Latest Post

Sunday, April 3, 2016

Turn off server signature on Apache web server

Exposing web server signature with Apache/PHP version info can be a security risk as you are telling attackers known vulnerabilities of your system. Thus it is recommended you disable all web server signatures as part of server hardening process.


Disable Apache Web Server Signature


Follow the steps below to disable Apache Server Signature.
On Debian or Ubuntu:
$ sudo vi /etc/apache2/apache2.conf
On CentOS, Fedora or RHEL:
$ sudo vi /etc/httpd/conf/httpd.conf
Add the following two lines at the end of Apache config file.


ServerSignature Off
ServerTokens Prod
Then restart web server to activate the change:
$ sudo service apache2 restart (Debian or Ubuntu)
$ sudo service httpd restart (CentOS/RHEL 6)
$ sudo systemctl restart httpd.service (Fedora or CentOS/RHEL 7)
The first line 'ServerSignature Off' makes Apache to hide version info on any error pages. However, without the second line 'ServerTokens Prod', Apache will still include a detailed server token in HTTP response headers, which reveals Apache version number.

Hide PHP Version

Another security threat is PHP version info leak in HTTP response headers. By default, Apache server includes PHP version info via "X-Powered-By" field in HTTP response headers. If you want to hide PHP version in HTTP headers, open "php.ini" file with a text editor, look for "expose_php = On", and change it to "expose_php = Off".

On Debian or Ubuntu:
$ sudo vi /etc/php5/apache2/php.ini
On CentOS, Fedora or RHEL:
$ sudo vi /etc/php.ini

expose_php = Off
Finally, restart web server to reload updated PHP config file.
Now you will no longer see "X-Powered-By" field in HTTP response headers.

Tuesday, February 9, 2016

Cloudfuse to mount the Cloud Object Storage on Linux

Cloudfuse is a FUSE application which provides access to Cloud Files (Object Store). Object Store is a remote storage system which is similar to Amazon S3. It provides a simple RESTful interface to storing and retrieving objects.

Use the following steps on your Centos/Redhat environment.

Install packages as the root user:
#yum install gcc make fuse-devel curl-devel libxml2-devel openssl-devel git
Download the cloudfuse files:
#cd /tmp/
#git clone https://github.com/redbo/cloudfuse.git
Go in to the cloudfuse directory and build the cloudfuse binary:
#cd cloudfuse/
#./configure
#make
#make install
Then create the credentials file in:
#vi /root/.cloudfuse
Copy the lines below and fill in the blanks:

username= 'Your User Name'
api_key='API Key from your Service Provider'
authurl='URL from your Service Provider'

You can use SSL if you want

verify_ssl=True

Set the correct permissions:
#chmod 600 /root/.cloudfuse
Now you can mount the directory on your filesystem:
#cloudfuse /path/to/mount

Thursday, December 24, 2015

Identify a PHP script sending SPAM through Postfix

You can follow the steps below to identify a PHP script that sending out SPAM through Postfix

 - Connect to your SSH terminal
 - Execute "mailq" command to check the mail queue 
 - The first column of the mail queue list shows unique mail ID's, copy one from an obvious spam email
 - Execute "postcat -q " using the unique mail ID you copied in place of to check this email's details
 - Identify the line starting with "X-PHP-Originating-Script". This should show which script is generating the spam emails
 - Remove the script, patch the website with latest security fixes and make sure folder and file permissions are secure
 - Execute "postsuper -d ALL" to empty the mail queue 
 - Check the mail queue again with command "mailq" to see if more emails are now generated. If the problem persists, repeat the above steps and see if you find other scripts causing the problem.

Friday, November 27, 2015

Reset 'root' password in Ubuntu

Use the steps below to reset "root" password in Ubuntu

 - You need to reboot your system
 - Hold Shift during boot to start GRUB menu
 - Highlight your image and press E to edit
 - Find the line starting with "linux" and append rw init=/bin/bash at the end of that line
 - Press Ctrl + X to boot
 - In console type command #passwd root
 - Now type your new password
 - Reboot the system again

Monday, August 10, 2015

Remote Desktop over SSH to bypass firewall

If you have access to your SSH server, you can use SSH port forwarding to bypass firewall.

ssh -L 3389:rdp-server.example.com:3389 ssh-server.example.com

Monday, June 29, 2015

Reset Forgotten MySQL root Password for Windows

If you forgot root password for your MySQL database server running in Microsoft Windows, You can reset it following the steps below.

  1. Stop your MySQL server. Start “services.msc” using Run window, and stop MySQL service.
  2. Open your MS-DOS command prompt “cmd” using Run window. Then go to your MySQL bin folder, e.g., "C:\MySQL\bin" Path could be different for your setup.
  3. Execute the following command in the command prompt:
    mysqld.exe -u root --skip-grant-tables
    
  4. Leave the current MS-DOS command prompt as it is, and open another new MS-DOS command prompt window.
  5. Go to your MySQL bin folder again and enter “mysql” and press Enter.
  6. Select "mysql" Database. Type “use mysql;”.
  7. Execute the following command to update the password:
    UPDATE user SET Password = PASSWORD('your_new_passowrd') WHERE User = 'root';

After the procedure close the first command prompt. Now in second command prompt type “exit;”.
You can now start the MySQL service as normal.

Thursday, May 7, 2015

How to reset admin password for vCenter

For vCenter Single Sign-On 5.1
To reset the [email protected] password on the vCenter Server Appliance:
  1. Log in as root to the vCenter server Appliance;
  2. From the command line, navigate to /usr/lib/vmware-sso/utils directory;
  3. Run the following command:
    ./rsautil reset-admin-password
  4. Enter the master password when prompted (By default, this is the root password)
  5. Enter the SSO administrator name for which you want to reset the password. For example, admin;
  6. Enter the new password for the user and then confirm it a second time;

    You should see the message 
    Password reset successfully.

For vCenter Single Sign-On 5.5
To reset the [email protected] password on the vCenter Server Appliance:
  1. Connect to the vCenter Server Appliance through SSH;
2.    Run the following command:
/usr/lib/vmware-vmdir/bin/vdcadmintool
This console loads:
================================
Please select:
0. exit
1. Test LDAP connectivity
2. Force start replication cycle
3. Reset account password
4. Set log level and mask
5. Set vmdir state
================================
3.    Press 3 to enter the Reset account password option;
4.    When prompted for the Account DN, enter
cn=administrator,cn=users,dc=vSphere,dc=local

A new password is generated.
  1. Use the generated password to log in to the [email protected] account.

For VMware Platform Services Controller 6.0
To reset the [email protected] password on the Platform Services Controller or vCenter Server with Embedded Platform Services Controller Appliance:
  1. Log in to the vCenter Server Appliance via SSH;
  2. Run this command to enable access the Bash shell;
    shell.set --enabled true
  3. Type shell and press Enter;
  4. Run the following command:
    /usr/lib/vmware-vmdir/bin/vdcadmintool
    This console loads:
    ================================
    Please select:
    0. exit
    1. Test LDAP connectivity
    2. Force start replication cycle
    3. Reset account password
    4. Set log level and mask
    5. Set vmdir state
    ================================
  1. Press 3 to enter the Reset account password option;
  2. When prompted for the Account UPN, enter:
    [email protected]_Domain_Name.local
    By default, this is:
    [email protected]
    A new password is generated.
  1. Use the generated password to log in to the [email protected] account.