Disable the SSL 3.0 protocol on the server enable TLS 1.0, 1.1, and 1.2

Disable the SSL 3.0 protocol on the server and enable TLS 1.0, 1.1, and 1.2.which make server Heartbleed vulnerability and upgrade server securities.

in virtualhost add below line in SSL 443 virtualhost.

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /path of certfiles/cert.crt
SSLCertificateKeyFile /path of certfiles/keyfile.key
SSLCertificateChainFile /path of certfiles/cert.ca-bundle

SSLProtocol all -SSLv2 -SSLv3

This line help to Disable the SSL 3.0 protocol on the server and enable TLS 1.0, 1.1, and 1.2.which make server Heartbleed vulnerability


For generate SSL tomcat certificate.p12  file.

openssl pkcs12 -export -in publicCert.pem -inkey privateKey.pem -out certificate.p12 -certfile bundle.txt

certfile bundle.txt ---- is cert.ca-bundle file contain
publicCert.pem  ----  is cert cert.crt file contain
privateKey.pem  ---- is cert key file contain

For Cpanel & WHM

Login to WHM, open up the Apache Configuration screen, and click on Include Editor

Under Pre Main Include, select All Versions. This way your server will be protected if you change your version of Apache. When selected, enter the following into the text box for CentOS/RHEL 6.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

When selected, enter the following into the text box for CentOS/RHEL 5.x:

SSLHonorCipherOrder On
SSLProtocol -All +TLSv1

…and then click Update. Once you click update, you’ll be prompted to restart Apache; do so at this time.

Check same on
https://www.digicert.com/help/
Check for Heartbleed vulnerability

Nagios Port moniter as service templete

define service{
        use                             local-service         ; Name of service template to use
        host_name                       hostname
        service_description             Nodejs
        check_command                   check_tcp!3000
        notifications_enabled           0
        }

define service{

        use                             local-service         ; Name of service template to use

        host_name                       hostname

        service_description             kafka

        check_command                   check_tcp!9092

        notifications_enabled           0

        }

How to install Nagios in Centos 6.5 via yum

yum install httpd php php-cli gcc glibc glibc-common gd gd-devel net-snmp
wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm
yum install nagios*

vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
service iptables restart

vi /etc/nagios/objects/contacts.cfg
email                         user@example.com ;

vi /etc/httpd/conf.d/nagios.conf
## Comment Lines 15 & 16 ##
#   Order allow,deny
#   Allow from all

## Uncomment and Change lines 17,18 & 19 as shown below ##
Order deny,allow
Deny from all
Allow from 127.0.0.1 10.50.249.0/24

htpasswd /etc/nagios/passwd nagiosadmin
New password:
Re-type new password:
Updating password for user nagiosadmin

service nagios start
# service httpd start
# chkconfig nagios on
# chkconfig httpd on

http://nagios-server-ip/nagios

vi /etc/nagios/nagios.cfg

cfg_dir=/etc/nagios/servers

mkdir /etc/nagios/servers

Put
Client End

yum install nrpe nagios-plugins-all openssl

vi /etc/nagios/nrpe.cfg
## Line 81 - Add the Nagios server IP ##
allowed_hosts=127.0.0.1 10.50.249.0/24


service nrpe start
chkconfig nrpe on

Create User for Ec2 Instance

For CentoS

From root access user press below command

adduser username
passwd username
visudo
cd /home/username/

su username

ssh-keygen -b 1024 -f username -t dsa
mkdir .ssh
chmod -Rv 700 .ssh/
cat username.pub > .ssh/authorized_keys
chmod -Rv 600 .ssh/authorized_keys
chown username:ec2-user .ssh

Now pass pem file to user.

For Ubuntu

Managing User Accounts on Your Linux Instance

[ec2-user ~]$ sudo adduser newuser

[ec2-user ~]$ sudo su - newuser

[newuser ~]$ mkdir .ssh

[newuser ~]$ chmod 700 .ssh

[newuser ~]$ touch .ssh/authorized_keys

[newuser ~]$ chmod 600 .ssh/authorized_keys

Edit the authorized_keys file with your favorite text editor and paste the public key for your key pair (pem file open in puttygen and pase ppk file into the file

[newuser ~]$ sudo su

[ec2-user ~]$  vi /etc/sudoers.d/90-cloudimg-ubuntu

newuser ALL=(ALL) NOPASSWD:ALL

[ec2-user ~]$ sudo userdel -r olduser

How to configure AWS EBS Volume sanpshot auto backup as shedualer with Tag Name

Install PHP 5.3 or higher

git clone git://github.com/amazonwebservices/aws-sdk-for-php.git AWSSDKforPHP

cd AWSSDKForPHP

cp config.inc-sample.php  config.inc.php

vi config.inc.php

'key' => 'development-key',
'secret' => 'development-secret',

above two variable mention AWS managment conclose login key and password in encrypted format which information you get from securites IAM user.

Download phpmailer also

Now make one backup script  like below i got from google search



/**************************************************************************
|
|   Script to Automate EBS Backups
|   Run this script with CRON or whatever every X period of time to take
|   automatic snapshots of your EBS Volumes.  Script will delete old
|   snapshot after Y period of time
|
|   Version 1.01 updated 2012-08-02
|
|   Copyright 2012 Caleb Lloyd
|   http://www.caleblloyd.com/
|
|   I offer no warrant or guarentee on this code - use at your own risk
|   You are free to modify and redistribute this code as you please
|
|   Requires AWS PHP SDK be configured for your AWS Account:
|       http://aws.amazon.com/sdkforphp/
|
|   Optional PHPMailer Support to email results to yourself
|       http://phpmailer.worxware.com/
|
|   Stores snapshot information in "./snapshot_information.json"
|       Make sure PHP can write this file
|
**************************************************************************/


/**************************************************************************
|   Begin Configuration
**************************************************************************/

//Declare the volumes that you want to backup
//The Volume ID's are the keys of the array, you can store any custom information you
//want in value array, or just keep it blank.  Make sure you keep it as a blank array
//because the script will fillthis up with values...
$volumes=array( '111111111'=>array(),
//                'vol-22222222'=>array()
);

//Do not take a snapshot more than every X hours/minutes/days, etc. (uses strtotime)
//This prevents the script from running out of control and producing tons of snapshots
$snapshot_limit = '23 hours';

//Keep snapshots for this amount of time (also uses strtotime)
$keep_snapshots = '7 days 12 hours';

//Your path to the Amazon AWS PHP SDK
require_once 'path of  aws sdk/sdk.class.php';
//EC2 Region, view path of  aws sdk/services/services/ec2.class.php for definitions
$region='region which get in above file';

//Your path to PHP Mailer (if you don't want to eamil yourself the results, you can get rid of this)
require_once('php mailer path/class.phpmailer.php');
//Go to bottom of script to configure PHP Mailer settings


/**************************************************************************
|   End Configuration
**************************************************************************/

function snapshot_info($s)
{
    $info='';
    $info.='Volume: '.$s['volume'].'
';
    $info.=(!empty($s['volume_name'])?'Volume Name: '.$s['volume_name'].'
':'');
    $info.=(!empty($s['snapshot'])?'Snapshot: '.$s['snapshot'].'
':'');
    $info.=(!empty($s['instance'])?'EC2 Instance: '.$s['instance'].'
':'');
    $info.=(!empty($s['device'])?'Device: '.$s['device'].'
':'');
    $info.=(!empty($s['error'])?'Error: '.$s['error'].'
':'');
    $info.=(!empty($s['datetime'])?'Date/Time: '.$s['datetime'].'
':'');
    $info.='
';
    return $info;
}

$success=array();
$failure=array();
$preserve=array();
$success_delte=array();
$failure_delete=array();

$ec2 = new AmazonEC2();
$ec2 = $ec2->set_region($region);

