:abbr text newtext

So, an example of this would be:

:abbr fl ForLinux

When in insert mode in Vim, type ‘fl’ followed by a space, and watch it expand. The abbreviation must be followed by a space so Vim knows that the word has finished and isn’t part of a bigger word.

To see the current abbreviations, use the command:

:ab

To remove an abbreviation, use the :anu command, followed by the abbreviation:

:una fl

To remove all abbreviations, use:

:abc

Abbreviations are especially useful when combined with some of Vims other control codes. A line break can be added to the abbreviation with the <CR> code:

:abbr php <?php<CR>?>

When ‘php’ is typed into the document, it outputs:
<?php
?>

Unfortunately, the cursor is now at the end of the php tags. To counter that, the <Up> control can be added to the end of the output which will move the cursor after the abbreviation:

:abbr php <?php<CR><CR>?><Up>

This will now output:

<?php

?>

With the cursor placed on the line between the two tags.

The following abbreviation offers a html 5 skeleton outline, leaving Vim in insert mode within the title tag in the header waiting for your input:

:abbr html <!DOCTYPE html><CR><html><CR><head><CR><title></title><CR></head><CR>
<body><CR><CR></body><CR></html><esc>5<Up>2<Right>i

http://httpd.apache.org/docs/2.0/mod/core.html

One interesting one I have started using is LocationMatch. This basically allows you to create an if statement in the virtualhost.

The first time I needed to do this was to ignore a mod security rule for a single file that was 3rd party code and was being blocked by mod security.

I didn’t want to disable the rule entirely so I used this basic rule

If file ==file
ignore rule
endif

or in apache

<LocationMatch “[filename]”>
SecRuleRemoveById [rule id]
</LocationMatch>

restart apache and now that rule will be ignored for that one file.

On top of this you can use regex for the match so you can build one rule that will catch multiple file names.

And after matching the file you can pretty much apply anything that apache can do without affecting the rest of the virtualhost.

One advantage to this is that you can do things which would normally be put into htaccess files. This keeps your special configuration all within the apache conf to make trouble shooting easier at a later date (how often have you found yourself trawling through directories looking for htaccess files), meaning that new people to a project only need to check the virtual host instead of hunting for other changes in the directory structure.

Anyway, I am sure other folks will have better ideas than me on how to use this as I am still coming up with useful tweeks on this one!

A new tool has been developed that will gather geolocation related information from your Tweet and image hosting services, pin pointing where you were and presenting the information via Google maps.

The tool called Creepy, gathers Twitter’s tweet location via the coordinates from a mobile device, the place name derived from the users IP address which gets translated into coordinates using geonames.com, geolocation information accessible from the image hosting service API and EXIF tags from the photos posted.

Creepy is a PoC (Proof of Concept) tool developed by Ilektrojohn(1). He wrote it to show how easy it is to gather this type of information which the user consents to when ticking the “I Agree” box for these web services.

How could this information be used? For malicious purposes it’s easy to imagine a stalker, jealous spouse or bully tracking down a victims location or regular route (as long as they are tweeting on the way). Other uses could be tracking a potential client or girlfriend so that you can “bump into them”. From a privacy perspective, advertisers will be queuing up for this information. They could potentially gather -

• Where you live
• Who else lives there
• Your commuting patterns
• Where you go for lunch each day
• Who you go to lunch with
• Why you and your attractive co-worker really like to visit a certain nice restaurant on a regular basis

The potential uses are as limited as your imagination. So before you opt-in consider how your private information is being used.

References
1. http://ilektrojohn.github.com/creepy/

We are excited to announce the release of EasyApache 3.12. The latest version provides numerous updates.

• CloudLinux’s mod_hostinglimits has been updated to 0.9-5. This will impact all of those who use CloudLinux.
• The issues caused by the glib2 update when building mod_mono on CentOS4 have been resolved.
• Switching between mod_ruid2+DSO to suPHP will no longer cause permission errors that can cause PHP sites to no longer function.
• PHP will now use the system time zone database rather than the one built into PHP, which will ensure PHP applications receive timely updates to time zone changes

To rebuild the EasyApache profile:

1. Log in to WHM as the root user.
2. Click on the EasyApache (Apache Update) link in the left menu.
3. If you wish to keep the same configuration, simply click Build Profile.

Those unfamiliar with Easapahce may ask the question what is easy apache?
In very simple terms, EasyApache is a command line activated script that allows you to update and reconfigure your Apache web server through WHM or SSH. It is also used to update and configure your PHP installation. Before running EasyApache be sure to update your cPanel and WHM configuration.

