Category Archives: UNIX Like

superb


Superb !!.. it’s just that

Advertisements

The Power of Dos2Unix

Sudah menjadi hal yang lumrah jika terjadi masalah saat migrasi dari Windows ke Linux. Mulai dari ketidak familiar-an dengan aplikasi yang digunakan ( jangan panik, kamu bisa melihat alternative project GNU/ linux disini : https://www.linuxalt.com/ ) atau bahkan berkas yang inkompatibel saat akan diolah dari environment Windows ke GNU/ Linux.

Lagi-lagi jangan panik karena Linux selalu memberikan alternatif lewat komunitas-nya yg free. Sebagai contoh, jika kamu akan mengolah sebuah data dari berkas hasil ‘olahan’ di lingkungan Windows dan mengalami kendala saat pemrosesannya di web aplikasi kamu, coba gunakan langkah berikut untuk identifikasi dan penyesuaian.

~# cat -A <files> # Use this concatenation to show all hiden characters
~# dos2unix <files>

Maka secara singkat berkas kamu tidak akan mengalami kendala lagi untuk kemudian diolah lebih lanjut.

Encrypt and Decrypt in Kleopatra

Encrypt and Decrypt in KleopatraSalah satu tools enkripsi yang paling mudah digunakan (easy to use) ialah dengan GPG (GNU Privacy Guard) – Kleopatra di Linux atau GPG4win jika kamu menggunakan windows. Untuk konsepnya sendiri tidak berbeda, yakni ada phase generate private key dan public key. Tentunya phase ini dilakukan setelah kita membuat sebuah pasangan kunci OpenPGP (a personal OpenPGP Key Pair). Berikut langkahnya secara garis besar  :

  1. Jalankan kleopatra di linux ( ~# kleopatra) dan masuk ke tab menu file new key pair -> create a personal OpenPGP key pair -> Enter Details like Name & Email, in advance settings setup RSA level into the highest one (4096bits) -> Create -> Enter Passphrase, Repeat then quality will show you how good and secure your passphrase -> If anything didn’t show error or mistake, key pair will be successfully created and finish.
  2. Jika point 1 berhasil dengan baik, kita bisa melakukan export public key dari key pair atau certificate yang telah terbentuk sebelumnya. Nantinya kunci publik ini lah yang di shared  ke vendor/ client. Lakukan dengan langkah berikut : Klik kanan certificate -> Export Certificates -> Browse where you want to save it -> save. Nanti akan tercipta file random character dengan format .asc atau ASCII. Format ini salah satunya agar lebih user friendly saat di attach ketika di share.
  3. Berikutnya kita export private key dengan cara yang sama mudahnya seperti point 2. Berkas private key ini boleh di share  untuk decrypted bersama kunci publik jika saat dokumen di encrypt tidak disertakan atau di konfigurasi permissionnya untuk spesifik user (encrypt for me only atau encrypt for others). Klik kanan certificate -> Export Secret Keys -> Browse where you want to save it -> save. Jangan lupa enable format ascii armor ( .asc ) nya.
  4. Pada tahap import public key, bisa dilakukan dengan klik kanan pada tray icon kleopatra -> clipboard -> certificate import. Langkah ini bisa dilakukan oleh client/ vendor yang telah menerima kunci publik dari server sebagai kunci dekripsi berkas yang nantinya akan dikirim.
  5. Untuk tahap enkripsi, bisa dengan 2 cara. Yakni menyalin seluruh isi dokumen kemudian klik kanan pada tray icon kleopatra -> clipboard -> Encrypt atau klik menu file pada aplikasi -> Sign/ Encrypt. Set kebutuhan enkripsi ini apakah di encrypt untuk pribadi atau untuk certificate/ user lain.
    Encrypt and Decrypt in Kleopatra Encrypt and Decrypt in Kleopatra
  6. Untuk decrypted , klik menu file pada aplikasi -> Decrypt/ Verify.
    Encrypt and Decrypt in KleopatraEncrypt and Decrypt in Kleopatra


Note : 
Untuk integrasi OpenPGP ke email, kita bisa menggunakan Enigmail

Extends Storage – Performing an online resize

RedhatThis is a dangerous & thrilling step because we do it on production server directly. I presumed you have read the following posts : LVM Subject  so we are focusing on How to Extends our Linux Storage – Performing an online resize (on the fly). It means without disturbing our traffic or other realtime activities.

