RSSAll Entries in the "Server Administration Utilities" Category

Ubuntu Remote Desktop – multiple users

When I got my new dedicated server setup with Ubuntu server 12.04 LTS, I wanted to use it both for website hosting and multiple users remote desktop work.
It took me some time to arrange all the steps to have the above completed, and as far as the hosting part was pretty easy, the multiple Ubuntu users desktop setup needed some jugs of coffee before start working as I wanted it.

So, I presume you have logged in to your server with some user already, so we will stat with updating the system:

Next, as I want all Gnome desktop features, will install it completely with:

Unity looks fancy, but I want the old Gnome panel, and I do not need “compiz”, so:

Next what we need is a VNC server.

The tricky part here is that you have to create several configuration files for the Ubuntu Remote Desktop user. This is really time consuming if you have to read all the settings and creating the files by yourself.

It is more easy to start the VNC server which will create the files automatically:

You will be asked for a password so enter it, and then kill the server as we have to make some configuration changes:

Edit the xstartup configuration file:

And make it looks like this:

Now you can start the vnc server with this:

Certainly you can change the settings if you want different Remote Desktop geometry.

Now use your preferred VNC client – http://remmina.sourceforge.net/ (Linux) and http://www.tightvnc.com/download.php (Windows) are my suggestions – and connect to the Ubuntu Remote Desktop server using x.x.x.x:2 as (:2) is the number of display used to run for the client. If you have more than one running you should use different number at the end.

As I saying different desktops, I am going to add another user to my Ubuntu Remote Desktop server.
For this I will need to repeat the above steps for creating (and starting) the VNC profile for each user. This one is not yet automatically implemented, but it is not a big deal.
First I will add another user:

Complete the several steps for creating the user which is including creating the password and user personal information.
(A little trick when you want to add user with administrative privileges is to type the command as : adduser admin
)
Then start the VNC server once to create the VNC password:

Open VNC startup file for the ‘newuser’

And paste the same configuration as for the first user:

Save the file and start the service

Now using VNC client you can connect to the new user Desktop as going to x.x.x.x:3 address.

The next step is to automate a little bit the start-up precess for these Ubuntu Remote Desktop users. Otherwise you have to start vnc4server for each user when the server is rebooted.

So, switch to root (it is just more easier) and then create vncserver folder and create file as vncservers.conf:

Inside put the following massive:

Where ‘user’ is the main user you are dealing with (the one we configured VNC for initially) and ‘newuser’ which is the second user are we have created. If you have more users created and the above steps for settings passwords and vnc4srver start-up completed, add more lines accordingly wit (:4),(:5) etc. screens.

Then create startup script for VNC server as:

And put the following lines inside:

Make the script executable, and add it to the startup scripts:

Now:

And all added users in /etc/vncserver/vncservers.conf will be able to connect via Remote Desktop.

Certainly make sure VNC ports are anebled on the firewall.

Also take in mind that VNC is alsways better to be combined with SSH tunnel as its encryption and vulnerability issues are well known.

Tags

Extract certificates from P7B

P7B extract to certificatesThis will be quick tutorial about how to convert P7B to certificate. Actually we will extract certificates from PKCS #7 file using OpenSSL.
Here I have to mention one issue which is really often met and it is with the beginning and the end of the certificate provided. It depends on the OpenSSL version, but for now if the beginning and the end of the certificate are like:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
will lead to the following error when you try to extract the SSL certificates:
error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: PKCS7 .
Let’s examine P7B certificate to see how to avoid such error.

 

Your certificate could be much longer as digits, but I put […] to shorten the listing on mine. Anyway if your certificate has the same beginning and end, you should change it to:

I have changed:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
to
—–BEGIN PKCS7—–
and
—–END PKCS7—–
in order to accommodate the OpenSSL “Expecting: PKCS7

Now we can run the OpenSSL command which will extract PKCS7 certificates from the P7B file .
Note: this command works for both Linux and Windows machines with installed OpenSSL.

The output which prints the stored in the p7b file certificates will be similar to this one:

All this certificates will be stored into the pem.cer file as per the example. The first one is the certificate itself and the following two are CAs signing the certificate.

