Monday, September 4, 2017
Sunday, September 3, 2017
CentOS: Find and Delete
Command (Deleting files under /tmp directory more than a day old):
$ find /tmp -type f -mtime +1 -delete
$ find /tmp -type f -mtime +1 -delete
ラベル:
find
Friday, September 1, 2017
macOS Sierra: jq: Installation
Command:
$ brew install jq
Result:
Updating Homebrew...
==> Auto-updated Homebrew!
Updated Homebrew from e1bab7ede to b2cd52d0b.
Updated 4 taps (caskroom/cask, ethereum/ethereum, homebrew/core, homebrew/science).
==> New Formulae
ampl-mp dlib gomplate http-server libxlsxwriter opencv@2 sundials
clblas erlang@17 gopass hypre marathon-swift packmol team-explorer-everywhere
clfft frugal gromacs igraph maxima pcb telnet
clinfo geth homebrew/science/bam2wig jupyter mimic pcl voro++
cminpack gmsh homebrew/science/lrsim libbitcoin nco root@5 wxmaxima
cppad gmt homebrew/science/nanoflann libbitcoin-explorer ncview s-nail xtensor
datamash go@1.8 homebrew/science/unicycler libmatio nlopt stubby
==> Updated Formulae
abcm2ps embulk homebrew/science/field3d luaver rtags
ace erlang homebrew/science/gubbins lumo rtmidi
acmetool etcd homebrew/science/humann2 lxc rust
advancecomp ethereum/ethereum/solidity homebrew/science/insighttoolkit lynis rxvt-unicode
afl-fuzz etsh homebrew/science/lammps lz4 s-search
akamai expat homebrew/science/libfolia lzop s6
alexjs exploitdb homebrew/science/lighter m-cli saltstack
algernon faas-cli homebrew/science/lightstringgraph macosvpn saxon
allure fail2ban homebrew/science/lmod mame sbcl
alot fakeroot homebrew/science/madlib mapcrafter scalaenv
amazon-ecs-cli fibjs homebrew/science/mothur mariadb scalariform
ammonite-repl fig2dev ✔ homebrew/science/nanopolish mednafen sccache
angular-cli filebeat homebrew/science/nextflow meson sdcv
ansible fio homebrew/science/oce metaproxy selenium-server-standalone
ansible@2.0 fits homebrew/science/openalpr metricbeat shairport-sync
apache-arrow flatcc homebrew/science/openbr micropython snapcraft
app-engine-go-64 flawfinder homebrew/science/opencollada mikutter snappy ✔
arangodb flow homebrew/science/openimageio mingw-w64 socat
argyll-cms fluent-bit homebrew/science/openmeeg minidlna sops
armadillo fobis homebrew/science/phyml mitmproxy source-highlight
atlassian-cli folly homebrew/science/picard-tools mksh sourcekitten
audacious fonttools homebrew/science/plink2 mkvtoolnix spdlog
augeas freeipmi homebrew/science/poretools mm-common sphinx-doc
aws-sdk-cpp freeswitch homebrew/science/prodigal mmark sqlcipher
aws-shell freetds homebrew/science/prokka mobile-shell sqldiff
awscli fstar homebrew/science/pspp mongo-cxx-driver sqlite ✔
azure-cli fwknop homebrew/science/repeatmasker mpd sqlite-analyzer
babl fwup homebrew/science/salmon mpdas squid
bash-snippets fzf homebrew/science/scram nagios sshfs
bazel ganglia homebrew/science/sga nano stella
binaryen gcc ✔ homebrew/science/shark nanopb-generator stgit
bitcoin gd ✔ homebrew/science/simpleitk ncmpcpp supersonic
bmake gdk-pixbuf homebrew/science/siril netpbm swiftformat
bmon gegl homebrew/science/sratoolkit newsbeuter swiftgen
boost get-flash-videos homebrew/science/ticcutils nghttp2 swiftlint
boost-bcp get_iplayer homebrew/science/timbl node swimat
boost-mpi getdns homebrew/science/tophat nomad sysdig
boost-python ghq homebrew/science/transdecoder nss t1utils
boot-clj gifsicle homebrew/science/trf octave ✔ tarsnap
btfs git-annex homebrew/science/trinity oniguruma tbox
byobu git-town homebrew/science/ucto onscripter tee-clc
caddy gitlab-ci-multi-runner homebrew/science/vislcg3 openfortivpn teensy_loader_cli
cargo-completion gjstest homebrew/science/visp openmsx teleport
cassandra@2.2 glm homebrew/science/vsearch orientdb termius
ccextractor gmic homebrew/science/wopr osm-pbf terraform
cclive gnupg homebrew/science/xbyak osm2pgrouting terraform-docs
ceylon gnupg-pkcs11-scd homebrew/science/xcdf osmium-tool terragrunt
checkstyle gnutls ✔ homebrew/science/yices osquery the_silver_searcher
chipmunk go ✔ http_load osrm-backend thefuck
chromedriver goad hyper overmind tile38
chronograf godep i3status p11-kit ✔ timedog
cimg goenv iamy packetbeat tippecanoe
citus gofabric8 imagemagick ✔ paket todoman
clasp goofys imagemagick@6 pango tokei
cli53 google-java-format infer parallel tomcat
clib googler ✔ influxdb passenger tomcat-native
cmark-gfm gpsbabel influxdb@0.8 payara tomcat@6
cockatrice grails innoextract pazpar2 tomcat@7
cockroach grakn insect pc6001vx trace2html
commandbox groonga instead pcb2gcode trafshow
compcert grpc ios-webkit-debug-proxy pcre2 transcrypt
conan grunt-completion ipbt pdftoedn tsung
confuse gsoap jenkins percona-server@5.5 ttfautohint
conjure-up gspell jenkins-lts percona-server@5.6 twarc
consul-template gtk+3 jfrog-cli-go pgrouting typescript
convox gtk-doc jhipster pianobar uhd
corebird gws jmxtrans pick unbound
couchdb gwyddion json-fortran picoc unibilium
cromwell hadoop jsoncpp pioneer unrar ✔
crosstool-ng hana jvgrep planck upscaledb
crowdin haproxy kibana plplot urh
cucumber-cpp harfbuzz kitchen-sync pngcrush urweb
curl ✔ heroku knot points2grid vagrant-completion
dasht hg-fast-export kompose ponyc vault
dbhash hicolor-icon-theme kotlin pre-commit vdirsyncer
dcd hivemind kube-aws presto vim ✔
dcm2niix hledger kubernetes-cli primesieve vips
dcos-cli homebrew/science/alembic kubernetes-helm protobuf vnu
ddar homebrew/science/alpscore latexila protobuf-c vowpal-wabbit
dependency-check homebrew/science/artemis lean-cli protobuf-swift w3m
dhall-json homebrew/science/augustus ledger pybind11 watchman
digdag homebrew/science/bali-phy libcds pyinvoke webpack
dmd homebrew/science/bamtools libcouchbase qcli wesnoth
docker homebrew/science/bedops libebml quantlib whois
docker-completion homebrew/science/blast libftdi r ✔ widelands
docker-compose homebrew/science/bless libgcrypt ✔ rabbitmq wine
docker-compose-completion homebrew/science/boost-compute libjson-rpc-cpp rancher-cli winetricks
docker-credential-helper homebrew/science/butterflow libosinfo re2c wireshark ✔
docker-swarm homebrew/science/canu libosmium rebar@3 xctool
dovecot homebrew/science/cdo libphonenumber recon-ng xmake
druid homebrew/science/ckon libpng ✔ redex xrootd
dspdfviewer homebrew/science/cmor libqalculate remake yadm
dub homebrew/science/cufflinks libtensorflow rhash yle-dl
duck homebrew/science/cutadapt libtommath rhino youtube-dl
duplicity homebrew/science/cvblob libuv riak zabbix
dvm homebrew/science/dealii libwbxml riemann-client zanata-client
dynamips homebrew/science/delly libxml2 ripgrep zbackup
e2fsprogs homebrew/science/dgtal linkerd rocksdb zimg
efl homebrew/science/diamond llnode rom-tools zsh-syntax-highlighting
ejabberd homebrew/science/express logstash roswell zstd
elasticsearch homebrew/science/fasttree logtalk rt-audio
==> Renamed Formulae
gmt4 -> gmt@4 opencv3 -> opencv root6 -> root srtp@1.5 -> srtp@1.6
==> Deleted Formulae
gh go-gui homebrew/science/opencv homebrew/science/pillow kafka@0.80 phantomjs@1.92 phantomjs@1.98
==> Installing dependencies for jq: oniguruma
==> Installing jq dependency: oniguruma
==> Downloading https://homebrew.bintray.com/bottles/oniguruma-6.6.1.sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring oniguruma-6.6.1.sierra.bottle.tar.gz
🍺 /usr/local/Cellar/oniguruma/6.6.1: 17 files, 1.3MB
==> Installing jq
==> Downloading https://homebrew.bintray.com/bottles/jq-1.5_2.sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring jq-1.5_2.sierra.bottle.tar.gz
🍺 /usr/local/Cellar/jq/1.5_2: 18 files, 958KB
$ brew install jq
Result:
Updating Homebrew...
