Checking “Cloudbleeded” passwords in password-store (pass)

So, there’s this CloudFlare HTTPS traffic memory leak that happened and it is good idea to change passwords for all of your sites that are using cloudflare. Full list of sites using cloudflare is available on above mentioned Github page. I’m using pass, simple password manager that stores all of the credentials in gpg encrypted files. I’m not going on explaining what it is in more details since if you’re reading this blog you probably at least know of it....

February 25, 2017 · 2 min · Ivan Tomica

Installing Let’sEncrypt SSL on cPanel DNSOnly

If you’re using cPanel DNS only you probably know that AutoSSL feature isn’t available on it. Reason for that is because DNSOnly cPanel installation doesn’t have web server running as classic version does. To circumvent this you may use certbot standalone mode to issue a Let’s encrypt certificate. Command you would use is: certbot certonly --standalone -d HOSTNAME -n -m CONTACT@EMAIL.EXAMPLE --agree-tos Ok, if domain resolves to the correct server certbot will launch its built-in web server and perform verification and hopefully certificate should be issued....

February 21, 2017 · 2 min · Ivan Tomica

Installing PostgreSQL in FreeBSD jail

To install and run PostgreSQL in FreeBSD jail you’ll need to enable allow.sysvipc system tuneable on that specific jail: List jails: jls Note jail ID and use following command to enable it for that running jail: jail -m jid=JAILID allow.sysvipc=1 This can also be accomplished by changing ezjail jail configuration file /usr/local/etc/ezjail/JAILNAME, ensure it contains: export jail_JAILNAME_parameters="allow.sysvipc=1" Install appropriate version of PostgreSQL. There are many different versions but I’ll use 9....

February 19, 2017 · 1 min · Ivan Tomica

Redis as PHP session handler on FreeBSD

This one is quite simple to be honest. Assuming you have Redis already installed and set up correctly you can just change your php-fpm pool definition to include: php_value[session.save_handler] = redis php_value[session.save_path] = "tcp://127.0.0.1:6379" If you’re using password for logging into redis you would specify it like: php_value[session.save_path] = "tcp://127.0.0.1:6379?auth=PASSWORD" Restart php-fpm after that: service php-fpm restart and you should now see PHP saving sessions within Redis service: 127.0.0.1:6379> keys PHPREDIS_SESSION* 1) "PHPREDIS_SESSION:GFtHQ69XH6C7xe5LLYzhJ35zUQACJw" ....

February 14, 2017 · 1 min · Ivan Tomica

FreeBSD Jails – dynamically assign IP address using ezjail

Instead of adding all IP addresses statically to your server via host’s /etc/rc.conf file you may instead leave them out and specify them on per-jail basis. That way when Jail is started IP address gets assigned to specific network interface, and when it is shut down it disappears from that interface. This comes in really handy especially when you’re managing lots of IPv6 only jails, adding all IP addresses to the interface could be tedious and your rc....

February 12, 2017 · 1 min · Ivan Tomica

FreeBSD top(1) – processes within specific jail

On FreeBSD top(1) utility, although having much less command line switches and options is in fact much more powerful than one that comes with your favorite Linux distribution. Maybe one day I decide to publish an in depth write up about it but until that day comes here’s one hint. To show only processes that are running within specific jail launch top: top press: J enter your jail name: examlejail Voila, you have only processes within that specific jail listed....

February 10, 2017 · 1 min · Ivan Tomica

Enable PHP mail() in FreeBSD

On FreeBSD 11 sendmail is not enabled by default. Also by default, php configuration (php.ini) has sendmail binary configured for sending email so using mail() within your PHP application may not work. To resolve that you need to enable sendmail which you can do with: # sysrc sendmail_enable="YES" sendmail_enable: NO -> YES # sysrc sendmail_msp_queue_enable="YES" sendmail_msp_queue_enable: NO -> YES After that just start sendmail with: service sendmail start

February 8, 2017 · 1 min · Ivan Tomica

FreeBSD jails – localhost IP

So, app was connecting from jail’s public IP to the MySQL and that didn’t worked since I had user created like: USER@localhost Instead of: USER@% or USER@JAILIP And that got me confused badly. I would like to thank Mark for clarification.

February 7, 2017 · 1 min · Ivan Tomica

Portscan with netcat

Recently I had to discover custom SSH port on the server so I needed to come up with a somewhat quick way to check for open ports on the server. To do that simplest and prettiest solution I’ve found was using netcat utility. As you can see by looking at syntax I prefer OpenBSD one.

February 7, 2017 · 1 min · Ivan Tomica

FreeBSD – Assign IPv6 address to a jail

In previous article I’ve explained how to add IPv6 to your server, now it’s time to show you how to assign IPv6 address to Jail running on your IPv6 host. I’m using ezjail at this moment to manage my Jails. If you’re like me you can use following command to assign already configured IPv6 address to your Jail at creation time: ezjail-admin create JAILNAME "em0|IPV4ADDRESS,em0|2a01:4f8:140:54c7::2" If you already have Jail created and wish to add address to it afterwards you can edit jail configuration file which should be located in /usr/local/etc/ezjail/JAILNAME....

February 7, 2017 · 1 min · Ivan Tomica