Skip to main content

Posts

Showing posts from March, 2016

How to persistent settings via /etc/rc.local

#!/bin/sh -e## rc.local## This script is executed at the end of each multiuser runlevel.# Make sure that the script will "exit 0" on success or any other# value on error.## In order to enable or disable this script just change the execution# bits.## By default this script does nothing.exit0

Add settings/script before the exit 0 line.

IPSEC Configuration of strongswan

The main ipsec configuration file is located in /etc/strongswan.d/. We are going to edit it:vim /etc/strongswan.d/VPN.conf Place the following contents: # ipsec.conf - strongSwan IPsec configuration file config setup charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4" conn %default keyexchange=ikev2 ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024! esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes12…

How to Generate the Server Host key pair

Server Host keypair is for the server to authenticate itself to clients First the private key: ipsec pki --gen --type rsa --size 4096 --outform der > private/vpnHostKey.der chmod 600 private/vpnHostKey.der Generate the public key and use root ca to sign the public key: ipsec pki --pub --in private/vpnHostKey.der --type rsa | ipsec pki --issue --lifetime 888 --cacert cacerts/strongswanCert.der --cakey private/strongswanKey.der --dn "C=NL, O=Example Company, CN=vpn.i88.ca" --san vpn.i88.ca --san it.i88.ca --san 88.88.88.88 --san @88.88.88.88 --flag serverAuth --flag ikeIntermediate --outform der > certs/vpnHostCert.der The domain name or IP address of your server MUST be contained either in the subject Distinguished Name (CN) and/or in a subject Alternative Name (--san).  The built in Windows 7 VPN client needs the serverAuth extended key usage flag in your host certificate as shown above, or the client will refuse to connect. In addition, OS X 10.7.3 or older requires …

How to create a self singed root CA private key and certificate

Creating a self singed root CA private key:cd /etc/ipsec.d/ mkdir private mkdir cacerts mkdir certs mkdir p12 ipsec pki --gen --type rsa --size 4096 --outform der > private/strongswanKey.der chmod 600 private/strongswanKey.der Generate a self signed root CA certificate of that private key:ipsec pki --self --ca --lifetime 3650 --in private/strongswanKey.der --type rsa --dn "C=NL, O=Example Company, CN=strongSwan Root CA" --outform der > cacerts/strongswanCert.der You can view the certificate properties with the following command: ipsec pki --print --in cacerts/strongswanCert.der Example output: cert: X509subject: "C=NL, O=Example Company, CN=strongSwan Root CA"issuer: "C=NL, O=Example Company, CN=strongSwan Root CA"validity: not before Mar 31 19:51:50 2016, ok not after Mar 29 19:51:50 2026, ok (expires in 3649 days)serial: bd:84:de:fb:63:7e:84:f1flags: CA CRLSign self-signed authkeyId: ca:15:30:d4:d0:56:73:0a:da:ba:f1:71:…

How to install StrongSwan on Ubuntu

Step 1:
apt-get install strongswan strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-tls strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-ntru strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswa…

How to fix: "sudo: start: command not found"

It appears that Ubuntu switched to systemd as it's service framework in 15.04 instead of upstart. Before running the setup-keter.sh script on Ubuntu >= 15.04 you need to switch back to upstart by issuing the following command and then restarting: sudo apt-get install upstart-sysv Install the upstart-sysv package, which will remove ubuntu-standard and systemd-sysv (but should not remove anything else -- if it does, yell!), and run sudo update-initramfs -u. After that, grub's "Advanced options" menu will have a corresponding "Ubuntu, with Linux ... (systemd)" entry where you can do an one-time boot with systemd.

If you want to switch back to systemd, install the systemd-sysv and ubuntu-standard packages.

How to prevent SQL Injection in Java Code?

PreparedStatement is the way to go. PreparedStatement not only provides better performance but also shield from SQL Injection attack. If you are working more on Java EE or J2EE side, than you should also be familiar with other security issues including Session Fixation attack or Cross Site Scripting attack and how to resolve them.

