Coretane Mr. Jaman: 2024

Senin, 23 September 2024

Menambah Ukuran Partisi LVM di Ubuntu Server

Menambah Ukuran Partisi LVM di Ubuntu Server. Ketika saya melakukan instalasi Ubuntu Server dengan mode guided partitioning with LVM, ternyata ukuran partisi sistemnya nya hanya sekitar seperempat dari total kapasitas hardisk yang tersedia. Nah, di artikel ini saya akan sharing bagaimana cara menambah ukuran partisi di sistem, yang dalam kasus ini saya akan menggunakan seluruh sisa kapasitas yang belum terpakai.

Jika kalian tidak mengubah pengaturan default saat instalasi, nama logical group dan logical volumenya harusnya sama dengan screenshot diatas.

Untuk meresize partisi LVM di Ubuntu Server jalankan perintah

sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv

resize2fs /dev/ubuntu-vg/ubuntu-lv

Sekarang cek lagi partisi sistem di Ubuntu kalian, harusnya sudah bertambah.

Oke itu saja artikel kali ini.

sumber : https://www.linuxsec.org/2020/08/menambah-ukuran-partisi-lvm-di-ubuntu.html

Senin, 05 Agustus 2024

Remove Server Name From Apache Response Header (Apache/xxx ) Ubuntu

1. Open Apache Config File

Open terminal and run the following command to open Apache main configuration file.

CentOS/Fedora:

$ sudo vi /etc/httpd/conf/httpd.conf

Ubuntu/Debian:

$ sudo vi /etc/apache2/apache2.conf

Bonus Read : How to Enable GZIP Compression in Apache

2. Turn Off Server Signature

Add/modify the following lines to hide server information in Apache.

ServerSignature Off
ServerTokens Prod

ServerSignature – appears at the bottom of server generated pages such as error pages, directory listings, etc. It takes On/Off/EMail values, where EMail shows a “mailto:” reference to Site Admin’s email.

ServerTokens – ServerTokens decides what Apache will send back in response headers. It takes the following values

ServerTokens Full (or not specified)
Response to clients: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2

ServerTokens Prod[uctOnly]
Response to clients: Server: Apache

ServerTokens Major
Response to clients: Server: Apache/2

ServerTokens Minor
Response to clients: Server: Apache/2.4

ServerTokens Min[imal]
Response to clients: Server: Apache/2.4.2

ServerTokens OS
Response to clients: Server: Apache/2.4.2 (Unix)

Bonus Read : How to Install mod_evasive in Apache

If you want to disable server signature in WordPress or turn off server signature in CPanel, then you will have to remove Apache server using .htaccess file, since you may not have access to Apache’s main configuration file.

Open CPanel, locate .htaccess file and edit it. Add the following 2 lines to .htaccess file

ServerSignature Off
ServerTokens Prod

Bonus Read : How to Move Apache Web Root to New Location

3. Restart Apache Server

Restart Apache Server to apply changes

$ sudo systemctl restart apache2 #SystemD
$ sudo service apache2 restart #SysVInit

Disable TLS 1.0 and 1.1 in Apache

Check Enabled SSL/TLS Versions

Online Tools

You can quickly check the versions of SSL/TLS your website supports by visiting CDN77’s TLS Checker and entering the domain name you’d like to check. As can be seen below, https://example.com currently disables SSL versions 2 and 3, but enables all versions of TLS (including the deprecated TLS 1.1 and 1.0):

Nmap

You can also check for the SSL/TLS versions and ciphers supported by a website with the open-source nmap command-line tool:

nmap --script ssl-enum-ciphers -p <PORT> <DOMAIN NAME>

The default port for SSL/TLS is 443

. The command below will generate a report for example.com:

$ nmap --script ssl-enum-ciphers -p 443 example.com

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 13:10 EDT

Nmap scan report for example.com (93.184.216.34)

Host is up (0.031s latency).

Other addresses for example.com (not scanned): 2606:2800:220:1:248:1893:25c8:1946

PORT STATE SERVICE

443/tcp open https

| ssl-enum-ciphers:

| TLSv1.0:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.1:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.2:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.88 seconds

Server Configuration

Apache

To disable TLS 1.0 and 1.1 in Apache, you will need to edit the configuration file containing the SSLProtocol

directive for your website. This file may be located in different places depending on your platform, version, or other installation details. Some possible locations are:

/usr/local/apache2/conf/extra/httpd-ssl.conf
(default Apache installation)
/etc/apache2/mods-enabled/ssl.conf
(Ubuntu/Debian)
/private/etc/apache2/extra/httpd-ssl.conf
(macOS)

When you have located the correct configuration file, look for a line beginning with SSLProtocol

. This example, from a default macOS Apache installation, disables SSLv3 with the operator but enables TLS 1.0 and 1.1:

SSLProtocol all -SSLv3

You can disable all obsolete versions of SSL/TLS supported by Apache by specifying them as follows:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

The configuration above enables TLS 1.2, as well as TLS 1.3 if it is available in your environment.

