Linux Blimp

Bodhi Linux 5.0 – See What’s New

Bodhi Linux 5.0 the latest release of Bodhi Linux has been released by Jeff Hoogland. This release ships with a latest Moksha Desktop 0.3 and Based on Canonical’s long-term supported Ubuntu 18.04 LTS (Bionic Beaver).

Bodhi Linux 5.0 promises to offer users a rock-solid, Enlightenment-based Moksha Desktop experience, improvements to the networking stack, and a fresh new look based on the popular Arc GTK Dark theme but colorized in Bodhi Green colors. also comes with a new default wallpaper, new login, and boot splash screen themes, as well as an AppPack version for those who want to have a complete application suite installed by default on their new Bodhi Linux installations.

Source

kill -15 vs kill -9

List of kill signals.

kill -l

1) SIGHUP 2) SIGINT 3) SIGQUIT 4) SIGILL 5) SIGTRAP
6) SIGABRT 7) SIGBUS 8) SIGFPE 9) SIGKILL 10) SIGUSR1
11) SIGSEGV 12) SIGUSR2 13) SIGPIPE 14) SIGALRM 15) SIGTERM
16) SIGSTKFLT 17) SIGCHLD 18) SIGCONT 19) SIGSTOP 20) SIGTSTP
21) SIGTTIN 22) SIGTTOU 23) SIGURG 24) SIGXCPU 25) SIGXFSZ
26) SIGVTALRM 27) SIGPROF 28) SIGWINCH 29) SIGIO 30) SIGPWR
31) SIGSYS 34) SIGRTMIN 35) SIGRTMIN+1 36) SIGRTMIN+2 37) SIGRTMIN+3
38) SIGRTMIN+4 39) SIGRTMIN+5 40) SIGRTMIN+6 41) SIGRTMIN+7 42) SIGRTMIN+8
43) SIGRTMIN+9 44) SIGRTMIN+10 45) SIGRTMIN+11 46) SIGRTMIN+12 47) SIGRTMIN+13
48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12
53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7
58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2
63) SIGRTMAX-1 64) SIGRTMAX

SIGKILL (9) – Kill signal. Use SIGKILL as a last resort to kill process. This will not save data or cleaning kill the process.

SIGTERM (15) – Termination signal. This is the default and safest way to kill process.

The difference between 9 and 15 is, the default action for both of them is to terminate

the process, but 9 can’t be caught or ignored. So if signal 9 gets sent, the process is

guaranteed to die, immediately. If a sig 15 is sent, the process can catch it and perform cleanups.

Signal name	Signal value	Effect
SIGHUP	1	Hangup
SIGINT	2	Interrupt from keyboard
SIGKILL	9	Kill signal
SIGTERM	15	Termination signal
SIGSTOP	17,19,23	Stop the process

Source

Darksiders 2 continues the story after War was imprisoned. Now you play as his brother Death who attempts to free the human race and undo the damage done by the Apocalypse. Explore huge maps and traverse complex jumping/platform puzzles. Gain loot from hacking and slashing all kinds of demons and bosses on earth. Level up Death and interact with demi-god-ish NCPs who will point you in the direction of the enemy or angels who will try an stop you.

Follow my step-by-step guide on installing, configuring and optimizing Darksiders II Deathinitive Edition in Linux with PlayOnLinux and DXVK.

Note: This guide applies to the GOG version of Darksiders II Deathinitive Edition. Other versions may require additional steps.

Tips & Specs:
To learn more about PlayOnLinux and Wine configuration, see the online manual: PlayOnLinux Explained

Mint 18.3 64-bit

PlayOnLinux: 4.2.12
Wine: 3.14 Staging (64-bit)
DXVK: 0.72

Wine Installation
Click Tools

Select “Manage Wine Versions”

Look for the Wine Version: 3.15

Select it
Click the arrow pointing to the right

Click Next

Downloading Wine

Extracting

Downloading Gecko

Installed

Install the 64-bit version as well

Click “Wine versions (amd64) Tab
Select 3.15
Repeat steps

Wine 3.15 32-bit and 64-bit are installed and you can close this window

PlayOnLinux Setup
Launch PlayOnLinux

Click Install

Click “Install a non-listed program”

Select “Install a program in a new virtual drive”

Click Next

Name the virtual drive: darksiders2

Click Next

Check all three options:

• Use another version of Wine
• Configure Wine
• Install some libraries

Click Next

Select Wine 3.15

Click Next

Note: We will download Wine 3.14 staging in a later step
Select “64 bits windows installation”

Click Next

Wine ConfigurationApplications Tab
windows version: Windows 7

Click Apply

Libraries Tab
Enter the following libraries:

• d3d10
• d3d10_1
• d3d10core
• d3d11
• dxgi
• xaudio2_7

Click Edit on each one and select “native (Windows)
Click Apply

Graphics Tab
Check “Automatically capture the mouse in full-screen windows”

Click OK

PlayOnLinux Packages (DLLs, Libraries, components)

