">Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.<br /></span><span style="color: #674ea7; font-family: verdana;">If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.</span></p><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.buymeacoffee.com/nibbana" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" data-original-height="226" data-original-width="629" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinZv5WfHNBYemMlekzFh-3WVucbTK7Ac6AYgnKbbAIIkyBie27tW9B-sOuXJWhZTRkGqqOrLEUc6xRZS0_ruSa50qnV7EpAqG6iKNHPkMwn3ad-xAiayi-XhWr_GI8Wcr9TJJ7jOyIPGTMxtGMNZK5y6Gl4DbDVjreA6zm3lAarbC36yx573ojBUT7/s320/test.JPG" width="320" /></a></div><!--more--><p><span></span></p><div><br /></div></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-71573225348637493202020-06-23T23:00:00.054-07:002022-06-02T04:06:45.648-07:00Azure - Application Gateway falling into failed state not allowing configuration changes<div><br /></div><div><font face="verdana">Did you ever got the error while doing any changes in Azure Application gateway which goes into failed state ? if yes then you are landed in correct blog post.</font></div><div><font face="verdana"><br /></font></div><div><span style="font-family: verdana;">here in this post i will try to share the solution for same issue i faced in past.</span><span style="font-family: verdana;">B</span><span style="font-family: verdana;">ut before that lets try to understand what is Azure AG (application gateway). Below diagram will help you to understand what is Application gateway.</span></div><div><font face="verdana"><br /></font></div><div><font face="verdana">In simpler words, Application gateway consists of Load balancer (a device who decide where to send the traffic based on the configuration done on it, although that is completely different topic to discuss) and acts as WAF (Web Application Firewall - which monitors the incoming traffic based on the application behavior hosted on back-end servers)</font></div><div><ul style="text-align: left;"><li><font face="verdana">LB where considered as Network device (sometimes it might be software not just physical device and works at Network Layer of OSI model</font></li><li><font face="verdana">WAF considered as kind of Software and works at Application Layer of OSI model </font></li></ul></div><div><br /></div><br /><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1VXaTJIlu66di39DyDUpYw92Rxm5YYqukVOYEECH5q9_TWbXpP8qohcZW7KeKLA3rhgkaqOZbwdW8pHXSrn6vLTpY6KvmFequ0LRHxDXWq4G69yBt6w8dr7qknLU9bOyfI5xjBUSqlbY/s732/Azure+Application+Gateway.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="650" data-original-width="732" height="355" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1VXaTJIlu66di39DyDUpYw92Rxm5YYqukVOYEECH5q9_TWbXpP8qohcZW7KeKLA3rhgkaqOZbwdW8pHXSrn6vLTpY6KvmFequ0LRHxDXWq4G69yBt6w8dr7qknLU9bOyfI5xjBUSqlbY/w400-h355/Azure+Application+Gateway.png" title="Azure Application Gateway" width="400" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;"><br /></td></tr></tbody></table><div><br /></div><div><br /></div><div><br /></div><div><p lang="" style="margin: 0in;"><font face="courier"><font size="5"><u>Issue:</u> </font></font><font face="verdana">Application Gateway falling into failed state not allowing configuration changes & Back-end health status show as unknown</font></p><p lang="" style="margin: 0in;"><font face="courier" size="5"><br /></font></p><p lang="" style="margin: 0in;"><font face="courier"><font size="5"><u>Possible Solution:</u></font><span style="font-size: 11pt;"> </span></font></p><p lang="" style="font-family: calibri; font-size: 11pt; margin: 0in;"><br /></p><p lang="" style="font-size: 11pt; margin: 0in;"></p><ul style="text-align: left;"><li><font face="verdana">Check if you have proper rules in place at Application Gateway NSG which allows
communication with the Gateway manager, which is used for control plane
communication</font></li></ul><p></p></div><blockquote style="border: none; margin: 0px 0px 0px 40px; padding: 0px;"><div style="text-align: left;"><span style="font-family: verdana; font-size: 11pt;"><span> </span>This rule will not affect the health status of the back-end devices but the Application Gateway will work correctly even without it. </span><span style="font-family: verdana; font-size: 11pt;">This rule allows control
plane data from the Gateway Manager which include information about the back-end
health. </span></div></blockquote><div><ul style="text-align: left;"><li> <span style="font-size: 11pt;"><font face="verdana">Thus, if this rule is missing, there will be no information on the
Gateway manager regarding some App GW options and functionalities. One of them
is the health status of the back-end. This means the application gateway will not work, but the
health of the back-end in the Azure control platform will be unknown and we can see a report of unknown status (even if it is Ok).</font></span></li></ul></div><div>
<p lang="" style="font-size: 11pt; margin: 0in;"></p><ul style="text-align: left;"><li><font face="verdana">Additionally, it turns out that if the communication with the
Gateway manager is blocked it may end up with Application Gateway in failed state. This is why its recommended not to apply NSG on
the Application Gateway sub-net.</font></li></ul><ul style="text-align: left;"><li><span style="font-size: 11pt;"><font face="verdana">When the proper rule is in place it should always display Healthy or
Unhealthy status as well as not causing Failed State anymore. do note that the lack of communication with the Gateway manager may cause different kind of issues</font></span></li></ul><div><ul style="text-align: left;"><li><font face="verdana">Rule can be applied as per the documentation mentioned over <a href="https://docs.microsoft.com/en-us/azure/application-gateway/configuration-overview#network-security-groups-on-the-application-gateway-subnet" rel="nofollow" target="_blank">here</a></font></li></ul><div><br /></div><span></span><span><a name='more'></a></span><div><br /></div><div><span style="color: #674ea7; font-family: verdana;">Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.</span></div><div><span style="color: #674ea7; font-family: verdana;"><br /></span></div><div><span style="color: #674ea7; font-family: verdana;">If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.</span></div><div><br /></div><div> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.buymeacoffee.com/nibbana" imageanchor="1" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" data-original-height="226" data-original-width="629" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinZv5WfHNBYemMlekzFh-3WVucbTK7Ac6AYgnKbbAIIkyBie27tW9B-sOuXJWhZTRkGqqOrLEUc6xRZS0_ruSa50qnV7EpAqG6iKNHPkMwn3ad-xAiayi-XhWr_GI8Wcr9TJJ7jOyIPGTMxtGMNZK5y6Gl4DbDVjreA6zm3lAarbC36yx573ojBUT7/s320/test.JPG" width="320" /></a></div><div><br /></div></div><span><!--more--></span><p></p></div>Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-20875539550056947402019-07-28T02:18:00.001-07:002022-06-02T04:15:47.541-07:00WARNING: C++ compiler too old, need g++ 4.8 or clang++ 3.4 (CXX=g++)<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<br />
<span face=""Trebuchet MS", sans-serif">If you ever worked on GULP installation as System Admin on Linux Servers, you might had come across below error </span><br />
<br />
<span face=""Trebuchet MS", sans-serif"><span style="background-color: white;"><b>Error</b>:</span> "<b>WARNING: C++ compiler too old, need g++ 4.8 or clang++ 3.4 (CXX=g++)</b>"</span><br />
<span face=""Trebuchet MS", sans-serif"><span style="background-color: white;"><b>Solution</b></span>: To Solve this error we need to install newer version of C++ and g++ rpm packages on linux servers. Try to get the exact version which error message is saying to you on screen.</span><br />
<span face=""Trebuchet MS", sans-serif"><br /></span>
<span face=""Trebuchet MS", sans-serif">Or You can Download below rpm files for RHEL6/CENTOS6 operating System and then install it</span><br />
<br />
<ul style="text-align: left;">
<li><span face=""Trebuchet MS", sans-serif"><a href="ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-gcc-c++-4.8.2-15.el6.x86_64.rpm">ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-gcc-c++-4.8.2-15.el6.x86_64.rpm</a></span></li>
</ul>
<span face=""Trebuchet MS", sans-serif">
</span><ul style="text-align: left;">
<li><span face=""Trebuchet MS", sans-serif"><a href="ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-gcc-4.8.2-15.el6.x86_64.rpm">ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-gcc-4.8.2-15.el6.x86_64.rpm</a></span></li>
</ul>
<span face=""Trebuchet MS", sans-serif">
</span><ul style="text-align: left;">
<li><span face=""Trebuchet MS", sans-serif"><a href="ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-runtime-2.1-4.el6.noarch.rpm">ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-runtime-2.1-4.el6.noarch.rpm</a></span></li>
</ul>
<span face=""Trebuchet MS", sans-serif">
</span><ul style="text-align: left;">
<li><span face=""Trebuchet MS", sans-serif"><a href="ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-libstdc++-devel-4.8.2-15.el6.x86_64.rpm">ftp://mirror.switch.ch/pool/4/mirror/scientificlinux/6x/external_products/devtoolset/x86_64/2/devtoolset-2-libstdc++-devel-4.8.2-15.el6.x86_64.rpm</a></span></li>
</ul>
<span face=""Trebuchet MS", sans-serif"> # yum install
scl-utils </span><br />
<br />
======================================================================<br />
<br />
<span face=""Trebuchet MS", sans-serif"><span style="font-size: large;">If this resolve your error, you can </span></span><br />
<br />
<ul style="text-align: left;">
<li><span face=""Trebuchet MS", sans-serif">Subscribe to My YouTube <span style="background-color: yellow;"><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank">Channel</a> </span> </span></li>
<li><span face=""Trebuchet MS", sans-serif">Ask Me for any Linux Freelancer Work</span></li>
<li><span face=""Trebuchet MS", sans-serif">Buy Cheapest SSL certificate for your Domains at My Hosting <span style="background-color: yellow;"><a href="https://shop.nibbanahosting.com/products/ssl" target="_blank">Website</a></span></span></li>
<li><span face=""Trebuchet MS", sans-serif">Buy Cheapest Webhosting Packages for <span style="background-color: yellow;"><a href="https://shop.nibbanahosting.com/products/cpanel" target="_blank">Cpanel</a></span> </span></li>
<li><span face=""Trebuchet MS", sans-serif">Buy Cheapest Webhosting Packages for Linux and Windows Dedicated <span style="background-color: yellow;"><a href="https://shop.nibbanahosting.com/products/dedicated-server" target="_blank">Boxes</a></span></span><span style="background-color: yellow;"><a href="https://shop.nibbanahosting.com/products/dedicated-server" target="_blank"> </a></span></li>
</ul><div><br /></div><span><a name='more'></a></span><div><br /></div><div><div><span style="color: #674ea7; font-family: verdana;">Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.</span></div><div><span style="color: #674ea7; font-family: verdana;"><br /></span></div><div><span style="color: #674ea7; font-family: verdana;">If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.</span></div><div><br /></div><div> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.buymeacoffee.com/nibbana" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" data-original-height="226" data-original-width="629" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinZv5WfHNBYemMlekzFh-3WVucbTK7Ac6AYgnKbbAIIkyBie27tW9B-sOuXJWhZTRkGqqOrLEUc6xRZS0_ruSa50qnV7EpAqG6iKNHPkMwn3ad-xAiayi-XhWr_GI8Wcr9TJJ7jOyIPGTMxtGMNZK5y6Gl4DbDVjreA6zm3lAarbC36yx573ojBUT7/s320/test.JPG" width="320" /></a></div><span><!--more--></span><div><br /></div></div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-81263126012461597112019-04-04T14:27:00.003-07:002022-06-02T04:16:54.810-07:00libssl.so.10(libssl.so.10)(64bit) is needed by<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="font-family: arial;"><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">Ever tried to install or upgrade the OpenSSL package installed on linux server ? Ok. so I had similar experiance in my current company where i faced a error while doing the upgrade of openssl package on redhat machine. and I was doing that to get rid of vulnerabilities.</span> </span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;"> <span style="font-size: large;">Error I faced:</span></span><br />
<br />
<span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">l<span style="font-family: arial;">ibssl.so.10(libssl.so.10)(64bit)
is needed by OR libz.so.1(zlib_1.2.0)(64bit)
is needed</span></span><span style="font-family: arial;"><br /></span>
<br />
