Linux: Fedora 34 openconnect failed to connect after upgrade from fedora 33

when using openconnect to connect to VPN on Fedora 34

[myapit@fedora.io ~]# openconnect --authenticate access.xx.xx:443 -status -msg -debug -v
MTU 0 too small
POST https://access.xx.xx/
Attempting to connect to server access.xx.xx:443
Connected to access.xx.xx:443
SSL negotiation with xxx.xxx.xxx.xxx
SSL connection failure: A packet with illegal or unsupported version was received.
Failed to open HTTPS connection to access.xx.xx
Failed to obtain WebVPN cookie

Run this command to make it work

#update-crypto-policies --set LEGACY

this will make old type of ciphers work

To switch the system-wide cryptographic policy to the LEGACY level, enter those command as root.

Credit to George Valentin Voina who found this solution.

Reference(s):

https://blog.voina.org/support-for-old-vpns-using-legacy-ciphers-on-fedora-linux/

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

Linux: CentOS 7 Apache PHP Umask

Setting web server so apache/php will write file with permission “rw-rw-r–”

For web server which use PHP-FPM

1. Create new file name umask.conf under this directory
# /etc/systemd/system/php73-php-fpm.service.d/

content of the file:

[Service]
UMask=0002


2. Save the file and restart php-fpm service
# systemctl daemon-reload && systemctl restart php-fpm.service

and done.

For web server which use php as module

1. Same as above except the umask.conf must in
# /etc/systemd/system/httpd.service.d/

Centos 6

1. add “umask 002” inside this file
# /etc/sysconfig/httpd

Windows : Frequently used command

Collection of commands use in windows commandpromt or powershell

1. Rename Bulk

Use the following in a cmd shell:
# for /f "tokens=*" %a in ('dir /b') do ren "%a" "00_%a"

In a batch file (replace % with %%):
# for /f "tokens=*" %%a in ('dir /b') do ren "%%a" "00_%%a"

To perform this For loop on folders (directories) instead of files, simply include the /D switch.
# for /D %a in (*) do ren "%a" "00_%a"

Linux : Extend Logical Volume Manager (LVM) Partitions

Steps to extend logical volume manager (lvm) partitions on CentOS 7.

1. Check if there is any free space.
# cfdisk /dev/sda

2. Create new partition. You can use cfdisk or fdisk. If using fdisk, the command is below.
# fdisk /dev/sda
n
p
t
8e
w


3. After create partition, we need to re-probe the partition.
# partprobe /dev/sda

4. Create Physical Volume (PV)
# pvcreate /dev/sda4

verify current PV
#pvs

List physical volume
#pvdisplay

5. Add the PV to existing volume group (VG).
# vgextend vg_root /dev/sda4
# vgs

6. Extend VG size.
get number of free size. Free PE/Size.
# vgdisplay

extends it
# lvextend -l +5026 /dev/vg_root/root
-alternative command : lvresize

verify using vdisplay and Free PE/Size will be 0

7. Expend the VG to logical volume (LV).
# xfs_growth /dev/vg_root/root

if your filesystem is ext4, use this command.
#resize2fs

.Done

P/S:
Tested on CentOS 7.7

 

Legend:

PP = Physical Partition
PV  = Physical Volume
VG = Volume Group
LV = Logical Volume
FS = Filesystem

Extra note:

to detect current live/active disk when you added new space:-

To detect changes to existing disk
#echo 1 > /sys/class/block/sdX/device/rescan
**replace X with drive letter

To detect new disk
#echo 1 > /sys/class/scsi_device/X:X:X:X/device/block/device/rescan


Minimalist steps without pictures/images.

