How to delete stuck snapshot from FreeNAS

When you’re trying to delete a snapshot from the FreeNAS you receive a message cannot destroy snapshot backups@auto-20140315.1448-2d: dataset is busy. 

This may be caused by stuck replication job is preventing the snapshot from being deleted.

Run the following command to see what is being held.

 zfs holds Data@auto-20141107.1513-4w
NAME                        TAG           TIMESTAMP
Data@auto-20141107.1513-4w  freenas:repl  Fri Nov  7 15:16 2014

You can then release the stuck snapshot.

[root@NAS] ~# zfs release -r freenas:repl Data@auto-20141107.1513-4w

Then you are able to delete the snapshot.

[root@NAS] ~# zfs destroy -r Data@auto-20141107.1513-4w
Advertisements

Installing SSL Cert for cPanel/WHM Itself

Problem:

I am attempting to install a proper cert for WHM and cPanel. I ordered a cert in the name of server.mydomain.com and plunked it into WHM. However, browsers are still coming up with the original self-signed cert that WHM generates upon install.

I notice that if I go to https://server.mydomain.com there are no warnings and the cert behaves as expected. However, as soon as I try to go to https://server.mydomain.com:2087 orhttps://server.mydomain.com/whm, the self-signed certificate warning shows up again.

I assume from this that WHM is running on a different instance of Apache than my accounts. Is this true? And if so, how do I go about installing a certificate for WHM itself?

Solution:

How to Setup WHM and CPANL so clients will be redirected to a valid SSL Certificate when logging in.

Instructions based on WHM v11.15.0

1) Purchase / Install the Certificate for your fully qualified domain (ie: server.domain.com)

SSL / TLS >> Install a SSL Certificate and Setup the Domain

2) Test your new CERT

https://server.domain.com/
should resolve and the cert should function properly before moving forward.

https://server.domain.com:2087/
should be giving you an invalid certificate error

3) Install the CERT for the WHM and CPANEL Service (this is the step you don’t think about!!)

Service Configuration >> Manage Service SSL Certificates
> Select “Install New Certificate” for the “cPanel/WHM/Webmail Service”
> Select Domain this CRT is for “Browse”
> Pick the full server cert you installed “server.domain.com”
> Press “Submit” to install

4) Test your Service Certificate

https://server.domain.com:2087/
should now be working !! WHOOOO

** Once your done, you may choose to install the same cert for your SMTP, POP, and FTP accounts so that the option is available and functioning properly

NOTE: You may need to reboot the server to see changes.

Creating mediawiki for private use

Restrict account creation

To restrict account creation, you need to edit LocalSettings.php in the root path of your MediaWiki installation.

# Prevent new user registrations except by sysops
 $wgGroupPermissions['*']['createaccount'] = false;

Note Note: You can use the ConfirmAccount extension if you want to set up an account confirmation queue. (If not you may still proceed as follows.)

Note Note: New users will still be able to be created by sysops, in the following manner:

Go to [[Special:Userlogin]], when logged in as a sysop.
Click on “Create an account” link to get to the account creation form.
Enter a username and an email address, and click the “by email” button. Note you need $wgEnableEmail=true or else the sysop must pick a password and send it to the user.
The account will be created with a random password which is then emailed to the given address (as with the “forgot password” feature). The user will be requested to change password at first login; when he does this, his e-mail address will also be marked as confirmed.

When you click the “create account” button instead, you have to manually send the user his password. If you’ve set $wgMinimalPasswordLength=0 (default configuration up to version 1.15) and you’ve left the password field blank, the user will be emailed an e-mail address confirmation request but will be unable to access Special:Confirmemail to perform the confirmation. Instead, he’ll get an error (unless you’ve added it to $wgWhitelistRead); he’ll be able to login with a blank password and then confirm email, but his password will not have been reset (he’ll have to reset it manually).

It may be appropriate to edit the text displayed when a non-user attempts to log in. This can be done at [[MediaWiki:Nosuchuser]], when logged in as a sysop. Use plain text without any special formatting, as the formatting is ignored and the text is literally rendered.

Restrict editing of all pages

Users will still be able to read pages with these modifications, and they can view the source by using Special:Export/Article name or other methods (see also bug 1859).