Apache and Virtual Hosts

Apache can run more than one web site on a single server. These virtual hosts may be based on IP number, port, or domain name, and may include settings that override the base configuraton for Apache. For this reason, you should check the settings for each virtual host in your configuration files, especially if your changes to the base SSL/TLS configuration do not seem to be working.

For versions of Apache prior to 2.4.42 (built/linked against OpenSSL before 1.1.1), it was not possible to specify different SSL/TLS protocols for name-based virtual hosts sharing the same base IP number and port – the SSLProtocol

of the first virtual host was applied to all others. Beginning with Apache 2.4.42/OpenSSL 1.1.1, the SSLProtocol of each name-based virtual host is honored when the Server Name Indication (SNI) is provided by the client during the SSL/TLS handshake.

Once you have made your configuration changes, reload Apache to put them into effect. For more information on the SSLProtocol directive, please refer to Apache’s documentation.

sumber : https://www.ssl.com/guide/disable-tls-1-0-and-1-1-apache-nginx/

Selasa, 09 Juli 2024

Membaca HDD eksternal dengan format NTFS di linux ubuntu server

biasanya terjadi pada linux ubuntu server under 22.04 ketika membaca HDD ekternal dengan format NTFS (Windows)

$sudo apt-get install exfat-fuse exfat-utils

sumber : https://askubuntu.com/questions/100278/how-do-i-install-and-mount-an-exfat-partition

Senin, 08 Juli 2024

How to Disable Unattended Upgrades on Ubuntu 22.04

Steps to Disable Unattended Upgrades on Ubuntu

Follow these steps carefully to disable automatic updates on your Ubuntu system. This will give you full control over when and how updates are installed, which is crucial for managing dependencies and system stability, especially when you need to ensure that updates do not disrupt existing software configurations.

Disable the Unattended-Upgrades Service: The first step is to stop the unattended-upgrades service from running automatically.
```
$ sudo systemctl disable --now unattended-upgrades
```
This command stops the ‘unattended-upgrades’ service if it is currently running and prevents it from starting during the system boot. Disabling this service ensures that no upgrades are applied without your intervention.
Edit the 20auto-upgrades File: To take control over the automatic installation of updates, modify the apt configuration file.
```
$ sudo nano /etc/apt/apt.conf.d/20auto-upgrades
```
You need to insert or update the following lines:
```
APT::Periodic::Update-Package-Lists "1"; 
// "1" enables, "0" disables automatic checking for new packages 
```
```
APT::Periodic::Unattended-Upgrade "0"; 
// Setting to "0" disables automatic installations
```
This configuration ensures the package lists are still updated regularly if set to 1 (useful for manual upgrades), but prevents any updates from being installed automatically by setting Unattended-Upgrade to 0. To completely disable automatic checking for updates, change APT::Periodic::Update-Package-Lists to 0. This stops your system from even checking for new updates automatically, thereby requiring you to manually check and update your packages to maintain system security and performance.
Disabled unattended upgrades in 20auto-upgrades File
Adjust the 50unattended-upgrades File (Optional): For finer control or to disable certain types of updates, modify the 50unattended-upgrades file.
```
$ sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
```
You can comment out lines corresponding to the types of updates you do not want automatically installed, such as:
```
// "${distro_id}:${distro_codename}-updates";
```
By commenting out these lines, you prevent automatic updates from these repositories, though manual updates are still possible.
Verify Changes: Ensure that automatic updates are disabled.
```
$ systemctl status unattended-upgrades
```
This command checks the status of the unattended-upgrades service. It should report “inactive (disabled)” if the service is properly disabled.
```
$ cat /etc/apt/apt.conf.d/20auto-upgrades
```
This will display the current configuration of the 20auto-upgrades file to verify that unattended upgrades are disabled.

Verify that unattended upgrades had been disabled

Understanding Update Management Files in Ubuntu

It’s important to understand the roles and differences between the 10periodic, 20auto-upgrades, and 50unattended-upgrades configuration files in Ubuntu. These files dictate how automatic updates should be handled by the system, but each serves a distinct purpose:

10periodic

This file is used to configure how frequently the package lists are updated and how often the script checks for upgrades. The settings in this file are more about scheduling the timing of update checks and the cleanup operations:

APT::Periodic::Update-Package-Lists: This option schedules the update of the package lists (how often the system checks for new packages).
APT::Periodic::Download-Upgradeable-Packages: Schedules how often to download upgradable packages.
APT::Periodic::AutocleanInterval: Defines how often the package cache is cleaned.

20auto-upgrades

This file specifically controls the automatic installation of updates. It is more focused than 10periodic and directly influences whether updates are applied automatically:

APT::Periodic::Update-Package-Lists: Similar to 10periodic, it controls the frequency of checking for updates.
APT::Periodic::Unattended-Upgrade: This crucial setting determines whether updates are installed automatically without user intervention.

