Friday, August 12, 2011

Sign your own certificate with OpenSSL

From OpenBSD FAQ, about creating and self-signing an SSL cert for apache:

Quote:
OpenBSD ships with an SSL-ready httpd and RSA libraries. For use with httpd(8), you must first have a certificate created. This will be kept in /etc/ssl/ with the corresponding key in /etc/ssl/private/. The steps shown here are taken in part from the ssl(8) man page. Refer to it for further information. This FAQ entry only outlines how to create an RSA certificate for web servers, not a DSA server certificate. To find out how to do so, please refer to the ssl(8) man page.

To start off, you need to create your server key and certificate using OpenSSL:

# openssl genrsa -out /etc/ssl/private/server.key 1024

Or, if you wish the key to be encrypted with a passphrase that you will have to type in when starting servers

# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024

The next step is to generate a Certificate Signing Request which is used to get a Certifying Authority (CA) to sign your certificate. To do this use the command:

# openssl req -new -key /etc/ssl/private/server.key -out /etc/ssl/private/server.csr

This server.csr file can then be given to Certifying Authority who will sign the key. One such CA is Thawte Certification which you can reach at http://www.thawte.com/. Thawte can currently sign RSA keys for you. A procedure is being worked out to allow for DSA keys.

If you cannot afford this, or just want to sign the certificate yourself, you can use the following.

# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
-signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt


With /etc/ssl/server.crt and /etc/ssl/private/server.key in place, you should be able to start httpd(8) with the -DSSL flag (see the section about rc(8) in this faq), enabling https transactions with your machine on port 443. 

Wednesday, June 15, 2011

Alternative to Windows AutoSSH tunnels with PuTTY

Creating a persistent SSH tunnels with PuTTY is still in PuTTY wishlist. It would be a great if PuTTY has an option to automatically reconnect if TCP connection has been broken. (e.g. the computer wakes from sleep mode or WiFi link is restored)

Linux users has autossh program that does the ssh connection monitoring. It starts a copy of ssh and monitor it, restarting it as necessary should it die or stop passing traffic. The idea was originally from rstunnel (Reliable SSH Tunnel).

Windows users can use a third party PuTTY application called MyEnTunnel (My Encrypted Tunnel) to prevent SSH session disconnects.


MyEnTunnel is a tiny system tray application that launches Plink (PuTTY Link) in the background and monitors the process. If the Plink process stops, it will automatically reconnect the tunnels.


MyEnTunnel uses Plink encryption and networking. It also can use PuTTY sessions, private key generated by PuTTYgen.

Friday, April 8, 2011

Useful 3rd-Party Modules in Moodle 2.0

MOODLE (Modular Object-Oriented Dynamic Learning Environment) is the world leading learning management system (LMS) running on PHP architecture. Being modular enables Moodle users to contribute into creating many additional features that can be plugged-in the system.

The Moodle Community contributes numerous modules or plugins in many form such as blocks, activities, resources, reports and hacks. I found the following third-party modules are useful and available for Moodle version 2.0:
  • Activity Module  
    •  Book - makes it easy to create multi-page resources with a book-like format.
    • Certificate - generates PDF certificates for students upon meeting specified course criteria. (patch for v2.0)
    • Feedback - survey your students with custom questions and scales which is now a part of standard distribution in Moodle 2.0
  • Block
    • Configurable Reports - examine custom course and user reports and custom MySQL queries.
    • Login & Logout - promotes social networking features in Moodle by providing users with a time-based greeting calculated using the server's time and the user's timezone, user profile image, last login data and profile update link. (update for v2.0 by AndrĂ¡s Gazdag)

Do you have a favorite third-party module that is not listed here?

Monday, January 10, 2011

Checking MySQL connection status

If you are writing a shell script which requires importing / exporting data to / from MySQL database, sometimes, it is important to check whether the username and password are still valid.

To do this, we can check for MySQL exit status. If connection is successful, exit status is 0. If connection failed, exit status is 1.

[root@localhost ~]# mysql --user=root -e exit
[root@localhost ~]# echo $?
0
[root@localhost ~]# mysql --user=root --password=oldpassword -e exit
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
[root@localhost ~]# echo $?
1

The following is an example how we can implement this in our bash script.

#!/bin/bash

  dbuser="root"
  dbpass="oldpassword"

  dbaccess="denied"
  until [[ $dbaccess = "success" ]]; do
    echo "Checking MySQL connection..."
    mysql --user="${dbuser}" --password="${dbpass}" -e exit 2>/dev/null
    dbstatus=`echo $?`
    if [ $dbstatus -ne 0 ]; then
      echo -e "MySQL Username [$dbuser]: \c "
      read dbuser
      # Check if user field is empty
      test "${dbuser}" == "" && dbuser="root";
      echo -e "MySQL Password: \c "
      read -s dbpass
      echo
    else
      dbaccess="success"
      echo "Success!"
    fi
  done

Output:

[root@localhost ~]# ./check_mysql_login.sh
Checking MySQL connection...
MySQL Username [root]:
MySQL Password: (wrong password)
Checking MySQL connection...
MySQL Username [root]: root
MySQL Password: (correct password)
Checking MySQL connection...
Success!
[root@localhost ~]#

Saturday, January 8, 2011

Am I root?

Root privileges is important when doing system wide installation and configuration. How do we determine the script is being run by a root or normal user?

# Check that we are run as root.
# Return 0 if yes, or 1 if not or undeterminable.
function is_root() {
  uid=$(id -u 2> /dev/null)

  if [ -n "$uid" ]; then
    if [ "$uid" != "0" ]; then
      echo "FAILED: You need root privileges to run this script.";
      echo
      return 1
    fi
  else
    echo "Could not detect UID";
    return 1
  fi
}

Wednesday, January 5, 2011

Which distro?

When writing shell script, sometime we need to find out which Linux flavor is running on the machine. I like the following bash script from knowledgetree installer to do the job.

function distro_info() {
  distro=$(lsb_release --short --id)

  case "$distro" in
    "Ubuntu"|"Debian")
      # install deb package using apt-get
      ;;
    "CentOS"|"Fedora"|"RedHatEnterpriseServer")
      # install rpm package using yum
      ;;
    * )
      unsupported_distro
      return 1
      ;;
  esac
}

Related Posts Plugin for WordPress, Blogger...