Generals

Format Flash Disk on Ubuntu

root@ts:/home/ts# fdisk -l
Disk /dev/sda: 465,8 GiB, 500107862016 bytes, 976773168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
Disk identifier: 0x721a166e

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 781461503 781459456 372,6G 83 Linux
/dev/sda2 781463550 791031807 9568258 4,6G 5 Extended
/dev/sda5 781463552 791031807 9568256 4,6G 82 Linux swap / Solaris

Partition 2 does not start on physical sector boundary.

Disk /dev/sdb: 14,6 GiB, 15664676864 bytes, 30595072 sectorsfdisk -l
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x199700bc

Device Boot Start End Sectors Size Id Type
/dev/sdb1 * 0 3312959 3312960 1,6G 0 Empty
/dev/sdb2 3241304 3246167 4864 2,4M ef EFI (FAT-12/16/32)

root@ts:/home/ts# umount /dev/sdb1

root@ts:/home/ts# mkfs.vfat /dev/sdb1
mkfs.fat 4.0 (2016-05-06)

 

Security

Iptables Rule Minimal for ‘Secure’ Server

Here is iptable rule minimal for ‘secure’ server,

iptables -A INPUT -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -s 212.212.212.x/32 -p tcp -m tcp –dport 202 -j ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
iptables -A INPUT -s 212.212.212.x/32 -p icmp -m icmp –icmp-type 8 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp –dport 3306 -j ACCEPT
iptables -A INPUT -s 212.212.212.x/32 -i eth1 -p udp -m udp –dport 10050 -j ACCEPT
iptables -A INPUT -s 212.212.212.x/32 -i eth1 -p tcp -m tcp –dport 10050 -j ACCEPT

 

 

Security

Iptables Rule to Allow Incoming FTP

Port 21 is used to establish the connection, couse ftp server needs a channel to transfer data. So, for data transfer possible, we must allow port 20.

To make sure passive ftp connections are not rejected, do following;

modprobe ip_conntrack_ftp

Allow FTP connections on port 21 incoming and outgoing

# iptables -A INPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate ESTABLISHED,NEW -j ACCEPT -m comment –comment “Allow ftp connections on port 21”
# iptables -A OUTPUT -p tcp -m tcp –dport 21 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT -m comment –comment “Allow ftp connections on port 21”

If listen_port another 21, such as 2001, use the following command;

# iptables -A INPUT -p tcp -m tcp –dport 2001 -m conntrack –ctstate ESTABLISHED,NEW -j ACCEPT -m comment –comment “Allow ftp connections on port 2001”
# iptables -A OUTPUT -p tcp -m tcp –dport 2001 -m conntrack –ctstate NEW,ESTABLISHED -j ACCEPT -m comment –comment “Allow ftp connections on port 2001”

Then allow FTP port 20 for active connections incoming and outgoing,

# iptables -A INPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT -m comment –comment “Allow ftp connections on port 20”
# iptables -A OUTPUT -p tcp -m tcp –dport 20 -m conntrack –ctstate ESTABLISHED -j ACCEPT -m comment –comment “Allow ftp connections on port 20”

Finally allow FTP passive inbound traffic

# iptables -A INPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED -j ACCEPT -m comment –comment “Allow passive inbound connections”
# iptables -A OUTPUT -p tcp -m tcp –sport 1024: –dport 1024: -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT -m comment –comment “Allow passive inbound connections”

For more on FTP and firewall problems see: http://slacksite.com/other/ftp.html#active

php

Can’t Upgrade php5.6-fpm, Message: policy-rc.d returned unexpected error

When you see an error message;

Setting up php5.6-fpm (5.6.30-10+deb.sury.org~trusty+2) …
/usr/sbin/policy-rc.d: line 3: 101: command not found
invoke-rc.d: WARNING: policy-rc.d returned unexpected error status 127, 102 used instead.
invoke-rc.d: policy-rc.d returned error status 102

Do the following:

# cat /usr/sbin/policy-rc.d
#!/bin/sh
exit 101

For more information, see https://askubuntu.com/questions/365911/why-the-services-do-not-start-at-installation

Generals

Ubuntu 14.04 – Error: perl: warning: Setting locale failed

If you see an error when update or upgrade packages on Ubuntu 14.04 LTS like this;

perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = “en_US:en”,
LC_ALL = (unset),
LC_TIME = “id_ID.UTF-8”,
LC_MONETARY = “id_ID.UTF-8”,
LC_ADDRESS = “id_ID.UTF-8”,
LC_TELEPHONE = “id_ID.UTF-8”,
LC_NAME = “id_ID.UTF-8”,
LC_MEASUREMENT = “id_ID.UTF-8”,
LC_IDENTIFICATION = “id_ID.UTF-8”,
LC_NUMERIC = “id_ID.UTF-8”,
LC_PAPER = “id_ID.UTF-8”,
LANG = “en_US.UTF-8”
are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).

Do the following;

# locale-gen id_ID.UTF-8 en_US.UTF-8

# dpkg-reconfigure locales

Note: My Server using ID for UTF