Archives for March 2014

WordPress Plugins I Recommend

March 24, 2014 by Jamie Leave a Comment

I’ve been working and developing websites with WordPress since version 1.5 and before that I was using b2. WordPress has come along way from a blogging platform to a very powerful content management system. I’ve used WordPress to build catalog sites, e-commerce sites and even an ebay/etsy like market place. Some people like to have their say about it but you can’t deny the numbers. WordPress currently powers 19% of ALL websites on the Internet. I have a lot of people ask me what WordPress plugins I use so I thought I would write an overview of the ones I use. These are the free plugins I use but some of them have paid add ons you can get to enhance the functionality.

Security

The biggest argument for not using WordPress is security. A lot of general practices should be followed such as keeping your plugins updated, use a WordPress framework or theme that is secure and making sure you use the right plugins to keep the crap out.

Akismet

This plugin has shipped with WordPress for as long as I can remember. It is built by the guys behind WordPress Automattic. It’s primary role is to stop comment spam which can be a huge problem on your site if you configure it badly. Activate this and sign up for an account. If you have a high traffic site, pay for it. Otherwise you never know when a service like this is forced to go to a payment system.

WP Better Security

Soon to be renamed iThemes Security (cause they bought it). I’ve been using this plugin to harden WordPress for a quite a while now. It has a pretty easy recommendations page to tell you what you should be locking down. A lot of it can be pretty complex for the non-technical person but since using it I’ve seen a dramatic decrease in security related incidents. It also provides a backup system which is VITAL for any website. If you aren’t running regular backups you will wish you did.

WangGuard

This is a recent plugin I’ve added to my standard list and can’t recommend it highly enough. If you have a high traffic/visible site chances are you’ll have open registrations. This means you’ve opened the gates to spammer registrations. Spam comments is one thing but having your site fill up with bot/splogger accounts can be a real nightmare to manage. This is where WangGuard comes in handy with stopping these bad registrations. It uses an antivirus approach to block spam registrations and is very effective. On top of this it’ll scan the existing users on your site and mark ones that it thinks are spam accounts based on their very accurate system.

Statistics and SEO

JetPack

Jetpack is another plugin from the guys & girls at Automattic and provides quite a few different sub-plugins and features. I mainly use it for the contact form and the WordPress statistics. This will give you a pretty straightforward look at your site visitors what search terms are bringing people in and daily visits on the site and pages. It’s not very complex and if you want detailed stats you should look at google analytics or another complex stats tool. The contact form is simple and can reduce your overall plugins if you don’t need a fancy form such as whats provided by contact form 7. On top of this it hooks into Akismet to reduce spam on your forms.

WordPress SEO by Yoast

This is one plugin that you must install on your site if you want to get any traffic to come your way. It allows you very fine grained control over the SEO of your site and hooks in nicely to a number of other plugins and services. Its straight forward and being the most popular SEO plugin there are numerous how-to guides around the net.

Performance

W3 Total Cache

Site performance is an important part of making sure you keep your visitors and please the search engines. There are some interesting studies from a bunch of smart internet professionals about bounce rates and site load times. I’ll summarise it with this, if your site loads slowly then it will bother your users and the search engines. This is where W3 Total cache can come in very handy, it will make your site faster by reducing load times. WordPress is PHP based with a MySQL database on the backend which makes for a very dynamic engine which is great for a small site but can be problematic on the higher traffic sites. If you are on underpowered web hosting this can also help you. There are guides around on how to configure it so I won’t go into detail on that here. If you are smart about your front page design you can get some significant speed gains. A recent site I launched I got the front page load times from 10seconds down to 1.2 seconds with a simple design and caching.

E-Commerce

Woocommerce

Woocommerce is the go to e-commerce add-on to WordPress for me these days. It did take a bit of getting used to in terms of theme development but if you’ve got a theme that is already Woocommerce enabled you’ll be fine. It’s got a nice system but be prepared to pay for extra functionality, its a good system for small, medium or large catalogs. The latest version 2.1 has brought in a new admin interface and a REST API that allows for some cool extensions to come about.

Image Galleries

WordPress Gallery

Surprisingly the built in gallery that comes with WordPress is quite good for small galleries that you want to include in a post. It can get limited if you’ve got a site that is very image/gallery heavy. So long as your theme has support for the WordPress galleries you’ll be able to use them in your posts for the majority of what you need.

NextGEN

I have been using this plugin for years and can’t recommend it enough. I believe its also got the honour of one of most popular plugins of all time. If you need a complex gallery setup and like to have your images in a sensible order I can’t recommend this plugin enough. They have simple thumbnail galleries, slideshow galleries and more. You can embed the gallery in a post or have a dedicated album page.

Contact Forms

Contact Form 7

When I need more than a simple contact form from Jetpack I always turn to Contact Form 7 as my go to form editor. It’s got a pretty straightforward interface to build complex forms that allow you to have different forms on different pages. It uses email notifications to keep things simple. There are additional plugins you can get to allow you to store the responses in the database if you like.

