How to change the default SSH port

In this How-To article we’re going to walk you though changing the default SSH server listening port on a Linux system and security harden your host.

In this How-To article we’re going to walk you through changing the default SSH server listening port on a Linux system.

The Secure Shell (SSH) Protocol by default uses port 22. Accepting this value does not make your system insecure, nor will changing the port provide a significant variance in security. However, changing the default SSH server listening port will stop many automated attacks and a bit harder to guess which port SSH is accessible from. The attacker should execute a nmap like scan against your host to discover the port SSH service listens. So changing the default SSH port has no meaning on private networks, but maybe it’s useful and it’s a simple security hardening technique on public accessible hosts. Continue reading “How to change the default SSH port”

how to check if a perl module is allready installed

In this sort tutorial, I will present a simple and easy way to check if a module in perl is installed in your system.

All the work is done by using a simple command:

perl -MModule::Name -e "print \"Module installed.\\n\";"

so for example if I want to check if the Module Net::LDAP::Control::Persistent is installed I have to run this command

perl -MNet::LDAP::Control::PersistentSearch -e "print \"Module installed.\\n\";"

In case that this module is Installed the console will print

Module installed

In case that this module is not installed the console will print something like this:

Can't locate Net/LDAP/Control/PersistentSearch.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .).
BEGIN failed--compilation aborted.

Auto check and repair the MyISAM tables

The last two days a table of the database which is used by my blog had a crashed MyISAM table, and this prevented my blog to be accessible.

The corresponding log of MySQL server:

[ERROR] /usr/libexec/mysqld: Table './webplay_db/prefix_options' is marked as crashed and should be repaired.

I have no monitoring tool set for my vps yet (it’s on my to do list ūüėõ , to set nagios) so I realised that my blog is not up when I tried to visit it. That’s ¬†why a less time consuming action to solve this problem (than setting nagios) is to add a script in the crontab, ¬†to check and repair tables . An every hour check is ¬†good enough for this purpose:

/usr/bin/mysqlcheck --all-databases -uroot -ppassword -r

I hope a MyISAM table crash not being the reason for my blog's downtime anymore!

My first class on Coursera

It was three months ago since I decided to have a new experience with coursera. It was my first time on e-learning. I am a post-graduate student on Computer Engineering and Informatics Department of University of Patras (Greece). So I thought that an introduction class to a programming language wouldn’t be so tough. I have learned the basics of dozen programming languages. I was interested in learning python, and that was the chance for me. I choose the class: An Introduction to Interactive Programming in Python, more for python and less for the Interactive part. That was my fault, because it was my first experience in Interactive Programming and it was so cool!!! Python was just the starting tool. I completed successfully the class with a grade of 99.4%. Event driven programming combined with object driven and test driven programming was a very nice experience. Now I am going to have more classes, in order to widen my area of interests in Computer Science. Below is a screenshot of my Statement of Accomplishment. I recommend to any of you whatever level of your expertise to attend a class on coursera.
Coursera interactivepython 2013

Managing network on FreeBSD

FreeBSD administration is a little bit different from linux. At the moment I had only experience as a hobbyist. Now I have to prepare my self for more enterprise experience on this Operating System.

That was an a little introduction about why I am going to post some freebsd relative articles.

Lets get into the issue of the article.

In order to restart network you have to run the following command:

service netif restart

This is not going to change routing tables produced before.
If you want to reproduce the routing tables you have to the following command:

service routing restart

And now if you want to do it in a simple command:

service netif restart && service routing restart

That was about services!

Now let’s see how you can manage interfaces.

the old time classic method to see the status of all interfaces:

ifconfig -a

to list the down network interfaces:

ifconfig -d

to list the up network interfaces:

ifconfig -u

to stop a network interface:

ifconfig network-interface down

to start a network interface:

ifconfig network-interface up

Now let’s see how to view the routing table:

netstat -rn

One of my future posts will be about disabling ipv6 networking.

set locale terminal settings on Mac OS X

One of my first experiences with Mac OS, was the locale errors and warnings when using ssh connections. Then I understood, that this was a problem occurred by mac os terminal. Locale settings by default are accepted from ssh client.

Then I run:

$locale

and the output was:

LANG=
LC_COLLATE="C"
LC_CTYPE="C"
LC_MESSAGES="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_ALL=

I then edited /etc/profile and added these two lines:

export LC_ALL=en_US.UTF-8  
export LANG=en_US.UTF-8

Then I opened a new terminal session and run:

$locale

and the output was:

LANG="en_US.UTF-8"  
LC_COLLATE="en_US.UTF-8"  
LC_CTYPE="en_US.UTF-8"  
LC_MESSAGES="en_US.UTF-8"  
LC_MONETARY="en_US.UTF-8"  
LC_NUMERIC="en_US.UTF-8"  
LC_TIME="en_US.UTF-8"  
LC_ALL="en_US.UTF-8"

After these committing these changes, I transfer my locale settings to my ssh connections and all problems solved.

freeBSD – make install clean accept default config or configure all at start

I am new to the freeBSD world. I am trying to figure out how to do things like install some packages. I was not familiar with ports at all. All my experience is around linux repositories.

