Category: Ubuntu

Posted on

Reverting/resetting a GIT commit

If something gets committed to a GIT repo, the following command can be run to reverse it;

$ git reset HEAD~

Eg;

$ git commit -m "Something terribly misguided" # (1)
$ git reset HEAD~ # (2)
<< edit files as necessary >> # (3)
$ git add ... # (4)
$ git commit -c ORIG_HEAD # (5)

If the commit has already been pushed to your external repo, you’ll need to add ‘–force’ next time you push if the commit is rejected (the repo is probably going to be ‘ahead’ of the commit you’re trying to push to it);

$ git push origin master --force

Ref; https://stackoverflow.com/questions/927358/how-to-undo-the-most-recent-commits-in-git

Posted on

HSTS – HTTP Strict Transport Security

Enable headers module in Apace2;

a2enmod headers

In :80 host-entry;

 

In :443 host-entry;

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"

This means browsers *should* remember that for the next year (31536000 seconds) you’ll have your site accessible via HTTPS

Ref;

  • https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/
  • https://itigloo.com/security/how-to-configure-http-strict-transport-security-hsts-on-apache-nginx/

Clickjacking

To prevent clickjacking, add in the following header as well;

Header always append X-Frame-Options "DENY"
Header always append Content-Security-Policy "frame-ancestors 'none';"

The 2nd line is to cater for older browsers whom don’t support the X-Frame-Options header

Ref;

  • https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
  • https://www.owasp.org/index.php/Content_Security_Policy_Cheat_Sheet

The resulting :443 conf file will contain;

Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;"
Header always append X-Frame-Options "DENY"
Header always append Content-Security-Policy "frame-ancestors 'none';"
Posted on

Renaming files

To renamed from ‘*.abcd.def’ to ‘*.abc’;

find ./ -depth -name "*.abcd.def" -exec sh -c 'mv "$1" "${1%.abcd.def}.abc"' _ {} \;

When using GIT;

find ./ -depth -name "*.abcd.def" -exec sh -c 'git mv "$1" "${1%.abcd.def}.abc"' _ {} \;

Source; https://askubuntu.com/questions/35922/how-to-change-extension-of-multiple-files-from-command-line

Posted on

SSL Keys for JWT

https://help.ubuntu.com/community/SSH/OpenSSH/Keys
http://unix.stackexchange.com/questions/26924/how-do-i-convert-a-ssh-keygen-public-key-into-a-format-that-openssl-pem-read-bio

Generate 4096 bit keys;

ssh-keygen -t rsa -b 4096

Convert to PEM format;

openssl rsa -in ms-test -pubout -outform pem > ms-test.pub-509
Posted on

Updating SSL certs for Jetty servers

So i’m using a standard SSL cert like any other server would have (with a cert for the domain, and intermediate cert)

The following combines the intermediate & server cert into one. Goes in order of your server cert first, followed by intermediate, next intermediate (if needed), etc.

sudo cat my-domain.crt intermediate.crt > cert-chain.txt

These then convert the chain cert & key into a pkcs12 format

openssl pkcs12 -export -inkey my-domain.key -in cert-chain.txt -out my-domain.pkcs12

This then uses the pkcs12 file and imports it into your keystore. I used a new keystore as i’ve only got the one domain on the Jetty server

sudo keytool -importkeystore -srckeystore my-domain.pkcs12 -srcstoretype PKCS12 -destkeystore keystore

These came from a number of Stack Overflow articles (accidentally closed them prior to writing this — sorry guys!)