Conclusion

There are a bunch of paid plugins I use but they are usually case specific to the client project. I also like to recommend the free ones as I know its hard to spend a lot of money on plugins. Especially with the new trend to subscription based models for plugins where you’re having to pay for the plugin every year.

Oven Roasted Kale Crusted Freshwater Trout

March 5, 2014 by Jamie Leave a Comment

Freshwater Trout People that know me know that I like to eat healthy and a lot of people asked me for my recipes. After posting a prep photo on Facebook of my dinner the other night I had a few people ask me for this recipe.

Oven Roasted Kale Crusted Freshwater Trout served with steamed sweet potato and broccoli.

Prep Time: 10 mins
Cooking time: 25 mins

Ingredients – Serves 2 men or 4 Tiny people

Main dish

4 Freshwater Trout fillets (roughly 120grams per fillet)
Half a bunch of Kale
1 Lemon
2 tablespoons of organic olive oil
2 Tablespoons of ghee
3 tablespoons of chives
1 container of grape tomatoes
Salt & Pepper to season

Preparation

Pre-heat the over to 170C for fan forced , adjust for your oven as you’ll know it best.

Step 1. Remove the kale leaves from the stalks and dice into smallish pieces (roughly 1cm square). This will make sure it gives a good coverage. Put this into a bowl and squeeze half the lemon over, add the olive oil, salt and pepper to taste then stir it through. Put this to the side.

Step 2. Dice the tomatoes and the chives and mix together on the chopping board.

Step 3. Get an oven tray and tear sheets of baking paper big enough to make a pouch to put this in. You want to simulate one fish per pouch so you will be using 2 fillets in each. Fold the sheets in half as this makes it easy to find the centre and keep the paper in order.

Step 4. Grab a handful of the kale mix and place it in the centre of each make sure its enough to place the first fillet on.

Step 5. Place the fillet skin down on the kale and make sure there is about a 1 centimetre border of kale around the fillet.

Step 6. Get the tomato and chives mix and spread it evenly over the fillet. Place one tablespoon of ghee on top of the mix.

Step 7. Place the second fillet on top of the first one skin up. Cover over with more kale mix to close it in. Squeeze some lemon juice over and close up the pouch. Fold the ends in first to make sure none of the juices escape.

Step 8. These go in the oven for 25 minutes.

Sides

Half a large gold sweet potato
Half a head of broccoli

Preparation

Step 1. Peel and dice the sweet potato into cubes, size is up to you but I go for roughly 1-2 centimetre cubes. Put this in one part of your steamer.

Step 2. Cut up the broccoli into pieces you’re happy with again, this is up to you. Put this in another part of your steamer.

Step 3. Ten minutes after the fish went into the oven put the sweet potato on only.

Step 4. With five minutes left put the broccoli on. You don’t want it over steamed.

Plating

Once the fish has been in the oven for the required time pull it out and check that it has cooked through, you’ll be able to tell by easily pushing a skewer through it. Leave it in the pouch but trim the paper just enough to keep the juices in and put it on the plate. Portion out the sweet potato and broccoli and it is ready to eat.

Active Directory Authentication with CentOS

March 1, 2014 by Jamie 21 Comments

Active directory authentication for CentOS is quite easy to configure. Active directory is a central authentication system and organisations all over the world have relied on it for years. This is super easy to set up for your Windows and Mac desktops but is sometimes a little harder with a Linux workstation. This is all done on a CentOS 6.5 minimal install with nothing but a LAMP stack installed.

There are is one step you need to take to get your machine ready for configuration. Install the following packages, if they aren’t already.


# yum -y install authconfig krb5-workstation pam_krb5 samba-common oddjob-mkhomedir

This will install everything you need to get up and running. There is two ways you can configure the authentication. From the command line (authconfig) or via a console GUI (authconfig-tui). It all works just depends on which version you are comfortable with.

Authconfig

# authconfig --disablecache --enablewinbind --enablewinbindauth --smbsecurity=ads --smbworkgroup=DOMAIN --smbrealm=DOMAIN.COM.AU --enablewinbindusedefaultdomain --winbindtemplatehomedir=/home/DOMAIN/%U --winbindtemplateshell=/bin/bash --enablekrb5 --krb5realm=DOMAIN.COM.AU --enablekrb5kdcdns --enablekrb5realmdns --enablelocauthorize --enablemkhomedir --enablepamaccess --updateall

This will setup the necessary config files for both Kerberos and Samba. There is more config files to update from here.

Please Note: When I ran this I got an error with Oddjobd not being able to start. You can read the details in this post. Just make sure that the messagebus service is running.

Kerberos (/etc/krb5.conf)

Check that the file was generated and then add the relevant realms and domain_realm for your domain to the file. If you have multiple domain controllers you can add extra kdc lines like below.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = DOMAIN.COM.AU
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 EXAMPLE.COM = {
 kdc = kerberos.example.com
 admin_server = kerberos.example.com
 }

DOMAIN.COM.AU = {
admin_server = domain.com.au
kdc = dc1.domain.com.au
kdc = dc2.domain.com.au
}

[domain_realm]
 .example.com = EXAMPLE.COM
 example.com = EXAMPLE.COM
 domain.com.au = DOMAIN.COM.AU
 .domain.com.au = DOMAIN.COM.AU

Save the file and test that it works using the kinit command.