Some common tools that can show the compromised processes running are “top” and “ps”.
top can show you which processes are using the most CPU time and memory.
ps will show the names of processes currently running. If you look carefully through the output from “ps fax” you can see parent and child processes. Often the hackers will start a service and name it with a similar name to an existing service – for example Apache or Apache2.

You have two options now – kill the processes or do a quick investigation to capture information about the process before killing it. Here are some steps to capture the compromised commands before we kill them – that way we can then perform some analysis on them.

Create a directory called ”’/root/$DATE1”’ and save all output into there
 $ export DATE1=`date +%d-%b-%Y`
 $ mkdir /root/$DATE1/

Try capture all the info below ”’BEFORE”’ killing the process – once its dead all the vital information will be lost.

Run the commands below and save their output into a file in the /root/$DATE1 directory:
e.g. $ ps fax > /root/$DATE1/psfax

Commands to Run
Show processes, PID, usernames:
$ ps faxuww
  $ ps faxuww > /root/$DATE1/psfaxuww

USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      3062  0.0  0.3  20960  6552 ?        Ss   08:28   0:00 /usr/sbin/httpd
apache    3150  0.0  0.1  21092  3456 ?        S    08:28   0:00  \_ /usr/sbin/httpd

Show current time, Process, PID and how long its been running for:
$ date ;  ps -eo pid,cmd,etime
  $ date > /root/$DATE1/ps-eo ;  ps -eo pid,cmd,etime >> /root/$DATE1/ps-eo

Show whats currently listening for traffic:
$ netstat -npl
  $ netstat -npl >  /root/$DATE1/netstat-npl

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 :::80                       :::*                        LISTEN      3062/httpd

Show who is currently connected to the server and also outgoing connections:
$ netstat -np
  $ netstat -np >  /root/$DATE1/netstat-np

Now use the above to find the compromised process. Get the PID from that process. PID is the PROCESS ID – it can be found in the first column of the “ps fax”
$ export PID=”insert process PID here”

View all files opened by a process, this will help find the directory the process is running from:
$ lsof -p $PID
 $ lsof -p $PID > /root/$DATE1/lsof-$PID

Show all information related to a process:
$ ls -la /proc/$PID/
  $ ls -la /proc/$PID/ >  /root/$DATE1/proc-$PID

Show the time the process was started. This is a good indication of when the compromise happened:
$ ls -lad /proc/$PID/
  $ ls -lad /proc/$PID/ >  /root/$DATE1/proc-$PID

Using the above steps- now try find the location of the compromised files.
if you can find the files use ”’ls”’ and ”’file”’ on them
-> so we can see who file owner is and what type of file it is.

Kill The Processes
Make sure you ”’kill -9”’ all the compromised processes.

Log Files
Use the dates and times found above to see if the Apache logs etc show any activity, usually they will be POST requests.

The key idea behind this proposed change is, finding something on a menu requires you to know which menu to check, which can result in wasted time while you look for the right menu. The HUD removes this need, as you can just press the ALT key to load the search bar, and then type in whatever you are looking for, without any need to know where it’s located.

As with many recent desktop changes in Linux, this seems to be a further move towards a more Mac-like environment, as it’s essentially very similar to the ‘Spotlight’ function in OS X. The current version of Ubuntu retains menus for the moment, but the eventual aim is to remove menus entirely. Whether this move to a menu-less desktop is generally accepted, or greatly reviled like the switch to the Unity desktop, remains to be seen. Certainly, some early adopters seem to have become enthusiastic converts and evangelise about the ease with which you can now search for anything. But, only time will tell if Mr Shuttleworth and the developers at Canonical have really taken the first step towards killing off the menu on the desktop.

The cPhulkd database within mysql is aptly named : “cphulkd”. You can view any IP addresses which have been blocked by using the MySQL query:

SELECT * FROM brutes;

If your IP address is then blocked you can remove the block by using the MySQL query:

DELETE FROM brutes WHERE IP = ‘YOUR-IP-ADDRESS-HERE’;

This will then allow you to login to cPanel again and you won’t have to remove all of the IP addresses meaning other people who have attempted to brute won’t also be allowed back in.

A pipeline is created by putting “|” char in between commands.

Example:

find ~/ -iname ‘*.jpg’ -type f -atime +30

This command will find all files (only) in the user home directory with extension .jpg that were last accessed more than a month a go.
Now, lets say that you want to delete these files. If doing it by hand it would take ages – imagine if there were around 500 files to be deleted in various directories! With great help comes the pipeline – lets just add the rm command and redirect output from find command to it.

find ~/ -iname ‘*.jpg’ -type f -atime +30 | xargs rm

So now, as you see, we’ve added “|” char, and right after that we’ve added new commands. Now all output is redirected to rm which will remove each file. Command xargs is there to run rm and pass to it the output from find. This could also be achieved in other ways.