<span style="font-family: "georgia" , "times new roman" , serif;"> <span style="font-size: large;">Error cause because of:</span></span><br />
<br />
<span style="font-family: arial;"><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">I was trying to upgrade the OpenSSL package on redhat/centos linux machine. Sometimes you can get this error while working on any other package upgrade as well. in that case too similar solution would be applicable which i mentioned below.</span><br /></span>
<br />
<span style="font-family: "georgia" , "times new roman" , serif;"> <span style="font-size: large;">Solution to the Error:</span></span><br />
<ul style="text-align: left;">
<li><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">Upgrade the installed OpenSSL version for below packages</span></li>
<ul>
<li><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">openssl</span></li>
<li><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">openssl-devel </span></li>
</ul>
</ul>
<ul style="text-align: left;">
<li><span face=""helvetica neue" , "arial" , "helvetica" , sans-serif">Upgrade the zlib package by using YUM</span></li>
</ul>
<br />
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span><b><span style="font-family: "courier new" , "courier" , monospace;"></span></b> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span><a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"> </a></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span><a name='more'></a></span><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><div><span style="color: #674ea7; font-family: verdana;">Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.</span></div><div><span style="color: #674ea7; font-family: verdana;"><br /></span></div><div><span style="color: #674ea7; font-family: verdana;">If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.</span></div><div><br /></div><div> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.buymeacoffee.com/nibbana" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" data-original-height="226" data-original-width="629" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinZv5WfHNBYemMlekzFh-3WVucbTK7Ac6AYgnKbbAIIkyBie27tW9B-sOuXJWhZTRkGqqOrLEUc6xRZS0_ruSa50qnV7EpAqG6iKNHPkMwn3ad-xAiayi-XhWr_GI8Wcr9TJJ7jOyIPGTMxtGMNZK5y6Gl4DbDVjreA6zm3lAarbC36yx573ojBUT7/s320/test.JPG" width="320" /></a></div><div><br style="color: black; font-family: "Times New Roman";" /></div><span><!--more--></span><div><br /></div></span></span></span></span></span></div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-39158952841226144292019-02-27T02:58:00.001-08:002022-06-02T04:17:13.748-07:00Solution and Step to fix CVE-2019-5736 Vulnerability - Docker<div dir="ltr" style="text-align: left;" trbidi="on">
Recently a new vulnerability has been discovered in the the internet market having target to Docker services.<br />
<br />
<h3 style="text-align: left;">
<b>What is this Vulnerability:</b></h3>
<div>
<b><br /></b></div>
In short, Docker service uses another service called as runc which is container run time to spawn and run containers. which simply means if docker task is to create docker images then runc task would be running them and attaching a process to container.<br />
<br />
So as per the recent discovery by the maintainers of runc, the code of this service was having some bug which can be used by attackers to gain the root level of access of the host machine on which docker containers are running.<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBEO4kK0SBsJlhENiIKSAu0IntG7X2_WyJyETkKpLIdIFwmTDHJ6pg11MImtzkvTzYubAYUUPbJ92L-cNaHseISK-Qv5yNf_A2u6xLyX6AGoJvKXgd5YHbnuDiLdfcHJPhJG10ny56Biw/s1600/Docker-800x445.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="445" data-original-width="800" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBEO4kK0SBsJlhENiIKSAu0IntG7X2_WyJyETkKpLIdIFwmTDHJ6pg11MImtzkvTzYubAYUUPbJ92L-cNaHseISK-Qv5yNf_A2u6xLyX6AGoJvKXgd5YHbnuDiLdfcHJPhJG10ny56Biw/s1600/Docker-800x445.jpg" /></a></div>
<br />
<h3 style="text-align: left;">
How it can be Exploited:</h3>
<div>
<br /></div>
This vulnerability can be exploited in two ways (1) if the docker images are in use is vulnerable making the containers build from it vulnerable also (2) if somehow attacker got the access of containers and then trying to exploit using the bug present in runc and trying to get root privileges.<br />
<br />
<br />
<h3 style="text-align: left;">
<b>Solution to Fix Vulnerability:</b></h3>
<div>
<b><br /></b></div>
<h4 style="text-align: left;">
<u>Centos/Redhat</u></h4>
<u><br /></u>
<br />
<ul style="text-align: left;">
<li>Update the docker version to latest version 18.09.2</li>
</ul>
Example: docker-ce-18.09.2<br />
<div>
<br /></div>
<h4 style="text-align: left;">
<u>AWS</u></h4>
<div>
<u><br /></u></div>
<div style="text-align: left;">
<ul style="text-align: left;">
<li>Update the docker version to latest version 18.06.1ce</li>
</ul>
Example:docker-18.06.1ce-7.25.amzn1</div>
<div>
<br /></div>
<br />
<br />
<b>Note</b>: For AWS environment, you might need to disable /etc/yum/pluginconf.d/update-motd.conf file by changing it to Zero "0" from One "1" to view the available AWS package.<br />
<br />
<br />
<h3 style="text-align: left;">
<b>Recommended Step:</b></h3>
<br />
Along with package update , we should also consider deploying containers using some random users rather than root user as the vulnerability gets exploited when having āUID 0ā i.e root privileges inside container.<br />
<br />
So when you are using composer file to define images, make sure to define some unique users to run those containers and which also need to present on server on which this containers need to run.<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span><a name='more'></a></span><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><br /></span></span></span></span></span></div><div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;"><span style="color: red;"><span style="color: red;"><div><span style="color: #674ea7; font-family: verdana;">Linuxforeveryone started with the focus of solving linux related issues a sys admin faces everyday. So as System Admin whatever i learn through my experience i try to write it down for rest of opensource community.</span></div><div><span style="color: #674ea7; font-family: verdana;"><br /></span></div><div><span style="color: #674ea7; font-family: verdana;">If you appreciate what you have read or this blog writeup helped you can considering buying me COFFEE, this will help me keep writing and helping community further.</span></div><div><br /></div><div> </div><div class="separator" style="clear: both; text-align: center;"><a href="https://www.buymeacoffee.com/nibbana" rel="nofollow" style="margin-left: 1em; margin-right: 1em;" target="_blank"><img border="0" data-original-height="226" data-original-width="629" height="115" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinZv5WfHNBYemMlekzFh-3WVucbTK7Ac6AYgnKbbAIIkyBie27tW9B-sOuXJWhZTRkGqqOrLEUc6xRZS0_ruSa50qnV7EpAqG6iKNHPkMwn3ad-xAiayi-XhWr_GI8Wcr9TJJ7jOyIPGTMxtGMNZK5y6Gl4DbDVjreA6zm3lAarbC36yx573ojBUT7/s320/test.JPG" width="320" /></a></div><span><!--more--></span><div><br style="color: black; font-family: "Times New Roman";" /></div></span></span></span></span></span></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7238678089316726113.post-44290298406595818762017-04-26T10:55:00.000-07:002019-04-04T14:30:24.494-07:00Know Your GIT Server<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="font-family: "verdana" , sans-serif;">If you are a developer you might be familiar with version control in your dev life. Even if you are system admin working on Windows/Linux/Unix then also you may come across version control.</span><br />
<br />
<span style="font-family: "verdana" , sans-serif;"><b><span style="color: red;"><marquee scrollwidth="10">For Freelance Work & Queries Contact me by Email Id</marquee></span></b> <span style="color: black;"><b>support@linuxforeveryone.com</b></span></span></div>
</div>
</div>
</div>
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;"> The point is if you know it its Good :) but if you do not know there is no need to worry. I will try to explain it to you as easy as possible.<br />
<br />
</span><br />
<div data-class="affiliateAdsByFlipkart" data-widgettype="productBanner" data-wrid="WRID-153854860752792062" dir="ltr" height="240px" style="text-align: center;" width="120px">
</div>
<script async="" src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script> <span style="font-family: "verdana" , sans-serif;"> <table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> What is Version Control </b></td></tr>
</tbody></table>
</span><span style="font-family: "courier new" , "courier" , monospace;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">A version control (VC) is a system which keeps an eye on your files (which you provide to him) over a period of time for all changes you are doing like updating, deleting etc and making a data for all these changes you are doing on files.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Version Control normally was divided into 3 categories.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">1) Local Version Control System</span><br />
<span style="font-family: "verdana" , sans-serif;">2) Central Version Control System</span><br />
<span style="font-family: "verdana" , sans-serif;">3) Distributed Version Control System</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Let see each Version Control one-by-one </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "courier new" , "courier" , monospace;"> </span><br />
<span style="font-family: "courier new" , "courier" , monospace;"> </span><span style="font-family: "verdana" , sans-serif;"><table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> Local Version Control System </b></td></tr>
</tbody></table>
</span><br />
<br />
<span style="font-family: "verdana" , sans-serif;">Before Local version control introduced, developers normally keep different versions of their code in different directories on their machine, people do this even today which are not aware of any Version controls. But this method has some issue and keeping in mind those issues and difficulties to manage code, Local version control system was designed. </span><br />
<br />
<br />
<div data-class="affiliateAdsByFlipkart" data-widgettype="productBanner" data-wrid="WRID-153842265910630515" dir="ltr" height="240px" style="text-align: center;" width="120px">
</div>
<script async="" src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script> <br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy8i2FDBoUpKpQWuE5lSAkNhel5NHO0EuoA67LgsvrZWUo9tiNRHSJdNDg5T5CKNqRq68z3LUXZdcFr_xiKqfgp8mEyh_PNSIJuDhot2IJFJTdC4MTY8qvTauC5-bbWc4Y5rHhXZA90QA/s1600/Local-version-control.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjy8i2FDBoUpKpQWuE5lSAkNhel5NHO0EuoA67LgsvrZWUo9tiNRHSJdNDg5T5CKNqRq68z3LUXZdcFr_xiKqfgp8mEyh_PNSIJuDhot2IJFJTdC4MTY8qvTauC5-bbWc4Y5rHhXZA90QA/s1600/Local-version-control.jpg" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><u><br />
</u></span> <span style="font-family: "verdana" , sans-serif;"><u>Example:</u> There is file having data "Hi my name is S" --- VC will save this file with version number 1</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">now if you edit this file as "Hi my name is SR" -- VC will save this file with version 2</span><br />
<span style="font-family: "verdana" , sans-serif;">now if you again edit this file as "Hi my is SR" -- VC will save this file with version 3</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Doing so will help you to fetch any files with their version number in future requirement. let say I want file having version 2, then using VC I can easily fetch that file.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;"><br />
</span> <br />
<br />
<div data-class="affiliateAdsByFlipkart" data-widgettype="searchWidget" data-wrid="WRID-149578618289075528" height="250" width="300">
</div>
<script src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script><span style="font-family: "verdana" , sans-serif;"> </span><span style="font-family: "verdana" , sans-serif;"><table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b>Central Version Control System</b></td></tr>
</tbody></table>
