Wednesday, March 22, 2017


 Problem: You get this error message "chcon: can't apply partial context to unlabelled file '<file_name>'" when running "chcon -Rt svirt_sandbox_file_t <file_name>
One of a obvious reason but often been ignored, check is SELinux enabled or disabled. You will get the error message if SELinux is disabled.

 Hope it will save you some time.
Posted by at No comments:
Labels: , , ,

Friday, January 13, 2017

Linux on PCI DSS Requirement mapping



Linux and Malware

PCI DSS section 5.1 describes the need for an anti-virus solution. This subject is definitely controversial for Linux administrators(AV on Linux, you got to be kidding me), as viruses on Linux-based systems are rare. Still, the platform is not fully resistant to different forms of malware and the related threats. So depending on the particular goal of a system, one or multiple tools can be a good fit.

Open Source Tools



Shell

The shell is definitely one of the most common parts for Linux administrators. Like personal preferences, there are multiple shells available for Linux systems. First step is to ensure that all shells are accounted for. Determine which ones are installed and via /etc/shells which ones are allowed.

Session Timeout in Linux shells

Depending on the shells available on the system, a timeout should be configured with the appropriate value. PCI section 8.1.8 (session idle timeout) mandates that after 15 minutes, or 900 seconds, an idle session is being terminated.
One of the files to arrange this is /etc/profile. By using typeset together with the TMOUT variable, we can determine this idle session time, resulting in automatically logging out the user.
typeset -r TMOUT=900

Inactive accounts

Unused or inactive accounts on the system might be an unneeded security risk. This kind of accounts usually exists because there was a one-time need to log in, or simply forgotten after an employee left the company. PCI describes in section 8.1.4 that accounts older than 90 days and are unused, should be removed.
To determine the last time a user logged in, the last command can be used. Information is stored in /var/log/wtmp or rotated files like /var/log/wtmp.1.

Posted by at No comments:

Friday, December 30, 2016

Docker FAQ

Problem

You tried to delete an image but received the following error message
[root@centos7 docker]# docker rmi d0b4a01f1562
Error response from daemon: conflict: unable to delete d0b4a01f1562 (must be forced) - image is being used by stopped container 98f6a5df3226

Solution

Run the following command to list container with exited state
[root@centos7 docker]# docker ps --filter "status=exited"
CONTAINER ID        IMAGE                                                          COMMAND                  CREATED             STATUS                      PORTS               NAMES
979e2873a16e        96f5373b33b7                                                   "/bin/sh -c '$JBOSS_H"   2 hours ago         Exited (127) 2 hours ago                        evil_fermi
e1c5ce9a8b9c        ef5a0201b5c2                                                   "/bin/sh -c 'yum -y u"   2 hours ago         Exited (126) 2 hours ago                        boring_swanson
98f6a5df3226        d0b4a01f1562                                                   "/bin/sh -c 'unzip /t"   2 hours ago         Exited (127) 2 hours ago                        desperate_knuth
62db7be0cc59        7a69c0ca54ef                                                   "/bin/sh -c 'subscrip"   2 hours ago         Exited (1) 2 hours ago                          naughty_carson
be10ff34189d        7a69c0ca54ef                                                   "/bin/sh -c 'subscrip"   2 hours ago         Exited (1) 2 hours ago                          cocky_pare
65fd609bd328        7a69c0ca54ef                                                   "/bin/sh -c 'subscrip"   3 hours ago         Exited (1) 3 hours ago                          suspicious_aryabhata
4793dd8fc355        e1e33a64e1f2                                                   "/bin/sh -c 'apt-get "   20 hours ago        Exited (127) 20 hours ago                       compassionate_hawking
4c810163a0eb        registry.access.redhat.com/rhel7.3                             "/bin/bash"              22 hours ago        Exited (1) 21 hours ago                         loving_mayer
cd6bf1b1b154        395d9b3d55fe                                                   "/bin/sh -c 'subscrip"   22 hours ago        Exited (1) 22 hours ago                         tender_gates
7badf972bc09        395d9b3d55fe                                                   "/bin/sh -c 'subscrip"   22 hours ago        Exited (1) 22 hours ago                         amazing_liskov
790495e566fb        395d9b3d55fe                                                   "/bin/sh -c 'subscrip"   22 hours ago        Exited (1) 22 hours ago                         furious_hopper
f7c1b9defc7c        registry.access.redhat.com/rhel7.3                             "/bin/bash"              
92de70df12f0        395d9b3d55fe                                                   "/bin/sh -c 'apt-get "   22 hours ago        Exited (127) 22 hours ago                       zen_jepsen
fe6e743a0ed0        395d9b3d55fe                                                   "/bin/sh -c 'yum upda"   23 hours ago        Exited (1) 23 hours ago                         gigantic_agnesi
c00625480570        98776dd34e6d                                                   "/bin/sh -c 'yum upda"   23 hours ago        Exited (1) 23 hours ago                         gloomy_shannon
02f74106ed39        registry.access.redhat.com/rhel7.3                             "/bin/bash"              23 hours ago        Exited (127) 23 hours ago                       stupefied_gates
d658f7182fcc        e8e3aaf82af5                                                   "/bin/bash"              23 hours ago        Exited (0) 23 hours ago                         adoring_feynman

 You can delete list of exited container with following commands
docker ps --filter "status=exited" | grep '2 hours ago' | awk '{print $1}' | xargs --no-run-if-empty docker rm
Take note take that condition will also delete container with x2hours ago status.