50unattended-upgrades

Unlike the previous files, 50unattended-upgrades provides granular control over which types of updates are applied automatically. It allows specifying security updates or other updates from specific repositories to be included or excluded from automatic upgrades. Configuration here is primarily about inclusion and exclusion rules for updates, specifying from which origins updates should be automatically installed.

Understanding these files and their configurations helps in effectively managing system updates according to your needs, providing a balance between automation and manual control. This knowledge is crucial for customizing the update behavior of your Ubuntu system to fit your requirements.

Conclusion

By following the steps outlined above, you will have successfully disabled unattended upgrades on your Ubuntu system. This change allows you to manually control when updates are applied, preventing unexpected changes and potential software conflicts. Regularly check for updates to maintain system security and stability, and apply them at your discretion.

sumber : https://linuxconfig.org/disable-automatic-updates-on-ubuntu-22-04-jammy-jellyfish-linux

Selasa, 28 Mei 2024

Chek HDD or SSD on linux ubuntu

Problem

How to identify if the underlying disk on the system is HDD or SSD?

Environment

Platform9 Managed OpenStack - All Versions
Platform9 Managed Kubernetes - All Versions
CentOS
Ubuntu

Procedure

Use thelsblk command to identify the type of disk attached to the server. In ROTA column the output '1' indicates the type of disk is HDD, for the SSD the value will be '0'.

Bash
# lsblk -o NAME,ROTANAME                                                                   ROTAsda                                                                       0├─sda1                                                                    0├─sda2                                                                    0│ └─md126                                                                 0└─sda3                                                                    0 └─md125                                                                  0sdb                                                                       0├─sdb1                                                                    0├─sdb2                                                                    0│ └─md126                                                                 0└─sdb3                                                                    0 └─md125                                                                  0sdc                                                                       1└─360000000000000000e00000000010001                                       1sdd                                                                       1sde                                                                       1
Copy

It can be also identified using the file rotational file in sys filesystem as below to confirm if the disk is hdd or ssd.

Bash
# cat /sys/block/<sda/vda>/queue/rotational
Copy

Additional Information

On a KVM guest virtual machine, the drive letter would be vda. The result will vary depend on the bus type selected during the virtual machine creation

sumber : https://platform9.com/kb/platform9/how-to-identify-if-underlying-disk-is-hdd-or-ssd

Selasa, 02 April 2024

Enable password root login in MySQL 8

root@server-ccs:~# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 8.0.36-0ubuntu0.22.04.1 (Ubuntu)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user,host, authentication_string,plugin from user;
+------------------+-----------+--------------------------------------------------               ----------------------+-----------------------+
| user             | host      | authentication_string                                                                 | plugin                |
+------------------+-----------+--------------------------------------------------               ----------------------+-----------------------+
| debian-sys-maint | localhost | $A$005$RY?sbh`B{bY-y0FqMq|L.9CGnPP9sixBkuAyNBOnNN               dDoZdfY0J0JsvxU6MRi/ | caching_sha2_password |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORD               THATMUSTNEVERBRBEUSED | caching_sha2_password |
| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORD               THATMUSTNEVERBRBEUSED | caching_sha2_password |
| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORD               THATMUSTNEVERBRBEUSED | caching_sha2_password |
| root             | localhost |                                                                                       | auth_socket           |
+------------------+-----------+--------------------------------------------------               ----------------------+-----------------------+
5 rows in set (0.00 sec)

root@server-ccs:~# mysql_secure_installation

Securing the MySQL server deployment.

Connecting to MySQL using a blank password.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: y

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

Invalid option provided.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Skipping password set for root as authentication with auth_socket is used by default.
If you would like to use password authentication instead, this can be done with the "ALTER_USER" command.
See https://dev.mysql.com/doc/refman/8.0/en/alter-user.html#alter-user-password-management for more information.

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
- Dropping test database...
Success.

- Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!
root@server-ccs:~# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.36-0ubuntu0.22.04.1 (Ubuntu)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> select user,host, authentication_string,plugin from user;
ERROR 1046 (3D000): No database selected
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user,host, authentication_string,plugin from user;
+------------------+-----------+------------------------------------------------------------------------+-----------------------+
| user             | host      | authentication_string                                                  | plugin                |
+------------------+-----------+------------------------------------------------------------------------+-----------------------+
| debian-sys-maint | localhost | $A$005$RY?sbh`B{bY-y0FqMq|L.9CGnPP9sixBkuAyNBOnNNdDoZdfY0J0JsvxU6MRi/ | caching_sha2_password |
| mysql.infoschema | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| mysql.session    | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| mysql.sys        | localhost | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password |
| root             | localhost |                                                                        | auth_socket           |
+------------------+-----------+------------------------------------------------------------------------+-----------------------+
5 rows in set (0.01 sec)

mysql> ALTER user 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'YourPasswordHere';
Query OK, 0 rows affected (0.11 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql>
root@server-ccs:~# mysql -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)

root@server-ccs:~# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.0.36-0ubuntu0.22.04.1 (Ubuntu)

Copyright (c) 2000, 2024, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

sumber https://www.youtube.com/watch?v=ltfvdQYR1hY