MariaDB Quickest Quick start

Make sure your system is up to date:

CentOS/RHEL ArchLinux
yum update -y pacman -Syu

Install the software:

CentOS/RHEL ArchLinux
yum install mariadb-server pacman -S mariadb
mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

Start the database service:

 systemctl start mariadb

Check if it is running:

 systemctl is-active mariadb.service
 systemctl status mariadb

The following step is optional but highly recommended:

 mysql_secure_installation

Enable database to start on start-up:

 systemctl enable mariadb

Enter SQL:

 mysql -u root -p

Creating database:

 create database bugzilla;
 FLUSH PRIVILEGES;

Create user:

 GRANT ALL PRIVILEGES ON bugzilla.* TO 'warren'@'localhost' IDENTIFIED BY 'mypass';
 GRANT ALL PRIVILEGES ON killrate.* TO 'pocketmine'@'%' IDENTIFIED BY 'mypass';
 FLUSH PRIVILEGES;
Posted in Linux, Z1 | Tagged , , , , , , | Leave a comment

Jaxon: Call PHP classes from JavaScript using AJAX

Jaxon

Jaxon is an open source PHP library for easily creating Ajax web applications. It allows into a web page to make direct Ajax calls to PHP classes that will in turn update its content, without reloading the entire page.

Jaxon implements a complete set of PHP functions to define the contents and properties of the web page. Several plugins exist to extend its functionalities and provide integration with various PHP frameworks and CMS.

Posted in IT development, Z1 | Tagged , , , , | Leave a comment

Windows administration from the command line

Windows system administration is very mouse driven and to reach
all tools you need to browse through Windows explorer.

If you are like me and prefer to log on a limited privilege account and use Runas to perform admin tasks, you can open these consoles with the .msc file names.

Here is a list of admin tools with their .msc file names.

  • domain.msc: AD Domains and Trusts
  • admgmt.msc: Active Directory Management
  • dssite.msc: AD Sites and Serrvices
  • dsa.msc: AD Users and Computers
  • adsiedit.msc: ADSI Edit
  • azman.msc: Authorization manager
  • certsrv.msc: Certification Authority Management
  • certtmpl.msc: Certificate Templates
  • cluadmin.exe: Cluster Administrator
  • compmgmt.msc: Computer Management
  • comexp.msc: Component Services
  • cys.exe: Configure Your Server
  • devmgmt.msc: Device Manager
  • dhcpmgmt.msc: DHCP Managment
  • dfrg.msc: Disk Defragmenter
  • diskmgmt.msc: Disk Manager
  • dfsgui.msc: Distributed File System
  • dnsmgmt.msc: DNS Managment
  • eventvwr.msc: Event Viewer
  • ciadv.msc: Indexing Service Management
  • ipaddrmgmt.msc: IP Address Management
  • llsmgr.exe: Licensing Manager
  • certmgr.msc: Local Certificates Management
  • gpedit.msc: Local Group Policy Editor
  • secpol.msc: Local Security Settings Manager
  • lusrmgr.msc: Local Users and Groups Manager
  • nlbmgr.exe: Network Load balancing
  • perfmon.msc: Performance Monitor
  • pkiview.msc: PKI Viewer
  • pkmgmt.msc: Public Key Managment
  • acssnap.msc: QoS Control Management
  • tsmmc.msc: Remote Desktops
  • rsadmin.msc: Remote Storage Administration
  • ntmsmgr.msc: Removable Storage
  • ntmsoprq.msc: Removable Storage Operator Requests
  • rrasmgmt.msc: Routing and Remote Access Manager
  • rsop.msc: Resultant Set of Policy
  • schmmgmt.msc: Schema management
  • services.msc: Services Management
  • fsmgmt.msc: Shared Folders
  • sidwalk.msc: SID Security Migration
  • tapimgmt.msc: Telephony Management
  • tscc.msc: Terminal Server Configuration
  • licmgr.exe: Terminal Server Licensing
  • tsadmin.exe: Terminal Server Manager
  • uddi.msc: UDDI Services Managment
  • wmimgmt.msc: Windows Mangement Instumentation
  • winsmgmt.msc: WINS Server manager
Posted in MS-Windows, Z1 | Tagged , , , , , , , , , , , , | Leave a comment

