HOWTO

HOW TO : Download SSL certificate using openssl and importing it into a keystore

Following up on my earlier post about using keytool to import and export certificates into a keystore. Here is some more information on using openssl to download the certificate from a remote server and then using keytool to import it into the keystore.

keytool needs the certificate to be in X509 format, so we will use sed to format the certificate.

[code]echo -n | openssl s_client -connect HOST:PORTNUMBER | sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ > /tmp/$SERVERNAME.cert [/code]

breaking down the command

[code]echo -n[/code]

send an end of line signal to openssl. This allows openssl (or rather the server it is trying to connect to) to disconnect the session

[code]openssl s_client -connect HOST:PORTNUMBER[/code]

asks openssl to act as a client and connect to the HOST on the specificed PORTNUMBER

[code]sed -ne ‘/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p’ [/code]

asks sed to take the input from openssl and only output the content between BEGIN CERTIFICATE and END CERTIFICATE.

NOTE: If you get an error like “SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message”, it means the server doesn’t support SSL negotation. Using the command option -no_tls1 helps work around this error. This option will tell openssl to disable TLS1 negotiation.

October 15, 2012 by HOWTO Technology Uncategorized Web 0

HOW TO : Compare two directories in Linux

Quick post on using diff to compare two directories in Linux. This will show the list of files and subdirectories that are different in either directories

[code]diff /PATH_TO_FIRST_DIRECTORY /PATH_TO_SECOND_DIRECTORY -r –brief  [/code]

Options used

  • r : Searched recursively through the directory
  • –brief : Only shows the names of the files that differ. If you want details of the content that differs, remove this option
September 11, 2012 by HOWTO Linux Uncategorized 2

HOW TO : grep for response codes in apache logs

If you want to grep for certain http response codes in a apache log file

  • Look for all access requests with a 200 response code[code] grep -i "[: ]200[: ]" HTTP_ACCESS_LOG [/code]
  • Look for all access requests that do NOT have a 200 response code[code] grep -i -v "[: ]200[: ]" HTTP_ACCESS_LOG [/code]

Details of the options

  • [code]"[: ]"[/code]

    tells grep to look for space or tab before the specified string, which in this case is 200.

September 5, 2012 by HOWTO Linux Uncategorized Web 0

HOW TO : Use Python to look for credit card numbers

Simple script in python to look for credit card numbers in a file.

[code]

#Importing modules
import re
import os

# Define variables
inputFile = ‘test.txt’
searchPattern = ‘((\D(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{11,12}\D)|(^(6011|5[1-5]\d{2}|4\d{3}|3\d{3})\d{11,12}\D))’

tempinputFile = open(inputFile)
tempLine = tempinputFile.readline()

while tempLine:
print ("LINE: " + tempLine)
foundContent = re.search(searchPattern,tempLine, re.IGNORECASE)
if foundContent:
print("FOUND: " + foundContent.group())
tempLine = tempinputFile.readline()

tempinputFile.close() [/code]

The script started out as a simple check for any 16 digit numbers that had a non numeric character on either end. But I tweaked it a little bit to look for credit card like numbers using the regex from http://www.regular-expressions.info/creditcard.html. Finally I added an option to match credit card like numbers if the numbers start at the beginning of the line (i.e there is no non-numeric number before the credit card number)

August 20, 2012 by HOWTO Programming security Uncategorized 0

HOW TO : Use word boundaries in Regular Expressions

If you are every looking to match strings as a whole word instead of literal strings using a regular express, Word Boundaries are your friend

For example if you are looking to match a string of 10 numbers in a log file, you can use

[code]grep -i ‘\b[0-9]\{10,\}\b’ –color -H -n FILE_NAME_TO_SEARCH [/code]

The \b is the option that tells grep to look for a word character.

More information about the option is available at http://www.regular-expressions.info/wordboundaries.html

July 30, 2012 by HOWTO Technology Uncategorized 0

HOW TO : Use screen to multitask

Want your terminal to look like this? 

In addition to the coolness, factor it also helps you do (monitor) multiple things at  a time. In this screenshot

  • I am checking the resource utilization on my web server
  • Tailing the web server logs to look for errors
  • have a small console for me to run any commands

You can achieve this by using the nifty screen utility. Screen allows you to multiplex between multiple consoles.  So you can open one terminal and have multiple consoles on it. The commands for using screen are a bit hard to get used to. Here are the shortcuts I used to achieve the screen above

  1. Install the screen package
  2. Create a new screen session by running[code] screen [/code]
  3. Add a new screen console by executing[code] ctrl + a [/code]

    [code]c[/code]

  4. Split the screen by executing[code]ctrl + a [/code]

    [code] Shift + s [/code]

  5. Name the different consoled by executing[code]ctrl + a[/code]

    [code]Shift + a[/code]

As you might have figured out by now, “ctrl + a” puts you into screen command mode. You can get a list of all available options by executing

[code]ctrl +a[/code]

 

[code]?[/code]

Here’s a quick reference guide that has more details http://aperiodic.net/screen/quick_reference 

Have fun multitasking 🙂

May 30, 2012 by HOWTO Linux Technology Uncategorized 2

Project PaaS : Day 2 on Google App Engine

It looks like I was able to accomplish writing the application that I wanted to on the App Engine in 2 days!!  at least in it’s basic form.  After some help from Google, I updated the application I created yesterday (http://samurai-apps.appspot.com/) to display the User Agent string being sent by the client.

The code has been updated to github at https://github.com/kudithipudi/google-app-engine/

Lessons from day 2?

  • Python doesn’t like tabs :). Always use spaces to ident. I was using Notepad++ as the editor and it automatically puts tabs when you hit enter. Why? Looks like that is the best practice according to this style guide (http://www.python.org/dev/peps/pep-0008/)
  • The “Logs” console in the SDK toolkit should be your best friend. It let’s you know if there is any error in your code and what line it believes the error is at.

Next, I will try to pretty it up a bit.

Isn’t it amazing that I was able to create a simple app in a matter of 2 days and host it on an “infinitely” scalable  platform without even taking our my credit card.

May 3, 2012 by HOWTO Programming Technology Uncategorized 0

HOW TO : Configure Jboss to not show backend server name when proxying https (ssl) traffic

Phew.. that was a long title :).  Was running into an issue with the setup shown in the picture below

When we try to access the web site using https, the html content being served back was showing the app server name as the reference, rather than the web site.

So in this example, let’s say the web address was kudithipudi.org and the app server was app-server-kudithipudi, the HTML content was showing https://app-server-kudithipudi:8080 as the source.

Here’s how, we fixed it.

Edit the server.xml file found in $JBOSS_HOME/server/$JBOSS_PROFILE/deploy/jboss-web.deployer and update the HTTPS connector to use the web address (kudithipudi.org) as the proxyName.

BEFORE

[code]<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="/opt/jboss/jboss-as/server/kudithipudi/conf/ssl/kudithipudi.keystore"
keystorePass="xxxxxx" />
[/code]

AFTER

[code]<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="250" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
proxyName="kudithipudi.org" proxyPort="443"
keystoreFile="/opt/jboss/jboss-as/server/kudithipudi/conf/ssl/kudithipudi.keystore"
keystorePass="xxxxxx" />

[/code]

April 30, 2012 by HOWTO Technology Uncategorized Web 0