==> Auto-updated Homebrew!
Updated Homebrew from e1bab7ede to b2cd52d0b.
Updated 4 taps (caskroom/cask, ethereum/ethereum, homebrew/core, homebrew/science).
==> New Formulae
ampl-mp dlib gomplate http-server libxlsxwriter opencv@2 sundials
clblas erlang@17 gopass hypre marathon-swift packmol team-explorer-everywhere
clfft frugal gromacs igraph maxima pcb telnet
clinfo geth homebrew/science/bam2wig jupyter mimic pcl voro++
cminpack gmsh homebrew/science/lrsim libbitcoin nco root@5 wxmaxima
cppad gmt homebrew/science/nanoflann libbitcoin-explorer ncview s-nail xtensor
datamash go@1.8 homebrew/science/unicycler libmatio nlopt stubby
==> Updated Formulae
abcm2ps embulk homebrew/science/field3d luaver rtags
ace erlang homebrew/science/gubbins lumo rtmidi
acmetool etcd homebrew/science/humann2 lxc rust
advancecomp ethereum/ethereum/solidity homebrew/science/insighttoolkit lynis rxvt-unicode
afl-fuzz etsh homebrew/science/lammps lz4 s-search
akamai expat homebrew/science/libfolia lzop s6
alexjs exploitdb homebrew/science/lighter m-cli saltstack
algernon faas-cli homebrew/science/lightstringgraph macosvpn saxon
allure fail2ban homebrew/science/lmod mame sbcl
alot fakeroot homebrew/science/madlib mapcrafter scalaenv
amazon-ecs-cli fibjs homebrew/science/mothur mariadb scalariform
ammonite-repl fig2dev ✔ homebrew/science/nanopolish mednafen sccache
angular-cli filebeat homebrew/science/nextflow meson sdcv
ansible fio homebrew/science/oce metaproxy selenium-server-standalone
ansible@2.0 fits homebrew/science/openalpr metricbeat shairport-sync
apache-arrow flatcc homebrew/science/openbr micropython snapcraft
app-engine-go-64 flawfinder homebrew/science/opencollada mikutter snappy ✔
arangodb flow homebrew/science/openimageio mingw-w64 socat
argyll-cms fluent-bit homebrew/science/openmeeg minidlna sops
armadillo fobis homebrew/science/phyml mitmproxy source-highlight
atlassian-cli folly homebrew/science/picard-tools mksh sourcekitten
audacious fonttools homebrew/science/plink2 mkvtoolnix spdlog
augeas freeipmi homebrew/science/poretools mm-common sphinx-doc
aws-sdk-cpp freeswitch homebrew/science/prodigal mmark sqlcipher
aws-shell freetds homebrew/science/prokka mobile-shell sqldiff
awscli fstar homebrew/science/pspp mongo-cxx-driver sqlite ✔
azure-cli fwknop homebrew/science/repeatmasker mpd sqlite-analyzer
babl fwup homebrew/science/salmon mpdas squid
bash-snippets fzf homebrew/science/scram nagios sshfs
bazel ganglia homebrew/science/sga nano stella
binaryen gcc ✔ homebrew/science/shark nanopb-generator stgit
bitcoin gd ✔ homebrew/science/simpleitk ncmpcpp supersonic
bmake gdk-pixbuf homebrew/science/siril netpbm swiftformat
bmon gegl homebrew/science/sratoolkit newsbeuter swiftgen
boost get-flash-videos homebrew/science/ticcutils nghttp2 swiftlint
boost-bcp get_iplayer homebrew/science/timbl node swimat
boost-mpi getdns homebrew/science/tophat nomad sysdig
boost-python ghq homebrew/science/transdecoder nss t1utils
boot-clj gifsicle homebrew/science/trf octave ✔ tarsnap
btfs git-annex homebrew/science/trinity oniguruma tbox
byobu git-town homebrew/science/ucto onscripter tee-clc
caddy gitlab-ci-multi-runner homebrew/science/vislcg3 openfortivpn teensy_loader_cli
cargo-completion gjstest homebrew/science/visp openmsx teleport
cassandra@2.2 glm homebrew/science/vsearch orientdb termius
ccextractor gmic homebrew/science/wopr osm-pbf terraform
cclive gnupg homebrew/science/xbyak osm2pgrouting terraform-docs
ceylon gnupg-pkcs11-scd homebrew/science/xcdf osmium-tool terragrunt
checkstyle gnutls ✔ homebrew/science/yices osquery the_silver_searcher
chipmunk go ✔ http_load osrm-backend thefuck
chromedriver goad hyper overmind tile38
chronograf godep i3status p11-kit ✔ timedog
cimg goenv iamy packetbeat tippecanoe
citus gofabric8 imagemagick ✔ paket todoman
clasp goofys imagemagick@6 pango tokei
cli53 google-java-format infer parallel tomcat
clib googler ✔ influxdb passenger tomcat-native
