Gentoo Blog

Google’s Public DNS Servers in case you need a public uncensored DNS server you can use these:

8.8.8.8
8.8.4.4

Here is my resolv.conf with the open DNS servers:

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 94.75.228.2
nameserver 80.237.196.2


The last two are also open DNS Servers but not from Google.

generate a new private key and matching Certificate Signing Request (eg to send to a commercial CA)
openssl req -out MYCSR.csr -pubkey -new -keyout MYKEY.key

-add -nodes to create an unencrypted private key
-add -config if your config file has not been set in the environment

decrypt private key

openssl rsa -in MYKEY.key >> MYKEY-NOCRYPT.key

generate a certificate siging request for an existing private key

openssl req -out MYCSR.csr -key MYKEY.key -new

generate a certificate signing request based on an existing x509 certificate

openssl x509 -x509toreq -in MYCRT.crt -out MYCSR.csr -signkey MYKEY.key

create self-signed certificate (can be used to sign other certificates)

openssl req -x509 -new -out MYCERT.crt -keyout MYKEY.key -days 365

sign a Certificate Signing Request
openssl x509 -req -in MYCSR.csr -CA MY-CA-CERT.crt -CAkey MY-CA-KEY.key -CAcreateserial -out MYCERT.crt -days 365

-days has to be less than the validity of the CA certificate

convert DER (.crt .cer .der) to PEM

openssl x509 -inform der -in MYCERT.cer -out MYCERT.pem

convert PEM to DER

openssl x509 -outform der -in MYCERT.pem -out MYCERT.der

convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates

openssl pkcs12 -in KEYSTORE.pfx -out KEYSTORE.pem -nodes

add -nocerts for private key only; add -nokeys for certificates only

convert (add) a seperate key and certificate to a new keystore of type PKCS#12

openssl pkcs12 -export -in MYCERT.crt -inkey MYKEY.key -out KEYSTORE.p12 -name "tomcat"
check a private key
openssl rsa -in MYKEY.key -check

add -noout to not disclose the key

check a Certificate Signing Request

openssl req -text -noout -verify -in MYCSR.csr

check a certificate

openssl x509 -in MYCERT.crt -text -noout
check a PKCS#12 keystore

openssl pkcs12 -info -in KEYSTORE.p12

check a trust chain of a certificate

openssl verify -CAfile MYCHAINFILE.pem -verbose MYCERT.crt

-to check for server usage: -purpose sslserver
-to check for client usage: -purpose sslient

First you need to install the windows nfs client. Go to

Control Panel\All Control Panel Items\Programs and Features

Then click on Turn Windows features on or off then select NFS Services Client for NFS. After the installation start a dos box or power shell. And enter the following command to mount the share backup on server 192.168.1.1 and assign the drive letter k:

mount \\192.168.1.1\backup k:

Example: mount [options] \\nfs-server-unc-name\share-name [drive letter]

Restoring a single database from a full dump is pretty easy, using the mysql command line client’s –one-database option:

mysql -u root -p --one-database db_to_restore < fulldump.sql

But what if you don’t want to restore the database, you just want to extract it out of the dump file? Well, that happens to be easy as well, thanks to the magic of sed:

sed -n '/^-- Current Database: `test`/,/^-- Current Database: `/p' fulldump.sql > test.sql

You just need to change “test” to be the name of the database you want extracted. Or you can use this shell script:

Download mysqldumpsplitter

Usage:

$>sh MyDumpSplitter.sh
Usage: sh MyDumpSplitter.sh DUMP-FILE-NAME — Extract all tables as a separate file from dump.
sh MyDumpSplitter.sh DUMP-FILE-NAME TABLE-NAME — Extract single table from dump.
sh MyDumpSplitter.sh DUMP-FILE-NAME -S TABLE-NAME-REGEXP – Extract tables from dump for specified regular expression.

Further instructions for using this script can be found here:

Mysql dump-shell script

To copy or mirror a website with wget do the following:

wget -r -l2 -N -k -x mywebsite.com

This will create a complete copy of the website into a folder called mywebsite.com.

Have fun

If you need a new SSL certificate for a server you will need a 2048bit private key from 2011 onwards. This command creates both:

openssl req -new -nodes -newkey rsa:2048 -keyout example.key -out example.csr

Thats it send the CSR to you ISP and you should get you SSL cert back. You can also edit:

/etc/ssl/openssl.cnf

And change the default_bits line to 2048 then all new keys we be created with 2048bits.

Okay so you have forgotten your mysql root password and need to access you mysql server. This howto requires root access to the shell or via sudo:

First stop your mysql server via the init script:

/etc/init.d/mysql stop

Now lets start up the mysql daemon and skip the grant tables which store the passwords:

mysqld_safe --skip-grant-tables

You should be able to see mysql starting. Logon to mysql with the fowling command:

mysql --user=root mysql

Now change the password with:

update user set Password=PASSWORD('new-password') where user='root';
flush privileges;
exit;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.

To compare the content of two fields in mysql and print the matching results do the following:

select * from user where username=password;

This would match all users that have the same username and password

This is our mysql table for proftpd with two users. One user has a clear text password ‘Clear_text’ and the other user has a Crypt password. The passwords are stored in the field passwd. Which we need to update for the user ftp.

mysql> select * from ftpuser;
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| id | userid | passwd | uid | gid | homedir | shell | count | accessed | modified |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| 10 | ftp| *BD0359A2B6ZZHHA6A35B8D06DC1114D92CE3101 | 108 | 1002 | /storage/data | /sbin/nologin | 23 | 2011-01-19 13:07:33 | 2011-01-19 11:47:54 |
| 11 | upload | Clear_text | 108 | 1002 | /storage/data | /sbin/nologin | 529 | 2011-01-19 10:06:28 | 2011-01-06 16:01:30 |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+

We want to update the crypt password from the mysql shell. The following command will update the user ftp with a new crypt password:

update ftpuser set passwd=PASSWORD('KLatttGuya') where userid='ftp';

You can see the password in clear text here ‘KLatttGuya’ because of the option PASSWORD mysql knows that it must store a crypt password.

This howto shows you howto create a self signed SSL certificate without a passphrase. Using openssl with one single command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.key -out mycert.crt

After you have answered all the questions you should have two files one key file and one crt file. Please make sure to enter your domain name when asked for your common name. This can also be an ip address if you don’t have a domain name to use. You can change how long the cert is valid for by changing the value days. If you prefer to have your cert and key in one file normally called a pem file please use the following command:

openssl req -x509 -nodes -days 1095 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

As you can see the only thing i changed is instead of using two file names one for the key and one for the cert. You just repeat the first name which will create the cert and the key in one file called mycert.pem in our example.