Posts Tagged ‘Below’

Short SSL generate new and self-signed certificates PEM, view and convert to and from PKCS12 to java key store cookbook commands cheat sheet

Tuesday, January 12th, 2021


Below is a short compilation of common used openssl commands (a kind of cookbook) helpful for sysadmins who has to commonly deal with OpenSSL certificates.

Lets say you have to generate new certificate / key and a PEM files, prepare self-signed certificates, show CSR / PEM or KEY ssl file contents, get information about certificate such as expiry date a type of encryption algorithm or sign certificate with self-signed authority convert PEM to PKCS12, convert from PKCS12 file format to .PEM, convert java X509 to java key store SSL encryptionor convert java key store format certificate to PKCS12, then below will be of use to you.

1. Generate Private RSA Key with 2048 bits

# openssl genrsa -out $ (hostname -f) .key 2048

2. Create CSR file

# openssl req -new -key $ (hostname -f) .key -out $ (hostname -f) .csr

3. Create a Self Certified Certificate:

# openssl x509 -req -days 30 -in $ (hostname -f) .csr -signkey $ (hostname -f) .key -out $ (hostname -f) .crt
Enter password:

# openssl rsa -in key.pem -out newkey.pem

4. Show CSR file content

# openssl req -in newcsr.csr -noout -text

5. Get Certificate version / serial number / signature algorithm / RSA key lenght / modulus / exponent etc.

# openssl x509 -in newcert.pem -noout -text

6. Server certificate as CA self signeded

# openssl ca -in newcert.csr -notext -out newcert.pem

7. Generate a certificate signing request based on an existing certificate

# openssl x509 -x509toreq -in certificate.crt -out CSR.csr -signkey privateKey.key

8. Convert .pem / .key / .crt file format to pkcs12 format

# openssl pkcs12 -export -in newcert.pem -inkey newkey.key -certfile ca.crt -out newcert.p12

9. Convert pkcs12 pfx to common .pem

# openssl pkcs12 -in mycert.pfx -out mycert.pem

10. The Formats available

# openssl x509 -inform the -in certificate.cer -out certificate.crt

11. Convert a pkcs # 7 certificate into PEM format

# openssl pkcs7 -in cert.p7c -inform DER -outform PEM -out certificate.p7b
# openssl pkcs7 -print_certs -in certificate.p7b -out certificate.pem

12. Convert X509 to java keystore file

# java -cp not-yet-commons-ssl-0.3.11.jar org.apache.commons.ssl.KeyStoreBuilder pass_for_new_keystore key.key certificate.crt

13. Convert java keystore file to pkcs12

# keytool -importkeystore -srckeystore keystore.jks -destkeystore intermediate.p12 -deststoretype PKCS12

How to install and use memcached on Debian GNU / Linux to share php sessions between DNS round robined Apache webservers

Monday, November 9th, 2020


Recently I had to come up with a solution to make A bunch of websites hosted on a machine to be high available. For the task haproxy is one of logical options to use. However as I didn't wanted to set new IP addresses and play around to build a cluster. I decided the much more simplistic approach to use 2 separate Machines each running Up-to-date same version of Apache Webserver as front end and using a shared data running on Master-to-Master MySQL replication database as a backend. For the load balancing itself I've used a simple 2 multiple DNS 'A' Active records, configured via the Bind DNS name server an Round Robin DNS load balancing for each of the domains, to make them point to the the 2 Internet IP addresses (XXX.XXX.XXX.4 and YYY.YYY.YYY.5) each configured on the 2 Linux servers eth0.

So far so good, this setup worked but immediately, I've run another issue as I found out the WordPress and Joomla based websites's PHP sessions are lost, as the connectivity by the remote client browser reaches one time on XXX…4 and one time on YYY…4 configured listerner on TCP port 80 and TCP p. 443. In other words if request comes up to Front end Apache worker webserver 1 with opened channel data is sent back to Client Browser and the next request is sent due to the other IP resolved by the DNS server to come to Apache worker webserver 2 of course webserver 2 has no idea about this previous session data and it gets confused and returns soemething like a 404 or 500 or any other error … not exciting really huh …

I've thought about work around and as I didn't wanted to involve thirty party stuff as Privoxy / Squid  / Varnish / Polipo etc. just as that would add extra complexity as if I choose to use haproxy from the beginning, after short investigation came to a reason to use memcached as a central PHP sessions storage.


Why I choose memcached ?

