Why Cannot You Browse to a URL Path with a File Name in a Web Browser when the index.html File is Available?

Problem scenario
You know foobar.html is in a directory on a web server that houses index.html. You cannot go to foobar.html in a web browser -- but you can go to index.html. How do you fix this?

Possible solution #1
Are the permissions of foobar.html different from index.html? Is there a slight spelling error in the file name on the back-end? Verify the address in the browser and that it matches up with what is in the back-end.

Possible solution #2
If you are using Flask, then read this possible solution. Is there a route to foobar.html? You may want to view this external page for more information.
Is a function name duplicated in the webapp.py file? (To handle duplicates, see this StackOverflow.com posting.) The route or function governing it may be misconfigured. One problem could be that the templates directory does not actually have the file or there is a small spelling mistake in the file on the back-end.
Is the templates directory configured to be somewhere different for the web page? You may want to view this page: https://stackoverflow.com/questions/31002890/how-to-reference-a-html-template-from-a-different-directory-in-python-flask/31003097

How Do You Merge .pdfs with Linux?

Problem scenario
You want to combine several PDF files. But you don't want to upload them to a website. How do you do this for free with a Debian distribution of Linux?

Solution
Run this command:

sudo apt -y install poppler-utils

Run this command (where 1.pdf is the first file you want to be merged with the first pages, foobar.pdf is a file you want in the middle of your single PDF result, and last.pdf is the pdf with the last pages you want in a final combined PDF called combination.pdf):

pdfunite 1.pdf foobar.pdf last.pdf combination.pdf

# Note this assumes you have in your directory files called 1.pdf, foobar.pdf, and last.pdf.

What Does the Less-than and Parentheses Syntax in Linux/Bash Signify?

Question
You have seen "<(" in Linux. What does it do?

Answer
A command encapsulated in parens and having the "<" symbol on the left is a way to do process substitution.

Here is an example:

diff <(hostname -f) <(date)

The diff command can compare the results of two different commands. To read more about process substitution, see this posting: https://tldp.org/LDP/abs/html/process-sub.html

How Do You Get Passwords to Expire for Existing Users?

Problem scenario
You want passwords to rotate periodically for all users. You modified the /etc/login.defs file, and new users are inheriting the temporal rotational policies for passwords. How can pre-existing accounts be forced to periodically change their password?

Solution
Use this command for every password (but replace "jdoe" with the user you want to change and replace "30" with the number of days you want the password to last for before the user is forced to change it):

sudo chage -M 30 jdoe

# The user can still log in one more time after expiration.  The user will be forced at that log in to change their password.

# This will change the immediate future expiration date of the user's password.
# The user's password will forever need to change after the 30 days (or whatever number you entered).
# It is permanent (not a one-time expiration).

How Do You Disable Hyperthreading in Linux?

Problem scenario
You are running Linux with a multi-core CPU and motherboard. You want to turn off simultaneous multithreading (because in some use cases the performance can improve or you are concerned about security). What should you do?

Possible Solution #1
If you want to be able to turn it back on without rebooting, you could have a crontab job run a script at reboot. You can run "nproc" before and after you do this. The number should change before and after your turn off hyperthreading.

Often the file to change is this: /sys/devices/system/cpu/smt/control
(Both Red Hat and Debian derivative use this file.) The value should be "off" if you want to disable hyperthreading.

For alternatives, see this posting: https://serverfault.com/questions/235825/disable-hyperthreading-from-within-linux-no-access-to-bios

Possible Solution #2
Go to the BIOS or EFI. The pre-boot menus will have a way to disable hyperthreading. (We are very skeptical of a BIOS/EFI out there that does not allow you to disable it.) The benefit of this is that if a hacker gains access to your OS, they will generally not be able to turn on SMT/hyperthreading. We find this way to be more secure. Sometimes crontab jobs get deleted or users with crontab jobs get deleted or directories with initialization scripts get deleted.

Using Python How Do You Print Log Entries for a Given Time Range?

Problem scenario
Using Python, you want to parse a log file. You want to print out entries that have a datetime stamp that are within 24 hours of a given date.

The log file is in this format:

Sep 18 07:28:11 server1 sshd[29284]: Received disconnect from 115.52.17.109 port 46970:11: Bye Bye [preauth]
Sep 18 07:28:11 server1 sshd[29284]: Disconnected from 115.52.17.109 port 46970 [preauth]
Sep 18 07:28:11 server1 sshd[29282]: Failed password for root from 51.10.7.109 port 24844 ssh2
Sep 18 07:28:13 server1 sshd[29287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.155.214 user=root
Sep 18 07:28:13 server1 sshd[29282]: Failed password for root from 51.10.7.109 port 24844 ssh2
Sep 18 07:28:14 server1 sshd[29282]: Received disconnect from 51.10.7.109 port 24844:11: [preauth]
Sep 18 07:28:14 server1 sshd[29282]: Disconnected from 51.10.7.109 port 24844 [preauth]
Sep 18 07:28:14 server1 sshd[29282]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.10.7.109 user=root
Sep 18 07:28:15 server1 sudo: jdoe : TTY=pts/0 ; PWD=/home/jdoe/ ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Sep 18 07:28:15 server1 sudo: pam_unix(sudo:session): session opened for user root by jdoe(uid=0)

You want to convert the strings to the datetime data type. What do you do?