</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span><span style="font-family: "verdana" , sans-serif;">Now we talked about VC which can be present on the Local machine (inside your local network) accessible to you only OR it can be present at some remote location accessible to others also.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Now think about a VC which is present at some centralised location and everybody in your organisation is having access to it.</span><br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtnQhcbUUwWVLphkE2ZotG4aq5p21zSNqpPp8uvb1Kaq0x_WQnYvLoDqWkBXDtnY6VKXEd1D_VuBjXSkTA_HkFtjnqfsQiqH8QhDczXGgSsbAXweAOu7JeEt7YNdLeUaBD0O0JTEL2F1s/s1600/Centralized+Version+Control+System.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtnQhcbUUwWVLphkE2ZotG4aq5p21zSNqpPp8uvb1Kaq0x_WQnYvLoDqWkBXDtnY6VKXEd1D_VuBjXSkTA_HkFtjnqfsQiqH8QhDczXGgSsbAXweAOu7JeEt7YNdLeUaBD0O0JTEL2F1s/s1600/Centralized+Version+Control+System.jpg" /></a></div>
<br />
<span style="font-family: "verdana" , sans-serif;">here, when you request file1 to make edits, version control will provide a copy of file1 to you, simultaneously when another user request same file, version control provide a copy of file1 to him as well.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Now both can make changes on file1 and upload their changes on this centralised location server. here the scenario is like a <b><u>central control version</u></b> server serving files to different users and keeping versions of different files.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;"> <table 1="" align="center" cellpadding="1" style="text-align: center; width: 350px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> Distributed Version Control System </b></td></tr>
</tbody></table>
</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span><span style="font-family: "verdana" , sans-serif;">Above method also has its own flaws, because as the time passed, developers started interacting with other developers around the world and users present on other systems outside of their central control version boundaries. One of the main issues was a single </span><span style="font-family: "verdana" , sans-serif;">point of failure of centralised systems.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;"> To overcome this new architecture was introduced which was termed as distributed version control system.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8ukw_n9Fg0qRL7omu4CW4X0MuhHPcMRSPhkMUhydjAlvTtmIickB-cxgnKvzV9i9qAWPD6guKq95pfZ7deXXj-k2-AukPcuMdcObbCS9WOh3kK2RJb1swBp-mNkxiDMe0jFp27oS3WRc/s1600/Distributed+Version+Control.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi8ukw_n9Fg0qRL7omu4CW4X0MuhHPcMRSPhkMUhydjAlvTtmIickB-cxgnKvzV9i9qAWPD6guKq95pfZ7deXXj-k2-AukPcuMdcObbCS9WOh3kK2RJb1swBp-mNkxiDMe0jFp27oS3WRc/s1600/Distributed+Version+Control.jpg" /></a></div>
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Here, Users don't just fetch the files, but instead fetched complete folder having their code, called as repositories.</span><br />
<br />
<span style="font-family: "verdana" , sans-serif;">Repositories are nothing but a folder having all your files which you commit to the Distributed control version system.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">Example: If you are working on project ABC.com and if you are having all the code files for this project with you, you can create a folder in DVCS with the name as abc which will then called repository. </span><span style="font-family: "verdana" , sans-serif;">and upload(Or commit ) your files into that abc repository. </span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <span style="font-family: "verdana" , sans-serif;">You can then pull your abc repository, make code changes in any file and then can push changes on DVCS.</span><br />
<span style="font-family: "verdana" , sans-serif;"><br />
</span> <br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span> </div>
Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7238678089316726113.post-33468383367699263202017-01-30T05:43:00.000-08:002019-04-04T14:31:03.223-07:00Sweet32 - Vulnerbility <div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<span style="font-family: "georgia" , "times new roman" , serif;">Recently there was another Vulnerability grab My attention which was related to DES and Tripple DES (3DES) , Any men in the middle can exploit this vulnerability by capturing large amount of encrypted data and thus recover plain text sensitive data. </span><br />
<br />
<b><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">Severity</span></span>:</b> <span style="font-family: "georgia" , "times new roman" , serif;">Medium</span><br />
<span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><b>CVE Number</b></span></span>: <span style="font-family: "georgia" , "times new roman" , serif;">CVE-2016-2183</span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlK6Vu84gnubNpaBdgkysj3ryZECxmU0NwFxi6bhuslHt-_NnNks2G_JeuW_yAWU3BZS26tcD_wAUpPDT1zTUobC9KTxNgBmvfXf-a1tTuxvrf9yYnshGuiG7iVSsaifSp8ropzuEhIZY/s1600/Sweet32-1.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhlK6Vu84gnubNpaBdgkysj3ryZECxmU0NwFxi6bhuslHt-_NnNks2G_JeuW_yAWU3BZS26tcD_wAUpPDT1zTUobC9KTxNgBmvfXf-a1tTuxvrf9yYnshGuiG7iVSsaifSp8ropzuEhIZY/s1600/Sweet32-1.jpg" /></a></div>
<span style="font-family: "georgia" , "times new roman" , serif;"><span style="font-size: small;"><b><br />
<span style="font-family: "verdana" , sans-serif; font-size: large;"><b><span style="color: red;"><marquee scrollwidth="10">For Freelance Work & Queries Contact me by Email Id</marquee></span></b> <span style="color: black;"><b>support@linuxforeveryone.com</b></span></span></b></span></span></div>
</div>
</div>
</div>
<br />
Remediation : You need to disable any ciphers starting with DES and 3DES supported by Server by any service present on server for example<br />
<br />
<ul style="text-align: left;">
<li><span style="font-family: "georgia" , "times new roman" , serif;">Apache</span></li>
<li><span style="font-family: "georgia" , "times new roman" , serif;">Nginx etc</span></li>
</ul>
<div style="text-align: left;">
<span style="font-family: "georgia" , "times new roman" , serif;"> </span> </div>
<div style="text-align: left;">
<b><span style="font-size: small;"> <table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> Important Point to Remember : 1 :</b></td></tr>
</tbody></table>
</span> </b></div>
<span style="font-family: "georgia" , "times new roman" , serif;">Normally old browser don't supports DES and 3DES ciphers. It is very important to note that in many cases, a software update (back-ported version provided by Operating System vendor ) won't be enough to resolve this issue. Usually software update doesn't overwrite manually tweaked configuration files, which means, DES/3DES can be still available, even if the software update disables them by default.</span> <span style="font-family: "georgia" , "times new roman" , serif;"> </span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;"> </span><span style="font-family: "georgia" , "times new roman" , serif;"></span><b> </b> <span style="font-size: small;"><b> <iframe frameborder="0" marginheight="0" marginwidth="0" scrolling="no" src="//ws-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=IN&source=ac&ref=tf_til&ad_type=product_link&tracking_id=sushi07-21&marketplace=amazon&region=IN&placement=B072ZYJLZ8&asins=B072ZYJLZ8&linkId=000779a1b05f658ccf572451a33937a7&show_border=false&link_opens_in_new_window=false&price_color=333333&title_color=0066c0&bg_color=ffffff" style="height: 240px; width: 120px;">
</iframe><table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> Important Point to Remember : 2 : </b></td></tr>
</tbody></table>
</b></span> <span style="font-family: "georgia" , "times new roman" , serif;">On Windows 7/10 systems running RDP (Remote Desktop Protocol), the vulnerable cipher that should be disabled is labeled 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'.</span> <span style="font-size: small;"> </span><br />
<br />
<span style="font-size: small;"><b> <table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> Important Point to Remember : 3 : </b></td></tr>
</tbody></table>
</b></span> <span style="font-family: "georgia" , "times new roman" , serif;"> </span> <br />
<div>
<span style="font-family: "georgia" , "times new roman" , serif;">Please limit the number of requests client can make in a single TLS session and / or the keep-alive timeout value, </span><span style="font-family: "georgia" , "times new roman" , serif;">If disabling 64 bit block ciphers is not possible. </span><br />
<br /></div>
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span> </div>
Unknownnoreply@blogger.com0India20.593684 78.962880000000041-8.6044825 37.654286000000042 49.791850499999995 120.27147400000004tag:blogger.com,1999:blog-7238678089316726113.post-13640093183977228622016-12-06T23:15:00.002-08:002019-04-04T14:31:38.843-07:00Linux Bug - Dirty COW <div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
Recently World of Linux come across yet another bug which is haunting the nix users all over the world. This bug has given a name COW and its associated CVE number is CVE-2016-5195.<br />
<br />
Its kind of funny how this bug get their names, this too grab my attention when i first heard about it as COW ! i laughed out like what ? :)<br />
<br />
<span style="font-family: "verdana" , sans-serif; font-size: large;"><b><span style="color: red;"><marquee scrollwidth="10">For Freelance Work & Queries Contact me by Email Id</marquee></span></b> <span style="color: black;"><b>support@linuxforeveryone.com</b></span></span></div>
<br />
<u><b>Background : </b></u><br />
<br />
later when I started reading about this bug in details got to know how this bug got his name, which nothing but a "<b>copy-on-write</b>" technique which Linux kernel uses to maintain the private read -only memory mapping and this technique have some flaws in it since 2007 woohooo that was way long back.<br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvuPTvMhYBPk61b7c8XG1hjlW1HFrBabcV0FlIyc_qwrDjTMaZxLETWjSJZyGJVtbwdKTO-UAGtj8XcXs0z00alkuB0TLu552gT4-UdZe_VVg9uz2GeFWzc8bfB0wKXeNWD6g0anjQDXo/s1600/DirtyCow.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgvuPTvMhYBPk61b7c8XG1hjlW1HFrBabcV0FlIyc_qwrDjTMaZxLETWjSJZyGJVtbwdKTO-UAGtj8XcXs0z00alkuB0TLu552gT4-UdZe_VVg9uz2GeFWzc8bfB0wKXeNWD6g0anjQDXo/s640/DirtyCow.jpg" width="556" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<br />
In other words if i have to say is this bugs allow a server to become completely compromised through local privilege escalation. This vulnerability is specific to the Linux Kernel, and exploiting this vulnerability does require a local system user (compromised or not) to run malicious code to obtain admin privileges. Despite this requirement, this is a high priority security patch that should be patched as soon as possible due to its severity.<br />
<br />
<h3 style="text-align: left;">
<u><b>How to Check if your System is vulnerable:</b></u></h3>
<br />
Run the below script to check whether you system are affected by this bug or not.<br />
<br />
copy and paste below content in file say bug-checker.sh and give it executable permission<br />
<br />
<div style="background-color: lightseagreen; color: white; font-family: sans-serif; height: 720px; overflow: auto; padding: 10px; width: 720px;">
<pre class="aLF-aPX-K0-aPE aLF-aPX-aLK-ayr-auR">#!/bin/bash
# Version: 1.3
RED="\033[1;31m"
YELLOW="\033[1;33m"
GREEN="\033[1;32m"
BOLD="\033[1m"
RESET="\033[0m"
SAFE_KERNEL="SAFE_KERNEL"
SAFE_KPATCH="SAFE_KPATCH"
MITIGATED="MITIGATED"
VULNERABLE="VULNERABLE"
MITIGATION_ON='CVE-2016-5195 mitigation loaded'
MITIGATION_OFF='CVE-2016-5195 mitigation unloaded'
VULNERABLE_VERSIONS=(
# RHEL5
"2.6.18-8.1.1.el5"
"2.6.18-8.1.3.el5"
"2.6.18-8.1.4.el5"
"2.6.18-8.1.6.el5"
"2.6.18-8.1.8.el5"
"2.6.18-8.1.10.el5"
"2.6.18-8.1.14.el5"
"2.6.18-8.1.15.el5"
"2.6.18-53.el5"
"2.6.18-53.1.4.el5"
"2.6.18-53.1.6.el5"
"2.6.18-53.1.13.el5"
"2.6.18-53.1.14.el5"
"2.6.18-53.1.19.el5"
"2.6.18-53.1.21.el5"
"2.6.18-92.el5"
"2.6.18-92.1.1.el5"
"2.6.18-92.1.6.el5"
"2.6.18-92.1.10.el5"
"2.6.18-92.1.13.el5"
"2.6.18-92.1.18.el5"
"2.6.18-92.1.22.el5"
"2.6.18-92.1.24.el5"
"2.6.18-92.1.26.el5"
"2.6.18-92.1.27.el5"
"2.6.18-92.1.28.el5"
"2.6.18-92.1.29.el5"
"2.6.18-92.1.32.el5"
"2.6.18-92.1.35.el5"
"2.6.18-92.1.38.el5"
"2.6.18-128.el5"
"2.6.18-128.1.1.el5"
"2.6.18-128.1.6.el5"
"2.6.18-128.1.10.el5"
"2.6.18-128.1.14.el5"
"2.6.18-128.1.16.el5"
"2.6.18-128.2.1.el5"
"2.6.18-128.4.1.el5"
"2.6.18-128.4.1.el5"
"2.6.18-128.7.1.el5"
"2.6.18-128.8.1.el5"
"2.6.18-128.11.1.el5"
"2.6.18-128.12.1.el5"
"2.6.18-128.14.1.el5"
"2.6.18-128.16.1.el5"
"2.6.18-128.17.1.el5"
"2.6.18-128.18.1.el5"
"2.6.18-128.23.1.el5"
"2.6.18-128.23.2.el5"
"2.6.18-128.25.1.el5"
"2.6.18-128.26.1.el5"
"2.6.18-128.27.1.el5"
"2.6.18-128.29.1.el5"
"2.6.18-128.30.1.el5"
"2.6.18-128.31.1.el5"
"2.6.18-128.32.1.el5"
"2.6.18-128.35.1.el5"
"2.6.18-128.36.1.el5"
"2.6.18-128.37.1.el5"
"2.6.18-128.38.1.el5"
"2.6.18-128.39.1.el5"
"2.6.18-128.40.1.el5"