Well it is relatively easy to configure, it doesn't come with mambo-jambo unreadable over-complicated configuration and the time to configure everything is really little as well as the configuration is much straight forward, plus I don't need to occupy more IP addresses and I don't need to do any changes to the already running 2 WebServers on 2 separate Linux hosts configured to be reachable from the Internet.
Of course using memcached is not a rock solid and not the best solution out there, as there is risk that if a memcached dies out for some reason all sessions stored in are lost as they're stored only in volatile memory, as well as there is a drawback that if a communication was done via one of the 2 webservers and one of them goes down sessions that were known by one of Apache's workers disappears.

So let me proceed and explain you the steps to take to configure memcached as a central session storage system.

1. Install memcached and php-memcached packages

To enable support for memcached besides installing memcached daemon, you need to have the php-memcached which will provide the used by Apache loaded php script interpretter module.

On a Debian / Ubuntu and other deb based GNU / Linux it should be:

webserver1:~# apt-get install memcached php-memcached

TO use php-memcached I assume Apache and its support for PHP is already installed with lets say:

webserver1:~# apt-get install php libapache2-mod-php php-mcrypt

On CentOS / RHEL / Fedora Linux it is a little bit more complicated as you'll need to install php-pear and compile the module with pecl


[root@centos ~]# yum install php-pear

[root@centos ~]# yum install php-pecl-memcache

Compile memcache

[root@centos ~]# pecl install memcache


2. Test if memcached is properly loaded in PHP

Once installed lets check if memcached service is running and memcached support is loaded as module into PHP core.


webserver1:~# ps -efa  | egrep memcached
nobody   14443     1  0 Oct23 ?        00:04:34 /usr/bin/memcached -v -m 64 -p 11211 -u nobody -l -l

root@webserver1:/# php -m | egrep memcache

To get a bit more verbose information on memcache version and few of memcached variable settings:

root@webserver1:/# php -i |grep -i memcache
memcached support => enabled
libmemcached version => 1.0.18
memcached.compression_factor => 1.3 => 1.3
memcached.compression_threshold => 2000 => 2000
memcached.compression_type => fastlz => fastlz
memcached.default_binary_protocol => Off => Off
memcached.default_connect_timeout => 0 => 0
memcached.default_consistent_hash => Off => Off
memcached.serializer => php => php
memcached.sess_binary_protocol => On => On
memcached.sess_connect_timeout => 0 => 0
memcached.sess_consistent_hash => On => On
memcached.sess_consistent_hash_type => ketama => ketama
memcached.sess_lock_expire => 0 => 0
memcached.sess_lock_max_wait => not set => not set
memcached.sess_lock_retries => 5 => 5
memcached.sess_lock_wait => not set => not set
memcached.sess_lock_wait_max => 150 => 150
memcached.sess_lock_wait_min => 150 => 150
memcached.sess_locking => On => On
memcached.sess_number_of_replicas => 0 => 0
memcached.sess_persistent => Off => Off
memcached.sess_prefix => memc.sess.key. => memc.sess.key.
memcached.sess_randomize_replica_read => Off => Off
memcached.sess_remove_failed_servers => Off => Off
memcached.sess_sasl_password => no value => no value
memcached.sess_sasl_username => no value => no value
memcached.sess_server_failure_limit => 0 => 0
memcached.store_retry_count => 2 => 2
Registered save handlers => files user memcached

Make sure /etc/default/memcached (on Debian is enabled) on CentOS / RHELs this should be /etc/sysconfig/memcached

webserver1:~# cat default/memcached 
# Set this to no to disable memcached.

As assured on server1 memcached + php is ready to be used, next login to Linux server 2 and repeat the same steps install memcached and the module and check it is showing as loaded.

Next place under some of your webservers hosted websites under check_memcached.php below PHP code

if (class_exists('Memcache')) {
    $server = 'localhost';
    if (!empty($_REQUEST[‘server’])) {
        $server = $_REQUEST[‘server’];
    $memcache = new Memcache;
    $isMemcacheAvailable = @$memcache->connect($server);

    if ($isMemcacheAvailable) {
        $aData = $memcache->get('data');
        echo '<pre>';
        if ($aData) {
            echo '<h2>Data from Cache:</h2>';
        } else {
            $aData = array(
                'me' => 'you',
                'us' => 'them',
            echo '<h2>Fresh Data:</h2>';
            $memcache->set('data', $aData, 0, 300);
        $aData = $memcache->get('data');
        if ($aData) {
            echo '<h3>Memcache seem to be working fine!</h3>';
        } else {
            echo '<h3>Memcache DOES NOT seem to be working!</h3>';
        echo '</pre>';

if (!$isMemcacheAvailable) {
    echo 'Memcache not available';


