:::: MENU ::::

Posts Categorized / Linux

  • Dec 21 / 2017
  • 0
Linux

Control services on Linux (systemV, systemd, initctl…)

On Linux, there’s many ways to control services that can run on your system. Here are the main and most known init systems that you can find on the common distros, depending on their version.

SystemV

That system is one of the oldest and one of the most common. Its init scripts are stored in /etc/init.d/

To list all the available services, you have to use that command:

service --status-all

To perform an action on one of those services, you will be using:

service PROCESS_NAME (start|stop|restart|status)

Upstart (initctl)

Upstart is a successor of SystemV scripts. It works asynchronously, and its scripts are stored in /etc/init/

To list all the available scripts, you have to use that command:

initctl list

To perform an action on one of those services, you will be using:

initctl (start|stop|restart|status) PROCESS_NAME

SystemD

Its name SystemD means System Daemon. It manages daemons that can be running on a system. It’s a successor of upstart and allows a more flexible management for the services. Init scripts are stored in /etc/systemd/system/

To list all the available scripts, you have to use that command:

systemctl --list-units
systemctl --list-unit-files

To perform an action on one of those services, you will be using:

systemctl PROCESS_NAME (start|stop|restart|status)

SupervisorD

Finally, SupervisorD is a supervisor focusing mainly on the applications more than the system. It allows management of applications execution and control their life like you could do with system services.

To display all the applications managed by supervisord:

supervisorctl status all

To control those processes, you will be using:

supervisorctl (start|stop|restart|status) PROCESS_NAME
  • Nov 21 / 2017
  • 0
Linux

Generate a CSR with openssl

Generate a CSR (Certificate Signing Request) on your server when you want to get a certificate from a certified provider is often a mandatory step, very easy to execute.

Here are the different steps to execute:

  1. Create a specific directory where you will put all your files
    mkdir sub.domain.com && cd sub.domain.com
  2. Generate a private key of 2048 bits
     openssl genrsa -out sub.domain.com.key 2048
  3. Now generate a CSR with openssl and with the private key you just generated
    openssl req -new -sha256 -key sub.domain.com.key -out sub.domain.com.csr

    Many information will be asked during the creation:

    Country Name (2 letter code) []: 
    State or Province Name (full name) []:
    Locality Name (eg, city) []:
    Organization Name (eg, company) []:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:
    Email Address []:
    A challenge password []:
    An optional company name []:
  4. You now have your CSR and your private key

It’s up to you to get your signed certificate from an official provider using those files.

  • Nov 02 / 2017
  • 0
Linux

Change or remove password expiration for linux user

It can happen that you’re getting that message when trying to connect to your linux server:

You are required to change your password immediately (password aged)
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user mylinuxuser.
(current) UNIX password:

The message is quite explicit and you need to update your password right now.

If you don’t want to update your password too many times, you can update the frequency of the expiration to 90 days for example:

chage -M 90 mylinuxuser

Or you can completely disable the expiration by pushing the max value for expiration date to 99999 days:

chage -m 0 -M 99999 -I -1 -E -1 mylinuxuser
  • Oct 18 / 2017
  • 0
Linux

Update CA trusted root certificates on Linux server

If you’re getting many “unstrusted issuer” alerts in your app logs, it might be due to some CA trusted certificates outdated.
To fix that, just perform an update:

For Ubuntu/Debian

update-ca-certificates

For CentOS/RedHat

update-ca-trust extract
  • Oct 04 / 2017
  • 0
Linux

Write multiple lines to file in bash (script)

If you need to push multiple lines to one file through a bash script, you can simply use that syntax:

cat > /etc/ntp.conf << _NTPconf_
  server 1.2.3.4
  server 5.6.7.8
_NTPconf_

Tip: Be aware that if you’re using indentation, last line should not be indented (this would lead you to some errors).

If you want to add line instead of overwriting file (like we did in the previous example), just replace the “>” with “>>” after cat command.

cat >> /etc/ntp.conf << _NTPconf_
  server 1.2.3.4
  server 5.6.7.8
_NTPconf_
  • Sep 09 / 2017
  • 0
Linux

Find IPs connecting to a postfix server through logs

There’s no easy way to list all the IPs connecting to your postfix server for sending mail. But you can easily extract them from all your postfix logs.

For our example, we will consider the logs from postfix to be as default and located in /var/log/maillog

Here is what a postfix log look like when a connection is received:

Sep  1 10:22:32 mail-server-01 postfix/smtpd[700]: connect from ha-lb-03[10.10.1.3]

For extracting exclusively the IPs, we will use a combination of commands:

$ grep " connect from " /var/log/maillog |cut -d '[' -f3 |cut -d ']' -f1 |sort -u
  • grep ” connect from ” /var/log/maillog will extract every lines containing a connection attempt
  • cut -d ‘[‘ -f3 |cut -d ‘]’ -f1 will extract the IP from the line (which is contained between [] )
  • sort -u will sort the output by unique values

Here is what we will get as a result once the command is executed (nothing will appear until it finished):

$ grep " connect from " /var/log/maillog |cut -d '[' -f3 |cut -d ']' -f1 |sort -u
10.10.1.1
10.10.1.2
10.10.1.3
10.20.4.4
10.20.4.8
10.250.250.250
127.0.0.1

You can obviously re-use this command for any log file that you want to filter out by updating the filtering.

Pages:1234567...14
Question ? Contact