Another useful option is if you want to merge SSL certificate and key into PFX file

Tags

Log off user in Windows

This will be a quick one. There was inquiry from one of our visitors how to log off remote users on Windows server, and I will provide a quick example.

To have a view on the currently logged users, the best way will be trough the Task Manager. To open it remotely just right click on the Windows Task Bar.

Right click Windows Taskbar

Once the Task Manager is opened, click on the Users tab and you will find a list of the currently logged users.

Taks Manager currenlt logged users

Right-click and log off Windows user according to your needs.

Log off Windows user remotely.

You can log off remote user as well as the local ones.

301 redirect checker script

This tutorial contains 301 redirect checker script which I have created after spending more than half an hour searching the Internet for something suitable I can use for my needs. While I was searching I found only separate web pages with fields where you can check one – two URLs or heavy applications that can be installed, and yet not covering my needs. Certainly, there were paid 301 redirect checker solutions which can be used to check 301 Permanent Redirect, but I am not sure whether it does worth to buy such. The purpose of this checker in most cases is only to see if a particular pages redirect permanent covering the SEO (Search Engine Optimization) requirements.

In my case part of the OnlineHowTo.net is moving over Free Tutorials Submit dot com, and from SEO perspective, the tutorials moved have to be with 301 redirect to their new URLs.

I decided to write it as Linux bash 301 redirect checker script because it can be run on almost any Linux machine with curl installed and easily added to the Crontab. I believe the script is rather easy to be understood and used, even by not so experienced administrators.

What the redirect script is doing is to gather the URLs you want to check from an external file (in my case: /opt/scripts/301URLs.txt ), where every URL is placed on a separate line like this:

I chose this way as most of the get-all-urls-from-domain applications provide the listing like this, but certainly you can choose (and then modify a little bit my script) different format.
Then using simple bash loop it reads every line one by one, processing it with CURL extracting the headers (curl -I option).
Every header contains information similar to:

Once we have this information we can easily egrep for the 301 Moved Permanently part and if it exist, the 301 redirect checker script continues with the next URL. If the redirect is something different it writes down the URL into the /tmp/301report.txt file.

Finally the script checks whether the /tmp/301report.txt file exist – it will be created only if there is even one different from 301 Moved Permanently redirect – and will send it via e-mail to the address you have set in the EMAIL variable. If there are no such file, the script will end with no report.

Here is the whole script which you can freely use and modify as per your needs:

 

To be honest, I am using a little bit modified 301 redirect checker script, which is also checking whether the redirected URL is the one I need, but it is more complicated and may confuse you if you have to modify it.
Also, more elegant solution will be if you decide to use array, but this redirect checker script fits my needs perfect.
Also I have put sleep command as if the number of the URLs is too big, it may lead to server abuse and blocking the IP you are checking the redirect from. If you do not need the script to wait 5 seconds for every URL, just remove that line.

Hope this scrip will cover your needs as well. Your comments and suggestions are welcome.

Tags

Update missing Urchin statistics

With few steps I will show you how to update missing Urchin statistics, or just to update them from the web server access logs.

You must have at least certain knowledge where the access logs are, and what is the server configuration to update Urchin.

First login to your Urchin panel as administrator, and then go to ‘Configuration ‘“ Urchin Profiles ‘“ Log manager’.
There find the domain you want to update and click on ‘Edit’ (the one with the wrench icon).

Load average monitor script for FreeBSD servers with mailing option.

Recently I had problems with two of the servers I support because of DDoS attacks in the datacenter. Then I needed some load average reports for these servers, a script to inform me or directly to stop the network service if heavy pressure is taken.
Previously I haven’t needed load average script since the servers are just storages and those I have used were either for Fedora or Debian servers.

I decided not to ‘invent the hot water’ and went through the Internet to find solution.
Certainly the first search engine result for ‘Load average monitor script BSD server‘was at FreeBSD forums .

Unfortunately that script was not working with just copy and paste and I spend some time to graze it for my servers. The final version became this: