Encrypting and Decrypting data using SSL Key

First generate the RSA key (key.pem): openssl genrsa -out key.pem 4096 openssl rsa -in key.pem -text -noout   Then save the public key in pub.pem: openssl rsa -in key.pem -pubout -out pub.pem openssl rsa -in pub.pem -pubin -text -noout   As an example we're creating a simple text file and encrypt it: echo test12345 > […]


Securing SSH access with Port Knocking using iptables

This is working for Ubuntu and Debian and might be slightly different for other distributions. However, the rules that are implemented will work on every distribution's iptables. First install the package iptables-persistent: apt-get install iptables-persistent Do not save the current configuration when asked as we will create a new one. Now put the following contents […]


How to secure SSH server access with MFA

First install Google Authenticator: apt-get install libpam-google-authenticator This works well on Ubuntu (Trusty or newer). In case your distribution doesn't provide a package, have a look here. Next, login to your server with the user you're going to use MFA with, execute google-authenticator and follow the steps as indicated below. You may scan the QR-Code which is […]


Installing PHP7-FPM with Apache2 Worker on Ubuntu

First add some prerequesites and add the PHP7 repository: apt-get update apt-get install software-properties-common python-software-properties LC_ALL=en_US.UTF-8  add-apt-repository ppa:ondrej/php-7.0 Then install the actual PHP packages (remove those form the list that you do not need): apt-get install php7.0-fpm php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-mysql php7.0-phpdbg php7.0-dbg php7.0-gd php7.0-imap php7.0-ldap php7.0-pgsql php7.0-pspell php7.0-recode php7.0-snmp php7.0-tidy php7.0-dev php7.0-intl php7.0-gd php7.0-curl Then […]


Backup and Restore Redis-Server Database

The server can be installed using: apt-get update apt-get install redis-server Next, verify in /etc/redis/redis.conf for these two lines: dbfilename dump.rdb dir /var/lib/redis The first one is the name of the backup dump file that will be generated and the second line describes the folder where it will be located. This command will launch the […]


How to configure DKIM for your Domain with Postfix

First install opendkim: apt-get update apt-get install opendkim opendkim-tools   Append the following content to /etc/opendkim.conf: AutoRestart             Yes AutoRestartRate         10/1h UMask                   002 Syslog                  yes SyslogSuccess       […]


Install the latest Apache SOLR Build in a few minutes on Ubuntu/Debian

First install a Java runtime and needed utilities: apt-get update apt-get install openjdk-7-jre openjdk-7-jre-headless openjdk-7-jre-lib unzip lsof Then execute these as root: cd ~ wget http://www.eu.apache.org/dist/lucene/solr/5.3.1/solr-5.3.1.tgz tar xzf solr-5.3.1.tgz solr-5.3.1/bin/install_solr_service.sh –strip-components=2 chmod +x install_solr_service.sh ./install_solr_service.sh solr-5.3.1.tgz Finally start Solr: service solr start You should now be able to access your server like this: http://localhost:8983/solr You […]


Install Saltstack on Ubuntu 14.04

sudo apt-get update sudo apt-get install -y git python-pip python-mysqldb python-software-properties software-properties-common nano wget curl curl -L https://bootstrap.saltstack.com -o install_salt.sh sudo sh install_salt.sh -P


Sync file changes recursively to a remote host using lsyncd

First install lsyncd, on Ubuntu/Debian just like this: sudo apt-get update sudo apt-get install lsyncd There are some needed folders that are not automatically created: mkdir -p /etc/lsyncd /var/log/lsyncd Now let's take a sample file and copy it to /etc/lsyncd/lsyncd.conf.lua where lsyncd will automatically pick it up: cp /usr/share/doc/lsyncd/examples/lrsyncssh.lua /etc/lsyncd/lsyncd.conf.lua Here's a sample configuration: settings […]