Posts Tagged ‘read’
Tuesday, April 7th, 2015 
There are plenty of security schemes and strategies you can implement if you're a Shared Web Hosting company sysadmin however probably the most vital one is to install on Apache + PHP Webserver SuPHP module.
# apt-cache show suphp-common|grep -i descrip -A 4
Description: Common files for mod suphp Suphp consists of an Apache module (mod_suphp for either Apache 1.3.x or Apache 2.x) and a setuid root binary (suphp) that is called by the Apache module to change the uid of the process executing the PHP interpreter to the owner of the php script.
So what SuPHP actuall does is to run separate CPanel / Kloxo etc. Users with separate username and groupid permissions coinciding with the user present in /etc/passwd , /etc/shadow files existing users, thus in case if someone hacks some of the many customer sites he would be able to only write files and directories under the user with which the security breach occured.
On servers where SuPHP is not installed, all systemusers are using the same UserID / GuID to run PHP executable scripts under separate domains Virtualhost which are coinciding with Apache (on Debian / Ubuntu uid, gid – www-data) or on (CentOS / RHEL / Fedora etc. – user apache) so once one site is defaced exploited by a worm all or most server websites might end up infected with a Web Virus / Worm which will be trying to exploit even more sites of a type running silently in the background. This is very common scenarios as currently there are donezs of PHP / CSS / Javasripts / XSS vulnerability exploited on VPS and Shared hosting servers due to failure of a customer to update his own CMS scripts / Website (Joomla, Wordpress, Drupal etc.) and the lack of resource to regularly monitor all customer activities / websites.
Therefore installing SuPHP Apache module is essential one to install on new serverslarge hosting providers as it saves the admin a lot of headache from spreading malware across all hosted servers sites ..
Some VPS admins that are security freaks tend to also install SuPHP module together with many chrooted Apache / LiteSpeed / Nginx webservers each of which running in a separate Jailed environment.
Of course using SuPHP besides giving a improved security layer to the webserver has its downsides such as increased load for the server and making Apache PHP scripts being interpretted a little bit slower than with plain Apache + PHP but performance difference while running a site on top of SuPHP is often not so drastic so you can live it up ..
Installing SuPHP on a Debian / Ubuntu servers is a piece of cake, just run the as root superuser, usual:
# apt-get install libapache2-mod-suphp
Once installed only thing to make is to turn off default installed Apache PHP module (without SuPHP compiled support and restart Apache webserver):
# a2dismod php5 …
# /etc/init.d/apache2 restart
…
To test the SuPHP is properly working on the Apache Webserver go into some of many hosted server websites DocumentRoot
And create new file called test_suphp.php with below content:
# vim test_suphp.php
<?php
system('id');
?>
Then open in browser http://whatever-website/test_suphp.php assuming that system(); function is not disabled for security reasons in php.ini you should get an User ID, GroupID bigger than reserved system IDs on GNU / Linux e.g. ID > UID / GID 99
Its also a good idea to take a look into SuPHP configuration file /etc/suphp/suphp.conf and tailor options according to your liking
If different hosted client users home directories are into /home directory, set in suphp.conf
;Path all scripts have to be in
docroot=/home/
Also usually it is a good idea to set
umask=0022
Tags: apache webserver, customer, debian linux, file, good, home directory, hosting servers, how to install suphp apache better security, improve apache user security suphp, install suphp debian, level, Linux, piece of cake, plenty, read, root, running, scripts, security, security breach, server, servers, setup, Shared Web Hosting, sysadmin, website, Website Joomla
Posted in Computer Security, Linux, System Administration, Various, Web and CMS | No Comments »
Wednesday, March 12th, 2014 
If you need to do some basic batch scripting sooner or later you will have to insert input from command line to a variable. In Linux this is done with read command, i.e.:
$ echo -n "Type a password for admin:";
$ read line;
$ echo $line;
So here is how to do the same if you need it for a Windows Batch (.BAT) file
C:\\Users\\> Set /p string='What do you want to ask?:'
'What do you want to ask?:'
This will define the string variable, to later print out the variable use:
> echo %string%
variable input output
Tags: admin, basic, BAT, command, echo, input output, line, Linux, need, password, read, string, Windows
Posted in Everyday Life, Various, Windows | No Comments »
Tuesday, August 24th, 2010 
Today when I was reviewing my daily visited websites I come across an interesting news.