JSF 2.x Expression Language (EL) Implicit Objects

facesContext: an instance of FacesContext. FacesContext contains all of the per-request state information related to the processing of a single JavaServer Faces request, and the rendering of the corresponding response.application: an instance of the ServletContext. A ServletContext instance provides access to the execution environment i.e. the servlet container.initParam: A Map of the initialization parameters of this web application.session: an instance of HttpSession.  A HttpSession can be used to bind objects, get  information about a session, such as the session identifier, creation time, and last accessed time. Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another view: The current UIViewRoot for this view. UIViewRoot is the UIComponent that represents the root of the UIComponent tree.component: The UIComponent instance being currently processed at the time of evaluation.cc:…

How to set EclipseLink Logging for GlassFish

Assuming you have a domain called domain1: Edit $GLASSFISH_HOME/glassfish/domains/domain1/config/logging.properties and add the following lines:org.eclipse.persistence.level = FINEorg.eclipse.persistence.sql.level = FINEThe first allows you to see SQL statements.  The second must be set in order for SQL parameters to be seen, but it is not sufficient on its own.In your META-INF/persistence.xml, add the following element as a child of the<properties> element:
<property name="eclipselink.logging.parameters" value="true"/>You can change the log level by the following too: asadmin set-log-levels org.eclipse.persistence.level = FINE asadmin set-log-levels org.eclipse.persistence.sql.level = FINE

Autotrack for analytics.js

Autotrack for analytics.js is a new solution to this problem. It attempts to leverage as many Google Analytics features as possible while requiring minimal manual implementation. It gives developers a foundation for tracking data relevant to today's modern web.
LEARN MORE

Google Analytics 360 Suite

Google Analytics 360 Suite is built for enterprise. It helps you better understand people, and how they behave, by giving you a better handle on all your marketing data. Get deep insights you can use to create more engaging experiences that are more meaningful to people and result in higher returns on all your marketing investments.

LEARN MORE

Nagios XI default mornitor port 5666 and 5667

For Nagios XI to monitor remote Linux servers on default port, we need
to open 5666 and 5667 in the to be monitored linux servers, for example:

vi /etc/sysconfig/iptables
-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport5666-s192.168.3.75-jACCEPT-ARH-Firewall-1-INPUT-mstate--stateNEW-mtcp-ptcp--dport5667-s192.168.3.75-jACCEPT 192.168.3.75 is your Nagios XI server

How to compare and find differences of table definitions between two MySQL databases

If you just need a report of the difference between two MySQL databases, use MySQL workbench.
While in MySQL Model mode, from the menu Database -> Compare Schemas..., you can compare by Model Schemata, script file or connect to the servers directly.


To generate a transformation report containing SQL statements for transforming the objects for conformity, you can use mysqldiff which is part of MySQL utilities.

Usage: mysqldiff --server1=user:[email protected]:port:socket --server2=user:[email protected]:port:socket db1.object1:db2.object1 db3:db4

For example, to generate the sql statement for transforming demo database into live database in the same server:

$ mysqldiff --server1=user:[email protected] demo:live --difftype=sql --force

The utility stops on the first occurrence of missing objects or when an object does not match. To override this behavior, specify the --force option to cause the utility to attempt to compare all objects listed as arguments.

demo is put before live, so the output is for …

Openswan has been the de-facto Virtual Private Network software for the Linux community since 2005

If you are running Fedora, Red Hat, Ubuntu, Debian, Gentoo, or many others, Openswan is already included in your distribution! Just start using it right away.

Openswan is an IPsec implementation for Linux. It has support for most of the extensions (RFC + IETF drafts) related to IPsec, including IKEv2, X.509 Digital Certificates, NAT Traversal, and many others.

Liquidweb Webmail Login

Webmail Login
The login page for your domain’s webmail interface can be reached at:

http://domain.com/webmail

(be sure to substitute your domain name for domain.com)

To use a port number, simply add a colon followed by the port number to the end of the domain name or hostname.

