Chaining Class Methods in PHP

class Person {

    protected $name;
    protected $dob;
    protected $job;

    public function setName($name) {

        $this->name = $name;
        return $this;

    }

    public function setDob($dob){

        $this->dob = $dob;
        return $this;

    }

    public function setJob($job){

        $this->job = $job;
        return $this;

    }

    public function printDetails() {

        echo $this->dob;
        echo $this->name;
        echo $this->job;

    }

}

$person = new Person;

$person
    ->setName("Drew")
    ->setDob("3/4/2013")
    ->setJob("Developer")
    ->printDetails();

IMAP Settings for Outlook.com

Today I needed to connect to an Outlook.com email account with IMAP, however my email client couldn’t detect the correct configuration.

After some searching, the configuration details below seem to work without any issues, wether you have an Outlook.com address or a custom domain with Outlook.com.

Incoming IMAP

  • Incoming Server: imap-mail.outlook.com
  • Port: 993
  • Encryption: SSL
  • Username: you@outlook.com
  • Password: ********

Outgoing SMTP

  • Outgoing Server: smtp-mail.outlook.com
  • Port: 587
  • Encryption: TLS
  • Username: you@outlook.com
  • Password: ********

Note: It’s important to change the default SMTP port to 587 or 465, otherwise connecting to Outlooks outgoing mail server will fail.

Adding Your Hostname to the ZSH Prompt (with oh-my-zsh)

Adding your server hostname to the ZSH prompt (with oh-my-zsh installed) is super helpful if you work with multiple SSH sessions. Follow the steps below to get started!

Assuming oh-my-zsh is installed, navigate to your themes directory. This is typically in your home systems folder:

cd ~/.oh-my.zsh/themes

Duplicate the default robbyrussell.zsh-theme theme to create your own custom theme:

cp robbyrussell.zsh-theme mytheme.zsh-theme

Modify the new theme mytheme.zsh-theme with your desired prompt. Here’s what mine looks like:

PROMPT='%{$fg_bold[white]%}%M %{$fg_bold[red]%}➜ %{$fg_bold[green]%}%p %{$fg[cyan]%}%c %{$fg_bold[blue]%}$(git_prompt_info)%{$fg_bold[blue]%} % %{$reset_color%}'

This will add the hostname (in bold white) before the leading right-arrow. The important part here is %{$fg_bold[white]%}%M.

Save the file with your new changes, and then change your default ZSH theme in the ~/.zshrc file. You will notice a parameter called “ZSH_THEME” which is where you will update your ZSH theme:

ZSH_THEME="mytheme"

All you need to do now is reload your ZSH shell, this can be done by running the command below:

source ~/.zshrc

Your prompt should now resemble the following:

hostname.local ➜  ~

Fixing permission errors in Homebrew

When trying to install packages or linking packages with Homebrew on Mac OSX, you might encounter the following error:

"/usr/local/bin is not writable. You should change its permissions."

This occurs when your current user does not have permissions to symlink files in the /usr/local/bin directory.

To fix this, simply change the ownership of these files so you can modify them:

chown -R yourname:admin /usr/local/bin

Running brew link <package> or brew install <package> should now work without any issues.

30 Second SSH Public Key Authentication on Linux / CentOS

Create the Private Key / Public Key Combinations on your Local Machine

ssh-keygen -t rsa

This will create two files in the following directory:

~/.ssh

The private key is titled ‘id_rsa’, and, the public key which will reside on your server is called ‘id_rsa.pub’:

id_rsa
id_rsa.pub

Remember, you will always require the private key in order to authenticate yourself against the public key residing on your server.

If you’re having trouble understanding this, remember this analogy:

Think of a keyhole as the public key which resides on your server, anyone can attempt to open the door (server) by putting their key in the keyhole, however, only the correct key (private key) will open the door.

Create the SSH Folder on Your Server

SSH into your server and create a folder called ‘.ssh’ in your home directory:

mkdir ~/.ssh

Transfer the Public Key from Local Machine to Your Server

Next, we will transfer the public key you created locally in step 1 to your server using SCP.

scp ~/.ssh/id_rsa.pub user@host.com:~/.ssh/authorized_keys

Login using Your Public Key

You’re finished! You can now login to your CentOS server using public key authentication via any of the methods below:

Login using a Config File

It’s really easy to login when you use config files.

Simply create a ‘config’ file on your local machine as follows:

touch ~/.ssh/config

Once created, just edit the file using nano and specify your private key, username and hostname:

Host myserver
   HostName myservernameorip.com
   User root
   IdentityFile ~/.ssh/id_rsa

Now, you simply login via SSH by issuing the following:

ssh myserver

Login with Specified Private Key

You can alternatively SSH into your server by specifying the private key we created earlier, simply use the -i flag to achieve this:

ssh -i id_rsa root@106.187.101.72

That’s all there is to it!

Visa, MasterCard Ban VPN Providers

I read an article the other day that was posted on TorrentFreak, regarding Visa and MasterCard “Banning VPN Providers”:

“Following the introduction of restrictions against file-sharing services, Mastercard and Visa have now started to take action against VPN providers. This week, Swedish payment provider Payson cut access to anonymizing services after being ordered to do so by the credit card companies. VPN provider iPredator is one of the affected customers and founder Peter Sunde says that they are considering legal action to get the service unblocked”

In my opinion, thanks to Visa and MasterCard, VPN providers and customers alike will start to look at anonimity and security from a different perspective.

Here’s why:

The primary buyer TA is *usually* the more technically inclined individual. Now that Visa and MasterCard are banishing VPN subscription providers, users will revert to deploying a VPS with their own VPN software, such as OpenVPN and Poptop PPTP. This means users have more granularity and control over their VPN, e.g.

