Instructions
Navigate to the first character after the quote/double-quote and type the following in Vim:
di"
This is useful if you have something like the following:
{
"title": "Vim: How to Delete Text Enclosed In Quotes",
"permalink": "vim-how-to-delete-text-enclosed-in-quotes",
"published": "2023-08-12 14:00",
"categoryIDs": "5,5:0,5:1,5:5",
"description": "In Vim, 'di\"' is the one to use for deleting text in quotes.",
"thumbnail": "",
"smallimage": "",
"largeimage": ""
}
So, to navigate to the first character that starts with a double-quote, simply type /"e;
and the insertion point will highlight the double-quote. To get to the next double-quote, press the
n key again until you get to the one you want. After that, press
the l key to move to the first character and type the following:
di"
The output will be as follows:
{
"title": "",
"permalink": "vim-how-to-delete-text-enclosed-in-quotes",
"published": "2023-08-12 14:00",
"categoryIDs": "5,5:0,5:1,5:5",
"description": "In Vim, 'di\"' is the one to use for deleting text in quotes.",
"thumbnail": "",
"smallimage": "",
"largeimage": ""
}
And now, you can type whatever you want by pressing the i key on your keyboard.
Press the ESC (escape) key to get out of INSERT mode and back into
normal mode. To save changes and quit the Vim text editor, type :wq.
Bonus: If you have delimiters with quotes while writing the code such as:
"This is some \"quote\"!"
Vim will automatically delete the delimiters with quotes along with them, so performing
di" will delete everything that is in between quotes.
""
And you do not need to be inside quotes in order to delete inside the quotes! How cool is that?
*grinning face*
Oh, and you can also use the "change inside" sequence as well:
ci"
This puts you into INSERT mode so you can type text inside quotes.
Audience
This is for Linux users experienced in using the Vim text editor. Vim users should already know
the basics such as :q! for quitting the text editor without saving changes,
:wq for saving changes and quitting the text editor, i for going into
INSERT mode and use the ESC (escape) key to get back into normal
mode. All keyboard commands are beyond the scope of this short article that I wrote.
Conclusion
Hopefully this keyboard command can be of help to you. If you are a Linux user, please give
Vim a try.
Original Source
In Vim, how can I delete everything between quotes including the quotes?
Note that I was searching for information about deleting text inside quotes and not including
the quotes.
Article published: 2023-08-12 14:00
Categories: The World of Computers, Computers, Information Technology, Scripting and Programming
Audience and Prerequisites
This is intended for Linux users who have experience working with the command line.
You should be running any Red Hat-based distributions such as Rocky Linux, AlmaLinux,
or Oracle Linux. CentOS Stream is not a candidate for taking the RHCSA (Red Hat
Certified System Administrator) exam. A lot of people in the Linux community are not
happy about Red Hat discontinuing support for CentOS 8 and now Red Hat does not want
source code to be available for everyone, including Rocky Linux and AlmaLinux. Enough
with wordy paragraphs! We don't want anyone to scroll down too much in order to get
to the most important part! Let's get into the command line, shall we?
Oh, please pardon me for boring you with this, but I almost forgot. This article
assumes that you are logged in as a root user. This is bad security practice in the
production environment, but in the exam, it's okay to be root. If you break it, you
fix it and that will count against your time in the exam. But the important thing is
that you must come up with solutions as fast as possible. Of course, don't be in a
hurry in such a way that you will fail the exam. Okay, enough already! Let's get in
with it! *grinning face*
Type: File Contexts
The command for listing all available SELinux type contexts is:
seinfo -t
The command for listing only the type contexts that relate to the web server:
seinfo -t | grep httpd
So, you searched for anything related to httpd and you came across
httpd_sys_content_t. You need to specify a directory to host your
content other than in /var/www. To add the type context to a directory,
the command will be as follows:
semanage fcontext -a -t httpd_sys_content_t "/data/nas/www(/.*)?"
restorecon /data/nas/www
Longer version:
semanage fcontext --add --type httpd_sys_content_t "/data/nas/www(/.*)?"
The seinfo command is the SELinux policy information tool, semanage
is a SELinux policy management tool, and restorecon is for restoring default
SELinux security contexts to files and directories. The "type" contexts is the only one to be
to be concerned about when studying for any Linux exams, such as RHCSA (Red Hat Certified
System Administrator).
As for (/.*)?, that's called a regular expression. This is for setting any
subdirectories and files with the same context as the main directory. Try to remember this in
the RHCSA exam: open parenthesis, forward slash, period, asterisk, close parenthesis, question
mark, and that's about it. The only thing to remember is to have the entire path along with
the symbols in double quotes. In the RHCSA exam, you have access to the man pages, so take
advantage of that whenever possible.