Webmail – 2096

AWS Certificate Manager is a service that lets you easily provision, manage, and deploy Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services

SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet. AWS Certificate Manager removes the time-consuming manual process of purchasing, uploading, and renewing SSL/TLS certificates. With AWS Certificate Manager, you can quickly request a certificate, deploy it on AWS resources such as Elastic Load Balancers or Amazon CloudFront distributions, and let AWS Certificate Manager handle certificate renewals. SSL/TLS certificates provisioned through AWS Certificate Manager are free. You pay only for the AWS resources you create to run your application.

Time / Date Diff function of MySQL

TIMESTAMPDIFF(unit,datetime_expr1,datetime_expr2) Returns datetime_expr2 − datetime_expr1, where datetime_expr1 and datetime_expr2 are date or datetime expressions. One expression may be a date and the other a datetime; a date value is treated as a datetime having the time part '00:00:00' where necessary. The unit for the result (an integer) is given by the unit argument. The legal values for unit are the same as those listed in the description of the TIMESTAMPADD() function. mysql> SELECT TIMESTAMPDIFF(MONTH,'2003-02-01','2003-05-01'); -> 3 mysql> SELECT TIMESTAMPDIFF(YEAR,'2002-05-01','2001-01-01'); -> -1 mysql> SELECT TIMESTAMPDIFF(MINUTE,'2003-02-01','2003-05-01 12:05:55'); -> 128885

Successful marketing

Successful marketing teams are masters of both marketing and technology. With an increasing demand for cross-functional collaboration and personalized experiences, marketers must leverage technology to address the growing number of segments, personalized messages, and communication channels. It's an exciting time to be a marketer, particularly because the shift towards technology-driven marketing is opening up the door to new personalities and roles within the marketing department.

Apache Usergrid is an open-source Backend-as-a-Service (“BaaS” or“mBaaS”) composed of an integrated distributed NoSQL database,application layer and client tier with SDKs for developers looking torapidly build web and/or mobile applications

Apache usergrid provides elementary services (user registration & management, data storage, file storage, queues) and retrieval features (full text search, geolocation search, joins) to power common app features.It is a multi-tenant system designed for deployment to public cloud environments (such as Amazon Web Services, Rackspace, etc.) or to run on traditional server infrastructures so that anyone can run their own private BaaS deployment. For architects and back-end teams, it aims to provide a distributed, easily extendable, operationally predictable and highly scalable solution. For front-end developers, it aims to simplify the development process by enabling them to rapidly build and operate mobile and web applications without requiring backend expertise.

Must know HTTP headers for JAX-RS performance

Must know HTTP headers
The following HTTP headers are important parts of the JAX-RS if you care about the performance. These are best referred from the official HTTP specification document
▪ Cache-Control
▪ Expires
▪ Last-Modified
▪ If-Modified-Since
▪ If-Unmodified-Since
▪ ETag
▪ If-None-Match

How to configure the Nginx reverse proxy on AWS Elastic Beanstalk

AWS Elastic Beanstalksimplify the process of configuring the Nginx reverse proxy that runs on the web tier. You can place annginx.conf file in the .ebextensions/nginx folder to override the Nginx configuration. You can also place configuration files in the .ebextensions/nginx/conf.d folder in order to have them included in the Nginx configuration provided by the platform.
.ebextensions/nginx/nginx.conf – Overrides the Nginx configuration for the platform..ebextensions/nginx/conf.d – Files are included in the Nginx configuration provided by the platform.  For more information, see Configuring the Reverse Proxy.

AWS Elastic Beanstalk simplifies the process of deploying and scaling web applications and services on AWS

AWS Elastic Beanstalk simplifies the process of deploying and scaling Java, .NET, PHP, Python, Ruby, Node.js, and Docker web applications and services on AWS. You simply upload your code and Elastic Beanstalk automatically handles the deployment, including capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access them at any time.

Data Visualisation with D3.js and Tableau

Data Visualisation:Among the most commonly mentioned tools for data visualisation are D3.js and Tableau. For D3.js, if you can imagine a data visualisation, a data scientist can achieve it using the software. Tableau is the most popular data visualisation tool out there at the moment allowing the compiling data from hundreds of inputs and then easily transforming the data into visualisations.

