Squid proxy authentication using ncsa_auth helper

Step # 1: Create a username/password

First create a NCSA password file using htpasswd command. htpasswd is used to create and update the flat-files used to store usernames and password for basic authentication of squid users.
# htpasswd /etc/squid/passwd user1
Output:

New password:
Re-type new password:
Adding password for user user1

Make sure squid can read passwd file:
# chmod o+r /etc/squid/passwd

Step # 2: Locate nsca_auth authentication helper

Usually nsca_auth is located at /usr/lib/squid/ncsa_auth. You can find out location using rpm (Redhat,CentOS,Fedora) or dpkg (Debian and Ubuntu) command:
# dpkg -L squid | grep ncsa_auth
Output:

/usr/lib/squid/ncsa_auth

If you are using RHEL/CentOS/Fedora Core or RPM based distro try:
# rpm -ql squid | grep ncsa_auth
Output:

/usr/lib/squid/ncsa_auth

Step # 3: Configure nsca_auth for squid proxy authentication

Now open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Append (or modify) following configration directive:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

Also find out your ACL section and append/modify
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users

Save and close the file.
Where,

• auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd : Specify squid password file and helper program location
• auth_param basic children 5 : The number of authenticator processes to spawn.
• auth_param basic realm Squid proxy-caching web server : Part of the text the user will see when prompted their username and password
• auth_param basic credentialsttl 2 hours : Specifies how long squid assumes an externally validated username:password pair is valid for - in other words how often the helper program is called for that user with password prompt. It is set to 2 hours.
• auth_param basic casesensitive off : Specifies if usernames are case sensitive. It can be on or off only
• acl ncsa_users proxy_auth REQUIRED : The REQURIED term means that any authenticated user will match the ACL named ncsa_users
• http_access allow ncsa_users : Allow proxy access only if user is successfully authenticated.

Restart squid:
# /etc/init.d/squid restart
Now user is prompted for username and password.

Source: http://www.cyberciti.biz/tips/linux-unix-squid-proxy-server-authentication.html

How to download entire website using wget

$ wget \

    --recursive \

    --no-clobber \

    --page-requisites \

    --html-extension \

    --convert-links \

    --restrict-file-names=windows \

    --domains website.org \

    --no-parent \

        http://www.domainname.com/tutorials/

Enabling PHP module

Things to keep in mind when enabled a PHP module:

• Check the loaded configuration file
  user@localhost:~$ php --ini
• In your php.ini, find what directory the loaded extension reside: extension_dir
• Copy the module to the extension directory

How to display articles from a wordpress site to a non-wordpress site?

The following solution will work only if the two sites are hosted on the same server.

- Include the wp-config.php to your non-wordpress site.
- To display news you may use the following:

$post = get_post($articleID); // to get a specific article

$args = array(
            'post_type' => 'post',
            'numberposts' => 50,
            'post_status' => 'publish',
            'category' => $articleCategory // will accept comma separated categories
            );

Note: If you're non-wordpress site uses PHP's $_SESSION for log in or other things, be sure to modify the wp-includes/load.php

Change the line:

$input = array_merge( $_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset( $_SESSION ) && is_array( $_SESSION ) ? $_SESSION : array() );

To:

$input = array_merge( $_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES );

How to retrieve PHP's $_SESSION from a page called by cURL

Code for the page where you do cURL:

 <?php  
 $ch = curl_init();  
 curl_setopt($ch, CURLOPT_URL,"url of the page");   // The URL to fetch
 curl_setopt($ch, CURLOPT_POST, 1);   // Do a regular HTTP POST
 curl_setopt($ch, CURLOPT_POSTFIELDS, "var1=value1&var2=value2&var3=value3");   // The full data to post in a HTTP "POST" operation
 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);   // Return the transfer as a string of the return value of curl_exec() instead of outputting it out directly. 
 $curl_response = curl_exec ($ch);   // Perform a cURL session
 curl_close ($ch);    // Close a cURL session
 $response = json_decode($curl_response);   // Returns the value encoded in json
 session_start();  
 foreach($response as $key => $val) $_SESSION[$key] = $val;  
 var_dump($_SESSION);  
 ?>  

Code for the page you call via cURL:

 <?php  
 session_start();  
 /* If you are working on a page that will connect to a database then:  
  * - put all require or include statements  
  * - db connection instantiation  
  * - script to process the $_POST variables  
  * - assign $_SESSION variables  
  */  
 echo json_encode($_SESSION);   // Returns the JSON representation of a value
 ?>  

How to revert git patch

git apply -R patchname.patch

Conflict With Rogue RPM

In this example, MySQL causes the installation process to fail:

[20130128.230346] Testing RPM transaction
[20130128.230348] error: Failed dependencies:
[20130128.230348] MySQL conflicts with *mysql-5.0.77-4.el5_4.2.i386*
[20130128.230348] W Exit Code: 254
[20130128.230348] ***** FATAL: Test install failed: error: Failed dependencies:
[20130128.230348] MySQL conflicts with mysql-5.0.77-4.el5_4.2.i386
[20130128.230348] The Administrator will be notified to review this output when this script completes
[20130128.230348] E Error testing if the RPMs will install: Died at /usr/local/cpanel/scripts/updatenow.static line 12517.
[20130128.230348] E Detected events which require user notification during updatenow. Will send iContact the log

Notice the version of MySQL in the update log. We can look closer at it with the following command: rpm -qa|grep mysql-5

# rpm -qa|grep mysql-5
mysql-5.0.77-4.el5_4.2

Then, we can compare that RPM to the other MySQL RPMs in the repository:

MySQL-server-5.5.28-2.cp.1132
MySQL-devel-5.5.28-2.cp.1132
MySQL-client-5.5.28-2.cp.1132
MySQL-test-5.5.28-2.cp.1132
MySQL-shared-5.5.28-2.cp.1132

The solution to this conflict is to remove the rogue RPM file and run the cPanel update process again.

