Archive for the ‘System Administration’ Category

Create user and password on Linux non interactive and add it to sudo a tiny Dev Ops script

Thursday, September 20th, 2018

Bash-Final-the-Bourne-again-shell-logo
A common task for SysAdmins who managed a multitude of servers remotely via Secure Shell was to add a user and assign password by using a script, this was sometimes necessery to set-up some system users and create access for university users on 10 / 20 testing Linux servers.

Nowadays this task of adding user to a list of remote servers and granting the new user superuser permissions through /etc/sudoers is practiced heavily by the so called Dev Ops (Just another Buziness Word for Senior System Admiistrators with good scripting skills and a little bit of development experience – same game different name.

The Dev Ops System Integration Engineers use this useful add non-interactive user via SSH in Cloud environments in order to prepare superuser (root permissioned through /etc/sudoers) user, that is later be used for lets say deployment on a few hundred of servers of lets say LAMP (Linux + Apache + MySQL + PHP) or LEMP (Linux NGINX MySQL PHP) or Software Load Balancer HAProxy  balacing for MySQL clusters / Nginx Application servers / JIRAs etc, through a Playbook script with some deployment automation tool such as Ansible.

Well enough talk here is the few lines of code which does create a user locally:
 

linux:~# apt-get install –yes sudo
linux:~# useradd devops –home /home/devops -s /bin/bash
linux:~# mkdir /home/devops
linux:~# chown -R devops:devops /home/devops
linux:~# echo 'username:testpass' | chpasswd


Though this lines could be invoked easily by passing it as arguments via ssh it is often unhandy to run them on remote host, because some of the remote hosts against executed, might have already the user existent with granted permissions for sudo

Thus a much better way to do things is use below script and first upload it to remote servers by running the scp command in a loop:

while read line; do
scp  root@$i:/root/
ssh "
create_user_noninteractive_and_add_to_sudoers.sh"
done < servers_list.txt


Where servers_list.txt contains a list of remote IPs:

#!/bin/bash
# Create new user/group and add nopasswd login to sudoers
# Author: Georgi Georgiev
# has to be run sa root – sudo devops
# hipo@pc-freak.net

 

u_id='devops';
g_id='devops';
pass='testpass';
sudoers_f='/etc/sudoers';

check_install_sudo ()  {
if [ $(dpkg –get-selections | cut -f1|grep -E ‘^sudo’) ]; then
apt-get install –yes sudo
else
        printf "Nothing to do sudo installed";
fi
}

check_install_user () {

if [ “$(sed -n “/$u_id/p” /etc/passwd|wc -l)” -eq 0 ]; then
apt-get install –yes sudo
apt-get install –yes sudo
useradd $u_id –home /home/$u_id
mkdir /home/$u_id
chown -R $u_id:$g_id /home/$u_id
echo "$u_id:$pass" | chpasswd
cp -rpf /etc/bash.bashrc /home/$u_id
if [ “$(sed -n “/$u_id/p” $sudoers_f|wc -l)” -eq “0” ]; then
echo "$u_id ALL=(ALL) NOPASSWD: ALL" >> $sudoers_f
else
        echo "$u_id existing. Exiting ..";
        exit 1;
fi

else
        echo "Will do nothing because $u_id exists";
fi

}

check_install_sudo;
check_install_user;


By the way this task was the simplest task given by a Company where I applied for a Dev Ops System Engineer, so I hope this will help someone else too.

P.S. If you prefer Shell scripts (even though much harder, time consuming etc.) as a mean of automation as an alternative to Ansible / Chef I suggest you check out and perhaps try to do the task with http://fuckingshellscripts.org 🙂

Mass substitute WordPress site Old domain URL to new URL in MySQL (MariaDB) database after website migration

Thursday, September 13th, 2018

mass-substitute-old-urls-to-new-urls-when-moving-wordpress-website-migrate-wordpress

Mass substitute WordPress site Old domain URL to new URL in MySQL (MariaDB) database after website migration

If you have just migrated a wordpress blog or site to a new server (domain URL) and you have many articles pointing to the old URL. Out of sudden the new domain will end up with many broken links and that would have a severe negative SEO effect on your website leading to a certain downfall of your number of daily unique visits.

Of course manually changing the URL links is achievable by going through all Published Posts when migrating small websites with 10-20 pages,  however it is an impossible tedious task you would definitely want to avoid when you're migrating large WP based websites with few hundred or thousands of posts / pages,
bacause this would be a few weeks of mindless repeatable job to go through each and every post and substite the broken URLs.

Fortunately with a little bit of SQL magic either through MySQL CLI or PHPMyAdmin (if the website is moved to a shared hosting where you have disabled access to MySQL (MariaDB) default connect tcp port 3306.

Depending on the type of WordPress or Website the old broken URLs might be located in various Database tables.
 

– So when Mass URL substitution is might be required ?


1. You migrate a Website http://what-ever-website.com with (PHP / CSS / HTML / Templates) etc. from Hosting Provider Hostgator.com to UK2.com (because the website target client changed lately to United Kingdom customers) to http://what-ever-website.co.uk and the site is moved to a new domain beacause of Business rebranding
 

2. Other reason for changing internal URLs from one URL to another might be if you're migrating your website from HTTP to HTTPS for security.

3. You are restructuring file storage / image directories on the server or due to migration of files to external CDN (Content Delivery Network).
For example (http://your-server.com/images/ , http://your-server.com/files )  URLs pointing to old website location subdirectory has to be changed to the new one (http://your-server.com/img/ , http://your-server.com/data)

 

– So what is the automated approach to solve the task of Mass URL substitution across WP site ?

 

  •  Create full backup of all your website database and double-check the backup (try to restore on a test (home) server or other hosting account to make sure the backup is consistent and restore would work normally if necessery
     
  • You can Create Backup either with mysqldump command tool manually … with the right command arguments or use some kind of script such as My tiny mysqlbackupper.sh shell script which I shared under my previous article Make daily MySQL on Linux backup with Shell Script  via PhpMyAdmin.


2. Change old website URL to new one directly from Database using MySQL text client
 

To change incorrect URL with the new correct one the general query to run is:

 

update TABLE_NAME set FIELD_NAME = replace(FIELD_NAME, ‘find string’, ‘replace string’);

 

To change old website URL to the new website URL across every table within the wordpress database use below queries:
 

hipo@linux:~$ mysql -u root -p
Enter password:

 

USE blog;

 

UPDATE wp_options SET option_value = replace(option_value, 'Existing (old) URL', 'New URL') WHERE option_name = 'home' OR option_name = 'siteurl';

UPDATE wp_posts SET post_content = replace(post_content, 'Existing (old)URL', 'New URL');

UPDATE wp_postmeta SET meta_value = replace(meta_value,'Existing (old) URL','New URL');

UPDATE wp_usermeta SET meta_value = replace(meta_value, 'Existing (old) URL','New URL');

UPDATE wp_links SET link_url = replace(link_url, 'Existing (old) URL','New URL');

UPDATE wp_comments SET comment_content = replace(comment_content , 'Existing (old) URL','New URL');


3. Replace Old website URL to New one after migration using PHPMyAdmin web interface
 

If you don't have access  ssh shell, you can also run the queries via PhpMyAdmin to do so:

1. Open PHPMyadmin URL Panel in browser and login with your user / pass

2. Choose the wordpress database of the wordpress site / blog

3. Select SQL tab and in the panel type on above given SQL queries
 

web-hosting-phpmyadmin-sql-query-tab-screenshot-how-to-run-sql-queries-via-phpmyadmin

If you're lazy to type there is also a web based SQL queries generator tool for moving websites to a new domain


4. Using Search and Replace WordPress plugin to do the old URL to new URL (strings) transition
 

If you have never used SQL queries and you're totally new to it and don't want to risk breaking up something there is also a bunch of wordpress plugins available that do the URL string substitution throughout each wordpress table in a WP database one such WordPress plugin is Search and Replace I have written earlier an article Change string in all WordPress Posts with Search and Replace plugin.


5. Problems with data-serialization
 

If you do a simple search and replace of Old domain urls to New ones, using above given commands and you still end up with some broken links on WP Pages that might be due to data-serialization issues (for the cause of issues check out what is data serialization).
Data serialization in wordpress terms is an array of PHP encrypted data that contains the actual URL, thus a simple search and replace as explained above if URLs use data-serialization would not work. There are available tools online that does URL search and replace operation through  "serialize-data sensitively" if you stuck with data-serializatoin caused issues.

Besides that for there are written scripts that does URL substitution to a WordPress or Joomla websites so an alternative to above WP plugin to replace the URL after migration is to use one of the scripts available a very famous one that will do pain-free all URL / string substitutions inside your WP, Drupal,  Joomla databses is interconnect/it.
 

Few closure words
 

As a system administrator and webmaster I have migrated wordpress installations many times with the need to change the old URLs to a new ones for both customer websites and my own wordpress based. On many ocassions because of lack of attention and hurry, I've messed up things.
The moral I got out of this is when you're doing a WordPress migration just like everything you have to be very attentive and do everything step by step slowly and have a good idea on what you're doing in advance …

Even as a person who had overall idea on how MySQL Server works and have experience in writting SQL queries, I have to confess I've  made mistakes during URL substitution operations when doing it via the MySQL CLI every now and then.

Thus I would recommend you better use some of the many plugins for wordpress and script tools (few of which I mentioned above), especially if you're not having at least few years with some kind of UNIX variation / Linux / MySQL.