cmark-gfm gpsbabel influxdb@0.8 payara tomcat@6
cockatrice grails innoextract pazpar2 tomcat@7
cockroach grakn insect pc6001vx trace2html
commandbox groonga instead pcb2gcode trafshow
compcert grpc ios-webkit-debug-proxy pcre2 transcrypt
conan grunt-completion ipbt pdftoedn tsung
confuse gsoap jenkins percona-server@5.5 ttfautohint
conjure-up gspell jenkins-lts percona-server@5.6 twarc
consul-template gtk+3 jfrog-cli-go pgrouting typescript
convox gtk-doc jhipster pianobar uhd
corebird gws jmxtrans pick unbound
couchdb gwyddion json-fortran picoc unibilium
cromwell hadoop jsoncpp pioneer unrar ✔
crosstool-ng hana jvgrep planck upscaledb
crowdin haproxy kibana plplot urh
cucumber-cpp harfbuzz kitchen-sync pngcrush urweb
curl ✔ heroku knot points2grid vagrant-completion
dasht hg-fast-export kompose ponyc vault
dbhash hicolor-icon-theme kotlin pre-commit vdirsyncer
dcd hivemind kube-aws presto vim ✔
dcm2niix hledger kubernetes-cli primesieve vips
dcos-cli homebrew/science/alembic kubernetes-helm protobuf vnu
ddar homebrew/science/alpscore latexila protobuf-c vowpal-wabbit
dependency-check homebrew/science/artemis lean-cli protobuf-swift w3m
dhall-json homebrew/science/augustus ledger pybind11 watchman
digdag homebrew/science/bali-phy libcds pyinvoke webpack
dmd homebrew/science/bamtools libcouchbase qcli wesnoth
docker homebrew/science/bedops libebml quantlib whois
docker-completion homebrew/science/blast libftdi r ✔ widelands
docker-compose homebrew/science/bless libgcrypt ✔ rabbitmq wine
docker-compose-completion homebrew/science/boost-compute libjson-rpc-cpp rancher-cli winetricks
docker-credential-helper homebrew/science/butterflow libosinfo re2c wireshark ✔
docker-swarm homebrew/science/canu libosmium rebar@3 xctool
dovecot homebrew/science/cdo libphonenumber recon-ng xmake
druid homebrew/science/ckon libpng ✔ redex xrootd
dspdfviewer homebrew/science/cmor libqalculate remake yadm
dub homebrew/science/cufflinks libtensorflow rhash yle-dl
duck homebrew/science/cutadapt libtommath rhino youtube-dl
duplicity homebrew/science/cvblob libuv riak zabbix
dvm homebrew/science/dealii libwbxml riemann-client zanata-client
dynamips homebrew/science/delly libxml2 ripgrep zbackup
e2fsprogs homebrew/science/dgtal linkerd rocksdb zimg
efl homebrew/science/diamond llnode rom-tools zsh-syntax-highlighting
ejabberd homebrew/science/express logstash roswell zstd
elasticsearch homebrew/science/fasttree logtalk rt-audio
==> Renamed Formulae
gmt4 -> gmt@4 opencv3 -> opencv root6 -> root srtp@1.5 -> srtp@1.6
==> Deleted Formulae
gh go-gui homebrew/science/opencv homebrew/science/pillow kafka@0.80 phantomjs@1.92 phantomjs@1.98
==> Installing dependencies for jq: oniguruma
==> Installing jq dependency: oniguruma
==> Downloading https://homebrew.bintray.com/bottles/oniguruma-6.6.1.sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring oniguruma-6.6.1.sierra.bottle.tar.gz
🍺 /usr/local/Cellar/oniguruma/6.6.1: 17 files, 1.3MB
==> Installing jq
==> Downloading https://homebrew.bintray.com/bottles/jq-1.5_2.sierra.bottle.tar.gz
######################################################################## 100.0%
==> Pouring jq-1.5_2.sierra.bottle.tar.gz
🍺 /usr/local/Cellar/jq/1.5_2: 18 files, 958KB
CentOS: Enabling SSL (Doesn't work perfectly)
Command:
# cd /etc/httpd/conf.d/
# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org
Result:
105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# sudo openssl genrsa -out ca.key 2048
Result:
Generating RSA private key, 2048 bit long modulus
........................................................................................+++
..........+++
e is 65537 (0x10001)
Command:
# sudo openssl req -new -key ca.key -out ca.csr
Result:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: SOMEWHERE1
Locality Name (eg, city) [Default City]: SOMEWHERE2
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: www.myserver.com
Email Address []:admin@myserver.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: PASSWORD