Deploying Kerberos based SSO

Pre-requisites

  • Kerberos Domain Controller (KDC)
  • User accounts in the KDC
  • KDC based logins

To make sure that this is working, login to your workstation using
your kerberos password and use the command:

klist

This should show your principals assigned to you.

Ticket cache: FILE:/tmp/krb5cc_XXXX_ErVb5X
Default principal: [email protected]

Valid starting       Expires              Service principal
01/11/2016 15:51:35  01/12/2016 15:51:34  krbtgt/[email protected]

Configuring Apache

  1. Install any necessary modules on the server:
    • yum install mod_auth_kerb
  2. Create a service principal for the web server (this needs to be
    done on the KDC.

    • kadmin.local -q "addprinc -randkey HTTP/www.example.com
  3. Export the encpryption keys to a keytab:
    • kadmin.local -q "ktadd -k /tmp/http.keytab HTTP/www.example.com
  4. Copy /tmp/http.keytab to the webserver at
    /etc/httpd/http.keytab.
  5. Set ownership and permissions:
    • chmod 600 /etc/httpd/http.keytab
    • chown apache /etc/httpd/http.keytab
  6. Enable authentication, configure this:
    • AuthType Kerberos
    • AuthName "Acme Corporation"
    • KrbMethodNegotiate on
    • KrbMethodK5Passwd off
    • Krb5Keytab /etc/httpd/http.keytab
    • require valid-user
  7. Re-start apache

Configure FireFox

  1. Navigate to about:config
  2. Search for: negotiate-auth
  3. Double click on network.negotiate-auth.trusted-uris.
  4. Enter hostname’s, URL prefixes, etc, separated by commas.
    Examples:

    • www.example.com
    • http://www.example.com/
    • .example.com

It is possible to configure this setting for all users by creating a global config file:

  1. Find configuration directory:
    • rpm -q firefox -l | grep preferences
  2. Create a javascript file in that directory. (by convention, autoconfig.js; other
    file names will work, but for best results it should be early in the alphabet.)
  3. Add the following line:
    • pref("network.negotiate-auth.trusted-uris",".example.com");

Configure OpenSSH server

  1. Create a service principal for the host (this needs to be
    done on the KDC.

    • kadmin.local -q "addprinc -randkey host/shell.example.com
  2. Export the encpryption keys to a keytab:
    • kadmin.local -q "ktadd -k /tmp/krb5.keytab host/shell.example.com
  3. Copy /tmp/krb5.keytab to the host at:
    /etc/krb5.keytab.
  4. Set ownership and permissions:
    • chmod 600 /etc/krb5.keytab
    • chown root /etc/krb5.keytab
  5. Enable authentication, change these settings in
    /etc/ssh/sshd_config:

    • KerberosAuthentication yes
    • GSSAPIAuthentication yes
    • GSSAPICleanupCredentials yes
    • UsePAM no # This is not supported by RHEL7 and should be left as yes
  6. Restart sshd.

Configure OpenSSH clients

Configure /etc/ssh_config or ~/ssh/ssh_config:

Host *.localnet
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes
Posted in Infrastructure, Z1 | Tagged , , , , , | Leave a comment

Let’s Encrypt

This is a service that let’s you get SSL certificates for HTTPS. These certificates are trusted by major browsers.

See Let’s Encrypt

This is a barebones howto to get SSL certificates:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

This contains the client software for let’s encrypt.

./letsencrypt-auto certonly --manual

This will start by updating and getting any needed dependencies and then jump to a wizard
like configuration to get this done. Follow the prompts and pay special attention on the
prompt used to validate your domain. (You need to create a couple of folders and a file
with the right content).