Mail send from command line on Linux and *BSD servers – useful for scripting

Monday, September 10th, 2018

mail-send-email-from-command-line-on-linux-and-freebsd-operating-systems-logo

Historically Email sending has been very different from what most people use it in the Office, there was no heavy Email clients such as Outlook Express no MX Exchange, no e-mail client capabilities for Calendar and Meetings schedule as it is in most of the modern corporate offices that depend on products such as Office 365 (I would call it a connectedHell 365 days a year !).

There was no free webmail and pop3 / imap providers such as Mail.Yahoo.com, Gmail.com, Hotmail.com, Yandex.com, RediffMail, Mail.com the innumerous lists goes and on.
Nope back in the day emails were doing what they were originally supposed to like the post services in real life simply send and receive messages.

For those who remember that charming times, people used to be using BBS-es (which were basicly a shared set-up home system as a server) or some of the few University Internal Email student accounts or by crazy sysadmins who received their notification and warnings logs about daemon (services) messages via local DMZ-ed network email servers and it was common to read the email directly with mail (mailx) text command or custom written scripts … It was not uncommon also that mailx was used heavily to send notification messages on triggered events from logs. Oh life was simple and clear back then, and even though today the email could be used in a similar fashion by hard-core old school sysadmins and Dev Ops / simple shell scriptings tasks or report cron jobs such usage is already in the deep history.

The number of ways one could send email in text format directly from the GNU / Linux / *BSD server to another remote mail MTA node (assuming it had properly configured Relay server be it Exim or Postifix) were plenty.

In this article I will try to rewind back some of the UNIX history by pinpointing a few of the most common ways, one used to send quick emails directly from a remote server connection terminal or lets say a cheap VPS few cents server, through something like (SSH or Telnet) etc.
 

1. Using the mail command client (part of bsd-mailx on Debian).
 

In my previous article Linux: "bash mail command not found" error fix
I ended the article with a short explanation on how this is done but I will repeat myself one more time here for the sake of clearness of this article.

root@linux:~# echo "Your Sample Message Body" | mail -s "Whatever … Message Subject" remote_receiver@remote-server-email-address.com


The mail command will connect to local server TCP PORT 25 on local configured MTA and send via it. If the local MTA is misconfigured or it doesn't have a proper MX / PTR DNS records etc. or not configure as a relay SMTP remote mail will not get delivered. Sent Email should be properly delivered at remote recipient address.

How to send HTML formatted emails using mailx command on Linux console / terminal shell using remote server through SSH ?

Connect to remote SSH server (VPS), dedicated server, home Linux router etc. and run:

 

root@linux:~# mailx -a 'Content-Type: text/html'
      -s "This is advanced mailx indeed!" < email_content.html
      "first_email_to_send_to@gmail.com, mail_recipient_2@yahoo.com"

 


email_content.html should be properly formatted (at best w3c standard compliant) HTML.

Here is an example email_content.html (skeleton file)

 

    To: your_customer@gmail.com
    Subject: This is an HTML message
    From: marketing@your_company.com
    Content-Type: text/html; charset="utf8"

    <html>
    <body>
    <div style="
        background-color:
        #abcdef; width: 300px;
        height: 300px;
        ">
    </div>
Whatever text mixed with valid email HTML tags here.
    </body>
    </html>


Above command sends to two email addresses however if you have a text formatted list of recipients you can easily use that file with a bash shell script for loop and send to multiple addresses red from lets say email_addresses_list.txt .

To further advance the one liner you can also want to provide an email attachment, lets say the file email_archive.rar by using the -A email_archive.rar argument.

 

root@linux:~# mailx -a 'Content-Type: text/html'
      -s "This is advanced mailx indeed!" -A ~/email_archive.rar < email_content.html
      "first_email_to_send_to@gmail.com, mail_recipient_2@yahoo.com"

 

For those familiar with Dan Bernstein's Qmail MTA (which even though a bit obsolete is still a Security and Stability Beast across email servers) – mailx command had to be substituted with a custom qmail one in order to be capable to send via qmail MTA daemon.
 

2. Using sendmail command to send email
 

Do you remember that heavy hard to configure MTA monster sendmail ? It was and until this very day is the default Mail Transport Agent for Slackware Linux.

Here is how we were supposed to send mail with it:

 

[root@sendmail-host ~]# vim email_content_to_be_delivered.txt

 

Content of file should be something like:

Subject: This Email is sent from UNIX Terminal Email

Hi this Email was typed in a file and send via sendmail console email client
(part of the sendmail mail server)

It is really fun to go back in the pre-history of Mail Content creation 🙂

 

[root@sendmail-host ~]# sendmail -v user_name@remote-mail-domain.com  < /tmp/email_content_to_be_delivered.txt

 

-v argument provided, will make the communication between the mail server and your mail transfer agent visible.
 

3. Using ssmtp command to send mail
 

ssmtp MTA and its included shell command was used historically as it was pretty straight forward you just launch it on the command line type on one line all your email and subject and ship it (by pressing the CTRL + D key combination).

To give it a try you can do:

 

root@linux:~# apt-get install ssmtp
Reading package lists… Done
Building dependency tree       
Reading state information… Done
The following additional packages will be installed:
  libgnutls-openssl27
The following packages will be REMOVED:
  exim4-base exim4-config exim4-daemon-heavy
The following NEW packages will be installed:
  libgnutls-openssl27 ssmtp
0 upgraded, 2 newly installed, 3 to remove and 1 not upgraded.
Need to get 239 kB of archives.
After this operation, 3,697 kB disk space will be freed.
Do you want to continue? [Y/n] Y
Get:1 http://ftp.us.debian.org/debian stretch/main amd64 ssmtp amd64 2.64-8+b2 [54.2 kB]
Get:2 http://ftp.us.debian.org/debian stretch/main amd64 libgnutls-openssl27 amd64 3.5.8-5+deb9u3 [184 kB]
Fetched 239 kB in 2s (88.5 kB/s)         
Preconfiguring packages …
dpkg: exim4-daemon-heavy: dependency problems, but removing anyway as you requested:
 mailutils depends on default-mta | mail-transport-agent; however:
  Package default-mta is not installed.
  Package mail-transport-agent is not installed.
  Package exim4-daemon-heavy which provides mail-transport-agent is to be removed.

 

(Reading database … 169307 files and directories currently installed.)
Removing exim4-daemon-heavy (4.89-2+deb9u3) …
dpkg: exim4-config: dependency problems, but removing anyway as you requested:
 exim4-base depends on exim4-config (>= 4.82) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.
 exim4-base depends on exim4-config (>= 4.82) | exim4-config-2; however:
  Package exim4-config is to be removed.
  Package exim4-config-2 is not installed.
  Package exim4-config which provides exim4-config-2 is to be removed.

Removing exim4-config (4.89-2+deb9u3) …
Selecting previously unselected package ssmtp.
(Reading database … 169247 files and directories currently installed.)
Preparing to unpack …/ssmtp_2.64-8+b2_amd64.deb …
Unpacking ssmtp (2.64-8+b2) …
(Reading database … 169268 files and directories currently installed.)
Removing exim4-base (4.89-2+deb9u3) …
Selecting previously unselected package libgnutls-openssl27:amd64.
(Reading database … 169195 files and directories currently installed.)
Preparing to unpack …/libgnutls-openssl27_3.5.8-5+deb9u3_amd64.deb …
Unpacking libgnutls-openssl27:amd64 (3.5.8-5+deb9u3) …
Processing triggers for libc-bin (2.24-11+deb9u3) …
Setting up libgnutls-openssl27:amd64 (3.5.8-5+deb9u3) …
Setting up ssmtp (2.64-8+b2) …
Processing triggers for man-db (2.7.6.1-2) …
Processing triggers for libc-bin (2.24-11+deb9u3) …

 

As you see from above output local default Debian Linux Exim is removed …

Lets send a simple test email …

 

hipo@linux:~# ssmtp user@remote-mail-server.com
Subject: Simply Test SSMTP Email
This Email was send just as a test using SSMTP obscure client
via SMTP server.
^d

 

What is notable about ssmtp is that even though so obsolete today it supports of STARTTLS (email communication encryption) that is done via its config file

 

/etc/ssmtp/ssmtp.conf

 

4. Send Email from terminal using Mutt client
 

Mutt was and still is one of the swiff army of most used console text email clients along with Alpine and Fetchmail to know more about it read here

Mutt supports reading / sending mail from multiple mailboxes and capable of reading IMAP and POP3 mail fetch protocols and was a serious step forward over mailx. Its syntax pretty much resembles mailx cmds.

 

root@linux:~# mutt -s "Test Email" user@example.com < /dev/null

 

Send email including attachment a 15 megabytes MySQL backup of Squirrel Webmail

 

root@linux:~# mutt  -s "This is last backup small sized database" -a /home/backups/backup_db.sql user@remote-mail-server.com < /dev/null

 


5. Using simple telnet to test and send email (verify existence of email on remote SMTP)
 

As a Mail Server SysAdmin this is one of my best ways to test whether I had a server properly configured and even sometimes for the sake of fun I used it as a hack to send my mail 🙂
telnet is and will always be a great tool for doing SMTP issues troubleshooting.
 

It is very useful to test whether a remote SMTP TCP port 25 is opened or a local / remote server firewall prevents connections to MTA.