An optional company name []:
Command:
# sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Result:
Signature ok
subject=/C=US/ST=SOMEWHERE1/L=SOMEWHERE2/O=Default Company Ltd/CN=www.myserver.com/emailAddress=admin@myserver.com
Getting Private key
Command:
# sudo cp ca.crt /etc/pki/tls/certs
# sudo cp ca.key /etc/pki/tls/private/ca.key
# sudo cp ca.csr /etc/pki/tls/private/ca.csr
Command:
# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org
Result:
105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Command:
# apachectl restart
Result:
[Fri Sep 01 05:21:33 2017] [warn] module ssl_module is already loaded, skipping
Command:
# sudo mkdir -p /var/www/html/ssl
# sudo mkdir -p /etc/httpd/sites-available
# sudo mkdir -p /etc/httpd/sites-enabled
# apachectl restart
# vi httpd.conf
# diff httpd.conf httpd.conf.bkup20170901
Result:
217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< IncludeOptional sites-enabled/*.conf
Command:
# cat ssl.conf
Result:
<VirtualHost *:443>
ServerAdmin admin@myserver.com
DocumentRoot "/var/www/html/ssl/"
ServerName Myserver
ServerAlias myserver
ErrorLog /var/www/html/ssl/error.log
<Directory "/var/www/html/ssl/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Command:
# sudo ln -s /etc/httpd/sites-available/ssl.conf /etc/httpd/sites-enabled/ssl.conf
# apachectl restart
Result:
apachectl: Configuration syntax error, will not run "restart":
Syntax error on line 1021 of /etc/httpd/conf/httpd.conf:
Invalid command 'IncludeOptional', perhaps misspelled or defined by a module not included in the server configuration
Command:
# diff httpd.conf httpd.conf.bkup20170901
Result:
217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< Include sites-enabled/
Command:
# apachectl restart
Result:
[Fri Sep 01 05:42:50 2017] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Reference:
http://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/
# cd /etc/httpd/conf.d/
# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org
Result:
105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Command:
Result:
Generating RSA private key, 2048 bit long modulus
........................................................................................+++
..........+++
e is 65537 (0x10001)
Command:
# sudo openssl req -new -key ca.key -out ca.csr
Result:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: SOMEWHERE1
Locality Name (eg, city) [Default City]: SOMEWHERE2
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: www.myserver.com
Email Address []:admin@myserver.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: PASSWORD
An optional company name []:
Command:
# sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Result:
Signature ok
subject=/C=US/ST=SOMEWHERE1/L=SOMEWHERE2/O=Default Company Ltd/CN=www.myserver.com/emailAddress=admin@myserver.com
Getting Private key
Command:
# sudo cp ca.crt /etc/pki/tls/certs
# sudo cp ca.key /etc/pki/tls/private/ca.key
# sudo cp ca.csr /etc/pki/tls/private/ca.csr
Command:
# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org
Result:
105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Command:
# apachectl restart
Result:
[Fri Sep 01 05:21:33 2017] [warn] module ssl_module is already loaded, skipping
Command:
# sudo mkdir -p /var/www/html/ssl
# sudo mkdir -p /etc/httpd/sites-available
# sudo mkdir -p /etc/httpd/sites-enabled
# apachectl restart
# vi httpd.conf
# diff httpd.conf httpd.conf.bkup20170901
Result:
217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< IncludeOptional sites-enabled/*.conf
Command:
# cat ssl.conf
Result:
<VirtualHost *:443>
ServerAdmin admin@myserver.com
DocumentRoot "/var/www/html/ssl/"
ServerName Myserver
ServerAlias myserver
ErrorLog /var/www/html/ssl/error.log
<Directory "/var/www/html/ssl/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Command:
# sudo ln -s /etc/httpd/sites-available/ssl.conf /etc/httpd/sites-enabled/ssl.conf
# apachectl restart
Result:
