Convert .p12 bundle to server certificate and key files

Seperate Private Key and Certificate file

#Generate certificates bundle file

openssl pkcs12 -nokeys -in server-cert-key-bundle.p12 -out server-ca-cert-bundle.pem

#Generate server key file.

openssl pkcs12 -nocerts -nodes -in server-cert-key-bundle.p12 -out server.key

Convert a PKCS#12 file (.pfx .p12) containing a private key and certificates to PEM

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes

Create a .pfx/.p12 certificate file using OpenSSL

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt

Src: https://www.sslshopper.com/article-most-common-openssl-commands.html

Share

SCP Command Syntax

Before going into how to use the scp command, let’s start by reviewing the basic syntax. The scp utility expressions take the following form:

scp [OPTION] [user@]SRC_HOST:]file1 [user@]DEST_HOST:]file2

OPTION – scp options such as cipher, ssh configuration, ssh port, limit, recursive copy ..etc
[user@]SRC_HOST:]file1 – Source file.
[user@]DEST_HOST:]file2 – Destination file
Local file should be specified using an absolute or relative path while remote file names should include a user and host specification.

scp provides a number of options that control every aspect of its behavior. The most widely used options are:

-P Specifies the remote host ssh port.
-p Preserves files modification and access times.
-q Use this option if you want to suppress the progress meter and non-error messages.
-C. This option will force scp to compresses the data as it is sent to the destination machine.
-r This option will tell scp to recursively copy directories. Continue reading “SCP Command Syntax” »

Share

Endian IP Blocking Firewall Rule

You can make a general IP ban list. You need to go to Port forwarding / Destination NAT

  • Create a new rule
  • Click on the advanced mode
  • Incoming IP: Type: Zone/VPN/Upllink. Select Uplink main – IP:All known.
  • Incoming service port, Service: Any, Port: Any.
  • In the Translate To section set Type: IP, Insert IP: leave blank, NAT: NAT
  • Access From Section.
  • Source Type: Network/IP/Range
  • Filter Policy: Drop
  • In the Network UP’s box, enter a single IPor IP CIDR. eg 61.144.2.10 or 61.144.0.0/14
  • Check the enabled box. In the comment section type Blocked Incoming IP’s
  • Make the position first.

It is important the rule is the first one, else the precending rules will overide the block. If you a list of country and/or IP CIR go to www countryipblocks net

Share

Install LAMP on Centos 7 with PHP 5.x/7.0/7.1/7.2

In this tutorial, I use the hostname server1.example.com with the IP p 192.168.1.100. These settings might differ for you, so you have to replace them where appropriate.

I will add the EPEL repo here to install latest phpMyAdmin as follows:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum -y install epel-release

To edit files on the shell, I’ll install the nano editor. If you prefer vi for file editing, then skip this step.

yum -y install nano

Installing MySQL / MariaDB

MariaDB is a MySQL fork of the original MySQL developer Monty Widenius. MariaDB is compatible with MySQL and I’ve chosen to use MariaDB here instead of MySQL. Run this command to install MariaDB with yum:

yum -y install mariadb-server mariadb

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server: Continue reading “Install LAMP on Centos 7 with PHP 5.x/7.0/7.1/7.2” »

Share

Endian Community (3.x)- network configuration using CLI- Netwizard

After you login in you Endian Appliance, simply issue the following command:

root@endian # netwizard

You will be asked a couple of questions. If the network has already been configured, the current values are shown: simply press Enter if you want to keep that value. The snippet below shows some possible values. Note that you should enter the network interfaces as eth1, eth2, and so on and not as br0, br1, and so on. IP ranges should be written in CIDR notation.