See Help:User rights and Manual:$wgGroupPermissions. Some examples of how to protect all pages from editing (not reading) by certain classes of users:
[edit]

Restrict anonymous editing

$wgGroupPermissions['*']['edit'] = false;

Note: You may then also want to hide user tools for anonymous (IP) visitors: $wgShowIPinHeader = false;

Restrict editing by all non-sysop users

$wgGroupPermissions['*']['edit'] = false;
 $wgGroupPermissions['user']['edit'] = false;
 $wgGroupPermissions['sysop']['edit'] = true;

Restrict editing by absolutely everyone

$wgGroupPermissions['*']['edit'] = false;
 $wgGroupPermissions['user']['edit'] = false;
 $wgGroupPermissions['sysop']['edit'] = false;

Password Protecting site with .htaccess

Use the following as the template on your httpd-vhosts.conf file which is found in c:\xampp\apache\conf\extra.

<VirtualHost *>
  DocumentRoot c:/WebStorage/demo
  ServerName demo.criservices.ca
  <Directory "c:/WebStorage/demo/">
    Options Includes Indexes FollowSymLinks
    AllowOverride all
    Order allow,deny
    Allow from all
    AuthType Basic
    AuthName "CU Intranet Demo Site"
    AuthUserFile "c:/WebStorage/passwd/.htpasswd"
    AuthGroupFile "c:/WebStorage/passwd/.htgroup"
    require group demo   
  </Directory>
</VirtualHost>

Managing Userid and Password file

htpassword.exe is located in c:\WebStorage\passwd

Create a new Password File

To create a new password file, use the -c switch and the name of the first user you want to add to the file:

htpasswd -c .htpasswd newuser

htpasswd will prompt you for the password. You are then asked for confirmation and if the two passwords match, the file will be created, and the new user will be added.
If you look at the file .htpasswd, you will see something like this:
newuser:twUSgw3mmejnc

Adding a new user to existing pasword file or change a password

To just add a user to your (already existing) password file, or to change the password of an existing user, use the same function without the -c switch.

htpasswd .htpasswd username

Removing a user from your password file

To remove a user from your password file, you need to open the file using your text editor and remove the line containing the userid and password.

Creating Group Files

Creating group file requires just a text editor. The format of the group file is the name of the group followed, colon followed by the list of the members of that group:

Managers: robert barry jim brian

Using wget to make backup of website

GNU’s wget command line program for downloading is very popular, and not without reason. While you can use it simply to retrieve a single file from a server, it is much more powerful than that and offers many more features. One of the more advanced features in wget is the mirror feature. This allows you to create a complete local copy of a website, including any stylesheets, supporting images and other support files. All the (internal) links will be followed and downloaded as well (and their resources), until you have a complete copy of the site on your local machine. In its most basic form, you use the mirror functionality like so: $ wget -m http://www.example.com/ There are several issues you might have with this approach, however. First of all, it’s not very useful for local browsing, as the links in the pages themselves still point to the real URLs and not your local downloads. What that means is that, if, say, you downloadedhttp://www.example.com/, the link on that page to http://www.example.com/page2.html would still point to example.com’s server and so would be a right pain if you’re trying to browse your local copy of the site while being offline for some reason. To fix this, you can use the -k option in conjunction with the mirror option: $ wget -mk http://www.example.com/ Now, that link I talked about earlier will point to the relative page2.html. The same happens with all images, stylesheets and resources, so you should be able to now get an authentic offline browsing experience. There’s one other major issue I haven’t covered here yet – bandwidth. Disregarding the bandwidth you’ll be using on your connection to pull down a whole site, you’re going to be putting some strain on the remote server. You should think about being kind and reduce the load on them (and you) especially if the site is small and bandwidth comes at a premium. Play nice. One of the ways in which you can do this is to deliberately slow down the download by placing a delay between requests to the server. $ wget -mk -w 20 http://www.example.com/ This places a delay of 20 seconds between requests. Replace that number, and optionally you can add a suffix of m for minutes, h for hours, and d for … yes, days, if you want to slow down the mirror even further. Now if you want to make a backup of something, or download your favourite website for viewing when you’re offline, you can do so with wget’s mirror feature. To delve even further into this, check out wget’s man page (man wget) where there are further options, such as random delays, setting a custom user agent, sending cookies to the site and lots more. If you need to specify username and password for ftp access, use the URL with the userid:password@ftp.example.com format. $ wget -m ftp://userid:password@ftp.example.com/folder Of course if your userid or password contains the @ symbol, you won’t be able to use the above command. If that is the case, you need to specify the user name and password separately. Use the following command. $wget -m --ftp-user=username --ftp-password=foo@bar ftp://ftp.example.com/folder

For http use the format
wget –user username –password password http://www.website.com/folder

Creating Secure File Upload/Download sites using UBUNTU Server

Use the following guide to create a secure file transfer site.

