Extract .key and .crt files from JKS file

JKS file is a Java keystore. Using the Java keytool program, run the following commands

Export the .der file

keytool -export -alias sample -file sample.der -keystore my.jks

Convert the .der file to unencrypted PEM (crt file)

openssl x509 -inform der -in sample.der -out sample.crt

Export the .p12 file

keytool -importkeystore -srckeystore my.jks -destkeystore keystore.p12 -deststoretype PKCS12

Convert the .p12 file to unencrypted PEM (key file)

openssl pkcs12 -in keystore.p12 -nodes -nocerts -out server.key

 

More info here: http://www.gtopia.org/blog/2010/02/der-vs-crt-vs-cer-vs-pem-certificates/

Install SSL certificates on Nginx

This article show how the SSL certificates purchased from Comodo can be deployed on a server running Nginx

You must have the server.key file (Private Key that was generated with the CSR code that used to activate/purchase the certificate.

You also have these two files, *.crt and *.ca-bundle, that must have been sent to you as a zip archive from Comodo. Combine these file into a chain file

cat mydomain.crt mydomain.ca-bundle >> chain.crt

Now copy this chain.crt file and the server.key file to the nginx server in a folder that is readable by Nginx.

Edit nginx.conf file, and add the following 4 lines

server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/chain.crt;
ssl_certificate_key /etc/ssl/server.key;

.....
}

 

Linux: Find recently modified files recursively

List all files in the folder /site/ reverse sorted by modifed date

find /site/ -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r | more

List all php files in the folder /var/www/html/site/ reverse sorted by modifed date

find /site/ -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r | grep php | more

 

Find which PHP script is sending spam emails

You have a WordPress blog that has been compromised or hacked. Some script on the server is sending spam emails and you do know which one. Try the following steps to find and remove the bad script.

1. Create a file called phpmail.log

touch /var/log/phpmail.log

2. Change permissions on the file so that the web server can write to it. This can be done in many ways.

chown httpd:httpd /var/log/phpmail.log

or

chmod 777 /var/log/phpmail.log

3. Locate your php.ini file (in case of RHEL, CenOS and SuSE, it will here: /etc/php.ini). Edit/add the following two lines are in file

mail.add_x_header = On
mail.log = /var/log/phpmail.log

4. Restart your web server

service httpd restart

5. Now tail the log file…

tail -f /var/log/phpmail.log

When an email is sent from a PHP script you will see an entry in the log that looks like this…

mail() on [/var/www/html/site2/wp-content/plugins/wp-image-hover-lite/admin/functions.php(1967) : eval()’d code:775]: To: s.nebers@somedomain.uk — Headers: Date: Mon, 26 Dec 2016 06:55:17 +0000 From: Joe Smith <joe_smail@acme.com> Message-ID: <5cd2be098536da5aefaba80101b8a1a3@acme.com> X-Priority: 3 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary=”b1_5cd2be098536da5aefaba80101b8a1a3″ Content-Transfer-Encoding: 8bit

In this case the offending script can be seen in bold above. Check out this script and delete it if it looks suspicious.