Debian: Compile and install multiple PHP CLI versions

# install dependencies
apt-get install -y build-essential
 
# download and compile PHP
for VERSION in 5.3.29 5.4.38 5.5.22 5.6.6; do
    wget -q "http://de1.php.net/get/php-${VERSION}.tar.bz2/from/this/mirror" -O- | tar xj -C /tmp
    cd /tmp/php-${VERSION}
    ./configure --prefix=/opt/php/${VERSION%.*} --disable-all --disable-cgi
    make install -j5
done
 
# add to PATH
for i in /opt/php/*; do
    ln -s $i/bin/php /usr/local/bin/php${i##*/}
done
 
# create backup
cd /opt/php
tar -cjf /tmp/opt.php.$(date -I).tar.bz2 *
 
# test backup
tar -tvf /tmp/opt.php.$(date -I).tar.bz2

Create a restricted user for SSH tunneling

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/create_ssh_tunnel_user.sh -O - | bash -

#!/bin/bash

# create new restricted user
useradd tunnel --gid nogroup --create-home --skel /dev/null --shell /bin/rbash

# set random encrypted password to enable login
echo "tunnel:$(openssl rand -base64 32)" | chpasswd

# create authorized_keys
mkdir /home/tunnel/.ssh
chmod 700 /home/tunnel/.ssh
touch /home/tunnel/.ssh/authorized_keys
chmod 600 /home/tunnel/.ssh/authorized_keys

# remove path to programs
echo 'PATH=' > /home/tunnel/.profile
chmod 400 /home/tunnel/.profile

# restrict permissions
chmod 500 /home/tunnel
chown tunnel:tunnel /home/tunnel -R

Add your public key(s)
cat /tmp/authorized_keys > /home/tunnel/.ssh/authorized_keys
sed -i 's|ssh-rsa|command="/bin/false",no-pty,no-X11-forwarding ssh-rsa|g' /home/tunnel/.ssh/authorized_keys

# parameter
command="/bin/false",no-agent-forwarding,no-pty,no-user-rc,no-X11-forwarding,permitopen="127.0.0.1:80"
no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding

Links
http://www.gnu.org/software/bash/manual/html_node/The-Restricted-Shell.html

Update LXC container templates filesystem

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/lxc/master/scripts/update_templates.sh -O - | bash -

#!/bin/bash

# ensure that this script is run as root
if [ $(id -u) -ne 0 ]; then
  sudo $0
  exit
fi

# set language to english
LANG=en_US.UTF-8

# update debian templates
for DIST in $(ls /var/cache/lxc/debian); do
  echo "Updating ${DIST} ..."
  chroot "/var/cache/lxc/debian/${DIST}" apt-get update 
  chroot "/var/cache/lxc/debian/${DIST}" apt-get dist-upgrade -y
  chroot "/var/cache/lxc/debian/${DIST}" apt-get autoremove -y
  chroot "/var/cache/lxc/debian/${DIST}" apt-get clean
done

Install Google Music Manager

wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.google-musicmanager.sh -O - | bash -

#!/bin/bash

# get URL
if [ "$(uname -m)" == "x86_64" ]; then
  # 64 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_amd64.deb
else
  # 32 bit
  URL=https://dl.google.com/linux/direct/google-musicmanager-beta_current_i386.deb
fi

# download
wget ${URL} -P /tmp

# install
sudo dpkg -i /tmp/google-musicmanager-beta_current_*.deb

$ cat /etc/apt/sources.list.d/google-musicmanager.list
deb http://dl.google.com/linux/musicmanager/deb/ stable main

Links
https://play.google.com/music/listen?u=0#/manager

Docker container under XEN VM

# enable wheezy backports repository
cat <<EOF> /etc/apt/sources.list.d/wheezy-backports.list
deb http://ftp.de.debian.org/debian wheezy-backports main
deb-src http://ftp.de.debian.org/debian wheezy-backports main
EOF
 