1. Install Ubuntu Server with SSH and LAMP enabled. Be sure to encrypt the whole hard drive.

2. (Optional) Install SFTP so users can use SFTP to transfer files.

3. Configure a Apache2 web server with SSH.

4. Edit php.ini file (/etc/php5/apache2) to increase the file upload maximum.

    1. upload_max_filesize – The maximum size of an uploaded file.
    2. post_max_size – Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize. If memory limit is enabled by your configure script, memory_limit also affects file uploading. Generally speaking, memory_limit should be larger than post_max_size.

5. Install phpmyadmin by typing sudo apt-get phpmyadmin.

6. Under /var/www folder create a folder called “files”. Give user permission to be able to write to the folder (chmod 777 files). Create index.html in the files folder. Index.html does not need to have anything particular. Just have some text in it.

7. Modify /etc/crontab file. Add the following line at the end of the crontab file. It will delete any file older than 7 days in the /var/www/files folder, but will not delete the index.html in the folder.

1 20 * * * root touch /var/www/files/index.html
1 21 * * * root find /var/www/files/ -mtime +7 -exec rm {} \;

8. Create a database using mysql.  Use the following SQL command to create a database. Grant user access to the database.

-- phpMyAdmin SQL Dump
-- version 4.0.10deb1
-- http://www.phpmyadmin.net
--
-- Host: localhost
-- Generation Time: Dec 08, 2015 at 03:26 PM
-- Server version: 5.5.46-0ubuntu0.14.04.2
-- PHP Version: 5.5.9-1ubuntu4.14

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;

--
-- Database: `FileUploader`
--

-- --------------------------------------------------------

--
-- Table structure for table `DownloadHistory`
--

CREATE TABLE IF NOT EXISTS `DownloadHistory` (
 `ID` int(11) NOT NULL AUTO_INCREMENT,
 `Date` text NOT NULL,
 `IPAddress` text NOT NULL,
 `FileName` text NOT NULL,
 PRIMARY KEY (`ID`),
 UNIQUE KEY `ID` (`ID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

-- --------------------------------------------------------

--
-- Table structure for table `FileLists`
--

CREATE TABLE IF NOT EXISTS `FileLists` (
 `ID` int(11) NOT NULL AUTO_INCREMENT,
 `FileCode` text NOT NULL,
 `FileName` text NOT NULL,
 `Expiration` text NOT NULL,
 `FileDate` text NOT NULL,
 `CryptFileName` text NOT NULL,
 PRIMARY KEY (`ID`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=2 ;

/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

9. Place the following files in the /var/www folder.

custom.php   (for $c_userid and$c_password variable, use the echo crypt(“string value”,’xx’) to generate the value)

 
<?php
$c_userid = "xxGeneratedValue"; # Upload UserID
$c_password = "xxGeneratedValue"; # Upload Password
$forbidden_file_extension = array("php","html","htm");
$dbase_name = "FileUploader"; # mysql Database Name
$dbase_user = "FileUpload"; # mysql UserID
$dbase_pass = "password"; # mysql Password
?>

download.php

<?php

function Display_Upload()
 {
$HTMLDOCS = <<<HTML1
<html>
<body>
<form action="download.php" method="post"
enctype="multipart/form-data">
<h1><center>Secure File Download</center></h1>
<table align="center">
<tr><td>File Code: </td>
<td><input type="text" name="FileCode"> </td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Download File"
/></td></tr>
</table>
</form>
</body>
</html>
HTML1;
print $HTMLDOCS;
}

function Check_Files($FileCode)
 {
 $FileCode = substr($FileCode,0,9);
if (preg_match ('/[0-9]+[0-9]+[0-9]+[0-9]+[0-9]+[0-9]+[0-9]+[0-9]+[0-9]/',$FileCode)==false)
 {
 echo "Wrong Code Entered. File Code is 9 digit number.";
exit;
 }
 include("custom.php");
 $con = mysql_connect("localhost",$dbase_user,$dbase_pass);
 if (!$con)
 {
 die ('Could not Connect: '. mysql_error());
 }
 mysql_select_db ($dbase_name,$con);
 $sql = "select * from FileLists where FileCode = ".$FileCode;
 $result = mysql_query($sql);
 $row=mysql_fetch_array($result);
 if (mysql_num_rows($result)==0)
 {
 echo "Wrong Code Entered. Please go back and enter the correct File Code.";
 exit;
 }
 if (!file_exists("files/".$row['CryptFileName']))
 {
 echo "The requested file has expired. The file you requested is not available for download anymore.";
 exit;
 }
 }

