Move WordPress login page with Apache config

Posted by james on 4 August 2014, 10:22 pm

Here’s a way to move your wordpress login page from wp-login.php to (in this case) /blog/secret-login-page with Apache rules.

Note this is akin to moving ssh from port 22, you should set up strong authentication, rename your admin user and possibly consider one of the wordpress security plugins before using this.

# move WordPress login page 
<Location "/blog/secret-login-page"> 
RequestHeader set X-WPTOKEN mysecretheader
</Location> 

RewriteCond %{HTTP:X-WPTOKEN} !=mysecretheader 
RewriteCond %{HTTP_REFERER} !^.*/blog/secret-login-page$ 
RewriteRule ^.*/wp-login.php$ - [R=404,L] 

ProxyPass /blog/secret-login-page http://example.com/blog/wp-login.php

You should change the header value and the location of your “secret” login page. If you hit this URL on unsecured networks (eg public wifi), finding the location of this page will not be difficult – but you could move the URL to https.

rndsleep – add a random delay to cron jobs

Posted by james on 15 July 2014, 9:14 pm

A command-line utility written in Go to sleep for a random period, then run another command line executable.

Typical usage would be to run puppet agent in onetime mode in cron to save resources – the random sleep will help to avoid thundering herd issues at the puppetmaster.

rndsleep --randmax=30 --command="puppet agent --no-daemonize --onetime"

would run puppet agent with a random timeout of 0-30s.

Can be compiled on all platforms that Go is available for. Download it from github.

Comment-line in emacs

Posted by james on 13 July 2014, 8:16 pm

To comment/uncomment a line in emacs, add this to your ~/.emacs

;; comment line
(defun comment-or-uncomment-region-or-line ()
    "Comments or uncomments the region or the current line if there's no active region."
    (interactive)
    (let (beg end)
        (if (region-active-p)
            (setq beg (region-beginning) end (region-end))
            (setq beg (line-beginning-position) end (line-end-position)))
        (comment-or-uncomment-region beg end)
        ;(next-line)
	))
(global-set-key (kbd "M-#") 'comment-or-uncomment-region-or-line)

(courtesy of Gerstmann on StackOverflow)

2 tools for creating packages

Posted by james on 13 July 2014, 8:04 pm

2 tools for creating RPMs, DEBs, etc easily: fpm & checkinstall

Using ssh agent for sudo authentication on debian

Posted by james on 6 July 2014, 9:58 am

Using this ubuntu guide with 2 changes.

1. Change the configure line to

./configure --libexecdir=/lib/x86_64-linux-gnu/security/ --with-mantype=man

2. Instead of editing the sudoers file, create a file under sudoers.d (more modular):

echo "Defaults env_keep += SSH_AUTH_SOCK" > /etc/sudoers.d/ssh_auth

Also note that the latest version of this module on sourceforge is more recent than linked.

Cleaning up repos in cobbler

Posted by james on 28 June 2014, 3:44 pm

Here’s a cobbler snippet that disables the default repomirror (presuming you are serving the rpms yourself) and adds the updates channel

# disable Centos Base Repo (get updates elsewhere) sed -i -e 's/^/#/g' /etc/yum.repos.d/CentOS-Base.repo # download updates repo file wget -O - http://$http_server/cobbler/repo_mirror/Centos6-UPDATES/config.repo > /etc/yum.repos.d/Centos6-Updates.repo sed -i -e 's/\${http_server}/$http_server/' /etc/yum.repos.d/Centos6-Updates.repo

Change the name of the update repo to suit & include it the post section of your .ks template.

Including the update channel in the cobbler profile broke for me – and others too (freezes when it tries to install dbus).

cliget :: Add-ons for Firefox

Posted by james on 28 June 2014, 1:10 pm

Download files using curl or wget. This addon generates curl/wget commands that emulate the request as though it’s coming from your browser allowing you to download protected files directly to a separate machine (e.g. server).

via cliget :: Add-ons for Firefox.

Very useful for downloading ISOs directly to your server that you have to log in and traverse various forms (eg Oracle Enterprise Linux).

calm-forest for emacs 24

Posted by james on 25 June 2014, 7:19 pm

My favourite colour theme for emacs, ported to emacs 24.

SSH’ing via a gateway host using Putty

Posted by james on 21 June 2014, 4:54 pm

(or Kitty to be more exact, which is Putty on steroids)

1. Set up key authentication to your host with PuttyGen & Pageant (ssh-agent for Putty) – or KittyGen & Kageant if you’re using Kitty. Paste your public key into authorized_hosts on the gateway & destination box.

2. Set up your configuration, IP address in session should be of destination (see screenshot, this is an internal IP).

3. Go to Connection -> SSH -> Auth. Check Allow agent forwarding.

4. Connection -> Proxy. Enter your gateway IP in Proxy hostname & exclude Hosts, choose Proxy type local & put your username in the box.

In telnet command put

klink.exe %user@%proxyhost -nc %host:%port \n

(or plink.exe if using putty). This will be run first to tunnel your connection through.

5. Done!

Cobbler & tftp

Posted by james on 21 June 2014, 3:47 pm

On centos 6.5 is broken for me unless I comment out

flags = IPv4

in /etc/xinetd.d/tftp, which is best done in the /etc/cobbler/tftpd.template otherwise it will be broken with a cobbler sync

Webscalability

Unix, Systems and Web