For users of NVDA screen reader (Non-Visual Desktop
Access), NVDA does not speak a question mark such as CTRL+? (control plus question mark). I
do not know if this is a bug in the screen reader or if this is intentional, but at least
it's all I can do to help out if screen readers ignore question marks. That symbol is an
important part of a regular expression, so it needs to be translated to words. Hopefully I
can be of help.
Type: Contexts for Ports
What about ports? If you modify the port number in SSH configuration file
(/etc/ssh/sshd_config) and you restart the service
(systemctl restart sshd), even if you configure the firewall to allow a different
port number (example: firewall-cmd --add-port 12345 --permanent), you won't be
able to SSH into your server because SELinux gets in the way! It's easy to disable SELinux if
you do not mind exposing your server to outside security risks, but when studying for the exam,
it's important to never disable SELinux. Instead, let's search for port-related contexts.
Let's search for any services that have a phrase "port" for any type contexts:
seinfo -t | grep port
You should get a list of services. Let's narrow it down to SSH:
seinfo -t | grep port | grep ssh
Ah ha! There it is. It's ssh_port_t. Of course, I could also type the
following:
seinfo -t | grep ssh_port
And that should give me the same output. So, let's configure SELinux to allow TCP
port 12345 so that we can SSH into our Linux server.
semanage port -a -t ssh_port_t -p tcp 12345
And there you have it! You should now login to your server using SSH.
ssh -p 12345 username@servernameoripaddress
Of course, if you want to search for other services, such as Postfix:
seinfo -t | grep postfix
Oh, wow! So many contexts to choose from! But aren't we looking for
port-related contexts?
seinfo -t | grep port | grep postfix
Hmm... There are no port-related contexts related to Postfix. Of course,
what we do want is SMTP, which is port 25 by default, so let's narrow it
down to just "port" and "SMTP" (all lowercase, of course).
seinfo -t | grep port | grep smtp
# or "seinfo -t | grep smtp_port" (without quotes)
And you should get smtp_port_t. However, configuring an SMTP
server is beyond the scope of this tutorial about viewing the list of
available contexts. Plus, configuring firewalls and enabling/starting
services in a Linux server is also beyond the scope as well.
What Packages Provides seinfo and semanage?
dnf whatprovides */seinfo
The asterisk represents a wildcard, so this would assume that we do not
know the full path to seinfo command. That dnf
command, when executed, reveals a package called setools-console.
So, so install setools-console, just use the dnf install
command as follows:
dnf install setools-console
The same is for semanage:
dnf whatprovides */semanage
dnf install policycoreutils-python-utils
That package policycoreutils-python-utils is so wordy, isn't it?
*smile*
Don't stress over trying to remember that package name in the exam and in the
real world.
Conclusion
I hope I can be of help to anyone studying for RHCSA exam. Hopefully
you should be able to know how to set SELinux type contexts for directories
and ports. If you are not taking an exam (you should if you want to
further your career in Linux and Information Technology), I hope I can be
of help as well! Have fun administrating your Linux servers!
And yes, I could have used emojis, but screen readers come first! *smile*
Article published: 2023-08-12 13:10
Categories: The World of Computers, Computers, Information Technology, Security
Audience
This article is for experienced Linux users who are familar with environment variables such as
$HOME and $USER. These are the Linux users who are familiar with the
command line.
Problem and Solution
Here is an example not to use /home/$USER:
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
And here's the script (/etc/profile) that illustrates an example:
# fix gnome missing 'New file' option
if [ ! -f /home/$USER/Templates/"Text file" ]
then
mkdir -p /home/$USER/Templates
touch /home/$USER/Templates/"Text file"
fi
# ...
# this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
if [ ! -f /home/$USER/.local/share/DaVinciResolve/configs/.version ];then
mkdir -p /home/$USER/.local/share/DaVinciResolve/configs/
echo "Onboarding.Version=10" > /home/$USER/.local/share/DaVinciResolve/configs/.version
fi
To fix this issue, simply replace all instances of /home/$USER with $HOME.
I am familiar with a text editor called Vim. It's a program that runs inside a terminal, similar to the
Command Prompt or PowerShell in Windows.
Before we proceed any further, let's create a backup copy of /etc/profile:
sudo cp /etc/profile /etc/profile.bak
If anything goes wrong, you now have a backup. You can simply use the cp (copy) command to
restore from the backup. Now let's begin.
First, open the Terminal (Konsole in KDE).