Below is an example connect and send example using telnet to my local SMTP on pc-freak.net (QMail powered (R) 🙂 )

sending-email-using-telnet-command-howto-screenshot

 

root@pcfreak:~# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is '^]'.
220 This is Mail Pc-Freak.NET ESMTP
HELO mail.pc-freak.net
250 This is Mail Pc-Freak.NET
MAIL FROM:<hipo@pc-freak.net>
250 ok
RCPT TO:<roots_bg@yahoo.com>
250 ok
DATA
354 go ahead
Subject: This is a test subject

 

This is just a test mail send through telnet
.
250 ok 1536440787 qp 28058
^]
telnet>

 

Note that the returned messages are native to qmail, a postfix would return a slightly different content, here is another test example to remote SMTP running sendmail or postfix.

 

root@pcfreak:~# telnet mail.servername.com 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 mail.servername.com ESMTP Sendmail 8.13.8/8.13.8; Tue, 22 Oct 2013 05:05:59 -0400
HELO yahoo.com
250 mail.servername.com Hello mail.servername.com [127.0.0.1], pleased to meet you
mail from: systemexec@gmail.com
250 2.1.0 hipo@pc-freak.net… Sender ok
rcpt to: hip0d@yandex.ru
250 2.1.5 hip0d@yandex.ru… Recipient ok
data
354 Enter mail, end with "." on a line by itself
Hey
This is test email only

 

Thanks
.
250 2.0.0 r9M95xgc014513 Message accepted for delivery
quit
221 2.0.0 mail.servername.com closing connection
Connection closed by foreign host.


It is handy if you want to know whether remote MTA server has a certain Emailbox existing or not with telnet by simply trying to send to a certian email and checking the Email server returned output (note that the message returned depends on the remote MTA version and many qmails are configured to not give information on the initial SMTP handshake but returns instead a MAILER DAEMON failure error sent back to your sender address. Some MX servrers are still vulnerable to this attack yet, historically dreamhost.com. Below attack screenshot is made at the times before dreamhost.com fixed the brute force email issue.

Terminal-Verify-existing-Email-with-telnet

6. Using simple netcat TCP/IP Swiss Army Knife to test and send email in console

netcat-logo-a-swiff-army-knife-of-the-hacker-and-security-expert-logo
Other tool besides telnet of testing remote / local SMTP is netcat tool (for reading and writting data across TCP and UDP connections).

The way to do it is analogous but since netcat is not present on most Linux OSes by default you need to install it through the package manager first be it apt or yum etc.

# apt-get –yes install netcat


 

First lets create a new file test_email_content.txt using bash's echo cmd.
 

 

# echo 'EHLO hostname
MAIL FROM: hip0d@yandex.ru
RCPT TO:   solutions@pc-freak.net
DATA
From: A tester <hip0d@yandex.ru>
To:   <solutions@pc-freak.net>
Date: date
Subject: A test message from test hostname

 

Delete me, please
.
QUIT
' >>test_email_content.txt

 

# netcat -C localhost 25 < test_email_content.txt

 

220 This is Mail Pc-Freak.NET ESMTP
250-This is Mail Pc-Freak.NET
250-STARTTLS
250-SIZE 80000000
250-PIPELINING
250 8BITMIME
250 ok
250 ok
354 go ahead
451 See http://pobox.com/~djb/docs/smtplf.html.

Because of its simplicity and the fact it has a bit more capabilities in reading / writing data over network it was no surprise it was among the favorite tools not only of crackers and penetration testers but also a precious debug tool for the avarage sysadmin. netcat's advantage over telnet is you can push-pull over the remote SMTP port (25) a non-interactive input.


7. Using openssl to connect and send email via encrypted channel

 

root@linux:~# openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof

    ===
               Certificate negotiation output from openssl command goes here
        ===

        220 smtp.gmail.com ESMTP j92sm925556edd.81 – gsmtp
            EHLO localhost
        250-smtp.gmail.com at your service, [78.139.22.28]
        250-SIZE 35882577
        250-8BITMIME
        250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
        250-ENHANCEDSTATUSCODES
        250-PIPELINING
        250-CHUNKING
        250 SMTPUTF8
            AUTH PLAIN *passwordhash*
        235 2.7.0 Accepted
            MAIL FROM: <hipo@pcfreak.org>
        250 2.1.0 OK j92sm925556edd.81 – gsmtp
            rcpt to: <systemexec@gmail.com>
        250 2.1.5 OK j92sm925556edd.81 – gsmtp
            DATA
        354  Go ahead j92sm925556edd.81 – gsmtp
            Subject: This is openssl mailing

            Hello nice user
            .
        250 2.0.0 OK 1339757532 m46sm11546481eeh.9
            quit
        221 2.0.0 closing connection m46sm11546481eeh.9
        read:errno=0


8. Using CURL (URL transfer) tool to send SSL / TLS secured crypted channel emails via Gmail / Yahoo servers and MailGun Mail send API service


Using curl webpage downloading advanced tool for managing email send might be  a shocking news to many as it is idea is to just transfer data from a server.
curl is mostly used in conjunction with PHP website scripts for the reason it has a Native PHP implementation and many PHP based websites widely use it for download / upload of user data.
Interestingly besides support for HTTP and FTP it has support for POP3 and SMTP email protocols as well
If you don't have it installed on your server and you want to give it a try, install it first with apt:
 

root@linux:~# apt-get install curl

 


To learn more about curl capabilities make sure you check cURL –manual arg.
 

root@linux:~# curl –manual

 

a) Sending Emails via Gmail and other Mail Public services

Curl is capable to send emails from terminal using Gmail and Yahoo Mail services, if you want to give that a try.

gmail-settings-google-allow-less-secure-apps-sign-in-to-google-screenshot

Go to myaccount.google.com URL and login from the web interface choose Sign in And Security choose Allow less Secure Apps to be -> ON and turn on access for less secure apps in Gmail. Though I have not tested it myself so far with Yahoo! Mail, I suppose it should have a similar security settings somewhere.

Here is how to use curl to send email via Gmail.

Gmail-password-Allow-less-secure-apps-ON-screenshot-howto-to-be-able-to-send-email-with-text-commands-with-encryption-and-outlook

 

 

root@linux:~# curl –url 'smtps://smtp.gmail.com:465' –ssl-reqd \
  –mail-from 'your_email@gmail.com' –mail-rcpt 'remote_recipient@mail.com' \
  –upload-file mail.txt –user 'your_email@gmail.com:your_accout_password'


b) Sending Emails using Mailgun.com (Transactional Email Service API for developers)

To use Mailgun to script sending automated emails go to Mailgun.com and create account and generate new API key.

Then use curl in a similar way like below example:

 

curl -sv –user 'api:key-7e55d003b…f79accd31a' \
    https://api.mailgun.net/v3/sandbox21a78f824…3eb160ebc79.mailgun.org/messages \
    -F from='Excited User <developer@yourcompany.com>' \
    -F to=sandbox21a78f824…3eb160ebc79.mailgun.org \
    -F to=user_acc@gmail.com \
    -F subject='Hello' \
    -F text='Testing Mailgun service!' \
   –form-string html='<h1>EDMdesigner Blog</h1><br /><cite>This tutorial helps me understand email sending from Linux console</cite>' \
    -F attachment=@logo_picture.jpg

 

The -F option that is heavy present in above command lets curl (Emulate a form filled in button in which user has pressed the submit button).
For more info of the options check out man curl.
 

 

9. Using swaks command to send emails from

 

root@linux:~# apt-cache show swaks|grep "Description" -B 10
Package: swaks
Version: 20170101.0-1
Installed-Size: 221
Maintainer: Andreas Metzler <ametzler@debian.org>
Architecture: all
Depends: perl
Recommends: libnet-dns-perl, libnet-ssleay-perl
Suggests: perl-doc, libauthen-sasl-perl, libauthen-ntlm-perl
Description-en: SMTP command-line test tool
 swaks (Swiss Army Knife SMTP) is a command-line tool written in Perl
 for testing SMTP setups; it supports STARTTLS and SMTP AUTH (PLAIN,
 LOGIN, CRAM-MD5, SPA, and DIGEST-MD5). swaks allows one to stop the
 SMTP dialog at any stage, e.g to check RCPT TO: without actually
 sending a mail.
 .
 If you are spending too much time iterating "telnet foo.example 25"
 swaks is for you.
Description-md5: f44c6c864f0f0cb3896aa932ce2bdaa8

 

 

 

root@linux:~# apt-get instal –yes swaks

root@linux:~# swaks –to mailbox@example.com -s smtp.gmail.com:587
      -tls -au <user-account> -ap <account-password>

 


The -tls argument (in order to use gmail encrypted TLS channel on port 587)

If you want to hide the password not to provide the password from command line so (in order not to log it to user history) add the -a options.

10. Using qmail-inject on Qmail mail servers to send simple emails

Create new file with content like:
 

root@qmail:~# vim email_file_content.text
To: user@mail-example.com
Subject: Test


This is a test message.
 

root@qmail:~# cat email_file_content.text | /var/qmail/bin/qmail-inject


qmail-inject is part of ordinary qmail installation so it is very simple it even doesn't return error codes it just ships what ever given as content to remote MTA.
If the linux host where you invoke it has a properly configured qmail installation the email will get immediately delivered. The advantage of qmail-inject over the other ones is it is really lightweight and will deliver the simple message more quickly than the the prior heavy tools but again it is more a Mail Delivery Agent (MDA) for quick debugging, if MTA is not working, than for daily email writting.