The example below shows another approach to piping using output from find. This one is actually compressing all folders in home – no doubt useful when there is a 100 of them. It’s not using typical piping construction and all is controlled by find command that takes tar command as an -exec argument and runs it for every folder found replacing {} with name of the folder.

find ~/* -maxdepth 1 -type d -exec tar -jvcf ‘{}-ARCH.tgz’ ‘{}’ \;

The possibilities are endless and limited only by yourself. This could be archiving those files or just sending report to a user by email.

Here are more examples below:

grep -l KEYWORD * | xargs rm

This will remove all files in the current directory that contain the KEYWORD in it – helpful when you want get rid of all undelivered or removed emails.

ps aux | grep guest | grep -v grep | awk ‘{print $2}’

This set will display PIDs of all running processes of guest user – now we could just add | xargs kill to finish them.

And finally, to demonstrate some more power and complexity I’d like to share here an example that I’ve found on the internet (wikipedia.org):

curl “http://en.wikipedia.org/wiki/Pipeline_(Unix)” | \
sed ‘s/[^a-zA-Z ]/ /g’ | \
tr ‘A-Z ‘ ‘a-z\n’ | \
grep ‘[a-z]‘ | \
sort -u | \
comm -23 – /usr/share/dict/words

Here is what it does:
curl    reads the HTML from a web page,
sed    replaces all chars that aren’t spac93.174.137.179es or content of the website with spaces,
tr    brings all to lower case and converts spaces to new lines,
grep    selects only those lines that have at least 1 lower case char and removes empty lines,
sort    sort all the words in an alphabetical order and removes all duplicates (-u),
comm    finds common lines for two files, removes all lines present in second file (-23), the common ones, leaving only unique ones from first file, char “–“ tells it to             read from pipeline.

Backslash (“\”) on the end of each line allows you to write in many lines as if it was one line. This way you could check the spelling on whole web page just from the command line.

The number of available commands and the fact that everyone has specific syntax makes it a bit difficult in the beginning, but it will pay back later.

How Does It Work?
Put simply, it will include sets of cryptographic keys that allows the UEFI firmware to recognise if hardware drivers, operating systems and whatever else it needs have valid signatures and if they’re allowed to be run. These keys are called: Platform Key (PK), which is installed by the PC makers in the system firmware during manufacturing and “Key-Exchange Keye” (KEKs) which are controlled by OEMs and OS vendors (Microsoft being the major pushers for UEFI), these are used to validate the OS and drivers.

Is This So Bad?
The main advantage of Secure Boot is that systems become much more secure as malware that runs at boot, which even the best anti-virus program would struggle to eradicate, will no longer be able to start. However it will make it a lot more difficult to install another (Linux based) operating system on top of the pre-installed Windows 8 installation. Further to this, people who want to infect a user’s PC will find a way around this system just like they always do. Also one update a user runs that doesn’t have the correct key could render their OS unbootable as the Secure Boot will not recognise it as authorised

Other’s Views
The Linux Foundation (LF) and RedHat/Canonical (RH/C) have produced documents outlining their view on Secure Boot. RH/C want there to be an ability to disable Secure Boot restrictions in order to keep Linux running on such a vast range of hardware. LF and RH/C would like the ability to add new KEKs to the firmware to allow for other OS to be booted than Windows 8 but it would also satisfy the requirements for the coveted and lucrative Windows logo.

You can read both PDF documents at the following locations:
www.linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf

Conclusion
UEFI is a very good security feature that will enhance the safety of a user. However, unless the conditions RH/C and LF are added/utilised it is feasible that PCs could become closed systems with the only way to get an OS you want is to buy all the components and build one yourself. Which may not be a terrible thing anyway.

$feed = ‘http://status.forlinux.co.uk/feeds/posts/default’;

// import a feed from a uri
$zendFeed = Zend_Feed_Reader::import($feed);

// Store data in array
$data = array(
‘title’        => $zendFeed->getTitle(),
‘link’         => $zendFeed->getLink(),
‘dateModified’ => $zendFeed->getDateModified(),
‘description’  => $zendFeed->getDescription(),
‘language’     => $zendFeed->getLanguage(),
‘entries’      => array(),
);

foreach ($zendFeed as $entry) {
$edata = array(
‘title’        => $entry->getTitle(),
‘description’  => $entry->getDescription(),
‘dateModified’ => $entry->getDateModified(),
‘authors’      => $entry->getAuthors(),
‘link’         => $entry->getLink(),
‘content’      => $entry->getContent()
);
$data['entries'][] = $edata;
}

// Output feed data to screen.
var_dump($data);