=============================================
1. Check if there is any free space.
# cfdisk /dev/sda

2. Create new partition. You can use cfdisk or fdisk. If using fdisk, the command is below.
# fdisk /dev/sda
n /  p / t / 8e / w

3. After create partition, we need to re-probe the partition.
# partprobe /dev/sda

4. Create Physical Volume (PV)
# pvcreate /dev/sda4

verify current PV uisng  # pvs
List physical volume   # pvdisplay

5. Add the PV to existing volume group (VG).
# vgextend vg_root /dev/sda4

Identify # vgs

6. Extend VG size.
get number of free size. Free PE/Size.
# vgdisplay

extends it
# lvextend -l +5026 /dev/vg_root/root
OR
# lvextend -L+5G /dev/vg_root/root

-alternative command : lvresize
[using vgdisplay get Free PE/Size] verify using vgdisplay and Free PE/Size will be 0

7. Expend the VG to logical volume (LV).
# xfs_growth /dev/vg_root/root

if your filesystem is ext4, use this command.
#resize2fs

p/s:
location of Logical Volume 
ls -lah /dev/vg_root

hierarchy :-
PV  = Physical Volume (/dev/sda5)
VG = Volume Group     (/dev/vg_root)
LV = Logical Volume   (/dev/vg_root/root) (/dev/vg_root/var)
=============================================================

Code: PHP extension development introduction

Introduction to develop our own PHP extension. In this exercise, I’m going to use Fedora Linux.

Prepare build environment and requirement.
# yum groupinstall "Development Tools"
# yum install php-devel php-cli
and this will install all development dependencies.

Steps to produce PHP Extension HelloWorld.

Step 1 : create extension directory.
# mkdir php_ext_helloworld
# cd php_ext_helloworld

Step 2: make 3 files with the code.
File: config.m4

PHP_ARG_ENABLE(php_helloworld, Whether to enable the HelloWorldPHP extension, [ --enable-helloworld-php Enable HelloWorldPHP])

if test "$PHP_HELLOWORLD" != "no"; then
PHP_NEW_EXTENSION(php_helloworld, php_helloworld.c, $ext_shared)
fi


File: php_helloworld.h

// we define Module constants
#define PHP_HELLOWORLD_EXTNAME "php_helloworld"
#define PHP_HELLOWORLD_VERSION "0.0.1"

// then we declare the function to be exported
PHP_FUNCTION(helloworld_php);

File : php_helloworld.c

// include the PHP API itself
#include
// then include the header of your extension
#include "php_helloworld.h"

// register our function to the PHP API
// so that PHP knows, which functions are in this module
zend_function_entry helloworld_php_functions[] = {
PHP_FE(helloworld_php, NULL)
{NULL, NULL, NULL}
};

// some pieces of information about our module
zend_module_entry helloworld_php_module_entry = {
STANDARD_MODULE_HEADER,
PHP_HELLOWORLD_EXTNAME,
helloworld_php_functions,
NULL,
NULL,
NULL,
NULL,
NULL,
PHP_HELLOWORLD_VERSION,
STANDARD_MODULE_PROPERTIES
};

// use a macro to output additional C code, to make ext dynamically loadable
ZEND_GET_MODULE(helloworld_php)

// Finally, we implement our "Hello World" function
// this function will be made available to PHP
// and prints to PHP stdout using printf
PHP_FUNCTION(helloworld_php) {
php_printf("Hello World! (from our extension)\n");
}


Step 3: build it.
inside the current working directory (php_ext_helloworld).
# phpize
# ./configure --enable-php-helloworld
# make
# make install

Step 4: Test
test the new extension.
# php -d extension=php_helloworld.so -r 'helloworld_php();'

Finish.

p/s: tested on Fedora Linux with PHP 7.3

Building on windows note.
change config.m4 to config.w32 and the content of the file to …

ARG_ENABLE("helloworld", "helloworld support", "yes");

if (PHP_HELLOWORLD == "yes") {
EXTENSION("helloworld", "php_helloworld.c");
}

to build it, use nmake to replace make.

Done.

credits to :
Jens A. Koch (https://stackoverflow.com/users/1163786/jens-a-koch)

Good References:
https://www.php.net/manual/en/internals2.structure.php

Extending php (7), the basics from Pierre Joye

https://web.archive.org/web/20111101050807/http://devzone.zend.com/article/1021
https://www.sitepoint.com/developing-php-extensions-c-php-cpp-advanced/

Linux: Create SWAP File on CentOS

This is how to add new swap memory using Swap File. Do do this, we need root privileges.

