Mounting an ISO Image as a Filesystem

This is great, if you don’t have the DVD hardware, but need to get the data.

The following show an example of mounting the Fedora core 7 DVD as a file.

# mkdir /iso
# mount -o loop -t iso9660 /FC7-i386-DVD.iso /iso

Or to mount automatically at boot, add the following to “/etc/fstab”

/FC7-i386-DVD.iso /iso iso9660 ro,loop 0 0

Read more

How to Use MD5

Using an MD5 checksum you can do exactly that- verify the integrity of data. This can be used in a number of different situations and in any number of different ways, but it is a simple and effective way to verify large amounts of data.

Message-Digest algorithm 5 is a cryptographic hash function with a 128-bit value which can be found all over, especially on the internet. A checksum is a kind of redundancy check which can verify the integrity of data in a number of ways. The most basic form of checksum will verify the size of a set amount of data, assuming that if the data has the correct number of bytes it was transferred without a problem. Using MD5, a unique string of letters and numbers can be put together so signify the data which is in question. Here is a sample string:

ecd4cb123cd3099f9c3e56f948b65375

The goal of this would be to identify data which needs to be backed up, and then create a MD5 checksum. With this done the data can be copied into place and the MD5 checksum can be reviewed so as to verify the data was copied without incident.

How to use MD5 in Linux?
With any Linux distribution checking an MD5 checksum is easy and quick. No installations or add-ons should be necessary.

Generate a MD5 checksum:
open the console and type following command to generate the md5 checksum

md5sum xxxxxx.iso > xxxxxx.iso.md5

(note: any file extension can be used)

Verify a MD5 checksum:
open the console and type following command to check the md5 checksum

md5sum -c xxxxxx.iso.md5 

(this is supposing the MD5 and the file being verified are in the same directory)

That is really all there is to it! In just a few minutes you can be an MD5 expert and will have taken control of this powerful tool. MD5 checksums are very useful for the verification of data and for passwords, but it should be noted that tools are available that can decompile MD5 sums so that they are not always a perfectly secure way to store a password. Even so, they are a very useful tool for data redundancy, protection, and recovery.

Read more

Repair a Corrupt MBR and boot into Linux (fedora)

There are times when you inadvertently overwrite your Master Boot Record. The end result being that you are unable to boot into Linux. This is especially true when you are dual booting between windows and Linux OSes. Once when I was working in Windows XP, I accidentally clicked the hibernate button instead of shutdown. And windows somehow overwrote my MBR which housed the GRUB boot loader. At such times, it pays to have this cool tip at hand.

This is what you do to restore the GRUB boot loader when faced with the above problem. First you need a Linux distribution CD. If you are using Fedora (RedHat) then the first CD is sufficient. But you may also use any of the live CDs like Knoppix, Ubuntu Live CD and so on.

With Fedora CD

Boot your computer with the first CD of Fedora in your CD drive (You have to enable your PC to boot from the cdrom, which you can set in the BIOS settings). At the installation boot prompt that you get, enter the following command:

boot: linux rescue

… and press Enter. The installer will ask you a few questions like the language you would like to use, the type of keyboard etc. Then, if you have linux previously installed on your machine, the Fedora installer will automatically detect it and mount it in the /mnt/sysimage directory. Once the linux partition is mounted, you are dropped into the command shell prompt. The next step is to make your newly mounted directory the root (or parent) directory. This you do by running the chroot command as follows:

# chroot /mnt/sysimage

Now you are in the shell with respect to the parent directory which is the linux partition on your harddisk.

From here, the steps needed depends on which bootloader you are using. You have to have a fair idea what is the device node of your harddisk partition housing your MBR. In most cases, it is /dev/hda if you have an IDE harddisk. But if you have a SCSI harddisk, it will be /dev/sda.

Restoring GRUB
Execute the following command :

# grub-install /dev/hda

… to install GRUB boot loader on to your MBR. And then type exit to reboot the machine. Now your GRUB boot loader is fixed.

Read more

Creating the smbpasswd file from /etc/passwd file

Ok, to create the /etc/smbpasswd file: run the following command:

# cat /etc/passwd | mksmbpasswd.sh >/etc/smbpasswd
- Next, fix the permissions of the file:

# chmod 500 /etc/smbpasswd
With this command, all users defined in the /etc/passwd file will have a SMB entry put into the /etc/smbpasswd file. Please note that if desired, users can log in via a different SMB username/passwd than their Unix username/password. Please be aware that though the user is now defined in the smbpasswd file, the user will be LOCKED out until they actually CHANGE their SMB password. To do this, run the following command PER user:

# smbpasswd nikesh

Read more

HowTo Create a self-signed SSL Certificate for Apache

Step 1: Generate a Private Key
The openssl toolkit is used to generate an RSA Private Key and CSR (Certificate Signing Request). It can also be used to generate self-signed certificates which can be used for testing purposes or internal usage.

The first step is to create your RSA Private Key. This key is a 1024 bit RSA key which is encrypted using Triple-DES and stored in a PEM format so that it is readable as ASCII text.

# openssl genrsa -des3 -out server.key 1024

Generating RSA private key, 1024 bit long modulus
…………………………………………………++++++
……..++++++
e is 65537 (0×10001)
Enter PEM pass phrase:
Verifying password - Enter PEM pass phrase:

Step 2: Generate a CSR (Certificate Signing Request)

Once the private key is generated a Certificate Signing Request can be generated. The CSR is then used in one of two ways. Ideally, the CSR will be sent to a Certificate Authority, such as Thawte or Verisign who will verify the identity of the requestor and issue a signed certificate. The second option is to self-sign the CSR, which will be demonstrated in the next section.

# openssl req -new -key server.key -out server.csr

Country Name (2 letter code) [IN]:IN
State or Province Name (full name) [Nikesh Jauhari]:Nikesh
Locality Name (eg, city) [Pune]:Pune
Organization Name (eg, company) [My Company Ltd]:Cybage Software Pvt. Ltd.
Organizational Unit Name (eg, section) []:Information Technology
Common Name (eg, your name or your server’s hostname) []:poison.hell.com
Email Address []:njauhari@cybage.com
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step 3: Remove Passphrase from Key

One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:

# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key

The newly created server.key file has no more passphrase in it.

-rw-r–r– 1 root root 745 Jun 29 12:19 server.csr
-rw-r–r– 1 root root 891 Jun 29 13:22 server.key
-rw-r–r– 1 root root 963 Jun 29 13:22 server.key.org

Step 4: Generating a Self-Signed Certificate

To generate a temporary certificate which is good for 365 days, issue the following command:

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
………………………..
Getting Private key

Step 5: Installing the Private Key and Certificate

When Apache with mod_ssl is installed, it creates several directories in the Apache config directory. The location of this directory will differ depending on how Apache was compiled.

# cp server.crt /usr/local/apache/conf/ssl.crt
# cp server.key /usr/local/apache/conf/ssl.key

Step 6: Configuring SSL Enabled Virtual Hosts

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Step 7: Restart Apache and Test

/etc/init.d/httpd stop
/etc/init.d/httpd start

Now you can use https://yourwebservername.dowmain-name.

Read more