Install Discourse on Ubuntu 20.04

Secure the Server

Turn on automatic security updates.

$ sudo dpkg-reconfigure -plow unattended-upgrades

Setup a firewall with ufw.

$ sudo apt-get install ufw
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow 22 comment 'SSH'
$ sudo ufw allow http comment 'HTTP'
$ sudo ufw allow https comment 'HTTPS'
$ sudo ufw enable

Install fail2ban to secure your server

$ sudo apt install fail2ban

Configure fail2ban to Use ufw

Copy the main configuration to avoid unexpected changes during package updates.

$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the configuration file with your favorite text editor

$ sudo nano /etc/fail2ban/jail.local

Change the banaction and banaction_allports settings to ufw in the file /etc/fail2ban/jail.local as follows: Continue reading “Install Discourse on Ubuntu 20.04” »

Share

Set Up a Radius Server on pfSense

Installing the Package

The pfSense 2.X package manager includes both FreeRadius and FreeRadius2 as installation options. For this example, I’m going to be using FreeRadius2 since it has some additional features not found in the previous version.

Only one version of radius can be installed on pfSense at a time. If you previously installed any radius packages, go ahead and remove them first.

The package installation will briefly interrupt traffic passing through the router as the service starts, so be careful when running the installation on a production system.

  • Open the package manager in the system menu of the web interface.
  • Click the plus symbol next to FreeRadius2 to begin the installation.
  • Click ‘Ok’ to confirm the package installation.

You cannot run both FreeRadius and FreeRadius2 on the same pfSense system. Make sure to remove one before installing the other. The setup process will automatically download and install the radius package along with all of its dependencies. The installation normally takes a couple of minutes to complete.

After it’s finished, there will be a new menu item for the package in the services menu. The FreeRadius installation normally takes a couple minutes to complete. Continue reading “Set Up a Radius Server on pfSense” »

Share

Install MariaDB 10.3 on CentOS

Step 1: Add MariaDB Yum Repository

 Create a new repo file /etc/yum.repos.d/mariadb.repo and add the below code changing the base url according to the operating system version and architecture.

# vi /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos73-amd64/
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Step 2 – Install MariaDB Server

Let’s use the following command to install MariaDB 10.3 Continue reading “Install MariaDB 10.3 on CentOS” »

Share

SSH Key-Pair Authentication

Create Key-Pair by each user, so login with a common user on SSH Server Host and work like follows.

# create key-pair
debian@dlp:~$ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/debian/.ssh/id_rsa): # Enter or input changes if you want
Created directory '/home/debian/.ssh'.
Enter passphrase (empty for no passphrase): # set passphrase (if set no passphrase, Enter with empty)
Enter same passphrase again:
Your identification has been saved in /home/debian/.ssh/id_rsa
Your public key has been saved in /home/debian/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:H+lFm+3c93VekrLiFCYAwoWDUVs43s4JEze8wr8QzG8 debian@dlp.srv.world
The key's randomart image is:
.....
.....

debian@dlp:~$ll ~/.ssh

total 8
-rw------- 1 debian debian 2655 Aug 17 13:48 id_rsa
-rw-r--r-- 1 debian debian 574 Aug 17 13:48 id_rsa.pub
debian@dlp:~$mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Transfer the private key created on the Server to a Client, then it’s possible to login with Key-Pair authentication. Below is an example to connect from a linux shell. Continue reading “SSH Key-Pair Authentication” »

Share

Redirect all request to public/ folder in laravel 5

There are two solutions:

1. Using .htaccess with mod_rewrite

RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

2. You can add a index.php file containing the following code and put it under your root Laravel folder (public_html folder).

<?php
header('Location: public/');

Src: https://stackoverflow.com/questions/38040502/how-do-you-redirect-all-request-to-public-folder-in-laravel-5

Share

Convert VirtualBox VM to ProxMox VE

  1. On the VirtualBox host, launch VirtualBox
  2. Right click the VM to convert > Settings
  3. Select Storage from the left navigation
  4. Click the virtual hard disk and copy the Location value for the full path of the disk to the clipboard
  5. Right click on the Start menu > Run > type cmd.exe > Press Enter
  6. Enter the following commands in the command prompt
    # change directory to VirtualBox installation
    cd %programfiles%\Oracle\VirtualBox
    # convert the .vdi to raw .img
    VBoxManage clonehd --format RAW "pasted\full\path\to.vdi" "pasted\full\path\to.raw"
  7. Once the .vdi to .raw conversion completes, open a web browser and navigate to the ProxMox web UI https://ProxMoxDNSorIP:8006/
  8. Click the Create VM button at the top right
  9. On the General tab, enter a VM Name and note the VM ID generated > click Next
  10. On the OS tab select Do not use any media and set the Guest OS > click Next
  11. On the System tab click Next
  12. On the Hard Disk tab set the Disk size to 0.001 > click Next
  13. On the CPU tab set the number of CPUs > click Next
  14. On the Memory tab set the amount of memory to allocate in MiB > click Next
  15. On the Network tab click Next
  16. On the Confirm tab review the settings and click Finish
  17. Select the newly created VM from the left navigation panel > Hardware
  18. Click the Hard Disk to select it
  19. Click the Detach button to detach the hard disk from the VM
  20. Click the Unused disk
  21. Click the Remove button to permanently delete it
  22. Download WinSCP Download
  23. Extract WinSCP and run the executable
  24. Connect to the ProxMox IP server via WinSCP
  25. Copy the VirtualBox created .raw file to a location on the ProxMox server that has enough free disk space, /root for example
  26. Back in the browser, open the ProxMox host Shell
  27. Run the following command to import the raw disk, modify the .raw file name and VM ID noted earlier
    # import the raw disk
    # usage:
    # qm importdisk <VM ID> /root/<source disk file>.raw <destination storage pool name>
    qm importdisk 100 vbox.raw HDD_500GB --format qcow2
  28. Once the disk import completes, select the target VM from the left navigation menu > Hardware
  29. Double click the Unused Disk > Click the Add button
  30. Select Options from the left navigation sub-menu
  31. Double click Boot Order
  32. Check the Enabled box next to the hard disk
  33. Drag the Hard disk up in the boot order as needed, typically below the CD-ROM device
  34. Click OK
  35. Click the Start button in the top right of the screen
  36. Click the Console link to watch the boot process

Src:

https://i12bretro.github.io/tutorials/0295.html

Share

Reboot Windows 10 using RDP

This article is for sysadmins who know better, wanting to Shut down or Restart (or even enter Sleep) over RDP anyway.

At left, user clicked on Start, Power, then has three choices. Using RDP at right, choices are rather limited.

Using Command Prompt

Open a Command Prompt

a. To initiate a Shut down, type:

shutdown /s /t 0

then press Enter Continue reading “Reboot Windows 10 using RDP” »

Share

Enable TLS 1.0 in Firefox Browser

Firefox 43 supports TLS 1.0, 1.1, and 1.2 by default. You shouldn’t need to make any changes, but you can double-check the settings here if you like:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful.

(2) In the search box above the list, type or paste TLS and pause while the list is filtered Continue reading “Enable TLS 1.0 in Firefox Browser” »

Share

Solving A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP) on Windows RDP

WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation

Run gpedit.msc and expand Administrative Templates Continue reading “Solving A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP) on Windows RDP” »

Share