Install RHEL Packages with yum from CD/DVD

You may want to install RHEL or CentOS packages before registering with RHN or without a network connection.  You can yum install packages from the installation CD/DVD by specifying a local ISO repo.

Mount your disc or image at /mnt/cdrom and create /etc/yum.repos.d/rhel-iso.repo with the following contents:

[rhel-debuginfo]
name=Red Hat Enterprise Linux ISO
baseurl=file:///mnt/cdrom/Server
enabled=1
gpgcheck=0

You should now be able to yum install your package from the CD.

Change umask for SFTP connections on RHEL and CentOS running OpenSSH

This should work on any system running OpenSSH, but this was specifically tested on RHEL 6 and CentOS 6.

Problem: When users are placing files on a server with SFTP, the umask set in /etc/profile and sticky bits set on directories are ignored.

Solution:  Modify /etc/ssh/sshd_config.  Find the line near the bottom that looks like:

Subsystem      sftp    /usr/libexec/openssh/sftp-server

Change to the following, adjusting the umask as needed.  This example sets permission to 664 for files and 775 for directories:

Subsystem      sftp  /bin/sh -c 'umask 002; /usr/libexec/openssh/sftp-server'

You also need to add the following line to /etc/pam.d/login and /etc/pam.d/sshd

session    optional     pam_umask.so umask=0022

Delete hiberfil.sys file and disable hibernation on Windows 7

If you have a system with a large amount of RAM, the Windows hibernation file (c:\hiberfil.sys) can grow as large as your installed memory.  My machine has 32GB of RAM and my hibernation file was 25GB.  Disabling hibernation will also delete hiberfil.sys.

To disable hibernation on Windows 7, open an elevated command prompt and run:

powercfg –h off

Convert PEM crt SSL certificate to pfx

To convert an SSL certificate from PEM (crt) format to PFX, use openssl like so:

openssl pkcs12 -export -out newfile.pfx -inkey oldkeyfile.key -in oldcrtfile.crt -certfile oldcabundle.ca-bundle

Install PHP sqlite on RHEL and CentOS

RHEL and CentOS do not have native packages for PHP sqlite, but you don't have to recompile all of PHP to use the sqlite lib.

Run php -version to get your current PHP version.  At the time of this post, the current version on RHEL 6 is PHP 5.3.3.  Download the corresponding PHP source from: http://www.php.net/releases/

Unpack the source and navigate to ext/sqlite3/, then build and install the plugin.

tar xvfz php-5.3.3.tar.gz
cd php-5.3.3/ext/sqlite3
cp config0.m4 config.m4
phpize
./configure
make
make install

Edit /etc/php.d/sqlite3.ini and add:

extension=sqlite3.so

Restart Apache and you should now be able to use sqlite from PHP.  To confirm, look at phpinfo() and you should see information about the sqlite3 plugin.

SCP files on Windows

This is my preferred method to scp files from a Windows machine.

Download PSCP from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

Rename pscp.exe to scp.exe and place it somewhere in your PATH, like c:\windows\

Open a command prompt, type scp and then drag your file from an explorer window on top of the command prompt.  Finish it out with your username@host:/path

.

How KeePassX revolutionized how I use passwords

I've been using the same three passwords since I was 15 and connected to my first BBS.  I had never needed a password before this.  I looked around my desk for something easy to remember and decided to use the model number of my monitor for the password.  This password was all of five characters.  It was perfect, always there at the bottom of my monitor so I would never forget.  I am forgetful you see.

Sometime later I needed a longer password, probably for a more secure BBS, and found the perfect complex seven character password on the front of my Sony boombox that I had connected to my PC.  From then on I've always used different combinations of these passwords on everything except the most sensitive sites like my bank.  For my bank I had reserved a third complex password that I would not easily forget.

Obviously you can see the problem with this.  Like probably the majority of people, I was using the same passwords for every site on the internet.  I never worried about it much,  until the Sony breach last year.  Suddenly they knew my password, and had my email address that I used to sign up for every other site on the internet.  Even Sony had lazy developers who never heard of storing passwords as individually salted hashes  (I'll write an article on how to do this properly one of these days).

It was time for me to start using a different password on every site.  Enter KeePassX.

I use a lot of different computers and every major OS.  I have a Windows desktop at home, a Windows desktop at work, a Linux laptop, and a MacBook, thus I need an app that works on all of them and a way to sync the databases.  I also have an iPhone and an iPad.  I placed my KeePassX database on DropBox so it's accessible from all of my computers and my mobile devices.

On the iOS devices I used an app called KyPass.  It works great and the main reason I chose KyPass is that it supports DropBox integration.   It's kind of pricey at $5, if you know of a good alternative with DropBox support please leave a comment.

Using KeePassX is pretty straight forward, create categories and add accounts.  It generates passwords for you.  The database is encrypted so if someone hacks your dropbox account, they still don't have access to your passwords.  

If you are already familiar with KeePass you are probably wondering why I chose KeePassX instead.  KeePassX and KeePass are mostly the same thing and have compatible databases.  KeePass needs Mono to work on Linux whereas KeePassX has a native client. 

I now have a different password on every site I use.  If one of these accounts gets hacked, the others are still safe.