As root (or with sudo privileges), type the following command:
sudo vim /etc/profile
Type in the following command, starting with a colon:
:%s/\/home\/$USER/$HOME/g
The syntax for search and replace in Vim is as follows:
:%s/search/replace/g
Let's not concern ourselves with g at the end for now. Basically this command replaces
"search" with the next text "replace." In other words, we want to replace /home/$USER with
$HOME.
Let's have a look at the script again:
# fix gnome missing 'New file' option
if [ ! -f $HOME/Templates/"Text file" ]
then
mkdir -p $HOME/Templates
touch $HOME/Templates/"Text file"
fi
# ...
# this is a hack to bypass the Davinci Resolve new install Welcome/Onboarding screen since it does not render properly and is not required.
if [ ! -f $HOME/.local/share/DaVinciResolve/configs/.version ];then
mkdir -p $HOME/.local/share/DaVinciResolve/configs/
echo "Onboarding.Version=10" > $HOME/.local/share/DaVinciResolve/configs/.version
fi
So why would we want to replace /home/$USER with $HOME? That
/home/$USER should still work!
Let's look at the output again after we save the changes.
Save the changes to the /etc/profile file.
:wq
A : begins a command. w writes changes to the file and q
quits Vim
If you don't want to make changes to the file, then all you have to do is type :q! to
exit without saving any changes.
As I mentioned, let's look at the output again when I log into my administrator account from a user
account.
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
Now, let's see the new output when I log back in as an administrator.
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
Last login: Sat Mar 18 11:13:52 EDT 2023 on pts/0
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
How Did That Work?
Let's see the output of $USER and $HOME.
gpadmin@epcotcenter
~
$ echo $USER
gpadmin
gpadmin@epcotcenter
~
$ echo $HOME
/home/graysonpeddie.lan/gpadmin
gpadmin@epcotcenter
~
$
Scenario
You have an Active Directory server running in a Windows Server virtual machine. You installed
Nobara so that you can do content creation and play games. You
wanted to join your Linux desktop to a Windows Active Directory in your home network (or a homelab, if you
want to call it). This is how you install the needed packages for Nobara 36 (that's what I am running)
so that you can join your Linux desktop to the Windows domain:
sudo dnf install realmd sssd sssd-tools adcli oddjob oddjob-mkhomedi
sudo realm join yourlocaldomainname.lan -U youradminusername
Replace yourlocaldomainname.lan with your local domain name and do the same for
youradminusername.
So when you log into your administrator account that's part of the Domain Administrators so that you can
gain sudo privileges, you might be wondering why you are getting strange output. Here it is again.
[gpeddie-games@epcotcenter ~]$ su - gpadmin
Password:
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
touch: cannot touch '/home/gpadmin/Templates/Text file': No such file or directory
mkdir: cannot create directory ‘/home/gpadmin’: Permission denied
-bash: /home/gpadmin/.local/share/DaVinciResolve/configs/.version: No such file or directory
Welcome. All activities monitored at all times.
Unauthorized access is strictly prohibited.
gpadmin@epcotcenter
~
$
If you look at the /etc/profile script that Linux executes when you log into your Linux account, you
will notice that the developer of Nobara assumed that your home directory is /home/gpadmin
and not /home/graysonpeddie.lan/gpadmin.
This is how I configure the System Security Services Daemon (SSSD, for short) which allows Linux users
to log into the Windows domain from the Linux desktop. Please note that only root can read
/etc/sssd/sssd.conf.
[sssd]
domains = graysonpeddie.lan
config_file_version = 2
services = nss, pam
[domain/graysonpeddie.lan]
default_shell = /bin/bash
krb5_store_password_if_offline = True
cache_credentials = True
krb5_realm = GRAYSONPEDDIE.LAN
realmd_tags = manages-system joined-with-adcli
id_provider = ad
fallback_homedir = /home/%d/%u
ad_domain = graysonpeddie.lan
use_fully_qualified_names = False
ldap_id_mapping = True
access_provider = ad
ad_gpo_access_control = permissive
Let's ignore the entire file and focus in the fallback_homedir. The %d is
for the domain name that I logged into and the %u is for the username. In my case, since
I logged into my Linux desktop as gpeddie-games (that's my account designed only for
gaming), my full path is /home/graysonpeddie.lan/gpeddie-games and not
/home/gpeddie-games.
I have all my users (only me) in a separate home folder in order to prevent any kind of conflict with
local user accounts, but then I still append my local admin account with -local in order
to prevent any kind of conflicts in my Linux desktop machine.
Conclusion
This is why you should never assume that all users will be in the parent folder of the home directory.