Posted by at No comments:
Labels:

Monday, May 30, 2016

iPhone - How To Enable/Disable SIM PIN



1. From Home screen, navigate to Setting -> Phone and SIM PIN.











2. Tap on the SIM PIN switch to turn on(in green) or turn off(dimmed)
3. Enter SIM PIN for verification. Most of the time, default password would be 0123 or 1234. I do suggest you to get in touch with your telco should you need confirmation else SIM card will be locked after 5 password failure attempts.
Posted by at No comments:
Labels: ,

Tuesday, April 5, 2016

Install Apache HTTPD 2.4 on centOS 6


Follow steps below:-

# 1. Install a package with repository for your system:
# On CentOS, install package centos-release-scl available in CentOS repository:
$ sudo yum install centos-release-scl

# On RHEL, enable RHSCL repository for you system:
$ sudo yum-config-manager --enable rhel-server-rhscl-7-rpms



[root@ip-10-129-10-192 yum.repos.d]# sudo yum install centos-release-scl



Loaded plugins: fastestmirror, presto



Setting up Install Process



Loading mirror speeds from cached hostfile



 * base: download.nus.edu.sg



 * epel: mirror.wanxp.id



 * extras: download.nus.edu.sg



 * remi: mirrors.thzhost.com



 * remi-safe: mirrors.thzhost.com



 * updates: download.nus.edu.sg



Resolving Dependencies



--> Running transaction check



---> Package centos-release-scl.noarch 10:6-6.el6.centos will be installed



--> Processing Dependency: centos-release-scl-rh for package: 10:centos-release-scl-6-6.el6.centos.noarch



--> Running transaction check



---> Package centos-release-scl-rh.noarch 0:2-1.el6.centos will be installed



--> Finished Dependency Resolution



# 2. Install the collection:
$ sudo yum install httpd24













[root@ip-10-129-10-192 yum.repos.d]# sudo yum install httpd24



Loaded plugins: fastestmirror, presto



Setting up Install Process



Loading mirror speeds from cached hostfile



 * base: download.nus.edu.sg



 * epel: mirror.smartmedia.net.id



 * extras: download.nus.edu.sg



 * remi: mirrors.thzhost.com



 * remi-safe: mirrors.thzhost.com



 * updates: download.nus.edu.sg



centos-sclo-rh                                                                                         | 2.9 kB     00:00     



centos-sclo-rh/primary_db                                                                              | 1.2 MB     00:03     



centos-sclo-sclo                                                                                       | 2.9 kB     00:00     



centos-sclo-sclo/primary_db                                                                            |  59 kB     00:00     



Resolving Dependencies



--> Running transaction check



---> Package httpd24.x86_64 0:1.1-5.el6 will be installed


# 3. Start using the software collection:
$ scl enable httpd24 bash
Conf file path - /opt/rh/httpd24/root/etc/conf
Web Code path - /opt/rh/httpd24/root/var/www/html
Posted by at No comments:
Labels: ,

Tuesday, June 30, 2015

Laravel - Gotcha


Laravel composer update error:-
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

   Problem 1
    - laravel/framework v5.0.9 requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system.

 Solution:-
On Ubuntu 14.04, the error message still shown even after installing the php5-mcrypt. The problem is that the package doesn't create a link for the php5 CLI (used by composer/artisan), so the correct thing to do is to run the following commands:
  1. cd /etc/php5/cli/conf.d
  2. sudo ln -s ../../mods-available/mcrypt.ini 20-mcrypt.ini
  3. reload apache
Posted by at No comments:
Labels: , ,

Wednesday, June 10, 2015

Magento Gotcha

Customer login doesn't work

The answer is that your theme does not supply a variable called form_key.
Just as stated above I have to add:
<input type="hidden" name="form_key" value="<?php echo Mage::getSingleton('core/session')->getFormKey(); ?>" />
you add it right after <ul class="form-list">
to each one of my login.phtml files for the theme.
You may also have problems with update quantity of cart items
Take a look at http://iamvikram.com/magento-form-keys-in-version-1-8/ for more information
Here is the importance of form_keys:
Since the beginning of time, Magento's backend contained a form key that protected against XSS attacks [1]. With Magento 1.8 the form key has entered the frontend for pretty much the same reason: to protect against form submission from another website, using your browser. a malicious attacker can add stuff to your cart while you're in a different browser tab or even complete an order for you. This relies on predictable URLs, because the site will not have access to the actual HTML content in the browser tab where you have your Magento order waiting. Everything sent to the Magento store will however submit your cookies and thus use your session.
By adding a unique key to each form or to each link that generates an action on the server, the URL or form content becomes no longer predictable. The form key is stored in the session data and validated upon submission to the server. If they don't match, you get a form key error and the action is not completed.
Source: http://magento.stackexchange.com/questions/31933/customer-login-doesnt-work-in-1-9

======================================================================
"Your web server is configured incorrectly. As a result, configuration files with sensitive information are accessible from the outside. Please contact your hosting provider." message on dashboard

The message prompt you that your www.domain.com/app/etc/local.xml, which store DB string, is exposed to public. 
Mostly likely that AllowOverride option is not set to All on Apache/Nginx conf file, hence .htaccess rule on web root couldn't take effect.

=====================================================================

 Magento place order button not responding

It could be your info.phtml in your theme file not compatible with Magento version installed.

Solution: replace theme checkout info.html file with default info.html
i.e. cp ./app/design/frontend/base/default/template/checkout/onepage/review/info.phtml ./app/design/frontend/THEME/default/template/checkout/onepage/review/info.phtml 
=====================================================================

 Magento plugin file turned into directory

You received plugin file from software developer, and applied to via connect manager. You see installation success message.
After log out and re-login, new sub-section you expected to see in Configuration module is not there. Upon check web code, you found out that some new add file are added as folder instead of file. i.e. *.php

Solution: double check your plugin file, make sure it's .tgz file and not tgz.gz file. If it's tgz.gz file, try decompress it by running gunzip -d filename.tgz.gz.
Manual delete files added and re-install the plugin again.












Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)