Launch in a browser, the browser output should be as on below screenshot:


3. Configure memcached daemons on both nodes

All we need to set up is the listen IPv4 addresses

On Host Webserver1
You should have in /etc/memcached.conf


webserver1:~# grep -Ei '\-l' /etc/memcached.conf 

On Host Webserver2



webserver2:~# grep -Ei '\-l' /etc/memcached.conf


4. Configure memcached in php.ini

Edit config /etc/php.ini (on CentOS / RHEL) or on Debians / Ubuntus etc. modify /etc/php/*/apache2/php.ini (where depending on the PHP version you're using your php location could be different lets say /etc/php/5.6/apache2/php.ini):

If you wonder where is the php.ini config in your case you can usually get it from the php cli:

webserver1:~# php -i | grep "php.ini"
Configuration File (php.ini) Path => /etc/php/7.4/cli
Loaded Configuration File => /etc/php/7.4/cli/php.ini


! Note: That on on PHP-FPM installations (where FastCGI Process Manager) is handling PHP requests,path would be rather something like:


in php.ini you need to change as minimum below 2 variables

session.save_handler =
session.save_path =

By default session.save_path would be set to lets say session.save_path = "


To make php use a 2 central configured memcached servers on webserver1 and webserver2 or even more memcached configured machines set it to look as so:


Also modify set

session.save_handler = memcache

Overall changed php.ini configuration on Linux machine 1 ( webserver1 ) and Linux machine 2 ( webserver2 ) should be:

session.save_handler = memcache


Below is approximately how it should look on both :

webserver1: ~# grep -Ei 'session.save_handler|session.save_path' /etc/php.ini
;; session.save_handler = files
session.save_handler = memcache
;     session.save_path = "N;/path"
;     session.save_path = "N;MODE;/path"
;session.save_path = "/var/lib/php7/sessions"
;       (see session.save_path above), then garbage collection does *not*


webserver2: ~# grep -Ei 'session.save_handler|session.save_path' /etc/php.ini
;; session.save_handler = files
session.save_handler = memcache
;     session.save_path = "N;/path"
;     session.save_path = "N;MODE;/path"
;session.save_path = "/var/lib/php7/sessions"
;       (see session.save_path above), then garbage collection does *not*

As you can see I have configured memcached on webserver1 to listen on internal local LAN IP and on Local LAN eth iface on TCP port 11211 (this is the default memcached connections listen port), for security or obscurity reasons you might choose another empty one. Make sure to also set the proper firewalling to that port, the best is to enable connections only between and on each of machine 1 and machine 2.


5. Enable Memcached for session redundancy

Next step is to configure memcached to allow failover (e.g. use both memcached on 2 linux hosts) and configure session redundancy.
Configure /etc/php/7.3/mods-available/memcache.ini or /etc/php5/mods-available/memcache.ini or respectively to the right location depending on the PHP installed and used webservers version.

webserver1 :~#  vim /etc/php/7.3/mods-available/memcache.ini

; configuration for php memcached module
; priority=20
; settings to write sessions to both servers and have fail over


webserver2 :~# vim /etc/php/7.3/mods-available/memcache.ini

; configuration for php memcached module
; priority=20
; settings to write sessions to both servers and have fail over


memcache.session_redundancy directive must be equal to the number of memcached servers + 1 for the session information to be replicated to all the servers. This is due to a bug in PHP.
I have only 2 memcached configured that's why I set it to 3.

6. Restart Apache Webservers

Restart on both machines webserver1 and webserver2 Apache to make php load

webserver1:~# systemctl restart httpd

webserver2:~# systemctl restart httpd


7. Restart memcached on machine 1 and 2


webserver1 :~# systemctl restart memcached

webserver2 :~# systemctl restart memcached


8. Test php sessions are working as expected with a php script

Copy to both website locations to accessible URL a file test_sessions.php:


echo "Sessions is ".$_SESSION[‘georgi’]."!\n";
echo "Session ID: ".session_id()."\n";
echo "Session Name: ".session_name()."\n";
echo "Setting 'georgi' to 'cool'\n";


Now run the test to see PHP sessions are kept persistently:

hipo@jeremiah:~/Desktop $ curl -vL -s 2>&1 | grep 'Set-Cookie:'
< Set-Cookie: PHPSESSID=micir464cplbdfpo36n3qi9hd3; expires=Tue, 10-Nov-2020 12:14:32 GMT; Max-Age=86400; path=/

hipo@jeremiah:~/Desktop $ curl -L –cookie "PHPSESSID=micir464cplbdfpo36n3qi9hd3"
Session is cool!
Session is cool!


