Category: Unix
SSL Server’s certificate chain incomplete?
Does your SSLLABS report say ‘This server’s certificate chain is incomplete. Grade capped to B’?
Simple fix:
Concatenate the certificate file with the Intermediate CA.
Open your Certificate file and Intermediate CA in a text editor, copy all of the Intermediate CA file and paste it after the end certificate section.
JOVtnRpn3coVfSR/0rz0XKVXeZGnKztGdIMQhWMTxvZ1UpmRAH2Ab2QnVo1fkPVy qNSJces5Y/VKpIvLBk5Jj55fvK8ME/9ASa+LtLrIms8iYHl75cupuYZZlg8= -----END CERTIFICATE-----
Leaving just the Certificate and the Intermediate Certificate in the file.
Restart your web server and retest in SSLLABS.
SSL Chain issues – Contains anchor
Does your SSLLABS report mention ‘Chain issues – Contains anchor’?
Simple fix:
Remove the Root CA from the concatenated certificate file.
Use a text editor open your Root CA file as well as your Certificate file, check what the Root CA starts and end with and remove that section.
-----BEGIN CERTIFICATE----- MIIGuDCCBKCgAwIBAgIUUk/B8W400XArhKE/sEK7zHw8kDIwDQYJKoZIhvcNAQEL BQAwSDELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAc Blah Blah JOVtnRpn3coVfSR/0rz0XKVXeZGnKztGdIMQhWMTxvZ1UpmRAH2Ab2QnVo1fkPVy qNSJces5Y/VKpIvLBk5Jj55fvK8ME/9ASa+LtLrIms8iYHl75cupuYZZlg8= -----END CERTIFICATE-----
Leaving just the Certificate and the Intermediate Certificate in the file.
Restart your web server and retest in SSLLABS.
Lost your BASH’fulness?
The dreaded moment when you are on your Unix / Linux server and you type ‘ls‘ and up pops ‘Command not found‘.
Before running about screaming, asking yourself why did you run that last command.
Check your PATH
$ echo $PATH
If yours is not showing /bin , /usr/bin or /usr/local/bin directories, then this is why you are getting ‘Command not found‘ these are the directories that hold the systems user commands.
So, you’ll need to add them back into the PATH
export PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
Now try the ‘ls‘ command again. It should now work.
If you want to change it later, do
export PATH=$PATH:/my/new/directory
That way it will keep the existing PATH and add the new directory to the end.
If you need to add the above so it is available at startup, you need to Google your “(OS) add path to startup” or “(OS) add path to profile“, there is too much and too many OS variations on this topic to be covered here.
Redhat 5.9 Lampp libdl.so.2 library issues
We think that some kind of Redhat upgrade broke our Lampp installation, we still haven’t gotten to the bottom of why it started to happen.
instead of Lampp starting Mysql etc, it was just returning the following:
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
After much Googling and head scratching we worked out that the script ‘lampp’ wasn’t looking for the library files because it wasn’t recognising the Redhat version that we were running.
Code below showing lines 45 to 62 of the ‘lampp’ script:
45 function osguess() {
46 if test -f /etc/redhat-release
47 then
48 if egrep “9 ” /etc/redhat-release > /dev/null
49 then
50 if egrep “Tikanga” /etc/redhat-release > /dev/null
51 then
52 echo “unknown”
53 return 0
54 fi
55 echo “rh9”
56 return 0
57 fi
58 else
59 echo “unknown”
60 return 0
61 fi
62 }
Line 50 has been changed from “Fedora” to “Tikanga” to represent the release of Redhat that we’re running.
This simple change allows the script to correctly link to the library files required to run the script, without the change, the script didn’t know which version of Redhat was running and then returns 0, which stops the script from looking in the correct place for the library files.
If you open your ‘/etc/redhat-release’ file then edit your lampp script to represent the release, this fix should work for you.
Our file contains:
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
So you know how we knew that our version was “Tikanga”.
Fedora or Tikanga ?
Something very strange happen today when we tried to start LAMPP
. . .
cat: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/bin/sh: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
Starting XAMPP for Linux …
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
/bin/bash: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
. . .
We Googled it, noticing that some other people got the same problem:
So we tried
cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
so edit lampp, replace ‘Fedora’ with ‘Tikanga’, save lampp and restart lampp, works!
Don’t understand why ‘Fedora’ worked before, but not now.