The only use-case for using a $USER environment variable is if you need to get the name of
the user. Referring back to the /etc/profile script, here is an example:
if [ -x /usr/bin/id ]; then
if [ -z "$EUID" ]; then
# ksh workaround
EUID=`/usr/bin/id -u`
UID=`/usr/bin/id -ru`
fi
USER="`/usr/bin/id -un`"
LOGNAME=$USER
MAIL="/var/spool/mail/$USER"
fi
After reading the script, I'm not sure why $LOGNAME and $MAIL exists in
that profile. Plus, I checked to see if I can get the name of the $USER in my VPS server
and there is already a $USER in the list of environment variables even though it's not
listed in /etc/profile. Strange...
Anyway, I hope I can be of help and use to the people within the Linux community and I am hoping that
people can learn from mistakes when getting the user's current home directory.
Article published: 2023-03-18 15:37
Categories: The World of Computers, Computers, Information Technology, Scripting and Programming
Audience and Prerequisites
Skip to scenario if you want to jump into the main article.
This is for anyone who currently host their WordPress or ClassicPress in a virtual private server such as DigitalOcean, Linode, or any other VPS providers. Any Linux user with knowledge of command line can perform backups and restoration tasks. You must be familiar with Linux and you know how to connect to your production server via SSH.
Plus, this article assumes that you have installed and configured WordPress in your VPS server. In addition, this article assumes you can perform basic database administration tasks such as adding a new database along with creating a new user for WordPress or ClassicPress. If your hosting provider provides managed WordPress or ClassicPress hosting, then this article may not apply to you. And because this article is for those who currently run a VPS server, I am going to have to assume that you have some hands-on experience with the Linux command line. This article need not apply to non-technical Linux, Mac, and Windows users. When I say non-technical Linux users, I'm talking about those who wanted to get away from Windows or Mac and simply wanted to use Linux just to browse the Internet and not deal with the command line.
Last, but not least, I am also going to assume that you know how to configure your Apache server as well. Both Apache and NGINX (pronounced Engine-X) configurations won't be covered here, including backing up and copying certificates that you get from your hosting provider.
If you are interested in learning Linux, a tutorial from Guru99 will help get you started on learning Linux.
Are you ready? Then let's get started!
Scenario
You have your own VPS server that is running ClassicPress. Your domain name is exmaple.com and your SSH port number is (insert your TCP port number here). You have a development server for developing your own custom ClassicPress theme and you want to use your development server to backup everything from your production server.
Remote (example.com)
Skip this step if you know how to create an SSH private/public key pair. First, let's create an SSH public and private key pair so that you can login to your server without entering a password. This will be very useful when writing a script.
Open the terminal and connect to your development server via SSH.
ssh yourusername@devserver -p (your port number if it's other than port 22)
From your development server, create an SSH key pair. We are going to use id_rsa.
ssh-keygen -t id_rsa
Next, enter the location and filename. Example:
/home/yourusername/.ssh/classicpress
After that, leave the passphrase blank. Press Enter a couple of times until you get back to the prompt ending with $.
Execute ssh-copy-id with the name of the public key file and specify the username and domain name.
ssh-copy-id -p (your TCP port number if not 22) -i ~/.ssh/classicpress.pub yourname@example.com
You should be able to login to your server. Give it a try.
ssh -p (your port number or remove -p) -i ~/.ssh/classicpress yourname@example.com
If all goes well, you should be able to connect to your production server without been prompted for the password or passphrase. I mentioned "without passphrase" because if a Linux user executes a single script for performing a backup and has set a passphrase for the SSH identity key, then the script will prompt a Linux user for the passphrase multiple times.
For the purpose of backing up a database, this task will take you through creating a .my.cnf file. This is a hidden file that will contain the username and password for mysqldump command. mysqldump allows a database administrator to backup the MySQL or MariaDB database.
Login to your production server from your development or backup server and perform the steps below.
Create a new file using either vim or nano called .my.cnf. This file will be saved in your home directory. mysqldump will read the file containing the username and password. For me, I use vim.
vim .my.cnf
If you are using Vim, press the i key to begin the INSERT mode and begin typing the following lines. If you are using nano, simply start typing the following.
[mysqldump]
user=yourdatabaseuser
password=yourdatabasepassword
Replace yourdatabaseusername with your database username and yourdatabasepassword with your database password. When installing either WordPress or ClassicPress on a VPS server, a Linux administrator must have created a database along with the username and set password during the installation process.
Save your changes.
- For Vim users, exit out of
INSERT mode by pressing the ESC key; then, type :wq to write changes to the .my.cjnf file and quit Vim. The : key begins the command for Vim, w saves the file, and q quits Vim. If you want to not write any changes and quit Vim, then the command is :q!. If the ! were omitted, then Vim will tell you that you need to save your changes before you quit Vim.
