Archive

Archives pour 03/2017

How to create a bootable macOS Sierra installer drive

31/03/2017 Comments off

Apple uses its App Store to distribute its software, like new Mac operating systems. It’s convenient, but sometimes it can take a while for a download to finish. And if you have multiple Macs, it’s inefficient to download the new OS to each and every Mac.

sierra external icon

That’s why I like to make a bootable external drive for the sole purpose of installing the Mac operating system. When I need to tend to a bunch of Macs, it’s much faster to use a bootable drive instead of going to each Mac, launching the App Store, searching for the operating system, downloading it (after entering my Apple ID), and then running the installer.

You can create a bootable USB flash drive with the macOS Sierra installer that’s now available. The installer software will take up nearly 5GB of storage space. Here’s how to create a bootable macOS Sierra installer drive.

Macworld also has bootable-install-drive instructions for El Capitan (OS X 10.11), Yosemite (OS X 10.10), Mavericks (OS X 10.9), Mountain Lion (OS X 10.8), and Lion (OS X 10.7).

Download the macOS Sierra installer

Launch the App Store app, then look for macOS Sierra in the store. (Here’s a link.) Click on the Download button, and your Mac will download the installer to your Applications folder. If it automatically launches after download, quit the installer.

sierra beta installer app folder sierra gm
Keep the installer in the Applications folder.

If you’ve already upgraded your Mac to Sierra, the installer is removed from the Applications folder. You can download it again if you go to Purchased in the App Store. Look for macOS Sierra in the list of apps that you’ve bought, and click on the Download button. If it automatically launches after download, quit the installer.

Lire la suite…

8 Practical Examples of Linux Xargs Command for Beginners

27/03/2017 Comments off

The Linux xargs command may not be a hugely popular command line tool, but this doesn’t take away the fact that it’s extremely useful, especially when combined with other commands like findand grep. If you are new to xargs, and want to understand its usage, you’ll be glad to know that’s exactly what we’ll be doing here.

Before we proceed, please keep in mind that all the examples presented in this tutorial have been tested on Ubuntu 14.04 LTS. Shell used is Bash, and version is 4.3.11.

1. How Xargs command works?

Well, before jumping onto its usage, it’s important to understand what exactly Xargs does. In layman’s terms, the tool – in its most basic form – reads data from standard input (stdin) and executes the command (supplied to it as argument) one or more times based on the input read. Any blanks and spaces in input are treated as delimiters, while blank lines are ignored. 

 

If no command is supplied as argument to xargs, the default command that the tool executes is echo. For example, in the following example, I just executed ‘xargs’ and entered ‘Hello World’ on stdin. As I pressed Ctrl+D (to tell xargs that we’re done with the input), the echocommand was automatically executed, and ‘Hello World’ was printed again.

How xargs command works

2. How to use xargs with another command?

While echo is the default command xargs executes, you can explicitly specify any other command. For example, you can pass the find command along with its ‘-name’ option as argument to xargs, and then pass the name of the file (or type of files) you want find to search as input through stdin.

Here’s the complete command in question:

xargs find -name

For example, we provided « *.txt » in input through stdin, which means we want the find command to search all .txt files in the current directory (as well as its subdirectories).

Here’s the command in action:

Combine xargs with other commands

Lire la suite…

Categories: Système, Tutoriel Tags: , ,

Administration Linux Avancée : commandes utiles

27/03/2017 Comments off

I► Dans cet article, nous allons aborder les commandes d’administration Linux avancé :

=> mkfifo et script permettent d’initialiser un fichier de type pipe et de récupérer à distance les commandes saisies – exemple :

Un user saisit mkfifo NOmDuFichier (tube), puis démarre le script pour enregistrer les commandes dans ce tube : script -f tube

Un second user (par SSH ou en local) saisit cat tube : le script se met en marche , tout ce qui est saisi par le 1er user est visualisé par le second user :

Capture

Le premier user peut mettre fin au scripr en saisissant CTRL+D

=> logger permet d’écrire directement dans le fichier de log principal  :

Capture

=> Write permet d’écrire directement sur le terminal d’un utilisateur connecté :

Capture

=> WALL permet d’écrire sur tous les terminaux ouverts 

wall “fermez vos pc, c’est les vacances !!!”

 

Source: Michel Bocciolesi

Categories: Système Tags: ,

Réplication MySql Croisée

25/03/2017 Comments off

I► Nous allons voir dans cet article comment mettre en place une réplication croisée MySql en optimisant donc la répartition des charges et la sécurisation des données.

Pour des raisons de simplicité, nous testerons cette config sur le même serveur en utilisant mysqld_multi ( référez vous aux précédents articles )

Ordi2

 

Voici le fichier de conf de MySql

[root@/etc/mysql] cat multi_my.cnf.replicant.double
[mysqld_multi]
mysqld = /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
user = root
password = debian

