Mirabellette

Free anonymous services and administration system stuffs

Two new services available for you: Lufi and Searx

Written by Mirabellette no comments

Hello everyone,

Some months since I hadn't published anything, I know that is a very long time ago. :( I had a lot of things to do. Of course, I work and learn new things. For myself and in order to continue to be autonomous about services I used, I hosted two new services for myself. Lufi and Searx.
If I hosted them for myself, I had to share access them to others, It just normal I think, give and receive. You can access to the instances

Lufi

*from the official git repository
Lufi means Let's Upload that FIle. Lufi is tested and working on the following browsers / devices :
  • Firefox
  • Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Safari
  • iOS devices (ipad, iphone)
  • Android devices (Galaxy tab, Galaxy S8)

It stores files and allows you to download them. Is that all? No. All the files are encrypted by the browser! It means that your files never leave your computer unencrypted. The administrator of the Lufi instance you use will not be able to see what is in your file, neither will your network administrator, or your ISP. The encryption key part of the URL is a anchor (Cf. Fragment Identifier), that means this part is only processed client-side and does not reach the server. :-)

To install it, I mainly used a tutorial created by Framasoft and these contributors. In parallel, I always see the official installation guide before doing anything. Lufi is not so easy to install because it uses Websocket and it is very painful to configure the web server correctly.
configuration
I deliberately choose to allow storage to one week. My Lufi instance must no be dedicated to store files for a long period but to exchange them quickly and securely.
sources

Searx

Searx is a free metasearch engine with the aim of protecting the privacy of its users. If you want to choose searx as default search engine to Firefox, you have to install add-to-search addon.

At the end of the installation, you can get a page which tell you page not found. You can find a solution here, you just have to add a rewrite rule to apache2.
RewriteEngine on
RewriteRule "^/$" "/searx/" [R]
<Location /searx>
 Options FollowSymLinks Indexes
 SetHandler uwsgi-handler
 uWSGISocket /run/uwsgi/app/searx/socket
</Location>
configuration
Searx can also be used as web proxy in order to replace your IP by the server's IP. I disable this feature to avoid any problem because If my IP server was associated to a questionable navigation.
sources

Other maintenance stuff and improvements

I upgrade the Privatebin instance from 1.0.1 to 1.1.1. This update fix an security issue. Even if the version available is not vulnerable, I take no risk and upgrade it. Moreover, application version currently deployed are now display in the services page. I know it is not recommend because it helps attacker to know the version but there are a lot of other way to discover it. I hope users will check before using services in order to see if they are updated or not and choose to use them knowing that. You can also found the date of availability.

Disclaimer

The same last words. Could you please didn't forget to not do anything wrong or use them in an abusing way; I hope you will enjoy these news services as I do. Have a good day,
Mirabellette

Dominate yours pdfs with pdftk

Written by Mirabellette no comments

Hello everyone,

Introduction

I recently have to do a lot of administration stuff. To do that, I often need to manipulate pdf documents, merge them or extract some parts. I wanted to share an extraordinary tool that I recently discover last week : pdtfk

Installation

System where the soft is installed : linux desktop 4.9.0-4-amd64 - x86_64 GNU/Linux
apt-get install pdftk

Usage

It is very easy to understand how it works and how to use it. You can find below two commands really useful that I used.

The first one is used to merge pdf
pdftk file1.pdf file2.pdf cat output file-result.pdf

The second one is used to extract some page from a document. In the example below, I ask to extract only the page 2 and 3.
pdftk big_file.pdf cat 2-3 output file_with_page_2_and_3.pdf

Of course, this tool can do a lot of other things with your pdf. Do not hesitate to read the documentation at https://www.pdflabs.com/docs/pdftk-cli-examples/.You can also find some examples here too.

Have a good day,
Mirabellette

sources


Classified in : Tricks Tags : none

Examples of script to renew automaticaly web certificates with let's encrypt

Written by Mirabellette no comments
Hello everyone,

I know it is a very long time that I didn't post any article but life is life. ^^
Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time.

Generation web certificates with a specific domain name

The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed.

