It’s not, it can actually be accomplished by using subuid (subordinate user id’s) & subgid (subordinate group id’s) built into the linux kernel.Continue reading “Unprivileged containers as root, an oxymoron?”
My memory is horrible and this weblog acts as the remedy, if you find some of the articles messy and incomplete it's because it was written for myself. However, if you find any use of it then feel free to do so. Just beware that you are using it on your own risk!
API (Application Programming Interface) is a set of functions that allows the creation of applications that access the features or data of a service.
A RESTful API uses HTTP requests to GET, PUT, POST and DELETE data.Continue reading “Building a RESTful API”
I’m kind of a control freak when it comes to my servers, lately the temperatures in Sweden reaches well above 30 degrees celsius and i need to get a warning in case the temp goes below 23 or above 26.Continue reading “Server room temperature surveillance”
I have been using LXC for a while and there are a few commands i would like to have in my toolbox. In this article i will provide you with a few scripts for managing your LXC containers.Continue reading “LXC 3 – the missing utilities”
My standard Linux server setup usually consists of a software raid1 with two disks syncing. The problem with traditional raid, both software and hardware raid, is that it is only useful if one of your drives completely dies. If you experience Silent Data Corruption or if your drive goes bad you might end up with the raid syncing junk across your disks.Continue reading “Better-, Butter-, B-tree Filesystem (btrfs)”
LXC is an abbreviation for “Linux Containers“ which is a feature in the linux kernel, it allows you to install multiple Linux installations running on the same kernel. It’s kind of like chroot but much more powerful as it allows for process and network isolation.
I’ve seen that there is a fancy web GUI for Ubuntu and i felt the need for something similar in Debian (never actually tried the Ubuntu LXC Web Panel)Continue reading “LXC 2.x Web GUI”
Thats right, i saw the new lxc-top command that is available in 3.0 and i was kind of impressed.
Since i’m running version 2 and wanted something similar, i decided to go with a simple bash script, the data is collected via proc and the values are converted with some help from BC (arbitrary precision calculator language)Continue reading “lxc-top not found”
Can be run from cron every night to make sure you keep those pesky hackers out.Continue reading “automatic emerging threats iptables blocklist”
Let’s get right to the fun part!Continue reading “LXC – Linux Containers”
Are you still using virtual machines like a sucker? here’s the complete guide to the future, it’s called containerization.
I’ve been using chroot for years, not only for webpages with the php-fpm, but also for services like Postfix, Dovecot and Bind.Continue reading “DAMP – Docker, Apache, MariaDB & PHP-FPM”
My first thought was Basic Auth with htpasswd and htgroups, there’s even an SQL extension so this seems like a good solution, right?Continue reading “Preprocessing with mod_rewrite and PHP”
Imagine that the filesystem is book and each entry in the table of contents (TOC) is a reference to a chapter. In the filesystem this “chapter” is referred to as an inode and the TOC entry is called a hard link.
you may call it a file ;)
Continue reading “Snapshot databases & files”
Now the cool thing about this is that we can have several links to the same inode, in fact we can have 65.000 hard links to the same inode without using up any extra space.
Create a git project with a remote repositoryContinue reading “Git Cheat Sheet”
This script is a part of the Asbra Firewall Project which is a set of utilities for managing a Linux Netfilter Firewall.Continue reading “Blacklisting with Ulogd2 & nftables”
If you’re getting the following error it means that your certbot script is outdated.
certbot: Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.Continue reading “LetsEncrypt SSL – All renewal attempts failed.”
Posts and pages are two sides of the same coin, the main difference is that posts (a.k.a blog-posts) are sorted by date and have optional categories or tags, pages do not.
Under the hood they are both called post_types but they have been initialized with different parameters.
We will be creating our own post type with it’s own taxonomy (categories) for storing favourite music videos.Continue reading “Custom Post Type with Taxonomy”
Sometimes you just don’t have access to a fancy GUI like phpMyAdmin but you still need to make changes to the WordPress database. This article is about those times.Continue reading “Useful SQL statements for everyday WordPress administration”
NeoVim is a great tool and my goto editor even on large projects, but it needs proper config.Continue reading “Neovim – Next Generation Vim”
Plug in your GSM Modem and run dmesg to find your device details.Continue reading “SMS Gateway using smstools in Debian 9”
Syslog used to handle NetFilter logging and you had to write regexp rules to sort your firewall logs, like:
:msg,contains,"[ABF_Blocked" /var/log/abf-blocked.log"Continue reading “ulogd2 – Netfilter logging”
Asbra Firewall is a combination of scripts and tools for Firewall configuration and Intrusion Detection (NIDS). It uses sqlite3 to save information on blocked traffic and counts the occurrences of attacking hosts with optional blocking. Continue reading “ABF – AsBraFirewall”
Blacklisting large amounts of IPs, i use this with the iptables “blocked logging” in ABF (AsBraFirewall).
