Hide Apache server version/information,
ServerSignature Off
ServerTokens Prod
Show custom error messages, do for common or well known error codes,
ErrorDocument 400 /myerrorpage.html
ErrorDocument 401 /myerrorpage.html
ErrorDocument 403 /myerrorpage.html
ErrorDocument 404 /myerrorpage.html
ErrorDocument 405 /myerrorpage.html
ErrorDocument 500 /myerrorpage.html
Allow only known versions of HTTP protocol,
RewriteEngine On
RewriteCond %{THE_REQUEST} !HTTP/(0\.9|1\.[01])$
RewriteRule .* - [F]
Reduce the timeout in Apache
Default is 300 seconds (5 minutes), safe to reduce this to 60 seconds. Also, KeepAlive should be on but also reduce its timeout.
Timeout 60
KeepAlive On
KeepAliveTimeout 25
Hide the PHP version
Find the php.ini file and look for,
expose_php=ON
change it to,
expose_php=Off
Protect from Cross Site Scripting
<IfModule mod_headers.c>
Header set X-XSS-Protection: "1; mode=block"
</IfModule>
Wednesday, December 3, 2014
CentOS 7 services
Start service,
systemctl start NAME.SERVICE
Stop service,
systemctl stop NAME.SERVICE
Status,
systemctl status NAME.SERVICE , add -l for more information
Enable the service so it starts at startup / boot
systemctl enable NAME.SERVICE
systemctl start NAME.SERVICE
Stop service,
systemctl stop NAME.SERVICE
Status,
systemctl status NAME.SERVICE , add -l for more information
Enable the service so it starts at startup / boot
systemctl enable NAME.SERVICE
CentOS 7 run level info
Run levels in CentOS 7 are not set in /etc/inittab anymore. Systemd uses targets instead of run levels. You can change the default run level by using the systemctl command or making symlinks.
Check the current run level
systemctl get-default
Check available targets
systemctl list-units --type=target
Change default to run level 3
systemctl set-default multi-user.target
Change default to run level 5
systemctl set-default graphical.target
Using SymLinks
run level 3, ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
run level 5, ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
Check the current run level
systemctl get-default
Check available targets
systemctl list-units --type=target
Change default to run level 3
systemctl set-default multi-user.target
Change default to run level 5
systemctl set-default graphical.target
Using SymLinks
run level 3, ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
run level 5, ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
Monday, November 24, 2014
Apache SSL
For Apache on CentOS SSL config
Add in ssl.conf
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off ##check apache version, may not work
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
Add in ssl.conf
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCompression off ##check apache version, may not work
SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
Tuesday, June 17, 2014
Outlook 2010 prompting for password
Things to check when Outlook 2010 continually prompting for login credentials
- check the Account Settings > More Settings > Advanced Tab to see if there is a mailbox loaded manually that the person does not have access to
- create a new mail profile
- close Outlook, delete the OST file
- Control Panel > Credentials Manager , delete an Outlook credentials
- disable the Credential Manager for domain computers,
- check the Account Settings > More Settings > Advanced Tab to see if there is a mailbox loaded manually that the person does not have access to
- create a new mail profile
- close Outlook, delete the OST file
- Control Panel > Credentials Manager , delete an Outlook credentials
- disable the Credential Manager for domain computers,
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "disabledomaincreds"=dword:00000001
Wednesday, June 11, 2014
Random commands
du -h -s *
lists current directories and their sizes
grep -r "SEARCH STRING" /directory/name/*
search for a string inside files
hdparm -tT /dev/sda1
will give disk throughput speeds in MB/sec
find in files
grep -rn texttofind /path/to/search
r - recursive
n - show line number
replace in files
sed -i 's/original/new/g' filename
lists current directories and their sizes
grep -r "SEARCH STRING" /directory/name/*
search for a string inside files
hdparm -tT /dev/sda1
will give disk throughput speeds in MB/sec
find in files
grep -rn texttofind /path/to/search
r - recursive
n - show line number
replace in files
sed -i 's/original/new/g' filename
Thursday, March 27, 2014
HP Switch firmware update
To update via telnet,
- setup a TFTP server. I used Solarwinds TFTP
- place firmware file at the TFTP's root
- telnet into the switch
2 ways from here,
1. - use the commands,
copy tftp flash TFTPSERVERIP FILENAME.swi primary
reload
2. - type menu
- use arrows to go down to Download OS
- enter the IP of the TFTP server
- enter the filename of the file you placed at the TFTP server's root
- execute
- setup a TFTP server. I used Solarwinds TFTP
- place firmware file at the TFTP's root
- telnet into the switch
2 ways from here,
1. - use the commands,
copy tftp flash TFTPSERVERIP FILENAME.swi primary
reload
2. - type menu
- use arrows to go down to Download OS
- enter the IP of the TFTP server
- enter the filename of the file you placed at the TFTP server's root
- execute
Wednesday, February 5, 2014
Wednesday, January 15, 2014
Uninstalling applications remote using wmic
Uninstall applications from command line on a remote computer.
Single remote computer
wmic /node:COMPUTERNAME product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive
From multiple computers
first create text file of computer names to pass, ex. computers.txt
wmic /node:@"computers.txt" product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive
add the switch /failfast:on to quickly skip nodes that do not respond (computer off)
Single remote computer
wmic /node:COMPUTERNAME product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive
From multiple computers
first create text file of computer names to pass, ex. computers.txt
wmic /node:@"computers.txt" product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive
add the switch /failfast:on to quickly skip nodes that do not respond (computer off)
Subscribe to:
Comments (Atom)