It’s not, it can actually be accomplished by using subuid (subordinate user id’s) & subgid (subordinate group id’s) built into the linux kernel.
API (Application Programming Interface) is a set of functions that allows the creation of applications that access the features or data of a service. A RESTful API uses HTTP requests to GET, PUT, POST and DELETE data.
I’m kind of a control freak when it comes to my servers, lately the temperatures in Sweden reaches well above 30 degrees celsius and i need to get a warning in case the temp goes below 23 or above 26.
I have been using LXC for a while and there are a few commands i would like to have in my toolbox. In this article i will provide you with a few scripts for managing your LXC containers.
My standard Linux server setup usually consists of a software raid1 with two disks syncing. The problem with traditional raid, both software and hardware raid, is that it is only useful if one of your drives completely dies. If you experience Silent Data Corruption or if your drive goes bad you might end up with […]
LXC is an abbreviation for “Linux Containers“ which is a feature in the linux kernel, it allows you to install multiple Linux installations running on the same kernel. It’s kind of like chroot but much more powerful as it allows for process and network isolation. I’ve seen that there is a fancy web GUI for […]
Thats right, i saw the new lxc-top command that is available in 3.0 and i was kind of impressed. Since i’m running version 2 and wanted something similar, i decided to go with a simple bash script, the data is collected via proc and the values are converted with some help from BC (arbitrary precision […]
Can be run from cron every night to make sure you keep those pesky hackers out.
Let’s get right to the fun part!
Are you still using virtual machines like a sucker? here’s the complete guide to the future, it’s called containerization. I’ve been using chroot for years, not only for webpages with the php-fpm, but also for services like Postfix, Dovecot and Bind.
Imagine that the filesystem is book and each entry in the table of contents (TOC) is a reference to a chapter. In the filesystem this “chapter” is referred to as an inode and the TOC entry is called a hard link. you may call it a file ;) Now the cool thing about this is […]
Create a git project with a remote repository
This script is a part of the Asbra Firewall Project which is a set of utilities for managing a Linux Netfilter Firewall.
If you’re getting the following error it means that your certbot script is outdated.
Posts and pages are two sides of the same coin, the main difference is that posts (a.k.a blog-posts) are sorted by date and have optional categories or tags, pages do not. Under the hood they are both called post_types but they have been initialized with different parameters. We will be creating our own post type […]
Sometimes you just don’t have access to a fancy GUI like phpMyAdmin but you still need to make changes to the WordPress database. This article is about those times.
NeoVim is a great tool and my goto editor even on large projects, but it needs proper config.
Plug in your GSM Modem and run dmesg to find your device details.
Syslog used to handle NetFilter logging and you had to write regexp rules to sort your firewall logs, like: :msg,contains,”[ABF_Blocked” /var/log/abf-blocked.log”
Asbra Firewall is a combination of scripts and tools for Firewall configuration and Intrusion Detection (NIDS). It uses sqlite3 to save information on blocked traffic and counts the occurrences of attacking hosts with optional blocking.
Blacklisting large amounts of IPs, i use this with the iptables “blocked logging” in ABF (AsBraFirewall).
Well, not in Debian 9.. To get bash completion run: And then you can TAB-complete all sorts of commands like services or systemctl
How do you know if your daemons go down? Some use services like pingdom but i’d rather check myself.
A few commands for image manipulation on the command line.
PHP-Class for encryption of text. I use it for safe storage of information in databases.
Since my samsung uses a custom ROM called Lineage OS and since the device is rooted, it lets me play around inside the Linux environment.
Running on Debian 9 Stretch.
The output of some commands are impossible to read, especially a network flow in real time. I’ve collected a few ways to accomplish coloring of keywords.
Collection of scripts to measure what is making your page slow
When all else fails, oneliner to strace apache procesess
Redundancy is ambiguous because it seems like a waste if nothing unusual happens. Except that something unusual happens-usually.
Have you ever shared a network drive between MS Windows and Macos?
When moving databases between servers there are a few things to consider, one of these things is the charset.
I needed to edit /etc/hosts on my chromebook, turns out the root filesystem on Chrome OS is read only.
When Apache cant find the page that you are looking for it says “Not Found” and then it reveals your apache version number and sometimes even the modules that you have enabled. Do you want this?
We recently got a lot of invoices from sites all over the web, even from sites located outside of Sweden. Someone was mirroring our site using iframes and a similar domain name to ours.
Only allow some users restricted access to your server, description for both a complete chroot environment or just simple sftp.
Also called MalDet, has a set of signatures for matching malware in web-files. It uses the ClamAV scanner engine (if found) which also includes its own signatures.
This script scans a set of folders and reports back to an administrator if a threat is found.
Tell at what pixel from the top the CSS should be triggered, in this example i’m targeting the navbar with id=”topnav”. You also need JQuery for this to work.
I Wrote a plugin that attaches a hook to the login page and adds custom CSS. The plugin can be administered from your admin menu “Settings/ASBRA Login Plugin”. Simply add your CSS rules and click the “Save Changes” button.
Google has a nifty way of checking if you’re human or not. I wrote a PHP Class for verifying ReCaptcha v.2.
Leaving your wp-login.php script or wp-admin folder accessible from the internet allows for bruteforcing of your passwords My way of solving this is by creating a randomly named folder e.g. “asbra” with som php code that sets a cookie which is required by the .htaccess file.
So you dont want to install the Sendmail daemon in every Chroot environment to be able to use the PHP mail() function? Of course not.. the simple solution is called mini_sendmail, it connects to localhost on port 25 to deliver the emails.
If you’ve ever tried the Google Developers Audit or the Pingdom Speed test on your website then you’ve probably seen the warning about “Leverage browser caching“, it basicly means that the site tells the browser to keep some of the files cached for faster page loading. You can do this with your local .htaccess file:
Apache supports lots of different encryption protocols, some of which have serious vulnerabilities that puts sites at risk of being breached. The Poodle and Beast exploits are just a couple examples of how attackers have taken advantage of weaknesses in SSL and TLS to compromise organizations.
And the winners with 107 hits each are: 18.104.22.168 22.214.171.124
I’ve been cleaning up lots of hacked wordpress sites lately and i thought i’d share my findings and also my attempt to refine this technique with AES-encryption instead of obfuscation
A collection of commands to help you determine if you’ve been hacked, the same commands can be used to find obfuscated code and dangerous php in any other CMS system such as Joomla or Drupal.