It is very useful to simply test whether email send works properly without sending any email content by (I used qmail-inject to test local email delivery works like so).
 

root@linux:~# echo 'To: mailbox_acc@mail-server.com' | /var/qmail/bin/qmail-inject

 

11. Debugging why Email send with text tool is not being send properly to remote recipient

If you use some of the above described methods and email is not delivered to remote recipient email addresses check /var/log/mail.log (for a general email log and postfix MTAs – the log is present on many of the Linux distributions) and /var/log/messages or /var/log/qmal (on Qmail installations) /var/log/exim4 (on servers running Exim as MTA).

http://pc-freak.net/images/linux-email-log-debug-var-log-mail-output

 Closure

The ways to send email via Linux terminal are properly innumerous as there are plenty of scripted tools in various programming languages, I am sure in this article,  also missing a lot of pre-bundled installable distro packages. If you know other interesting ways / tools to send via terminal I would like to hear it.

Hope you enjoyed, happy mailing !

Classical System Administration is dying – you either say hello to DevOps and SRE or move to programming or other business if you can

Wednesday, August 29th, 2018

sysadmin-hell-being-a-sysadmin-is-easy-its-like-riding-a-bike

1. Back in the normal computer old Sys Admin days before the new Age of Computing (the Cloud HELL)

I've been in the system (server) administration business for more than 15 years. We started as kids dreaming about managing big Data Centers having ultimate control over servers data and services and in a sense the beginning of the 2000s looked like the system adminsitration will be among the most promising and profitable professions for the coming 30 years or so.

The amount of servers installed were booming, the Domain Registrantrant Ballon (Dot-Com Bubble) and the appearing need for everyone to have and run a website with the connected hardware and software (OS) needs made the sysadmin of the time like a precious asset for a company and business …

Many companies (small and mid-sized) still did not have a separate role for sys admin, but hired some crazy IT enthusiast that was doing a lot of the sysadm job for them.

It was wild years of freedom for the common IT specialist with a server software install / update / maintenance background.

The complexity level to install configure or tune for performance a (UNIX) like server be it GNU / Linux or FreeBSD or farm of servers was also high and there was little documentation than today and a lot of custom tweaks (scripts) to develop to make things working and system administration job was way more custom than today.
In other words the sys admin was a digital artist just like the UI / Web designer or the common programmer (who was way more advanced and hack, thought oriented) than todays "coders" most of which knows no damn thing but are a great Human Robots serving the functionos of ("Google Search for some ind of Programming language code" then "Copy" and "Paste" into a buggy module / script / application function) and then of course as a result you have a large clumsy (softwares) programs which eat a lot of Server resources (often crash – that's especially true for Java based applications) in the background and get respawned (which does severely load the servers CPUs / Memory) but as the end user is not aware of that it is considered a job finely done.

computers-kills-people-silence-means-security


2. The IT Computing and SysAdmin / Programmer Jobs offered today

In other words nowadays computing is becoming a mess, just like a system is complicating it becomes more prone to failures, the same happens with modern informatics. The chaos of programming languages code and concepts (especially), the abstracts makes a programming code harder to debug than in the past (of course that depends on the programmer too), but as most programmers are totally lame and doesn't understand even basic Hardware / Electronics concepts but are more of a Code Monkeys (yes I can say today's programmers are not really a programmers but a CODE MONKEYS !).

The result for the avarage sys admin is that the developed software are less and less custom but written in a way (to just run it on a server) and usually the sys admin ends up with less and less options for modification or debug problems of the software. As the tendency of installable services / programs (I am talking about the proprietary ones) are becoming more and more monolithic of nature.
As a consequence that starts making the classical system administration as most of todays softwares can be installed even by a highly trained monkeys (no real sysadm needed) and even if you work as a sysadmin it is very likely you are not involved in interesting job but doing more and more routine and burecracy work (which is hell at least for me – as one of my primary motivators to start a career in the IT field and specifically in the field of System Administration that back in the day the system administrator used to be a more important person for a company as a whole company infrastructure depended on the work of that single Super Man that made possible the Internet Accessibility for office users, made possible Linux / Windows servers to operate fine with a bunch of websites and some crazy softwares and platforms, and even took a periodic maintenance of an Office Workers PCs, not to mention the responsibilities to do the frequent data backups, do a support functions (talk heavily on the phone with customers with issues etc.) and help programmers set-up their crazy testing environments (developed project code) on a testing servers etc.

It was the golden age of system administration … and perhaps a golden age for the ones involved in the field of Computing .. really …

3. What if you end up to be a Jobless System Administrator today? What does current sys admin Job Market Place look like?


Have you listened to Venom (black metal band) song – Welcome to Hell?  … its like that ..

Yes, that's the worst nightmare for most of us sys admins , becoming jobless due to company bankruptcy, dismissal or just a desire for a rest for some time from the over active job to talk over the phone with uneasy and angry customers.
Al this put you you in a very harsh situation, because the Classical System Administartor jobs from the past such as building a Strong Company Firewall with IPTABLES or BSD PF is nowdays done by some pre-purchased router such as:

McAffee, Palo Alto, JuniperSRX 2020, Next Generation (firewall as a service such as Cato Networks), Kaspersky, Fortinet, (if you're lucky pfSense), Comodo Internet Security, Zone Alarm (the possible list of sh*t goes on and on …)

In other words businesses nowadays, prefer to buy a ready solution and most of this solutions even though being configurable, often have a weird interfaces and force the user to use a ready set of firewall rules (policies) rather than building ones from scratch … and most of the softwares can be configured by a normal non sysadmin anyways so mostly or soon the sysadm is not needed.

devops-diagram-explained-512px-Devops-toolchain.svg

If in the past you have build things from source or deployed / configured things server by server and each of your servers as a consequence had its kind of own spirit, because of the many custom things placed on it, the current situation with sysadmin job are mass deployments of pre-bundled packages (DevOpsDevelopment Operations – another crazy business non-sense buzzword that describes server scripting automation development) as a DevOps (SysAdmin) which is some kind of Hybdir between a programmer / scripter / db developer / and scripter you have to be eloquent or at least have some basic knowledge in mass deploy tools such as Docker, Ansible, Chef, Puppet, TeamCity, Bamboo, Fabric, Etc.
and to add even more hell to the hell, in most System Administration jobs you perhaps won't manage your own company data even but you will have to deal with third party vendors such as AWS Amazon or store the company important data in some external Cloud Storage service (except if you don't have the option to choose for a custom Own Cloud solution)

But often this is not enough you have to be more or less aware or have some experience with some SRE (Site Reliability Engineering)

But wait, that's not enough you need to be also a good Team Player communicate to a good number of often lame burecrats / lame progammers / a manager over your head that usually does not know shit about technology / a project manager / some Database guys that oten have a very questionable knowledge in Database programming maintenance .. etc. …  and the worst (in my humbe opinion) is that you have to spend 2, 3 as a mimumum daily in a non-sense meetings over proprietary non-free software program such as Skype For Business or Web Room meeting online such as WebEx with people that have little to know idea about technology or are presenting professionals but have a very questionable amount of knowledge in their field …

To summarize modern SysAdmin jobs, just like all other jobs are slavery but with the difference that in most common daily jobs most people have more freedom and are less dependent for their daily work, than you end up as a New Age of Computing Sys Admin.

system-administrator-stress-October-Poll-Sysadmin-Results-stress

Oh yeah and lets not forget the high amounts of STRESS you get daily as a sysadmin that for some is almost 24/7 especially for people who manage a large networks or server infrastructures. Suppose you migrate a Web services, database service, mail server, DNS record etc. and you make a minor mistake so the users can't access the service, guess who will be fired first ?! YOU !!! Even if you don't get hired, you'll be murmored and send for some kind of meaningless training just because you did a mistake (which is very normal, as every human daily days tons of mistakes) …

Another thing is if you're truely dedicated to system administration profession and you spend hours reading and learning new technologies (which in the field of system administration is inevitable) or just doing work from home as a freelancer to get some extra bucks and you don't have to actively sport (Running, Biking, Fitness, Mountaun Riding, whatver …), your Spinal problems and Herniated Discs (Neck or Waist) is to soon knock your door
and stay with you until your death bed.

 

But that's not all of the hurdles, many of the System Administrator like jobs of today require you to have an overview knowledge on Virtualization technologies such as VMWare ESX, VServer … and have a good idea about VPS management and even some employeers require a knowledge in Astrerisk IP PBX (Open Source Communiation Software) or other IP Telelphony software strangie …

Dear sysadmin collegues, my opinion is this kind of requirements are a little bit higher and almost impossible to match (or there are none to any living flesh) that attains all this knowledge or they will ever be.

… But even if you get employeed (and you tricked the HR interviee that you own the SuperMan + Batman + Robocop + You name your favourite movie superhero superpowers and went through the other interview (hell) circles) … finally you get hired and you end up often part of projects that are already seriously messed up from the start or developed in a way that even if succeed in a short term, guarantees a long term failure.

Oh the hirement process is also a lot of enjoyment for the burecracy freak, you have to fill in a number of documents, describing tons of information, provide tons of documents, certifications, talk a number of times on the phones with inadequate Human Resource representative (usually highly brainwashed ppl) "specialist" that knows shit about technology … Then you have to go to a few more selections, interviews further with a technical guy, fill in tests online (maybe not always) and finally talk to a company manager.

All above screening and selection I'm desribing of-course is featuring large corporations (which are among the little) that offers some decent sallaries like 1500 – 1800 EUR (for Eastern Europe) or 3000 – 3500 for rest of Western Europe (if you're a lucky American citizen you might earn up to 10 000 – 11 000 $).
The advantages of the large corporation besides the so-so sallary is the sense of security (that you want be jobless just next year or two from your day 1 in the company).

You can always become a sysadmin in a start-up company but finding such is also nowadays a real pain in the ass and even if you have a 12000+ unique a day visits site such as mine and you offer your sys admin skills for really cheap , you still will have troubles in finding clients / employeer for whom you can practice your skills and make a living as a SysAdmin.

