Category Archives: Ubuntu

Testing disk speed on Ubuntu

Linux, Ubuntu 
paulao@sd-XXXXX:~$ sudo dd if=/dev/zero of=/root/output conv=fdatasync bs=384k count=1k; rm -f /root/output 16:
1024+0 records in
1024+0 records out
402653184 bytes (403 MB) copied, 1.74116 s, 231 MB/s

paulao@sd-XXXXX:~$ dd if=/dev/zero of=test bs=64k count=16k conv=fdatasync; unlink test
16384+0 records in
16384+0 records out
1073741824 bytes (1.1 GB) copied, 5.53976 s, 194 MB/s

Remove Apache 2.4 version signature @ Ubuntu 15.04

Linux, Ubuntu, , ,

Forbidden

You don’t have permission to access /galleries/ on this server.

 

Ubuntu 15.04
Apache/2.4.10 (Ubuntu)

Remove Apache version signature
nano /etc/apache2/conf-enabled/security.conf

On ServerTokens uncomment the line with ServerTokens Prod or add it.
Uncomment the ServerSignature Off entry or add it.

Remove PHP version from headers

I guess that by default they are disabled, but in any case you can remove it by editing the php.ini and set expose_php to off.

sudo nano /etc/php5/apache2/php.ini

First login @ the new server at kimsufi

Ubuntu

First login @ the new server at kimsufi

[email protected]'s password:
Welcome to Ubuntu 15.04 (GNU/Linux 3.14.32-xxxx-grs-ipv6-64 x86_64)

* Documentation: https://help.ubuntu.com/
Ubuntu 15.04

server : 226969
ip : 198.27.69.69
hostname : ns696969.ip-198-69-69.net

 System information as of Tue Aug 4 11:11:24 EDT 2015

System load: 0.0 Processes: 121
 Usage of /home: 0.0% of 897.05GB Users logged in: 0
 Memory usage: 1% IP address for eth0: 198.69.69.69
 Swap usage: 0%

Graph this data and manage this system at:
 https://landscape.canonical.com/

0 packages can be updated.
0 updates are security updates.

*** System restart required ***
Ubuntu 15.04
Linux ns696969.ip-198-69-69.net 3.14.32-xxxx-grs-ipv6-64 #1 SMP Tue Jun 30 18:50:21 CEST 2015 x86_64 x86_64 x86_64 GNU/Linux

server : 225804
ip : 198.27.69.69
hostname : ns696969.ip-198-69-69.net

superuser@ns696969:~#

/home/jail is not a safe jail, check ownership and permissions.

Ubuntu,

My jailed user wasn’t connecting to the server via SFTP….
Had to see what was going on!!

root@digitalwhores:/home# tail -f /var/log/auth.log

auth.log looked like this…

Jul 23 19:47:55 digitalwhores systemd-logind[580]: New session 1307 of user sftpuser.
Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: path /home/jail is group writable
Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: path /home/jail is writable for others
Jul 23 19:47:55 digitalwhores jk_chrootsh[18961]: abort, /home/jail is not a safe jail, check ownership and permissions.
I had to 0755 the folder /home/jail/
Even that way user wasn’t being able to connect… what was auth.log saying?
Jul 23 19:50:07 digitalwhores jk_chrootsh[19034]: abort, path /home/jail/./home/sftpu is group writable, set option 'relax_home_group_permissions' to relax this check
I had to 0755 the folder /home/jail/home/sftpu
Recommend folders with 0755.
chmod 0755 /home
chmod 0755 /home/jail
chmod 0755 /home/jail/home
chmod 0755 /home/jail/home/**USERS**

 

 

WARNING: local host name (digitalwhores) is not qualified; see cf/README: WHO AM I?

Ubuntu

While installing sendmail, I got the following error…

WARNING: local host name (digitalwhores) is not qualified; see cf/README: WHO AM I?

Lets edit /etc/hostname and make it digitalwhores.net.

sudo nano /etc/hostname

Lets run sendmailconfig

sudo sendmailconfig

I saw the solution @ http://unix.stackexchange.com/questions/1551/what-is-sendmail-referring-to-here/210999 – tnks to Jadeye for alerting me that I might need to restart the server.

Apache – client denied by server configuration

Linux, Ubuntu

So, on my recent DO droplet I had to install Apache (2.4.10) to run a web application for a client.

root@digitalwhores:/home/webroot# apache2 -v
Server version: Apache/2.4.10 (Ubuntu)
Server built: Mar 9 2015 11:53:48

After configuring the subdomain/virtual host I was getting a 403 for it.
This was the error on the error.log…

[Thu Jul 16 21:00:28.919036 2015] [authz_core:error] [pid 17411] [client 84.XXX.XXX.XXX:53565] AH01630: client denied by server configuration: /home/webroot/www/public/index.php

So, this is my current snap of my domain.conf – working -.

 <Directory /home/webroot/www/public/>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride all
 #Order allow,deny
 #allow from all
 Require all granted
 </Directory>

 

A bunch of security tools for Ubuntu

Hosting, Ubuntu,

 

 

Ubuntu CIS Benchmark

This document provides prescriptive guidance for establishing a secure configuration posture for Ubuntu 12.04 LTS Server. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].

https://benchmarks.cisecurity.org/tools2/ubuntu/CIS_Ubuntu_12.04_LTS_Server_Benchmark_v1.0.0.pdf

Apache CIS Benchmark

This document, CIS Apache 2.4 Benchmark, provides prescriptive guidance for establishing a secure configuration posture for Apache Web Server versions 2.4 running on Linux. This guide was tested against Apache Web Server 2.4.3 – 2.4.6 as built from source httpd-2.4.x.tar.gz from http://httpd.apache.org/ on Linux. To obtain the latest version of this guide, please visit http://benchmarks.cisecurity.org. If you have questions, comments, or have identified ways to improve this guide, please write us at [email protected].

https://benchmarks.cisecurity.org/tools2/apache/CIS_Apache_HTTP_Server_2.4_Benchmark_v1.1.0.pdf
Got it from http://askubuntu.com/questions/447144/basic-security-tools-and-packages-that-should-be-installed-on-a-public-facing-we