Author Archives: Simon

Reset Forgotten MySQL Root Password

Okay so you have forgotten your mysql root password and need to access you mysql server. This howto requires root access to the shell or via sudo:

First stop your mysql server via the init script:

/etc/init.d/mysql stop

Now lets start up the mysql daemon and skip the grant tables which store the passwords:

mysqld_safe --skip-grant-tables

You should be able to see mysql starting. Logon to mysql with the fowling command:

mysql --user=root mysql

Now change the password with:

update user set Password=PASSWORD('new-password') where user='root';
flush privileges;
exit;

Now kill your running mysqld, then restart it normally. You should be good to go. Try not to forget your password again.

Mysql Update Crypt Field

This is our mysql table for proftpd with two users. One user has a clear text password ‘Clear_text’ and the other user has a Crypt password. The passwords are stored in the field passwd. Which we need to update for the user ftp.

mysql> select * from ftpuser;
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| id | userid | passwd | uid | gid | homedir | shell | count | accessed | modified |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+
| 10 | ftp| *BD0359A2B6ZZHHA6A35B8D06DC1114D92CE3101 | 108 | 1002 | /storage/data | /sbin/nologin | 23 | 2011-01-19 13:07:33 | 2011-01-19 11:47:54 |
| 11 | upload | Clear_text | 108 | 1002 | /storage/data | /sbin/nologin | 529 | 2011-01-19 10:06:28 | 2011-01-06 16:01:30 |
+----+----------+-------------------------------------------+-----+------+---------------+---------------+-------+---------------------+---------------------+

We want to update the crypt password from the mysql shell. The following command will update the user ftp with a new crypt password:

update ftpuser set passwd=PASSWORD('KLatttGuya') where userid='ftp';

You can see the password in clear text here ‘KLatttGuya’ because of the option PASSWORD mysql knows that it must store a crypt password.

Confixx http special entries

Confixx is a fairly popular Admin Panel in Germany to change certain settings in Confixx you can use an option called http special. Here are a few examples of values you may modify:

PHP Safe Mode (this is not recommended):

php_admin_flag safe_mode Off

PHP Memory Limit:

php_admin_value memory_limit 128M

PHP Max Execution Time / Max Input Time:

php_admin_value max_execution_time 120
php_admin_value max_input_time 120

PHP Max Upload Size / Max File Size

php_admin_value upload_max_file_size 32M
php_admin_value post_max_size 32M

PHP Open Basedir:

php_admin_value open_basedir /path/##user##

PHP Session Save Path:

php_admin_value session.save_path /path/##user##/phptmp

Confixx Mod Rewrite:

<Directory /var/www/##user##/html>
Options +FollowSymLinks +SymLinksIfOwnerMatch +Multiviews
</Directory>

Disable PHP functions:

php_admin_value disable_functions popen,escapeshellcmd,system,exec,passthru

The variable: ##user## will match your current user if you are changing settings for more that one user this is extremely helpful

Activate the write cache on a 3ware Raid controller

Without the write cache 3ware raid contollers can be painfuly slow. To activate the write cache do the following. First find the correct number of you raid controller. And also the unit that you would like to switch the cache on for.

tw_cli /c0 show

Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
——————————————————————————
u0 RAID-1 OK – – – 153.385 – –

Port Status Unit Size Blocks Serial
—————————————————————
p0 OK u0 153.38 GB 321672960 WD-WCANM3649095
p1 OK u0 153.38 GB 321672960 WD-WCANM3649568

The command: tw_cli /c0 show gives you an overwiew of the first controller in the system. If you have more than one controller you can use c2 c3 and so on. Now we know that we have one raid controller and also one unit we can switch on the cache for it.

tw_cli set cache c0 u0 on

This command will switch on the write cache for the first controller 0 and unit 0. If you have more than one controller or units please repeat this step. Afterwards check that the cache has been activated:

server142:~# tw_cli /c0 show

Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
——————————————————————————
u0 RAID-1 OK – – – 153.385 W –

Port Status Unit Size Blocks Serial
—————————————————————
p0 OK u0 153.38 GB 321672960 WD-WCANM3649095
p1 OK u0 153.38 GB 321672960 WD-WCANM3649568

Notice the W next to Cache thats it you have increased your write performance. Please remember that you can lose data if you activate the write cache without a battery backup unit. On a power loss you will lose the cached data. 3ware only produces battery backup units for the larger controllers 4 port and greater which sucks.

Howto Create a self signed SSL certificate

This howto shows you howto create a self signed SSL certificate without a passphrase. Using openssl with one single command:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mykey.key -out mycert.crt

After you have answered all the questions you should have two files one key file and one crt file. Please make sure to enter your domain name when asked for your common name. This can also be an ip address if you don’t have a domain name to use. You can change how long the cert is valid for by changing the value days. If you prefer to have your cert and key in one file normally called a pem file please use the following command:

openssl req -x509 -nodes -days 1095 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

As you can see the only thing i changed is instead of using two file names one for the key and one for the cert. You just repeat the first name which will create the cert and the key in one file called mycert.pem in our example.