- For nano users, the keyboard commands for saving the changes and quitting the text editor is
CTRL+O for saving changes (press the ENTER key to confirm changes) and CTRL+X to quit the text editor.
Once done, do a database backup of your WordPress or ClassicPress database.
mysqldump ClassicPress > test.sql
This assumes that your database name is ClassicPress. Replace ClassicPress and enter the name of the database that you created when you installed WordPress or ClassicPress in your VPS server.
Your new file called test.sql should be in the same directory that you executed the command for testing. If you open that file up with your chosen editor, you should see all the database commands. Go ahead and close the file.
- Log out of your production server by typing
exit and press ENTER.
If your database backup is successful, congratulations! That task is done! Your may delete the test.sql file by using the rm command (be careful with that rm command; you might delete files accidentally). The benefit of having a .my.cnf file within the home directory is that you do not want to expose your database password when executing mysqldump. Let's use sleep 10 as an example as the mysqldump command can be very quick once executed.
If you have a Linux machine, open up two terminals and place them side by side.
For the first terminal, execute the following command:
watch 'ps aux | grep sleep'
The watch command will output the ps aux | grep sleep command. Here is the output of the command:
Every 2.0s: ps aux | grep sleep grayson-web: Thu Nov 17 02:28:18 2022
gpadmin+ 601423 0.0 0.1 7940 3040 pts/1 S+ 02:21 0:00 watch ps aux | grep sleep
gpadmin+ 602462 0.0 0.0 7940 1020 pts/1 S+ 02:28 0:00 watch ps aux | grep sleep
gpadmin+ 602463 0.0 0.0 2608 596 pts/1 S+ 02:28 0:00 sh -c ps aux | grep sleep
gpadmin+ 602465 0.0 0.0 8160 720 pts/1 S+ 02:28 0:00 grep sleep
Do not worry about the entire output too much. I am only focusing in the "sleep output."
In the second terminal, execute the command:
sleep 30
In the first terminal, the watch command will output as follows:
Every 2.0s: ps aux | grep sleep grayson-web: Thu Nov 17 02:32:07 2022
gpadmin+ 601423 0.0 0.1 7940 3040 pts/1 S+ 02:21 0:00 watch ps aux | grep sleep
gpadmin+ 602971 0.0 0.0 7228 516 pts/0 S+ 02:31 0:00 sleep 30
gpadmin+ 602992 0.0 0.0 7940 1020 pts/1 S+ 02:32 0:00 watch ps aux | grep sleep
gpadmin+ 602993 0.0 0.0 2608 596 pts/1 S+ 02:32 0:00 sh -c ps aux | grep sleep
gpadmin+ 602995 0.0 0.0 8160 724 pts/1 S+ 02:32 0:00 grep sleep
The command sleep 30 will be there for 30 seconds and will disappear from the watch output after the number of seconds have passed.
- Use the
CTRL+C key to exit out of the watch output. If you are using a Mac, the keyboard command is Control+C. Command+C is for copying text.
My point is, if the mysqldump command gets executed for a long period of time while dumping the entire database, mysqldump can show up in the list of processes. For example, let's say you executed a mysqldump command as follows:
mysqldump -u username -ppassword MyDatabase > test.sql
This command will take about 30 seconds when dumping an entire MySQL/MariaDB database. As a result, the output will be as follows (note that this is just an example):
Every 2.0s: ps aux | grep mysqldump grayson-web: Thu Nov 17 02:32:07 2022
gpadmin+ 601423 0.0 0.1 7940 3040 pts/1 S+ 02:21 0:00 watch ps aux | grep mysqldump
gpadmin+ 602971 0.0 0.0 7228 516 pts/0 S+ 02:31 0:00 mysqldump -u username -ppassword MyDatabase > test.sql
gpadmin+ 602992 0.0 0.0 7940 1020 pts/1 S+ 02:32 0:00 watch ps aux | grep mysqldump
gpadmin+ 602993 0.0 0.0 2608 596 pts/1 S+ 02:32 0:00 sh -c ps aux | grep mysqldump
gpadmin+ 602995 0.0 0.0 8160 724 pts/1 S+ 02:32 0:00 grep sleep
This can be a big problem if an attacker gains access to your server and monitors for the list of processes. That's why it's important to avoid storing passwords in a script whenever possible. That's where .my.cnf configuration file comes in. I did not know about this until I found out about adding a username and password in .my.cnf file. I learn something new almost every single day.