function Write_Log($FileCode)
 {
 include ("custom.php");
 $con = mysql_connect("localhost",$dbase_user,$dbase_pass);
 if (!$con)
 {
 die ('Could not Connect: '. mysql_error());
 }
 mysql_select_db ($dbase_name,$con);
 $sql = "select * from FileLists where FileCode = ".$FileCode;
 $result = mysql_query($sql);
 $row=mysql_fetch_array($result);
 $FileDate = date ("Y-m-d H:i:s");
 $FileName =$row['FileName'];
 $IPAddress = $_SERVER['REMOTE_ADDR'];
 $sql = "INSERT INTO DownloadHistory (Date,IPAddress,FileName) VALUES('";
 $sql = $sql . $FileDate."','".$IPAddress."','".$FileName."')";
 $result = mysql_query($sql);
 }

function Download_File($FileCode)
 {
 include ("custom.php");
 $con = mysql_connect("localhost",$dbase_user,$dbase_pass);
 if (!$con)
 {
 die ('Could not Connect: '. mysql_error());
 }
 mysql_select_db ($dbase_name,$con);
 $sql = "select * from FileLists where FileCode = ".$FileCode;
 $result = mysql_query($sql);
 while ($row=mysql_fetch_array($result))
 {
// Headers to send your file
 header("Content-Type: application/jpeg");
 header("Content-Disposition: attachment; filename = ". $row['FileName']);
 readfile("files/".$row['CryptFileName']);
 exit;
 }
 }

// Main Program
include ("custom.php");
$success =0;
if (!isset($_POST["FileCode"]))
 {
 Display_Upload();
 } else
 {
 Check_Files($_POST["FileCode"]);
 Write_Log($_POST["FileCode"]);
 Download_File($_POST["FileCode"]);
}

?>


upload.php

<?php

function Display_Upload()
 {

$HTMLDOCS = <<<HTML1

<html>
<body>

<form action= "upload.php" method="post" enctype="multipart/form-data">
<h1><center>IHS Secure File Upload</center></h1>
<table align="center">
<tr><td>Userid: </td>
<td><input type="text" name="userid"> </td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password"></td></tr>

<tr><td>Filename:</td><td>
<input type="file" name="file" id="file" /> </td></tr>

<tr><td colspan="2"><input type="submit" name="submit" value="Upload File"/></td></tr>
</table>
</form>

</body>
</html>
HTML1;

print $HTMLDOCS;
}



// Check to see if the files are ok to be uploaded.
function CheckFile()
 {
 include ("custom.php");
 $ReturnValue = 0;
 if (file_exists("files/" . $_FILES["file"]["name"]))
 {
 $ReturnValue = 1;
 }
 // File Extension Check.
 $pieces = explode (".",$_FILES["file"]["name"]);
 $extension = $pieces[count($pieces)-1];
 // echo "<h1>".$extension."</h1>";
 for ($i=0;$i<count($forbidden_file_extension);$i++)
 {
 if ($extension == $forbidden_file_extension[$i])
 {
 $ReturnValue = 2;
 }
 }
 Return $ReturnValue;
 }

function Upload_File()
 {
 global $success;
 $UploadOK = 0;
 if ($_FILES["file"]["error"] > 0)
 {
 echo "Return Code: " . $_FILES["file"]["error"] . "<br/>";
 }
 else
 {
// echo "Upload: " . $_FILES["file"]["name"] . "<br />";
// echo "Type: " . $_FILES["file"]["type"] . "<br />";
// echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br/>";
// echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br/>";
 $UploadOK = CheckFile();
 if ($UploadOK!= 0)
 {
 if ($UploadOK ==1)
 {
 echo "<h2>". $_FILES["file"]["name"] . " already exists.</h2> ";
 echo "<h2>Go back to <a href=\"index.php\">Main Screen</a>.</h2>";
 exit;
 }
 if ($UploadOK ==2)
 {
 $pieces = explode (".",$_FILES["file"]["name"]);
 $extension = $pieces[count($pieces)-1];
 echo "<h2>File Extension ".$extension." is forbidden.</h2>";
 echo "<h2>Go back to <a href=\"index.php\">Main Screen</a>.</h2>";
 exit;
 }
 }else
 {
 $new_FileName = crypt($_FILES["file"]["name"],'xx');
 $new_FileName = str_replace ("/",".",$new_FileName);
 move_uploaded_file($_FILES["file"]["tmp_name"], "files/" . $new_FileName);
 echo "Stored in: " . "files/" . $new_FileName."</br>";
 $success = 1;
 }
 }
 }

