Debian Wheezy: Install PHP 5.6

apt-get install -y wget

# install PHP 5.6
echo "deb wheezy-php56 all" > /etc/apt/sources.list.d/
echo "deb-src wheezy-php56 all" >> /etc/apt/sources.list.d/
wget -O - | apt-key add -

apt-get update

apt-get install php5

a2enmod php5
service apache2 restart



export CONTAINER=wordpress

wget -q --no-check-certificate -O - | bash -s -- -f

sudo lxc-attach -n ${CONTAINER} -- sed -i 's|PermitRootLogin without-password|PermitRootLogin yes|' /etc/ssh/sshd_config
sudo lxc-attach -n ${CONTAINER} -- service ssh restart = veth = up = lxcbr0 = eth0 = 00:16:3e:f9:d3:03 = 1500

apt-get install -y apache2 mysql-server php5-mysql wget vi php5
# libapache2-mod-auth-mysql

cd /var/www/html
tar -xzvf latest.tar.gz

# create database
echo "CREATE DATABASE wordpress;" | mysql -u root -proot
echo "CREATE USER wordpressuser@localhost;" | mysql -u root -proot
echo "SET PASSWORD FOR wordpressuser@localhost= PASSWORD('password');" | mysql -u root -proot
echo "GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost IDENTIFIED BY 'password';" | mysql -u root -proot
echo "FLUSH PRIVILEGES;" | mysql -u root -proot

cp wordpress/wp-config-sample.php wordpress/wp-config.php

sed -i 's|database_name_here|wordpress|' wordpress/wp-config.php
sed -i 's|username_here|wordpressuser|' wordpress/wp-config.php
sed -i 's|password_here|password|' wordpress/wp-config.php

vi wordpress/wp-config.php

#define('WP_ALLOW_REPAIR', true);
#define('DB_CHARSET', 'utf8');

define('DB_CHARSET', 'latin1');
define('FS_METHOD', 'direct');
define( 'WP_MEMORY_LIMIT', '96M' );
define( 'WP_MAX_MEMORY_LIMIT', '256M' );

chown www-data:www-data /var/www/html/wordpress/ -R

# show errors
# wp-config.php
define('WP_DEBUG', true);

# configuration
UPDATE wp_options
SET option_value = REPLACE(option_value, '', '')
WHERE option_value LIKE ''

#UPDATE wp_options SET `option_value` = '' WHERE `wp_options`.`option_id` = 5;
#UPDATE wp_users SET user_email = '' WHERE ID = 1;

# reset password
UPDATE wp_users SET user_pass = MD5('new_pass') WHERE ID = 1;

# wordpress extract script
# wi.php

# fix URL
UPDATE wp_posts
SET post_content = REPLACE(post_content, '', '')
WHERE post_content LIKE ''

UPDATE wp_posts
SET guid = REPLACE(guid, '', '')
WHERE guid LIKE ''

# set file permissions
system("find . -type d -exec chmod 755 {} \;");
system("find . -type f -exec chmod 644 {} \;");

# Links

DMA (Dragonfly Mail Agent)

# ansible role

# preconfigure
echo "dma dma/relayhost string" | debconf-set-selections
echo "ddm dma/mailname string $(hostname -A)" | debconf-set-selections

# install
apt-get install -y dma

# configure relayhost
echo "user|smarthost:password" >> /etc/dma/auth.conf

# send testmail
echo "This is a test message from ${USER}@${HOSTNAME} at $(date)" | /usr/sbin/sendmail

Configuration files
# /etc/dma/dma.conf
AUTHPATH /etc/dma/auth.conf

Use ecrypted home directory and sshuttle

sudo apt-get install -y ecryptfs-utils

sudo adduser --encrypt-home foo

ecryptfs-mount-private foo

sudo usermod -aG sudo foo

sudo apt-get install -y sshuttle

su - foo
sshuttle --dns -r -x

LXC: Installation under Ubuntu / Debian

wget --no-check-certificate -O - | bash -


# ensure that this script is run by root
if [ $(id -u) -ne 0 ]; then
  sudo $0

# install lxc
apt-get install -y software-properties-common
add-apt-repository -y ppa:ubuntu-lxc/lxd-stable

# fix dist name
for FILE in $(find /etc/apt/sources.list.d/ -name "*lxc*.list"); do
  sed -i 's|jessie|trusty|g;s|utopic|trusty|g' ${FILE}

apt-get update
apt-get install -y lxc lxcfs python-lxc

if [ "$1" == "-b" ]; then
  # install required packages
  apt-get install -y bridge-utils

  # disable auto configuration for eth0
  sed -i 's|auto eth0|#auto eth0|g' /etc/network/interfaces
  sed -i 's|iface eth0 inet dhcp|#iface eth0 inet dhcp|g' /etc/network/interfaces