Afterwards your certificates will be in:

/etc/letsencrypt/live/mydomain.tld

Then go to your CPanel configuration, then upload:

  • privkey.pem to Private Keys
  • cert.pem to Certificates

Then you go to Manage SSL Hosts -> Browse Certificates, pick the right certificate. Then paste chain.pem (from /etc/letsencrypt/live/mydomain.tld) to the CA Bundle box.

Posted in Infrastructure, Z1 | Tagged , , , , | Leave a comment

LG GW620

NOTE:

This article refers to obsolete hardware. I am posting it here just for archival purposes...

This is one of the most hackable Androids I have seen and comes with a physical keyboard.

I tested the following alternate firmwares:

  • OpenEtna
    Based on CM+Froyo 2.2, has a boot from SD card option.
  • OpenEve
    Forked from OpenEtna. Has multiple versions of CM up to 9 (I think).
  • FireDroidMod
    • FD4.1
      Based on CM7, and includes google apps and a iOS like UI. I am using this one.
    • FD3.2
      Based on CM7, lighter than FD4, but google apps need to be installed separately.
    • FD2.1
      Based on Froyo 2.2 (LG version) with a GingerBread interface.
    • FD1.3
      Pre-rooted based on the LG Froyo 2.2 version

In general, I avoided Froyo versions. OpenEve was discarded because:

  • installation process was different
  • required a separate google apps install
  • even though it had newer versions, the phone is already too slow.

Notes on the GW620 + FireDroidMod 4.1:

  • For the market to work properly the primary account needs to be configured on first boot-up. This needs a 3G SIM card.
  • Installing WhatsApp is possible as soon as Market is upgraded to PlayStore (hopefully before GooglePlayServices are installed). WhatsApp must be installed through Google Play Services. Activate it right away. Once installed, GooglePlayStore can be uninstalled.
  • Other Apps may be side-loaded (see APKpure.com

Install these (these can be side loaded):

  • Zeam Launcher : I dislike the default iOS style launcher. Zeam Launcher is quite lite anyway.
  • Facebook Lite

Maybe install Link2SD Plus (from APKmania.com)

TODO

  • Try to install GMail.
  • Configure family calendar
Posted in Android | Tagged , , , , , , , , , | Leave a comment

Centos7/RHEL7 FirewallD — the least you need to know

This post is just a simple hints-tips to get something going with FirewallD without going into too much detail.

  1. Checking if you are using firewalld:
    • firewall-cmd –state
  2. Check your zones (needed later when opening ports):
    • firewall-cmd –get-default-zone
    • firewall-cmd –get-active-zones
  3. Checking what is active:
    • firewall-cmd –zone=public –list-all
  4. Opening services:
    • firewall-cmd –zone=public –add-service=http
      Or alternatively:
    • firewall-cmd –permanent –zone=public –add-service=http
    • firewall-cmd –reload
      Services are defined in /usr/lib/firewalld/services and /etc/firewalld/services.
  5. Opening ports:
    • firewall-cmd –permanent –zone=public –add-port=443/tcp
    • firewall-cmd –reload
Posted in Infrastructure, Z1 | Tagged , , , , , , , , | Leave a comment

Raspberry Pi Thin Client

RPITC

Thin Client project want to create a very low price thin client over Raspberry Pi board! Microsoft RDC, Citrix ICA, VMWare View, OpenNX & SPICE

Posted in IT development, Z1 | Tagged , , , | Leave a comment

Online IDEs

5 Best online IDEs
If you want to move to the cloud and like to code like me, this is kinda of a basic necessity.

Posted in Cloud Services, Z1 | Tagged , , , | Leave a comment

Lifehacker App Guides

These two hyperlinks from Lifehacker are quite useful:

Posted in Android, Z1 | Tagged , , , | Leave a comment