Home General General: Tips & Tricks and one-liners (Part III)
General

General: Tips & Tricks and one-liners (Part III)

by Kliment Andreev
by Kliment Andreev
Post Views: 1,267
Reading Timee: 4 minutes

Part I and Part II.

WordPress – prevent unauthorized admin logins

If you have a WordPress blog, you probably know that there are tons of attempts from users/scripts to try to take over your blog and post spam. There are a lot of plugins there that can take care of different security aspects, but by far, this simple solution works best for me.
It prevents anyone except white listed IPs to access your login page. Instead they’ll get error 404, page not found. The only problem is that you can’t have your own user base. So, if someone wants to post a comment, it can’t be a user registered on your blog. I use the Social Login plugin that allows users to login and register with one click on this blog, using their own social network’s logins.

Anyway, you need mod_rewite installed on your web server. Look for this line and if it’s commented, remove the # and reload the config.

LoadModule rewrite_module libexec/apache24/mod_rewrite.so

In the root of your blog, edit the .htaccess file and make sure it looks like this.
In my example, I have only two IPs allowed that can access the wp-login page. The rest will get page not found when accessing wp-login.php or wp-admin.

ErrorDocument 401 /index.php?error=404
ErrorDocument 403 /index.php?error=404

 <IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^198.16.3.247$
 RewriteCond %{REMOTE_ADDR} !^24.184.123.233$
 RewriteRule ^(.*)$ - [R=403,L]
 </IfModule>
 # BEGIN protect xmlrpc.php
 <files xmlrpc.php>
 order allow,deny
 deny from all
 </files>
 # END protect xmlrpc.php

AWS: ssh to a server with private IP only

I was playing with some servers in AWS. One of them had a public IP, but the second one had a private IP only. In order to access the 2nd server with private IP only, open up the key that was given to you for the 2nd server by AWS in PEM format in your favorite text editor. Select the text and copy it to the clipboard. The key looks like this. This key should belong to the 2nd server.

Now, log to the first server with the public IP as ec2-user.
Create a new file with nano or vi and paste the content. Save it as some_file.pem.
Change the permissions.

chmod 600 some_file.pem

Then log to the 2nd server with the private IP.

ssh -i some_file.pem <internal_IP>

NTP sync in a domain environment

On the PDC domain controller.

w32tm /config /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /syncfromflags:manual /reliable:yes /update

On all other DCs.

w32tm /config /syncfromflags:domhier /update

Resync manually.

w32tm.exe /resync /rediscover

Check the status.

w32tm /query /status

Ubunty 18 – DNS

First, configure the YAML file /etc/netplan, do netplan apply and then…

sudo rm -f /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

Ubuntu 18 – Change hostname

hostnamectl set-hostname <new_hostname>

Edit /etc/cloud/cloud.cfg and replace preserve_hostname: false to true

Change Windows password from command line prompt

Open up PowerShell/CMD with admin privileges and type:

net user username new_password

FreeBSD vmtools in vCenter

If you want to install VMWare Tools in FreeBSD running in vCenter, install this package.

pkg -y install open-vm-tools-nox11

If you want the full tools that cover X11, install open-vm-tools without “-nox11” suffix in the above command.
Edit /etc/rc.conf and add these lines.

vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="NO"
vmware_guest_vmmemctl_enable="YES"
vmware_guest_vmxnet_enable="YES"
vmware_guestd_enable="YES"

FreeBSD change from DHCP to static IP, default gateway and DNS

Edit /etc/rc.conf and you’ll see a ifconfig DHCP assignment somewhere. Change the DHCP keyword with your static IP and netmask and don’t forget the default gateway.

ifconfig_vmx0="inet 192.168.1.11 netmask 255.255.255.0"
defaultrouter="192.168.1.1"

The DNS settings are under /etc/resolv.conf.

Find Wireless (WiFi) password

netsh wlan show profile <SSID> key=clear

Install git 2 on CentOS 7 from source

yum -y groupinstall "Development Tools"
yum -y install gettext-devel openssl-devel perl-CPAN perl-devel zlib-devel wget
wget https://github.com/git/git/archive/v2.23.0.tar.gz -O /tmp/git.tgz
cd /tmp
tar xzvf git.tgz 
cd git*
make configure
./configure
make install
cd /tmp
rm -Rf git*

Use git with a private key and no password

Anytime you push, clone or pull a repo, you’ll get prompted for a password which is kind of annoying. Do this to use a private key access and never get prompted for a password again. On your Linux workstation, make changes in line 2 and 3 and do:

cd
git config --global user.name "Kliment Andreev"
git config --global user.email "klimenta@iandreev.com"
ssh-keygen -t rsa -b 4096
cat .ssh/id_rsa.pub

Go to GitHub, in the upper-right corner click on the avatar, choose Settings and then SSH and GPG keys. Click to add a key, name it and paste the output from the ssh-keygen command above.
You have to change the remote origin to use SSH instead of HTTPS.

git remote set-url origin git@github.com:<github_username>/<github_repo>

vi – use spaces instead of tabs

Add this to ~/.vimrc

set tabstop=2 shiftwidth=2 expandtab

Replace tabs with spaces in vi

:%s/\t/ /g

Replace tabs with spaces in files

sed -i 's/\t/ /g' *

S3 bucket policy for static web hosting

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PublicReadGetObject",
            "Effect": "Allow",
            "Principal": "*",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::example-bucket/*"
            ]
        }
    ]
}

Ansible execute playbook locally

ansible-playbook --connection=local --inventory 127.0.0.1, ansible.yml

Import AWS key from another region

Best practice is to have separate keys for all instances, but if you need “one key to rule them all” instances, you have to create a public key from your private key and import it in AWS keys.
Let’s say your private key is something.key.

ssh-keygen -y -f something.key > something.pem

Now, cat out the pem file and paste it under AWS key import.

vi tabs, spaces

Edit .virc or .vimrc and add this line

set tabstop=2 shiftwidth=2 expandtab

Convert tabs to spaces in existing file -> :retab

0 comment
5
Email

Related Articles

General: How to stream/broadcast from your phone

General: Transfer a domain from 1and1.com to godaddy.com

General: NetApp / Virtual Connect – connect without...

General: Tips & Tricks and one-liners (Part II)

General: Tips & Tricks and one-liners (Part I)

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More