This kind of meeting is quite a news because it is the first in line where Free software users and developmers fromall around the balkanies will meet to discuss,test,share and continue the free software code and ideals.
The first Free Software conference in the Balkanies is about to be hosted in Vlora University Albania .
The conference Free Software in Balkans (FreeSB2010) is an annual meeting of the free software users, developpers and supporters in the Balkan countries. It will travel from country to country, year to year to different locations. The Conference will gather professionals, academics and enthusiasts who share the vision that software should be free and open for the community to develop and customize to its needs, and that knowledge is a communal property and free and open to everyone.
This kind of event will build up the social network between free software fans and developers and will further help in the general spread of free software on the balkanies.
This kind of meeting are already for a long time a tradition in many states in America, so having it in the balkanies is quite a development.
You can read a bit more about the exact focus of Free Software in Balkans 2010 conference here
Pitily right now there is no published scheduled list of presentations which are about to be given in the conference, but I guess the conference schedule would be out in a few days time.
I’m not yet sure if I’ll have the time and opportunity to attend the conference, however I do hope that somebody of my balkan readers will got interested into the “fabulous” Free Software event and will support the event’s initiative by visiting it 🙂
Tags: event, few days, Free Software in Balkans 2010 (A free software conference on the Balkanies is approaching), kind, long time, meeting, network, news, read, share, support
Posted in Linux and FreeBSD Desktop, Various | No Comments »
Saturday, November 24th, 2012 
Do you work with Linux and need communicate via e-mail with people sending you Microsoft Doc files created with Microsoft Office Word?
Do you end up with crappy (not identicaly looking) .doc files, after editing with Open Office and mailing back to Windows users, using Microsoft Office (Word)?
I experienced this many time and though it is not completely Open Office fault it is hard to explain or convince others to simply switch to Libre Office and distribute text in .ODT. Also pitily, most computer users are much below the avarege level and too used to MS Office, so it is hardly possible to change their bad habits (I try that with my co-students in Anrhem Business School) and I tell you from experience it is not possible …
I use GNU / Linux as main Desktop operating system for 10 years now and for my work and studying, it is common the colleagues send me files in MS Word .DOC format. Usually I use OpenOffice to read and edit them and send back. However, not all formatted .doc files looks later nice in MS Word 2003 / 2007. Thus I have also a Native Microsoft Office 2003 installed on my Debian Linux running through – WINE Windows emulator.
Often, when I want to be sure a received MS .DOC file should be displaying exactly the same on MS Windows OS – to (avoid collegues criticism). I open the document using wine emulated Microsoft Office 2003.
Most of the MS .doc files are received over e-mail (I use as pop3 client Icedove- Mozilla Thunderbird), so I save them further on my hard disk and need to read / modifythem.
It is rather inconvenient and time inefficient to start Microsoft Office from gnome-terminal and type in below long command in order to edit .docs:
wine ~/.wine/drive_c/"Program Files"/"Microsoft Office"/OFFICE11/WINWORD.EXE
Thus I wanted a more convenient, easy way to be able to directly open .doc files with emulated Microsoft Word from GUI on my Debian Linux notebook.
This is possible using a nautilus plugin tool called nautilus-scripts-manager. Earlier I blogged about how to make extracting PDF to images possible with nautilus-scripts-manager, in the exactly same manner of logic is possible to add as many processing scripts to be available for invokement via the Scriptsnautilus scripts Properties menu.