How to configure your Apache server to permit SSI (Server Side Includes)

Configuring your server to permit SSI To permit SSI on your server, you must have the following directive either in your httpd.conf file, or in a .htaccess file: Options +Includes This tells Apache that you want to permit files to be parsed for SSI directives. Note that most configurations contain multiple Options directives that can override each other. You will probably need to apply the Options to the specific directory where you want SSI enabled in order to assure that it gets evaluated last. Not just any file is parsed for SSI directives. You have to tell Apache which files should be parsed. There are two ways to do this. You can tell Apache to parse any file with a particular file extension, such as .shtml, with the following directives: AddType text/html .shtml
AddOutputFilter INCLUDES .shtml One disadvantage to this approach is that if you wanted to add SSI directives to an existing page, you would have to change the name of that page, and all links to that page, in order to give…

Apple pauses iOS 9.3 update for older iPads and iPhones

According to Apple: 
Updating some iOS devices (iPhone 5s and earlier and iPad Air and earlier) to iOS 9.3 can require entering the Apple ID and password used to set up the device in order to complete the software update. In some cases, if customers do not recall their password, their device will remain in an inactivated state until they can recover or reset their password. For these older devices, we have temporarily pulled back the update and will release an updated version of iOS 9.3 in the next few days that does not require this step."

How to try iOS beta

To try the free beta here. You'll be asked to provide your Apple ID and agree to a terms of service. From there, hit "enroll your iOS device" on the "Getting Started" section. Back up your current iOS data and then hit "Download profile", where you'll be prompted to install beta software. You have to do this part on an iOS device. Once you've done that, go to Settings > General > Software Update to try it.

Paypal SMS/Text keywords

PayPal: Text BAL: get balance. SEND: send money. STOP: stop alerts. 
Reply "ALL" for all text keywords.
Std msg & data rates may apply.

Google Cloud Vision API empowers applications to both see and understand images

Google Cloud Vision API has powerful features such as label/entity detection, optical character recognition, safe search detection, facial detection, landmark detection, and logo detection; the Cloud Vision API gives applications unprecedented ability to comprehend the situation within an image.From Microsoft, with its Project Oxford, to niche startups like Cognitec and Lambda Labs; image analysis is proving to be an attractive space as it appeals across industries from marketing to security. Google has taken a unique approach in that it offers various image analysis techniques from a single platform. Where many companies focus on a single feature Google will go to market with a single platform for all image analysis techniques and features.

How to fix: Jenkins not executing jobs (pending - waiting for next executor)

Go to Manage Jenking -> Configure System and increase the number of executor from 0 to 1.

Check the slave node configuration. "Usage" field should be "Utilize this slave as much as possible" instead of "Leave this machine for tied jobs only".

The Jenkins admin console can run, even with the Master node offline. This can happen when Jenkins runs out of disk space.

To confirm, do the following

go to Jenkins -> Manage Jenkins -> Manage Nodes
examine the "master" node to see if it is offline. It may be reporting that the master node is out of disk space.

How to add or change a SSH key passphrase

Why do I need a passphrase?
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of these are Very Bad Things.

This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.

How to avoid enter a long passphrase every time I use the key
Neither do I! Thankfully, there's a nifty little tool called ssh-agent that can securely save your passphrase, so you don't have to re-enter it. If you're on OS X Leopard or later your keys can be saved in the system's keychain to ma…

How to generate a new SSH key

Generating a new SSH key Open Terminal. Paste the text below, substituting in your GitHub email address. ssh-keygen -t rsa -b 4096 -C "[email protected]"# Creates a new ssh key, using the provided email as a labelGenerating public/private rsa key pair. When you're prompted to "Enter a file in which to save the key," press Enter. This accepts the default file location. Enter a file in which to save the key (/Users/you/.ssh/id_rsa): [Press enter] At the prompt, type a secure passphrase.  Enter passphrase (empty for no passphrase): [Type a passphrase]Enter same passphrase again: [Type passphrase again]