"2.6.18-128.41.1.el5"
"2.6.18-164.el5"
"2.6.18-164.2.1.el5"
"2.6.18-164.6.1.el5"
"2.6.18-164.9.1.el5"
"2.6.18-164.10.1.el5"
"2.6.18-164.11.1.el5"
"2.6.18-164.15.1.el5"
"2.6.18-164.17.1.el5"
"2.6.18-164.19.1.el5"
"2.6.18-164.21.1.el5"
"2.6.18-164.25.1.el5"
"2.6.18-164.25.2.el5"
"2.6.18-164.28.1.el5"
"2.6.18-164.30.1.el5"
"2.6.18-164.32.1.el5"
"2.6.18-164.34.1.el5"
"2.6.18-164.36.1.el5"
"2.6.18-164.37.1.el5"
"2.6.18-164.38.1.el5"
"2.6.18-194.el5"
"2.6.18-194.3.1.el5"
"2.6.18-194.8.1.el5"
"2.6.18-194.11.1.el5"
"2.6.18-194.11.3.el5"
"2.6.18-194.11.4.el5"
"2.6.18-194.17.1.el5"
"2.6.18-194.17.4.el5"
"2.6.18-194.26.1.el5"
"2.6.18-194.32.1.el5"
"2.6.18-238.el5"
"2.6.18-238.1.1.el5"
"2.6.18-238.5.1.el5"
"2.6.18-238.9.1.el5"
"2.6.18-238.12.1.el5"
"2.6.18-238.19.1.el5"
"2.6.18-238.21.1.el5"
"2.6.18-238.27.1.el5"
"2.6.18-238.28.1.el5"
"2.6.18-238.31.1.el5"
"2.6.18-238.33.1.el5"
"2.6.18-238.35.1.el5"
"2.6.18-238.37.1.el5"
"2.6.18-238.39.1.el5"
"2.6.18-238.40.1.el5"
"2.6.18-238.44.1.el5"
"2.6.18-238.45.1.el5"
"2.6.18-238.47.1.el5"
"2.6.18-238.48.1.el5"
"2.6.18-238.49.1.el5"
"2.6.18-238.50.1.el5"
"2.6.18-238.51.1.el5"
"2.6.18-238.52.1.el5"
"2.6.18-238.53.1.el5"
"2.6.18-238.54.1.el5"
"2.6.18-238.55.1.el5"
"2.6.18-238.56.1.el5"
"2.6.18-274.el5"
"2.6.18-274.3.1.el5"
"2.6.18-274.7.1.el5"
"2.6.18-274.12.1.el5"
"2.6.18-274.17.1.el5"
"2.6.18-274.18.1.el5"
"2.6.18-308.el5"
"2.6.18-308.1.1.el5"
"2.6.18-308.4.1.el5"
"2.6.18-308.8.1.el5"
"2.6.18-308.8.2.el5"
"2.6.18-308.11.1.el5"
"2.6.18-308.13.1.el5"
"2.6.18-308.16.1.el5"
"2.6.18-308.20.1.el5"
"2.6.18-308.24.1.el5"
"2.6.18-348.el5"
"2.6.18-348.1.1.el5"
"2.6.18-348.2.1.el5"
"2.6.18-348.3.1.el5"
"2.6.18-348.4.1.el5"
"2.6.18-348.6.1.el5"
"2.6.18-348.12.1.el5"
"2.6.18-348.16.1.el5"
"2.6.18-348.18.1.el5"
"2.6.18-348.19.1.el5"
"2.6.18-348.21.1.el5"
"2.6.18-348.22.1.el5"
"2.6.18-348.23.1.el5"
"2.6.18-348.25.1.el5"
"2.6.18-348.27.1.el5"
"2.6.18-348.28.1.el5"
"2.6.18-348.29.1.el5"
"2.6.18-348.30.1.el5"
"2.6.18-348.31.2.el5"
"2.6.18-371.el5"
"2.6.18-371.1.2.el5"
"2.6.18-371.3.1.el5"
"2.6.18-371.4.1.el5"
"2.6.18-371.6.1.el5"
"2.6.18-371.8.1.el5"
"2.6.18-371.9.1.el5"
"2.6.18-371.11.1.el5"
"2.6.18-371.12.1.el5"
"2.6.18-398.el5"
"2.6.18-400.el5"
"2.6.18-400.1.1.el5"
"2.6.18-402.el5"
"2.6.18-404.el5"
"2.6.18-406.el5"
"2.6.18-407.el5"
"2.6.18-408.el5"
"2.6.18-409.el5"
"2.6.18-410.el5"
"2.6.18-411.el5"
"2.6.18-412.el5"
# RHEL6
"2.6.32-71.7.1.el6"
"2.6.32-71.14.1.el6"
"2.6.32-71.18.1.el6"
"2.6.32-71.18.2.el6"
"2.6.32-71.24.1.el6"
"2.6.32-71.29.1.el6"
"2.6.32-71.31.1.el6"
"2.6.32-71.34.1.el6"
"2.6.32-71.35.1.el6"
"2.6.32-71.36.1.el6"
"2.6.32-71.37.1.el6"
"2.6.32-71.38.1.el6"
"2.6.32-71.39.1.el6"
"2.6.32-71.40.1.el6"
"2.6.32-131.0.15.el6"
"2.6.32-131.2.1.el6"
"2.6.32-131.4.1.el6"
"2.6.32-131.6.1.el6"
"2.6.32-131.12.1.el6"
"2.6.32-131.17.1.el6"
"2.6.32-131.21.1.el6"
"2.6.32-131.22.1.el6"
"2.6.32-131.25.1.el6"
"2.6.32-131.26.1.el6"
"2.6.32-131.28.1.el6"
"2.6.32-131.29.1.el6"
"2.6.32-131.30.1.el6"
"2.6.32-131.30.2.el6"
"2.6.32-131.33.1.el6"
"2.6.32-131.35.1.el6"
"2.6.32-131.36.1.el6"
"2.6.32-131.37.1.el6"
"2.6.32-131.38.1.el6"
"2.6.32-131.39.1.el6"
"2.6.32-220.el6"
"2.6.32-220.2.1.el6"
"2.6.32-220.4.1.el6"
"2.6.32-220.4.2.el6"
"2.6.32-220.4.7.bgq.el6"
"2.6.32-220.7.1.el6"
"2.6.32-220.7.3.p7ih.el6"
"2.6.32-220.7.4.p7ih.el6"
"2.6.32-220.7.6.p7ih.el6"
"2.6.32-220.7.7.p7ih.el6"
"2.6.32-220.13.1.el6"
"2.6.32-220.17.1.el6"
"2.6.32-220.23.1.el6"
"2.6.32-220.24.1.el6"
"2.6.32-220.25.1.el6"
"2.6.32-220.26.1.el6"
"2.6.32-220.28.1.el6"
"2.6.32-220.30.1.el6"
"2.6.32-220.31.1.el6"
"2.6.32-220.32.1.el6"
"2.6.32-220.34.1.el6"
"2.6.32-220.34.2.el6"
"2.6.32-220.38.1.el6"
"2.6.32-220.39.1.el6"
"2.6.32-220.41.1.el6"
"2.6.32-220.42.1.el6"
"2.6.32-220.45.1.el6"
"2.6.32-220.46.1.el6"
"2.6.32-220.48.1.el6"
"2.6.32-220.51.1.el6"
"2.6.32-220.52.1.el6"
"2.6.32-220.53.1.el6"
"2.6.32-220.54.1.el6"
"2.6.32-220.55.1.el6"
"2.6.32-220.56.1.el6"
"2.6.32-220.57.1.el6"
"2.6.32-220.58.1.el6"
"2.6.32-220.60.2.el6"
"2.6.32-220.62.1.el6"
"2.6.32-220.63.2.el6"
"2.6.32-220.64.1.el6"
"2.6.32-220.65.1.el6"
"2.6.32-220.66.1.el6"
"2.6.32-220.67.1.el6"
"2.6.32-279.el6"
"2.6.32-279.1.1.el6"
"2.6.32-279.2.1.el6"
"2.6.32-279.5.1.el6"
"2.6.32-279.5.2.el6"
"2.6.32-279.9.1.el6"
"2.6.32-279.11.1.el6"
"2.6.32-279.14.1.bgq.el6"
"2.6.32-279.14.1.el6"
"2.6.32-279.19.1.el6"
"2.6.32-279.22.1.el6"
"2.6.32-279.23.1.el6"
"2.6.32-279.25.1.el6"
"2.6.32-279.25.2.el6"
"2.6.32-279.31.1.el6"
"2.6.32-279.33.1.el6"
"2.6.32-279.34.1.el6"
"2.6.32-279.37.2.el6"
"2.6.32-279.39.1.el6"
"2.6.32-279.41.1.el6"
"2.6.32-279.42.1.el6"
"2.6.32-279.43.1.el6"
"2.6.32-279.43.2.el6"
"2.6.32-279.46.1.el6"
"2.6.32-358.el6"
"2.6.32-358.0.1.el6"
"2.6.32-358.2.1.el6"
"2.6.32-358.6.1.el6"
"2.6.32-358.6.2.el6"
"2.6.32-358.6.3.p7ih.el6"
"2.6.32-358.11.1.bgq.el6"
"2.6.32-358.11.1.el6"
"2.6.32-358.14.1.el6"
"2.6.32-358.18.1.el6"
"2.6.32-358.23.2.el6"
"2.6.32-358.28.1.el6"
"2.6.32-358.32.3.el6"
"2.6.32-358.37.1.el6"
"2.6.32-358.41.1.el6"
"2.6.32-358.44.1.el6"
"2.6.32-358.46.1.el6"
"2.6.32-358.46.2.el6"
"2.6.32-358.48.1.el6"
"2.6.32-358.49.1.el6"
"2.6.32-358.51.1.el6"
"2.6.32-358.51.2.el6"
"2.6.32-358.55.1.el6"
"2.6.32-358.56.1.el6"
"2.6.32-358.59.1.el6"
"2.6.32-358.61.1.el6"
"2.6.32-358.62.1.el6"
"2.6.32-358.65.1.el6"
"2.6.32-358.67.1.el6"
"2.6.32-358.68.1.el6"
"2.6.32-358.69.1.el6"
"2.6.32-358.70.1.el6"
"2.6.32-358.71.1.el6"
"2.6.32-358.72.1.el6"
"2.6.32-358.73.1.el6"
"2.6.32-358.111.1.openstack.el6"
"2.6.32-358.114.1.openstack.el6"
"2.6.32-358.118.1.openstack.el6"
"2.6.32-358.123.4.openstack.el6"
"2.6.32-431.el6"
"2.6.32-431.1.1.bgq.el6"
"2.6.32-431.1.2.el6"
"2.6.32-431.3.1.el6"
"2.6.32-431.5.1.el6"
"2.6.32-431.11.2.el6"
"2.6.32-431.17.1.el6"
"2.6.32-431.20.3.el6"
"2.6.32-431.20.5.el6"
"2.6.32-431.23.3.el6"
"2.6.32-431.29.2.el6"
"2.6.32-431.37.1.el6"
"2.6.32-431.40.1.el6"
"2.6.32-431.40.2.el6"
"2.6.32-431.46.2.el6"
"2.6.32-431.50.1.el6"
"2.6.32-431.53.2.el6"
"2.6.32-431.56.1.el6"
"2.6.32-431.59.1.el6"
"2.6.32-431.61.2.el6"
"2.6.32-431.64.1.el6"
"2.6.32-431.66.1.el6"
"2.6.32-431.68.1.el6"
"2.6.32-431.69.1.el6"
"2.6.32-431.70.1.el6"
"2.6.32-431.71.1.el6"
"2.6.32-431.72.1.el6"
"2.6.32-431.73.2.el6"
"2.6.32-431.74.1.el6"
"2.6.32-504.el6"
"2.6.32-504.1.3.el6"
"2.6.32-504.3.3.el6"
"2.6.32-504.8.1.el6"
"2.6.32-504.8.2.bgq.el6"
"2.6.32-504.12.2.el6"
"2.6.32-504.16.2.el6"
"2.6.32-504.23.4.el6"
"2.6.32-504.30.3.el6"
"2.6.32-504.30.5.p7ih.el6"
"2.6.32-504.33.2.el6"
"2.6.32-504.36.1.el6"
"2.6.32-504.38.1.el6"
"2.6.32-504.40.1.el6"
"2.6.32-504.43.1.el6"
"2.6.32-504.46.1.el6"
"2.6.32-504.49.1.el6"
"2.6.32-504.50.1.el6"
"2.6.32-504.51.1.el6"
"2.6.32-504.52.1.el6"
"2.6.32-573.el6"
"2.6.32-573.1.1.el6"
"2.6.32-573.3.1.el6"
"2.6.32-573.4.2.bgq.el6"
"2.6.32-573.7.1.el6"
"2.6.32-573.8.1.el6"
"2.6.32-573.12.1.el6"
"2.6.32-573.18.1.el6"
"2.6.32-573.22.1.el6"
"2.6.32-573.26.1.el6"
"2.6.32-573.30.1.el6"
"2.6.32-573.32.1.el6"
"2.6.32-573.34.1.el6"
"2.6.32-642.el6"
"2.6.32-642.1.1.el6"
"2.6.32-642.3.1.el6"
"2.6.32-642.4.2.el6"
"2.6.32-642.6.1.el6"
# RHEL7
"3.10.0-123.el7"
"3.10.0-123.1.2.el7"
"3.10.0-123.4.2.el7"
"3.10.0-123.4.4.el7"
"3.10.0-123.6.3.el7"
"3.10.0-123.8.1.el7"
"3.10.0-123.9.2.el7"
"3.10.0-123.9.3.el7"
"3.10.0-123.13.1.el7"
"3.10.0-123.13.2.el7"
"3.10.0-123.20.1.el7"
"3.10.0-229.el7"
"3.10.0-229.1.2.el7"
"3.10.0-229.4.2.el7"
"3.10.0-229.7.2.el7"
"3.10.0-229.11.1.el7"
"3.10.0-229.14.1.el7"
"3.10.0-229.20.1.el7"
"3.10.0-229.24.2.el7"
"3.10.0-229.26.2.el7"
"3.10.0-229.28.1.el7"
"3.10.0-229.30.1.el7"
"3.10.0-229.34.1.el7"
"3.10.0-229.38.1.el7"
"3.10.0-229.40.1.el7"
"3.10.0-229.42.1.el7"
"3.10.0-327.el7"
"3.10.0-327.3.1.el7"
"3.10.0-327.4.4.el7"
"3.10.0-327.4.5.el7"
"3.10.0-327.10.1.el7"
"3.10.0-327.13.1.el7"
"3.10.0-327.18.2.el7"
"3.10.0-327.22.2.el7"
"3.10.0-327.28.2.el7"
"3.10.0-327.28.3.el7"
"3.10.0-327.36.1.el7"
"3.10.0-327.36.2.el7"
"3.10.0-229.1.2.ael7b"
"3.10.0-229.4.2.ael7b"
"3.10.0-229.7.2.ael7b"
"3.10.0-229.11.1.ael7b"
"3.10.0-229.14.1.ael7b"
"3.10.0-229.20.1.ael7b"
"3.10.0-229.24.2.ael7b"
"3.10.0-229.26.2.ael7b"
"3.10.0-229.28.1.ael7b"
"3.10.0-229.30.1.ael7b"
"3.10.0-229.34.1.ael7b"
"3.10.0-229.38.1.ael7b"
"3.10.0-229.40.1.ael7b"
"3.10.0-229.42.1.ael7b"
"4.2.0-0.21.el7"
# RHEL5
"2.6.24.7-74.el5rt"
"2.6.24.7-81.el5rt"
"2.6.24.7-93.el5rt"
"2.6.24.7-101.el5rt"
"2.6.24.7-108.el5rt"
"2.6.24.7-111.el5rt"
"2.6.24.7-117.el5rt"
"2.6.24.7-126.el5rt"
"2.6.24.7-132.el5rt"
"2.6.24.7-137.el5rt"
"2.6.24.7-139.el5rt"
"2.6.24.7-146.el5rt"
"2.6.24.7-149.el5rt"
"2.6.24.7-161.el5rt"
"2.6.24.7-169.el5rt"
"2.6.33.7-rt29.45.el5rt"
"2.6.33.7-rt29.47.el5rt"
"2.6.33.7-rt29.55.el5rt"
"2.6.33.9-rt31.64.el5rt"
"2.6.33.9-rt31.67.el5rt"
"2.6.33.9-rt31.86.el5rt"
# RHEL6
"2.6.33.9-rt31.66.el6rt"
"2.6.33.9-rt31.74.el6rt"
"2.6.33.9-rt31.75.el6rt"
"2.6.33.9-rt31.79.el6rt"
"3.0.9-rt26.45.el6rt"
"3.0.9-rt26.46.el6rt"
"3.0.18-rt34.53.el6rt"
"3.0.25-rt44.57.el6rt"
"3.0.30-rt50.62.el6rt"
"3.0.36-rt57.66.el6rt"
"3.2.23-rt37.56.el6rt"
"3.2.33-rt50.66.el6rt"
"3.6.11-rt28.20.el6rt"
"3.6.11-rt30.25.el6rt"
"3.6.11.2-rt33.39.el6rt"
"3.6.11.5-rt37.55.el6rt"
"3.8.13-rt14.20.el6rt"
"3.8.13-rt14.25.el6rt"
"3.8.13-rt27.33.el6rt"
"3.8.13-rt27.34.el6rt"
"3.8.13-rt27.40.el6rt"
"3.10.0-229.rt56.144.el6rt"
"3.10.0-229.rt56.147.el6rt"
"3.10.0-229.rt56.149.el6rt"
"3.10.0-229.rt56.151.el6rt"
"3.10.0-229.rt56.153.el6rt"
"3.10.0-229.rt56.158.el6rt"
"3.10.0-229.rt56.161.el6rt"
"3.10.0-229.rt56.162.el6rt"
"3.10.0-327.rt56.170.el6rt"
"3.10.0-327.rt56.171.el6rt"
"3.10.0-327.rt56.176.el6rt"
"3.10.0-327.rt56.183.el6rt"
"3.10.0-327.rt56.190.el6rt"
"3.10.0-327.rt56.194.el6rt"
"3.10.0-327.rt56.195.el6rt"
"3.10.0-327.rt56.197.el6rt"
"3.10.33-rt32.33.el6rt"
"3.10.33-rt32.34.el6rt"
"3.10.33-rt32.43.el6rt"
"3.10.33-rt32.45.el6rt"
"3.10.33-rt32.51.el6rt"
"3.10.33-rt32.52.el6rt"
"3.10.58-rt62.58.el6rt"
"3.10.58-rt62.60.el6rt"
# RHEL7
"3.10.0-229.rt56.141.el7"
"3.10.0-229.1.2.rt56.141.2.el7_1"
"3.10.0-229.4.2.rt56.141.6.el7_1"
"3.10.0-229.7.2.rt56.141.6.el7_1"
"3.10.0-229.11.1.rt56.141.11.el7_1"
"3.10.0-229.14.1.rt56.141.13.el7_1"
"3.10.0-229.20.1.rt56.141.14.el7_1"
"3.10.0-229.rt56.141.el7"
"3.10.0-327.rt56.204.el7"
"3.10.0-327.4.5.rt56.206.el7_2"
"3.10.0-327.10.1.rt56.211.el7_2"
"3.10.0-327.13.1.rt56.216.el7_2"
"3.10.0-327.18.2.rt56.223.el7_2"
"3.10.0-327.22.2.rt56.230.el7_2"
"3.10.0-327.28.2.rt56.234.el7_2"
"3.10.0-327.28.3.rt56.235.el7"
"3.10.0-327.36.1.rt56.237.el7"
)
KPATCH_MODULE_NAMES=(
"kpatch_3_10_0_327_36_1_1_1"
"kpatch_3_10_0_327_36_2_1_1"
"kpatch_3_10_0_229_4_2_1_1"
"kpatch_3_10_0_327_28_3_1_1"
"kpatch_3_10_0_327_28_2_1_1"
"kpatch_3_10_0_327_13_1_1_1"
"kpatch_3_10_0_327_10_1_1_2"
"kpatch_3_10_0_327_4_5_1_1"
"kpatch_3_10_0_229_14_1_1_1"
"kpatch_3_10_0_229_42_1_1_1"
"kpatch_3_10_0_327_22_2_1_2"
)
running_kernel=$( uname -r )
# Check supported platform
if [[ "$running_kernel" != *".el"[5-7]* ]]; then
echo -e "${RED}This script is only meant to detect vulnerable kernels on Red Hat Enterprise Linux 5, 6 and 7.${RESET}"
exit 4
fi
# Check kernel if it is vulnerable
for tested_kernel in "${VULNERABLE_VERSIONS[@]}"; do
if [[ "$running_kernel" == *"$tested_kernel"* ]]; then
vulnerable_kernel=${running_kernel}
break
fi
done
# Check if kpatch is installed
modules=$( lsmod )
for tested_kpatch in "${KPATCH_MODULE_NAMES[@]}"; do
if [[ "$modules" == *"$tested_kpatch"* ]]; then
applied_kpatch=${tested_kpatch}
break
fi
done
# Check mitigation
mitigated=0
while read -r line; do
if [[ "$line" == *"$MITIGATION_ON"* ]]; then
mitigated=1
elif [[ "$line" == *"$MITIGATION_OFF"* ]]; then
mitigated=0
fi
done < <( dmesg )
# Result interpretation
result=${VULNERABLE}
if (( mitigated )); then
result=${MITIGATED}
fi
if [[ ! "$vulnerable_kernel" ]]; then
result=${SAFE_KERNEL}
elif [[ "$applied_kpatch" ]]; then
result=${SAFE_KPATCH}
fi
# Print result
if [[ ${result} == "$SAFE_KERNEL" ]]; then
echo -e "${GREEN}Your kernel is ${RESET}$running_kernel${GREEN} which is NOT vulnerable.${RESET}"
exit 0
elif [[ ${result} == "$SAFE_KPATCH" ]]; then
echo -e "Your kernel is $running_kernel which is normally vulnerable."
echo -e "${GREEN}However, you have kpatch ${RESET}$applied_kpatch${GREEN} applied, which fixes the vulnerability.${RESET}"
exit 1
elif [[ ${result} == "$MITIGATED" ]]; then
echo -e "${YELLOW}Your kernel is ${RESET}$running_kernel${YELLOW} which IS vulnerable.${RESET}"
echo -e "${YELLOW}You have a partial mitigation applied.${RESET}"
echo -e "This mitigation protects against most common attack vectors which are already exploited in the wild,"
echo -e "but does not protect against all possible attack vectors."
echo -e "Red Hat recommends that you update your kernel as soon as possible."
exit 2
else
echo -e "${RED}Your kernel is ${RESET}$running_kernel${RED} which IS vulnerable.${RESET}"
echo -e "Red Hat recommends that you update your kernel. Alternatively, you can apply partial"
echo -e "mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 ."
