x83.net

View average Round trip time in Wireshark

Giany — Fri, 25 Nov 2011 12:18:41 +0000

Round-trip time (RTT) is the time it takes for a client to send a request and the server to send
a response over the network, not including the time required for data transfer. Not sure if this
fits what you are trying to do, but have you tried Statistics -> IO Graphs Then set Units to Advanced.
Select "AVG(*)" as the Calc method. Enter tcp.analysis.ack_rtt You can apply a filter in the
appropriate location as well. Note that you will need "Analyze TCP sequence numbers" activated in
TCP protocol options in Wireshark preferences for this to work.

Giany — Fri, 25 Nov 2011 12:16:28 +0000

All of these do the same thing..so its a matter of preference and if those tools are installed.

1. curl -I www.google.com

2. w_get -S --spider www.google.com

3. HEAD www.google.com

4. telnet www.google.com 80
HEAD / HTTP/1.0
Host: www.google.com

Convert from instance store to EBS

Giany — Fri, 11 Nov 2011 13:21:53 +0000

Convert from instance store to EBS

One client that was running a older EC2 instance was using instance store.

From my point of view the only benefit for instance store is that it has

better IO..though if you build a RAID using several EBS volumes.

Anyway steps are : 

1. create 1 EBS volume
2. attach this volume to your EC2 instance store 

3. format it as ext3
mkfs.ext3 /dev/sdf

4. mount it
mkdir /mnt/ebs
mount /dev/sdf /mnt/ebs

5. sync the instance with the volume
rsync -avHx / /mnt/ebs
rsync -avHx /dev /mnt/ebs

(you can edit /mnt/ebs/fstab and delete the reference towards the /mnt partition)

6. sync && umount /mnt/ebs

7. create a snapshot of that volume

8. register the ami based on that snapshot

ec2-register -s snap-ID -name "EBS instance" -description "EBS instance" -architecture i386

 -ramdisk ari-d23cd6bb -kernel aki-c43cd6ad

As a result it should show something like:

IMAGE   ami-newID

Show FTP accounts in Plesk

Giany — Tue, 25 Oct 2011 21:58:51 +0000

First login into mysql:

mysql -uadmin -p`cat /etc/psa/.psa.shadow`

and then:

SELECT REPLACE(sys_users.home,’/home/httpd/vhosts/’,”) AS domain, sys_users.login,accounts.password FROM sys_users LEFT JOIN accounts on sys_users.account_id=accounts.id ORDER BY sys_users.home DESC ;

Enable cPanel CSF email bruteforce protection

Giany — Tue, 25 Oct 2011 21:25:35 +0000

If you have CSF installed then check these two options:

# Distributed Account Attack. This option will keep track of login failures # from distributed IP addresses to a specific application account. If the # number of failures matches the trigger value above, ALL of the IP addresses # involved in the attack will be blocked according to the temp/perm rules above LF_DISTATTACK = Default: 0 [0-1]

# Set the following to the minimum number of unique IP addresses that trigger LF_DISTATTACK_UNIQ = Default: 2 [2-20]

Openssl commands

Giany — Wed, 19 Oct 2011 14:30:11 +0000

General OpenSSL commands

The following commands allow you to generate CSRs, Certificates, Private Keys and other tasks.

Generate a new private key and matching certificate signing request (Unix)

openssl req -out CSR.csr -pubkey -new -keyout privateKey.key

Generate a new private key and matching certificate signing request (Windows)

openssl req -out CSR.csr -pubkey -new -keyout privateKey.key -config .shareopenssl.cmf

Generate a certificate signing request for an existing private key

openssl req -out CSR.csr -key privateKey.key -new

Generate a certificate signing request based on an existing x509 certificate

openssl x509 -x509toreq -in MYCRT.crt -out CSR.csr -signkey privateKey.key

Decrypt private key

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

Remove a passphrase from a private key

openssl rsa -in privateKey.pem -out newPrivateKey.pem

Checking commands

Use the following commands to check the information within a Certificate, CSR or Private Key. You can also check CSRs and certificates using our online tools.