apachectl: Configuration syntax error, will not run "restart":
Syntax error on line 1021 of /etc/httpd/conf/httpd.conf:
Invalid command 'IncludeOptional', perhaps misspelled or defined by a module not included in the server configuration
Command:
# diff httpd.conf httpd.conf.bkup20170901
Result:
217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< Include sites-enabled/
Command:
# apachectl restart
Result:
[Fri Sep 01 05:42:50 2017] [warn] _default_ VirtualHost overlap on port 443, the first has precedence
Reference:
http://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/
CentOS: Installing mod_ssl & openssl
Command:
# sudo yum install mod_ssl openssl
Result:
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink | 5.4 kB 00:00
* base: ftp.tsukuba.wide.ad.jp
* epel: ftp.riken.jp
* extras: ftp.tsukuba.wide.ad.jp
* updates: ftp.tsukuba.wide.ad.jp
base | 3.7 kB 00:00
cr | 2.9 kB 00:00
epel | 4.3 kB 00:00
epel/primary_db | 5.9 MB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.2.15-60.el6.centos.5 will be installed
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.14 will be updated
---> Package openssl.x86_64 0:1.0.1e-57.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.2.15-60.el6.centos.5 updates 98 k
Updating:
openssl x86_64 1.0.1e-57.el6 base 1.5 M
Transaction Summary
=================================================================================================================================================================
Install 1 Package(s)
Upgrade 1 Package(s)
Total download size: 1.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): mod_ssl-2.2.15-60.el6.centos.5.x86_64.rpm | 98 kB 00:00
(2/2): openssl-1.0.1e-57.el6.x86_64.rpm | 1.5 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 16 MB/s | 1.6 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssl-1.0.1e-57.el6.x86_64 1/3
Installing : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64 2/3
Cleanup : openssl-1.0.1e-16.el6_5.14.x86_64 3/3
Verifying : openssl-1.0.1e-57.el6.x86_64 1/3
Verifying : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64 2/3
Verifying : openssl-1.0.1e-16.el6_5.14.x86_64 3/3
Installed:
mod_ssl.x86_64 1:2.2.15-60.el6.centos.5
Updated:
openssl.x86_64 0:1.0.1e-57.el6
Complete!
# sudo yum install mod_ssl openssl
Result:
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink | 5.4 kB 00:00
* base: ftp.tsukuba.wide.ad.jp
* epel: ftp.riken.jp
* extras: ftp.tsukuba.wide.ad.jp
* updates: ftp.tsukuba.wide.ad.jp
base | 3.7 kB 00:00
cr | 2.9 kB 00:00
epel | 4.3 kB 00:00
epel/primary_db | 5.9 MB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.2.15-60.el6.centos.5 will be installed
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.14 will be updated
---> Package openssl.x86_64 0:1.0.1e-57.el6 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.2.15-60.el6.centos.5 updates 98 k
Updating:
openssl x86_64 1.0.1e-57.el6 base 1.5 M
Transaction Summary
=================================================================================================================================================================
Install 1 Package(s)
Upgrade 1 Package(s)
Total download size: 1.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): mod_ssl-2.2.15-60.el6.centos.5.x86_64.rpm | 98 kB 00:00
(2/2): openssl-1.0.1e-57.el6.x86_64.rpm | 1.5 MB 00:00
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 16 MB/s | 1.6 MB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssl-1.0.1e-57.el6.x86_64 1/3
Installing : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64 2/3
Cleanup : openssl-1.0.1e-16.el6_5.14.x86_64 3/3
Verifying : openssl-1.0.1e-57.el6.x86_64 1/3
Verifying : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64 2/3
Verifying : openssl-1.0.1e-16.el6_5.14.x86_64 3/3
Installed:
mod_ssl.x86_64 1:2.2.15-60.el6.centos.5
Updated:
openssl.x86_64 0:1.0.1e-57.el6
Complete!
Wednesday, August 30, 2017
CentOS: iptables
This worked!