$latest_snapshot=array();

if (file_exists('snapshot_information.json'))
    $json=file_get_contents('snapshot_information.json');
else
    $json='[]';
$snapshots=json_decode($json,TRUE);
foreach ($snapshots as $s)
{
    if (!empty($lastest_snapshot[$s['volume']]))
    {
        if ($s['timestamp']>$lastest_snapshot[$s['volume']]['timestamp'])
        {
            $lastest_snapshot[$s['volume']]=$s;
        }
    }
    else
    {
        $lastest_snapshot[$s['volume']]=$s;
    }
}

foreach ($volumes as $volume => $v)
{
    $v['volume']=$volume;
    $v['instance']='Not Attached to an Instance';

    $volume_information = $ec2->describe_volumes(array('VolumeId' => $volume));
    $v['volume_name'] = '(volume has no tags)';
    if (!empty($volume_information->body->volumeSet->item->tagSet->item->value))
    {
        $v['volume_name'] = (string)$volume_information->body->volumeSet->item->tagSet->item->value;
    }
    $description = 'Volume '.$volume.(empty($v['volume_name'])?'':' ('.$v['volume_name'].')');
   
    if (!empty($volume_information->body->volumeSet->item->attachmentSet->item->status))
    {
        if ($volume_information->body->volumeSet->item->attachmentSet->item->status == "attached")
        {
            $v['device'] = (string)$volume_information->body->volumeSet->item->attachmentSet->item->device;
            $v['instance'] = (string)$volume_information->body->volumeSet->item->attachmentSet->item->instanceId;
            $description.=' attached to '.$v['instance'].' as '.$v['device'];
        }
    }
    else
    {
        $description.= ' ('.$v['instance'].')';
    }
   
    if ((!empty($lastest_snapshot[$volume]))&&($lastest_snapshot[$volume]['timestamp']>strtotime('-'.$snapshot_limit)))
    {
        $error=TRUE;
        $v['datetime']=date('Y-m-d H:i:s');
        $v['timestamp']=time();
        $v['error']='An Automatic Snapshot Already Exists for that volume in the past '.$snapshot_limit;
        $failure[]=$v;
    }
    else
    {
        $response = $ec2->create_snapshot($volume, array('Description'=>$description));
        if ($response->isOK())
        {
            $v['datetime']=date('Y-m-d H:i:s');
            $v['timestamp']=time();
            $v['snapshot']=(string)$response->body->snapshotId;
            $success[$v['snapshot']]=$v;
 // adding the tag :
            $responseTag = $ec2->create_tags ( $v['snapshot'], array ( 'Key'=>'Name', 'Value'=>$v['volume_name'] ) );
        }
        else
        {
            $error=TRUE;
            $v['datetime']=date('Y-m-d H:i:s');
            $v['timestamp']=time();
            $v['error']=(string)$response->body->Errors->Error->Message;
            $failure[]=$v;
        }
    }
}

if (!empty($snapshots))
{
    foreach ($snapshots as $snapshot => $s)
    {
        $s['snapshot']=$snapshot;
        if ($s['timestamp']        {
            $response = $ec2->delete_snapshot($snapshot);
            if ($response->isOK())
            {
                $success_delete[$snapshot]=$s;
            }
            else
            {
                $error=TRUE;
                $s['error']=(string)$response->body->Errors->Error->Message;
                $failure_delete[$snapshot]=$s;
            }
        }
        else
        {
            $preserve[$snapshot]=$s;
        }
    }
    $snapshots_json=json_encode(array_merge($success,$preserve));
}
else
{
    $snapshots_json=json_encode($success);
}
file_put_contents('snapshot_information.json',$snapshots_json);

