SSL

# check certificate
https://www.ssllabs.com/ssltest/analyze.html
http://www.panticz.de/Check-SSL-TLS-server-encryption-support

# determine SSL certificate expiration date
openssl x509 -enddate -noout -in www.example.com.pem

# list certificate domains
cat cert.pem | openssl x509 -text | grep DNS
openssl s_client -showcerts -connect www.example.com:443 | openssl x509 -text | grep DNS

# Letsencrypt
http://www.panticz.de/letsencrypt

# remove password from private key
openssl rsa -in www.example.key.pass -out www.example.key

# cat / deploy certificate to remote host

Fix grub on btrfs partition

# mount the btrfs root subvolume
mount /dev/sda1 /mnt -o subvol=/

# (optional) set the default subvolume
btrfs sub set @ /mnt

mount /proc /mnt/proc --bind
mount /dev /mnt/dev --bind
mount /sys /mnt/sys --bind

chroot /mnt

grub-install /dev/sda
update-grub /dev/sda

# activate first partition
fdisk -l /dev/sda

Squid: Compile with SSL support under Debian Wheezy / Jessie

<?php
$URL="https://raw.githubusercontent.com/panticz/scripts/master/compile.squid.with.ssl.support.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -s";
echo " 

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Install packages
apt-get install logrotate
dpkg -i *.deb
apt-get install -f

Test configuration
# squid3 -v
Squid Cache: Version 3.4.8
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3' '--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-ssl' '--with-open-ssl=/etc/ssl/openssl.cnf' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

Links
http://ubuntuforums.org/showthread.php?t=2171061

Fix / update systemd in Debian Jessie LXC container

# fix Debian Jessie LXC container boot error:
Failed to install release agent, ignoring: No such file or directory
Failed to create root cgroup hierarchy: Invalid argument
Failed to allocate manager object: Invalid argument

# list all container with uses Debian Jessie:
grep -l jessie /var/lib/lxc/*/rootfs/etc/os-release

# set container name
CONTAINER=my_cointainer

# stop container
lxc-stop -n ${CONTAINER} -t 10

# backup container
tar -C /var/lib/lxc --use-compress-program=pbzip2 -cf ${CONTAINER}.$(date -I).tar.bz2 ${CONTAINER}

# upgrade systemd in container
echo "deb h

LXC: create Ubuntu Xenial container

<?php
$URL="https://raw.githubusercontent.com/panticz/lxc/master/create_ubuntu_xenial.sh";
echo "wget -q --no-check-certificate $URL -O - | bash -s";
echo " 

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Allow root SSH login with password
sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sed -i 's|PasswordAuthentication no|PasswordAuthentication yes|' /etc/ssh/sshd_config
service ssh restart

CLI

# fallback: install required python2 over SSH on remote machine
ansible example.com -i inventory -u root -m raw -a "apt-get update && apt-get install -y python-minimal"

# Ad-hoc commands
ansible all -i inventory.list -l localhost -u root -m ping
ansible all -s -m shell -a "hostname -f"
ansible all -s -m apt -a 'pkg=nginx state=installed update_cache=true'

# uptime
ansible all -i inventories/dev -l www -u root -a uptime

ansible all -m shell -a "apt-get update"
ansible www.example.com -m setup
ansible all -m setup -i inventory/example.com -u root > /tmp/example.com.inventory.$(da

Brother MFC-1910W

Install printer
<?php
$URL="https://raw.githubusercontent.com/panticz/installit/master/hardware/install.brother-mfc-1910w.sh";
echo "wget $URL -O - | bash -";
echo " 

";
$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
curl_close($c);
echo "

";
?>

Check for newer DEB packages
http://support.brother.com/g/b/downloadlist.aspx?c=as_ot&lang=en&prod=mfc1910w_eu_as&os=128

Subscribe to