# install newest kernel
apt-get update
apt-get install -y -t wheezy-backports linux-image-amd64
 
# reboot your server
reboot
 
# view kernel version
uname -a
# Linux wheezy 3.16.0-0.bpo.4-amd64 #1 SMP Debian 3.16.7-ckt2-1~bpo70+1 (2014-12-08) x86_64 GNU/Linux
 
# install xen
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master

check bash version

rm /tmp/out.log
for HOST in $(cat host.list); do
    VERSION=$(ssh -o StrictHostKeyChecking=no -o ConnectTimeout=3 ${HOST} 'dpkg-query -W -f="\${Version}" "*bash*"')
    [ !

IO performance benchmark script

Install
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/scripts/master/fio.sh -O - | bash -

#!/bin/bash

OUT=/tmp/fio.out

# clear
[ -f ${OUT} ] && rm ${OUT}

# run fio benchmark
for SIZE in 4 8 16; do
    for BS in 4 16 64; do
        for JOBS in 128 254 512; do
            for TIME in 60 120 240; do
                RESULT=$(fio --rw=readwrite --name=test --direct=1 --group_reporting --time_based --size=${SIZE}M --bs=${BS}k --numjobs=${JOBS} --runtime=${TIME} | grep iops | cut -d "=" -f4 | cut -d "," -f1)
                echo "${SIZE}M,${BS}K,${JOBS}x,${TIME}s,$(echo ${RESULT} | tr ' ', ',')" | tee -a ${OUT}
            done
        done
    done
done

Install Vega vulnerability scanner under Ubuntu / Debian

Install
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.vega.sh -O - | bash -

#!/bin/bash

# install Java JDK
wget -q https://raw.githubusercontent.com/panticz/installit/master/install.java-jdk.sh -O - | bash -

sudo apt-get install libwebkitgtk-1.0

# download link
if [ "$(uname -m)" == "x86_64" ]; then
  # 64 bit
  URL=http://support.subgraph.com/downloads/VegaBuild-linux.gtk.x86_64.zip
else
  # 32 bit
  URL=http://support.subgraph.com/downloads/VegaBuild-linux.gtk.x86.zip
fi

# download new eclipse release
wget -q ${URL} -P /tmp

# extract
sudo unzip /tmp/VegaBuild-linux.gtk.*.zip -d /usr/share/

sudo ln -s /usr/share/vega/Vega /usr/local/bin/vega

cat <<EOF> /usr/share/applications/vega.desktop
[Desktop Entry]
Encoding=UTF-8
Name=Vega
Comment=Vega Vulnerability Scanner
Exec=vega
Icon=/usr/share/vega/icon.xpm
Terminal=false
Type=Application
Categories=GNOME;Application;Development;
StartupNotify=true
EOF

Workarround
sudo mkdir -p /usr/share/vega/workspace/
sudo chmod 777 /usr/share/vega/workspace/

Download
https://subgraph.com/vega/download/

Configuration
diff /usr/share/vega/Vega.ini.2015-01-12 /usr/share/vega/Vega.ini
2,5c2,5

 -Xms1024m
> -XX:PermSize=512m
> -XX:MaxPermSize=1024m
> -Xmx4096m

Install archiva

# install oracle jdk
wget -q --no-check-certificate https://raw.githubusercontent.com/panticz/installit/master/install.java-jdk.sh -O - | bash -

# install archiva
wget http://mirror.arcor-online.net/www.apache.org/archiva/2.1.1/binaries/apache-archiva-2.1.1-bin.tar.gz -P /tmp
tar xzf /tmp/apache-archiva-2.1.1-bin.tar.gz -C /opt
ln -s /opt/apache-archiva-2.1.1/ /opt/apache-archiva

# autostart
sed -i '$i /opt/apache-archiva/bin/archiva start' /etc/rc.local

# URL
http://YOUR_IP:8080/

# clear config
rm /opt/apache-archiva/conf/archiva.xml

Syndicate content