April 5, 2012

SSH Key Generation and its Fingerprint Verification

SSH Key Generation and its Fingerprint.

Generate a new SSH key.

To generate a new SSH key, enter the code below. We want the default settings so when asked to enter a file in which to save the key, just press enter.

$ ssh-keygen -t rsa -C "your_email@youremail.com"

Creates a new ssh key using the provided email
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/your_user_directory/.ssh/id_rsa):

Now you need to enter a passphrase.

To view the fingerprint of the ssh host key

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key

Apache Tomcat Installation and SSL Configuration

You can see/download latest versions of tomcat from the url: http://tomcat.apache.org/whichversion.html

To download and install Apache Tomcat version 7.0.26

cd /opt
wget http://apache.petsads.us/tomcat/tomcat-7/v7.0.26/bin/apache-tomcat-7.0.26.tar.gz
tar -xvf apache-tomcat-7.0.26.tar.gz /opt

Now set variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export CATALINA_HOME=/opt/apache-tomcat-7.0.26

> export TOMCAT_HOME=$CATALINA_HOME

> export PATH=$CATALINA_HOME/bin:$PATH

Logout and Login to server.

**Configure SSL for tomcat**

Use below command to create the keystore and while creating use hostname for "first and last name"

keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/keystore

Edit server.xml file and uncommented/edited these lines:



Note: change password as while you are creating the keystore

Restart tomcat

catalina.sh stop
catalina.sh start

Some useful commands to Manage/Monitor Servers

These commands are mainly for rpm based linux servers like CentOS etc.. May be some commands works in ubuntu servers etc...

Command to find out total established connections, closing connection, TIME_WAIT and much more.

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n

Sample Output:

1 established
1 Foreign
5 LISTEN
16 TIME_WAIT
19 ESTABLISHED

Dig out more information about a specific ip address

netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

2 LISTEN
4 FIN_WAIT1
4 ESTABLISHED
7 TIME_WAIT

To print list of all unique IP address connected to server, enter:

netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq

To print total of all unique IP address, enter:


netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l

Find Out If Box is Under DoS Attack or Not


If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:

netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n

Command to list the connections to port 80:


netstat -alntp | grep :80

To check the number of connections to port 80:

netstat -alntp | grep :80 | wc -l

Command To Find Out Top 10 CPU Consuming Process


ps -auxf | sort -nr -k 3 | head -10

Command To Find Out The Top 10 Memory Consuming Process

ps -auxf | sort -nr -k 4 | head -10
An useful command to list connections to a particular port with its proccess id.

For eg: Port 8080

lsof -w -n -i tcp:8080

Command to remove a running process.
For eg: a proccess with PID 8457

kill -9 8457

Linux Screen Command

Steps


- Create a screen using the command

screen -S geopc


- Close the shell without logout


- Open a new shell and type

screen -ls

Sample Output:

There are screens on:
16921.joemon (Dead ???)
3981.name (Attached)
5002.geopc (Attached)
Remove dead screens with 'screen -wipe'.
3 Sockets in /tmp/screens/S-root.


- You can login to that screen using the command screen -r 'screen name'

screen -r 5002.geopc

To attach a scree that is already attached with the following command:

screen -x -R


You can add your commands as comments!... :)

Setting up Apache Tomcat to work with Apache Server

We are using **mod_jk** Tomcat-Apache plug-in that handles the communication between Tomcat and Apache.

Install the GNU compilers gcc and g++, make utility to maintain groups of programs and httpd-devel package with the following command in rpm based linux.

yum install gcc* gcc-c++ make automake httpd-devel

Installation and configuration


Ensure Apache HTTP Server is not running

/etc/init.d/httpd stop

Download and extract Tomcat Connector to the following under /root

cd /root/
wget http://mirrors.kahuki.com/apache//tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.32-src.tar.gz
tar -xvf tomcat-connectors-1.2.32-src.tar.gz
cd /root/tomcat-connectors-1.2.32-src/native/

Build and install with the following command

./configure --with-apxs=/usr/sbin/apxs; make; make install

Change permission of loaded module mod_jk.so

chmod 755 /usr/lib64/httpd/modules/mod_jk.so

Create mod_jk.conf file in apache httpd server.

vi /etc/httpd/conf.d/mod_jk.conf

Copy and paste below lines.


LoadModule jk_module "/usr/lib64/httpd/modules/mod_jk.so"


JkWorkersFile "/opt/apache-tomcat-6.0.20/conf/jk/workers.properties"
JkLogFile "/opt/apache-tomcat-6.0.20/logs/mod_jk.log"

JkLogLevel emerg

Open workers.properties file in apache tomcat.

vi /opt/tomcat/conf/jk/workers.properties

Add ajp13 to workers.list so that the following line becomes:

worker.list=jk-status, ajp13


In mod_jk.conf and ssl.conf use mod_jk's JkMount directive to assign specific URLs to Tomcat. For example the following directives will send all requests beginning with /idp to the "ajp13" worker.

Open mod_jk.conf in apache server.

vi /etc/httpd/conf.d/mod_jk.conf

Copy and paste below lines at the end of file.

JkMount /idp ajp13
JkMount /idp/* ajp13

Now open ssl.conf file to setup redirection for secure connection

vi /etc/httpd/conf.d/ssl.conf

Configure mod_ssl by adding the following lines near the end, just before the closing .

JkMount /idp ajp13
JkMount /idp/* ajp13

Restart tomcat and apache

catalina.sh stop
catalina.sh start
/etc/init.d/httpd restart

Thats all!...

The main advantage of this is you need to open only port of apache in firewall.

Apache Maven Installation and Configuration

Apache Maven Installation and Configuration

You can see/download latest versions of tomcat from the url: http://maven.apache.org/download.html

To download and install Apache Maven-2.2.1

cd /opt
wget http://apache.mirrors.redwire.net//maven/binaries/apache-maven-2.2.1-bin.tar.gz
tar -xvf apache-maven-2.2.1-bin.tar.gz

Now set variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export MVN_HOME=/opt/apache-maven-2.2.1

> export PATH=$MVN_HOME/bin:$PATH

Logout and Login to server.

Installation of JAVA

Java

You can down load Java from the url: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u31-download-1501634.html

or for a linux with 62 bit OS

wget http://download.oracle.com/otn-pub/java/jdk/6u31-b04/jdk-6u31-linux-x64.bin

Now install java as follows:

mkdir cd /usr/java/
mv jdk-6u31-linux-x64.bin /usr/java/
cd /usr/java
chmod +x jdk-6u31-linux-x64.bin
./jdk-6u31-linux-x64.bin

Now set java variables in server.

vi /root/.bashrc

Copy and paste below lines:

> export JAVA_HOME=/usr/java/jdk1.6.0_29
> export PATH=$JAVA_HOME/bin:$PATH

Logout and Login again.

html to pdf conversion in Linux

To convert html page or an url to pdf, we can use wkhtmltopdf on a linux machine.

Downloaded the relevant static binary v0.10.0 from here: http://code.google.com/p/wkhtmltopdf/downloads/list

via ssh on my shared host typed the following:

wget {relavant url to binary from link above}
tar -xvf {filename of above wget'd file}
For eg: for a 64 bit OS

wget http://wkhtmltopdf.googlecode.com/files/wkhtmltopdf-0.9.9-static-amd64.tar.bz2
tar -jxvf wkhtmltopdf-0.9.9-static-amd64.tar.bz2
cp -rv wkhtmltopdf-amd64 /usr/local/bin/

Now you can convert pages as follows:

wkhtmltopdf-amd64 http://www.google.com google.pdf