Network Configuration Wizard 
----------------------------

Hostname? myappliance.
Domain? mydomain 
RED interface type <STATIC/DHCP/GATEWAY>? DHCP 
RED device <eth0/eth1/eth2/eth3>? eth3 
Green devices <eth0/eth1/eth2>? eth0 
Green IPs (IP/CIDR)? 172.20.0.1/24 
Orange devices <eth1/eth2>? eth1 
Orange IPs (IP/CIDR)? 172.21.30.1/24 
Blue devices ? eth2 
Blue IPs (IP/CIDR)? 172.22.30.1/24 
Enable SSH access <on/off>? on 
Allow access to ports 22, 80 and 10443 from any interface <on/off>? off

Continue reading “Endian Community (3.x)- network configuration using CLI- Netwizard” »

Share

Endian Community (2.5.1)- Change the green IP address from console

Management URL: https://192.168.0.15:10443
Green IP:       192.168.0.15/24
-----------------

0) Shell
1) Reboot
2) Change Root Password
3) Change Admin Password
4) Restore Factory Defaults

Choice: 0[endian]: login
root's password:
Welcome to Endian Firewall Appliance release 2.5-0 (Deployset #0)
[endian] root: bash

Continue reading “Endian Community (2.5.1)- Change the green IP address from console” »

Share

Install Percona XtraDB Cluster for MySQL 5.7 on Debian 8

First of all, why we choose three nodes and not only two? In any cluster, the number of nodes should be odd, so in the case of disconnection of a node, we assume that the highest group of servers has the fresh data, and should be replicated to the down node to avoid data loss. This is related only to resolve conflicts in data replication, we won’t loose data written only to the disconnected node.

This is used to avoid a circumstance called split brain, in which we can’t automatically choose which node has correct data. Think for example of a 2 node cluster where both nodes are disconnected from each other, and the same record is written to both nodes: who wins when they come back online? We don’t know, so split brain happens, and we have to manually decide wich record is the right one.

The number of nodes that is needed to determine wich part of the cluster has the right data is called QUORUM, in our case, the quorum will be 2. So we need 2 servers always be connected to each other. In case all three nodes will go down, we have a split brain and we must decide wich server should go in bootstrap mode manually, this is the procedure to determine wich will be the main server to resume from the split brain.

Configuring Percona XtraDB Cluster on Debian 8

This tutorial describes how to install and configure three Percona XtraDB Cluster nodes on Debian 8 servers, we will be using the packages from the Percona repositories.

Node 1
Hostname: mysql1.local.vm
IP address: 192.168.152.100
Node 2
Hostname: mysql2.local.vm
IP address: 192.168.152.110
Node 3
Hostname: mysql3.local.vm
IP address: 192.168.152.120

On each host, modify file /etc/hosts as follows to ensure DNS will work correctly. Continue reading “Install Percona XtraDB Cluster for MySQL 5.7 on Debian 8” »

Share

Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04

Step 1: Generating the certificate

First, let’s create a place to store the file.

mkdir ~/certificates
cd ~/certificates

Generate CSR and private key.

openssl req -x509 -newkey rsa:4096 -keyout apache.key -out apache.crt -days 365 -nodes

It will ask for information for the certificate request. Complete with the appropriate information.

Country Name (2 letter code) [AU]: US
State or Province Name (full name) [Some-State]: FL
Locality Name (eg, city) []: Miami
Organization Name (eg, company) [My Company]: My Company
Organizational Unit Name (eg, section) []:

Common name should be your domain name or the server’s IP address. Also, fill in your email. Continue reading “Configure Apache With Self-Signed TLS/SSL Certificate on Ubuntu 16.04” »

Share

Windows 7/10 auto login and locking tricks

Setup auto-login

  • Open Start menu/Search
  • Search for and open regedit
  • Navigate to HKEY_LOCAL_MACHINE/Software/Microsoft/Window NT/CurrentVersion/Winlogon
  • Create or edit DefaultUserName (string) and set it to your username to run plex under
  • Create or edit DefaultPassword (string) and set it to the password for the default user
  • Create or edit AutoAdminLogon (string) and set it to 1
  • Reboot to test if the auto login is working

Auto locking after login

  • Open notepad as administrator
  • Copy: rundll32.exe user32.dll,LockWorkStation
  • Save as /Program Files/lock.bat (change file type to all files)
  • Open group policy editor by searching for gpedit
  • Navigate to Uesr Configuration/Windows Settings/Scripts (Log on/Log off)
  • Double click Logon then click add
  • Brows for the script located at /Program Files/lock.bat and click ok
  • Reboot to test that the computer locks after logon
     
Share