How to verify matching private key with a certificate

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5

Service/Daemon Management

restarting/stopping/starting a service

On any init.d based linux distro you can restart a service with the following…

/etc/init.d/serviceName restart

You may replace ‘restart’ with ’stop’ or ’start’ (and in some cases ’status’).
Forcefully stopping a service

killall processName

Killing on instance of a service

kill pid

The pid can be gathered by either top or ps

Disabling/adding/listing services

chkconfig –list

displays all the services and if they are set to run in different runlevels
use the –del daemonName to remove a service or –add daemonName to add one

 chkconfig [–level <levels>] <name> <on|off|reset>

 eg.  chkconfig –level 3 httpd on

This will set the httpd to ON on run level 3.

setting a program to run at startup

Add a line executing the command at the end of /etc/rc.local

File Manipulation
Editing Text Files

vi is by far the best text editor but has a learning curve to it. If you want simplicity use nano
display a text file from the command line

cat filename

or

more filename

Display the last few lines of a text file

tail filename

or you can display the last 50 lines of a file with…

tail -50 filename

or you can display lines as they are written to a file (or follow) with the following: (UBER useful for log files)

tail -f filename

copy a file

cp filename destination

move a file

mv filename destination

delete a file

rm -f filename : removes the file. -f makes it so it doesn’t ask you if you are sure

Displaying the differences between two files

diff file1 file2

Installing crap

On redhat derived systems (RedHat, Fedora, CentOS, Rocks, Mandrake, etc) yum is your package manager.

yum install appname : installs the application from the remote yum repository

yum search appname : does a search on the repository for a given program

yum remove appname : uninstalls an app

use ‘man yum’ for a complete list

Archives

tar.gz or .tgz is the most common compression found in the linux world. that is tared (Tape ARchive) and gziped. Sometimes called “tar balls”.

tar -xzf file.tgz : will X’trackt a tar/gzip file.

tar -czf myfile.tgz someDir : will create a tar and gziped archive of the given directory

gunzip : un gzips a file

unzip : unzips a .zip file

User Management

useradd

useradd userName

then run “passwd userName” to set the new users pw

passwd

passwd username

will ask for the new pw twice

File Permissions

Listing Permissions

ls -al will display all files in a list with their owners and permissions

-rw-r–r– 1 irq13 irq13 1006 Jan 24 10:16 .bashrc

Now to break down the above example…

-rw-r–r– is the permissions area.

The first – would be d if the item is directory, otherwise it will be -.

The second 3 dashes indicate read/write/execute for the owner,
the second is r/w/x for the group and third is r/w/x for everyone else.

The next number is the inodes associated with the file. This isn’t important for you to know the basics

Next when it says irq13 irq13 that indicates the owner of the files name group
Changing ownership of a file

chown username:groupname file
Changing permissions of a file

chmod XXX filename

chmod uses a numeric system for assigning ownership.
XXX represents 3 numbers.
The first is the permissions applied to the owning user, 2nd is group, 3rd is everyone else.

1: execute 2: write 3: write & execute 4: read 5: read & execute 6: read & write 7: read, write & execute

Remember that 777 is only to be used as a trouble shooting step to rule fs permissions out.

NEVER leave a dir as 777. Its useful to do ‘ls -alh * > perm_capture.txt’ before messing with a file.

That way you can restore its original permissions.
Attributes

Files also have attributes, similar to the ones found in the windows world.

lsattr filename : Lists the attributes of a file or directory

chattr +-=[ASacDdIijsTtu] filename

to add an attribute use + to remove use –

File Attributes

append only (a)
compressed (c)
no dump (d)
immutable (i)
data journaling (j)
secure deletion (s)
no tail-merging (t)
undeletable (u)
no atime updates (A)
synchronous directory updates (D)
syn-chronous updates (S)
top of directory hierarchy (T)

Use man chattr for an explanation of each attribute
launching scripts and bins

* If an executable file is in your path you may simply type its name from anywhere on the system and it will execute.
* To see what your path is type ‘path’
* To execute a file in the current directory type “./filename
* To execute a file it must have execute permissions for either your username or a group you belong to.