function Write_Description($success)
 {
 include ("custom.php");
 if ($success==1)
 {
 $con = mysql_connect("localhost",$dbase_user,$dbase_pass);
 if (!$con)
 {
 die ('Could not Connect: '. mysql_error());
 }
 mysql_select_db ($dbase_name,$con);
 $FileCode = strval(rand (100000000,999999999));
 $FileName = $_FILES["file"]["name"];
 $FileDate = date("Y-m-d");
 $ServerURL = "https:/"."/".$_SERVER['SERVER_NAME'];
 $new_FileName = crypt($_FILES["file"]["name"],'xx');
 $new_FileName = str_replace("/",".",$new_FileName);


 $sql = "INSERT INTO FileLists (FileCode,FileName,Expiration,FileDate,CryptFileName) VALUES('";
 $sql = $sql .$FileCode."','". $FileName."','1 Days','".$FileDate."','".$new_FileName."')";
// echo $sql;
 $result = mysql_query($sql);
 if ($result)
 {
 echo "<h1>File was uploaded successfully</h1>";
 echo "<h3>File Download instruction:</h3>";
 echo "<h4>Point your browser to <a href='".$ServerURL.":4040/download.php'>".$ServerURL.":4040/download.php</a></h4>";
 echo "<h4>Enter ".$FileCode." in the File Code area.</h4>";
 echo "<h4>The file will be available for download until ". date("Y-m-d",strtotime("+7 days")). " and will be deleted from the system.";
 } else
 {
 echo "Fail";
 }
 } else
 {
 echo "File Could not be uploaded... Please try again.";
 }

 }
// Main Program

include ("custom.php");

$success =0;
if (!isset($_POST["userid"]))
 {
 Display_Upload();
 } else
 {
 if ((crypt($_POST["userid"],'xx')==$c_userid) && (crypt($_POST["password"],'xx')==$c_password))
 {
 Upload_File();
 Write_Description ($success);
 } else
 {
 echo "Authentication Failed";
 }
 }

?>





Installing UBUNTU Linux with full hard drive encryption

Install Ubuntu

The process to install Ubuntu should be straightforward until you reach the following screen:

Here is where you are asked whether you with to encrypt your home directory. If your main concern is protecting the confidentiality of your data at rest when your computer is turned off, encrypting the home directory is not necessary as we are going to be encrypting the entire hard drive. If you are a bit more paranoid and wish to also encrypt your home directory so that your data remains encrypted when your computer is powered on but you are logged out, then you may wish to also encrypt your home directory however enabling both forms of encryption (i.e. encrypted home directory on top of full disk encryption) will result in a performance hit.

Proceed with the installation until you reach this screen:

You have two alternatives to enabling full disk encryption: The easiest one is to let the installer configure the partitioning and encryption settings for you by selecting “Guided – use entire disk and set up encrypted LVM”. The second alternative is to select “Manual” and manually setup your partitions (root, swap, boot, etc.), select your file system types, and specify your encryption settings. The guided installation sets up LVM with ext4 as your root partition, using 256-bit AES encryption in cipher-block-chaining mode, whereas in the manual mode for your encryption settings you can select AES or serpent ciphers in 128, 192 or 256-bit keysizes. Those not comfortable or familiar with setting up partitions for Linux systems should select the Guided approach.

Continue on until you reach this screen:

Here is where you select your disk encryption password which you’ll need to specify every time your computer boots up. It is important to stress that the strength of your encryption is highly dependent on the complexity of your passphrase. A passphrase of 20 characters or more in length is recommended. DO NOT forget this passphrase!

Continue with the installation until it completes and your system boots into Ubuntu for the first time. Once it boots up, it shouldn’t be long until you get prompted to install many updates. Do so, reboot, and continue on.