Command:
# cat /etc/sysconfig/iptables
Result:
# (1) ポリシーの設定 OUTPUTのみACCEPTにする
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# (2) ループバック(自分自身からの通信)を許可する
-A INPUT -i lo -j ACCEPT
# (3) データを持たないパケットの接続を破棄する
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# (4) SYNflood攻撃と思われる接続を破棄する
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# (5) ステルススキャンと思われる接続を破棄する
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# (6) icmp(ping)の設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_icmp 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p icmp --icmp-type echo-request -m hashlimit --hashlimit-name t_icmp --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (7) 確立済みの通信は、ポート番号に関係なく許可する
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
# (8) 任意へのDNSアクセスの戻りパケットを受け付ける
-A INPUT -p udp --sport 53 -j ACCEPT
# (9) SSHを許可する設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_sshd 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p tcp -m state --syn --state NEW --dport 22 -m hashlimit --hashlimit-name t_sshd --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (10) 個別に許可するプロトコルとポートをここに書き込む。
# この例では、HTTP(TCP 80)とHTTPS(TCP 443)を許可している。
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
COMMIT
Reference:
http://knowledge.sakura.ad.jp/beginner/4048/
Command:
# cat /etc/sysconfig/iptables
Result:
# (1) ポリシーの設定 OUTPUTのみACCEPTにする
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
# (2) ループバック(自分自身からの通信)を許可する
-A INPUT -i lo -j ACCEPT
# (3) データを持たないパケットの接続を破棄する
-A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# (4) SYNflood攻撃と思われる接続を破棄する
-A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# (5) ステルススキャンと思われる接続を破棄する
-A INPUT -p tcp --tcp-flags ALL ALL -j DROP
# (6) icmp(ping)の設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_icmp 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p icmp --icmp-type echo-request -m hashlimit --hashlimit-name t_icmp --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (7) 確立済みの通信は、ポート番号に関係なく許可する
-A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
# (8) 任意へのDNSアクセスの戻りパケットを受け付ける
-A INPUT -p udp --sport 53 -j ACCEPT
# (9) SSHを許可する設定
# hashlimitを使う
# -m hashlimit hashlimitモジュールを使用する
# —hashlimit-name t_sshd 記録するファイル名
# —hashlimit 1/m リミット時には1分間に1パケットを上限とする
# —hashlimit-burst 10 規定時間内に10パケット受信すればリミットを有効にする
# —hashlimit-mode srcip ソースIPを元にアクセスを制限する
# —hashlimit-htable-expire 120000 リミットの有効期間。単位はms
-A INPUT -p tcp -m state --syn --state NEW --dport 22 -m hashlimit --hashlimit-name t_sshd --hashlimit 1/m --hashlimit-burst 10 --hashlimit-mode srcip --hashlimit-htable-expire 120000 -j ACCEPT
# (10) 個別に許可するプロトコルとポートをここに書き込む。
# この例では、HTTP(TCP 80)とHTTPS(TCP 443)を許可している。
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
COMMIT
Reference:
http://knowledge.sakura.ad.jp/beginner/4048/
ラベル:
iptables
CentOS: iptables: Fixing Webserver Accessibility (How secure now?)
Command:
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
1c1,2
< # Generated by iptables-save v1.4.7 on Wed Aug 30 00:09:28 2017
---
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
3,11c4,12
< :INPUT DROP [0:0]
< :FORWARD DROP [0:0]
< :OUTPUT ACCEPT [24:2320]
< -A INPUT -i lo -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
< -A INPUT -p udp -m udp --dport 53 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
---
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
13d13
< # Completed on Wed Aug 30 00:09:28 2017
Reference:
http://programmerbox.com/2013-12-24_vps_construct_procedure_manual/
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
1c1,2
< # Generated by iptables-save v1.4.7 on Wed Aug 30 00:09:28 2017
---
> # Firewall configuration written by system-config-firewall
> # Manual customization of this file is not recommended.
3,11c4,12
< :INPUT DROP [0:0]
< :FORWARD DROP [0:0]
< :OUTPUT ACCEPT [24:2320]