Check the following:

• POL_Install_corefonts
• POL_Install_d3dcompiler_43
• POL_Install_d3dx9
• POL_Install_d3dx10
• POL_Install_d3dx11
• POL_Install_vcrun2008
• POL_Install_vcrun2010
• POL_Install_vcrun2012

Click Next

Note: All packages should automatically download and install
Click Browse

Select “setup_darksiders2_deathinitive_2.0.1.3.exe”

Click Open

Click Next again…

Click OK

Click Options

Uncheck “Create desktop icon”
Check “Yes, I have read and accept EULA”
Click Install

Click OK on all errors

Click Exit

PlayOnLinux Shortcut
Select “Darksiders2.exe”

Click Next

Name the shortcut: Darksiders II

Click Next

Select “I don’t want to make another shortcut”

Click Next

Go to: https://lutris.net/files/runners/

Download wine-staging-3.14-x86_64.tar.gz
Save to your Desktop

Extract to the PlayOnLinux linux-amd64 folder

full path:

Code:

/home/username/.PlayOnLinux/wine/linux-amd64
Click Extract

DXVK Libraries
Go to: https://github.com/doitsujin/dxvk/releases

Download version 0.72
Save to your Desktop

Open the dxbk-0.72/x64 folder

Copy all the files

Paste into the Darksiders II Dethainitive Edition Folder

Full Path:

Code:

/home/username/.PlayOnLinux/wineprefix/darksiders2/drive_c/Program Files (x86)/GOG Games/Darksiders II Deathinitive Edition/

Here is the Full DXVK Guide in PlayOnLinux

PlayOnLinux Configure
Select “Darksiders II”

Click Configure

General Tab
Click the down-arrow to select Wine 3.14 staging

Display Tab
Video memory size: Enter the amount of memory your video card/chip uses

Close Configure

Launch Darksiders II
Select Darksiders II

Click Run

Note: Click debug to see errors and bugsOptimization
Click Options

Click Video icon

Adjust:

• Vertical Sync
• Gamma
• Video Resolution
• Fullscreen
• Ambient Occlusion
• Shadow Quality
• Anti-Aliasing = Off

Note: Turn off Anti-Aliasing to reduce graphical artifactsConclusion:
Darksiders II runs much better with DXVK implemented. There are still some graphical flickering in the sky, but its not a “game breaker”. I was able to play on my GeForce GTX 1060 with great frame rates and no other noticable issues. Previously when I played Darksiders a few years ago, I played through the entire game with a few annoying graphical bugs. But those are now gone and it runs beautifully.

Gameplay Video:

Screenshots:

Source

What is Penetration Testing?

It’s the process to identify security vulnerabilities in an application by evaluating the system or network with various malicious techniques. The weak points of a system are exploited in this process through an authorized simulated attack.

The purpose of this test is to secure important data from outsiders like hackers who can have unauthorized access to the system. Once the vulnerability is identified it is used to exploit the system in order to gain access to sensitive information.

A penetration test is also known as pen test and a penetration tester is also referred as an ethical hacker.

We can figure out the vulnerabilities of a computer system, a web application or a network through penetration testing.

A penetration test tells whether the existing defensive measures employed on the system are strong enough to prevent any security breaches. Penetration test reports also suggest the countermeasures that can be taken to reduce the risk of the system being hacked.

What You Will Learn: [show]

Causes of vulnerabilities:

• Design and development errors: There can be flaws in the design of hardware and software. These bugs can put your business-critical data at the risk of exposure.
• Poor system configuration: This is another cause of vulnerability. If the system is poorly configured, then it can introduce loopholes through which attackers can enter into the system & steal the information.
• Human errors: Human factors like improper disposal of documents, leaving the documents unattended, coding errors, insider threats, sharing passwords over phishing sites, etc. can lead to security breaches.
• Connectivity: If the system is connected to an unsecured network (open connections) then it comes in the reach of hackers.
• Complexity: The security vulnerability rises in proportion to the complexity of a system. The more features a system has, the more chances of the system being attacked.
• Passwords: Passwords are used to prevent unauthorized access. They should be strong enough that no one can guess your password. Passwords should not be shared with anyone at any cost and passwords should be changed periodically. In spite of these instructions, at times people reveal their passwords to others, write them down somewhere and keep easy passwords that can be guessed.
• User Input: You must have heard of SQL injection, buffer overflows, etc. The data received electronically through these methods can be used to attack the receiving system.
• Management: Security is hard & expensive to manage. Sometimes organizations lack behind in proper risk management and hence vulnerability gets induced in the system.
• Lack of training to staff: This leads to human errors and other vulnerabilities.
• Communication: Channels like mobile network, internet, telephone opens up security theft scope.

Why Penetration testing?

You must have heard of the WannaCry ransomware attack that started in May 2017. It locked more than 2 lakh computers around the world and demanded ransom payments in the Bitcoin cryptocurrency. This attack has affected many big organizations around the globe.

With such massive & dangerous cyber-attacks happening these days, it has become unavoidable to do penetration testing on regular intervals to protect the information systems against security breaches.

So, penetration testing is mainly required because:

– Financial or critical data must be secured while transferring it between different systems or over the network.
– Many clients are asking for pen testing as part of the software release cycle.
– To secure user data.
– To find security vulnerabilities in an application.
– To discover loopholes in the system.
– To assess the business impact of successful attacks.
– To meet the information security compliance in the organization.
– To implement effective security strategy in the organization.

It’s very important for any organization to identify security issues present in internal network and computers. Using this information organization can plan a defense against any hacking attempt. User privacy and data security are the biggest concerns nowadays. Imagine if any hacker manages to get user details of social networking site like Facebook. The organization can face legal issues due to a small loophole left in a software system. Hence, big organizations are looking for PCI (Payment Card Industry) compliance certifications before doing any business with third-party clients.

What should be tested?

–

• Software (Operating system, services, application)
• Hardware
• Network
• Processes
• End-user behaviour

Penetration Testing Types:

1) Social Engineering Test:

In this test, attempts are being made to make a person reveal the sensitive information like password, business-critical data, etc. These tests are mostly done through phone or internet and it targets certain helpdesks, employees & processes.

Human errors are the main causes of security vulnerability. Security standards and policies should be followed by all staff members to avoid social engineering penetration attempt. Example of these standards includes not to mention any sensitive information in the email or phone communication. Security audits can be conducted to identify and correct process flaws.

2) Web Application Test:

Using software methods one can verify if the application is exposed to security vulnerabilities. It checks the security vulnerability of web apps and software programs positioned in the target environment.

3) Physical Penetration Test:

Strong physical security methods are applied to protect sensitive data. This is generally used in military and government facilities. All physical network devices and access points are tested for possibilities of any security breach. This test is not much relevant to the scope of software testing.

4) Network Services Test:

This is one of the most commonly performed penetration tests where the openings in the network are identified by which entry is being made in the systems on the network to check what kind of vulnerabilities are there. It can be done locally or remotely.

5) Client-side test:

It aims to search and exploit vulnerabilities in client-side software programs.

6) Remote dial-up war dial:

It searches for modems in the environment and tries to login to the systems connected through these modems by password guessing or brute forcing.

7) Wireless security test: It discovers the open, unauthorized and less secured hotspots or Wi-Fi networks and connects through them.

The above 7 categories we have seen is one way of categorizing the types of pen tests. We can also organize the types of penetration testing into three parts as seen below:

Let’s discuss this testing approaches one by one:

• Black Box Penetration Testing: In this approach, the tester assesses the target system, network or process without the knowledge of its details. They just have very high level of inputs like URL or company name using which they penetrate into the target environment. No code is being examined in this method.
• White Box Penetration Testing: In this approach, the tester is equipped with complete details about the target environment – Systems, network, OS, IP address, source code, schema, etc. It examines the code and finds out design & development errors. It is a simulation of internal security attack.
• Grey Box Penetration Testing: In this approach, the tester has limited details about the target environment. It is a simulation of external security attack.

Pen Testing Techniques:

1) Manual penetration test
2) Using automated penetration test tools
3) Combination of both manual and automated process
The third process is more common to identify all kinds of vulnerabilities.

Penetration Testing Tools:

Automated tools can be used to identify some standard vulnerability present in an application. Pentest tools scan code to check if there is malicious code present which can lead to the potential security breach. Pentest tools can verify security loopholes present in the system by examining data encryption techniques and figuring out hard-coded values like username and password.

Criteria to select the best penetration Tool:

– It should be easy to deploy, configure and use.
– It should scan your system easily.
– It should categorize vulnerabilities based on severity that needs an immediate fix.
– It should be able to automate verification of vulnerabilities.
– It should re-verify exploits found previously.
– It should generate detailed vulnerability reports and logs.

Once you know what tests you need to perform you can either train your internal test resources or hire expert consultants to do the penetration task for you.

Examples of Free and Commercial Tools:

• Nmap
• Nessus
• Metasploit
• Wireshark
• OpenSSL
• Cain & Abel
• THC Hydra
• w3af

Commercial services:

• Pure Hacking
• Torrid Networks
• SecPoint
• Veracode

You can also refer to the below list available at STH that talks about 37 powerful penetration testing tools: 37 Powerful Penetration Testing Tools For Every Penetration Tester

Limitations of Pentest tools: Sometimes these tools can flag false positive output which results in spending more developer time on analyzing such vulnerabilities which are not present.

Manual Penetration Test:

It’s difficult to find all vulnerabilities using automated tools. There are some vulnerabilities which can be identified by manual scan only. Penetration testers can perform better attacks on application based on their skills and knowledge of the system being penetrated. The methods like social engineering can be done by humans only. Manual checking includes design, business logic as well as code verification.

Penetration Test Process:
Let’s discuss the actual process followed by test agencies or penetration testers. Identifying vulnerabilities present in the system is the first important step in this process. Corrective action is taken on these vulnerability and same penetration tests are repeated until the system is negative to all those tests.

We can categorize this process in following methods:

1) Data collection: Various methods including Google search are used to get target system data. One can also use the web page source code analysis technique to get more info about the system, software and plugin versions. There are many free tools and services available in the market which can give you information like database or table names, DB versions, software versions, hardware used and various third-party plugins used in the target system.

2) Vulnerability Assessment: Based on the data collected in the first step one can find the security weakness in the target system. This helps penetration testers to launch attacks using identified entry points in the system.

3) Actual Exploit: This is a crucial step. It requires special skills and techniques to launch an attack on the target system. Experienced penetration testers can use their skills to launch an attack on the system.

4) Result analysis and report preparation: After completion of penetration tests detailed reports are prepared for taking corrective actions. All identified vulnerabilities and recommended corrective methods are listed in these reports. You can customize vulnerability report format (HTML, XML, MS Word or PDF) as per your organization needs.

Penetration testing sample test cases (test scenarios):

Remember this is not functional testing. In Pentest your goal is to find security holes in the system. Below are some generic test cases and not necessarily applicable for all applications.

1) Check if the web application is able to identify spam attacks on contact forms used on the website.
2) Proxy server – Check if network traffic is monitored by proxy appliances. Proxy server makes it difficult for hackers to get internal details of the network thus protecting the system from external attacks.
3) Spam email filters – Verify if incoming and outgoing email traffic is filtered and unsolicited emails are blocked. Many email clients come with inbuilt spam filters which need to be configured as per your needs. These configuration rules can be applied to email headers, subject or body.
4) Firewall – Make sure entire network or computers are protected with Firewall. A Firewall can be a software or hardware to block unauthorized access to a system. A Firewall can prevent sending data outside the network without your permission.
5) Try to exploit all servers, desktop systems, printers and network devices.
6) Verify that all usernames and passwords are encrypted and transferred over secured connection like https.
7) Verify information stored in website cookies. It should not be in readable format.
8) Verify previously found vulnerabilities to check if the fix is working.
9) Verify if there is no open port in the network.
11) Verify all telephone devices.
12) Verify WIFI network security.
13) Verify all HTTP methods. PUT and Delete methods should not be enabled on a web server.
14) Verify if the password meets the required standards. The password should be at least 8 characters long containing at least one number and one special character.
15) Username should not be like “admin” or “administrator”.
16) Application login page should be locked upon few unsuccessful login attempts.
17) Error messages should be generic and should not mention specific error details like “Invalid username” or “Invalid password”.
19) Verify if special characters, HTML tags and scripts are handled properly as an input value.
20) Internal system details should not be revealed in any of the error or alert messages.
21) Custom error messages should be displayed to end user in case of web page crash.
22) Verify use of registry entries. Sensitive information should not be kept in the registry.
23) All files must be scanned before uploading to the server.
24) Sensitive data should not be passed in URLs while communicating with different internal modules of the web application.
25) There should not be any hardcoded username or password in the system.
26) Verify all input fields with long input string with and without spaces.
27) Verify if reset password functionality is secure.
28) Verify application for SQL Injection.
29) Verify application for Cross Site Scripting.
31) Important input validations should be done at server side instead of JavaScript checks at the client side.
32) Critical resources in the system should be available to authorized persons and services only.
33) All access logs should be maintained with proper access permissions.
34) Verify user session ends upon log off.
35) Verify that directory browsing is disabled on the server.
36) Verify that all applications and database versions are up to date.
37) Verify URL manipulation to check if a web application is not showing any unwanted information.
38) Verify memory leak and buffer overflow.
39) Verify if incoming network traffic is scanned to find Trojan attacks.
40) Verify if the system is safe from Brute Force Attacks – a trial and error method to find sensitive information like passwords.
41) Verify if system or network is secured from DoS (denial-of-service) attacks. Hacker can target network or a single computer with continuous requests due to which resources on target system gets overloaded resulting in the denial of service for legit requests.
42) Verify application for HTML script injection attacks.
43) Verify against COM & ActiveX attacks.
44) Verify against spoofing attacks. Spoofing can be of multiple types – IP address spoofing, Email ID spoofing, ARP spoofing, Referrer spoofing, Caller ID spoofing, Poisoning of file-sharing networks, GPS spoofing.
45) Check for uncontrolled format string attack – a security attack that can cause the application to crash or execute the harmful script on it.
46) Verify XML injection attack – used to alter the intended logic of the application.
47) Verify against canonicalization attacks.
48) Verify if the error pages are displaying any information that can be helpful for a hacker to enter into the system.
49) Verify if any critical data like the password is stored in secret files on the system.
50) Verify if the application is returning more data than it is required.

These are just the basic test scenarios to get started with Pentest. There are hundreds of advanced penetration methods which can be done either manually or with the help of automation tools.

Further reading:

Pen Testing Standards –

• PCI DSS (Payment Card Industry Data Security Standard)
• OWASP (Open Web Application Security Project)
• ISO/IEC 27002, OSSTMM (The Open Source Security Testing Methodology Manual)

Certifications –

• GPEN
• Associate Security Tester (AST)
• Senior Security Tester (SST)
• Certified Penetration Tester (CPT)

Finally, as a penetration tester, you should collect and log all vulnerabilities in the system. Don’t ignore any scenario considering that it won’t be executed by end users.

Full article:

https://www.softwaretestinghelp.com/penetration-testing-guide/

Source

In this article, we will show you how to install PrestaShop on a Debian 9 VPS. Prestashop is an easy to use open source shopping cart application written in PHP used by website developers to build and run a successful online store. To install PrestaShop on a Debian 9 VPS follow the very easy steps described below.

Requirements

At the time of writing this tutorial, the latest stable version of PrestaShop is v1.7.4.2 and it requires:

• Nginx or Apache Web Server
• MySQL 5.5 or later is recommended, or MariaDB installed on your Linux virtual server.
• PHP 5.4 or higher with the following PHP extensions enabled: mcrypt, cURL, GD, GZIP and PDO.
• Full SSH root access or a user with sudo privileges is also required

Step 1: Log in via SSH on the Ubuntu server:

Log in to the VPS via SSH as user root

ssh roo@IP_Address -p Port_number

Step 2: Update all OS packages

Once you are logged, run the following command to make sure that all installed OS packages are up to date:

apt-get update
apt-get upgrade

Step 3: Install Nginx, MariaDB and PHP 7

Stop and disable Apache service:

systemctl stop apache2
systemctl disable apache2

Install Nginx from Debian package repository. Simply, run the following command to install Nginx on your server:

apt-get install nginx

After the installation is complete, Nginx will automatically start.
To verify that Nginx is running on the server, you can use the following command:

systemctl status nginx

Make sure that Nginx server is configured to automatically start upon a server boot:

systemctl enable nginx

Install MariaDB and PHP 7 on your server using the following commands:

apt-get install mysql-server
apt-get install php7.0 php7.0-cli php7.0-common php7.0-fpm php7.0-curl php7.0-zip php7.0-gd php7.0-mysql php7.0-xml php7.0-mcrypt php7.0-mbstring

Enable MariaDB and php-fpm to automatically start upon a server boot:

systemctl enable mariadb.service
systemctl enable php7.0-fpm.service

Step 4: Install PrestaShop

Download the latest stable version of PrestaShop in the /opt directory on your server and extract it in the /var/www/html/ directory:

cd /opt
wget https://download.prestashop.com/download/releases/prestashop_1.7.4.2.zip
unzip prestashop_1.7.4.2.zip
unzip prestashop.zip -d /var/www/html/prestashop/

Step 5: Modify the PHP configuration

Edit the ‘/etc/php/7.0/fpm/php.ini’ PHP configuration file.
Modify the memory_limit value to 128MB or higher:

memory_limit = 256M

Also, set upload_max_filesize to 32 MB (or more):

upload_max_filesize = 32M

Also, modify the following settings:

file_uploads = On
allow_url_fopen = On

Restart the php-fpm service for the changes to take effect:

systemctl restart php7.0-fpm.service

Step 6: Set file permissions

The web server user (www-data) needs to be able to write to files and directories inside the ‘/var/www/html/prestashop’ directory, so it can easily be accomplished by executing the following command:

chown www-data:www-data -R /var/www/html/prestashop/

Step 7: Configure Nginx to serve PrestaShop

Create a new Nginx server block:

vi /etc/nginx/sites-available/your-domain.com

and add the following content:

server {
server_name your-domain.com;
listen 80;
root /var/www/html/prestashop/;
access_log /var/log/nginx/your-domain.com_access.log;
error_log /var/log/nginx/your-domain.com_error.log;

index index.php;

rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$1$2.jpg last;
rewrite ^/([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(-[_a-zA-Z0-9-]*)?/[_a-zA-Z0-9-]*.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/c/([0-9]+)(-[_a-zA-Z0-9-]*)/[_a-zA-Z0-9-]*.jpg$ /img/c/$1$2.jpg last;
rewrite ^/c/([a-zA-Z-]+)/[a-zA-Z0-9-]+.jpg$ /img/c/$1.jpg last;
rewrite ^/([0-9]+)(-[_a-zA-Z0-9-]*)/[_a-zA-Z0-9-]*.jpg$ /img/c/$1$2.jpg last;
try_files $uri $uri/ /index.php?$args;

location ~* .(jpg|jpeg|gif|css|png|js|ico|html)$ {
access_log off;
expires max;
}

location ~ .php {
fastcgi_index index.php;
fastcgi_split_path_info ^(.+.php)(.*)$;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php7-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}

Create a symbolic link:

ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/your-domain.com

Restart the Nginx service for the changes to take effect:

systemctl restart nginx

Step 8: Create a MariaDB database for PrestaShop

Login to the MariaDB console with the root account:

mysql -u root -p

Create a MariaDB database, user and grant permissions to the user using the following command:

MariaDB [(none)]> CREATE DATABASE prestashop;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON prestashop.* TO ‘prestashop’@’localhost’ IDENTIFIED BY ‘Str0ngPa55w0rd’;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> q

Do not forget to replace ‘Str0ngPa55w0rd’ with an actual strong password.

Open your favorite web browser and type in the following URL to access the PrestaShop web interface and start the setup:

http://your-domain.com/

From here you can finish the setup by selecting the installation language and entering the information about your PrestaShop store. Then, create an administrator account and enter the following information to configure the database:

Database server address: 127.0.0.1

Database name: prestashop

Database login: prestashop

Database password: enter the MariaDB password for the PrestaShop MariaDB user.

For security reason, you must delete the ‘install’ directory:

rm -rf /var/www/html/prestashop/install/

Once you deleted the installation directory, login to the PrestaShop back-end by clicking on the ‘Manage your store’ button.

 

Congratulations! PrestaShop has been successfully installed on your server. You can now start using PrestaShop and customize it according to your needs.

Of course, you don’t have to Install PrestaShop on a Debian 9 VPS if you use our Managed PrestaShop Hosting services, in which case you can simply ask our expert Linux admins to install PrestaShop on Debian 9, for you. They are available 24×7 and will take care of your request immediately.

PS. If you liked this post, on how to Install PrestaShop on Debian 9, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Source

28th September 2018 /
Category: Tips and Tricks /
Comments: None

PrestaShop is one of the most popular open source e-commerce self-hosted platforms. PrestaShop is completely free and open source, used by thousands of online stores around the world. In this article, we will explain the process of installing the latest version of PrestaShop on a CentOS 7 VPS with Apache, MariaDB, and PHP. In this tutorial, we will show you how do you install Prestashop on CentOS 7 based server.

PrestaShop comes with hundreds of useful features, some of them are listed above:

• Extendable with free, external or add-on modules
• Wide choice of customizable e-commerce themes
• Intuitive Interface
• Easily manage your products and orders
• More than 50 payments methods supported
• and many more…

Prerequisites

– CentOS 7 VPS with SSH root access
– Apache 2.x or Nginx web server
– PHP version 5.4 or newer, with Mcrypt, OpenSSL, Zip, Curl, GD, and PDO extensions
– MySQL database server version 5.4 or newer with a database created

1. Login via SSH and update the system

In order to start installing the necessary services, we need to login to the CentoS 7 VPS via SSH as user root

ssh root@IP_Address -p Port_Number

Before we can continue, make sure that all installed packages are updated to the latest version

yum -y update

2. Install MariaDB

Next, install MariaDB database server on your VPS by executing the following command

yum -y install mariadb

Start the database server and enable it to automatically start upon server reboot

systemctl start mariadb
systemctl enable mariadb

After the installation is completed, run the ‘mysql_secure_installation’ script to set the password of the MariaDB ‘root’ user and additionally strengthen the security of the database server.

With this step, the installation of the MariaDB server is completed. Now, login to the database server as user root,

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE prestashop;
MariaDB [(none)]> CREATE USER ‘user’@’localhost’ IDENTIFIED BY ‘PASSWORD’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON prestashop.* TO ‘user’@’localhost’;
MariaDB [(none)]> FLUSH PRIVILEGES
MariaDB [(none)]> exit

and of course, don’t forget to replace ‘PASSWORD’ with an actual strong password.

3. Install Apache Web Server

Install Apache from the official CentOS 7 repositories using the yum package manager

yum -y install httpd

start the web server and enable it to automatically start after reboot

systemctl start httpd
systemctl enable httpd

4. Install PHP 7.1

PHP 5.6 is the minimum supported PHP version, but PrestaShop runs perfectly on PHP 7.1 and this is the recommended version, so we will install it on our server. CentOS 7 by default is shipped with PHP 5.4, so we will need to add an extra repository in order to be able to install a newer PHP version.

Run the following commands to add the Webtatic EL repository

yum -y install epel-release
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

and install PHP 7.1 along with the PHP extensions we mentioned in the prerequisites section
yum install php71w php71w-common php71w-curl php71w-mysql php71w-mcrypt php71w-gd php70w-cli php70-pdo

5. Download and unpack PrestaShop

Download the latest stable release of PrestaShop to your server. Currently, it is version 1.7.4.2

wget https://download.prestashop.com/download/releases/prestashop_1.7.4.2.zip

Unpack the archive to the document root directory of your server

unzip prestashop_1.7.4.2.zip -d /var/www/html
unzip prestashop_1.7.4.2.zip
unzip prestashop.zip -d /var/www/html/prestashop/

and set the correct permissions to the PrestaShop directory

chown apache:apache -R /var/www/html/prestashop/

6. Create Apache Virtual Host

At this point, you should be able to access your PrestaShop website using your server’s IP address. We will create a new Apache virtual host, so we can be able to access it with a domain name. Create a new virtual host directive with the following content:

vi /etc/httpd/conf.d/prestashop.conf

ServerAdmin admin@your-domain.com
DocumentRoot /var/www/html/prestashop/
ServerName your-domain.com
ServerAlias www.your-domain.com

Options +FollowSymlinks
AllowOverride Al

ErrorLog /var/log/httpd/prestashop-error_log
CustomLog /var/log/httpd/prestashop-access_log common

Save the file and restart the web server for the changes to take effect

systemctl restart httpd

7. Access and install PrestaShop

Now, since we already installed and configured all necessary services and packages, and downloaded PrestaShop, you should be able to access your PrestaShop e-commerce website at http://your-domain.com and follow the on-screen instructions to complete the installation from your favorite web browser. Once everything is properly installed, for security purposes you should remove the installation directory

rm -rf /var/www/html/prestashop/install/

For more details on how to configure and use PrestaShop, please check their official documentation.

Of course, you don’t have to Install PrestaShop on CentOS 7 if you use our Managed PrestaShop Hosting services, in which case you can simply ask our expert Linux admins to install PrestaShop on CentOS 7, for you. They are available 24×7 and will take care of your request immediately.

 

PS. If you liked this post, on how to Install PrestaShop on CentOS, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

Be the first to write a comment.

Source

Posted by Anthony Pell

Multiple vulnerabilities have been discovered in Asterisk, an open source PBX and telephony toolkit, which may result in denial of service or information disclosure. —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4320-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 16, 2018 https://www.debian.org/security/faq
– ————————————————————————-

Package : asterisk
CVE ID : CVE-2018-7284 CVE-2018-7286 CVE-2018-12227 CVE-2018-17281
Debian Bug : 891227 891228 902954 909554

Multiple vulnerabilities have been discovered in Asterisk, an open source
PBX and telephony toolkit, which may result in denial of service or
information disclosure.

For the stable distribution (stretch), these problems have been fixed in
version 1:13.14.1~dfsg-2+deb9u4.

We recommend that you upgrade your asterisk packages.

For the detailed security status of asterisk please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/asterisk

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Source

Posted On: Oct 16, 2018

AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, now gives you an additional option to implement the principle of least privilege by reducing the scope of access through the Active Directory (AD) trusts between AWS Managed Microsoft AD and your existing Microsoft AD. As an alternative to forest-wide trust, you can now use external trusts to connect to specific child or tree domains in your existing Microsoft AD forest.

By using external trust, only users from the domains you specify may use their existing AD credentials to access applications such as Amazon RDS for SQL Server, Amazon WorkSpaces, and other AD-aware applications that are using AWS Managed Microsoft AD. This also limits read access in your existing Microsoft AD by AWS Managed Microsoft AD when you implement two-way trusts or trusts from your existing Microsoft AD to AWS Managed Microsoft AD.

This feature is available today in all AWS Regions where AWS Managed Microsoft AD is offered. To learn more, see Connect to Your Existing AD Infrastructure.

Source

• News
• 31 Aug, 2018
• 0

The 8th monthly report of the 2018 of Sparky project:

• new additions: ONLYOffice, Caprine, Discord
• EFL updated up to 1.21.0 & Enlightenment to 0.22.4 (testing repos)
• fixed installation of a few desktops via APTus on testing (make sure that changes in Debian testing repos can make problems sometimes, so report whatever you find)
• Sparky Linux kernels updated up to version 4.18.5 & 4.19-rc1
• improved removing desktops via APTus, many thanks go to lami07
• Jade desktop updated up to 0.6.6
• Added Jade desktop installation to APTus
• lami07 keep improving i3 configuration which will be used as default by Sparky, when ready.

New iso images of Sparky 5.5 should be ready in the middle of September, but the point is to ship them with Linux kernel 4.18 as default.

Tags: 2018augustlinuxprojectreportsparkysparkylinux

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: },
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://sparkylinux.org/wp-content/themes/anew/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#pinterest’).sharrre({
share: {
pinterest: true
},
template: ‘

‘,
enableHover: false,
enableTracking: true,
buttons: {
pinterest: {
description: ‘Sparky news 2018/08’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘pinterest’);
}
});
});

Advertising

Source

REST or RESTful APIs are everywhere these days. You may have used it even without knowing anything about it. In this article, I will talk about REST APIs. I will discuss how they work, their applications and many more. Let’s get started.

In traditional web applications, let’s say a simple PHP web server,

• You request a page (let’s say php) from the server.
• The server finds the script file (php) corresponding the page you requested and starts executing it. The script connects to the database, looks for the required information, places the information into the page in a nicely formatted way (mixing HTML + CSS + JavaScript with the data) that looks very attractive to the visitor.
• Then the server sends it back to the visitor.

