2011

HOW TO : Apache and SELinux

Quick note for future reference..

If you ever run into errors like this

[code]
<pre>Starting httpd: Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
Warning: DocumentRoot [/var/www/html/static] does not exist
(13)Permission denied: httpd: could not open error log file /etc/httpd/logs/error_log.
Unable to open logs
[FAILED]
[/code]
And you are scratching your head why Apache is throwing these errors, even when the said directory and files exist. And you have the right permissions!! Check if you have SELinux running and being enforced.
On RHEL, you can check if SELinux is running by
[code]cat /selinux/enforce [/code]
The two values are 0 and 1. 0 means, SELinux is not being enforced and 1 means it is.
You can quickly disable SELinux temporarily by
[code]echo 0 >/selinux/enforce [/code]
If you want to disable it permanently (i.e. survive reboots), you have to edit the file /etc/selinux/config and change the SELINUX line from enabled to disabled.

August 22, 2011 by HOWTO Linux Networking Technology Uncategorized Web 4

HOW TO : Playbook for creating an effective IT team

Tom Limoncelli put together a list of questions that are essentially a cheat-sheet to creating and running a very effective IT team. He called it the Limoncelli Test (as a tribute to the Joel Spolsky‘s Joel Test) and it can be found at http://everythingsysadmin.com/the-test.html.

The only additional thing I would add to the list is to have a roadmap for the function you provide and ensure it is updated quarterly. A lot of teams spend a lot of time on what they do now, but don’t focus on what they “can” do. This is similar to IT functions spending more than 70% – 80% of their budgets on maintenance rather than innovating.

August 22, 2011 by HOWTO Management Uncategorized 0

Overheard : Random comments about technology

Here are some interesting titbits from a executive summary event hosted by Redhat/Intel that I attended yesterday.

We decreased the execution times for our orders from 1.5 seconds to 5 milliseconds

This from an executive managing the technology organization for a large trading company. Imagine the geekiness in accomplishing this :).

For every 450 smartphones that get activated a server is added to support them

This from an Intel executive. So if there are 500000 android phones being activated every day.. that’s around 1111 servers being added just to serve the android fans :).

1 in 4 servers currently runs Linux

This from a Redhat executive. If anyone doubts that Linux is mainstream.. they are living under a rock 🙂

August 19, 2011 by Linux OverHeard Technology Uncategorized Web 0

HOW TO : Use grep to search for credit card numbers

I was looking for a quick way to search for credit card numbers in a file and ran across this excellent post by Adrian Rollett. I tweaked his suggestion a bit to show some additional data.

Original suggestion

[code] grep ‘\(^\|[^0-9]\)\{1\}\([345]\{1\}[0-9]\{3\}\|6011\)\{1\}[-]\?[0-9]\{4\}[-]\?\[0-9]\{2\}[-]\?[0-9]\{2\}-\?[0-9]\{1,4\}\($\|[^0-9]\)\{1\}’ FILE_TO_SEARCH [/code]

My modification

[code] grep ‘\([345]\{1\}[0-9]\{3\}\|6011\)\{1\}[ -]\?[0-9]\{4\}[ -]\?[0-9]\{2\}[-]\?[0-9]\{2\}[ -]\?[0-9]\{1,4\}’ –color -H -n FILE_TO_SEARCH [/code]

The modified command will show the name of the file the number was found and at which line. You can tweak it further using additional options for grep. A good reference guide can be found here.

August 17, 2011 by HOWTO Linux Technology Uncategorized 0

HOW TO : Export and import certificates using keytool

Keytool is a java utility to manage SSL key databases (stores). Here are a couple of options for using this tool

  • List the certificates in the keystore

[code]keytool -list -keystore NAME_OF_KEYSTORE_FILE [/code]

  • Export a particular certificate from the keystore

[code]keytool -export -alias ALIAS_NAME_OF_CERT -keystore NAME_OF_KEYSTORE_FILE [/code]

  • Import a certificate into the keystore

[code]keytool -import -alias ALIAS_NAME_YOU_WANT -keystore NAME_OF_KEYSTORE_FILE -file NAME_OF_CERT_FILE_TO_IMPORT [/code]

July 20, 2011 by HOWTO Networking Technology Uncategorized 1

HOW TO : Use netcat (nc) on Windows 7

netcat is a swiss army tool for network/security professionals. You can use it to listen on certain ports or connect to certain ports. For example, say, you configured your firewall to allow TCP 80 traffic to your web server. But your web server is not built yet and you want to validate the rule. You can run netcat on your workstation to listen on port 80, assign the IP address of the web server to your workstation and test the rule.

If I am not mistaken, nc comes as a default tool in most of the Linux distros. You can download the windows port of the tool at http://www.securityfocus.com/tools/139

The command to have netcat listen on a specific port is “nc -l PORT_NUMBER”. If you run this on a Windows 7 machine, you will get this dreaded message “local listen fuxored: INVAL”. The fix is to run it with a -L option. So the command would like this

[code]nc -L -p 80[/code]

The -L means “listen harder, re-listen on socket close” :).. Have to dig deeper and see what it really means though. I will leave that for another blog post.

And if you want to validate that netcat is indeed listening on that port, you can connect to that port from another workstation by using nmap.

July 14, 2011 by HOWTO Networking Technology Uncategorized Windows 17

Huh…???

I was checking out the live feed from Facebook regd the video service they rolled out yesterday and noticed this comment on the live feed form.. all I can say is WTF 🙂

July 7, 2011 by Fun Rantings Uncategorized 0