And if you want an example of a real process list, here it is with Apache web server running in my production server:
$ ps aux | grep apache
root 490142 0.0 1.8 81624 36748 ? Ss Nov15 0:13 /usr/sbin/apache2 -k start
www-data 597487 0.0 1.9 1590740 39256 ? Sl 00:00 0:01 /usr/sbin/apache2 -k start
www-data 597488 0.0 1.8 1590412 38320 ? Sl 00:00 0:01 /usr/sbin/apache2 -k start
gpadmin+ 605240 0.0 0.1 8160 2560 pts/1 S+ 02:55 0:00 grep --color=auto apache
Okay. That's all for the remote server configuration. Let's get into some real fun part, the configuration of the development server for performing automated backups!
Development or Backup Server
Now here is the script you have all bee waiting for.
#!/bin/sh
# DIRP: Directory path
DIRP=~/cpbackup
# FILE: Partial file name
FILE=$DIRP/classicpress-$(date +%Y%m%d)
# Hostname, IP address, or domain name
HOST=example.com
# Private key for automated logging into an SSH server (no passphrase or password)
PKEY=~/.ssh/classicpress
# TCP Port number (use whatever port you assigned for an SSH server in the
# production server.)
PORT=22
# User name assigned in the remote Linux server
USER=yourusername
# Let's perform some checks. Does the directory in the $DIRP variable exist?
if [ ! -d $DIRP ]
then
echo "Directory not found: $DIRP"
exit 1
fi
# Does the SSH key pair exist?
if [ ! -f $PKEY -a ! -f $PKEY.pub ]
then
echo "SSH key pair $PKEY and $PKEY.pub does not exist. Exiting."
exit 1
fi
# Delete any backup files older than x number of days
find $DIRP -maxdepth 0 -mtime +10 -exec rm {} \;
# Backup the SQL database and store them locally for later restoration.
ssh -p $PORT $USER@$HOST -i $PKEY mysqldump ClassicPress > $FILE.sql
# Next, change directory to /var/www and compress them to standard output
# which then gets redirected to a compressed .tar.gz file.
ssh -p $PORT $USER@$HOST -i $PKEY 'cd /var/www && tar czf - *' > $FILE.tar.gz
# If there is a wp-config.php file stored outside /var/www, make a backup of
# that configuration file as well.
scp -P $PORT -i $PKEY $USER@$HOST:/var/wp-config.php $FILE-wp-config.php
# After that, backup the Apache virtual host configuration file.
scp -P $PORT -i $PKEY \
$USER@$HOST:/etc/apache2/sites-available/000-default.conf $FILE-apache.conf
# The script ran successfully.
exit 0
First, I recommend that you create a bin directory inside your home directory.
mkdir ~/bin
Then, use a text editor in the terminal of your choice (vim, nano, pico, etc.) to create a new file called cpbackup.sh. That script will be in the bin directory. In my case:
vim bin/cpbackup.sh
- Copy the script that I created above. It's after the section called Development or Backup Server. The script starts with
#!/bin/sh which is the start of the script. Copy it all the way down to exit 0.
- Paste the script in the terminal. For Linux users who use a GNOME Terminal like I do, it's
CTRL+SHIFT+V. For Mac users who use a Terminal, it's Command+V.
- Make some changes to the variables, such as the host name/IP address, port number, et cetera.
- Save your changes and exit the text editor.
Give the script an executable permission.
chmod +x bin/cpbackup.sh
chmod, called change mode, allows you to modify read, write, and execute permissions for a user, group, and others. This is beyond the scope of my article. Remember back in the Audience and Prerequisites section that I have to assume you are familiar with Linux. I will have to write another article if I have to get everyone up to speed on how to gain familiar with Linux.
After that, execute the following command:
bin/cpbackup.sh
And you are done! If all goes well, all of your backup files have been stored in the backup directory. And oh, be sure you test your backups by extracting all the WordPress/ClassicPress files from the archive and put it in /var/www. Restoring the database is as simple as:
mysql -u ClassicPress -p ClassicPress < classicpress.sql
Then, simply copy wp-config.php file to /var (it's a good idea to move your wp-config.php file outside of /var/www directory) and copy the Apache configuration file to /etc/apache2/sites-available/, enable the virtual host using the a2ensite command, and you are good to go.
To automatically backup your WordPress/ClassicPress site from time to time, simply execute crontab -e and enter at the bottom of the crontab file:
0 0 * * * bin/whateveryournameofthefileis.sh
And that is done.