Possible Solution #1

Use this program:

from datetime import datetime, timedelta
log_reader = open('auth.log', 'r')
for line in log_reader:
    dt_of_log = datetime.strptime('2021 ' + line[:6], '%Y %b %d')
    fixed_date = datetime(2021, 6, 15)
    diff = abs(dt_of_log - fixed_date)
    if diff > timedelta(days = 1):
        print(dt_of_log - fixed_date)

Possible Solution #2
See this: https://serverfault.com/questions/101744/fast-extraction-of-a-time-range-from-syslog-logfile

Possible Solution #3
If you do not want to import a module, see this posting: https://stackoverflow.com/questions/12660164/the-best-way-to-filter-a-log-by-a-dates-range-in-python

How Do You Get Audio to Work on Your Linux System?

Problem scenario
There is no audio on your Linux system. The volume is not muted. In the control panel area for audio you see "Dummy …" for your sound device on your Linux system. What should you do?

Possible Solution
This assumes the hardware of the server, computer or laptop uses Intel.

  1. Backup the file /etc/default/grub (e.g., to your home directory as .bak).
  2. Modify /etc/default/grub. Find the stanza for "GRUB_CMDLINE_LINUX_DEFAULT" and append a space to it and this stanza:

snd-intel-dspcfg.dsp_driver=1

It will look like this (but "quiet splash" may be something else):

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash snd-intel-dspcfg.dsp_driver=1"

  1. Run this command:
    sudo grub2-mkconfig -o /boot/grub2/grub.cfg
  2. Reboot the server.

This solution was adapted from this posting: https://access.redhat.com/discussions/3649111

Is the Term “Threadjacking” a Netiquette or Cybersecurity Issue?

Problem scenario
You have heard the term "threadjacking" in different contexts. What does it mean?

Answer
The word "threadjack" can have different meanings. It can be a netiquette issue, a cybersecurity issue, or both.

Threadjacking can refer to the practice of responding to an email thread or website posting to change the topic. These type of threadjackings have no security implication. A new email thread or website posting would be a polite way to introduce such a new topic.

The term "threadjacking" can refer to intercepted emails where someone joins the discussion to pretend to be someone else. The bad actor's ruse can involve the content of the discussion. This bad actor can steal data in responses or distribute malware. The historic email thread gives the victim confidence that the bad actor is a legitimate source. This type of threadjacking refers to a man-in-the-middle attack or a type of spear phishing. (See https://www.dictionary.com/browse/spear-phish for more information.)

For more information see the following quotes:

A new method that phishers are using is a twisted form of threadjacking.

if a spam email comes from someone a user knows, that email has a higher chance of reaching that user’s inbox because spam filters will consider the message as valid. This is why threat actors are hijacking people’s accounts to send spam emails.

https://www.graphus.ai/blog/email-security-trends-for-2021/

Another risk is thread-jacking, where employee email accounts are hijacked and malware is spread by responding within specific conversation threads, making it more likely individuals will open a link or attached file, according to Pratt.

https://www.cybersecuritydive.com/news/infosec-security-for-productivity-hp-wolf/606296/

What's The Best Name? ThreadJacking or Man-in-the-Inbox Attacks? …Bad guys send a phishing attack and steal the credentials of your employee. But they stay under the radar and lurk for a while to understand the email traffic and the people the compromised account regularly talks to.

Next, they reply to an existing thread with a socially engineered message and attach a malicious attachment that will compromise the workstation of the recipient if they open it up.

https://blog.knowbe4.com/whats-the-best-name-threadjacking-or-man-in-the-inbox-attacks

How Do You Install VirtualBox when you Encounter an Error Message “Unable to install VirtualBox as download failed … not (yet) available (404 Not Found)”?

Problem scenario
You try to install VirtualBox on a Linux server via the "Software" section of your GUI. It fails with an error message like this: "Unable to install VirtualBox as download failed … not (yet) available (404 Not Found)"

Solution
Run a command like one of the following depending on the type of Linux you have.

If you have a Debian distribution of Linux (such as Ubuntu or Mint): sudo apt -y update

If you have a Red Hat distribution of Linux (such as CentOS, RHEL or Fedora): sudo yum -y update

How Do You Stop Applications from Popping Up at Start Up?

Problem scenario
When you log into Windows, you have an application that starts up automatically. What do you do to disable applications from running automatically?

Solution

  1. In Windows, press CTRL-ALT-Delete
  2. Go to the Startup Tab
  3. Find the application you want to stop, and click on it.
  4. Click the disable button.