Gentoo Linux php 5.3 upgrade

In Gentoo Linux from PHP 5.2 and onwards quite a few things have changed. It is now possible to have a slotted installation of PHP to help people to upgrade to PHP 5.3 and larger. I won’t take the time to explain everything because the Gentoo Dev’s have made a great attempt in creating the PHP Admin Guide. Please read this guide before you attempt the upgrade. Unless you server is a non production system and you don’t care about downtime:

Gentoo Upgrading PHP

Add a spare disk to a 3ware Raid Controller

This guide assumes you have already installed the 3ware software tw_cli. Which is a command line tool to configure 3ware raid controllers. To use an emtpy unconfigured disk as a spare raid disk do the following:

tw_cli /c0 add type=spare disk=1

Creating new unit on controller /c0 ... Done. The new unit is /c0/u1.

The disk number is the port number of the disk you would like to use. To get a list of all the attached disks use the folllowing command:

tw_cli /c0 show

Please do not use any of these commands without exactly knowing what you are doing. You can lose all of you data or delete you entire raid array. Please check the man page:

3ware tw_cli Man Page

Encrypted home and swap partition on Ubuntu 10.10 Maverick with auto logon

I wrote a howto about encrypting your home and swap partition a while ago. One thing was missing in the last howto the login process with pam mount. Please be careful following this howto if you do anything wrong you may erase all of you data. You have been warned!

First install a few packages:

aptitude install cryptsetup libpam-mount

We will start of with the swap partition which is easy. First deactivate your swap partition you may need to remove it from /etc/fstab and reboot if it is in use.:

swapoff /dev/sda7

Then fill your swap with random data from /dev/urandom

dd if=/dev/urandom of=/dev/sda7 bs=1M

Configure encrypted swap in /etc/crypttab and /etc/fstab

cat /etc/crypttab

cryptoswap /dev/sda7 /dev/urandom cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

cat /etc/fstab

/dev/mapper/cryptoswap none swap sw 0 0

Okay thats it reboot to test. If you call top from a shell you should see a normal swap partition. Then try and run the follow command you should see something like this:

cryptsetup status cryptoswap
/dev/mapper/cryptoswap is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda7
offset: 0 sectors
size: 8401932 sectors
mode: read/write

Ok your swap partition is done lets move on to /home make sure you have an empty partition for this all data on the partition will be deleted. You’ve been warned

Fill your new home partition with random data.

dd if=/dev/urandom of=/dev/sda8

Initialize the partition and set initial key. Please make sure to use the same password to login and for the encrypted partition. Otherwise you will not be able to unlock your home partition when you login.

cryptsetup -c aes-cbc-essiv:sha256 -y -s 256 luksFormat /dev/sda8

Create a device mapping

cryptsetup luksOpen /dev/sda8 cryptohome

Now you can create a file system on cryptohome

mkfs.ext4 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/cryptohome

Okay give your new home a test by closing it reopening it and finally the first mount

cryptsetup luksClose cryptohome
cryptsetup luksOpen /dev/sda8 cryptohome
Enter LUKS passphrase:
key slot 0 unlocked.
Command successful.

mkdir -p /mnt/cryptohome
mount /dev/mapper/cryptohome /mnt/cryptohome
touch /mnt/cryptohome/linux
ls /mnt/cryptohome/
lost+found linux

We can also confirm that it works by issuing the command

cryptsetup status cryptohome
/dev/mapper/cryptohome is active:
cipher: aes-cbc-essiv:sha256
keysize: 256 bits
device: /dev/sda8
offset: 2056 sectors
size: 20978771 sectors
mode: read/write

Now would be a good time to move your current home data to this partition. And umount the partition:

umount /mnt/cryptohome
cryptsetup luksClose cryptohome

Automatically mount when logging in first edit pam_mount.conf.xml:

vi /etc/security/pam_mount.conf.xml

and add the following:

<volume user="User" fstype="crypt" path="/dev/disk/by-uuid/6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" mountpoint="/home" options="fsck,relatime" />

Make sure to replace User with your user name. And you will also need to change the disk path. You can either add a path like /dev/sda6 or you can add a uuid the ubuntu way.

To find your uuid you use the following command:

blkid /dev/sda8

/dev/sda8: UUID="6d53f51f-7c25-4b3d-aa15-f3594f4f49e1" TYPE="crypto_LUKS"

After you have done that make sure to comment out the entry for your /home partition in /etc/fstab. Pam mount will deal with mounting your /home partition now.

vi /etc/fstab

# /home is on /dev/sda8
#UUID=6d53f51f-7c25-4b3d-aa15-f3594f4f49e1 /home ext4 defaults 0 2

Thats it you should be safe to reboot now. The login process will take slightly longer than before because your home partition gets mounted in the background. The only downside i see with this setup is you can’t use it in a multi-user environment. I am the only user on my laptop so that doesn’t really matter to me.