exit 3
</pre>
</div>
<br />
run it as below<br />
<br />
<b>Ex</b> : ./bug-checker.sh it will show you whether your system is affected or not.<br />
<br />
<br />
<h2 style="text-align: left;">
<div data-class="affiliateAdsByFlipkart" data-widgettype="Push Content" data-wrid="WRID-149577761152228591" height="250" width="300">
</div>
<script async="" src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script> <u><b> How to Apply Fix if affected</b></u> </h2>
Once you know that you system is affected, you have to update the kernel for your system to get rid of this bug, but you need to know based on you system which version of kernel would be needed to resolve this issue, So here is the base version list as per OS version which you need to install. Minimum this version would be needed to to clean the dirty COW :)<br />
<br />
<u>RHEL 5 :</u> <br />
<br />
kernel-2.6.18-416<br />
kernel-devel-2.6.18<br />
kernel-headers-2.6.18<br />
<br />
<u>RHEL 6 :</u> <br />
<br />
kernel-2.6.32<br />
kernel-devel-2.6.32<br />
kernel-headers-2.6.32<br />
<br />
<u>RHEL 7</u> <br />
<br />
kernel-3.10.0<br />
kernel-devel-3.10.0<br />
kernel-headers-3.10.0<br />
<br />
<u>Ubuntu</u> <br />
<br />
4.8.0-26.28 for Ubuntu 16.10<br />
4.4.0-45.66 for Ubuntu 16.04 LTS<br />
3.13.0-100.147 for Ubuntu 14.04 LTS<br />
3.2.0-113.155 for Ubuntu 12.04 LTS<br />
<br />
<u>Debian</u> <br />
<br />
3.16.36-1+deb8u2 for Debian 8<br />
3.2.82-1 for Debian 7<br />
4.7.8-1 for Debian unstable <u><b> </b></u><br />
<br />
<u><b>Note </b></u>: And reboot required for new kernel to take effect<br />
<br />
<h3 style="text-align: left;">
<u><b>Preparation :</b></u></h3>
Your server might be important to you and for that you need to follow below steps so that after reboot all the services should be running as previous<br />
<br />
<h4 style="text-align: left;">
<u>ą¤°ą¤æą¤¬ą„ą¤ ą¤ą„ ą¤Ŗą¤¹ą¤²ą„ (Before Reboot) :</u></h4>
As you have done with installing kernel packages make sure to check<br />
<ol style="text-align: left;">
<li>All the necessary services are made chkconfig to start upon server reboot</li>
<li>If you have any mount points it should be umount first and need to remount after server reboot</li>
<li>Take backup of Database if you are rebooting the mysql production just a precautionary measure.</li>
<li> Put the site on maintenance mode by showing 503 status code</li>
<li>reboot the server.</li>
</ol>
<div style="text-align: left;">
<h4 style="text-align: left;">
<u>ą¤°ą¤æą¤¬ą„ą¤ ą¤ą„ ą¤¬ą¤¾ą¤¦ (After Reboot) :</u></h4>
</div>
<div style="text-align: left;">
</div>
<div style="text-align: left;">
<ol style="text-align: left;">
<li>Check new version of Kernel is showing or not by running command uname -a</li>
<li>Run above script again to verify.</li>
<li>Check if all necessary services are UP and running.</li>
<li>Check mounts points</li>
<li>Check if emails are going or not.</li>
<li>Check connectivity between server.</li>
<li>Check the production/stage site hosted on a server.</li>
</ol>
<span style="color: red;"><span style="font-size: large;"><span style="font-family: "georgia" , "times new roman" , serif;">You are good now, be happy till the NEW BUG hit the Linux World :) :D LOL</span></span> </span><br />
<span style="color: red;"> </span> <br />
<h4 style="text-align: left;">
<u>References :</u> </h4>
</div>
<div>
<ol style="text-align: left;">
<li>https://magento.com/security/vulnerabilities/new-linux-operating-system-vulnerability</li>
<li>https://access.redhat.com/security/vulnerabilities/2706661</li>
<li>https://dirtycow.ninja/</li>
</ol>
</div>
<br />
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span> </div>
Unknownnoreply@blogger.com22tag:blogger.com,1999:blog-7238678089316726113.post-46853681889917346952016-11-30T10:29:00.001-08:002018-10-01T12:55:16.012-07:00Optimization of Redis<div dir="ltr" style="text-align: left;" trbidi="on"><div dir="ltr" style="text-align: left;" trbidi="on"><div><div dir="ltr" style="text-align: left;" trbidi="on"><br />
<div style="text-align: left;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">In this Post, I am going to cover how to optimized <a href="https://blogs.perficientdigital.com/2018/09/18/using-caching-technology-to-boost-e-commerce-business/" target="_blank"><span style="font-size: large;"><span style="color: red;">REDIS </span></span></a>(recently i was reading this random blog giving more clear insight on what is redis and what the use of it in real world) instances as per our requirement. if you are not aware about REDIS at all, you can refer to my previous post where i have covered</span></span></span></span></div><span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span> <span style="font-family: inherit;"><span style="font-family: inherit;"> </span><span style="font-family: inherit;"> </span></span><br />
<table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr><td bgcolor="#E9CFEC"><ol style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">How To install REDIS on Centos/Redhat servers which goes <a href="http://www.linuxforeveryone.com/2016/09/redis-on-linux-server.html" target="_blank">here</a>.</span></span></span></li>
<span style="font-family: inherit;"><span style="font-family: inherit;"> <span style="font-family: inherit;"> </span> </span></span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">How To Create Multiple instances of REDIS which goes <a href="http://www.linuxforeveryone.com/2016/10/multiple-instances-of-redis.html" target="_blank">here</a>.</span></span></span></span></li>
<span style="font-family: inherit;"><span style="font-family: inherit;"> <span style="font-family: inherit;"> </span> </span></span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">What is the Best Standard method to configure REDIS which goes <a href="http://www.linuxforeveryone.com/2016/10/standard-configuration-file-for-redis.html" target="_blank">here</a>.</span></span></span></span></li>
</ol></td></tr>
</tbody></table></div><span style="font-family: inherit;"><br />
</span> <span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">So, Lets see how to optimize our redis server. few points you need to keep in mind that which are important while doing optimization and we are going to learn more about shortly.</span></span></span></span><br />
<span style="font-family: inherit;"><br />
</span> <br />
<br />
<span style="font-family: inherit;"><span style="font-size: small;"><span style="font-family: "verdana" , sans-serif;"><b><span style="color: red;">For Freelance Work & Queries Contact me by Email Id</span> support@linuxforeveryone.com</b></span></span> </span> <br />
<span style="font-family: inherit;"><br />
</span> <br />
<table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><ol><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">Remove any errors you are seeing under redis logs</span></span></span></span></li>
<span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"> </span></span></span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">Check the amount of cache size your site is using for each port</span></span></span></span></li>
<span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"> </span></span></span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">Set proper eviction policy for redis keys</span></span></span></span></li>
<span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"> </span></span></span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;">Set proper kernel Settings to make redis run properly.</span></span></span></span></li>
</ol></td></tr>
</tbody></table><span style="font-family: inherit;"></span><br />
<span style="font-family: inherit; font-size: small;"><br />
</span> <span style="font-family: inherit; font-size: small;"><span style="font-family: "verdana" , sans-serif; font-size: xx-small;">1) Disable HugePage for kernel</span></span><br />
<span style="font-family: inherit;"><br />
</span> <br />
<table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><ul style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"># echo never > /sys/kernel/mm/transparent_hugepage/enabled</span></span></span></span></span></li>
</ul><ul style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"> Add above line in /etc/rc.local file as well so that after server reboot it should be there,else your optimized value will be vanish.</span></span></span></span></span></li>
</ul></td></tr>
</tbody></table></div></div><br />
<iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//ws-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=IN&source=ac&ref=tf_til&ad_type=product_link&tracking_id=sushi07-21&marketplace=amazon®ion=IN&placement=B01N4J3WAE&asins=B01N4J3WAE&linkId=6fdeda2420547536e99a9dc782748691&show_border=false&link_opens_in_new_window=false&price_color=333333&title_color=0066c0&bg_color=ffffff"><br />
</iframe><br />
<br />
<br />
<br />
<span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-family: "verdana" , sans-serif; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">2) Tcp-backlog</span></span><br />
<span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span> <br />
<table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><div class="Paragraph SCX182064931" lang="EN-US" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: transparent; color: windowtext; font-style: normal; font-weight: normal; margin: 0px; padding: 0px; text-align: left; user-select: text; vertical-align: baseline; word-wrap: break-word;"><ul><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span class="TextRun SCX182064931" lang="EN-US" style="background-color: transparent; color: windowtext; font-size: 11pt; font-style: normal; font-weight: normal; line-height: 18px; margin: 0px; padding: 0px; text-decoration: none;"><span class="NormalTextRun SCX182064931" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">echo 511 > /proc/sys/net/core/somaxconn</span></span><span class="EOP SCX182064931" style="font-size: 11pt; line-height: 18px; margin: 0px; padding: 0px;"> </span></span></span></span></span></li>
</ul></div><ul style="text-align: left;"></ul><ul style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span class="TextRun SCX182064931" lang="EN-US" style="background-color: transparent; color: windowtext; font-size: 11pt; font-style: normal; font-weight: normal; line-height: 18px; margin: 0px; padding: 0px; text-decoration: none;"><span class="NormalTextRun SCX182064931" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;"> add it to your /etc/rc.local as well</span></span></span></span></span></span></li>
</ul></td></tr>
</tbody></table><span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span> <span style="background-color: white; color: black; display: inline; float: none; font-family: inherit; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"> </span><span style="font-family: "verdana" , sans-serif; font-size: xx-small;"><span style="background-color: white; color: black; display: inline; float: none; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">3)</span><span style="background-color: white; color: black; display: inline; float: none; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Maxmemory </span></span></span><br />
<br />
<br />
<table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><ul style="text-align: left;"></ul><ul style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px;"> </span></span></span><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px;"> </span></span></span></span><span style="background-color: white; font-family: "georgia" , "times new roman" , serif; font-size: 14.6667px;">For Full Page Cache set = (as per the data you get by running below command + 500 MB)</span></li>
<li><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"> For session/cache = (</span></span><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">as per the data you get by running below command + 200 MB</span>)</span> </span></span></span></li>
</ul></td></tr>
</tbody></table><div style="text-align: left;"><span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span> <span style="font-family: inherit;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><i><b><u>Command </u></b></i>: </span><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span class="TextRun SCX212036525" lang="EN-US" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: windowtext; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; line-height: 18px; margin: 0px; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span class="SpellingError SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; background-image: url("data:image/gif; background-position: left bottom; background-repeat: repeat-x; border-bottom: 1px solid transparent; margin: 0px; padding: 0px; user-select: text;">redis</span><span class="NormalTextRun SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">-cli -h [</span><span class="SpellingError SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; background-image: url("data:image/gif; background-position: left bottom; background-repeat: repeat-x; border-bottom: 1px solid transparent; margin: 0px; padding: 0px; user-select: text;">Redis</span><span class="NormalTextRun SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;"><span class="Apple-converted-space"> </span>Local IP] -p [</span><span class="SpellingError SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; background-image: url("data:image/gif; background-position: left bottom; background-repeat: repeat-x; border-bottom: 1px solid transparent; margin: 0px; padding: 0px; user-select: text;">redis_port</span><span class="NormalTextRun SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">] info | grep "</span><span class="SpellingError SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; background-image: url("data:image/gif; background-position: left bottom; background-repeat: repeat-x; border-bottom: 1px solid transparent; margin: 0px; padding: 0px; user-select: text;">used_memory</span><span class="NormalTextRun SCX212036525" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">.*human"</span></span></span></span></span></span></div><span style="font-family: inherit;"><span style="font-family: inherit;"><span class="EOP SCX212036525" style="background-color: white; color: black; font-size: 11pt; font-style: normal; font-weight: normal; letter-spacing: normal; line-height: 18px; margin: 0px; padding: 0px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;"> </span></span></span></span><br />
<div style="text-align: left;"><br />
</div><div style="text-align: left;"><span style="font-family: inherit;"><span style="font-family: "verdana" , sans-serif; font-size: xx-small;"><span style="background-color: white; color: black; display: inline; float: none; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">4) </span><span class="TextRun SCX195430220" lang="EN-US" style="background-color: transparent; font-style: normal; font-weight: normal; letter-spacing: normal; line-height: 18px; margin: 0px; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span class="NormalTextRun SCX195430220" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;">Maxmemory-policy</span></span></span></span><br />
<span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span> <span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "verdana" , sans-serif;"><span class="TextRun SCX195430220" lang="EN-US" style="-webkit-text-stroke-width: 0px; background-color: transparent; color: windowtext; font-size: 11pt; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; line-height: 18px; margin: 0px; padding: 0px; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span class="NormalTextRun SCX195430220" style="-webkit-tap-highlight-color: transparent; -webkit-user-drag: none; background-color: inherit; margin: 0px; padding: 0px; user-select: text;"><table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><ul></ul><ul><li><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">maxmemory-policy allkeys-lru</span></span></span></li>
</ul><ul></ul></td></tr>
</tbody></table></span></span></span></span></span><span style="font-family: inherit;"><span style="font-family: inherit;"><span class="EOP SCX195430220" style="background-color: white; color: black; font-size: 11pt; font-style: normal; font-weight: normal; letter-spacing: normal; line-height: 18px; margin: 0px; padding: 0px; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "verdana" , sans-serif;"> </span></span></span></span></div><div style="text-align: left;"><span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span></div><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-family: "verdana" , sans-serif; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">5) To avoid background save fail under low memory condition</span></span><br />
<span style="font-family: inherit;"><span style="font-family: inherit;"><br />
</span></span> <span style="font-family: inherit;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "verdana" , sans-serif;"><table align="center" border="1" cellpadding="1" style="width: 700px;" table=""><tbody>
<tr> <td bgcolor="#E9CFEC"><ul style="text-align: left;"><li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;">Add 'vm.overcommit_memory = 1' to /etc/sysctl.conf (if not present)</span></span></span></span></li>
<span style="font-family: inherit;"> </span></ul><ul style="text-align: left;"><span style="font-family: inherit;"> </span>
<li><span style="font-family: inherit;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><span style="font-family: "georgia" , "times new roman" , serif;">Run command "sysctl vm.overcommit_memory=1" as root (if not present)</span></span></span></span></li>
</ul></td></tr>
</tbody></table></span></span></span></span><br />
<span style="font-family: inherit;"><span style="font-family: inherit;"><span style="background-color: white; color: black; display: inline; float: none; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><br />
</span></span></span> <br />
<span style="background-color: white; color: black; display: inline; float: none; font-family: "calibri" , sans-serif; font-size: 14.6667px; font-style: normal; font-weight: normal; letter-spacing: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><br />