# kinit someaduser

A password prompt will be displayed, type in the active directory password for that user and it should return to the prompt with no messages. You can then check that you have your kerberos ticket by running the klist command. It should output something like the following.


Ticket cache: FILE:/tmp/krb5cc_0
Default principal: someaduser@DOMAIN.COM.AU

Valid starting Expires Service principal
02/27/14 12:23:21 02/27/14 22:23:21 krbtgt/DOMAIN.COM.AU@DOMAIN.COM.AU
 renew until 03/06/14 12:23:19

Join the Domain

You’re now ready to join the machine to the domain. You can use the trusty net command to join the machine to the domain.


# net ads join domain.com.au -U someadadmin

You can test that this worked running the following command


# net ads testjoin
Join is OK

Console GUI

The other option to configure AD authentication is to use the console GUI version of authconfig. This will pop up a familiar looking interface (think console RedHat installer) that is pretty straight forward when it comes to configuration. Start the GUI tool


# authconfig-tui

You will get a screen like the following, make sure that only the items checked are the same as below.

authconfig-tui-1

User Information

Use Winbind

Authentication

Use Shadow Passwords
Use Kerberos
Local authorization is enough

Make the above selections then next and you’ll be on the kerberos settings screen

authconfig-tui-2

Settings for this screen are as follows:

Realm: DOMAIN.COM.AU
KDC: dc1.domain.com.au,dc2.domain.com.au
Admin Server: domain.com.au

On the next screen you will find the Winbind Settings

Settings for this screen are as follows:

Security Model: ads
Domain: DOMAIN
Domain Controllers: dc1.domain.com.au,dc2.domain.com.au
ADS Realm: DOMAIN.COM.AU
Template Shell: /bin/bash (you can change to sh if you’d like)

Select Join Domain

You’ll be prompted to save the details

authconfig-tui-4

This will overwrite any other settings you would have had configured for this machine. You will then be prompted to provide domain admin credentials.

authconfig-tui-5

This will run the following command behind the scenes and then join you to the domain.


/usr/bin/net join -w DOMAIN -S dc1.domain.com.au -U Administrator

Note: If for any reason this doesn’t work in authconfig-tui. Select OK and return to the prompt and manually run the command above.

Home Directories

You don’t really need to do this step but I find it’s a nice clean way to make sure you separate domain users from your local users. Back in the authconfig step for the console configuration you used the following switch

--winbindtemplatehomedir=/home/DOMAIN/%U --enablemkhomedir

These switches enabled automatic creation of home directories. For this to work with the GUI version you will need to run authconfig with those 2 switches.


authconfig --winbindtemplatehomedir=/home/DOMAIN/%U --enablemkhomedir --update

This is telling oddjobd to put any new home directories at the path /home/yourdomain/username. You will need to create the /home/yourdomain path and make sure you’ve got your permissions correct. I’ll be using ACLs as you’re able to configure much finer grain permissions. ACLs ship with pretty much all modern linux distributions these days.


# mkdir /home/DOMAIN
# setfacl -m group:"Domain Users":rwx /home/DOMAIN

Please Note: There is a bug in oddjobd-mkhomedir that is creating the home directory with the 755 permissions which allows group and world to read every home directory. You can read the bug on Red Hats Bugzilla.

Restrict AD Logins (Optional)

In my environment I only want to allow the linux admins to use their AD logins to SSH to the servers I have configured. You can restrict which AD groups can login to the machine by adding the AllowGroups directive to the sshd_config and restarting sshd.


# echo 'AllowGroups linuxadmins' >> /etc/ssh/sshd_config
# service sshd restart

This will echo the required groups into the sshd config and then restart the service. This will now restrict ssh logins to those specific groups. If you’d like to configure AD access to more services you will have to check elsewhere. If I find the need to do this myself I’ll update this documentation to include it.

Cisco SRP527W Setup & Users

March 1, 2014 by Jamie Leave a Comment

The other night I was helping a friend out and they needed a better adsl router/wireless router and I happened to have one of these Cisco SRP527W units at home. It’s a good little set and forget device (when they behave) so I thought I’d install that.

A few things that I had forgotten about since I last set one of these up so I thought I might as well note it here incase I need it again.

Factory Reset

Press and hold the reset button the side of the unit for 10 seconds while it’s on. You’ll hear it click after the time is up and the lights will go through the reset sequence. This takes about 2 minutes, patience is a v!.

Users

username: cisco password: cisco
username: admin password: admin

There is two different users on this unit. The first that shows up in the username box after the factory reset is Cisco and when you use the password and login, all features appear to be available. However in reality if you want to gain access to ALL features on the unit use the admin username. The quick start wizard makes it really easy to get the unit online. If you need advanced settings they are there and easy to understand. If you’re really stuck you could always read the manual available over at Cisco’s website.