That's pretty weird for me especially with the fact that everyone is tubing that more and more IT specialists are required ..

Anyways assuming you have the "luck" to get hired in a large corporation such as IBM you will have to do a very tedious job, such as either Backup with (IBM Data Protect), Veritas Backup, Barracuda Backup, HP Data Protector or similar software, only do build or deploy new servers, web services, databases or whatever else. E.g. your type of work is likely to be monotonоus and boring and will offer you not much than learning a little bit more about the technology you're already acquainted to ..

Moreover, because in modern IT, human freedom is not really respected … you either comply to the company brainwashing strategies a bulk shit procedures or you get fired, you either become a small wheel in the failing machine (here i mean most large companies you might end up hired nowdays reached its peak state are into a decline) and a logical result is living in constant fear that they might fire you end you might end up jobless or you stand up for what you're in the company and be careless about political correctnes and you quickly get inconvenient, politically incorrect (oh yes I forgot to mention this other craziness if you happen to be employeed you have to be politically correct) and do periodically a stupid exhausting Trainings (I prefer to call them a brainwashing session as most of the trainings are not teaching you anything but just wash your head to comply to shit). But if that Hell is not enough in the large corporation in order to look "normal" you have to partcipate in the Non-Sense Teambuildings, with team mates you have little to know affection (with the very same people you spend 5 days a week, now you have spend 1 /2 more day. every month or so …

long-term-ago-people-who-sacrifice-their-time-sleep-family-food-laughter-were-called-saints-now-they-are-called-it-professionals

So welcome to modern HELL OF system administration, or better to say welcome to the Cult of the large corporation businesses.

4. What are your options if you end up as a poor old school sys admin on the job market?

If you have a long history as a sys admin and computers become too boring for you like my case, you can always think about migrating to a Management position in the field of IT (this in most cases means doing nothing all day long pretending that you understand management and talking shit (laughing in a group), being present in a crazy management meeting whose essense is a shit talk all day long … with a bunch of people who facebook / youtube all day long talk about Latest Cars models and how they wish to have a half million car, watch and talk about fuzzy hand clocks, cheeks, plan their next vacation or where to have the lunch and housing (apartments) all day long (in some more extravagant cases you have some guys being wacky talking about drugs, sex and  rock-and-roll.)
but the unpleasent surprise here is even as a Manager you will probably have to start working for a corporation and have the same depressing atmosphere of people standing in front of their computers (tailor like) all their long with the only difference you will have to speak more with a number of computer addict zoombies (left without much options) that are doing some monkey programming / coding or Services job day after …

Other option you have is to move out of the virtual business at all and get into a real works industry such as getting a Construction job (but believe me such transitions, though I heard of are too painful) and sooner or later you will get back to computing virtual business ..

I have a friend Jose Mathew, whose exit poll from the IT business was to graduate a 2 years post-university course to become a professional Chef (cook) in restaurant but after already few years employeed as a Cook, he is again considering getting back into the IT and paradoxically he wants to enter the niche of Network Administrator (which I forget to mention earlier in that article).

The Network Administrators are among lucky System Administartors job profiles because there job is depending nowadays mostly on their CCNA / CCNP certificate, there experience with network routers such as Juniper, LinkSys, Cisco, Avaya etc.  But the big problem with being one of the guys is that the employment jobs offered are much less than the general Senior or Junior System Administrator (that is more free software Linux based).

The most luckly ones are the Windows System Administrators as the amount of such that are looked up on the market at the moment of writting this article is relatively high. The type of job for Win Sys Admin offered on the market as long as I researched is for Windows Sys Admins that have a good amount of experience / knowledge (with Active Directory) domain controller.

There might be some enjoyment for the Win SysAdmin if you have to develop your own PowerShell scripts or do some kind of automations on a domain controller level and from that perspective this job positions are attractive, but unfortunately that comes at the price for being a totally Microsoft software dependent (junkie).
But in overall it is much easier for the ordinary Win Sys Admin than the Unix one because of the reason Windows Servers and related scripting automation solutions is generally much easier to learn and many of the things you have to make up yourself on a common *NIX OS are already available in Windows in the form of some proprietary extra software you have to buy …
However for people as me who are involved in the UNIX world for the last 15 years, it want be easy to migrate to Windows System Administartor.

In my previous employment Job in Hewlett Packard (and later DXC) I have to do a lot of Windows System Administration jobs and I have to says, that was too easy in general but the downside of deploying some third party software on Windows in case of failure is the debugging on Windows is generally harder task than on Linux / BSD..

Another option if you want to move from the field of System Administarton is to start your own company in either Sys Admin or Programming field or Website building, Website hosting.
That's easy especially if you have a good amount of experience but the problem with this is you need a partner and often finding a partner is a tedious job …
Plus most of the clients you can get for your business are already clients of the Large Sharks corporations and at best you or your company might have to work as a contractor for the uncle SAM corporations ..

Of course as a sysadmin you can always repair computers and could try to start a business of computer (OS) repair niche, but as the competition in the field is enormous and you will have to work like crazy to be able to make a decent living, plus it is very likely that you bankrupt, because of lack of enough clients in need to fix their OS (as most people nowadays have learned on how to install Windows and basic surrounding softwares) …

 



system-administration-is-dying-grave-RIP-sysadmins

 


If you have land like my parents you can try to make a living by growing vegetables like Bio potatoes, cucumbers, tomatoes, cabbage, onions, garlic and other fruits such as Apples, Pears, Walnuts, Peaches etc.
The bio-fruits growing business though profitable in western societies is way from profitable in Eastern world so if you happen to be in some eastern country and you want to make good moving to the fruit growing / selling business might not make you rich but at least you will have benefits for your health because of the village / land work + you will have a little bit more independence and your mind will be much clearer. If you decide to try a physical work like this, your concentration level will improve as most IT industry people because of the long hours of computer madness jobs slowly start totally loose focus and often the stress of the Computer works impare memory ..

 

 

Another option for exit from System Administration industry if you have some little marketing experience or background is to move to become a Marketing or E-Marketing SEO specialist, that's not a bad option but the problem is still you will bundled in a permament marriage with the computer and the sallary you will get would most likely no different from the one you will get as a system administrator.
So just like any other Computer related job in order to keep in shape you either have to go Fitness 2 / 3 times a week or actively sport something, otherwise you might experience a growing decline in health over time (just like you already might have in sys admin field).

To sum up being a sysadmin is very enjoyable fun and bright profession, the only small problem is most true dedicated system administrators are know tend to suffer constant anxiety, hyper activity, have physical health issues, suffer forms of depressions or have mental issues (perhaps because of the inhuman amount of information they have to process daily and the large amounts of hard alcohol vodka, beer etc. 🙂 consumed as a mean of anti-depressant) …
But it seems other IT specialists I know such as programmers tend to often suffer similar problems. Besides that many of the people involved in sysadmin business or IT have troubles finding decent woman to marry, as they tend to become more or less anti-social (or gradually loose their ability for proper interactivion with human) because of the fact most of their life is being led in the virtual reality online.

But lets be optimistic, perhaps there are many sysadmins who have the luck to have started a normal life in a normal company and managed their life well with family and kids it is just I haven't met them yet 🙂

I know this post was quite a lot of rant and I would like to excuse anyone who was bored to read all this mess, but I felt obliged to share about this problem as the things are rushing through my mind for over a two years now and we had quite a discussions with friends / collegues on the realization that the system administration job is loosing its attractivity and that the new age of (cloud) computing is pushing computer science to move towards a bad and dark path which makes the individual both employee and user more dependant and less free  …

Nginx increase security by putting websites into Linux jails howto

Monday, August 27th, 2018

linux-jail-nginx-webserver-increase-security-by-putting-it-and-its-data-into-jail-environment

If you're sysadmining a large numbers of shared hosted websites which use Nginx Webserver to interpret PHP scripts and serve HTML, Javascript, CSS … whatever data.

You realize the high amount of risk that comes with a possible successful security breach / hack into a server by a malicious cracker. Compromising Nginx Webserver by an intruder automatically would mean that not only all users web data will get compromised, but the attacker would get an immediate access to other data such as Email or SQL (if the server is running multiple services).

Nowadays it is not so common thing to have a multiple shared websites on the same server together with other services, but historically there are many legacy servers / webservers left which host some 50 or 100+ websites.

Of course the best thing to do is to isolate each and every website into a separate Virtual Container however as this is a lot of work and small and mid-sized companies refuse to spend money on mostly anything this might be not an option for you.

Considering that this might be your case and you're running Nginx either as a Load Balancing, Reverse Proxy server etc. , even though Nginx is considered to be among the most secure webservers out there, there is absolutely no gurantee it would not get hacked and the server wouldn't get rooted by a script kiddie freak that just got in darknet some 0day exploit.

To minimize the impact of a possible Webserver hack it is a good idea to place all websites into Linux Jails.

linux-jail-simple-explained-diagram-chroot-jail

For those who hear about Linux Jail for a first time,
chroot() jail is a way to isolate a process / processes and its forked children from the rest of the *nix system. It should / could be used only for UNIX processes that aren't running as root (administrator user), because of the fact the superuser could break out (escape) the jail pretty easily.

Jailing processes is a concept that is pretty old that was first time introduced in UNIX version 7 back in the distant year 1979, and it was first implemented into BSD Operating System ver. 4.2 by Bill Joy (a notorious computer scientist and co-founder of Sun Microsystems). Its original use for the creation of so called HoneyPot – a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems that appears completely legimit service or part of website whose only goal is to track, isolate, and monitor intruders, a very similar to police string operations (baiting) of the suspect. It is pretty much like а bait set to collect the fish (which in this  case is the possible cracker).

linux-chroot-jail-environment-explained-jailing-hackers-and-intruders-unix

BSD Jails nowadays became very popular as iPhones environment where applications are deployed are inside a customly created chroot jail, the principle is exactly the same as in Linux.

But anyways enough talk, let's create a new jail and deploy set of system binaries for our Nginx installation, here is the things you will need:

1. You need to have set a directory where a copy of /bin/ls /bin/bash /bin/,  /bin/cat … /usr/bin binaries /lib and other base system Linux system binaries copy will reside.

 

server:~# mkdir -p /usr/local/chroot/nginx

 


2. You need to create the isolated environment backbone structure /etc/ , /dev, /var/, /usr/, /lib64/ (in case if deploying on 64 bit architecture Operating System).

 

server:~# export DIR_N=/usr/local/chroot/nginx;
server:~# mkdir -p $DIR_N/etc
server:~# mkdir -p $DIR_N/dev
server:~# mkdir -p $DIR_N/var
server:~# mkdir -p $DIR_N/usr
server:~# mkdir -p $DIR_N/usr/local/nginx
server:~# mkdir -p $DIR_N/tmp
server:~# chmod 1777 $DIR_N/tmp
server:~# mkdir -p $DIR_N/var/tmp
server:~# chmod 1777 $DIR_N/var/tmp
server:~# mkdir -p $DIR_N/lib64
server:~# mkdir -p $DIR_N/usr/local/

 

3. Create required device files for the new chroot environment

 

server:~# /bin/mknod -m 0666 $D/dev/null c 1 3
server:~# /bin/mknod -m 0666 $D/dev/random c 1 8
server:~# /bin/mknod -m 0444 $D/dev/urandom c 1 9

 

mknod COMMAND is used instead of the usual /bin/touch command to create block or character special files.

Once create the permissions of /usr/local/chroot/nginx/{dev/null, dev/random, dev/urandom} have to be look like so:

 

server:~# ls -l /usr/local/chroot/nginx/dev/{null,random,urandom}
crw-rw-rw- 1 root root 1, 3 Aug 17 09:13 /dev/null
crw-rw-rw- 1 root root 1, 8 Aug 17 09:13 /dev/random
crw-rw-rw- 1 root root 1, 9 Aug 17 09:13 /dev/urandom

 

4. Install nginx files into the chroot directory (copy all files of current nginx installation into the jail)
 

If your NGINX webserver installation was installed from source to keep it latest
and is installed in lets say, directory location /usr/local/nginx you have to copy /usr/local/nginx to /usr/local/chroot/nginx/usr/local/nginx, i.e:

 

server:~# /bin/cp -varf /usr/local/nginx/* /usr/local/chroot/nginx/usr/local/nginx

 


5. Copy necessery Linux system libraries to newly created jail
 

NGINX webserver is compiled to depend on various libraries from Linux system root e.g. /lib/* and /lib64/* therefore in order to the server work inside the chroot-ed environment you need to transfer this libraries to the jail folder /usr/local/chroot/nginx

If you are curious to find out which libraries exactly is nginx binary dependent on run:

server:~# ldd /usr/local/nginx/usr/local/nginx/sbin/nginx

        linux-vdso.so.1 (0x00007ffe3e952000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f2b4762c000)
        libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007f2b473f4000)
        libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f2b47181000)
        libcrypto.so.0.9.8 => /usr/local/lib/libcrypto.so.0.9.8 (0x00007f2b46ddf000)
        libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f2b46bc5000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2b46826000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f2b47849000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f2b46622000)


The best way is to copy only the libraries in the list from ldd command for best security, like so:

 

server: ~# cp -rpf /lib/x86_64-linux-gnu/libthread.so.0 /usr/local/chroot/nginx/lib/*
server: ~# cp -rpf library chroot_location

etc.

 

However if you're in a hurry (not a recommended practice) and you don't care for maximum security anyways (you don't worry the jail could be exploited from some of the many lib files not used by nginx and you don't  about HDD space), you can also copy whole /lib into the jail, like so:

 

server: ~# cp -rpf /lib/ /usr/local/chroot/nginx/usr/local/nginx/lib

 

NOTE! Once again copy whole /lib directory is a very bad practice but for a time pushing activities sometimes you can do it …


6. Copy /etc/ some base files and ld.so.conf.d , prelink.conf.d directories to jail environment
 

 

server:~# cp -rfv /etc/{group,prelink.cache,services,adjtime,shells,gshadow,shadow,hosts.deny,localtime,nsswitch.conf,nscd.conf,prelink.conf,protocols,hosts,passwd,ld.so.cache,ld.so.conf,resolv.conf,host.conf}  \
/usr/local/chroot/nginx/usr/local/nginx/etc

 

server:~# cp -avr /etc/{ld.so.conf.d,prelink.conf.d} /usr/local/chroot/nginx/nginx/etc


7. Copy HTML, CSS, Javascript websites data from the root directory to the chrooted nginx environment

 

server:~# nice -n 10 cp -rpf /usr/local/websites/ /usr/local/chroot/nginx/usr/local/


This could be really long if the websites are multiple gigabytes and million of files, but anyways the nice command should reduce a little bit the load on the server it is best practice to set some kind of temporary server maintenance page to show on the websites index in order to prevent the accessing server clients to not have interrupts (that's especially the case on older 7200 / 7400 RPM non-SSD HDDs.)
 

 

8. Stop old Nginx server outside of Chroot environment and start the new one inside the jail


a) Stop old nginx server

Either stop the old nginx using it start / stop / restart script inside /etc/init.d/nginx (if you have such installed) or directly kill the running webserver with:

 

server:~# killall -9 nginx

 

b) Test the chrooted nginx installation is correct and ready to run inside the chroot environment

 

server:~# /usr/sbin/chroot /usr/local/chroot/nginx /usr/local/nginx/nginx/sbin/nginx -t
server:~# /usr/sbin/chroot /usr/local/chroot/nginx /usr/local/nginx/nginx/sbin/nginx

 

c) Restart the chrooted nginx webserver – when necessery later

 

server:~# /usr/sbin/chroot /nginx /usr/local/chroot/nginx/sbin/nginx -s reload

 

d) Edit the chrooted nginx conf

If you need to edit nginx configuration, be aware that the chrooted NGINX will read its configuration from /usr/local/chroot/nginx/nginx/etc/conf/nginx.conf (i'm saying that if you by mistake forget and try to edit the old config that is usually under /usr/local/nginx/conf/nginx.conf

 

 

Install and use personal Own Cloud on Debian Linux for better shared data security – OwnCloud a Free Software replacement for Google Drive

Thursday, August 23rd, 2018

owncloud-self-hosted-cloud-file-sharing-and-storage-service-for-gnu-linux-howto-install-on-debian

Basicly I am against the use of any Cloud type of service but as nowadays Cloud usage is almost inevitable and most of the times you need some kind of service to store and access remotely your Data from multiple devices such as DropBox, Google Drive, iCloud etc. and using some kind of infrastructure to execute high-performance computing is invitable just like the Private Cloud paid services online are booming nowdays, I decided to give a to research and test what is available as a free software in the field of Clouding (your data) 🙂

Undoubfully, it is really nice fact that there are Free Software / Open Source alternatives to run your Own personal Cloud to store your data from multiple locations on a single point.

The most popular and leading Cloud Collaboration service (which is OpenSource but unfortunately not under GPLv2 / GPV3 – e.g. not fully free software) is OwnCloud.

ownCloud is a flexible self-hosted PHP and Javascript based web application used for data synchronization and file sharing (where its remote file access capabilites are realized by Sabre/Dav an open source WebDav server.
OwnCloud allows end user to easily Store / Manage files, Calendars, Contacts, To-Do lists (user and group administration via OpenID and LDAP), public URLs can be easily, created, the users can interact with browser-based ODF (Open Document Format) word processor , there is a Bookmarking, URL Shortening service integrated, Gallery RSS Feed and Document Viewer tools such as PDF viewer etc. which makes it a great alternative to the popular Google Drive, iCloud, DropBox etc.

The main advantage of using a self-hosted Cloud is that Your data is hosted and managed by you (on your server and your hard drives) and not by some God knows who third party provider such as the upmentioned.
In other words by using OwnCloud you manage your own data and you don't share it ot on demand with the Security Agencies with CIA, MI6, Mussad … (as it is very likely most of publicly offered Cloud storage services keeps track on the data stored on them).

The other disadvantage of Cloud Computing is that the stored data on such is usually stored on multiple servers and you can never know for sure where your data is physically located, which in my opinion is way worse than the option with Self Hosted Cloud where you know where your data belongs and you can do whatever you want with your data keep it secret / delete it or share it on your demand.

OwnCloud has its clients for most popular Mobile (Smart Phone) platforms – an Android client is available in Google Play Store as well as in Apple iTunes besides the clients available for FreeBSD OS, the GNOME desktop integration package and Raspberry Pi.

For those who are looking for additional advanced features an Enterprise version of OwnCloud is also available aiming business use and included software support.

Assuming you have a homebrew server or have hired a dedidacted or VPS server (such as the Ones we provide) ,Installing OwnCloud on GNU / Linux is a relatively easy
task and it will take no more than 15 minutes to 2 hours of your life.
In that article I am going to give you a specific instructions on how to install on Debian GNU / Linux 9 but installing on RPM based distros is similar and straightfoward process.
 