</span></div>Unknownnoreply@blogger.com30tag:blogger.com,1999:blog-7238678089316726113.post-44478336571431884332016-10-27T00:54:00.001-07:002018-10-01T12:57:22.539-07:00Standard Configuration file for Redis<div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "georgia" , "times new roman" , serif;">In my earlier post i have covered how to run multiple instances of <a href="http://www.linuxforeveryone.com/2016/09/redis-on-linux-server.html" target="_blank">redis </a>also showed through a <a href="http://www.linuxforeveryone.com/2016/10/multiple-instances-of-redis.html" target="_blank">video </a>how it can done.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;">In this post, I am going to cover best suitable <a href="https://blogs.perficientdigital.com/2018/09/18/using-caching-technology-to-boost-e-commerce-business/" target="_blank"><span style="font-size: large;"><span style="color: red;">redis </span></span></a>(recently i come across this beautiful blog simplifying the concept of redis and its uses in real world) configuration file structure to have to minimize confusion to identify which ports belong to which cache.</span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;">for example if you are having several ports configured for redis, how you will determine which port is associated with which redis cache.So in our case i.e redis with Magento, we normally used 3 types of cache</span><br />
<ul style="text-align: left;"><li><span style="font-family: "georgia" , "times new roman" , serif;">Cache (magneto configuration files cache) </span></li>
<li><span style="font-family: "georgia" , "times new roman" , serif;">Full Page Cache</span></li>
<li><span style="font-family: "georgia" , "times new roman" , serif;">Session Cache </span></li>
</ul><div><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></div><div><br />
<br />
<div data-class="affiliateAdsByFlipkart" data-responsive="yes" data-widgettype="staticBanner" data-wrid="WRID-151579178529121278" height="250" width="300"></div><script async="" src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script><br />
<br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;">So, to avoid confusion among the ports and its associated cache, i would recommend to use following data in your redis configuration for each port respectively as shown.</span><br />
<br />
<span style="font-size: small;"><span style="font-family: "verdana" , sans-serif;"><b><span style="color: red;">For Freelance Work & Queries Contact me by Email Id</span> support@linuxforeveryone.com</b></span></span></div><div><br />
</div><div>1) <span style="font-family: "georgia" , "times new roman" , serif;">Create a file with name redis-base.conf under /etc/ and put the below content in it.</span><br />
<br />
<div style="background-color: #fcfadd; color: #714d03; height: 400px; line-height: 1em; overflow: scroll; padding: 1px; width: 500px;">vi /etc/redis-base.conf <br />
<br />
daemonize yes<br />
timeout 0<br />
tcp-keepalive 0 <br />
loglevel warning<br />
databases 2<br />
stop-writes-on-bgsave-error yes<br />
rdbcompression no<br />
maxmemory-policy volatile-lru <br />
appendonly no (disabling Append Only File) used for persistence <br />
appendfsync everysec OR always ? <br />
no-appendfsync-on-rewrite no<br />
slowlog-log-slower-than 10000<br />
slowlog-max-len 1024<br />
list-max-ziplist-entries 512<br />
list-max-ziplist-value 64<br />
set-max-intset-entries 512<br />
zset-max-ziplist-entries 128<br />
zset-max-ziplist-value 64<br />
activerehashing yes<br />
slave-serve-stale-data yes<br />
auto-aof-rewrite-percentage 100<br />
auto-aof-rewrite-min-size 64mb<br />
tcp-backlog 511<br />
tcp-keepalive 0<br />
repl-disable-tcp-nodelay no</div><br />
<span style="font-family: "georgia" , "times new roman" , serif;">above parameters will be common for all redis instances we are going to use for Cache, Full Page Cache and Session cache.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;">2) Configuration file for Full Page cache</span><br />
<br />
<br />
<iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//ws-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=IN&source=ac&ref=tf_til&ad_type=product_link&tracking_id=sushi07-21&marketplace=amazon®ion=IN&placement=B01A8IIO9W&asins=B01A8IIO9W&linkId=63466c43b99f5db7c359576e72f136db&show_border=false&link_opens_in_new_window=false&price_color=333333&title_color=0066c0&bg_color=ffffff"><br />
</iframe><br />
<br />
<br />
<br />
<br />
<div style="background-color: #fcfadd; color: #714d03; height: 200px; line-height: 1em; overflow: scroll; padding: 1px; width: 500px;">vi /etc/<span style="font-family: "calibri"; font-size: 11.0pt; font-style: normal; font-weight: normal;">redis-fpc.conf</span><br />
<br />
<span style="font-family: "calibri"; font-size: 11.0pt; font-style: normal; font-weight: normal;"> </span><br />
<div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">include /etc/redis/redis-base.conf</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">port 6381</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">pidfile /var/run/redis/redis-fpc.pid</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">logfile /var/log/redis/fpc.log</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">dir /var/lib/redis/fpc</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">maxmemory 1gb</div></div><div><br />
</div><span style="font-family: "georgia" , "times new roman" , serif;"> </span> <span style="font-family: "georgia" , "times new roman" , serif;"><span style="font-size: 11.0pt; font-style: normal; font-weight: normal;">3) </span>Configuration file for Session file</span><br />
<br />
<div style="background-color: #fcfadd; color: #714d03; height: 200px; line-height: 1em; overflow: scroll; padding: 1px; width: 500px;">vi /etc/<span style="font-family: "calibri"; font-size: 11.0pt; font-style: normal; font-weight: normal;">redis-ses.conf</span><br />
<br />
<div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">include /etc/redis/redis-base.conf</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">port 6380</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">pidfile /var/run/redis/redis-ses.pid</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">logfile /var/log/redis/ses.log</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">dir /var/lib/redis/ses</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">maxmemory 1gb</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"></div>save 900 1<br />
<div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">save 300 10</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">save 60 10000</div></div><div></div><div></div><br />
<span style="font-family: "georgia" , "times new roman" , serif;">4) Configuration file for Cache</span><br />
<br />
<div style="background-color: #fcfadd; color: #714d03; height: 200px; line-height: 1em; overflow: scroll; padding: 1px; width: 500px;">vi /etc/redis-obj.conf<br />
<br />
<div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">include /etc/redis/redis-base.conf</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">port 6379</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">pidfile /var/run/redis/redis-obj.pid</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">logfile /var/log/redis/obj.log</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">dir /var/lib/redis/obj</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;">maxmemory 3gb</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"></div></div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"><br />
</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"><span style="font-family: "georgia" , "times new roman" , serif;">We are including the base file /etc/redis/redis-base.conf within every configuration files as the base file is having common variables which would be require for cache/full_page_cache and session cache.</span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif;">Let me know if you have any queries on above post, you can reach to me anytime.</span></div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"><br />
</div><div lang="en-US" style="font-family: Calibri; font-size: 11.0pt; margin: 0in;"><br />
</div></div><div><br />
</div></div>Unknownnoreply@blogger.com4Nagpur, Maharashtra, India21.120373561794867 79.09057617187520.646076061794869 78.445129171875 21.594671061794866 79.736023171875tag:blogger.com,1999:blog-7238678089316726113.post-34051697396911732092016-10-16T23:10:00.001-07:002019-04-04T14:33:32.809-07:00Multiple instances of redis<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<br /></div>
In the last post I have covered how to install redis server on Centos/Rhel using rpm method and yum method and some troubleshooting skills.<br />
<br />
In this post i am going to cover how to install and configure redis to run with multiple ports.<br />
<br />
<br />
<div>
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b><u>But why we need more ports ?</u></b></td></tr>
</tbody></table>
</div>
<div>
<br />
<br /></div>
<div style="text-align: left;">
If you have read my earlier post , you already know that by default redis runs on single port 6379, which any one can use it for small website to cache the data. But for heavy website like magento we need to use additional ports along with 6379 to serve different cache from different ports.<br />
<br />
Like in Magento there is simple cache which is normally stored under /var/cache directory. Then there is Full Page Cache which is stored under /var/full_page_cache and session cache which is stored under /var/session_cache.<br />
<br />
<b>Note </b>: Discussion about cache/full page cache/session is not under the scope for this document.</div>
<div>
<br />
<br />
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b><u> <b>Where it is Beneficial then ?</b></u> </b></td></tr>
</tbody></table>
<br />
<br /></div>
<div>
Many of the website are using redis to fasten their response time to the end user using the advantages of redis. So if you want your website should serve as fast as possible then you should think of using redis in your environment.</div>
<div>
<br /></div>
<div>
But for beginners the question is ? how redis does that ? so the simplest answer i can give is </div>
<div>
when you visit any website for first time, your browser sends a request to the server asking for data</div>
<div>
the server in return get the data from the application/database hosted on server and serve to browser and then to you.</div>
<div>
<br /></div>
<div>
This is the normal situation, where there is only browser-server in back-end application (may be php) and database (may be mysql)</div>
<div>
<br /></div>
<div>
<br />
<br />
<script language="javascript" type="text/javascript">
var aax_size='728x90';
var aax_pubname = 'sushi07-21';
var aax_src='302';
</script><br />
<script language="javascript" src="https://c.amazon-adsystem.com/aax2/assoc.js" type="text/javascript"></script><br />
<br />
<br />
<br />
but when redis is in use, browser sends the request to the server, it then checks whether the request which browser has made is available in redis database or not (means cache here), if the data present then it get served to the browser from redis itself, so here asking data from application/database gets eliminated.</div>
<div>
<br /></div>
<div>
so the total computation power needed for any application/database to generate requested data for the browser get saved. and then get served by REDIS. This situation is very much needed in environment serving lots of users like some big social media sites and eCommerce sites.</div>
<div>
<br />
<br />
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 500px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b><u>Create Multiple Instances of Redis</u> </b></td></tr>
</tbody></table>
<br />
</div>
<div>
So, let move towards creating additional instances of redis, I am assuming you already have installed redis on your linux server, if in any case if you are not, then you refer the <a href="http://www.linuxforeveryone.com/2016_09_01_archive.html" target="_blank">LINK</a> for the installation of redis on Centos/Rhel server.</div>
<div>
<ul style="text-align: left;"></ul>
</div>
<div>
<br />
<br /></div>
<div>
<b>Step 1 </b>: Check first redis is listening on its default port i.e 6379 by running below command.<br />
<br /></div>
<div>
<textarea cols="90" rows="1" style="height: 64px; margin: 0px; width: 660px;"> # wget http://download.fedoraproject.org/pub/epel/6/x86_64/redis-2.4.10-1.el6.x86_64.rpm </textarea></div>
<div>
<br /></div>
<div>
which means your redis single instance is UP and running on the server. Now after every package installation normally two types of files gets created for redis.<br />
<ul style="text-align: left;">
<li>First is init file</li>
<li>Second is Configuration file</li>
</ul>
Init file location on the Centos/Rhel server is /etc/init.d/<br />
Configuration file location on Centos/Rhel server is /etc/redis.conf <b></b> <b><br />
<br />
</b><br />
<div data-class="affiliateAdsByFlipkart" data-responsive="yes" data-widgettype="staticBanner" data-wrid="WRID-151579178529121278" height="250" width="300">
</div>
<script async="" src="//affiliate.flipkart.com/affiliate/widgets/FKAffiliateWidgets.js"></script><b><br />
<br />
Step 2 </b>: Now, install it using below command.</div>
<div>
<br /></div>
<div>
<textarea cols="90" rows="3"> # rpm -ivh redis-2.4.10-1.el6.x86_64.rpm Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Preparing... ########################################### [100%]Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā 1:redis ########################################### [100%] </textarea><br />
<div>
<br /></div>
</div>
Which means your redis package is installed now on your linux machine using rpm method.<br />
<br />
<br />
<u><span style="font-family: "courier new" , "courier" , monospace; font-size: large;">By YUM Method :-</span></u><br />
<br />
<br />
<b>Step 1 </b>: For yum method, we first need to install repository containing the redis package by running below command<br />
<br />
<textarea cols="90" rows="2"># wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Ā Ā Ā Ā Ā # rpm -ivh epel-release-6-8.noarch.rpm</textarea><br />
<br />
it will create "epel.repo" file under /etc/yum.repos.d/<br />
<br />
<textarea cols="90" rows="2"># yum clean all Ā ==== > it will clean the local package cache Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # yum install redis</textarea><br />
<br />
That its redis is installed on your server now using yum method. Only difference between rpm method and yum method is yum finds the dependecny of package required for redis to get it install.<br />
<br />
means if redis also need to redis-server package to run properly then yum will install both at the same time.But rpm will not do it, instead it will install only redis package on the server.<br />
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b>Status Check</b> </td></tr>
</tbody></table>
<br />
Next thing is to check how to verify redis is working properly or not, so to check that we have to run below commands<br />
<br />
<textarea cols="90" rows="4"># service redis status Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis stop Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis start Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis restart</textarea><br />
<br />
commands explains it all, but thats command will run only on Centos/RHEL server upto OS version 6. For RHEL/Centos 7 there will be different commands to run.<br />
<br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span></div>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script></div>
Unknownnoreply@blogger.com35tag:blogger.com,1999:blog-7238678089316726113.post-46850369356017323442016-09-24T06:49:00.002-07:002018-09-19T06:22:43.176-07:00Redis on Linux Server<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<div>
<br /></div>
<br />
<div style="text-align: left;">
From this post, I am starting a series of posts/pages which will mostly based on <span style="color: red;"><span style="color: red;"><span style="font-size: large;"><a href="https://blogs.perficientdigital.com/2018/09/18/using-caching-technology-to-boost-e-commerce-business/" target="_blank">caching</a></span></span></span> (recently i read this blog and found out quite simple to understand about what and why we need caching) mechanism like Redis, Memcache, Apc, Varnish are the few to list. So, here on this post i am going to cover REDIS first. After reading this post, you will get to know</div>
<br />
<br />
<div>
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> What is Redis ?</b></td></tr>
</tbody></table>
</div>
<div>
<br />
<br /></div>
<div style="text-align: left;">
So, Redis is "no-sql" database which is used to stores data as keys. which is mainly used as database,as caching for website across the globe. NoSql means, there is no structure query language like mysql in redis, instead its data structure.</div>
<div>
<br />
<br />
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b> <b>Where it is Beneficial ?</b> </b></td></tr>
</tbody></table>
<br />
<br /></div>
<div>
Many of the website are using redis to fasten their response time to the end user using the advantages of redis. So if you want your website should serve as fast as possible then you should think of using redis in your environment.</div>
<div>
<br /></div>
<div>
But for beginners the question is ? how redis does that ? so the simplest answer i can give is </div>
<div>
when you visit any website for first time, your browser sends a request to the server asking for data</div>
<div>
the server in return get the data from the application/database hosted on server and provides to browser and then to you.</div>
<div>
<br /></div>
<div>
This is the normal situation, where there is only browser-server in back-end application (may be php) and database (may be mysql)</div>
<div>
<br /></div>
<div>
but when redis is in use, browser send the request to the server, it then check whether the request which browser has made is available in redis database or not (means cache here) , if the data presents then it get served to the browser from redis itself , so here asking data from application/database gets eliminated.</div>
<div>
<br /></div>
<div>
so the total computation power needed for any application/database to generate requested data for the browser get saved. This situation is very much needed in environment serving lots of users like some big social media sites and eCommerce sites.<br />
<br />
(Recently i read this <span style="font-size: large;"><a href="https://blogs.perficientdigital.com/2018/09/18/using-caching-technology-to-boost-e-commerce-business/" target="_blank"><span style="color: red;">blog</span> </a></span>and found out quite simple to understand about what and why we need caching) </div>
<div>
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 500px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b>How to install Redis ? (Centos/Rhel/Ubuntu)</b></td></tr>
</tbody></table>
<br />
</div>
<div>
So, let move towards installation of redis on (Centos/Rhel/Ubuntu). For this you will need,</div>
<div>
<ul style="text-align: left;">
<li>Linux server (Centos/Rhel/Ubuntu)</li>
<li>Root login to the server or Sudo login </li>
<li>Internet to the server</li>
</ul>
</div>
<div>
<br />
<br />