Source: http://docs.cpanel.net/twiki/bin/view/AllDocumentation/InstallationGuide/RPMTroubleshoot

In order to resolve this cPanel support suggested running:

rpm -e --nodeps --justdb mysql-5.0.45-7.el5.i386
If done correctly, it will just drop you back to the prompt.  Then try your update again.
 

What the above command does is not actually erase any RPM or dependencies from your server. It just hides the installed RPM from the RPM database so that the cPanel updater doesn't see it and won't have a conflict with it when it goes to install the proper version of MySQL that it wants to install.


Source: http://blog.zweck.net/

Garlic Mosquito Repellent

• Ingredients: Minced garlic, mineral oil, and lemon juice
• Cost: Less than $5
• Directions:

Mince a few cloves of garlic then cover with mineral oil. Allow it to sit for at least 24 hours. Next you take a teaspoon of *just the oil* and mix it with 2 cups of water and 1 teaspoon of freshly squeezed lemon juice. Strain through a cheesecloth if you have any floaties then pour into a spray bottle. Shake before each use.

Recipe from Tipnut

How to choose good passwords

What not to do when choosing a password

• Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
• Do not choose a password that is a word (English or otherwise), proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a "dictionary" of passwords.
• Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter "l" to the digit "1", writing a word backwards, etc. For example, "password,123" is not a good password, since adding ",123" is a common, simple transformation of a word.
• Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.

The best method for choosing passwords

The single best method for generating passwords is to do the following:

1. Make up a sentence you can easily remember. Some examples:
   • I have two kids: Jack and Jill.
   • I like to eat Dave & Andy's ice cream.
   • No, the capital of Wisconsin isn't Cheeseopolis!
2. Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become:
   • Ih2k:JaJ.
   • IlteD&A'ic.
   • N,tcoWi'C!

As you can see, the passwords generated by this method can be fairly secure, but are easy to remember if the sentence you pick is one that is easy for you to remember. In cases where an application allows long passwords, you could possibly use the entire phrase as your "password".
Please don't use one of the sentences above to generate your password.

Another password selection method

If you don't wish to use the above method, the following method also generates "reasonably secure" passwords (though not quite as good as the method above) that may be easier to remember:

1. Choose two or more unrelated words such as:
   • unix & fun
   • book & goat
   • august & brick
2. Join the words with a non-alphabetic character or two.
3. Make at least one change (for example, uppercase a letter or add another character) to one or more of the words (preferably not just at the very beginning or end of the password).

Some example passwords generated using this method:

• unix+PhUn
• bo!ok29goat
• august,=bRICK

Please don't use one of the passwords above.

How long does my password have to be?

In general, the longer a password is, the harder it is for somebody to guess or brute-force it. Password selection trades off security with convenience and the ability to remember it. Eight characters should be the absolute minimum length. SCS Kerberos passwords may of practically unlimited length (the limit is at least several hundred characters). Windows 2000 and Windows XP support a maxiumum password length of 127 characters. There are a few cases where you might run into password length limitations:

• Some older Unix systems may only support passwords up to 8 characters, or ignore any letters after the first 8. This should not be a limitation if you login with your Kerberos password to Facilitized SCS hosts.
• Some applications for reading e-mail via POP may have trouble with long (greater than 8 character) passwords. This should only affect your choice of a .mail Kerberos instance password, not your main Kerberos password.
• Windows 98 and 95 only support passwords up to 14 characters long.

In a Windows environment, there are certain security advantages to be gained if your password is 15 characters or longer.

Can I write my password down?

You should avoid writing down your password or giving it to others. You should especially avoid writing it down and leaving it in a non-secured place such as on a post-it on your monitor or a piece of paper in your desk. If you absolutely must write something down, we suggest doing the following:

• Don't write down the entire password, but rather a hint that would allow you (but nobody else) to reconstruct it.
• Keep whatever is written down in your wallet or other place that only you have access to and where you would immediately notice if it was missing or someone else gained access to it.

Why is this important?

It is very common for intruders to attempt to break-in to systems (both Unix and Windows) at SCS by trying to guess people's passwords. Sometimes they succeed, and when they do it is often because people chose very poor passwords (like "password" or "administrator"). These break-ins can result in a significant amount of downtime, lost work, and loss of privacy (for example, if there is credit card and other financial data on your machine). Intruders often also install keyboard sniffers that let them gather additional passwords and put more machines at risk. They can also conduct dictionary attacks against a host's password database, and literally try out tens of thousands of potential passwords per second, which is why words and simple variants of words are not good passwords.

Additional information

The following off-site links will open in a new browser window:

Ten Windows Password Myths

Discusses some misconceptions about choosing passwords under Windows (and with some application to Unix) and provides some helpful additional information about ways to choose good passwords. 

 

 

article source: http://www.cs.cmu.edu/~help/security/choosing_passwords.html

Rackspace cloud services

How to Use Rackspace SQL cloud databases:
http://www.bybe.net/blog/how-to-use-rackspaces-sql-cloud-databases.html

How magento hash passwords

md5($salt.$password).":".$salt

How to align center the main div

margin: 0 auto;