Posts Tagged ‘Debian Lenny’

Auto insert password for a Trusted SSL Certificate / Automatically enter password for an SSL Certificate during Apache startup on Debian Lenny

Friday, March 26th, 2010

Protect-Your-Private-SSL_keys-Apache-howto
I've recently installed a Trusted certificate that I've previously protected with a pass-phrase to an Apache server running on top of Debian in order to have a better security.
Now everytime I restart Apache it's pretty annyoing and non-practical at the same time, to enter the Passphrase assigned to the SSL certificate.
It's also dangerous because if Apache crashes and tries to resurrect itself restartig it might not start-up again.
Another unpleasant possible scenario is if for example some of the php code developers tries to change something minor in some Virtualhost and afterwards restarts Apache for the new configurations to take place, again Apache won't bring up and a chaos would emerge.
So I decided to configurate my Apache that it auto fills in the passphrase each time it's being started or restarted.To do that I consulted some online resources and I end up redirected by a blog post to the mod_ssl ssl_reference web page

There is plenty of stuff on that document however in my case all I needed was one directive in /etc/apache2/mods-avalable/mods-available/ssl.conf :

SSLPassPhraseDialog exec:/etc/apache2/mods-available/passphrase

The above code must replace:

SSLPassPhraseDialog builtin

Now last step is to prepare the /etc/apache2/mods-available/passphrase .
Make sure the file has the following content:

#!/bin/sh
echo "yoursecretpassword"

Change above yoursecretpassword with your configured passphrase.
Also please make sure /etc/apache2/mods-availabe/passphrase has proper set permissions. In my case I've set the following permissions for the file:

debian:~# chown www-data:www-data /etc/apache2/mods-available/passphrase
debian:~# chmod 700 /etc/apache2/mods-available/passphrase

That should be it, Restart Apache and make sure Apache is properly loaded without anySSL passphrase prompts.
However you should have in mind that auto enabling passphrase loading on starting in Apache is much more insecure than typing in the password every time you restart Apache. Storing the passphrase in a file is quite insecure compared to if you type it every time Apache starts.
For instance if a hacker breaks into your server he might be able to steal your SSL certificate as well as the passphrase file.
And surely this is something you don't want. Anyways flexibility has a price and if you decide to go the way described, please note the risk first.

 

   

If you haven't already added a password to your private key during certficate generation time,

Of course you can add/remove a passphrase at a later time.

    add one (assuming it was an rsa key, else use dsa)

    openssl rsa -des3 -in your.key -out your.encrypted.key
    mv your.encrypted.key your.key

    the -des3 tells openssl to encrypt the key with DES3.

    remove it

    openssl rsa -in your.key -out your.open.key

    you will be asked for your passphrase one last time
    by omitting the -des3 you tell openssl to not encrypt the output.

    mv your.open.key your.key

 

Enable Rsyslog and Syslog cron events logging in /var/log/cron.log on Debian Lenny

Friday, April 9th, 2010

By default Debian doesn’t log it’s cron events in a separate log file.
All the cron events got logged along with all the other syslog events configured by default in either syslog or rsyslog.
So you end up with a /var/log/syslog which includes many versatile messages. That’s really unpleasent if you want to keep track of your cron events separately.
I always change this behaviour while configuring new servers or Desktop systems running Debian.
Therefore I decided to share here what I do to enable separate cron logging. The logged cron events would go to var/log/cron.log.
As a starter please make sure you have the file /var/log/cron.log existing on your filesystem tree, if you have it not then please create it:
debian:~# touch /var/log/cron.log

To configure your crond to log to /var/log/cron.log on a system running syslogd all you have to do is edit /etc/syslog.conf and either include the line:

cron.* /var/log/cron.log
or simply uncomment the same line already laying commented in the syslog.conf.
If you’re using the enhanced version of syslogd for Linux (Rsyslog) the code syntax that is necessery to be included is absolutely identical.
Again you have to include:

cron.* /var/log/cron.log

in /etc/rsyslog.conf or uncomment the line shown above in /etc/rsyslog.conf.

Now last step to do is to reload syslogd or rsyslogd.

With syslogd running on your system execute:

debian:~# killall -HUP syslogd

With rsyslogd as a default system logger:

debian:~# killall -HUP rsyslogd

Now you should have your crond logging to the separate /var/log/cron.log, wish you happy cron.log reading 🙂

Install Google Chrome Web Browser Chrome on 32 and 64 bit Debian Lenny and Squeeze/Sid Linux

Sunday, July 25th, 2010

Linux Tux Google Chrome

I’ve decided to write a short post on how to install in a quick manner Google Chrome on Debian GNU/Linux.

There are few reasons why you would consider installing Chrome, however the most obvious one is is the browser speed.
I should admit the browsing experience with Chrome looks and feels far better compared to Iceweasel (e.g. Firefox) on Debian.
It could be that web loading speed performance with Epiphany or Opera is similar to Chrome in terms of velocity, apart from the faster browser experience with Google Chrome, I’ve seen reports online that sometimes Google Chrome behaves better when it comes to multimedia audio and video streams online.

Another thing I notice in Google Chrome is that it’s generally much lighter and loads the base browser times faster than Iceweasel.

The most accurate way to install Chrome on Debian Linux is using Google Linux repositories

So to install add to your /etc/apt/sources.list the following google linux repo

# Google software repository
deb http://dl.google.com/linux/deb/ stable non-free main

e.g.

debian-deskop:~# echo "deb http://dl.google.com/linux/deb/ stable non-free main" >> /etc/apt/sources.list

Then update your repositories list with apt-get:

debian-desktop:~# apt-get update

Next choose your google chrome preferred release between the available (beta, stable and unstrable) version.
I’ve chose to install the Google Chrome stable release apt-getting it like shown below

debian-desktop:~# apt-get install google-chrome-stable

Now the google chrome will be ready to use to start using it either start it up from the Gnome / KDE Menus or exec the command:

debian-desktop:~$ google-chrome

So far so good, you will have now a gnome browser, however what is really irritating is the default behaviour of the chrome install by default it tampers with the default browser configured for my whole Linux desktop system in other words it automatically links:

/etc/alternatives/gnome-www-browser to -> /usr/bin/google-chrome as well as,
/etc/alternatives/x-www-browser to -> /usr/bin/google-chrome

Well I wasn’t happy with that unwarranted install behaviour of Google Chrome therefore I decided to reverse my default Gnome and System Browser back to Epiphany.

First I removed the links to /usr/bin/google-chrome

debian-desktop:~# rm -f /etc/alternatives/gnome-www-browser
debian-desktop:~# rm -f /etc/alternatives/x-www-browser

And thereafter I linked it back to Epiphany

debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/gnome-www-browser
debian-desktop:~# ln -sf /usr/bin/epiphany /etc/alternatives/x-www-browser