Skip to Content

PS script to Encrypt a Disk of a VM in Azure

Written on December 14, 2019 at 11:46 PM, by

$keyVault = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $rgName; $diskEncryptionKeyVaultUrl = $keyVault.VaultUri; $keyVaultResourceId = $keyVault.ResourceId; $keyEncryptionKeyUrl = (Get-AzKeyVaultKey -VaultName $keyVaultName -Name myKey).Key.kid;

Set-AzVMDiskEncryptionExtension -ResourceGroupName $rgName ` -VMName “myVM” `

-DiskEncryptionKeyVaultUrl $diskEncryptionKeyVaultUrl `

-DiskEncryptionKeyVaultId $keyVaultResourceId `

-KeyEncryptionKeyUrl $keyEncryptionKeyUrl `

-KeyEncryptionKeyVaultId $keyVaultResourceId

 

For linux servers there might be an error as “Object reference not set to an instance of an object”.

To get around this issue, simply run the Set-AzVMDiskEncryptionExtension 
command with -SkipVmBackup option.

 

Azure, Cloud No Comments

Add certs to tomcat truststore file [cacerts]

Written on September 27, 2019 at 12:20 AM, by

View the certs:

keytool -v -list -keystore /apps/software/jdk1.8.0_92/jre/lib/security/cacerts

Add new cert:

keytool -importcert -alias TESTNAME -keystore /apps/software/jdk1.8.0_92/jre/lib/security/cacerts -file /tmp/test-public-cert.crt

Confirm the addition:

keytool -list -keystore /apps/software/jdk1.8.0_92/jre/lib/security/cacerts -alias TESTNAME

Note: default password for cacerts file in tomcat is “changeit”

Uncategorized No Comments

Install and configure SFTP in windows server 2012 R2

Written on August 27, 2019 at 7:41 AM, by

SFTP uses SSH protocol, so first we have to install windows version of openssh the server.

Luckily we get the precompiled version of it, so we just have to unzip the contents to a folder. Please note that this installation should be used only in a non-prod environment.

Download link : https://github.com/PowerShell/Win32-OpenSSH/releases/download/3_19_2016/OpenSSH-Win64-1.1.zip (I find that the latest versions give a 1067 error while starting)

Steps:
Inside PowerShell prompt execute below command to bypass execution restrictions:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

cd c:\OpenSSH-Win
.\install-sshlsa.ps1
reboot server

Once server is up, edit c:\OpenSSH-Win\sshd_config
Modify below line in config file:
subsystem sftp c:\OpenSSH-Win\sftp-server.exe -d C:/Users/ftp-testing/Work

-d –> default working directory for ftp logins

Open cmd in elevated rights
cd c:\OpenSSH-Win
sshd.exe install

It will show installation successful.

Open services.msc and go to sshd
Make sure sshd starts “Automatically”

Generate SSH keys for the server (they are necessary to start sshd):
ssh-keygen.exe –A

Start SSHD service

Connect ssh using some client tools, like, winscp.

Uncategorized No Comments

Useful screen commands in Linux

Written on June 25, 2019 at 4:32 AM, by

Common screen commands that we can use are:

Starting Named Session:
screen -S session_name

Detach from screen session without killing that session:
Ctrl+a d

Reattaching a screen session:
screen -r (works if only one session is present)

List all existing screen sessions:
screen -ls

If there are more than one screen session, we should mention the screen session id:
screen -r

Uncategorized No Comments

Installing multiple npm versions in linux

Written on May 6, 2019 at 6:35 AM, by

To install multiple npm versions and switch between them, you should use Node Version Manager (nvm)

nvm can be installed by the below commands for a particular user where the commands are run:

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.34.0/install.sh | bash

After successful completion, if you want to install a specific Node Js version use the below command:
nvm install 8.9.4

Finally, check npm version using:
npm version

To check node js version:
node -v

Uncategorized No Comments

Simple command to generate a random password in linux terminal

Written on April 28, 2019 at 12:51 AM, by

We can use the below command to generate a random alpha-numeric strong password from a linux terminal (bash/sh)
< /dev/urandom tr -dc A-Za-z0-9 | head -c14; echo

-c  --> specifies the length of the random string generated.

Linux No Comments

OpenSSL commands to extract private key and cert from pfx/p12 file

Written on February 26, 2018 at 8:55 AM, by

Export the private key file from the pfx file:
#openssl pkcs12 -in filename.pfx -nocerts -out key.pem

Remove the passphrase from the private key:
#openssl rsa -in key.pem -out server.key

Export the certificate file from the pfx file:
#openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

Linux, openssl No Comments

Adding/Editing SVN external urls to a directory from Shell

Written on August 18, 2017 at 6:50 AM, by

Sometimes it is useful to create a working copy that is made out of a number of different checkouts. For example, you may want different files or subdirectories to come from different locations in a repository, or perhaps from different repositories altogether. If you want every user to have the same layout, you can define the svn:externals properties to pull in the specified resource at the locations where they are needed.

 

Command to get the externals already set for a folder:

svn propget svn:externals <folder_name>

To edit an already assigned external or add a new external to a folder use the command:

  1. first set an appropriate editor to edit the externals:

              SVN_EDITOR=/bin/vi
              export SVN_EDITOR

2.  Then use the below command:

svn propedit svn:externals <folder_name> <absolute_path_to_the_folder>

eg: svn propedit svn:externals test /home/kevin/modules/configuration/test

The above command will open the editor “vi” and we can provide the necessary externals url there and save the file.

 

eg: $ svn propget svn:externals test
/svn/myrepo/application/branches/new1.4.1 suite

 

Note that “suite” is a subfolder inside “test” directory to which the external svn path has to be fetched.

That means, the svn branch “/svn/myrepo/application/branches/new1.4.1” will get synced to the folder /home/kevin/modules/configuration/test/suite whenever it is referenced.

 

Uncategorized No Comments

Placing custom Nagios NRPE script to monitor NFS Client

Written on March 24, 2017 at 1:39 AM, by

Changes in the Nagios server:

 

First of all enable NRPE plugin for the client host in Nagios server:

 

  1. Make sure check_nrpe command is defined inside commands.cfg file. If not, add it (assuming nrpe plugin is installed along with Nagios ):

 
define command{

command_name check_nrpe

command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$

}


 

Nrpe enables some default monitoring for the host like CPU Load, Current Users, total processes … etc.

 

  1. The custom nrpe script that we are planning to place for nfs monitoring can be downloaded from here.  The script has to be placed in the client server and not in the Nagios server but we have to make the script definition in the commands.cfg file in Nagios server itself. So add the below lines to define the nfs check in commands.cfg file:

Read more

centos7, nagios No Comments

Enabling session persistence (stickiness) for nginx (open source)

Written on March 17, 2017 at 12:03 AM, by

For those who are not willing to spend some bucks on purchasing nginx plus but your manager insist upon enabling session persistence in nginx, the best option would be check the nginx approved set of modules here –> Nginx 3rd party modules

There is a 3rd party module in that list by the name : Sticky upstream

Download here

 

Obviously, nginx has to be recompiled to enable this 3rd party module (not a dynamic module).

Download the desired version of nginx source code from  here.

If you already have an nginx version running in your server and want to replace it with the new one, check the compile options used to install the old version using the command :

#nginx -V 

Remember to add the option “–with-http_gunzip_module –add-module=<path_to_module_location>” during compilation.

Read more

centos7, Linux, nginx, Session persistence No Comments