1. Install MySQL / MariaDB database server backend
 

By default OwnCloud does use SQLite as a backend data storage but as SQLite stores its data in a file and is becoming quickly slow, is generally speaking slowre than relational databases such as MariaDB server (or the now almost becoming obsolete MySQL Community server).
Hence in this article I will explain how to install OwnCloud with MariaDB as a backend.

If you don't have it installed already, e.g. it is a new dedicated server install MariaDB with:
 

server:~# apt-get install –yes mariadb-server


Assuming you're install on a (brand new fresh Linux install – you might want to install also the following set of tools / services).

 

server:~# systemctl start mariadb
server:~# systemctl enable mariadb
server:~# mysql_secure_installation


mysql_secure_installation – is to finalize and secure MariaDB installation and set the root password.
 

2. Create necessery database and users for OwnCloud to the database server
 

linux:~# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE owncloud CHARACTER SET utf8;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'owncloud_passwd';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q

 

3. Install Apache + PHP necessery deb packages
 

As of time of writting the article on Debian 9.0 the required packages for a working Apache + PHP install for OwnCloud are as follows.

 

server:~# apt-get install –yes apache2 mariadb-server libapache2-mod-php7.0 \
openssl php-imagick php7.0-common php7.0-curl php7.0-gd \
php7.0-imap php7.0-intl php7.0-json php7.0-ldap php7.0-mbstring \
php7.0-mcrypt php7.0-mysql php7.0-pgsql php-smbclient php-ssh2 \
php7.0-sqlite3 php7.0-xml php7.0-zip php-redis php-apcu

 

4. Install Redis to use as a Memory Cache for accelerated / better performance ownCloud service


Redis is an in-memory kept key-value database that is similar to Memcached so OwnCloud could use it to cache stored data files. To install latest redis-server on Debian 9:
 

server:~# apt-get install –yes redis-server

5. Install ownCloud software packages on the server

Unfortunately, default package repositories on Debian 9 does not provide owncloud server packages but only some owncloud-client packages are provided, that's perhaps the packages issued by owncloud does not match debian packages.

As of time of writting this article, the latest available OwnCloud server  version package for Debian is OC 10.

a) Add necessery GPG keys

The repositories to use are provided by owncloud.org, to use them we need to first add the necessery gpg key to verify the binaries have a legit checksum.
 

server:~# wget -qO- https://download.owncloud.org/download/repositories/stable/Debian_9.0/Release.key | sudo apt-key add –

 

b) Add owncloud.org repositories in separete sources.list file

 

server:~# echo 'deb https://download.owncloud.org/download/repositories/stable/Debian_9.0/ /' | sudo tee /etc/apt/sources.list.d/owncloud.list

 

c) Enable https transports for the apt install tool

 

server:~# apt-get –yes install apt-transport-https

 

d) Update Debian apt cache list files and install the pack

 

server:~# apt-get update

 

server:~# apt-get install –yes owncloud-files

 

By default owncloud store file location is /var/www/owncloud but on many servers that location is not really appropriate because /var/www might be situated on a hard drive partition whose size is not big enough, if that's the case just move the folder to another partition and create a symbolic link in /var/www/owncloud pointing to it …


6. Create necessery Apache configurations to make your new self-hosted cloud accessible
 

a) Create Apache config file

 

server:~# vim /etc/apache2/sites-available/owncloud.conf

 

 

Alias /owncloud "/var/www/owncloud/"

<Directory /var/www/owncloud/>
Options +FollowSymlinks
AllowOverride All

<IfModule mod_dav.c>
Dav off
</IfModule>

SetEnv HOME /var/www/owncloud
SetEnv HTTP_HOME /var/www/owncloud

</Directory>

b) Enable Mod_Dav (WebDAV) if it is not enabled yet

 

server:~# ln -sf ../mods-available/dav_fs.conf
server:~# ln -sf ../mods-available/dav_fs.load
server:~# ln -sf ../mods-available/dav.load
server:~# ln -sf ../mods-available/dav_lock.load

c) Set proper permissions for /var/www/owncloud to make upload work properly

 

chown -R www-data: /var/www/owncloud/


d) Restart Apache WebServer (to make new configuration affective)

 

 

server:~# /etc/init.d/apache2 restart


7. Finalize  OwnCloud Install
 

Access OwnCloud Web Interface to finish the database creation and set the administrator password for the New Self-Hosted cloud
 

http://Your_server_ip_address/owncloud/

By default the Web interface is accessible in unencrypted (insecure) http:// it is a recommended practice (if you already don't have an HTTPS SSL certificate install for the IP or the domain to install one either a self-signed certificate or even better to use LetsEncrypt CertBot to easily create a valid SSL for free for your domain

 

installing-OwnCloud-Web-Config-User-Pass-interface-Owncloud-10-on-Debian-9-Linux-howto

Just fill in in your desired user / pass and pass on the database user / password / db name (if required you can set also a different location for the data directory from the default one /var/www/owncloud/data.

Click Finish Setup and That's all folks!

owncloud-server-web-ui-interface

OwnCloud is successfully installed on the server, you can now go and download a Mobile App or Desktop application for whatever OS you're using and start using it as a Dropbox replacement. In a certain moment you might want to consult also the official UserManual documentation as you would probably need further information on how to manage your owncloud.

Enjoy !

How to mount LVM partition volume on Linux

Wednesday, August 22nd, 2018

lvm-logical-volume-logical-volume-groups

(LVM) = Logical Volume Manager is a device mapper offering logical volume management for the Linux kernel. Virtually all modern GNU / Linux distributions has support for it and using LVM is used among almost all Hosting Providers on (dedicated) backend physical and Virtual XEN / VMWare etc. servers because it provides the ability to merge a number of disks into virtual volumes (for example you have a number of SSD Hard Drives on a server that are under a separate /dev/sda1 /dev/sda2 /dev/sdb3 /dev/sdb4 etc. and you want all the HDDs to appear as a single file system this is managed by Linux LVM.

Logical-volume-manager-linux-explained-diagram.svg

Picture sources Wikipedia

The use of LVM is somewhat similar to RAID 0 disk arrays, where the good about it it allows the removal and addition of hard disks in real time (broken hard disks) on servers to be replaced without service downtime as well as dynamic HDD volume resizal is possible. LVM allows also relatively easy encryption of multiple HDD volumes
with single password.

Discs can be organized in volume groups (so lets say 2 of the server Attached conventional Hard Disks, SCSI or SSDs can be attached to LVM1 and another 3 Hard Drives could be attached to LVM2 group etc.

LVM has been an integral part of Linux kernel since 1998.

lvm is available for install via apt, yum, dhf etc. under a package called lvm2, so to install it on Debian / Ubuntu Fedora Linux (if it is not already installed on the servers with).

 

– Install LVM2 On Debian / Ubuntu
 

debian:~# apt-get install –yes lvm2

 


– Install LVM2 on Fedora / CentOS (Redhat RPM based distros)

 

[root@centos ~]:# yum install -y lvm2


or

[root@fedora ~]:#  dhf install -y lvm2


I. Mounting LVM2 on Linux server after broken DISK change part of a LVM Volume

For example the HDD faileddue to bad sectors and physical HDD head damage damage  – the easiest way to figure that out if the server is running smartd or via a simple HDD test check from BIOS  ( as the ROOT partition is on a LVM it fails to boot properly. You have changed the broken HDD with a brand new and you need to remount the LVM either physically on the server console or remotely via some kind of BIOS KVM interface).

In my experience working for Santrex this was a common sysadmin job, as many of the Virtual Client servers as well as others irons situated in various DataCenters, were occasionally failing to boot and the monitoring system was reporting about the issues and we had to promptly react and bring the servers up.

Here is shortly how we managed to re-mount the LVM after the SSDs / HDDS were substituted:

    1.1. Execute fdisk, vgscan / lvdisplay command

fdisk-lvm-screenshot

lvdisplay-screenshot

vgscan scans all supported LVM block devices in the system for VGs (Virtual Groups)

vgscan-vgchange-screenshot-lvm

    1.2. Next issue vgchange command to activate volume
 

vgchange -ay


   
    1.3. Type lvs command to get information about logical volumes

 

lvs


   
    1.4. Create a mount point using the mkdir command

      That's because we wanted to check the LVM will get properly mounted on next server reboot).
   
     1.5. Mount an LVM volume using
 

server:~# mount /dev/mapper/DEVICE /path/to/mount_point

 

     1.6. To check the size of the LVM (mount points, mounted LVM /dev/names sizes and the amount of free space on each of them use)
 

server:~# df -T

MySQL crashes after upgrade from MySQL to MariaDB and how to fix it

Tuesday, August 21st, 2018

how-to-fix-crashing-mysql-after-upgrade-to-mariadb-database-mariadb-logo.png

If you have recently upgraded your Debian / Ubuntu / CentOS Linux Server to the latest RPM / DEB packages as part of the upgrade you might have noticed the upgrade of MySQL Community Server  (which was bought by Oracle Corporation few years ago) is automatically upgraded to MariaDB (which is a MySQL fork made by the original developers of MySQL and guaranteed to stay open source. Just to name some of the Notable users include Wikipedia, WordPress.com and Google.).