1. Create swap file using dd command.
[root@mysqlserver /]# dd if=/dev/zero of=/myswap0 bs=1M count=2048
2048+0 records in
2048+0 records out
2147483648 bytes (2.1 GB) copied, 3.96957 s, 541 MB/s

2. Format that swap file and set the permission mode.
[root@mysqlserver /]# mkswap /myswap0
Setting up swapspace version 1, size = 2097148 KiB
no label, UUID=ea20624e-17ba-48ee-b4d5-ebbe6fa85cf9
[root@mysqlserver /]#chmod 600 /myswap0

3. Load on the swap.
[root@mysqlserver /]# swapon /myswap0

4. Verify if the swap is loaded.
[root@mysqlserver /]# swapon --show
NAME TYPE SIZE USED PRIO
/dev/dm-1 partition 4G 4G -2
/myswap0 file 2G 0B -3

5. Edit /etc/fstab and add new line of config to reload the swap when OS reboot.
/myswap0 swap swap defaults 0 0

6. Using free to check current memory usage.
[root@mysqlserver /]# free -m
total used free shared buff/cache available
Mem: 128714 118142 333 118 10239 9569
Swap: 6143 4094 2049

Finish.

Tested on CentOS 7

Git: Basic gitlab command

Command line instructions
You can also upload existing files from your computer using the instructions below.

Git global setup
git config –global user.name “myapit”
git config –global user.email “xxxxxx@gmail.com”

Create a new repository
git clone https://gitlab.com/myapit/cprogramming.git
cd cprogramming
touch README.md
git add README.md
git commit -m “add README”
git push -u origin master

Push an existing folder
cd existing_folder
git init
git remote add origin https://gitlab.com/myapit/cprogramming.git
git add .
git commit -m “Initial commit”
git push -u origin master

Push an existing Git repository
cd existing_repo
git remote rename origin old-origin
git remote add origin https://gitlab.com/myapit/cprogramming.git
git push -u origin –all
git push -u origin –tags

Linux : setup Apache web server using multi-version of PHP FPM on CentOS

Prerequisite:-
CentOS 7 with remi and epel repos.

In this example, we are going to use php version 7.0 with php version 7.2.

steps:

1. Install apache as usual with LoadModule mpm_event_module modules/mod_mpm_event.so.
2. Install php 7.0 with FPM  from remi repos.
3. Install php 7.2 with FPM from remi repos.
4. Create 2 files config in /etc/httpd/conf.d
   # touch php70-fpm.conf
# touch php72-fpm.conf
5. Edit php70 config file and enter the following content:-
   <Proxy "unix:/var/run/php-fpm/php-fpm-70.sock|fcgi://php72-fpm">
ProxySet disablereuse=off
</Proxy>
6. Doing the same config to php72 but change number from 70 to 72.
7. Create 2 new apache config files, each specifically for specific folder to run which php version. Each in /etc/httpd/conf.d
   # touch www-php70.conf
# touch www-php70.conf
8. Enter the following config in each file.
<Directory "/var/www/html/php72demo">
RewriteEngine On
RewriteOptions Inherit
<FilesMatch \.php$>
SetHandler proxy:fcgi://php72-fpm
</FilesMatch>
<LimitExcept GET POST>
Deny from all
</LimitExcept>
Options FollowSymLinks IncludesNoExec
AllowOverride All
Order allow,deny
Allow from all
</Directory>
9. Change each php version  setting in /etc/opt/remi/php72/php-fpm.d
   # change from lister to ip, to listen to socket.
   listen = /var/run/php-fpm/php-fpm-72.sock
   listen.owner = apache
   listen.group = apache
10. save and restart apache including php-fpm for each version.

BONUS !

Apache setting to run different version of PHP.

1. Create folder “myphpapacheconfig” in /etc/httpd/
2. Create empty file, name it to “apache-php-73.conf” and put the content below
   
<Directory "/var/www/html/myphp73website">;
RewriteEngine On
RewriteOptions Inherit
Deny from all
Options FollowSymLinks IncludesNoExec
AllowOverride All
Order allow,deny
Allow from all
# Put This Line Only in httpd setting to use php version without any other setting
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php-fpm/php-fpm-73.sock|fcgi://php73-fpm"
</FilesMatch>
</Directory>

Tested on : CentOS Linux release 7.5.1804 (Core)

p/s:
currently incomplete tutorial. will update soon.

Linux : Rescue Mode or Single Mode or Maintenance Mode on CentOS 7

To enter rescue mode or single mode or maintenance mode in CentOS 7.

1. At the GRUB boot screen press “e”  to modify the boot options and below screen will appeared.

2. Select a linux16 entry and add the following parameter:
systemd.unit=rescue.target

3. Press Ctrl + X to boot the system into rescue mode and screen like below will appeared.

Done.

Linux: CentOS 7 firewall management using firewall-cmd

From manual page:

firewalld provides a dynamically managed firewall with support for network/firewall zones to define the trust level of network connections
or interfaces. It has support for IPv4, IPv6 firewall settings and for
ethernet bridges and has a separation of runtime and permanent
configuration options. It also supports an interface for services or
applications to add firewall rules directly.

Zones:
A network or firewall zone defines the trust level of the interface
used for a connection. There are several pre-defined zones provided by
firewalld. Zone configuration options and generic information about
zones are described in firewalld.zone(5)

Services:
A service can be a list of local ports, protocols and destinations and
additionally also a list of firewall helper modules automatically
loaded if a service is enabled. Service configuration options and
generic information about services are described in
firewalld.service(5). The use of predefined services makes it easier
for the user to enable and disable access to a service.

ICMP types:
The Internet Control Message Protocol (ICMP) is used to exchange
information and also error messages in the Internet Protocol (IP). ICMP
types can be used in firewalld to limit the exchange of these messages.
For more information, please have a look at firewalld.icmptype(5).

Runtime configuration:
Runtime configuration is the actual active configuration and is not
permanent. After reload/restart of the service or a system reboot,
runtime settings will be gone if they haven’t been also in permanent
configuration.

Permanent configuration:
The permanent configuration is stored in config files and will be
loaded and become new runtime configuration with every machine boot or
service reload/restart.

Direct interface:
The direct interface is mainly used by services or applications to add
specific firewall rules. It requires basic knowledge of ip(6)tables
concepts (tables, chains, commands, parameters, targets).

BEGIN
Command used to manage firewalld is firewall-cmd.
Firstly , web install firewalld using
#yum install firewalld

and enable/run
#systemctl enable firewalld
#systemctl start firewalld

-Verify service running or not
#firewall-cmd --state

-Get all available zones
#firewall-cmd --get-zones

-Get default zone (this zone that we gonna use)
#firewall-cmd --get-default-zone

-Get active zone (will display with Ethernet iface)
#firewall-cmd --get-active-zones

-Get list of setting for each zones
#firewall-cmd --list-all

-Get available services  ( http, ssh, https, etc … ) to enable it on zone
#firewall-cmd --get-services

-SET http service for zone public (default zone actived) and make it permanent ( will remain even after reboot)
#firewall-cmd --zone=public --add-service=http --permanent

-Verify if service setted.
#firewall-cmd --zone=public --permanent --list-services

-Set and verify zone using port number or port range.
#firewall-cmd --zone=public --permanent --add-port=8080/tcp
#firewall-cmd --zone=public --permanent --list-ports

After complete all setting, reload the firewall service to make sure setting work.
#firewall-cmd --reload

Add-on:-
Adding new zone to specific port with specific ip range.

#firewall-cmd --new-zone=secret--permanent
#firewall-cmd --reload
#firewall-cmd --zone=secret--add-source=10.202.0.0/32
#firewall-cmd --zone=secret--add-port=2200/tcp


*Tested on CentOS Linux release 7.5.1804 (Core)
References :
Linux Manual Page
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7