Forensic disk recovery
If someone gave you a Sandisk Cruzer 8GB micro USB stick*, which had their entire life of work stored on it. This stick couldn’t be directory listed under Windows 7 only Windows XP.. nothing could be copied off nor copied on to it.
What would you do ?
Well here’s what I did to recover the files.
first of all I tried all the normal windows based solutions:
Chkdsk
Recovery software GetDataBack – (Which has served me well in the past)
No joy! Nothing! Nada! – USB just disconnects when you try anything.
So I turn to Unix for the answer, the USB stick could be mounted and read, it just crashed out when trying to copy the files/directories from the device, saving about 10% of the data.. I’m assuming its a hardware failure of the device.
This is when I turn to open source forensic software – Ubuntu Rescue Remix
Here’s how I used it :
I created a bootable image of the Ubuntu Rescue Disk ‘to a different USB stick’, following the instructions at Pendrivelinux.com
Booted that, then used the following commands :
Create ‘hdd1’ directory in the ‘mnt’ folder
sudo mkdir /mnt/hdd1
Mount your machines hard drive to the folder ‘/mnt/hhd1’
sudo mount /dev/sda1 /mnt/hdd1
Check the ‘mount’ command to see what the USB device your trying to recover is called, in my case its mounted as ‘/dev/sdc1’
sudo mount
Use that information to constuct the following command; ddrescue-retry to read upto 3 times-USB device-name of image to write-name of log to write
sudo ddrescue -r 3 /dev/sdc1 /mnt/hdd1/recovery-image /mnt/hdd1/recovery-log
Create a new directory on your hard drive to store all the recovered files.
sudo mkdir /mnt/hdd1/recovery
Run ‘foremost’ which is some forensic software created by the US Air force; foremost-image name-output directory
sudo foremost -i /mnt/hdd1/recovery-image -o /mnt/hdd1/recovery
This will extract files ‘Without filenames’ to the output directory, slight issue, but lucky to get anything back at all.
* Other USB sticks are available..
Sendmail did not send mail instantly but queued it
Sendmail did not send mail instantly but just queued it.
Testing sendmail by
#mail test@host.com
System didn’t show any error but just queued the mail
#mailq
Showing that the mail message has been put into the queue.
Queue message “host map: lookup (domain): deferred”
#/sendmail -q
Can force server sent mail successfully. It means the DNS setting should be correct.
Check sendmail configuration files
#/etc/mail/sendmail.cf
DeliveryMode is not “deferred”
O DeliveryMode=background
#/etc/hosts
#/etc/resolv.cf
#/etc/nsswitch.conf
Both files have the same setting as another server which can send mail instantly.
Try to stop and restart sendmail
#/etc/init.d/sendmail stop
#/etc/init.d/sendmail start
Problem solved.
CHKCONFIG
A unix command line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.
Usage:
chkconfig --add NAME
Add new symbolic links in /etc/rc[0-6].d
chkconfig --del NAME
Removed from chkconfig management, and any symbolic links in /etc/rc[0-6].d which pertain to it are removed.
chkconfig [--level LEVELS] NAME
Specifies the run levels an operation should pertain to. levels between 0 – 7. For example, –level 56 specifies level 5 and 6.
cron time-based job scheduler
Task : How to get a Perl cgi-bin script to be ran daily, without the intervention of an administrator or webpage ever being visited.
Solution: Using the systems Cron command
I knew of cron’s existance but didnt realise how usful it was. Below is how I managed to get cron to do the job for me.
Unix commands used :
crontab -e (edit crontab using vi)
crontab -l (list your current crontab enteries)
The lines I added to my crontab :
# Location of GET
GET='/opt/lampp/bin/GET'
# Location of the script file to be ran
VLEPROCESS='http://abc.123.com/cgi-bin/happiness/ProcessFiles.pl'
# The crontab command, 59 = minutes passed the hour, 6 = Am, * = no value set, $GET value of where the GET command is, ${VLEPROCESS} wherearounds of the script to be ran.
59 6 * * * $GET ${VLEPROCESS}
So at 6:59 each morning, Monday to Sunday the script ‘ProcessFiles.pl’ gets ran.
Happy days, one less thing to remember each morning.
Further cron command option for dates and time :
.—————- minute (0 – 59)
| .————- hour (0 – 23)
| | .———- day of month (1 – 31)
| | | .——- month (1 – 12) OR jan,feb,mar,apr …
| | | | .—- day of week (0 – 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
| | | | |
* * * * * command to be executed
Not so many... 