Additional command operators

ps | grep ssh — only display lines that contain ssh

; used to “stack commands” or issue multiple commands on 1 line. cd ..; ls

& puts a command in the background. Will let you know when the command is finished

> write what is displayed on the screen from a given command to a text file ls -alh /root > /root/myRoot.txt

>>

appends screen output to an existing file

Basic commands

* whoami : displays current user
* top : displays the top cpu/memory eaters and system load.. like task manager on windows
* ps : displays all processes running.. ps aux is the most useful way to run it
* wall “some text” : sends a broadcast message to all logged on users
* man program : displays the ‘man page’ or manual for a given program. Use space bar to page down and q to exit
* program -h : displays the help for a given program, briefer than man
* du -sh dirName : Displays the total size of a directory recursively
* df -kh : displays total and available storage on all partitions for the system
* locate filename : finds ware a program or file is located on the system
* w : displays who is ssh’ed or logged in.
* watch -n seconds filename : will execute a file every n seconds. Useful to watch who is online, watch -n 3 w
* wget http://somesite.com/somefile : gets a file via ftp, rsync, http, etc from a remote host.
* netstat : displays all listening ports and active connections
* ifconfig : used for listing network interface info and setting it
* clear : clears the terminal
* md5sum filename : displays the md5 checksum of the given file

File System

/ : root of the file system contains all devices and directory’s

/root : the root users home directory

/home : all other users home dirs reside in here

/boot : All the kernels and boot specific info

/tmp : temporary files are stored here, is commonly world writable so keep an eye on it

/dev : on linux even hardware devices are part of the file system, they are stored here.

/bin : executables that should be safe for normal users to run

/var : the system writes data here during its operation, commonly contains/var/lib/mysql and /var/www

/opt : optional software, 3rd parties stick stuff here

/sbin : system executables that only root should need

/proc : the OS uses this to keep track of everything on the system in real time. No need to muck around in here

/mnt or /media: this ware new file systems get mounted (cds, floppys, flash drives)

/etc : all config files

Basics

I see most of the people searching for basics on linux and found much difficult to get it in short.
I have gathered some from a wiki and will add to this section. This might help some of you guys 🙂

How To Find What Version of PEAR Is Installed in your Linux Apache Server

if you want to know what version of PEAR you have, or simply just want to know if you have PEAR installed, simply run the following command in your linux box shell prompt:

pear list

Once you execute the command above, you should see something like this:

Installed packages
===================
Package
Version
State
Archive_Tar
1.1
stable
Console_Getopt
1.2
stable
DB
1.7.6
stable
HTML_Template_IT
1.1
stable
HTTP
1.3.6
stable
Mail
1.1.8
stable
Net_SMTP
1.2.7
stable
Net_Socket
1.0.6
stable
Net_UserAgent_Detect
2.0.1
stable
PEAR
1.3.6
stable
XML_Parser
1.2.6
stable
XML_RPC
1.4.1
stable

If you don’t see anything like the above, then you dont have PEAR installed. However, Good new I have, you can download free at http://pear.php.net

How to track which site is using the apache processes.

For apache 1.3, edit your /etc/httpd/conf/httpd.conf and add

ExtendedStatus On <Location /httpd-status> SetHandler server-status Order deny,allow Deny from all Allow from 127.0.0.1 </Location>

 

 

 

just after the code that says “ServerSignature On”. Save, exit, then restart apache. You can access the stats page by going to http://1.2.3.4/httpd-status where 1.2.3.4 is your server’s IP.

If you’re running apache 2.x , then it’s already in the file:
/etc/httpd/conf/extra/httpd.conf
Change the “Allow from” lines to include your IP.

Under cPanel servers the code is already present but you need to uncomment it or just add the code :

<Location /whm-server-status> 
SetHandler server-status 
Order deny,allow 
Deny from all 
Allow from 127.0.0.1
</Location>