< -A INPUT -i lo -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
< -A INPUT -p udp -m udp --dport 53 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
---
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A INPUT -p icmp -j ACCEPT
> -A INPUT -i lo -j ACCEPT
> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
> -A INPUT -j REJECT --reject-with icmp-host-prohibited
> -A FORWARD -j REJECT --reject-with icmp-host-prohibited
13d13
< # Completed on Wed Aug 30 00:09:28 2017
Reference:
http://programmerbox.com/2013-12-24_vps_construct_procedure_manual/
ラベル:
CentOS,
diff utility,
iptables
Tuesday, August 29, 2017
CentOS: iptables: Opening HTTP and HTTPS Ports
Command:
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
13,14d12
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Command:
# service iptables restart
Result:
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
# diff /etc/sysconfig/iptables /etc/sysconfig/iptables.org
Result:
13,14d12
< -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
< -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Command:
# service iptables restart
Result:
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
CentOS: Adding User
Command:
# useradd USERNAME
# passwd USERNAME
Result:
Changing password for user USERNAME.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Command:
# su USERNAME
$ cd ~
$ ls
$ pwd
Result:
/home/USERNAME
# useradd USERNAME
# passwd USERNAME
Result:
Changing password for user USERNAME.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Command:
# su USERNAME
$ cd ~
$ ls
$ pwd
Result:
/home/USERNAME
ラベル:
CentOS
SSH: Accessing Virtual Private Server Using RSA Private Key File
Command:
$ cat vps.key
Result:
-----BEGIN RSA PRIVATE KEY-----
fasdfsadfsadJAyxNgvFkJoMF+MEyWV4Qfasdfasd
gTf2LsM2mo6Jodh+VVffsadfsadfsdafsadfa0QPTlY+905/z3e24DYtKHbP
eRfem0kq/H17eguWk4BounPWfJKrYGR1rS00K5OeWfoTAoz6osc3rN8LXwIBIwKB
gQCZXb8ppDdM50Ki7A04CSoEb/qWChMJtIRFGfMI3A+MvFuj/50Wi7zGoQz9wDxW
gv0cNaT/Z/B1z40AAAAAAAAAAAAAAAAAAAAIY83RKh/Kj+Jv8OhW1FNUp/Il7WOs
1zo+owYp9uyT08gE1XBGvMrdam2w77YabIT20Dt2jkKs2wJBfasdfVu88cqmJ2P
F0+JlFbOL5pvldjfkeDkefIesdIdfeIdkXxK343/45uo35lYVj6vXfdsafFeMWD
jHH3EYMCQQD1JcnOz8CGMSeMbFXrdb1erkt3fgcJwny4WotUUoRx5KZinPGSasXv
GmL8zshzHcN9wWFgicXGOcqpQijM8kP1AkAdHoMd4MtnOBFxF6rkhMB+8v4gR0zw
F901P7OURpHAiCf/4lnFD98fadsfsadfasdfasdfuoUFHeHqr/LLMi3jAkBUDPS7
73U1Uq55SbcO5ooR1Vuz8LH0t7W7jMIOSC1o4K4TLn6123cQJk3TBRGGjdygJQtx
jlJv2UzMUTKPaQFbAkAuvRDkvUVb1lvuduolUZHmz3SBdwiKIVMn8+SeXoCT+hL8
SQJ56ary8w+dkfjaldkfkjdekelsldkelf
-----END RSA PRIVATE KEY-----
Command:
$ cat ~/.ssh/config
Result:
Host vps
HostName 111.111.11.111
Port 22
User root
IdentityFile ~/vps.key
Command:
$ chmod 600 ~/vps.key
Command:
$ ssh vps
Result:
[root@v111-111-11-111 ~]#
$ cat vps.key
Result:
-----BEGIN RSA PRIVATE KEY-----
fasdfsadfsadJAyxNgvFkJoMF+MEyWV4Qfasdfasd
gTf2LsM2mo6Jodh+VVffsadfsadfsdafsadfa0QPTlY+905/z3e24DYtKHbP
eRfem0kq/H17eguWk4BounPWfJKrYGR1rS00K5OeWfoTAoz6osc3rN8LXwIBIwKB
gQCZXb8ppDdM50Ki7A04CSoEb/qWChMJtIRFGfMI3A+MvFuj/50Wi7zGoQz9wDxW
gv0cNaT/Z/B1z40AAAAAAAAAAAAAAAAAAAAIY83RKh/Kj+Jv8OhW1FNUp/Il7WOs
1zo+owYp9uyT08gE1XBGvMrdam2w77YabIT20Dt2jkKs2wJBfasdfVu88cqmJ2P
F0+JlFbOL5pvldjfkeDkefIesdIdfeIdkXxK343/45uo35lYVj6vXfdsafFeMWD
jHH3EYMCQQD1JcnOz8CGMSeMbFXrdb1erkt3fgcJwny4WotUUoRx5KZinPGSasXv
GmL8zshzHcN9wWFgicXGOcqpQijM8kP1AkAdHoMd4MtnOBFxF6rkhMB+8v4gR0zw
F901P7OURpHAiCf/4lnFD98fadsfsadfasdfasdfuoUFHeHqr/LLMi3jAkBUDPS7
73U1Uq55SbcO5ooR1Vuz8LH0t7W7jMIOSC1o4K4TLn6123cQJk3TBRGGjdygJQtx
jlJv2UzMUTKPaQFbAkAuvRDkvUVb1lvuduolUZHmz3SBdwiKIVMn8+SeXoCT+hL8
SQJ56ary8w+dkfjaldkfkjdekelsldkelf
-----END RSA PRIVATE KEY-----
Command:
$ cat ~/.ssh/config
Result:
Host vps
HostName 111.111.11.111
Port 22
User root
IdentityFile ~/vps.key
Command:
$ chmod 600 ~/vps.key
Command:
$ ssh vps
Result:
[root@v111-111-11-111 ~]#
Monday, August 28, 2017
Subscribe to:
Posts (Atom)