emergency reboot a hung Linux host

Sometimes you need something that can kick a host a bit harder than the standard reboot command. Even if you include the -f switch to force, a hung task can prevent your host from rebooting.

Try this – first enable the sysrq setting, then trigger. Your host should reboot immediately.

sudo echo 1 > /proc/sys/kernel/sysrq
sudo echo b > /proc/sysrq-trigger

Note : This is effectively a hard reset which does not cleanly shut services or tasks down. You may need to check your disk on some operating systems.

Ubuntu – Disable Firewall

if your working with Ubuntu in lab or test env, you may want to disable firewall…. two simple commands;

sudo ufw disable 

sudo apt-get remove ufw 

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
ufw
0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded.
After this operation, 838 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 64052 files and directories currently installed.)
Removing ufw (0.35-0ubuntu2) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.7.5-1) ...

pc engine – pfsense as router / firewall

download (1)Just built a pfsense router on  a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!

Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)

I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);

  • dhcpd – DHCP server
  • miniupnpd – UPnP server
  • ntpd – NTP server
  • squid – Transparent Proxy & Reverse Proxy
  • snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • ssd – SSH server
  • unbound – DNS Server
  • ipsec – IPsec VPN (site to site VPN)
  • openvpn – Open VPN (client VPN)

Check these links for some great advise…

https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/

http://www.smallnetbuilder.com/other/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html

Grab hardware here – http://www.pcengines.ch/apu.htm

IMG_5305

Creating a .pem with the Private Key and Entire Trust Chain

download (3)You may find you install a SSL cert, but certain browsers show the connection as unsafe (i.e. mobile browser has issues but desktop browsers are happy)

This generally points to not having the cert chain correct. You can check your cert chain at sites like –

https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp

https://www.sslshopper.com/ssl-checker.html

 

  1. Download your Intermediate and Primary Certificates.
  2. Open a text editor (such as notepad) and paste the entire body of each certificate into one text file in the following order:
    1. The Private Key – your_domain_name.key
    2. The Primary Certificate – your_domain_name.crt
    3. The Intermediate Certificate – gd_bundle_g2_g1.crt
    4. The Root Certificate – TrustedRoot.crt

    Make sure to include the beginning and end tags on each certificate. The result should look like this:

    —–BEGIN RSA PRIVATE KEY—–
    (Your Private Key: your_domain_name.key)
    —–END RSA PRIVATE KEY—–
    —–BEGIN CERTIFICATE—–
    (Your Primary SSL certificate: your_domain_name.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Intermediate certificate: DigiCertCA.crt)
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    (Your Root certificate: TrustedRoot.crt)
    —–END CERTIFICATE—–

    Save the combined file as your_domain_name.pem. The .pem file is now ready to use.

ERROR: No forward-proxy ports configured

I had the above issue after a squid upgrade and after changing from http_port 3128 transparent to http_port 3128 intercept.

Add “http_port 8080” line to squid.config to avoid this message, if you are not already using that port.

The changes in security require that a separate port be setup for forwarding proxy requests