Friday, March 10, 2017

SSL Configuration for Apache

openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr

Put below settings in /etc/apache2/sites-enabled/default_ssl and change necessary settings.

< IfModule mod_ssl.c>
< VirtualHost _default_:443>
    ServerAdmin webmaster@localhost
        DocumentRoot /home/ubuntu/folder_name

        <Directory /home/ubuntu/folder_name>
            Options FollowSymLinks
           AllowOverride All
           Require all granted

        ErrorLog /var/log/apache2/domainname.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/domainname.log combined

        SSLEngine on

        SSLCertificateFile    /etc/ssl/certs/
        SSLCertificateKeyFile /etc/ssl/private/
        SSLCertificateChainFile /etc/ssl/certs/gs_intermediate_ca.crt
        SSLCertificateChainFile /etc/ssl/certs/

        #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                SSLOptions +StdEnvVars
        <Directory /usr/lib/cgi-bin>
                SSLOptions +StdEnvVars

        #   SSL Protocol Adjustments:
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

## For Vulnerability
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on

< /VirtualHost>
< /IfModule>

Thursday, March 9, 2017

Linux Server Service Start if it's automatically stopped.

Create File Name like servicestart and enter below lines in to that and replace the service=apache2 to anyother service name.

# vi servicestart

if (( $(ps -ef | grep -v grep | grep $service | wc -l) > 0 ))
echo "$service is running!!!"
/etc/init.d/$service start
Save an Close this file.

Put it in to Cron to run at every minute.

# crontab -e
*/1 * * * * /bin/bash /root/servicerestart