So firstly, i tried to figure out how to find available packages to install, and thus I discovered whereis command:

whereis apache*

and the output is:

# whereis apache*
apache-forrest: /usr/ports/www/apache-forrest
apache-mode.el: /usr/ports/www/apache-mode.el
apache22: /usr/ports/www/apache22
apache22-event-mpm: /usr/ports/www/apache22-event-mpm
apache22-itk-mpm: /usr/ports/www/apache22-itk-mpm
apache22-peruser-mpm: /usr/ports/www/apache22-peruser-mpm
apache22-worker-mpm: /usr/ports/www/apache22-worker-mpm
apache24: /usr/ports/www/apache24

after choosing the package I want to install, I go to it’s port directory. For example to install apache2.4 I have to go to :

cd /usr/ports/www/apache24

and then I have to compile and install this package by executing:

make install clean

Now the problem sometimes is that most of the packages have configuration options in which, I have to manually choose the options. So if I install packageA with a lot of dependencies, those dependencies may have each a configuration option in which I have to make selections. There are a lot of interruptions, in the installing procedure. I need to be over the terminal and waiting for an interruption. This is time consuming and not productive at all.

So my first thought was to find a way to install packages with the default configuration options. I found this one:

make -DBATCH install clean

 

Then as a System Administrator, I thought that’s not my case, it’s a common usage case, but I need to know and configure some things. So I found how to make all the configurations needed recursively and then install the package:

make config-recursive
make install clean

You have to run make config-recursive as many times as needed to configure all dependencies. You have to do this, until all dependent ports options have been defined, and ports options dialog(1) screens no longer appear, to be certain all ports options have been configured as intended.

 

In order you want to reconfigure the package(s) you want to compile, then you have to run:

make rmconfig-recursive

I hope you find this post helpfull. As I go deeper with freeBSD, I like it more.

Source: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports-using.html

 

See how nfs client is connected to nfs server

Find out the configuration with which the nfs client is connected to the nfs server.

 

Bouncing my head to my keyboard while trying to find out where is the bottleneck on an nfs client-server relationship, I found out how to see the configuration with which the nfs client is connect to the server:

 

nfsstat -m

 

And the output is:

/nfsshare from nexenta.nfs-servers.example.com:/volumes/datastore/dataset/
 Flags: rw,relatime,vers=4,rsize=32768,wsize=32768,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.2.21,minorversion=0,local_lock=none,addr=10.0.2.245

 

Knowing exactly how the client is connected to the server, you can find more easily where the problem is.

 

Using the nfsstat -m command, you get the information about all nfs mounts. The -m switch is present on centOS, but abscent on FreeBSD, in which I do also performance tests.

 

You can also find all this information and also all the information about all mounts ( not only nfs mounts) if you execute:

 

cat /proc/mounts

 

I am trying to get this info on FreeBSD,  if everyone knows everything about this, please post a comment. I also asked a question at http://unix.stackexchange.com/questions/91594/nfs-mount-properties-options-in-freebsd to help me find the solution.

Mac OS Keyboard Shortcuts

My first bad experience using my new Macbook Air, was mainly because the new shortcut learning and discovering curve.

File Handling Shortcuts

The first thing I googled for was cut, cut for files! Hehe, apple got an orange for me. There is no cut logic in Mac OS X. Macintosh uses the copy function, and then the move to function.

  • Copy – Paste = Command+C – Command+V
  • Copy – Move ( or Windows friends Cut -Paste) = Command+C – Command+Option+V

Text Navigation Shortcuts

  • Jump to the beginning of a line = Command+Left Arrow
  • Jump to the end of a line = Command+Right Arrow
  • Jump to the beginning of current word = Option+Right Left
  • Jump to the end of current word = Option+Right Arrow
  • Jump to the beginning of all text = Command+Up Arrow
  • Jump to the end of all text = Command+Down Arrow

Text Selection Shortcuts

  • Select text to the beginning of a line = Shift+Command+Left Arrow
  • Select text¬†to the end of a line = Shift+Command+Right Arrow
  • Select¬†text¬†to the beginning of current word = Shift+Option+Right Left
  • Select¬†text¬†to the end of current word = Shift+Option+Right Arrow
  • Select¬†text¬†to the beginning of all text = Shift+Command+Up Arrow
  • Select¬†text¬†to the end of all text = Shift+Command+Down Arrow

Document Navigation

  • Page up = fn+Up Arrow
  • Page down = fn+Down Arrow
  • First Page (Home) = fn+Left Arrow
  • Last Page (End) = fn+Right Arrow

FQDN – Fully Qualified Domain Name

What is exactly the meaning of the term Fully Qualified Domain Name (FQDN). I was thinking that www.webplay.pro is a FQDN for example. While reading the great book Pro DNS and BIND 10 By Ron Aitchison I found out that technically an FQDN unambiguously defines a domain name to the root and therefore must terminate with the normally silent dot.

So the valid FQDN for www.webplay.pro domain is:

www.webplay.pro.