Summary
Hopefully you should have a backup infrastructure in place so that if anything goes wrong, you can be able to restore from a good working backup. I hope my article is helpful to anyone who needs to perform a backup of their website including the database. Stay safe and practice good security hygiene online. Oh, and backup your files in your computer to a server or a NAS if you have one. And yes, you should definitely have a home server or a NAS for backing up all your important files. Thank you for reading my article.
Article published: 2022-11-17 08:47
Categories: The World of Computers, Information Technology, Internet, Networking, Scripting and Programming
If you promoted your server to a domain controller, you won't be able to change the hostname for Windows Server Domain Controller without inputting commands in the command prompt. Basically, you need to open the command prompt, add a new alternate hostname, make the domain controller your primary hostname, reboot your server, and then remove the old hostname. This is useful if the server's hostname was not changed before the server gets promoted as a domain controller. The order of commands along with the syntax is as follows:
netdom computername oldcomputername.yourlocaldomain.lan /add:newcomputername.yourlocaldomain.lan
netdom computername oldcomputername.yourlocaldomain.lan /makeprimary:newcomputername.yourlocaldomain.lan
shutdown /r /t 0
netdom computername newcomputername.yourlocaldomain.lan /remove:oldcomputername.yourlocaldomain.lan
netdom computername- The command to execute.
oldcomputername- Old hostname (example:
WIN-R61PT45).
yourlocaldomain.lan- Local domain name (example:
graysonpeddie.lan)
newcomputername- New hostname (example:
grayson-dc1)
/add- Adds a new hostname to the domain controller as an alternate hostname. For this example,
newcomputername will be added as an alternate hostname for the domain controller.
/makeprimary- Makes a hostname a primary name for the domain controller.
newcomputername will be the primary name for the domain controller and the oldcomputername will be the alternate hostname for the domain controller.
/remove- Deletes the hostname from the domain controller. In this case, the
/remove flag removes the oldcomputername from the domain controller.
/enumerate- Although not shown in the order of commands above this list of commands, parameters, and flags, this will enumerate the list of hostnames assigned to the domain controller. This flag does not require a parameter, so the colon after the enumerate flag is not needed.
shutdown /r /t 0- This command reboots the server (hence,
/r) immediately (/t 0. The /t 0 flag and parameter is a timer.
dcdiag- Not shown in the list of commands above. This command runs a diagnostic for the domain controller to make sure everything in the domain controller is working fine. There might be some errors and warnings, but if computers can login to the domain controller, it should be fine.
Because I did not know the commands myself, I must give credit to "The ICT Guy" (Twitter profile) for writing an article titled Correctly renaming a Domain Controller for a seamless easy migration. That article has been of great help to me since I am testing Windows Server 2016 Essentials edition as part of my virtual homelab setup. For example, I wanted to test the domain joining functionality in macOS and test an Active Directory integration in Nextcloud using an LDAP/AD integration app. LDAP stands for Lightweight Directory Access Protocol and is used for managing users and groups.
I hope I can be of help to Windows administrators.
Article published: 2022-09-25 01:15
Categories: The World of Computers, Information Technology
Short Version
When creating Linux containers for the purpos of joining them to an Active Directory Domain Controller, make sure the checkbox after the "Unprivileged Container" is unchecked. The "unprivileged container" checkbox is after the "Hostname" edit box. Unprivileged Linux containers won't be able to join to an Active Directory. Essentially, I forgot to uncheck the "Unprivileged Container" and wasted hours of my time, but I consider time well spent when learning the hard way.
Proxmox has "Unprivileged Container" checked by default when creating a new Linux container. That option cannot be changed once a Linux container is created, so the Linux container will have to be deleted in order to start from scratch with "Unprivileged Container" unchecked.
Skip ahead to Long Version section for more details.
Who Is This Article For?
This article is for anyone who has experience with Proxmox. Proxmox is a Linux distribution and it comes with a web interface for running and managing virtual machines and Linux containers. This link will take you to the web page that explains how virtual machines and Linux containers work. The "long version" also mentions SSSD when I was troubleshooting issues while attempting to log into an Active Directory. System Security Services Daemon (SSSD, for short) is what enrolls a Linux client to an Active Directory. A "daemon" in Linux is another name for "services" in Windows that runs in the background. This article is intended for advanced Linux users only.