STEP 1 : Check logical volume information after check filesystems disk space to ensure  which partition that we have to extends.
#####################################
root@svr-2:~# lvs
File descriptor 3 (pipe:[1244115786]) leaked on lvs invocation. Parent PID 16940: -bash
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
root ubuntu -wi-ao 398.75g
swap_1 ubuntu -wi-ao 1.00g

STEP 2 : Get the information about newly added hard drive using fdisk -l command
#####################################
Disk /dev/sdd: 214.7 GB, 214748364800 bytes
255 heads, 63 sectors/track, 26108 cylinders, total 419430400 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/sdd doesn’t contain a valid partition table

STEP 3 : Continue to create the partition on the newly added harddrive, type n , p (primary), 1 (partition number), t (filesystems type), 8e (for Linux LVM), w (write changes), then the partition table will be altered
#####################################
root@svr-2:/# fdisk /dev/sdd
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x3d67c672.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won’t be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

STEP 4 : identify the already mounted lvm filesystems type (ext4 will be global filesystems we used)
#####################################
root@svr-2:/# df -T
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/mapper/ubuntu-root ext4 412097132 316081888 75145552 81% /
udev devtmpfs 8208612 4 8208608 1% /dev
tmpfs tmpfs 1643540 300 1643240 1% /run
none tmpfs 5120 0 5120 0% /run/lock
none tmpfs 8217700 0 8217700 0% /run/shm
/dev/sda1 ext2 233191 27519 193231 13% /boot

Continue reading

Tips and Tricks AWK – Sed (Stream editor)

One day, we want to remove specific line or row from our files such as .txt, .csv, or even it has come from .sql files. Just using these params :
~# sed -e ‘5,10d;12d’ <your_files> #delete lines 5 through 10 and 12 temporarily ( options -e or permanently with -i )
In another case of awk, we want to parse data or word between delimiter of double quote which is containing two commas like : “hary”,”hary,harysmatta”,”nda”
Just use these params. Simply the best :

awk -vFPAT='([^,]*)|(“[^”]+”)’ -vOFS=, ‘{print $2}’

SSLS Procedure

In order to utilize the service from ssls for their certificate, first you have to make sure that the order status is in progress. It means that domain type, either you have order single or multiple domain are ready to use.
Next you have to choose activation method for domain. Manually upload by putting of comodo activation file *.txt to <DOCUMENT_ROOT>/.well-known/pki-validation/ then access it.
OR you contact the support to activated by email. They will sent you archive as requirement ssl like these : AddTrustExternalCARoot.crt , COMODORSAAddTrustCA.crt , COMODORSADomainValidationSecureServerCA.crt , and STAR_<domain_name>.crt .

Next just put it on these web service config :
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/<domain_directory>/STAR_<domain_name>.crt
SSLCertificateKeyFile /etc/apache2/ssl/<domain_directory>/<domain_name>.key
SSLProtocol All -SSLv2 -SSLv3

But do not forget to initiate <domain_name>.key first with these params:
openssl genrsa -des3 -out myupointid.key 2048
And generate first *.csr code on your server with this params:
openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr <==== put it on SSLS.com dashboard activation

Done

 

Noted :

Create a self-signed (wildcard) SSL certificate

mkdir /usr/share/ssl/certs/hostname.domain.com
cd /usr/share/ssl/certs/hostname.domain.com
(umask 077 && touch host.key host.cert host.info host.pem)
openssl genrsa 2048 > host.key
openssl req -new -x509 -nodes -sha1 -days 3650 -key host.key > host.cert
…[enter *.domain.com for the Common Name]…
openssl x509 -noout -fingerprint -text < host.cert > host.info
cat host.cert host.key > host.pem
chmod 400 host.key host.pem

Create a self-signed (wildcard) SSL certificate
1) If you received and uploaded the intermediate and root certificates separately, please use this method:

cat your_domain.crt intermediate.crt root.crt >> ssl-bundle.crt

For example, this particular command is applicable for PositiveSSL certificate:

cat example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> ssl-bundle.crt

2) If you received the intermediate certificates in one bundle file or downloaded the certificate files in your account with us, you can use this command:

cat example_com.crt bundle.crt >> ssl-bundle.crt

Check Domain Issue on Nagios – Solved

If we got result like these lines :
/usr/local/nagios/libexec# /usr/local/nagios/libexec/check_domain -d <blabla>.id
UNKNOWN – WHOIS exited with error <whatever number 😀 >

do not waste your time to add following codes on number 215 after setup_whois:

if [ -z $server ]
then
if echo “$domain” | grep -q -e “.com$” -e “.net$” -e “.edu$”
then
server=”whois.verisign-grs.com”
fi
fi

Just add this param and specifiy your whois server referring domain that you are using: /usr/local/nagios/libexec/check_domain -d <your_domain> -s <whois_server>

In case you want to look for expired status from domain .id , just put on whois.id after options -s (source) . Another whois server like whois.verisign-grs.com are allowed to search expire status for .com .net .edu .org . Then what do we do for .tv etc ?  this is not that sort of things. You have to search another whois server for .tv etc 🙂

Regards