Check a certificate signing request

openssl req -text -noout -verify -in CSR.csr

Check a private key

openssl rsa -in privateKey.key -check

Check a certificate

openssl x509 -in certificate.crt -text -noout

Check a PKCS#12 keystore

openssl pkcs12 -info -in keyStore.p12

Debugging commands

If you are receiving certificate errors, try one of the following commands to debug a SSL connection. Use our Site Check as well to check the certificate.

Check the MD5 hash of the public key

openssl x509 -noout -modulus -in certificate.crt | openssl md5
openssl rsa -noout -modulus -in privateKey.key | openssl md5
openssl req -noout -modulus -in CSR.csr | openssl md5

Check an SSL connection. All certificates (also intermediates) should be shown

openssl s_client -connect https://www.paypal.com:443

Converting commands

Use the following commands to convert certificates and keys to different formats to make them compatible with specific types of servers or software. For example, convert a normal PEM file that would work with Apache to a PFX (PKCS#12) file for use with Tomcat or IIS.

Convert DER (.crt .cer .der) to PEM

openssl x509 -inform der -in certificate.cer -out certificate.pem

Convert PEM to DER

openssl x509 -outform der -in certificate.pem -out certificate.der

Convert PKCS#12 (.pfx .p12) to PEM containing both private key and certificates

openssl pkcs12 -in keyStore.pfx -out keyStore.pem -nodes
    add -nocerts for private key only; add -nokeys for certificates only

Convert (add) a seperate key and certificate to a new keystore of type PKCS#12

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt

Malware in database

Giany — Thu, 13 Oct 2011 09:09:12 +0000

I got a report these days about a site being flagged as forgery by Google Safebrowsing. Usually these situations are easy to handle since most of the times there is a flaw of a php script that allow attackers to upload/modify different .php/.js/.css files. Doing a find or restoring the files fixes the problem.

This time I did not find any modified file..but still the sites were being reported to contain malware. Then I’ve checked in the database and seems there were some iframe entries to redirect to some malware sites. Truncating and reimporting the affected tables solved the issue.

Question remains : is there any malware scanner for databases? What if instead of a iframe some hardcoded strings are set..most likely I would have missed those.

WARNING: mismatch_cnt is not 0

Giany — Wed, 21 Sep 2011 11:30:40 +0000

I got an email regarding this issue saying something like :

WARNING: mismatch_cnt is not 0 on /dev/md1

The /dev/mdX can vary depending on how many raid partitions you have. This mismatch_cnt value is the value of the blocks,

that are not synchronized between RAID-1 (mirrored) drives. On my server it looked something like :

[root@ns ~]# cat /sys/block/md1/md/mismatch_cnt
4910080

To fix :

echo repair >/sys/block/md0/md/sync_action
watch cat /proc/mdstat

And after the repair is completed:

echo check >/sys/block/md1/md/sync_action
watch cat /proc/mdstat

Then check to see what this returns:

cat /sys/block/md1/md/mismatch_cnt

Plesk down after upgrade localhost.localdomain

Giany — Wed, 21 Sep 2011 05:36:01 +0000

After upgrade to 10.3.1 when accessing https://host:8443/ you get redirected to :

https://localhost.localdomain:8443/relay

To fix:

/usr/local/psa/bin/sso -g

/usr/share/plesk-billing/update-hostname –new-hostname=
/usr/share/plesk-billing/repair-integration –command=repair-all –idp-url=https://:8443

planetbackup has a uid 0 account

Giany — Fri, 26 Aug 2011 07:58:58 +0000

cPanel bugs me with this message every day on several servers. Seems its from the tool theplanet.com uses to handle backups.

Though I don’t understand why does it need uid 0 and why the “OwN3D” word. This does not look too professional.

Anyway to get passed this you can run :

sed -i ‘s/$user ne \”planetbackup”/$user ne \”toor\” \&\& $user ne \”admin\”/g’ /scripts/hackcheck; echo “/scripts/hackcheck” >> /etc/cpanelsync.exclude

This is the full email warning:

IMPORTANT: Do not ignore this email.
This message is to inform you that the account planetbackup has user id 0 (root privs).
This could mean that your system was compromised (OwN3D). To be safe you should
verify that your system has not been compromised.