<u><span style="font-family: "courier new" , "courier" , monospace; font-size: large;">By RPM Method :-</span></u><br />
<br />
<br />
<br /></div>
<div>
<b>Step 1 </b>: In order to install redis on Linux server , you would need to install the some online repository first on the server containing the redis package. </div>
<div>
<br /></div>
<div>
Run below command as root/sudo, it will download the rpm package for repo on your machine.</div>
<div>
<br /></div>
<div>
<textarea cols="90" rows="1"> # wget http://download.fedoraproject.org/pub/epel/6/x86_64/redis-2.4.10-1.el6.x86_64.rpm </textarea></div>
<div>
<br /></div>
<div>
<b>Step 2 </b>: Now, install it using below command.</div>
<div>
<br /></div>
<div>
<textarea cols="90" rows="3"> # rpm -ivh redis-2.4.10-1.el6.x86_64.rpm Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Preparing... ########################################### [100%]Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā 1:redis ########################################### [100%] </textarea><br />
<div>
<br /></div>
</div>
Which means your redis package is installed now on your linux machine using rpm method.<br />
<br />
<br />
<br />
<u><span style="font-family: "courier new" , "courier" , monospace; font-size: large;">By YUM Method :-</span></u><br />
<br />
<br />
<br />
<b>Step 1 </b>: For yum method, we first need to install repository containing the redis package by running below command<br />
<br />
<textarea cols="90" rows="2"># wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Ā Ā Ā Ā Ā # rpm -ivh epel-release-6-8.noarch.rpm</textarea><br />
<br />
it will create "epel.repo" file under /etc/yum.repos.d/<br />
<br />
<textarea cols="90" rows="2"># yum clean all Ā ==== > it will clean the local package cache Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # yum install redis</textarea><br />
<br />
That its redis is installed on your server now using yum method. Only difference between rpm method and yum method is yum finds the dependecny of package required for redis to get it install.<br />
<br />
means if redis also need to redis-server package to run properly then yum will install both at the same time.But rpm will not do it, instead it will install only redis package on the server.<br />
<br />
<br />
<br />
<table 1="" align="center" cellpadding="1" style="text-align: center; width: 300px;" table=""><tbody>
<tr> <td bgcolor="#C8BBBE"><b>Status Check</b> </td></tr>
</tbody></table>
<br />
Next thing is to check how to verify redis is working properly or not, so to check that we have to run below commands<br />
<br />
<textarea cols="90" rows="4"># service redis status Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis stop Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis start Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā Ā # service redis restart</textarea><br />
<br />
commands explains it all, but thats command will run only on Centos/RHEL server upto OS version 6. For RHEL/Centos 7 there will be different commands to run.<br />
<br />
<br />
You can watch below video for to know about redis installation on linux machine and some troubleshooting skills while installing it.<br />
<br />
<span style="color: orange; font-size: large;"><b>Go and watch and do not forgot to share the post if you like it.</b></span><br />
<br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<iframe allowfullscreen="" class="YOUTUBE-iframe-video" data-thumbnail-src="https://i.ytimg.com/vi/hIYZLbkYtd4/0.jpg" frameborder="0" height="266" src="https://www.youtube.com/embed/hIYZLbkYtd4?feature=player_embedded" width="320"></iframe></div>
<br /></div>
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script><br /></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7238678089316726113.post-55665534816167281682016-08-25T11:30:00.000-07:002018-10-05T11:35:43.046-07:00useful ubuntu/debian commands for sys-Admin<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="text-align: left;">
</div>
<h2 style="text-align: left;">
</h2>
<h2 style="text-align: left;">
</h2>
<h2 style="text-align: left;">
<u></u></h2>
<ul style="text-align: left;">
<li>To clean the cache from system which apt caches when we update/install the packages</li>
</ul>
<table border="1" cellpadding="1" style="text-align: left; width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">apt-get clean </td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
</ul>
<ul style="text-align: left;">
<li> To downloads packages list from repository and update them,to get data on latest available packages</li>
</ul>
<table border="1" cellpadding="1" style="text-align: left; width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">apt-get update </td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
</ul>
<div style="text-align: left;">
<ul style="text-align: left;">
<li> To install specific version of package</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">apt-get install package-name </td></tr>
</tbody></table>
<ul>
<li>To check OS version </li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : lsb_release -a</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
</ul>
<ul style="text-align: left;">
<li>To provides the package's description, its dependencies, the name of its maintainer. apt search, apt show, aptitude search, aptitude show work in the similar manner</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : apt-cache search php5-fpm</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>The checkrestart program tries to determine if there are processes in the system that need to be restarted after a system upgrade .Consequently, checkrestart is sometimes used as an audit tool to find outdated versions of libraries in use, particularly after security upgrades</li>
</ul>
<br />
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : checkrestart -h</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li> List all installed packages, along with package version and short details.</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : dpkg -l php5-fpm</td></tr>
</tbody></table>
<ul style="text-align: left;">
<li>To check OS version </li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : lsb_release -a</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To check memcache version on debian</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : telnet localhost 11211;and type 'version'</td></tr>
</tbody></table>
<br />
<ul style="text-align: left;"><ul></ul>
<li>To check openssl version on debian</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : openssl version -a OR dpkg-query -l | grep openssl</td></tr>
</tbody></table>
<br />
<ul style="text-align: left;"><ul></ul>
<li>To know the date on which current version of OpenSSL was built</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : openssl version -a OR dpkg-query -l | grep openssl</td></tr>
</tbody></table>
<br />
<ul style="text-align: left;"><ul></ul>
<li>To check auto update is enable</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : apt-get install unattended-upgrades and look into the files /etc/apt/apt.conf.d/10periodic /etc/apt/apt.conf.d/20auto-upgrades</td></tr>
</tbody></table>
<ul style="text-align: left;">
<li>To check available packages in Debian/ubuntu</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : apt-cache policy openssl</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To check Loaded configuration files in Ubuntu</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : php --ini OR php -i | grep 'php.ini'</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To get glibc version</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : ldd --version</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To start a daemon at startup</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : update-rc.d service_name defaults</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To remove a daemon at startup</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : aupdate-rc.d -f service_name remove</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To check apache using which module perfork or worker </li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : apache2ctl -l OR apache2ctl -M</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
<li>To add CD-rom as repository</li>
</ul>
<table border="1" cellpadding="1" style="width: 400px;"><tbody>
<tr><td bgcolor="#98AFC7">Ex : openssl version -a OR dpkg-query -l | grep openssl</td></tr>
</tbody></table>
<ul style="text-align: left;"><ul></ul>
</ul>
</div>
</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7238678089316726113.post-16401859392437165652015-11-20T16:33:00.002-08:002019-04-04T14:35:05.749-07:00Vulnerbilities affecting Web and Mail Servers - Logjam-Freak<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<h2>
<span style="font-weight: normal;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small; text-indent: -24px;"> </span><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif; text-indent: -24px;">Recently we came across a vulnerability know as Logjam which according to researchers any attacker or Man in the middle can exploit weak </span><span style="background-color: white; font-family: "georgia" , "times new roman" , serif; text-indent: -24px;"><span style="color: #212121;">DiffieāHellman key Algorithm.</span></span></span></span></h2>
<h2>
<span style="font-weight: normal;"><span style="font-size: small;"><span style="background-color: white; text-indent: -24px;"><span style="color: #212121;"><span style="font-family: "georgia" , "times new roman" , serif;">this vulnerability has denoted with CVE number as </span></span></span><span style="color: #212121; font-family: "georgia" , "times new roman" , serif;">CVE-2015-4000.</span></span></span><span style="color: #212121; font-family: "georgia" , "times new roman" , serif; font-size: small; font-weight: normal;"> </span></h2>
<div>
<span style="color: #212121; font-family: "georgia" , "times new roman" , serif; font-size: small; font-weight: normal;"><br />
</span></div>
<h3 style="text-align: left;">
<u><b><span style="color: #6aa84f; font-size: large;">How DH Algorithm gets exploited</span></b></u></h3>
<div>
<span style="background-color: white; color: #212121; font-family: "georgia" , "times new roman" , serif; font-size: x-small; text-indent: 36pt;"><br />
</span></div>
<div>
<span style="background-color: white; color: #212121; font-family: "georgia" , "times new roman" , serif; text-indent: 36pt;">Traditionally, secure encrypted communication between two parties (here browser and servers) required that they first exchange keys by some secure physical channel.</span><span style="font-family: "georgia" , "times new roman" , serif;"><span style="background-color: white; color: #212121; text-indent: 36pt;">The DiffieāHellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel.</span><b style="background-color: white; color: #212121; text-indent: -24px;"> </b></span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;">Here attacker can force the communication between the server and browser to downgrade to lower bit export grade cryptography.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;">The attackers can attacks any servers that support DHE_EXPORT ciphers and affects mostly all browsers.</span><br />
<br />
<h3 style="text-align: left;">
<b><u><span style="color: #6aa84f; font-size: large;">Recommendation :</span></u></b></h3>
<br />
<h4 style="text-align: left;">
<span style="font-family: "georgia" , "times new roman" , serif;"><b style="background-color: white;">1) Disable Export Cipher Suites</b></span></h4>
<br />
<span style="background-color: white; color: #212121;"><span style="font-family: "georgia" , "times new roman" , serif;">Even though modern browsers no longer support export suites, the FREAK and Logjam attacks allow a man-in-the-middle attacker to trick browsers into using export-grade cryptography, after which the TLS connection can be decrypted. No modern clients rely on export suites and there is little downside in disabling them.</span></span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;">Put below Cipher in your configurations ,this cipher will support wide range of clients thus this configuration is default and is recommended by Mozilla community.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small;"><br />
</span> <span style="background-color: white; font-family: "georgia" , "times new roman" , serif; font-size: x-small;"><span style="color: #3d85c6;">ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA</span></span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small;"></span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small;"> </span><br />
<h4 style="text-align: left;">
<span style="background-color: white; font-family: "georgia","times new roman&quot:serif;"><b><br />
<br />
<iframe frameborder="0" marginheight="0" marginwidth="0" scrolling="no" src="//ws-in.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=IN&source=ac&ref=tf_til&ad_type=product_link&tracking_id=sushi07-21&marketplace=amazon&region=IN&placement=B01B4N756S&asins=B01B4N756S&linkId=4de18040c166367afc40877cecfec965&show_border=false&link_opens_in_new_window=false&price_color=333333&title_color=0066c0&bg_color=ffffff" style="height: 240px; width: 120px;"><br />
</iframe><br />
<br />
2)</b>Deploy (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) Cipher</span></h4>
<span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small;"><br />
</span> above Cipher will enable ECDHE also<br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: x-small;"><br />
</span> <br />
<h4 style="text-align: left;">
<span style="font-family: "georgia" , "times new roman" , serif;"><b style="background-color: white;">3) Use a Strong, Diffie Hellman Group</b></span></h4>
<b><br />
</b> <span style="font-family: "georgia" , "times new roman" , serif;">Current DH bit is of 1024,so you need to <span style="background-color: white;">generate custom 2048 bit DH parameters different from Oakley group 2 (in this group Diffie-Hellman exchange is negotiated)</span></span><br />
<b><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></b> <span style="font-family: "georgia" , "times new roman" , serif;">To Generate the Strong DH group use below command on your linux machine.</span><br />
<br />
<pre><span style="background-color: white;"><span style="color: #3d85c6;">openssl dhparam -out dhparams.pem 2048</span></span></pre>
<pre><span style="background-color: white;"><span style="color: #3d85c6;">
</span></span></pre>
<pre></pre>
<pre><span style="font-family: "georgia" , "times new roman" , serif;">The command will take some time to generate,once its done, use dhparams.pem in your configuration and reload the services.</span></pre>
<pre><span style="font-family: "georgia" , "times new roman" , serif;">
</span></pre>
<pre><span style="font-family: "georgia" , "times new roman" , serif;">Services which need to be updated with Ciphers and custom DH groups we just generated.</span></pre>
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <tt><span style="font-family: "georgia" , "times new roman" , serif;">lighttpd</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">Tomcat</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">Postfix</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">Sendmail</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">Dovecot</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">HAproxy</span></tt><br />
<tt><span style="font-family: "georgia" , "times new roman" , serif;">Openssh</span></tt><br />
<br /></div>
</div>
<span style="font-family: "courier new" , "courier" , monospace;">====================================X============X=================================================</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Contact <span style="color: red;"><b>support@linuxforeveryone</b></span></span> <span style="font-family: "courier new" , "courier" , monospace;">for any Freelancing work on Linux Servers</span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;">Subscribe my <span style="color: red;"><b>YouTube </b><a href="https://www.youtube.com/channel/UCJ2F740Qz-4Cf48IGUwTaQA?view_as=subscriber" target="_blank"><b><span style="color: red;">Channel </span></b></a></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Like My <b><span style="color: red;">Facebook <a href="https://www.facebook.com/Linux-for-All-1752960481588429/" target="_blank"><span style="color: red;">Page</span> </a></span></b></span></span></span><br />
<br />
<span style="font-family: "courier new" , "courier" , monospace;"><span style="color: red;"><span style="color: black;">Browse the Best in class <span style="color: red;"><span style="color: red;"><b><a href="https://shop.nibbanahosting.com/" target="_blank"><span style="color: red;">Web</span> <span style="color: red;">Hosting</span> <span style="color: red;">Plans</span></a></b></span></span></span></span></span><script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script><br /></div>
Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-7238678089316726113.post-2848085403324118732015-01-23T06:19:00.002-08:002016-10-16T23:11:51.054-07:00Subject Alernative names with Openssl <div dir="ltr" style="text-align: left;" trbidi="on"><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">In this post we will see, how can we create CSR with SAN, which stands for Subject Alternative Names and obviously using openssl command.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">For those who do not know what is SAN, let me cover this in short.There are 3 main types of SSL</span><br />
<br />
<ul style="text-align: left;"><li><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"> Standard SSL :- Used for securing single domain. like www.domain.com, i,e one domain -- one certificate</span></li>
<li><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Wild card SSL : - Used for securing multiple sub-domains like home.domain.com office.domain.com in single certificate, i.e multiple subdomain --- single certificate</span></li>
<li><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Multi-domain SSL : -- Used for securing multiple domains, like www.domain.com, www.home.com, www.office.net, i,e multiple domains --- single certificate.</span></li>