  • Control over log files
  • Choose their preferred VPN location and VPS provider
  • Set their own security standards
  • Choose their own VPN software (OpenVPN, PPTP etc)

Additionally, VPN providers will now be inclined to offer alternative payment methods to their customers (consider Bitcoin) to further preserve anonominity.

Xen Returns to CentOS 6

Today marks a new day as the Xen4CentOS6 project has made its way into the official CentOS repo.

After RHEL dropped support for Xen in EL6 in favour of their KVM equivalent, it’s meant cloud ops teams and developers alike were manually compiling packages or using third-party untrusted repos to launch their virtual infrastructure.

Thankfully, Xen can now be installed (cleanly) via Yum. This means its essentially just another RPM on your system, not a burden.

Shout out to the team at the Xen Hypervisor Project, GoDaddy and Rackpace for making this all possible.

Change Bind DNS Version on CentOS

Ever wanted to get the version of a Bind DNS nameserver? How about change the version to a string of text or remove it altogether? Here’s some quick tips that’ll show you how:

Get Bind DNS Version

First, open up a terminal on your Linux or Mac OSX box and enter the following command, where ns1.bindnameserver.com is the nameserver you wish to probe:

dig chaos txt version.bind @ns1.bindnameserver.com

This should output something similar to:

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "Bind 9"

Change Bind DNS Version on CentOS / Debian / Ubuntu

It’s always a good idea to hide or change the Bind DNS nameserver version. If an attacker knows the version of Bind you are running, it’ll give them clues as to how they can exploit it. This is called security through obscurity.

Assuming you have Bind 9 installed on your CentOS, Debian or Ubuntu box, login via SSH and follow the commands below.

First, head to your Bind options file. This file is usually in /etc/named.conf:

vim /etc/named.conf

In the options {} stanza, adjust or add version "Hello DNS World";, e.g:

options {
  directory "/var/named";
  version "Hello DNS World";
};

To report no version, simply leave the version directive empty:

options {
  directory "/var/named";
  version "";
};

When we run the same check this time, the it will report either no version or “Hello DNS World”, e.g:

;; ANSWER SECTION:
version.bind.           0       CH      TXT     "Hello DNS World"

Any questions? Ask me in the comments below!

Allow Pingdom IPs in CSF on cPanel / WHM

Need to quickly add the Pingdom IP’s to your CSF.allow file?

wget --quiet -O- https://my.pingdom.com/probes/feed | \
grep "pingdom:ip" | \
sed -e 's|</.*||' -e 's|.*>||' >> /etc/csf/csf.allow
sleep 5
csf -r

What it does:

  • Fetches the latest probing server IP’s from Pingdom
  • Greps the output of the ‘pingdom:ip’ fields
  • Prints the contents into the csf.allow file
  • Restarts CSF

Install Teamspeak 3 on CentOS 6

Ever wanted your own Teamspeak 3 Server? I’ve built a script that will install a secure copy of Teamspeak 3 (64 bit) on CentOS 6.4.

Simply run the following set of commands on your CentOS 6.4 server to install a secure Teamspeak 3 voice server:

# Secure Iptables
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Teamspeak
iptables -I INPUT -p udp --dport 9987 -j ACCEPT
iptables -I INPUT -p udp --sport 9987 -j ACCEPT

iptables -I INPUT -p tcp --dport 30033 -j ACCEPT
iptables -I INPUT -p tcp --sport 30033 -j ACCEPT

iptables -I INPUT -p tcp --dport 10011 -j ACCEPT
iptables -I INPUT -p tcp --sport 10011 -j ACCEPT

# HTTP(s)
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --sport 80 -j ACCEPT

iptables -I INPUT -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -p tcp --sport 443 -j ACCEPT

# SSH
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --sport 22 -j ACCEPT

# DNS
iptables -I INPUT -p udp --dport 53 -j ACCEPT
iptables -I INPUT -p udp --sport 53 -j ACCEPT

service iptables save && service iptables restart

# Update system
yum -y update

# Add Teamspeak user
useradd teamspeak

# Download, unzip and cleanup Teamspeak
cd /home/teamspeak
wget http://ftp.4players.de/pub/hosted/ts3/releases/3.0.7.1/teamspeak3-server_linux-amd64-3.0.7.1.tar.gz
tar xvfz teamspeak3-server_linux-amd64-3.0.7.1.tar.gz
mv teamspeak3-server_linux-amd64/* `pwd`
rm -rf teamspeak3-server_linux-amd64 && rm -rf teamspeak3-server_linux-amd64-3.0.7.1.tar.gz

# Add chkconfig support to startup file and link to binary
sed -i 's/# All rights reserved/# All rights reserved\n# chkconfig: 2345 99 00/g' ts3server_startscript.sh
ln -s /home/teamspeak/ts3server_startscript.sh /etc/init.d/teamspeak

# Change permissions of Teamspeak
chown -R teamspeak:teamspeak /home/teamspeak
chown -R teamspeak:teamspeak /etc/init.d/teamspeak

# Remount shared memory - http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/51
mount -t tmpfs tmpfs /dev/shm

# Change to Teamspeak user and run server
su teamspeak
service teamspeak start

echo "Your Teamspeak URL is: `curl ipv4.icanhazip.com`"

Notes:

  • @todo: Install TS3 into a chroot environment
  • This script denies access to all ports, excluding HTTP, DNS, SSH and the necessary Teamspeak ports
  • The mirror (4players.de) is an official Teamspeak 3 mirror
  • Teamspeak will run under the unprivileged ‘teamspeak’ user
  • Teamspeak will automatically run at startup via the official Teamspeak 3 init.d startup script. Chkconfig support is added via sed