Continue reading “ipset – Blacklisting large sets”
Well, not in Debian 9.. To get bash completion run:
# source /etc/profile.d/bash_completion.sh
And then you can TAB-complete all sorts of commands like services or systemctl
How do you know if your daemons go down? Some use services like pingdom but i’d rather check myself.Continue reading “Check yourself”
A few commands for image manipulation on the command line.
PHP-Class for encryption of text. I use it for safe storage of information in databases.Continue reading “2-way encryption with AES 256bit (CBC) in PHP”
Since my samsung uses a custom ROM called Lineage OS and since the device is rooted, it lets me play around inside the Linux environment. Continue reading “ADB (Android Debugger) Cheatsheet”
Running on Debian 9 Stretch. Continue reading “OpenVPN Server”
The output of some commands are impossible to read, especially a network flow in real time. I’ve collected a few ways to accomplish coloring of keywords. Continue reading “Colorizing your Linux commands”
Collection of scripts to measure what is making your page slow Continue reading “Measuring web page speeds”
When all else fails, oneliner to strace apache procesess Continue reading “Debug Apache with Strace”
Redundancy is ambiguous because it seems like a waste if nothing unusual happens. Except that something unusual happens-usually. Continue reading “Setting up RAID 1 mirroring in Debian”
Have you ever shared a network drive between MS Windows and Macos? Continue reading “Those damn ._dotfiles and .DS_Store in MacOS”
When moving databases between servers there are a few things to consider, one of these things is the charset. Continue reading “Weird characters when importing SQL to MariaDB”
I needed to edit /etc/hosts on my chromebook, turns out the root filesystem on Chrome OS is read only. Continue reading “Chromebook writable root”
When Apache cant find the page that you are looking for it says “Not Found” and then it reveals your apache version number and sometimes even the modules that you have enabled. Do you want this? Continue reading “Apache Server Signature”
We recently got a lot of invoices from sites all over the web, even from sites located outside of Sweden. Someone was mirroring our site using iframes and a similar domain name to ours. Continue reading “Preventing fraud”
Only allow some users restricted access to your server, description for both a complete chroot environment or just simple sftp. Continue reading “Chroot restrict SSH or SFTP users”
This script scans a set of folders and reports back to an administrator if a threat is found. Continue reading “Detect Viruses with ClamAV”
Tell at what pixel from the top the CSS should be triggered, in this example i’m targeting the navbar with id=”topnav”. You also need JQuery for this to work.
I Wrote a plugin that attaches a hook to the login page and adds custom CSS.
The plugin can be administered from your admin menu “Settings/ASBRA Login Plugin”. Simply add your CSS rules and click the “Save Changes” button. Continue reading “Customize WordPress Login CSS”
Google has a nifty way of checking if you’re human or not.
I wrote a PHP Class for verifying ReCaptcha v.2. Continue reading “I’m not a robot”
Leaving your wp-login.php script or wp-admin folder accessible from the internet allows for bruteforcing of your passwords
My way of solving this is by creating a randomly named folder e.g. “asbra” with som php code that sets a cookie which is required by the .htaccess file. Continue reading “Securing WordPress with .htaccess”
So you dont want to install the Sendmail daemon in every Chroot environment to be able to use the PHP mail() function? Of course not.. the simple solution is called mini_sendmail, it connects to localhost on port 25 to deliver the emails.
If you’ve ever tried the Google Developers Audit or the Pingdom Speed test on your website then you’ve probably seen the warning about “Leverage browser caching“, it basicly means that the site tells the browser to keep some of the files cached for faster page loading.
You can do this with your local .htaccess file:
Apache supports lots of different encryption protocols, some of which have serious vulnerabilities that puts sites at risk of being breached.
The Poodle and Beast exploits are just a couple examples of how attackers have taken advantage of weaknesses in SSL and TLS to compromise organizations. Continue reading “TLS v1.1 is being phased out by 30 June 2018”
And the winners with 107 hits each are:
I’ve been cleaning up lots of hacked wordpress sites lately and i thought i’d share my findings and also my attempt to refine this technique with AES-encryption instead of obfuscation
A collection of commands to help you determine if you’ve been hacked, the same commands can be used to find obfuscated code and dangerous php in any other CMS system such as Joomla or Drupal. Continue reading “Unhacking a Hacked WordPress Site”