$message='';

if (!empty($success))
{
    $message.='The following Snapshots Succeeded:
';
    foreach ($success as $v)
    {
        $message.=snapshot_info($v);
    }
}

if (!empty($failure))
{
    $message.='The following Snapshots Failed and had Errors:
';
    foreach ($failure as $v)
    {
        $message.=snapshot_info($v);
    }
}

if (!empty($success_delete))
{
    $message.='The following old Snapshots were removed:
';
    foreach ($success_delete as $v)
    {
        $message.=snapshot_info($v);
    }
}

if (!empty($failure_delete))
{
    $message.='The following old Snapshots had errors while trying to remove:
';
    foreach ($failure_delete as $v)
    {
        $message.=snapshot_info($v);
    }
}

if (!empty($preserve))
{
    $message.='The following Snapshots were preserved:
';
    foreach ($preserve as $v)
    {
        $message.=snapshot_info($v);
    }
}
?>

how to configure reverse proxy in iis

Install URL_Rewrite model in IIS 

Create domain in iis which name you have to show in browser.  Go to that domain and in feature view open URL_Rewrite.  click on Revers proxy  it will ask for Application request routing too be enable press ok   it will open Add Revers proxy rule box.  Put tomcat url or other url where domain should point. example localhost:8080

And outbond rules put domain name. it should work means some domain request come to www.example.com it will search from local tomcat server.

 After disable outboundRules, application links redirect to internal web app url.

How to Lauch / Recover AWS instance from Snapshot

First take volume snapshot of server. then launch new instance.  login instance and shutdown same

copy paste  Root device Name e.g "/dev/xvda" . Now remove volume of that new instance. and make volume from snapshot which want to recover and attached that new created volume to instance with name of " Root device Name e.g "/dev/xvda"   that its.

How to transfer/move AWS EC2 Instance from one account to second another

First login account  select instance then go to Action tab --- image-- create image go to -- AMIs select recent created snapshot Action --- Modify Image Permission and --- Add (second) AWS Account Number and --save.

Now go to second account Launch Instance ---- My AIMs -- you will get that instance name just select same and continue wizard.

If worst case you face any issue just make snapshot modify image as public.

Important Link which show website details and data and securites

Show website old pages and details



http://website.informer.com

Show website hosting and technologies details

http://builtwith.com/

Scan website for malware scanning

Website Virus and security scan 

https://sitecheck.sucuri.net/

Website header scanner

http://www.webconfs.com/http-header-check.php

How to run tomcat as service

Make sure there is a valid user "tomcat" and that this user has rw permissions in the $CATALINA_HOME/conf and $CATALINA_HOME/logs directories. Also make sure that $JAVA_HOME is set. You will start Tomcat as user "tomcat" to avoid running it as root.

Save the following scripts as /etc/init.d/tomcat.They will automatically be read and run at boot time. Check the log files if it does not start properly.


Do like below for rc3.d rc5.d rc4.d
Make a link to it from /etc/rc5.d such as:

cd /etc/rc5.d
sudo ln -s ../init.d/tomcat S71tomcat

Script for init.d

#!/bin/bash
#
# tomcat        where is tomcat mention is script that need to replace with user
#
# chkconfig: 345 20 80
# description:     Start up the Tomcat servlet engine.

# Source function library.
. /etc/init.d/functions


RETVAL=$?
CATALINA_HOME="/tomcat-apache path/apache-tomcat-7.0.62"

case "$1" in
 start)
        if [ -f $CATALINA_HOME/bin/startup.sh ];
          then
        echo $"Starting Tomcat"
            /bin/su tomcat $CATALINA_HOME/bin/startup.sh
        fi
    ;;
 stop)
        if [ -f $CATALINA_HOME/bin/shutdown.sh ];
          then
        echo $"Stopping Tomcat"
            /bin/su tomcat $CATALINA_HOME/bin/shutdown.sh
        fi
     ;;
 *)
     echo $"Usage: $0 {start|stop}"
    exit 1
    ;;
esac

exit $RETVAL

For boot time active : chkconfig --level 345 tomcat on

To Find from which user service running
ps aux | egrep 'process name' typically will show from which user is service running as.

