Dinesh

Tuesday, June 11, 2013

Apache + SSL

Prerequisite: OpenSSL should be installed.

1) Enable SSL Module
root@otc-desktop:/etc/apache2# sudo a2enmod ssl

Module ssl installed; run /etc/init.d/apache2 force-reload to enable.

2) Restart Web Server.
root@otc6:/# /etc/init.d/apache2 stop

Stopping web server apache2 [ OK ]

root@otc6:/# /etc/init.d/apache2 start

Starting web server apache2 [ OK ]

3)Generate a Self Signed Key

root@otc-desktop:/etc/apache2# openssl genrsa -des3 -out server.key 1024
or
openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 1024 bit long modulus

.++++++

..........++++++

e is 65537 (0x10001)

Enter pass phrase for server.key: <keygiven>

Verifying - Enter pass phrase for server.key:<keygiven>

root@otc-desktop:/etc/apache2# openssl rsa -in server.key -out server.key.insecure

Enter pass phrase for server.key:<keygiven>

writing RSA key

root@otc-desktop:/etc/apache2# openssl req -new -key server.key.insecure -out server.csr
or
openssl req -new -nodes -sha256 -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:IN

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company) [Internet Widgits Pty Ltd]:

Organizational Unit Name (eg, section) []:

Common Name (eg, YOUR name) []:

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

root@otc-desktop:/etc/apache2# openssl req -in arunachaltp.csr -noout -text

root@otc-desktop:/etc/apache2# openssl x509 -req -days 365 -in server.csr -signkey server.key.insecure -out server.crt

Signature ok

subject=/C=IN/ST=Tamilnadu/L=Chennai/O=NIC/OU=OTC/CN=localhost

Getting Private key

root@otc-desktop:/etc/apache2# cp server.crt /etc/ssl/certs

root@otc-desktop:/etc/apache2# cp server.key.insecure /etc/ssl/private

4) In /etc/apache2/sites-available/default, add the following lines below Document Root.

SSLEngine on

SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire

SSLCertificateFile /etc/ssl/certs/server.crt

SSLCertificateKeyFile /etc/ssl/private/server.key.insecure

In /etc/apache2/ports.conf, add the following lines if not available,

Listen 443

</IfModule>

5) Restart Apache server.

Wednesday, November 7, 2012

Trac 1.0

To modify the order of fields in Trac :

--- a/trunk/trac/usr-share-pyshared-trac-ticket-templates-ticket.html
+++ b/trunk/trac/usr-share-pyshared-trac-ticket-templates-ticket.html
@@ -266,5 +266,7 @@
                   </tr>
                 </py:if>
-                <tr py:for="row in group(fields, 2, lambda f: f.type != 'textarea')"
+
+                <!--! Do not show Remaining or Owner field when creating a ticket. -->
+                <tr py:for="row in group(filter(lambda f: ticket.exists or f.name != 'owner' and f.name != 'estimatedhours',fields), 2, lambda f: f.type != 'textarea')"
                     py:if="can_modify or can_create"
                     py:with="fullrow = len(row) == 1">

This code works fine in ticket create. but has problem when editing.

Tuesday, July 10, 2012

Enabling MSSQL in Ubuntu 8.04 and 10.04

There is no library for MS-SQL in Ubuntu PHP package. To enable support install php5-sysbase. The following command will install generic support for MSSQL (based on sybase):

aptitude install php5-sybase

mssql_init () and some other mssql functions are not working in the above package, so install MDB@ driver also :

pear install --nodeps MDB2_Driver_mssql

Friday, July 8, 2011

Harden UR OS

1) User accounts should be provided limited priviledges and strengthen ur Passwords.

2) Use security softwares such as AppArmor, SELinux and Iptables (Ubuntu 8.04 default installation already hardened by AppArmor package. You need to sepeartly install and configure SE Linux and IP Tables
# sudo apt-get install SELinux
# sudo apt-get install Iptables

3) Always mount system files and user files on seperate partition. So that, even if anyone partition corrupted, you can retrive the other.

4) Stop Unnecessary services and Ports

5) Provide limitations on using external devices, drives.,

Integrate Apache and Tomcat

This integration is to provide more security on hosting.

Install Apache2.2, Tomcat5.5 and libapache2-mod-jk 1:1.2.25-2

root # apt-get install apache2 tomcat5.5

root # apt-get install libapache2-mod-jk

Enable jk module in apache if not enabled.

root # a2enmod jk

Restart Apache

root # /etc/init.d/apache2 stop

root # /etc/init.d/apache2 start

Create/Edit jk.conf file in /etc/apache2/mods-available to contain the following contents and create a soft link from apache2/mods-enabled

JkWorkersFile /etc/apache2/workers.properties

JkLogFile /var/log/apache2/mod_jk.log

JkLogLevel debug

JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

JkRequestLogFormat "%w %V %T"

</IfModule>

Create a file workers.properties in /etc/apache2/ with contents,

workers.tomcat_home=/etc/tomcat-5.5/ # Tomcat Installation Directory

workers.java_home=/usr/lib/jvm/java-6-sun-1.6.0.07/ # Java Installation Directory

ps=/

# Worker properties

worker.list=ajp13 # This name should be given in the JkMount

worker.default.port=8009

worker.default.host=localhost

worker.default.type=ajp13

worker.default.lbfactor=1

In /etc/apache2/sites-available/default, add the following at the end of the file.
<VirtualHost *>

ServerName test.otc.nic.in

DocumentRoot /usr/share/tomcat5.5-webapps/ROOT

ErrorLog /var/log/apache2/error.log

Alias / "/usr/share/tomcat5.5-webapps/ROOT"

Options Indexes +FollowSymLinks

</Directory>

JkMount /* ajp13

</VirtualHost>

Restart Apache

root # /etc/init.d/apache2 stop

root # /etc/init.d/apache2 start