Just a fancy alias
pushall = "!f(){ b=${1:-$(git rev-parse --abbrev-ref HEAD)}; for r in $(git remote); do echo \">>> pushing $b to $r\"; git push \"$r\" \"$b\"; done; }; f"
Welcome to my world
Just a fancy alias
pushall = "!f(){ b=${1:-$(git rev-parse --abbrev-ref HEAD)}; for r in $(git remote); do echo \">>> pushing $b to $r\"; git push \"$r\" \"$b\"; done; }; f"
Read all user from windows AD
$ExportPath = 'C:\Users\administrator\ad-export' $groupNames = (Get-ADGroup -Filter * -SearchBase "OU=Groups,OU=Users,DC=local,DC=exmaple") foreach ($group in $groupNames) { $fileName = (Get-ADGroup $group | Select-Object SamAccountName | Out-String -Stream) $fileName2 = ( $fileName. replace('@{Name=',''). replace('}',''). replace('\',''). Replace('SamAccountName',''). Replace('----------',''). replace('\\r\\n',''). replace('\r\n',''). replace('----',''). replace(' ','') ) $path = $ExportPath + "\" + $fileName2 + ".csv" Get-ADGroup $group | Get-ADGroupMember -Recursive | Get-ADUser -Properties * | Select SamAccountName, Surname, GivenName, Title, Mail | Export-Csv -NoType -Encoding UTF8 -Delimiter ";" $path }
Ban all the attackers. Easier said than done. A website is constantly under attack as the whole server. One day I decided it was too difficult to maintain every single server and ban those attackers. Blocking IPs on the website level is too late. Also, it consumes a lot of resources. So I went for iptables. You can find it on github/JBlond/ban_em_all
DROP vs REJECT. Well, DROP is a bad option for debugging. Also, it is not the default behavior of the OS itself. Nothing is listing on a port? The OS sends a reject. Sadly I haven’t found a way to use REJECT when it comes to IPs. Using DROP on the other hand the automatic server/website scanners assume a firewall and it is more likely to continue the scan.
On Windows Server is can be a hassle to find the start-up folder/autostart folder. Quick shortcut: Win Key + R -> shell:startup
Choosing the right cipher for your server.
The wanted options:
/opt/openssl/bin/openssl ciphers -v ALL:COMPLEMENTOFALL | grep -v "(128)" | grep "Mac=AEAD" | grep -v "Kx=PSK" | \ grep -v "Au=PSK" | grep -v "Kx=RSAPSK" | grep -v "Au=DSS" | grep -v "Kx=RSA" | grep -v "Enc=AESCCM" | \ grep -v "Enc=ARIAGCM" | grep -v "Au=None" | grep -v "Kx=DH"
The Output
TLS 1.3 TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any Enc=CHACHA20/POLY1305(256) Mac=AEAD TLS 1.2 ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
At last POLY over AES for speed, and ECDSA over RSA also for speed.
SSLCipherSuite SSL ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA384 SSLCipherSuite TLSv1.3 TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384
This was done with the current latest OpenSSL version 1.1.1l
Only for the completeness, GCM is Galois/Counter Mode[2]
[1] https://de.wikipedia.org/wiki/Authenticated_Encryption
[2] https://en.wikipedia.org/wiki/Galois/Counter_Mode
I had issues with the zend framework and its implementation of lucene. It saved the values from my UTF-8 database in the lucene files with characters like UTF-8 in ISO 8859-1 like on the search result page. And I wasn’t able to search case insensitive.
I noticed that the apache header (zend server CE) wasn’t sending UTF-8. So I added AddDefaultCharset utf-8 to my httpd.conf. Didn’t help.
What helped: In the Bootstrap.php adding to the init of the search
Zend_Search_Lucene_Analysis_Analyzer::setDefault(new Zend_Search_Lucene_Analysis_Analyzer_Common_Utf8()); Zend_Search_Lucene_Search_QueryParser::setDefaultEncoding('utf-8'); Zend_Search_Lucene_Analysis_Analyzer::setDefault(new Zend_Search_Lucene_Analysis_Analyzer_Common_Utf8_CaseInsensitive());
In the model it is needed to decode it to ISO 8859-1 and than save it as UTF-8. Sounds insane, but it was the only thing that works for me.
$doc->addField(Zend_Search_Lucene_Field::Text('lucene_DB_CLOUMN_NAME',utf8_decode($db_apater_result['DB_CLOUMN_NAME']),'UTF-8'));
WTF Zend Lucene!
I made some testing on my dev machine and liked event mpm. So I installed it here. I noticed that the event mpm closes the connections faster than worker mpm. Some download tests sadisfied me. Less memory usage and faster serving :-) For now I keeped the settings from worker mpm. I’ll look for tweaking in the next days.
Different to the docs event mpm works fine with SSL.
sudo apt-get install apache2-mpm-event libapache2-mod-fcgid
Also the serving PHP over fcgid is nice. The implementation of PHP over fcgid in the older post.
Today I changed my server to from prefork mpm to worker mpm.
There are only some issues: in my phpmyadmin I had to set auth from http to cookie. And PHP_ADMIN_VALUE don’t work in the vhosts.
How to install it:
sudo apt-get install apache2-mpm-worker libapache2-mod-fcgid
In the single vhosts
Options Indexes ExecCGI
AddHandler fcgid-script .php
FCGIWrapper /usr/lib/cgi-bin/php5 .php
So that isn’t hard to do.
Well I would like to have a windows server with apache which is also threaded like worker mpm, but there is no cheap hoster for that yet. At home have that server is not an option cause of the small upload I have with my DSL, the coast of energie and where the hell should I put that server in my small apartment to that I still can sleep?