A new WordPress Firewall Plugin

I had written a blog post regarding “How to protect your wordpress blog from web injection” before. I had mentioned a firewall plugin called “WordPress Firewall” which used to be very helpful at the time I had written the blog. But it seems the updated version of WordPress Firewall 1 & 2 both were not updated for pretty long time. It is now better to switch to something else. Upon my research of the current plugin market, I find the following WordPress Firewall plugin very useful “All in one WordPress Security & Firewall“.

So, take sometime to go on a maintenance for your wordpress blog and install the latest option to secure your blog.

‘ca-certificates’ update error

Since the last “ca-certificates” release for RHEL/CentOS 6 or Fedorar 14 with version stating 2013, there is a roaming error of not being able to update “ca-certificate” version starting from 2010 to the latest 2013. The error is somewhat looks the following through yum:

Running Transaction
Updating : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
Error unpacking rpm package ca-certificates-2013.1.94-65.0.el6.noarch
warning: /etc/pki/java/cacerts created as /etc/pki/java/cacerts.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.crt created as /etc/pki/tls/certs/ca-bundle.crt.rpmnew
warning: /etc/pki/tls/certs/ca-bundle.trust.crt created as /etc/pki/tls/certs/ca-bundle.trust.crt.rpmnew
error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename
Verifying : ca-certificates-2013.1.94-65.0.el6.noarch 1/2
ca-certificates-2010.63-3.el6_1.5.noarch was supposed to be removed but is not!
Verifying : ca-certificates-2010.63-3.el6_1.5.noarch 2/2

Failed:
ca-certificates.noarch 0:2010.63-3.el6_1.5 ca-certificates.noarch 0:2013.1.94-65.0.el6

The following part of the error to be noted:

error: unpacking of archive failed on file /etc/ssl/certs: cpio: rename

It looks like the new “ca-certificate” is using a new structure. In old versions, “certs” is a folder which contains old certificates. While updating with the new one, it is trying to create a symlink with the /etc/pki/tls/certs/ by removing the old directory, which it fails with yum.

To solve the error, run the following:

$ mv /etc/ssl/certs /etc/ssl/certs.back
$ ln -s /etc/pki/tls/certs /etc/ssl/certs
$ yum update ca-certificate*

This should solve the error.

How to Solve Force File System Quota Check on Every Boot RHEL/CentOS

I had been seeing an uprising issue of forced file system quota check on every boot after migrating to RHEL 6 or CentOS 6. I hadn’t seen the same issue before. I had been tackling it by changing the quotacheck file on each boot to something different. Quotacheck file is located:

$ ls /sbin/quotacheck

I couldn’t get enough information on something was changed in RHEL 6 which triggered this event. I went to trace out the root reason of this starting from Linux Boot Init script.

Continue reading “How to Solve Force File System Quota Check on Every Boot RHEL/CentOS”

What is the difference between Mangle Table & NAT Table?

You must know IPTables to understand routing properly. Once the concept & perspective of IPTables is cleared to somebody, it would become very easy to understand Linux routing and write Iptables rules to create & configure your own desired network. I will write a series of posts trying to explain and clear the confusion over Iptables basic perspective.

Continue reading “What is the difference between Mangle Table & NAT Table?”

Postrouting and IP Masquerading in Linux

IPTables is responsible to handle packet filtering in Linux system. IPTables contains several predefined and/or user-defined tables. Each table contains chains and chain contain packet rules. IPTables uses NAT table to forward packets to another node.

Continue reading “Postrouting and IP Masquerading in Linux”

Best Method to Reboot Linux

There are multiple ways to restart a remote linux system. A IPMI restart, a Power Strip or a Command Restart.

What is the best method to restart a Linux system?

The best method to restart a linux system is to graceful command restart. This will always make sure your all the services are closed before a restart. It will unmount the system and process a shutdown. If a system is not cleanly unmounted, this can cause data loss or some serious injuries to the drive. An uncleanly unmounted system can also take extra time to reboot due to file system integrity check and file system quota check. A cleanly unmounted system would skip the both check and restarts fast. It is hence recommended not to use a forceful Linux restart which doesn’t unmount the system cleanly.

Continue reading “Best Method to Reboot Linux”

Toggle Linux Bootscreen Splash Screen to Verbose Details

How to toggle Linux Bootscreen Splash Bar / Progress Bar to Verbose details?

It is possible that you need to toggle your linux boot screen to display what exactly running in background instead of a splash screen. From CentOS/RHEL 6, they use Plymouth to load a default silent boot screen that is graphically beautiful but doesn’t provide any verbose output. Sometimes the boot screen freezes and without a detailed output you may not be able to identity the root reason of the cause. If you are on the bootscreen where a splashbar is running, press the following keys together:

ALT + d

That would toggle the splash screen to detailed output.

Continue reading “Toggle Linux Bootscreen Splash Screen to Verbose Details”

There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them

While updating CentOS/RHEL system using Yum, the following error appears:

There are unfinished transactions remaining. You might consider running yum-complete-transaction first to finish them

How do I fix this in CentOS/RHEL 5.x/6.x system?

You have some broken or aborted yum transactions in the system. It was possibly due to yum was forcefully interrupted in the middle of a transaction. To fix this, run the following:

$ yum-complete-transaction

The command can return the following:

$ yum-complete-transaction
bash: yum-complete-transaction: command not found

It means you do not have yum-utils package installed in your system. Run the following to install yum-utils

$ yum install yum-utils

This will install necessary for yum-complete-transaction.

How to update roundcube/phpmyadmin settings in directadmin?

Sometimes you may need to change the configuration settings of Roundcube, PHPMyAdmin or SquirrelMail from default values. The values are primarily set by directadmin custombuild.

How to change settings of Roundcube/PHPMyAdmin in Directadmin?

Directadmin stores these 3rdparty data in the following folder:

/var/www/html/

If you want to change the roundcube settings for example, browse the file main.inc.php

nano /var/www/html/roundcube/main.inc.php

Database settings for roundcube available under:

/var/www.html/roundcube/db.inc.php

The same would be true for “config.php” file for SquirrelMail and “config.inc.php” file for PHPMyAdmin.

If you would like to set your own settings next time you run the custombuild make sure to copy a version of these files under the following locations:

/usr/local/directadmin/custombuild/custom/phpmyadmin/config.inc.php
/usr/local/directadmin/custombuild/custom/squirrelmail/config.php
/usr/local/directadmin/custombuild/custom/roundcube/main.inc.php
/usr/local/directadmin/custombuild/custom/roundcube/db.inc.php

This will include the custom settings for you while the software updates by custombuild.

Hostingseclist.com – Something worth subscribing!

Folks from RACK911 created a listing page called http://hostingseclist.com

Its a list of recent security notices related to web hosting industry. The list is pretty fast to notify when a vulnerability arrives and most of the cases, they include a discussion linking to Webhostingtalk. It is hard to subscribe to every product developer and keep updated with their latest bug reports. While HostingSecList seems to be collecting everything in one. They are also checking each of the bug reported before posting them online. They also list community reported bugs.

HostingSecList.com is something worth subscribing out of all spammers right these days!