Here is how to add MS Word to nautilus GNOME menus:
1. Install nautilus-scripts-manager (if not already installed)
debian:~# apt-get install --yes nautilus-scripts-manager
2. Create ~/.gnome2/nautilus-scripts/ directory
(~/ is shortcut for /home/yourusername/) – To add it globally for all users, one has to create the same .gnome2/nautilus-scripts/ directory with respective scripts for all existing users on host.
mkdir ~/.gnome2/nautilus-scripts/
3. Create ~/.gnome2/nautilus-scripts/word.sh MS Word launcher script
Edit ~/.gnome2/nautilus-scripts/word.sh and add like following 2 liners script: (note the paths to WINWORD.EXE might vary depending on exact Microsoft Office installed version:
#!/bin/sh
wine ~/.wine/drive_c/"Program Files"/"Microsoft Office"/OFFICE11/WINWORD.EXE "$1"
You can also download nautilus word.sh script here
Further on once placed, make word.sh script executable:
noah:~$ chmod +x ~/.gnome2/nautilus-scripts/word.sh
Onwards it is possible to open .doc files from Nautilus Scripts Manager menu press on the .doc file with last mouse button and choose Scripts :
My GNOME env is configured in Bulgarian language so on below script you see the bulgarian translated word for Scripts (Скриптове).
Right now I don't have at hand FreeBSD, and I'm not sure if nautilus-scripts-manager is available with FreeBSD gnome so, if someone has tested this and can confirm this works on FreeBSD drop a comment please.
Well that's all enjoy easily opening your .doc files with Microsoft Office on Linux.
Tags: debian linux, doc files, Icedove- Mozilla Thunderbird, Install, make, notebook, open office, read, time, wine
Posted in Everyday Life, Linux and FreeBSD Desktop, System Administration | 1 Comment »
Wednesday, April 16th, 2014 
Sooner or later your Linux Desktop or Linux server hard drive will start breaking up, whether you have a hardware or software RAID 1, 6 or 10 you can and good hard disk health monitoring software you can react on time but sometimes as admins we have to take care of old servers which either have RAID 0 or missing RAID configuration and or disk firmware is unable to recognize failing blocks on time and remap them. Thus it is quite useful to have techniques to save data from failing hard disk drives with physical badblocks.
With ddrescue tool there is still hope for your Linux data though disk is full of unrecoverable I/O errors.
apt-cache show ddrescue
apt-cache show ddrescue|grep -i description -A 12
Description: copy data from one file or block device to another
dd_rescue is a tool to help you to save data from crashed
partition. Like dd, dd_rescue does copy data from one file or
block device to another. But dd_rescue does not abort on errors
on the input file (unless you specify a maximum error number).
It uses two block sizes, a large (soft) block size and a small
(hard) block size. In case of errors, the size falls back to the
small one and is promoted again after a while without errors.
If the copying process is interrupted by the user it is possible
to continue at any position later. It also does not truncate
the output file (unless asked to). It allows you to start from
the end of a file and move backwards as well. dd_rescue does
not provide character conversions.
To use ddrescue for saving data first thing is to shutdown the Linux host boot the system with a Rescue LiveCD like SystemRescueCD – (Linux system rescue disk), Knoppix (Most famous bootable LiveCD / LiveDVD), Ubuntu Rescue Remix or BackTrack LiveCD – (A security centered "hackers" distro which can be used also for forensics and data recovery), then mount the failing disk (I assume disk is still mountable :). Note that it is very important to mount the disk as read only, because any write operation on hard drive increases chance that it completely becomes unusable before saving your data!
To make backup of your whole hard disk data to secondary mounted disk into /mnt/second_disk
# mkdir /mnt/second_disk/rescue
# mount /dev/sda2 /mnt/second_disk/rescue
# dd_rescue -d -r 10 /dev/sda1 /mnt/second_disk/rescue/backup.img
# mount -o loop /mnt/second_disk/rescue/backup.img
In above example change /dev/sda2 to whatever your hard drive device is named.