Long Version
I wanted to see if I can implement Active Directory functionality without needing Windows Server operating system. A software called "Samba" lets me do just that, so I followed instructions on getting Samba's Active Directory Domain Controller (AD-DC, for short) up and running. I set this up in a privileged Linux container. The reason why Linux containers need to have privileges is because when I did a search for "setresgid failed [22][Invalid argument]" (without quotes) in StartPage, I came across a page in GitHub titled Cannot log in with Active Directory users via SSSD on Proxmox #3153. That was when I created a new Linux container and I forgot to uncheck the "Unprivileged Container" checkbox. I did a lot of troubleshooting when I looked into /var/log/sssd/sssd_graysonpeddie.lan.log and /var/log/sssd/krb5_child.log. graysonpeddie.lan is my local domain name for my home network. This web page explains how to setup a Linux client for joining to a Samba domain. From what I have learned, if I execute an id command in my Linux client:
gpeddie@ubuntu-desktop1:~$ id
uid=1451201106(gpeddie) gid=1451201104(grayson peddie) groups=1451201104(grayson peddie),1451200513(domain users)
According to the GitHub page that I linked earlier, the maximum user ID and group ID (UID and GID for short) is 65536 for an unprivileged Linux container. Within the issue page, the max UID and GID can be changed to 1000000000 or something higher. However, as this is for experienced Linux users who know the inner workings of Linux containers, the moral of the story is that "Unprivileged Container" needs to be unchecked in order for domain joining to work.
Warning
Bear in mind that privileged containers are not safe for businesses when it comes to attackers exploiting privileged Linux containers. And yes, it's all about vulnerabilities and exploits when it comes to escaping Linux containers and causing damage to the host; however, for homelab purposes, a privileged Linux container is fine for my needs. If you are concerned about the security of Linux containers, spin up virtual machines instead of Linux containers in Proxmox. Of course, depending on your security hygiene, virtual machines can be as unsafe as privileged and unprivileged Linux containers if you do not have security precautions in place. For more details, learn more about privileged and unprivileged containers.
Article published: 2022-09-22 06:27
Categories: The World of Computers, Computers, Information Technology
Instructions
- From your smartphone (not your desktop or laptop computer), open the Uber application.
- Tap Account. The Account button is located at the bottom right of your smartphone's screen.
- Tap your avatar to the right of your name.
- Tap your email address to change your email address. Skip to step 6 if you do not make use of unique email addresses for every account that you signed up for.
- Once you change your email address, tap Update. Go into your email account and look for an email from Uber. Enter the verification code that Uber gave you.
- Tap your password. You will need to verify your password first before you generate your new password from a password manager.
And you are done! Congratulations! You have successfully changed your unique email address and password! Stay safe!
Cannot Change Email Address and Password in Uber's Website
If you are like me, you watched a video about Uber Has Been Hacked and you have a unique email address and unique password assigned to your Uber account. If you make use of a password manager such as Bitwarden or KeePassXC but do not have more than one email address, that's okay and unique passwords are important anyway. Password managers saved me from re-using passwords and I cannot remember hundreds of passwords.
So you learned about Uber that got hacked and we all know that we should change our passwords, correct? For no reason, Uber won't let me change my email address and password in their website. I have to change that in an Uber app in my smartphone. And yes, I went into my profile after I sign into Uber's website and there is no way to change both my email address and password!
The Only Way To Change Important and Sensitive Information?
That's right! Your smartphone! If you need to change your email address and password, you must open the Uber app in order to change what you need to change. And you know what? My computer is a lot more convenient than my smartphone. Why? Physical keyboard, a mouse, and a large monitor. I have to have my smartphone very close to me due to my visual impairment and the use of my smartphone can hurt my back. It would be nice if I could connect my smartphone to a dock and use my computer monitor, mouse, and keyboard to control my smartphone. That reminds me of Purism's Librem 5 smartphone. I found a video called Desktop and Phone Convergence. Purism Librem 5 is not only a smartphone, but it is more of a general-purpose computer. The smartphone runs PureOS, a Linux distribution made for Librem laptops and Librem 5 smartphone. If Android could do convergence right out of the box, I could turn off my Mac Mini that I currently have in order to save power and just use my smartphone like a computer. That way, I could pull up an Uber application using my mouse and keyboard and I can change my email address and password from there! I do not have to worry about visiting Uber's website.
Surely, we should be able to change our email address and password right from Uber's website, right? At the end of the day, I think we are living in a smartphone-first world where smartphones are all the rage these days. And all the smartphone manufacturers are all copying Apple's designs with the exception of Planet Computer Astro Slide 5G. That smartphone has a built-in physical keyboard and I would love to get my hands on one when it ships. Oh, and you can thank me for providing instructions at the very beginning of my article. Far too many blogging websites make it seem so wordy that their articles provide lots of reasons for changing the password that I would have to scroll down the article in order to view the instructions. Simply read the instructions from the beginning of this article and you can change your email address and password in no time!
And people will always fall for social engineering problems. 🙂
Article published: 2022-09-17 12:16
Categories: The World of Computers, Information Technology, Security