# create network bridge
cat <<EOF>> /etc/network/interfaces
auto lxcbr0
iface lxcbr0 inet dhcp
  bridge_ports eth0

  # disable auto configuration for network bridge by lxc
  [ -f /etc/default/lxc-net ] && sed -i 's|USE_LXC_BRIDGE="true"|USE_LXC_BRIDGE="false"|g' /etc/default/lxc-net
  # disable network managed by NetworkManager when installed
  [ -f /etc/NetworkManager/NetworkManager.conf ] && sed -i 's|managed=true|managed=false|g' /etc/NetworkManager/NetworkManager.conf

# allow all user to list the containers
[ -d /etc/sudoers.d/ ] && echo "ALL ALL=NOPASSWD: /usr/bin/lxc-ls" >> /etc/sudoers.d/lxc

# install under Debian Jessie
apt-get install bridge-utils
wget -q --no-check-certificate -O - | bash -s -- -b
#wget -P /tmp/
#dpkg -x /tmp/lxc_1.0.7-0ubuntu0.2_amd64.deb /tmp/
#cp -a /tmp/etc/* /etc/

# Check kernel configuration


# list services
service --status-all

# enable service
systemctl enable service_name

# disable service
systemctl disable service_name

systemctl status service_name
journalctl -f
systemd-analyze verify

# override / edit job
systemctl edit cron.service
# systemd/system/cron.service.d/override.conf

wget -q --no-check-certificate -O /etc/systemd/system/late_command.service && \
systemctl enable late_command.service

Description=preseed late_command script

ExecStartPre=/usr/bin/wget -q --no-check-certificate -O /tmp/
ExecStart=/bin/bash /tmp/
ExecStartPost=/bin/systemctl disable late_command.service


# test


# test
journalctl -xn
systemctl list-unit-files --all

# timesynchronization

# cat /etc/systemd/timesyncd.conf

# apt purge ntp ntpdate
timedatectl set-ntp true
systemctl restart systemd-timesyncd
timedatectl status

DNS / resolv
systemd-resolve --status

Flush DNS cache
sudo systemd-resolve --flush-caches

Timeserver / sync
sudo apt install -y tzdata
# status
timedatectl status
# disable
timedatectl set-ntp 0
# enable
timedatectl set-ntp true
timedatectl set-timezone "Europe/Berlin"
timedatectl set-time 14:14:30
timedatectl set-time 20181120
timedatectl set-time '18:00:00 2018-11-22'
timedatectl set-local-rtc 1

# sync time
systemctl restart systemd-timesyncd
timedatectl status

systemctl is-active application.service
systemctl is-enabled application.service
systemctl is-failed application.service

Reload systemd configuration
systemctl daemon-reload

sudo systemctl --state=failed

Restart service on failure

Restart another service (if running) on start
ExecStartPost=/bin/systemctl try-restart wildfly.service

sudo systemctl edit apache2.service

systemd timers example with rsnapshot


GitLab: Web-based Git repository manager


# restart gitlab
gitlab-ctl restart

# git home directory

Reset admin password
# change root password
sudo gitlab-rails console
user = User.where(id: 1).first
user.password = user.password_confirmation ='xxx'!

Gitlab settings API
curl --header "PRIVATE-TOKEN: 11112222333344445555"

Disalbe register / Singup

Linux Kernel

# configure parameter
# determine the maximum size of a shared memory segment
cat /proc/sys/kernel/shmmax
# set default shared memory limit for shmmax (16 GB)
echo 17179869184 > /proc/sys/kernel/shmmax
# add the following line to /etc/sysctl.conf to make a change permanent
echo "kernel.shmmax=4294967296" >> /etc/sysctl.d/90-shmmax.conf
# load parameter
/sbin/sysctl -p /etc/sysctl.d/90-shmmax.conf

XEN: Create Debian Jessie DomU VM

wget -O - | bash -


# configure domU
# create domU on LVM (for image file use --dir=/root)
xen-create-image \
 --hostname=${DOMAIN_NAME} \
 --dist=jessie \
 --lvm=vg0 \
 --size=${DOMAIN_HDD} \
 --fs=ext4 \
 --role=udev \
 --memory=${DOMAIN_RAM} \
 --swap=${DOMAIN_RAM} \
 --dhcp \
 --mac=${DOMAIN_MAC} \
 --genpass=0 \
 --password=t00r \
 --vcpus $(cat /proc/cpuinfo | grep processor | wc -l) \
# --apt_proxy=http://apt-cacher:3142/
# rename vm config
mv /etc/xen/${DOMAIN_NAME}.cfg /etc/xen/${DOMAIN_NAME}
# OPTIONAL: add to autostart
ln -s /etc/xen/${DOMAIN_NAME} /etc/xen/auto
# start domU
xm create -c ${DOMAIN_NAME}

# login
user: root
password: t00r

# disable pc speaker
echo 'blacklist snd-pcsp' >> /etc/modprobe.d/blacklist.conf

# fix FQDN
echo "$(ifconfig eth0| grep "inet addr" | cut -d ":" -f2 | cut -d" " -f1)     $(hostname).$(cat /etc/resolv.conf | grep domain | cut -d" " -f2) $(hostname)" >> /etc/hosts
# OPTIONAL: enable APT auto update
wget -q --no-check-certificate -O - | bash -

Syndicate content