Adding hsts to htaccess

<IfModule mod_headers.c>
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

# X-XSS-Protection
<IfModule mod_headers.c>
	Header set X-XSS-Protection "1; mode=block"

# X-Frame-Options
<IfModule mod_headers.c>
	Header always append X-Frame-Options SAMEORIGIN

# X-Content-Type nosniff
<IfModule mod_headers.c>
	Header set X-Content-Type-Options nosniff

Ubuntu lds landscape howto and troubleshooting issues in the cloud

The need arose to add a few LDS landscape standalone servers to manage cloud instance inventory over a few clients in virtual private clouds. We identified the version we wanted to use and went 16.04 LTS. Your server needs a hostname that is resolvable either by public[cringe]/private dns or your host edits; The hostname will be used later when connecting to the server directly to add the first standalone user.

sudo apt-get update
sudo apt-get upgrade
sudo add-apt-repository ppa:landscape/16.06
sudo apt-get update
sudo apt-get install landscape-server-quickstart

Installed – updated – and using the quickstar….; whoa nelly it got messy..

On the first try we overlooked the fact that the cloud instance lacked sufficient memory and the installer made it only partially the way and left the system with an inconsistent postgresql install. Being installed all by its lonesome we can just purge and blow out postgres and landscape , landscape-server, landscape-server-quickstart and start over..

apt-get --purge remove postgresql\*
rm -r /etc/postgresql/
rm -r /etc/postgresql-common/
rm -r /var/lib/postgresql/
apt-get --purge remove landscape\*

Now Lets start over..

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install landscape-server-quickstart


If while trying to add the stand alone user on submit you are greeted with an apache htpasswd authorization window and have no entries in the .conf ?! you are not using the proper hostname – localhost and will not work it have to be the host name.
If while running the quickstart you see python errors your system could be out of date and you missed the upgrade call above


Synology DS1815+ iSCSI

Ran into a problem with a synology DS1815+ and though this could be helpful for others.

On the latest auto update to 6.0.1-3793 the iSCSI target(s) can become corrupt on the DS thus breaking the iscsi connection to the DS.

You can change the chap authentication info on the DS’s target and the globalsan iscsi initiator client, all you will see in the /var/log/iscsi.log is the following in regards to authentication.

Jun 6 00:23:20 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.
Jun 6 00:23:25 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.
Jun 6 00:23:33 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.
Jun 6 00:23:45 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.
Jun 6 00:23:55 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.
Jun 6 00:24:08 syndisk kernel: [ 108.880447] iSCSI: iSCSI Login negotiation failed.

But you just changed passwords on the DS target and client connecting, how could this be? The config file is either corrupt or has become unstable and the act of deleting the target (saving the lun) and recreating the target , pointing at that old lun suddenly gets you back in business.

Steps to fix:

Delete current target on the DS (save the lun)

Create a new target (set password)and attach to the lun you just saved, verify pass on globalsan client.

And that’s it.


cpanel htacess dev environment.

WordPress .htacess for cpanel ~dev environment.

For use when the site is installed @ but needs to be accessed from for testing.
# BEGIN WordPress
RewriteEngine On
RewriteBase /~username/
RewriteRule ^index\.php$ – [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ – [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

# END WordPress

Privacy SSL

The importance of SSL

Why is SSL important? It protects data in transit as it transverses over routers on the internet. From simple web pages to business transactions and purchases your data is worth something to someone.

In the age of shared and open WiFi it’s very easy for someone to ease drop on your traffic and possibly use the information collected to attack you and your assets. For the most part if you are looking at websites and forums the worries are advertisers watching you to hacker(s) watching to build a dossier for use in exploiting your assets.


With that said Lets Encrypt is a Free option to secure your data with a free certificate to be used in your web server. While only in beta, The project is showing amazing progress.

Cpanel Linux

Watch cpanel log files

From time to time you will need to examine logs looking to identify problems. An easy way to watch these files is with tail, grep, and zgrep. I will cover both and provide a few examples that I think will make it easier to quickly find issues on a Cpanel server without getting overly complicated.

Tail:  built to display the last few lines of files. Read the tail man page to find a full list of options.

Display file with (-f) follow then (-n)  the last 20 lines of the file. The second command displayed below will follow and display the three listed files, add more files by adding “-f -n /file” as many times as needed, or use a wildcard such as “*.com”. When using a wildcard care should be used as the number of sites you host fitting the wild card example could lead to a mess instead of usable info. Maybe this is a good time to set your window or scroll back to a few thousand lines plus. Also note when using tail and other programs that leave the file open for reading remove the follow option or your script will hang.

tail -f -n 20 /usr/local/apache/domlogs/
tail -f -n 20 /usr/local/apache/domlogs/ -f -n 20 /usr/local/apache/domlogs/ -f -n 20 /usr/local/apache/domlogs/


tail -f -n 20 /usr/local/apache/domlogs/*.com

Grep: Print lines matching a pattern

Grep: Provides an easy way to look into specific files or groups of files. Open file (-r) recursively looking for a specific pattern, only needed when looking into multiple files. Read the grep and zgrep man pages to find a full list of options.

Generic example:

grep "data-to-find" /file/location/

Cpanel example:

grep "data-to-find" /usr/local/apache/domlogs/

You can grep on multiple files at one.
Generic example

grep -r "data-to-find" /var/log/*

Cpanel example:

grep -r "data-to-find" /usr/local/apache/domlogs/*.com

zgrep: Allows you to look into archived log so no need to decompress before reading. The main different between grep and zgrep in this instance is that you do not need the (-r) option as zgrep recursively looks at multiple files if selected.

zgrep "data-to-find" /usr/local/apache/domlogs/

Assuming Cpanel is set to archive past logs.

zgrep "data-to-find" /home/username/logs/*.gz

Posting to social media

Posting to social media can be a great way to generate new leads and engage with previous customers, It can also turn your client base against you.

Here are a few Pointers to help in your journey.

Frequency, Quality, Content, and Credit.

The frequency of posts can and does have an effect on how a user perceives your page or business intent. Over posting can drive away users after the algorithms have decided if your new post is important enough to not need “boosting” at a cost to reach more users.  Throttling can also occur and at that point you want to put away the post button for a while. People or pages can follow your page they can also choose to see less if you over post for their liking (but they might just want to be noted as a friend and not receive new posts anyway). Your goal is to walk a fine line between posting just to post and providing a clear message.

Quality Rules all. Rule # 24 : Spelling and grammar. You don’t need to be an English major but you do need to use a spellchecker. When the comments on a post are talking about spelling errors instead of the intended message you have failed. Don’t worry learn from it. Even the big guys make errors, just don’t make it a habit. Rule # 78: Be descriptive! Create a picture with your idea. If the reader is unable to relate or understand your point you might miss an opportunity.

The content (links/pictures) posted should be linking back to you. If you are constantly posting to other sites you are driving traffic to them and loosing out on visitors that could be learning more about your business.

Also give credit where credit is due. All you need is a link at the bottom or your website post pointing back at the original. The temptation is to copy and paste the story, don’t fall into the trap and become a plagiarist. Even if your post is only two sentences that you wrote, that counts.


Super Cookies

On Friday democratic senators announced plans to seek an investigation into Verizon Wireless’s use of dreaded “super cookie” after finding evidence these unique tracking codes could be used to track devices and thus people. With current usage levels this could potentially impact over 100 million devices. The fact that these super cookies are being used with no control by the end user should scary every end user and parent to the core!

Whom outside of Verizon has access to these codes? Are any data brokers selling a feature that would link super cookie to personal data for tracking habits?

Sources: 1 & 2