How to disable ModSecurity rules

1. View ModSecurity Audit Log File.

  • We need to first find the rules that are being triggered by ModSecurity on your webserver.
  • Open the tail end of the ModSecurity log file called modsec_audit.log to view the last entries made to the log file.
  • For Apache2 servers it is located in /var/log/apache2/ 
  • Open the Terminal Window and enter :
sudo tail /var/log/apache2/modsec_audit.log --lines 60 | less
  • The output should look similar to this screenshot below.
  • Look for Access denied with code 403 and work backwards to find the start of the rule entry based on the log entry id.
  • In this case the log entry ID is –00aee77f (see marked in yellow)
  • Find the GET item – in this example it is /modern-classic (see marked in blue)
  • Find the ModSecurity rule that was triggered by the GET – in this example the rule id 958291 (see marked in purple)

Read More

One Liner Command to Check If Linux Process is Running

I would like to share one liner command to check if a Linux process is running. Below is the one liner command and you can replace “sendmail” to any process you want to check: –

chkdaemon="sendmail" ; ! pgrep $chkdaemon >/dev/null && echo "$chkdaemon not running" || echo "$chkdaemon is running"

I will be sharing more useful commands. Thank you and have fun.

Setup Relay Host Port and SMTP Authentication Client in Postfix

This setup will help you to route all outgoing email through your ISP SMTP server using different port number and that SMTP server requires you to authenticate before relaying. For this scenario, the ISP SMTP server is Exim.
1. Edit this file /etc/postfix/main.cf and add relayhost to point to your ISP SMTP server with port number as below: –
relayhost = mail.example.com:2525
2. Add the next parameter to allow Postfix to authenticate before relaying outgoing email as below: –
smtp_sasl_auth_enable = yes Read More

Automate the Windows installation by using a sample answer file

Download the Windows Deployment sample answer files. In Notepad, open the file for your PC type, for example, Autounattend_x64_UEFI.xml. This file contains all of the settings that are needed to automate the installation process.
If you’re creating PCs for consumers, add your technical support info to the OEMInformation section, including your company name (Manufacturer) and website (SupportURL). For info, see the Licensing and Policy guidance on the OEM Partner Center. Read More

Create CSR using OpenSSL Without Prompt (Non-Interactive)

In this article you’ll find how to generate CSR (Certificate Signing Request) using OpenSSL from the Linux command line, without being prompted for values which go in the certificate’s subject field.
In the first example, i’ll show how to create both CSR and the new private key in one command.
And in the second example, you’ll find how to generate CSR from the existing key (if you already have the private key and want to keep it).
Both examples show how to create CSR using OpenSSL non-interactively (without being prompted for subject), so you can use them in any shell scripts. Read More

Test HAProxy

To check whether HAproxy is working properly, we can do the following.
First, prepare test.php file with the following content:

< ?php
header('Content-Type: text/plain');
echo "Server IP: ".$_SERVER['SERVER_ADDR'];
echo "\nX-Forwarded-for: ".$_SERVER['HTTP_X_FORWARDED_FOR'];
?>

Read More