Monday 25 May 2015

SSL Wildcard Certificate Installation in Nginx

1. Copy the obtained PFX certificate to a location in the server (eg: /home/xyz).

2.  Convert the PFX certificate to PEM
                openssl   pkcs12  -in  demo.pfx  -out  demo.pem
                Enter the password. Once it is entered, you will be asked for a new password which is used 
                to   encrypt the private key.
                Once the above step is completed, a PEM file is obtained.

3. Open the PEM file in a text editor

4. Copy the key part in the PEM file along with the dashed line part to a separate file (eg demo.key).

5. Now the private key has to be decrypted using the password used in the PFX file.
                openssl   rsa   -in  demo.key  -out  demo.key

6. Copy the files demo.pem and demo.key to /etc/ssl

7. Edit your Nginx virtual host file.
                server {

                                listen   443;

                                ssl    on;
                                ssl_certificate    /etc/ssl/demo.pem;

                                ssl_certificate_key    /etc/ssl/demo.key;

                                server_name example.domain.com;
                                access_log /var/log/nginx/nginx.vhost.access.log;
                                error_log /var/log/nginx/nginx.vhost.error.log;
                                location / {
                                                root   /home/www/public_html/example.domain.com/public/;
                                                index  index.html;
                                }
                }       
      

8. Restart Nginx Process

                sudo  /etc/init.d/nginx  restart

Audio Redirection through RDP

Log in to the Server or Machine through RDP,

1. Go to services.msc

2. Start 'Windows Audio' service . Change it to Automatic.

3. Open gpedit.msc

4. Go to Computer Configuration > Administrative Templates > Windows Components > Remote 
Desktop Services > Remote Desktop Session Host > Device and Resource Redirection
                Enable 'Allow Audio and Video Playback Redirection'.
                If setting above policy not found,
                Go to Computer Configuration > Administrative Templates > Windows Components >       
                Terminal Services > Device and Resource Redirection
                Enable 'Allow Audio Redirection'.

5. Open up 'tsconfig.msc'

6. Select 'RDP-Tcp' Connection, right Click, Select Properties.

7. Select Client Settings Tab

8. Uncheck 'Audio'


9. Restart Machine

Tuesday 7 October 2014

Removing Dynamic Members from queue (Asterisk)

Log in to asterisk CLI

asterisk -r

Use the following command to show the members in the queue.

queue show <queue name>

To remove a member listed in that queue

queue remove member <member name> from <queue name>

Hitting 'tab' after 'queue remove member' will list the members that are available.

Tuesday 30 September 2014

Shellshock Fix (RHEL 5 or CentOS 5)


Shellshock / Bashdoor is a group of security bugs which made the Unix Bash shell vulnerable to exploits. Servers running web services, ftp, etc which use bash to execute certain commands allowed attackers to execute arbitrary commands and may as a result allow them to gain unauthorized access.


Before you fix the vulnerability, you need to know whether the bug affects your version of bash.

CVE-2014-6271

This vulnerability can tested using the following command.
 
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 
 
If your system is affected , the word "vulnerable" will be displayed as the part of the output.
 
 

CVE-2014-7169

This can be tested using the following command

cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo

If the above command outputs the current date, you will be vulnerable. If it shows the word "date", then you are fine.

 You can also test it with the following command.

env -i X=' () { }; echo hello' bash -c 'date'

If the commands gives an output "hello" you are vulnerable.



CVE-2014-7187

Test the vulnerability with the following command.

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

 If "CVE-2014-7187 vulnerable, word_lineno" comes as a part of  the output, then you are vulnerable.


CVE-2014-7186

Use the following command to test for the vulnerablity.

 bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"

If you see " CVE-2014-7186 vulnerable, redir_stack" as a part of the output, then your system is vulnerable.


Fix


The only fix to the issue is to update your bash.

The current version can be known by using the command

bash --version


If you have CentOS-base.repo enabled, then, to update bash use the following command.

yum update bash





 
  

 



Saturday 30 August 2014

"The User Profile Service failed the logon” error message - Windows 7



1. Go to regedit


2. In Registry Editor,find and then click the registry sub key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList


3. Locate the folder that begins with S-1-5 (SID key) followed by a long number.


4. Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error.


5. If there are two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bak folder. To do this, follow these steps:


   a.Right-click the folder without .bak, and then click Rename. Type .ba, and then press ENTER.


   b. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.



  c. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press ENTER.



6. Double-click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK.


7. Click the folder without .bak, in the details pane, double-click State, type 0, and then click OK.


8. Close Registry Editor.


9. Restart the computer.


10. Log on again with your account.

/usr/bin/ld: cannot find -lmysqlclient - Compiling from source

While compiling an application from source, the following error was encountered.

/usr/bin/ld: cannot find -lc
Process exited with status 1.

The problem was that the MySQL client library files didn't have soft links created for 'libmysqlclient' to the /usr/lib directory

The default installation created 'libmysqlclient.so.16'.

So inorder for the compilation to work, a soft link for this was created using

ln -s /usr/lib/libmysqlclient.so.16 /usr/lib/libmysqlclient.so

Dialing extension on a remote Asterisk Server through IAX trunk

Open the config extensions_additional.conf

Go to the context of the concerned IVR.

add the Line

exten => _<Dial Pattern>,1,dial(iax2/<Trunk Name>/${EXTEN})

eg: exten => _5xxx,1,dial(iax2/OFFICE3/${EXTEN})
When this is done, a pattern with 5 followed by 3 digits ,ie, an extension will be forwarded to the remote asterisk server using IAX2 trunk

So that an extension of an elastix server can be dialled from a remote server.

Once the file is edited

Reload asterisk.