Whether you have already an identical secondary drive attached to the Linux host and you would like to copy whole failing Linux partition (/dev/sda) to the identical drive (/dev/sdb) issue:
ddrescue -d -f -r3 /dev/sda /dev/sdb /media/PNY_usb/rescue.logfile
If you got just a few unreadable files and you would like to recover only them then run ddrescue just on the damaged files:
ddrescue -d –R -r 100 /damaged/disk/some_dir/damaged_file /mnt/secondary_disk/some_dir/recoveredfile
-d instructs to use direct I/O
-R retrims the error area on each retry
-r 100 sets the retry limit to 100 (tries to read data 100 times before resign)
Of course this is not always working as on some HDDs recovery is impossible due to hard physical damages, if above command can't recover a file in 10 attempts it is very likely that it never succeeds …
A small note to make here is that there is another tool dd_rescue (make sure you don't confuse them) – which is also for recovery but GNU ddrescue performs better with recovery.
How ddrescue works is it keeps track of the bad sectors, and go back and try to do a slow read of that data in order to read them.
By the way BSD users would happy to know there is ddrescue port already, so data recovery on BSDs *NIX filesystems if you're a Windows user you can use ddrescue to recover data too via Cygwin.
Of course final data recovery is also very much into God's hands so before launching ddrescue, don't forget to say a prayer 🙂
Tags: bad blocks, data, firmware, GNU, good, hard disk, hard drive, health, input file, Linux, Linux data recovery, linux desktop, mnt, mount dev, Raid, read, recovery, run, software, system, system rescuecd ddrescue, time, Ubuntu Rescue Remix, use
Posted in Linux, Linux Backup tools, System Administration | No Comments »
Tuesday, November 4th, 2014 
Gipsys (Romani-people) as a communities all around mostly Europe has always raised interest during the last few centuries however little is known on their stereotype of living. Gipsys are famous for their illiteracy, for their cheerful temper, wild character and nomadic life-style as well as strong closed community. Gipsys are famous for that they don't have their own writting (even though they have a number of gipsy languages) and because of them Romani, doesn't keep any record of their history and any history or lifestyle of them is only to be found by non-gipsies. Gipsies are famous for being able to steal for their inclination to telling fantastic stories, be involved with fortune-telling, exaggerating facts or telling lies about their private life, they're famous as good virtuosos musicians and good artists. Most of Gipsys are Christian, Muslim or Atheists. The high-level of illiteracy they have makes anyone educated among them to be considered a success in life.
The interesting way of living of Gipsys has triggered many people to create movies, trying to picture Gipsys life-style like Emil Kosturica's Time of the Gipsys.
Yesteday I was invited by Andrea (an ipo-diakonus) in Saint George Dyrvenica Church in the Polish Culture center here in Sofia to see another movie dedicated to Papusza (Bronisława Wajs) – (1908-1987), a famous gipsy who is practically the first (Polish Gipsy Romani) classic poet and singer. The word Papusza in Gipsy language means 'A Doll' – a name given to the future poetess by her mother.
The movie is a great to saw for anyone willing to know more about the history and culture of gipsys in a synthesized form. My interest into Gipsys is because in Bulgaria officially we have about 350 000 Gipsys and I've encounted many gipsys in my life. During my studies in Netherlands, I had the chance to spend quite a lot of time, being in close relations with Bulgarian gipsy family and I was fascinated on how good hearted and primitive truthfulness of gipsys.
Now back to the movie The fact that a gipsy woman could write a beatiful inspired poems and sing so beatiful and most importantly read was almost scandalous! for the post age of World War II and 1960-80s.
Papusza movie is mostly interesting to anyone interested in culturology and antropology as it depicts the Gipsys common lifestyle and for those who already encountered gipsys in their life gives another understanding on why gipsys are who they're and why they choose to live the nomad, poor, uneducated, often careless but joyful and passionable life.
The movie start showing Papusza's mother while still pregnant with the future poetes. In the 1900s when the story goes Roma (Rom meaning man), just like jewish were quite a closed community moving all through the country of Poland or any other country residing using a horse-drawn caravans (tabors) as a moving houses.
Consorting with non-romas (Gadjo's – meaning like the Jewish Goa distinguishment for non jewish) for any reason different than trade was considered unclean.
However the young poetes had the non-gipsy Wajs surname because according to legend her family used to be touring the great courts of Europe with their harps entertaining kings and aristocrats.
From her birth Papusza was known to be different. A spirit predicted that she would either bring great honor or dishonor to gipsys.