#——————– Serveur A ——————

[mysqld1]
socket = /tmp/mysql.sock1
port = 3307
pid-file = /var/lib/mysql1/hostname.pid1
datadir = /var/lib/mysql1
language = /usr/share/mysql/french
user = mysql

server-id=1
log-bin = /var/log/mysql/mysql_master_bin.log
binlog_do_db=centrale
replicate-do-db=centrale

master-host = 127.0.0.1
master-port = 3308
master-user = replicant
master-password = replicator

relay-log = /var/lib/mysql/slave-relay.log
relay-log-index = /var/lib/mysql/slave-relay-log.index

auto_increment_increment = 10
auto_increment_offset = 1

#————–Serveur B ———————-

[mysqld2]
socket = /tmp/mysql.sock2
port = 3308
pid-file = /var/lib/mysql2/hostname.pid2
datadir = /var/lib/mysql2
language = /usr/share/mysql/french
user = mysql
server-id=2
log-bin = /var/log/mysql/mysql_master_bin.log
binlog_do_db=centrale
replicate-do-db=centrale
master-host = 127.0.0.1
master-port = 3307
master-user = replicant
master-password = replicator
master-connect-retry=60
relay-log = /var/lib/mysql/slave-relay.log
relay-log-index = /var/lib/mysql/slave-relay-log.index

auto_increment_increment = 10
auto_increment_offset = 2

Important :

Les fichiers de logs doivent être les mêmes et l’utilisateur de réplication doit bien sûr être créé sur les 2 serveurs maîtres.

How To Secure Apache with Let’s Encrypt on Ubuntu 16.04

25/03/2017 Comments off

Introduction

This tutorial will show you how to set up a TLS/SSL certificate from Let’s Encrypt on an Ubuntu 16.04 server running Apache as a web server. We will also cover how to automate the certificate renewal process using a cron job.

SSL certificates are used within web servers to encrypt the traffic between the server and client, providing extra security for users accessing your application. Let’s Encrypt provides an easy way to obtain and install trusted certificates for free. 

Prerequisites

In order to complete this guide, you will need:

  • An Ubuntu 16.04 server with a non-root sudo user, which you can set up by following our Initial Server Setup guide
  • The Apache web server installed with one or more domain names properly configured through Virtual Hosts that specify ServerName.

When you are ready to move on, log into your server using your sudo account.

 

Step 1 — Install the Let’s Encrypt Client

First, we will download the Let’s Encrypt client from the official repositories. Although the Let’s Encrypt project has renamed their client to certbot, the client included in the Ubuntu 16.04 repositories is simply called letsencrypt. This version is completely adequate for our purposes.

Update the server’s local apt package indexes and install the client by typing:

  • sudo apt-get update
  • sudo apt-get install python-letsencrypt-apache

The letsencrypt client should now be ready to use.

 

Step 2 — Set Up the SSL Certificate

Generating the SSL Certificate for Apache using the Let’s Encrypt client is quite straightforward. The client will automatically obtain and install a new SSL certificate that is valid for the domains provided as parameters.

To execute the interactive installation and obtain a certificate that covers only a single domain, run the letsencrypt command like so, where example.com is your domain:

  • sudo letsencrypt --apache -d example.com

If you want to install a single certificate that is valid for multiple domains or subdomains, you can pass them as additional parameters to the command. The first domain name in the list of parameters will be the base domain used by Let’s Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases:

  • sudo letsencrypt --apache -d example.com -d www.example.com

For this example, the base domain will be example.com

After the dependencies are installed, you will be presented with a step-by-step guide to customize your certificate options. You will be asked to provide an email address for lost key recovery and notices, and you will be able to choose between enabling both http and https access or forcing all requests to redirect to https. It is usually safest to require https, unless you have a specific need for unencrypted http traffic.

When the installation is finished, you should be able to find the generated certificate files at /etc/letsencrypt/live. You can verify the status of your SSL certificate with the following link (don’t forget to replace example.com with your base domain):

https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

You should now be able to access your website using a https prefix.

 

Step 3 — Set Up Auto Renewal

Let’s Encrypt certificates are valid for 90 days, but it’s recommended that you renew the certificates every 60 days to allow a margin of error. The Let’s Encrypt client has a renew command that automatically checks the currently installed certificates and tries to renew them if they are less than 30 days away from the expiration date.

To trigger the renewal process for all installed domains, you should run:

  • sudo letsencrypt renew

Because we recently installed the certificate, the command will only check for the expiration date and print a message informing that the certificate is not due to renewal yet. The output should look similar to this:

   Processing /etc/letsencrypt/renewal/example.com.conf

   The following certs are not due for renewal yet:
     /etc/letsencrypt/live/example.com/fullchain.pem (skipped)
     No renewals were attempted.

Notice that if you created a bundled certificate with multiple domains, only the base domain name will be shown in the output, but the renewal should be valid for all domains included in this certificate.

A practical way to ensure your certificates won’t get outdated is to create a cron job that will periodically execute the automatic renewal command for you. Since the renewal first checks for the expiration date and only executes the renewal if the certificate is less than 30 days away from expiration, it is safe to create a cron job that runs every week or even every day, for instance.

Let’s edit the crontab to create a new job that will run the renewal command every week. To edit the crontab for the root user, run:

  • sudo crontab -e

You may be prompted to select an editor:

Output
no crontab for root - using an empty one

Select an editor.  To change later, run 'select-editor'.
  1. /bin/ed
  2. /bin/nano        <---- easiest
  3. /usr/bin/vim.basic
  4. /usr/bin/vim.tiny

Choose 1-4 [2]:

Unless you’re more comfortable with ed or vim, press Enter to use nano, the default.

Include the following content at the end of the crontab, all in one line:

crontab

30 2 * * 1 /usr/bin/letsencrypt renew >> /var/log/le-renew.log

Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am. The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

For more information on how to create and schedule cron jobs, you can check our How to Use Cron to Automate Tasks in a VPS guide. 

 

Conclusion

In this guide, we saw how to install a free SSL certificate from Let’s Encrypt in order to secure a website hosted with Apache. We recommend that you check the official Let’s Encrypt blog for important updates from time to time.

Categories: Sécurité, Système Tags: