Friday, July 15, 2016

python: Simple http server with CGI scripts enabled

If you want to experiment some python code as CGI script to serve by a HTTP server, you can get started by these steps:

  1. Create a cgi-bin directory.
  2. Ready!

No, really, it's that simple! Try these CGI scripts out.

Example 1: cgi-bin/hello.py

#!/usr/bin/env python3

localvars_table = '<table>'
for x in dir():
  localvars_table += '<tr><td>%s</td></tr>' % x
localvars_table += '</table>'

print("Content-type: text/html")
print("")
print("""<html><body>
<p>Hello World! Your custom CGI script is working. Here are your current Python local variables.</p>
%s
<p>NOTE: If you want to write useful CGI script, try the Python 'cgi' module. See cgitest.py script.</p>
</body></html>""" % (localvars_table))

To test and run this, you simply invoke these couple commands:

bash> chmod a+x cgi-bin/hello.py
bash> python3 -m http.server --cgi

You may now test it on your browser with http://localhost:8000/cgi-bin/hello.py. Hit CTRL+C to stop the server.

If you want to do more with fancy CGI scripts, try the Python's cgi module. Here is another example.

Example 2: cgi-bin/cgitest.py

#!/usr/bin/env python3

import cgi
cgi.test()

Again chmod your cgitest.py script and visit http://localhost:8000/cgi-bin/cgitest.py. You will see all the HTTP related data as expected when working with a CGI script. See https://docs.python.org/3/library/cgi.html for more details.

Saturday, July 9, 2016

postgres: How to install posgresql-server with yum on Linux

If you have a RedHat/CentOS/OracleLinux distro of Linux, then yum should be available as your package manager. Here are the notes I have to get PostgreSQL server up running.

bash> yum info postgresql-server
bash> # Verify that's the version you want to install

bash> # Ready to install
bash> sudo su -
bash> yum -y install postgresql-server
bash> service postgresql initdb

bash> # Startup the server manually
bash> service postgresql start

bash> # Make server startup at system reboot
bash> chkconfig postgresql on

bash> # Verify postgres DB is working
bash> su - postgres -c psql
postgres=# \du
postgres=# \q

bash> # We are done, exit root user shell
bash> exit

If you can't find service or chkconfig commands, then check to ensure you have have /sbin in your $PATH.

Friday, July 8, 2016

sudo: How to switch Linux account user without the target user's password

Did you know if you have been granted sudo access to a remote host with su command, then you may switch to any user without the need to type in their password?

Try this out:

zemian@myhost bash> sudo su - postgres
# When prompted for password, enter your own user account password.

# Now you are in as `postgres` user!
postgres@myhost bash>

Or if you want to switch to the root user directly, simply try:

bash> sudo su -

This is very useful when you need to switch to a user account that was only setup just to run applications (eg: postgres, mysql, oracle, or weblogic etc.) and not intented for real user. In this case, you might not even know what the real password is. Above trick should get you switch into that target user account.

Thursday, July 7, 2016

ssh: Login to remote host without password

Most of remote systems are secured by SSH, and to gain remote control with terminal, you would need to ssh into the server. You will be prompted to login with your password on every session. To avoid typing password everytime, you need to setup as authorized client. Here is how you can do that with ssh key.

First on your own client machine, generate the $HOME/.ssh/id_rsa.pub file:

bash> ssh-keygen
# When prompted to enter password, simply hit ENTER key to skip it!
bash> cat  ~/.ssh/id_rsa.pub
xxxyyyzzz zemian@myhost
# You will see a very long string instead of "xxxyyyzzz".

Now you need to copy this public key string into your remote host. You need to ssh into the remote host with your valid password first to setup. If successful, the subsequent ssh into the remote host will not prompt you for password!

bash> ssh myremotehost
# Enter password to gain access

After you are in the remote host:

myremotehost> vim ~/.ssh/authorized_keys
#Paste and append the "xxxyyyzzz" into above file.

If you don’t already have the ~/.ssh/authorized_keys file on remote host, then create it, but ensure you don’t let other users or groups to access it. Use command like this to change the permission:

bash> chmod g-rw,o-rw ~/.ssh/authorized_keys

The cool thing about this is that it affects all ssh related commands, such as scp will now work without prompting you for password!

Have a productive day!

Wednesday, July 6, 2016

wls: How to import SSL cert into WLS DemoTrust.jks keystore file

In WLS, you can import your own SSL cert into it’s trust keystore file to invoke "https" contents. Here is how you do that with the default WLS DemoTrust.jks file.
bash> cd $WL_HOME/server/lib
bash> keytool -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -list
bash> keytool -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -importcert -alias mycert -file mycert.pem

# Or to delete the entry
bash> keytool -keystore DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -delete -alias mycert
The file mycert.pem can be obtained by any modern browser when you visit the "https" site. For example using Firefox, you can follow these steps to export the cert file:
  1. Click on the Lock icon next to the URL in the broswer
  2. Click More Information button, then go to the "Security Tab"
  3. Click View Certificate button, then go to the Details tab
  4. Click Export …​ button
  5. On the bottom right corner dropdown, select X.509 Cerificate with chain (PEM)
  6. Type name of file to save (eg: mycert.pem) and then click Save button