Create the VPN Connection in the VPC Management console on AWS, using static routing, then download the Generic configuration. The downloaded text file contains some values that you’ll need. There are two VPN configurations in it. I just hook up one on the server. Perhaps if you have two VPN servers you could set up one VPN on each.

These are the values of interest in the downloaded text file:

Pre-Shared Key
Outside IP Addresses
Customer Gateway
Virtual Private Gateway
Inside IP Addresses
Customer Gateway
Virtual Private Gateway

My server has an internal IP address, and sits behind a router, which has a public IP address. AWS VPC supports NAT-T so this is no problem. You just set “left” (below) to your internal IP and “leftid” (also below) to your public IP.
more »

Running scripts as root from PHP

| December 12th, 2015

I needed to integrate a Linux server with our existing web application, which involved dynamically changing iptables rules by a bash script. For obvious reasons, the script needed root privileges to execute successfully.

On CentOS (and a handful of other distros), Apache processes run as the apache user by default. To call a script with root privileges and dump out the output from PHP, we can use the shell_exec command with sudo:

    echo shell_exec("sudo /usr/sbin/");

Unsurprisingly, The apache user doesn’t have sudo privileges by default, so we need to add a line to the /etc/sudoers file using the visudo command. Visudo makes sure that the file’s syntax is correct before applying the new rules, which is especially important if you have the root user disabled in your system.

The following line will allow the apache user to run the above dummy example script (and nothing else) with sudo without asking for a password:

apache ALL=NOPASSWD: /usr/sbin/

If you need to run more than one command, just add them separated by commas.

There might be one more thing to change in /etc/sudoers: at this point if the output is empty and the command silently fails, it’s because sudo is set to only be used directly from the terminal. To lift this requirement for a certain command or user, use the following:

# This line is probably in sudoers somewhere,
# disallowing script usage
Defaults    requiretty
# To allow our script to be run from anywhere,
# add the following line:
Defaults!/usr/sbin/ !requiretty
# Alternatively you can enable apache user
# to run all allowed commands from anywhere.
# (Not recommended, be as specific as you can be!)
Defaults:apache !requiretty
Security warning

Please make sure you think about security and be especially careful when accepting user input as command parameters to avoid injection attacks. It’s also good idea to implement some sort of authentication before executing the code path with the script.

I only needed it for communication between servers, so I put it in an Apache VirtualHost on a custom port and made sure it’s only accessible from the other server’s internal IP address.


i have a task to rsync all files and folders which is older than 3 days in capacity 2TB.

Here is the way i did.

# touch -mt 09201200 /tmp/compare
[[email protected]]# ll /tmp/ |grep compare
-rw-r--r--   1 root     root        0 Sep 20 12:00 compare

the run the find command:

find /.../product -type f -newer ./tmp/compare -exec stat {} \; |egrep "File|Modify"

it should list all the files which is modified from 09201200 date up to present.

then you will have file list. just need to run rsync to do the last step.

Transparent Huge Pages (THP) are enabled by default in RHEL 6 for all applications. The kernel attempts to allocate hugepages whenever possible and any Linux process will receive 2MB pages if the mmap region is 2MB naturally aligned. The main kernel address space itself is mapped with hugepages, reducing TLB pressure from kernel code…
Read more:
more »

Normally you can use Whois to query nameservers:

$ whois -h “nameserver”

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to
for detailed information.

Server Name: NS1.INBOXS.COM
IP Address:
Whois Server:
Referral URL:

>>> Last update of whois database: Thu, 03 Sep 2015 15:04:12 GMT <<< [bash][/bash] The implementation of this feature is up to the TLD. .GOV, for example, does not return nameserver queries: [bash][/bash] $ whois -h "nameserver" % DOTGOV WHOIS Server ready No match for nameserver "A.GOV-SERVERS.NET". >>> Last update of whois database: 2015-09-03T15:04:58Z <<< Please be advised that this whois server only contains information pertaining to the .GOV domain. For information for other domains please use the whois server at RS.INTERNIC.NET. [bash][/bash]

Install Bad Wolf Color for Vim

| August 14th, 2015

So we have a good color for vim which give your more visualization about vim editor.

Bad Wolf looks like a good candidate

Here is the instruction how to install color for vim

1. Copy colors/badwolf.vim to ~/.vim/colors/badwolf.vim; create directories if needed. Alternatively, git clone into ~/.vim/bundles/ and use the Pathogen package manager, or specify the repository with the Vundle package manager, etc.

2. In your ~/.vimrc, put / replace any existing :colorscheme command with:
colorscheme badwolf

more »

When you are using special fonts for your terminal and it could not display correctly. We need to install these front to make it work better

So Powerline fonts is a good candidate and easy to install on MacOS and Linux
more »

Because I investigated this for a project, Linux (at least RHEL) mailx can use a remote SMTP server, thus enabling us to test whether that server allows email sending from our application.

mailx -S smtp=<smtp-server-address> -r <from-address> -s <subject> -v <to-address> < content.txt

Where “-S smtp ” is the crucial component (that apparently AIX mail/mailx doesn’t support) allowing you to send through a remote server rather than a locally-configured server.

-v is "verbose"
content.txt is a local file that contains the body of the test message I'm sending.

more »

Puppet supports “if” and “unless” statements, case statements, and selectors.

if $is_virtual {
  warning('Tried to include class ntp on virtual machine; this node may be misclassified.')
elsif $operatingsystem == 'Darwin' {
  warning('This NTP module does not yet work on our Mac laptops.')
else {
  include ntp

more »

Some conditional statements that you can use on puppet templates:

<% if @hostname == ("srv01") then -%>
... ... ...
<% end -%>
<% if @hostname != ("srv01") then -%>
... ... ...
<% end -%>
<% if @hostname == ("srv01" or "srv02") then -%>
... ... ... 
<% end -%>