</ul><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">So, SAN comes under multiple domains certificate category.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">When you purchase a multi-domain certificate from </span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">certificate issuing authority ,they give you options of defining SAN along with primary domain.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">So, Here we are discussing about how to create CSR(which is required while purchasing the certificate) with SAN itself.And why we are doing this ??</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Answer is now a days we see,some Certificate issuing authority , does not include SANs when we purchased a certificate from them,like if I purchased certificate for www.domain.com, the certificate will not include domain.com, which some times creates issues for getting PCI (Product card industry) certificate for E-commerce sites.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">PCI is getting Necessary for E-commerce site now a-days .</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Lets see then,how to create CSR with SAN</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Hopefully you have Linux box with you, with root permission. then do the following</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: large;">Step 1 : </span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Add below lines in file if its not present.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">vi /etc/pki/tls/openssl.cnf</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">[req]</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">distinguished_name = req_distinguished_name</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">req_extensions = v3_req</span><br />
<br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">###Now we'll go own down to the v3_req section and make sure that it includes the following:</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">[ v3_req ]</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"># Extensions to add to a certificate request</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">basicConstraints = CA:FALSE</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">keyUsage = nonRepudiation, digitalSignature, keyEncipherment</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">subjectAltName = @alt_names --->>>> This is IMP, if not present , then add this line.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">##Then add below line in same file under [ v3_req ]</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">[alt_names]</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">DNS.1 = kb.domain.com</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">DNS.2 = home.domain.net</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">DNS.3 = systems.domain.com</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">## ---- > Denotes comments here.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: large;">Step 2 :</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">save the file.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: large;">Step 3 : </span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Run below command on the linux terminal,replacing the contents of the commands as per your need</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><b>openssl req -new -newkey rsa:2048 -nodes -sha256 -out domain.csr -keyout domain.key -subj "/C=us/ST=Florida/L=Jacksonville/O=Company/OU=IT Department/CN=www.domain.com" -config /etc/pki/tls/openssl.cnf</b></span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Above command helps you remove some vulnerabilities you might get from PCI Vendor related to SSL Certificate.</span><br />
<br />
</div><br />
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7238678089316726113.post-90329182613765593152015-01-11T10:57:00.001-08:002016-10-16T23:12:01.274-07:00Check CSR and Private Key are matching or not.<div dir="ltr" style="text-align: left;" trbidi="on"><span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;"> If you are managing many of sites and their respective SSL certs, some times ,we come across a situation where we messed up with SSL certs and their CSR and private keys, </span><br />
<span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;"><br />
</span><span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;"> Where we do not know, which private key belongs to which Cert and which private key belongs to which CSR.</span><br />
<span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;"><br />
</span><span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;">This happen only if proper management of keeping SSL files are not in used </span><br />
<span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;">after all we are all human being ,who do mistakes :) right ?</span><br />
<span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;"><br />
</span><span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;">so, here on this page I will tell you , how to check which cert belongs to which private key and which CSR belongs to which private key , and that is only using openssl command on the terminal itself, after all we are love linux terminal :)</span><br />
<span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span><span style="background-color: white; color: #222222; font-family: "georgia" , "times new roman" , serif;">So , here it is,</span><br />
<ul><li><span style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><b>openssl rsa -noout -modulus -in mydomain.key | openssl md5 </b></span></span></li>
<li><span style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><b>openssl req -noout -modulus -in mydomain.csr | openssl md5</b></span></span></li>
<li><span style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><b>openssl x509 -noout -modulus -in domain.crt | openssl md5</b></span></span></li>
</ul><span style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"></span></span><br />
<div><span style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span></span></div><div style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">If you find the output of all command identical ,high probability is that all files i.e private key ,csr and certificate are matches with each other.</span></div><div style="color: #222222;"><br />
</div><div style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">Also , below are some other useful openssl commands</span></div><div style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span></div><h4 style="color: #222222;"><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">Command to check CSR content</span></h4><div style="color: #222222;"><ul><li><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">openssl req -text -noout -verify -in domain.csr</span></li>
</ul><h4><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">Command to check Certificate content</span></h4></div><div style="color: #222222;"><ul><li><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">openssl x509 -text -noout -in domain.crt</span></li>
</ul><h4><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">Command to check private key is valid or not</span></h4></div><div style="color: #222222; font-family: "times new roman"; font-style: normal; font-variant-caps: normal; font-variant-ligatures: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px;"><ul style="text-align: left;"><li><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;">openssl rsa -check -in domain_name.key</span></li>
</ul></div></div><br />
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script>Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-7238678089316726113.post-85855100640053247872015-01-11T10:52:00.001-08:002016-10-16T23:12:14.787-07:00How to Generate CSR using Openssl in Linux <div dir="ltr" style="text-align: left;" trbidi="on"><div><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Before Generating CSR ,let see what is Openssl.</span></div><div></div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span> <span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">It is nothing but a core library ,which is used for general purpose in cryptography,it is an open source product which work towards the implementation of SSL and TLS protocols.</span></span><br />
<div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">Talking about openssl, some people called the certificates generated from openssl as "self signed certificate".</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">lets go towards now,creating CSR and private key using openssl command,</span></span></div><div><span style="font-size: medium;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">Just log in to any of your Linux box and run following command as <b>root user</b> replacing the required information as per your need .</span></span></div><div><span style="font-size: large;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><b>[root@SVR home]#</b> <b>openssl req -new -newkey rsa:2048 -nodes -sha256 -out domain_name.csr -keyout domain_name.key -subj "/C=US/ST=state/L=locality/O=organization/OU=organization unit Dept/CN=www.domain.com"</b></span></span><br />
<br />
<span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"> You will get output like :</span></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj35cUkVaaO9EKXW5XjlrBh2ywnmrd1RlXebZ2M5P0JM8KLeQR5qxtVu_ZWU9kgVcJq9lDxxG3xFFHK6Cbjb-bhO4BdY8NGiCkrdd0cl97GiHV3crY4ytYNjhOSUAQRcyAVJ-33rsco1lo/s1600/opessl.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="43" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj35cUkVaaO9EKXW5XjlrBh2ywnmrd1RlXebZ2M5P0JM8KLeQR5qxtVu_ZWU9kgVcJq9lDxxG3xFFHK6Cbjb-bhO4BdY8NGiCkrdd0cl97GiHV3crY4ytYNjhOSUAQRcyAVJ-33rsco1lo/s640/opessl.jpg" width="640" /></a></div><br />
<div class="separator" style="clear: both; text-align: center;"><span style="font-size: large;"></span></div><div class="separator" style="clear: both; text-align: center;"><span style="font-size: large;"></span></div><div class="separator" style="clear: both; text-align: center;"></div><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span><span style="font-size: large;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span></div><div><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">Then check whether ,all the information we have entered ,while creating CSR is proper ,by decoding the CSR from some online tool.</span></span><br />
<span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;">First do the cat to the csr file</span></span><br />
<span style="font-size: large;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span><span style="font-size: small;"><span style="font-family: "georgia" , "times new roman" , serif;"><b>[root@SVR home]#</b> cat domain_name.csr</span></span></div><div><span style="font-family: "courier new" , "courier" , monospace;"><br />
-----BEGIN CERTIFICATE REQUEST-----<br />
MIIDCDCCAfACAQAwgYExCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVzdGF0ZTERMA8G<br />
A1UEBxMIbG9jYWxpdHkxFTATBgNVBAoTDG9yZ2FuaXphdGlvbjEfMB0GA1UECxMW<br />
b3JnYW5pemF0aW9uIHVuaXQgRGVwdDEXMBUGA1UEAxMOd3d3LmRvbWFpbi5jb20w<br />
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0ePkRLrz4fkMoRf05XAbw<br />
vMQYGltC50cxGYheRprd/wlvqWmWSUaZBoreNR5jYBfZwRGwmGwsPXncJzN6/t/D<br />
+r/Azfvb1wWxqg5QgAU+Gm/igSUM8ihnirFxBXfsIHDA4PNJ0GgM+y1jLnaEPMvP<br />
vNDvPEtOhRcIoGcq6Dnd3x0JJtMp4x0RZ30U0/dbcgNtmrNh3dHMbVcH9/OmeRut<br />
FnnLRmh+OGDlH9OjD5CbEOgk4XK29G6yt1vKQThFRmJ95QE+XSj+BMTq59cgmJ99<br />
MAjj8E21PG44HHknwhi1Jno1tqguT8O8eXxUj8uhazkFbwNIw+bKG6kuBnmhiYdB<br />
AgMBAAGgQTA/BgkqhkiG9w0BCQ4xMjAwMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXg<br />
MBYGA1UdEQQPMA2CC2Rhd2dpbmMuY29tMA0GCSqGSIb3DQEBCwUAA4IBAQBSy4tq<br />
geUihlg+i0c53Y77WXuT5zEngrc3nvdyOcqhVwbzGUKAQJyz9DMc+pRo+rEi8gsN<br />
1PVUgXclH5m7gQQxBcowWJEd7yXAw6ZLnwiNDGpStWbmUaZ5HLH4iM7hD8/8KWC7<br />
ycdLyYg0TrljmizmbGchik5iGk+VIqffebLJkq2L+XkLVMLdMjoowGyZdOcz7BwO<br />
wvhPB1DEOhDbQNiRHS4HVw5dWq79bUgxVPWb8gvVweL3rv2Yx+EdRtHe902kWbiN<br />
12bBFeUNWYfIFARUP/SYvIl9qvTKQ6zgCwK8TRYWMUMJfANA9jEVxP1aibxKU7y2<br />
TKNygZt3ts5arBs6<br />
-----END CERTIFICATE REQUEST-----</span></div><div><br />
</div><div><span style="font-size: large;"><span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span></span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Now, to check whether ,you have entered the proper information while creating CSR, we need to check the content of the CSR,for this refer URL</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span><span style="color: #0000ee; font-family: "georgia" , "times new roman" , serif; font-size: small;"><u><a href="http://www.linuxforeveryone.com/2015_01_01_archive.html">http://www.linuxforeveryone.com/2015_01_01_archive.html</a></u></span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">And if you want self signed certificate ,then we can use below openssl command</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">to get a Certificate using csr and private key we have just created. </span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Use below command for this purpose.</span><br />
<br />
<span style="font-size: x-small;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif; font-size: small;"><b>openssl x509 -signkey domain_name.key -sha256 -in domain_name.csr -req -days 365 -out domain.crt</b></span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">Where,</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: medium;"><br />
</span><span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">domain_name.key ===== is private key.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">domain_name.csr ===== is csr.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif; font-size: small;">-days ===== Number of days of validity ,you want for your cert.</span></div><div><span style="font-family: "georgia" , "times new roman" , serif; font-size: large;"><br />
</span></div></div><br />
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7238678089316726113.post-48366547470705141912014-12-25T16:14:00.000-08:002016-11-01T22:52:13.127-07:00Features of Linux<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
<h2>
</h2>
<div>
<br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 1. Virtual memory, allowing the system to use disk room the same as RAM memory.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 2. Multiple user capability.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 3. Protected mode so programs or user's can't access unauthorized areas.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 4. True multitasking</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 5. X - A graphical user interface similar to windows, but supports remote sessions over a network.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 6. Advanced server functionality</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * FTP server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * Telnet server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * BOOTP server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * DHCP server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * Samba server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * DNS server</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * SNMP services</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * Mail services</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * Network file sharing</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> * and, much more...</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 7.supports various file systems</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <br />
<h3 style="text-align: left;">
<b><span style="font-family: "georgia" , "times new roman" , serif;">Why to Use</span></b></h3>
<span style="font-family: "georgia" , "times new roman" , serif;"><br />
</span> <span style="font-family: "georgia" , "times new roman" , serif;"> 1. Free</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 2. Runs on various machine architectures</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 3. Works well on machines that are not "modern". Recommended 8MB RAM, with 16MB swap drive space. It will run in hard drives as small as 500MB or less.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 4. Linux is stable and even if a program crashes, it won't bring the OS down.</span><br />
<span style="font-family: "georgia" , "times new roman" , serif;"> 5. Source code is available.</span></div>
<div>
<br /></div>
</div>
<br />
<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-29340479-2', 'auto');
ga('send', 'pageview');
</script></div>
Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-7238678089316726113.post-72369245342123740902012-02-20T11:27:00.000-08:002018-09-20T11:52:07.747-07:00Its All about Linux<div dir="ltr" style="text-align: left;" trbidi="on">
<div dir="ltr" style="text-align: left;" trbidi="on">
Hello There ! :) i hope you all are doing great. Thanks for stopping by and reading my blog. This is the first time i am writing something offline or online. I am not sure how i will make my blog different then the most of the blog you read online. but i will be honest with my blog means what ever i write, i will try to be more clear and easily understandable for most of the audience.<br />
<br />
A little introduction about myself, I am Currently Working in One of the Top MNCs of North America as System Administrator. My Current Domain is Web Hosting i.e E-commerce sites Hosted on Linux Servers.<br />
<br />
When i was doing my Engineering, i didn't had any clue what to do in life just like most of youngster :) but i saw ray of interest in Computer Networks during my Final year of Engg. <br />
<br />
<b>Why Linux for me ?</b><br />
<br />
I never thought that I would be working on linux as i had more interest towards Computer Networks, but eventually i got shifted to linux due to 2008 Economic break down, as there were no jobs during 2008 period. I also did CCNA from one of the know institute in Metro City to get the job but it was of no use.<br />
<br />
Later i did RHCE after almost 1.5 years of gap after CCNA and things started changing for me.Before my Certification i knew only SAMBA service of Linux that only because i did a project on it with one of my friend, that friend introduce me to Linux and now he is working with Windows :) and i am with Linux :D :P life is strange ! <br />
<br /></div>
<div dir="ltr" style="text-align: left;" trbidi="on">
<br /></div>
<div dir="ltr" style="text-align: left;" trbidi="on">
So guys, here in this blog i am going to cover lots of things which i learn and still learning while working on E-Commerces domain and its mostly related to Linux Only.</div>
<div dir="ltr" style="text-align: left;" trbidi="on">
</div>
<div dir="ltr" style="text-align: left;" trbidi="on">
Keep in touch by subscribing the blog and you can mail me for any assistance or if you want to to hire me then also you can contact me on my email id<br />
<br />
support@linuxforeveryone.com </div>
<div dir="ltr" style="text-align: left;" trbidi="on">
<br /></div>
<div dir="ltr" style="text-align: left;" trbidi="on">
<br /></div>
</div>
Unknownnoreply@blogger.com0Nagpur, Maharashtra, India21.189681072366259 79.0904815022383921.087466072366258 78.970921002238384 21.29189607236626 79.2100420022384