You might have noticed MariaDB's restart script which is still under /etc/init.d/mysql  won't start and a quick check in /var/log/mysql.err | /var/log/mysql.log
shows errors of /usr/bin/mysqld crashing with errors like:

140502 14:13:05 [Note] Plugin 'FEDERATED' is disabled.
InnoDB: Log scan progressed past the checkpoint lsn 108 1057948207
140502 14:13:06  InnoDB: Database was not shut down normally!
InnoDB: Starting crash recovery.
InnoDB: Reading tablespace information from the .ibd files…
InnoDB: Restoring possible half-written data pages from the doublewrite
InnoDB: buffer…
InnoDB: Doing recovery: scanned up to log sequence number 108 1058059648
InnoDB: 1 transaction(s) which must be rolled back or cleaned up
InnoDB: in total 15 row operations to undo
InnoDB: Trx id counter is 0 562485504
140502 14:13:06  InnoDB: Starting an apply batch of log records to the database…
InnoDB: Progress in percents: 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99
InnoDB: Apply batch completed
InnoDB: Starting in background the rollback of uncommitted transactions
140502 14:13:06  InnoDB: Rolling back trx with id 0 562485192, 15 rows to undo
140502 14:13:06  InnoDB: Started; log sequence number 108 1058059648
140502 14:13:06  InnoDB: Assertion failure in thread 1873206128 in file ../../../storage/innobase/fsp/fsp0fsp.c line 1593
InnoDB: Failing assertion: frag_n_used > 0
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.1/en/forcing-recovery.html
InnoDB: about forcing recovery.
140502 14:13:06 – mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=16777216
read_buffer_size=131072
max_used_connections=0
max_threads=151
threads_connected=0
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 345919 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x0
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong…
stack_bottom = (nil) thread_stack 0x30000
140502 14:13:06 [Note] Event Scheduler: Loaded 0 events
140502 14:13:06 [Note] /usr/sbin/mysqld: ready for connections.
Version: '5.1.41-3ubuntu12.10'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  (Ubuntu)
/usr/sbin/mysqld(my_print_stacktrace+0x2d) [0xb7579cbd]
/usr/sbin/mysqld(handle_segfault+0x494) [0xb7245854]
[0xb6fc0400]
/lib/tls/i686/cmov/libc.so.6(abort+0x182) [0xb6cc5a82]
/usr/sbin/mysqld(+0x4867e9) [0xb74647e9]
/usr/sbin/mysqld(btr_page_free_low+0x122) [0xb74f1622]
/usr/sbin/mysqld(btr_compress+0x684) [0xb74f4ca4]
/usr/sbin/mysqld(btr_cur_compress_if_useful+0xe7) [0xb74284e7]
/usr/sbin/mysqld(btr_cur_pessimistic_delete+0x332) [0xb7429e72]
/usr/sbin/mysqld(btr_node_ptr_delete+0x82) [0xb74f4012]
/usr/sbin/mysqld(btr_discard_page+0x175) [0xb74f41e5]
/usr/sbin/mysqld(btr_cur_pessimistic_delete+0x3e8) [0xb7429f28]
/usr/sbin/mysqld(+0x526197) [0xb7504197]
/usr/sbin/mysqld(row_undo_ins+0x1b1) [0xb7504771]
/usr/sbin/mysqld(row_undo_step+0x25f) [0xb74c210f]
/usr/sbin/mysqld(que_run_threads+0x58a) [0xb74a31da]

/usr/sbin/mysqld(trx_rollback_or_clean_all_without_sess+0x3e3) [0xb74ded43]
/lib/tls/i686/cmov/libpthread.so.0(+0x596e) [0xb6f9f96e]
/lib/tls/i686/cmov/libc.so.6(clone+0x5e) [0xb6d65a4e]
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.

Any recommendations?
mysql

I hoped to solve the /usr/bin/mysqld segfault error with server reboot as I though the problem is caused by the fact libc library was updated, but even a reboot did not solve it.

I've investigated online for a solution and found following MySQL corruption and recovery article.

The solution outlined there is very simple and comes to adding the line:
 

innodb_force_recovery = 1


to /etc/mysql/my.cnf

Assuming the mysql server is not running before restarting mariadb server.

1. Make a backup (Dump) of all MySQL tables

mysql:~# mysqldump -A > dump.sql

2. Drop all databases which need recovery.
You can do that from mysql cli or phpmyadmin

3. Stop mysqld.

mysql:~# /etc/init.d/mysql restart

4.  Remove /var/lib/mysql/ib*

mysql:~# rm -rf /var/lib/mysql/ib*

5. Comment out innodb_force_recovery in /etc/mysql/my.cnf

6. Restart mysqld. Look at mysql error log.
If everything is fine and you have problems with broken or missing databases the best thing next is to stop again mariadb and

7. Restore databases from the dump

mysql:~# mysql < dump.sql

 

 

 

What Every Body is Saying – one of Best books on Body Language ever written

Tuesday, August 14th, 2018

how-to-learn-to-read-people-and-become-a-better-communicator-What-every-body-is-saying-book-cover

Those interested in People Reading or holding a Management position position job inside some Small or Mid sized corporation could benefit greatly of a Book called
What Every Body is Saying

What Every Body is Saing is written by an ex-FBI Agent (JOE NAVANNO), probablythere are no actually ex-FBI agents, but that's a topic for another post.

The book is quick to read, especially if you follow the pictures of Body postures shown with their little description below.
Many of the Body Languages so commonly adopted by multitudes of people, thanks to the American of the Culture world-wide are being practiced
in some degree in mostly all people you might know (mostly unconsciously) …


What Every Body is Saying could be of a great help to people who want to make through in life and for Start-up company CEOs, Human Resource Managers, or anyone who want to better learn to communicate and Influence People.

Even in a normal family relations, being able to properly identify the Body Language of your Wife or kids would seriously benefit you and if you keep attention (focus) would reveal there short term-plans.

what-sitting-posture-is-sayingbook-what-every-body-is-saying

Adopting some of the suggested body languages in the book would definitely help you improve how people perceive you and practising some so called "Confident postures" could even boost your Confidence levels dramatically both when you're alone or when you are in a group of people or A Company Team Meeting.

Reading the Person Body language is of a great help also to understand the approximate Emotional / Spiritual state the person in front of you is and even if applied proparly could help you make the person or group of people be positively influenced to change from a negative to positive mindset
or when working on a project, could help you dramatically to make the people work more efficiently and boost their motivation / mood about the things, they have to someday do anyways.

The reader has to know of course that most of the mentioned body language cues are generalizations and in order to find out the exact messages being sent on non-verbal communication level depends on a multiple factors and many of the Body languages talked might be in a modified form and even some could be totally different from any of the described of the book.

However the observation practice (at least mine) shows that at least 60-70% of the described Body Language postures are adopted and used by mostly anyone out there.
To check the validity of the things described in the books just sit somewhere in a park or in a bar / caffeteria and watch carefully how people interact, you will be surprised how many things are being communicated non-verbally and how often the lack of one of the two, or two have severe communication issues, just because they couldn't synchronize their body language or lack the ability to read the other interlocutor's processed and communicated intentions.

The book when red at least for me was a wide eyes opener and even though as a Christian, I've always been doubting that any-generalization model trying to frame up people is very untrue and trying to influence people with your Body Language is bad sinful (kinda of satanic) practice, realizing that even Christians does communicate and do use body language (because they're conditioned by the society they lived in), that means that improving your Body Language to be more convincing in mostly anti-christian society we live can do you good favour to be adequate in society, or at least you can be aware of the existence of the Body Language and its meaning.

By the way, many of the models and gestures as translated described as a behaviour body interpretations are perhaps highly used nowadays by Agents across all the major Secret Services agencies such as CIA, MI6, KGB, Mussad etc.

book-what-every-body-is-saying_or-how-to-improve-your-daily-relations-by-reading-people

This kind of things are learned in most business universities nowadays, but the way the Body Reading / Influencing knowledge is communicated in Business universities is a disaster, because it is usually compiled by Professors who alone are not expert or haven't been advanced enough in body language.
Thus even like that if you read the book, I'm sure you will benefit and perhaps reread it at least a couple of times in the coming years …

A summary of the book goes like this:

1. It starts with a short story on how the author get acquainted to the knowledge of body language and his personal life events

The author Joe Navarro was an emigrant from Cuba to US as the age of 8, because the author inability to speak English at all, his best way to understand what the other was saying or communicating in the first few years in US was to observe closely what the person in front was communicating non-verbally and makes guesses, what that could be.
His family and grandmother also played a key role to help him learn the craft of Body Language reaading.

Growing up and graduating college in the age of Baby Boomers, Joe Navarro was hired in FBI where he spend the following years as an agent specializing in Counter Intelligence
and behavior assessment.

2. It continues as the knowledge on Body interprations is being served in a very stuffed manner

 

what-everybody-is-saying-back-book-cover

The 3 key things to remember out of the book goes like that:

    A. At least 60% of what you say is not coming out of your mouth.
    B. There’s one more option next to fight or flight responce our brain does automatically
    C. To become a master at reading body language, you have to develop situational awareness.

The book claims that people tend to be stuck into 3 main states (as a result of the evolutionary development of species (Creationists and Christian fundamentalists could argue seriously here 🙂 ) , whenever facing a difficult situation these are:

  • Freeze
  • Fight
  • Flight

To sum up if you're looking for new ways to improve your current relationships with people and build a new ones, the book would definitely help you tremendously.
I've found the book in a PDF format with few simple searches online so those who can't afford it could also download it from the internet (at least as of time of writting this article).
A lot of the exampled Body confidence / influence postures described in the book you will find on mostly any Kids Cartoon and Internet top shows and in mostly everybody from TED Talks show and mostly all Youtube educational videos and podcasterers.

That's all Folks, Enjoy reading!