#!/bin/bash
# file : /root/certs/renew-webcert.sh
# Renew all certificates which are in the given file
logFile="/var/log/renew-cert.log"

serverName=$1
while read c ; do
 if [[ ${c} != "#"* ]]; then
  if [[ ${c} != "----------" ]]; then
   echo $c
   echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile
   /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect
  fi
 fi
done <$serverName
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/serverName
toto.example.org
#titi.example.org
----------
tata.example.org

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName
Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

A single web certificate with multiple domain name

The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter.

#!/bin/bash
# file : /root/certs/renew-webcert-mirabellette.sh
logFile="/var/log/renew-cert-mirabellette.log"

serverName="server-name-mirabellette"
cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect"
while read domainName ; do
 if [[ ${domainName} != "#"* ]]; then
  if [[ ${domainName} != "----------" ]]; then
   echo $domainName
   cmdRenew="$cmdRenew -d $domainName"
  fi
 fi
done <$serverName

echo ${cmdRenew}
${cmdRenew}
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/server-name-mirabellette
blog.mirabellette.netlib.re
privatebin.mirabellette.netlib.re
#lufi.mirabellette.netlib.re

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert-mirabellette.sh

Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

sources:
I hope this article gave you some ideas to easily manage how to renew your web certificate.
Classified in : Apache Tags : none

My 4 hours contribution per week - 4

Written by Mirabellette no comments

Hello Everyone, (or maybe someone if someone is reading me)

It is a very long time ago that I didn't publish anything (probably one month in fact). As you probably didn't know, I host this blog on my own server. Or must I have to day, hosted. I will soon leave to another country and will not be able to host it in my own house.

To keep all services online, I choose to migrate everything in a host in wich I trust. Maybe the time has passed since but I begin to think than creating technical article or hostings services is not the better way to contribute to the community.

Nevertheless, I will continue to share my knowledge and discovery as much as possible and provide usefull services.

Take Care
Mirabellette

SWAP : Usage and management

Written by Mirabellette no comments
System: Debian 8 - linux 3.16

Hello everyone,

Usage

Today, I want to talk about the SWAP, and to increase his size, reduce it or configure the system to load it at boot. Before talking about that, I would like to describe briefly what Ram and SWAP are used for. Ram, and in some situation SWAP, are used by processes to work. To understand better, a picture is often a good idea.
Swap
As you can see in the picture from wikipedia, the swap is a space disk used when the ram space is full. It is always slower than the ram (until disk access are faster than ram access, but it is not for tomorrow). The space disk for the swap must have a specific format and has a size. It is common to determine the size to 1,5 x ram. Nevertheless, this value could be very important, especially when you have a big amount of ram. For example, with 16 go of ram, 1,5 x this is 24 go, it is a lot !

Today, unless you have specific usage like using a lot of virtual machine or in a server architecture, it is very rare to use more than 16 go. (Of course, if you have a small amount of ram, this will happen more often). That's why, I recommend you to fix a small size, for example, 0,1 * ram size and to improve it depending of your usage. Of course, if you have many Giga octet free, you could increase this size, but if you never use it, it is a waste of space disk.

Management

The swap file could be stored in a specific partition. To keep this article as simple as possible, we will not talk about this case. To begin with, we have to determine how much ram and swap do we have ? We can use the top command to know that.

In my case, I have ~= 2go (2009380) of ram and I have decided to fix the swap to ~= 512 mo (524284). Ram and Swap usage
Let's guess that 512 mo is not enough and we would like to increase the size to 1go. To do that, we have to follow this procedure:
  • identify where is the swap file and his size
    swapon -s
  • Swap location and size
  • deallocate the swap
    swapoff /swap
  • delete the previous swapp file
    rm /swap
  • create a new file with specific size
    dd if=/dev/zero of=/pathToTheNewSwap bs=1024 count=1M
    *if you want 512 mo, replace 1M by 512k
  • format the new file to a swap format
    mkswap /pathToTheNewSwap
  • configure the system to use the new swap as swap
    swapon /pathToTheNewSwap
  • configure the system to load it at each boot, you have to delete the line about the previous swap file and add a line for the new one.
    vi /etc/fstab
    /pathToTheNewSwap swap swap sw 0 0
Now, you must have 1go of swap displayed when you launch top and you must see /pathToTheNewSwap as swap file when you do swapon -s

I hope this article help you to understand how is used the swap and how to manage it. Do not hesitate to comment the article.

sources:
Rss feed of the articles