Perl: Sort Hash Values by Key with a Hash Slice

In Perl, hash (associative array) sorting is a common and easy practice. Sorting values by key is easy. And so is sorting by value. But how do you sort the values of a hash by key? One answer is to use a hash slice. Continue reading

Using a Domain Name with a Raspberry Pi Web Server

The Raspberry Pi’s low power consumption makes it well suited to the role of always-on web server. This post describes how to use a domain name with your Pi-based web site. Setting up a web site on the Pi is very easy and was explained in an earlier post of mine, just here.

This article explains how to set up a domain name with your web site, so that you can surf to instead of http://your.ip.address. It assumes that you have already have an Apache web site running. If not, please read the above post, before coming back here. Continue reading

Predicting a Red Hat/CentOS Point Release Upgrade

Upgrading a Red Hat or CentOS system isn’t difficult. Just type yum update, it’s easy. So easy, in fact, that is quite possible to upgrade a system you didn’t intend to, or to upgrade a system further than was wanted, which is the subject of this post.

Point Upgrades

Yum update, used on a system which has not been updated for months or years, will cause hundreds of packages to be upgraded. It will also result in a point release upgrade. For example, a system running Red Hat/CentOS 6.2 might change to 6.5 after the update, or even to 6.7 or 6.9. Continue reading

Patching for Dirty Cow on Debian, Red Hat, Ubuntu, CentOS

“Dirty Cow” is the common name given to Linux vulnerability CVE-2016-5195. It is a “privilege escalation” that allows a non-root user to gain root access on a system. An attacker must have system access first, as a normal user. Then they use the bug to obtain root rights. It is dangerous and should be patched.

The Linux kernel itself was fixed in October 2016. Since then, Linux vendors have all released patches. Many Internet articles suggest addressing the bug by doing a general system update. While that might be fine for a test machine or Linux desktop, it isn’t ideal for a production server. This article describes how to fix the bug in the least invasive way possible – by updating the kernel only. Continue reading

Simple Nextcloud Installation on Raspberry Pi

This article was revised and updated on 27th May 2017.

The Raspberry Pi’s low power consumption makes it well suited to the role of always-on web server. This post describes how to install Nextcloud onto the Pi.  Nextcloud is an open source software package providing remote file sharing services, similar to Dropbox. But with Nextcloud, you retain ownership, security and control of the shared data. Nextcloud works well on a Pi 2 and Pi 3 but will run very slowly on a Pi 1.

The below procedure describes how to install Nextcloud version 12.0.0, the latest stable version at the time of writing (27th May 2017), but it should work for later/future versions too.
Continue reading

How to Upgrade WordPress on Linux

WordPress is a popular blogging platform and content management system.  This brief article explains how to upgrade WordPress on the Linux command line.  A message on your Dashboard says that a new release is available ?  Proceed as follows. Continue reading

ESXi Embedded Host Client

The ESXi embedded host client is a web application served direct from an ESXi server that allows basic management of virtual infrastructure. It is somewhat similar in appearance to Vsphere, though the feature set at the moment is less rich. Vmware has released it as a “fling“, which can be easily added to an existing ESXi server as follows. NB it is recommended to try this in a lab environment rather than a production machine. Continue reading

Linux Capabilities and Ping

If you are running a recent version of Linux (time of writing May 2016), you might encountered this error with ping:

$ ping somehost
ping: icmp open socket: Operation not permitted

It happens because the ping binary is no longer installed with setuid root rights. It doesn’t have the required priveliges to open the socket, and fails. The quick fix is to type: Continue reading

Protect Your Web Server With Ipset

The Linux packet filter provides an easy way to protect against unwanted network intrusions. Often referred to simply as “iptables“, it is a basic firewall built into the Linux kernel. Iptables is most useful, perhaps, on those servers most susceptible to attack, such as LAMP systems, content management servers and blogging platforms, especially where they are Internet facing.

Ipset is a fairly recent addition to Linux, having been introduced into kernel version 2.6.32. This means it is supported in Debian 7 and 8, as well as Red Hat 6 onwards. In short, ipset allows a large number of IP addresses to be blocked in an efficient way, as demonstrated below. Continue reading