According to the movie she did both. The young Papusza defies her family's wishes and learns to read and write at time,
where almost none gipsy was literate. She is presented stealing a chicken and preseting it to a Jewish store-keeper lady in return for lessons in learning.
Even though her family is strongly again her education (beats her burns her books) she is strunggling to read secretly which later
is shown to have brought supposedly "a curse" on her people.
Papusza meets the Polish poet Jerzy Ficowski in 1949 at a time after being forcefully married to her step-uncle Dionizy Wajs for more than 25 years.
The Gadjo (Ficowski) travels with Wajs caravan for about 2 years as he aims to learn the Romani (Gipsy) language and the gipsy was of life.
He is struck by the beatifulness of Papusza's songs and liking them encourages to continue writting poems.
Later Ficowski returns to Warsaw in 1951 and translates from Gipsy Papusza's verses which broughts Gipsy to a mindset that Papusza reveals their secrets. Later the scandal progresses as Ficowski publishes a monograph book "Polish Gypsies" – a book about the beliefs and moral code of the Roma Gipsy people. Being grieved Papusza's clan takes decision to cast her out.
The movie is amazingly giving "a feel" on the fascinating and simple Gipsy nomad lifestyle during the first and second World War in which they were chased marked and killed by Hitler's Germany just like the Jews. The bitter experience later led to Papusza's creating one of her most famous songs.
The movie is quite intersting from jumping from time to different stages of Papusza's life not in a specific order but often showing facts backwards etc.
After the end of the war in Poland Communist authorities enforce laws to make Gipsys settle, tryting to ensure them work and job and try to "program" and make part of communist society gipsy kids by using Kindergarden. Romani's a are shown to have problems with authorities and their desperate discontent to go against the country program for settlement of Gipsys, they cannot any more hire the randomly old houses to survive the winter and while unable to survive the harsh Polish winter, they finally settle in attempt to become part of society.
However in the newly built communistic society, they fail to fit well as always considered a second class people, they mourn for their old nomadic vagrant way of people and they fail to integrate to society (pretty much like today). Papusza's spent rest of her life in misery being rejected by both her native Gipsy community for betraying some of gipsys secrets and same time unaccepted by Polish people that continue to consider gipsys inferior.
Tags: com, country, family, gipsy, gipsy language, gipsy times, gipsy traditions, good, history, how gipsys live, life, movie, none, read, society, the first gipsy poet, time, who are the gipsys
Posted in Entertainment, Everyday Life, Movie Reviews, Various | No Comments »
Tuesday, December 23rd, 2014 
If you administer a university shared free shell Linux server, have a small community of *NIX users offering free accounts for them, or responsible for Linux software company with development servers, where programmers login and use daily to program software / websites its necessery to have tightened security rules with a major goal to keep the different user accounts processes separate one from other (hide all system and user processes from single logged in user).
Preventing users to see other users processes is essential for Linux servers which are at high risk to be hacked. At earlier times to achieve hiding all processes besides own ones from a logged in user was possible by using A kernel security module Grsecurity.
In latest currenlt Linux kernel version 3.2+ (on both Debian (unstable) / Ubuntu 14.04 / RHEL/CentOS v6.5+ above) you can hide process from other user so only root (useruser) can see all running process with (ps auxwwf) with a native kernel option hidepid.
Configuring Hidepid
To enable hidepid option you have to remount the /proc filesystem with the Linux kernel hardening hidepid option, to make it one time setting on already running server issue:
mount -o remount,rw,hidepid=2 /proc
To make the hidepid setting permanently active its necessery to modify /proc filesystem settings in /etc/fstab
vim /etc/fstab
proc /proc proc defaults,hidepid=2 0 0
- hidepid=0 – Anybody may read all world-readable /proc/PID/* files (default).
- hidepid=1 – Means users may not access any /proc/ / directories, but only ones owned by them.Important files like cmdline, sched*, status are now protected to read from other other users.
- hidepid=2 – Means hidepid=1 plus all /proc/PID/ will be invisible to other users besides logged in. Using this options stops Cracker's from gathering info about running processes, indication of daemon (services) which runs with elevated privileges, other user running processes (some might contain password) passed as argument or some sensitive data. Revealing such data is frequently used to get versions of local / remote running services that can be exploited.
Below is output of htop of a logged in user on hidepid activated server:
:
Tags: Configure Linux, Configuring Hidepid, earlier times, filesystem, make, necessery, option, read, running processes, security
Posted in Computer Security, Everyday Life, Linux, System Administration, Various | No Comments »
Monday, February 24th, 2014 I just learned about cool VIM option from a collegue:
:colorscheme evening
What it does it makes configurations in vim edit look brighter like you seen in below screenshots.
– Before :colorscheme evening vim command
– After :colorscheme evening
The option is really useful as often editing a config in vim on a random server is too dark and in order to read the config you have to strain your eyes in long term leading to eye damage.
Any other useful vim options, you use daily?
Tags: command, config, damage, editing, eye, look, option, order, read, server, tip, use, vim
Posted in Everyday Life, System Administration, Various | No Comments »
Sunday, June 12th, 2011 I’ve been assigned the task to add on one of the qmail powered servers I administrate about 50 email addresses via command line.
Each email addresses was required to be configured to have the same mail password.
Adding the email addresses via an interface would be a killing time consuming task and will probably require at least 1 hour of time to add the emails with qmailwebmin, qadmin, qubit or the other vpopmail qmail web administration interfaces available nowdays.
To solve the task, I’ve used a line oner bash shell script which reads all my 80 emails from a file and adds them with vpopmail’s command line tool vpasswd on the mail server.
Here is the one liner shell script I’ve written to solve the task:
debian:~# while read line; do vadduser $line Email_Pass_Phrase; done < email_list_file.txt
In above’s code I’ve used the email_list_file.txt file is a text file on the server and contains list of all my 50 email addresses, where each line in the file contains one email. The Email_Pass_Phrase is actually the password I’ve set for all the new email addresses being created with vpasswd
That’s all now the 50 email addresses on the server are created and I’ve saved at least one hour of boring repeating actions in the browser 😉
Tags: administrate, bash shell script, browser, command, command line tool, consuming, email accounts, email addresses, email list, file, file txt, interface, killing time, line, little shell, lt, mail password, mail server, new email, nowdays, password, phrase, qadmin, Qmail, qubit, read, servers, Shell, ssh, time, time consuming task, tool, TXT, vadduser, vpasswd, vpopmail, web administration
Posted in Qmail, System Administration | No Comments »
Sunday, November 5th, 2006 Today we first met Habib (a colleague from Holland College I study in). We took a newspaper and searched for him a living place. We called from one bulphone to some of the newspaper advertisements but was not able to find any suitable living place for the price he could afford (60 or 70 leva). After that we went to a coffee place called “Central”. Then we went to Mino’s coffee and stayed and talked for 3 or 4 hours with Habib mainly about Bangladej.He told us about different specific things in Bangladej, like for example he explained us the attitude of people to a local people who are musicians (I forgot the exact Bangla’s name of ‘em), he told us Bangla’s people will probably think of us we’re musicians if we go to Bangladej. He said the people appreciate this people as fortune and the musicians live on the hospitality of the people. I went home checked something on the servers. It seems there is a new RC release of clamav 0.90rc2. I installed the new release and tested it but it seemed it has some problems with the clamd.conf’s syntax and I’ve uninstalled the 0.90rc2 and installed the old one which is 0.88.5. Praise God I’m spiritually okay. I’m going to have a sleep now but I’ll first read a little (The Bible). Blessings in the name of Jesus Christ 🙂 !
Tags: advertisements, attitude, Bangla, bible, bible blessings, blog, blog entry, bulphone, Central, Clamav, clamd, coffee place, colleague, conf, fortune, habib, holland, holland college, home, hospitality, jesus christ, ldquo, leva, Mino, musicians, name, name of jesus, new release, place, Praise, praise god, read, rsquo, sleep, something, syntax
Posted in Everyday Life | No Comments »