How to check forgot password of plesk & login mysql too

For login plesk mysql without password : mysql -uadmin -p`cat /etc/psa/.psa.shadow`

For Check plesk admin panel password :  /usr/local/psa/bin/admin --show-password

OVF file not able to deploy

Failed to deploy OVF package: The task was canceled by a user

 

There will be three files you have to delete .mf file and edit .ova file and change contain like below

• .ova – OVF descriptor, written in XML, which describes the hardware requirements
• .mf – contains SHA1 checksums of the .OVA and .VMDK
• .vmdk – the virtual hard disk for the virtual machine.

vmware.cdrom.iso

Changing the above line, to read…

vmware.cdrom.atapi

Then import it will work.

Before import right click on virtual system and edit setting and modify and choose Host CD ROME.

Then export vm and then deploy it will work.

How to excute mysql command from shell

execute mysql command remotely from shell

# mysql -h [ip] -u [user] -p[pass] -e "[mysql commands]"

# mysql -h hostip -u root -pmysqlpassword -e "show databases"

Mention database to use.

Use -D option to specify the name of MySQL database :
# mysql -D [db name] -u [user] -p[pass] -e "[mysql commands]"

# mysql -D DBName -u root -pmysqlpassword -e "show tables"


Use the following syntax in your Bash scripts for running MySQL commands :

mysql -u [user] -p[pass] << EOF

[mysql commands]

EOF

Example :

#!/bin/bash
mysql -u root -pmysqlpassword << EOF
use mysql;
show tables;
EOF

Use full command

Find particular word in files. directory & subdirectory

grep -r EAJggRQ * > asdf

Find particular files. directory & subdirectory

find . -print | grep -i 'index.php'


Mobile test

curl -s -D - -A 'Mozilla/5.0 (Linux; U; Android 2.1-update1; de-de; HTC Desire 1.19.161.5 Build/ERE27) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17' http://dsroutage.com/ > asd

Find Out apache load per process

ps aux | grep 'httpd' | awk '{print $6/1024 " MB";}'
ps -aux | grep 'httpd' | awk '{print $6/1024 " MB";}'
ps aux | grep 'httpd' | awk '{print $6/1024;}' | awk '{avg += ($1 - avg) / NR;} END {print avg " MB";}'
ps aux | grep 'mysql' | awk '{print $6/1024 " MB";}')
ps aux | grep 'mysql' | awk '{print $6/1024 " MB";}'

for check memory  : free -g

most cpu & ram using process :  top -c


High load cpu & Ram using   :  ps -eo pmem,pcpu,vsize,pid,cmd | sort -k 1 -nr | head -10
Plesk Mysql login without password

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

Plesk Mysql login password
/usr/local/psa/bin/admin --show-password

apache overload stop contain
vi /etc/httpd/conf.d/fcgid.conf

##FcgidIOTimeout 45
  FcgidIOTimeout 300

GracefulShutDownTimeout 3
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
FcgidMaxRequestLen 533554432

/scripts/ensure_vhost_includes --all-users

http://www.zyxware.com/articles/2714/how-to-make-custom-changes-to-virtualhost-settings-in-httpd-conf-on-a-whmcpanel-vps-without-losing-the-changes

How to reset Jenkins admin password

For reset jenkin admin password if you forgot just login server via terminal & edit

/var/lib/jenkins/users/username/config.xml file  and update the contents of passwordHash:

Replace with current with below.

#jbcrypt:$2a$10$SmpPO.crN1akTcBmuiIPhOGqVL82RtBQlgaX9u3/4CKUtFNS9Iesy

Save file and restart Jenkins service  now able to login with password “ India@123”

How to make WHM to non secure to secure redirect permant

Once you login visit this section:

WHM >> Server Configuration >> Tweak Settings >> Redirection section and tick the top box for "Always redirect users to the SSL/TLS....." Next tick the Hostname and SSL Certificate Name respectively and save.

Closer all browser windows, then open one and go back to https://domainname:2087/ login and accept the security Certificate into your browser and you're good to go.

Ubuntu command

apt-get update

aptitude install postgresql


use apt-get or aptitude or Ubuntu Software Center.

dpkg -i package-file-name

-i is to install a package.

dpkg -l | grep 'tcl' 

apt-get purge  package name