In this model, all the processing is done on the server side. So the server has to do more work. Here, data is not separate from the page, it’s embedded deeply into the page.

If in future, you want to make an Android app or iOS app or a Desktop app of your website, you will have to do a lot more work. You will have to connect to the database directly from each of these apps, which may not be very secure. The development time will increase and portability issues will arise.

Let’s say you’ve successfully made Desktop, Android and iOS apps of your website. The user’s full name is displayed in lowercase in each of them. Now, you would like to show it in uppercase. Well, the developers have to modify the Desktop, Android and iOS version of your app separately in order to do that. Which is time consuming. In real world, things won’t be as simple as this one. So, one version of the app (Let’s say the Desktop version) may have a serious bug in the update process. Fixing it later would take more time. Can you see how the development time increases? This solution is not portable as well.

In REST API, you ask the API server what you need and it sends you just the information you ask for, no additional formatting is done in the server. There is no need for unnecessary processing in the server. So, the performance of your website and apps are naturally improved. Also, you can use the same data in your website, desktop app, Android and iOS apps. Changes made to the servers will be reflected in the apps that are using the API. The app development time and cost will also be reduced.

How REST API Work:

The REST APIs have endpoints. An endpoint is nothing more than a URL, but in a nicely formatted way and it is meaningful. It uses the native HTTP requests (such as GET, POST, PUT, DELETE etc) to decide what to do when you access each endpoints. I will talk about these later.

The output format of the REST API is JSON also known as JavaScript Object Notation.

An example of the output of a GET request to the REST API on /users/id/12 endpoint may look as follows:

{
“id”: 12,
“name”: “David Smith”,
“age”: 42,
“phones”: [“124-211-2341”, “889-211-4545”],
“country”: “US”
}

As you can see, I did a GET request on /users/id/12 endpoint to tell the REST API to give me information about the user who has the id 12. I got just the information I requested, nothing more, nothing less.

Now let’s say, you want information on the last 10 users who signed up on your website. You may do a GET request on /users/latest/10 endpoint.

You can add new data on your server using the REST API as well. Usually, the HTTP POST request is used to ask the REST API to add new data to the API server.

For example, you can do a POST request on /users endpoint with the data of the new user and it will be added to the database on your API server. You can also configure your API to return the status of the request.

{
“statusCode”: 400,
“statusText”: “User successfully added.”,
“data”: {
“id”: 13,
“name”: “Mary Smith”,
“age”: 35,
“phones”: [“124-211-2341”, “889-211-4545”],
“country”: “US”
}
}

As you can see, the statusCode and statusText property of the JSON object notifies the API client that the user is successfully added. The data added is returned as well in the data property of the JSON object. You can configure your API just the way you want.

You can update an existing record from the API server’s database as well. The PUT HTTP request is used on an API endpoint to update existing data on your API server’s database.

For example, let’s say you want to update the phone number of the user with the id 13. You may do a PUT request on the API endpoint /user/id/13.

{
“statusCode”

:

200,
“statusText”

:

“User updated.”,
“old_data”

:

{
“id”

:

13,
“name”

:

“Mary Smith”,
“age”

:

35,
“phones”

:

[“124-211-2341”, “889-211-4545”],
“country”

:

“US”
},
“new_data”

:

{
“id”

:

13,
“name”

:

“Mary Smith”,
“age”

:

35,
“phones”

:

[“100-211-1111”, “140-211-1145”],
“country”

:

“US”

}}

As you can see, the update operation is successful. The old data and new data is returned in the old_data and new_data property of the JSON object respectively.

You can also delete data from the API server’s database with the HTTP DELETE request on the API endpoint.

For example, to delete the user with the id 12, you may do a DELETE request on the API endpoint /user/id/12.

{
“statusCode”: 150,
“statusText”: “User removed.”,
“data”: {
“id”: 12,
“name”: “David Smith”,
“age”: 42,
“phones”: [“124-211-2341”, “889-211-4545”],
“country”: “US”
}
}

As you can see, the user is deleted and the deleted user data is returned in the data property of the JSON object.

I have explained the standard way to use the GET, POST, PUT and DELETE HTTP request on the API endpoints to do CRUD (Create, Read, Update and Delete) operation using REST API. But you can configure your API to do certain things on certain HTTP request. Nothing is fixed here. For example, you can update the API using GET HTTP request. You don’t have to use PUT. It’s up to the API designer.

You design the API endpoints as well. Giving meaningful names to your API endpoints make your REST API much easier to use.

Applications of REST API:

APIs make app development easier and modular. With the help of REST API, you can easily port your app to different platforms.

All you have to do is design and develop a REST API of your application. Then you can use your REST API from your website, Android app, iOS app, Windows desktop app and Linux app etc. This way, all of your apps on different platform will use the same logic and your development time and cost will be reduced. The apps will be easier to manage as well. REST APIs are used rapidly in Single Page Web Applications these days as well.

I have written an article on writing REST APIs using Python. Thanks for reading this article.

Source