How to check if a SSL Certificate is expired

Have you ever wondered how you can check the validity of a certain SSL certificate from shell / SSH? There is an useful script that we typically use on our end. If the location provided below is no longer available, please feel free to contact us as we have a copy.

wget http://prefetch.net/code/ssl-cert-check -O /PATH/TO/SAVE/FILE

Replace “/PATH/TO/SAVE/FILE” wieth your own preferred path of choice e.g. “/usr/local/src/ssl-cert-check”. We will now use this path in our example.

cd /usr/local/src/
chmod +x ssl-cert-check
./ssl-cert-check -c /PATH/TO/SSL/YOURDOMAIN.CRT

The script will output whether the certificate is still valid. Enjoy.

How to add date and time to bash history

Have you ever run the command “history” in bash and notice how inadequate that seems by default? You have no idea what date or time a particular command is ran. This makes troubleshooting difficult especially if you are trying to track where certain things go wrong.

To correct this, you can simply add this line to your bash configuration. If you wish to make this system wide and implement for all users:

echo "export HISTTIMEFORMAT='%F %X '" >> /etc/bashrc

If you wish to only implement it for the currently logged in user:

echo "export HISTTIMEFORMAT='%F %X '" >> ~/.bash_profile

There’s lots of ways you can customize your shell to be more useful to you, and this should whet your appetite and get you started. 

 

How to secure SSH

In our work with clients, we do a lot of server management and security hardening on the servers before it’s released to the clients. One of the first things we typically work on is to ensure SSHd is secured. The reason is that any kernel root exploit will be made easier with shell access.

This tutorial is not meant to be all encompassing, although we will cover a few key areas. We will use Redhat / CentOS Linux distribution as an example and file paths will vary depending on the distribution. We will also use “nano” as the text editor in the examples.

Change the SSH port

While security by obscurity is heavily criticized in some quarters, the truth is due to the time taken to scan all the ports, unless it’s a targeted attack, this step should immediately stop scanners dead in their tracks.

nano /etc/ssh/sshd_config

Change:

#Port 22

to (Replace “NEW_PORT” with your port of choice)

Port <NEW_PORT>

Allow only strong protocols

Version 1 of the SSH protocol has many weaknesses, of which it’s out of scope of this article to discuss. But we will be disabling it.
Change:

#Protocol 2,1"

to

Protocol 2

Allow only strong protocols

Version 1 of the SSH protocol has many weaknesses, of which it’s out of scope of this article to discuss. But we will be disabling it.
Change:

#Protocol 2,1"

to

Protocol 2

Disable Password Authentication

We advise that you consider using only key authentication with your server. This means that even if someone someone get your password, your server will continue to be secure. If you are unsure about how to generate a SSH keypair, do refer to our quick tip here.

Change:

#PasswordAuthentication yes

to

PasswordAuthentication no

On top of that, you would need to disable direct root login:

Change:

#PermitRootLogin yes

to

PermitRootLogin without-password

 

Restart SSHd:

/etc/init.d/sshd restart

Enjoy better SSH security!

How to generate SSH keypairs

We will be using Redhat / CentOS conventions in our examples in terms of the file paths.

Generate the Key Pair

ssh-keygen -t rsa -b 2048

This should generate the files in ~/.ssh/, “id_rsa” and “id_rsa.pub”

id_rsa is your private key and should NEVER be given out. id_rsa.pub is your public key which can be freely shared.

Enjoy better security!

Sprintserve Net Offers Multiple PHP Versions

Sprintserve NET is happy to announce the immediate availability of multiple PHP versions. We will make available PHP 5.2, 5.3, 5.4 and 5.5, with the current default being PHP 5.2.  No action is required from you if you are happy with the current version of PHP. However we strongly encourage to test your scripts with one of the newer PHP versions.

What do I need to know: 

  • The current default PHP version 5.2.17 remains the default. No action is needed if you want to continue using this version.
  • The current alternate versions supported are PHP 5.3.28, 5.4.28 and 5.5.12.
  • We strongly encourage all clients to upgrade to a newer PHP version as PHP 5.2.17 and 5.3.28 has been deprecated. We expect to change the default version in the near future as it is no longer supported by Cpanel.
  • Please note that there are major changes between the different versions, and that it is the client’s responsibility to ensure that their scripts are compatible with the various PHP versions.
  • Upgrading from PHP 5.2 to 5.3: http://php.net/migration53
  • Upgrading from PHP 5.3 to 5.4: http://php.net/migration54
  • Upgrading from PHP 5.4 to 5.5: http://php.net/migration55


How do I enable PHP 5.3, 5.4 or 5.5:
PHP 5.3
Add the following to your .htaccess in your home directory:
<IfModule mod_suphp.c>
AddHandler application/x-httpd-php53 .php
</IfModule>

PHP 5.4
Add the following to your .htaccess in your home directory:
<IfModule mod_suphp.c>
AddHandler application/x-httpd-php54 .php
</IfModule>

PHP 5.5
Add the following to your .htaccess in your home directory:
<IfModule mod_suphp.c>
AddHandler application/x-httpd-php55 .php
</IfModule>

To reverse the change, simply remove the directives that have been added. As always feel free to contact our support if you need further assistance.