Copy to the locations that is resolving to both DNS servers some sample php script such as sessions_test.php  with below content:

    header('Content-Type: text/plain');
        echo "This is the first time you're visiting this server\n";
        $_SESSION[‘visit’] = 0;
            echo "Your number of visits: ".$_SESSION[‘visit’] . "\n";


    echo "Server IP: ".$_SERVER[‘SERVER_ADDR’] . "\n";
    echo "Client IP: ".$_SERVER[‘REMOTE_ADDR’] . "\n";

Test in a Web Opera / Firefox / Chrome browser.

You should get an output in the browser similar to:

Your number of visits: 15
Server IP:
Client IP:
    [_ga] => GA1.2.651288003.1538922937
    [__utma] => 238407297.651288003.1538922937.1601730730.1601759984.45
    [__utmz] => 238407297.1571087583.28.4.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not provided)
    [shellInABox] => 467306938:1110101010
    [fpestid] => EzkIzv_9OWmR9PxhUM8HEKoV3fbOri1iAiHesU7T4Pso4Mbi7Gtt9L1vlChtkli5GVDKtg
    [__gads] => ID=8a1e445d88889784-22302f2c01b9005b:T=1603219663:RT=1603219663:S=ALNI_MZ6L4IIaIBcwaeCk_KNwmL3df3Z2g
    [PHPSESSID] => mgpk1ivhvfc2d0daq08e0p0ec5

If you want to test php sessions are working with text browser or from another external script for automation use something as below PHP code:

// save as "session_test.php" inside your webspace  
ini_set('display_errors', 'On');


$sessionSavePath = ini_get('session.save_path');

echo '<br><div style="background:#def;padding:6px">'
   , 'If a session could be started successfully <b>you should'
   , ' not see any Warning(s)</b>, otherwise check the path/folder'
   , ' mentioned in the warning(s) for proper access rights.<hr>';
echo "WebServer IP:" . $_SERVER[‘SERVER_ADDR’] . "\n<br />";
if (empty($sessionSavePath)) {
    echo 'A "<b>session.save_path</b>" is currently',
         ' <b>not</b> set.<br>Normally "<b>';
    if (isset($_ENV[‘TMP’])) {
        echo  $_ENV[‘TMP’], ‘” ($_ENV[“TMP”]) ';
    } else {
        echo '/tmp</b>" or "<b>C:\tmp</b>" (or whatever',
             ' the OS default "TMP" folder is set to)';
    echo ' is used in this case.';
} else {
    echo 'The current "session.save_path" is "<b>',
         $sessionSavePath, '</b>".';

echo '<br>Session file name: "<b>sess_', session_id()
   , '</b>".</div><br>';

You can download the test_php_sessions.php script here.

To test with lynx:

hipo@jeremiah:~/Desktop $ lynx -source ''
<br><div style="background:#def;padding:6px">If a session could be started successfully <b>you should not see any Warning(s)</b>, otherwise check the path/folder mentioned in the warning(s) for proper access rights.<hr>WebServer IP:
<br />The current "session.save_path" is "<b>tcp://, tcp://</b>".<br>Session file name: "<b>sess_5h18f809b88isf8vileudgrl40</b>".</div><br>

Find largest files on AIX system root / show biggest files and directories in AIX folder howto

Friday, November 6th, 2020


On an AIX server if you get a root directory ( / ) to be completely full problem and the AIX running services are unable to write their pid files and logs for example in /tmp /admin /home /var/tmp /var/log/ and rest of directory structure or the system is almost full with mounted filesystems which shows it is 90% or 95%+ full on main partition,  the system is either already stuck or it is on the way to stop functiononing normally. Hence the only way to recover IBM AIX machine to a normal behavior is to clean up some files (if you can't extend the partition) or add more physical Hard drive, just as we usually do on Linux.

So How can we clean up largest files on AIX?

Lets say we want to find all files on AIX larger than 1 MB.

aix-system:/ $ find / -xdev -size 2048 -ls | sort -r +6
12579 1400 -rw-r—–  1 root      security   1433534 Jun 26  2019 /etc/security/tsd/tsd.dat
 9325 20361 -rw-r—–  1 root      system    20848752 Nov  6 16:02 /etc/security/failedlogin
21862 7105 -rwxr-xr-x  1 root      system     7274915 Aug 24  2017 /sbin/zabbix_agentd
   72 7005 -rw-rw—-  1 root      system     7172962 Nov  6 16:19 /audit/stream.out
24726 2810 -rw——-  1 root      system     2876944 Feb 29  2012 /etc/syslog-ng/core
29314 2391 -r-xr-xr-x  1 root      system     2447454 Jun 25  2019 /lpp/bos/bos.rte.filesystem/
21844 2391 -r-xr-xr-x  1 root      system     2447414 Jun 25  2019 /sbin/helpers/jfs2/logredo64
21843 2219 -r-xr-xr-x  1 root      system     2271971 Jun 25  2019 /sbin/helpers/jfs2/logredo
29313 2218 -r-xr-xr-x  1 root      system     2270835 Jun 25  2019 /lpp/bos/bos.rte.filesystem/
22279 1800 -rw-r–r–  1 root      system     1843200 Nov  4 08:03 /root/smit.log
12577 1399 -rw-r–r–  1 root      system     1431685 Jun 26  2019 /etc/security/tsd/.tsd.bk
21837 1325 -r-xr-xr-x  1 root      system     1356340 Jun 25  2019 /sbin/helpers/jfs2/fsck64
29307 1325 -r-xr-xr-x  1 root      system     1356196 Jun 25  2019 /lpp/bos/bos.rte.filesystem/
   12 1262 -rw——-  1 root      system     1291365 Aug  8  2011 /core


Above finds all files greater than 1 MB and sort them in reverse
order with the largest files first.

To search all files larger than 64 Megabytes under root ( / )

aix-system:/ $ find / -xdev -size +131072 -ls | sort -r +6
65139 97019 -rw-r–r–  1 root      system    99347181 Mar 31  2017 /admin/

Display 10 largest directories on system

aix-system:/ $ du -a /dir | sort -n -r | head -10

Show biggest files and directories in a directory


aix-system:/ $ du -sk * | sort -n
4       Mail
4       liste
4       my_user
4       syslog-ng.conf
140     smit.script
180     smit.transaction
1804    smit.log

Below du display the size of all files and directories in the current directory with the biggest being at the bottom.


List all largest files in dir decrasingly. If a directory is matches show all sub-dirs largest files.

aix-system:/ $ ls -A . | while read name; do du -sk $name; done | sort -nr

Below ls + while loop command sorts disk usage for all files in the current directory by size, in decreasing order. If the file we suspect happens to be a directory, we can then change into that directory, and re-run the preceding command to determine what is taking up space within that directory.

Continue these steps until you find the desired file or files, at which point you can take appropriate actions.

If the bottom-most item is a directory, then cd into that directory and run the du command again. Keep drilling down until you find the biggest files on your system and get rid of them to save some space.

Postfix copy every email to a central mailbox (send a copy of every mail sent via mail server to a given email)

Wednesday, October 28th, 2020


Say you need to do a mail server migration, where you have a local configured Postfix on a number of Linux hosts named:



all configured to send email via old Email send host ( in each linux box's postfix configuration's /etc/postfix/
Now due to some infrastructure change in the topology of network or anything else, you need to relay Mails sent via another asumably properly configured Linux host relay (

Usually such a migrations has always a risk that some of the old sent emails originating from local running scripts on Linux-host1, Linux-Host2 … or some application or anything else set to send via them might not properly deliver emails to some external Internet based Mailboxes via the new relayhost

E.g. in /etc/postfix/ Linux-Host* machines, you have below config after the migration:

relayhost = []

Lets say that you want to make sure, that you don't end up with lost emails as you can't be sure whether the new email server will deliver correctly to the old repicient emails. What to do then?

To make sure will not end up in undelivered state and get lost forever after a week or so (depending on the mail queue configuration retention period made on Linux sent MTAs and mailrelay, it is a very good approach to temprorary set all email communication that will be sent via a BCC emaills (A Blind Carbon Copy) of each sent mail via relay that is set on your local configured Postfix-es on Linux-Host*.

In postfix to achieve that it is very easy all you have to do is set on your a postfix config variable always_bcc smartly included by postfix Mail Transfer Agent developers for cases exactly like this.

To forward all passed emails via the mail server just place in the end of /etc/postfix/mail.conf after login via ssh on

Now all left is to reload the postfix to force the new configuration to get loaded on systemd based hosts as it is usually today do:

# systemctl reload postfix

Finally to make sure all works as expected and mail is sent do from do a testing via local MTAs. 

Linux-Host:~# echo -e "Testing body" | mail -s "testing subject" -r ""

Linux-Host:~# echo -e "Testing body" | mail -s "testing subject" -r ""

As you can see I'm using the -r to simulate a sender address, this is a feature of mailx and is not available on older Linux Os hosts that are bundled with mail only command.
Now go to and open the in Outlook (if it is M$ Office 365 MX Shared mailbox), Thunderbird or whatever email fetching software that supports POP3 or IMAP (in case if you configured the common all email mailbox to be on some other Postfix / Sendmail / Qmail MTA). and check whether you started receiving a lot of emails 🙂

That's all folks enjoy ! 🙂

Improve wordpress admin password encryption authentication keys security with WordPress Unique Authentication Keys and Salts

Friday, October 9th, 2020


Having a wordpress blog or website with an admistrator and access via a Secured SSL channel is common nowadays. However there are plenty of SSL encryption leaks already out there and many of which are either slow to be patched or the hosting companies does not care enough to patch on time the libssl Linux libraries / webserver level. Taking that in consideration many websites hosted on some unmaintained one-time run not-frequently updated Linux servers are still vulneable and it might happen that, if you paid for some shared hosting in the past and someone else besides you hosted the website and forget you even your wordpress installation is still living on one of this SSL vulnerable hosts. In situations like that malicious hackers could break up the SSL security up to some level or even if the SSL is secured use MITM (MAN IN THE MIDDLE) attack to simulate your well secured and trusted SSID Name WIFi network to  redirects the network traffic you use (via an SSL transparent Proxy) to connect to WordPress Administrator Dashbiard via Once your traffic is going through the malicious hax0r even if you haven't used the password to authenticate every time, e.g. you have saved the password in browser and WordPress Admin Panel authentication is achieved via a Cookie the cookies generated and used one time by Woddpress site could be easily stealed one time and later from the vicious 1337 h4x0r and reverse the hash with an interceptor Tool and login to your wordpress …

Therefore to improve the wordpress site security it very important to have configured WordPress Unique Authentication Keys and Salts (known also as the WordPress security keys).

They're used by WordPress installation to have a uniquely generated different key and Salt from the default one to the opened WordPress Blog / Site Admin session every time.

So what are the Authentication Unique Keys and Salts and why they are Used?

Like with almost any other web application, when PHP session is opened to WordPress, the code creates a number of Cookies stored locally on your computer.

Two of the cookies created are called:


First  cookie is used only in the admin pages (WordPress dashboard), while the second cookie is used throughout WordPress to determine if you are logged in to WordPress or not. Note: [hash] is a random hashed value typically assigned to your session, therefore in reality the cookies name would be named something like wordpress_ffc02f68bc9926448e9222893b6c29a9.

WordPress session stores your authentication details (i.e. WordPress username and password) in both of the above mentioned cookies.

The authentication details are hashed, hence it is almost impossible for anyone to reverse the hash and guess your password through a cookie should it be stolen. By almost impossible it also means that with today’s computers it is practically unfeasible to do so.

WordPress security keys are made up of four authentication keys and four hashing salts (random generated data) that when used together they add an extra layer to your cookies and passwords. 

The authentication details in these cookies are hashed using the random pattern specified in the WordPress security keys. I will not get into too much details but as you might have heard in Cryptography Salts and Keys are important – an indepth explanation on Salts Cryptography (here). A good reading for those who want to know more on how does the authentication based and salts work is on stackexchange.

How to Set up Salt and Key Authentication on WordPress

To be used by WP Salts and Key should be configured under wp-config.php usually they look like so:


!!! Note !!!  that generating (manually or generated via a random generator program), the definition strings you have to use a random string value of more than 60 characters to prevent predictability 

The default on any newly installed WordPress Website is to have the 4 definitions with _KEY and the four _SALTs to be unconfigured strings looks something like:


Most people never ever take a look at wp-config.php as only the Web GUI Is used for any maintainance, tasks so there is a great chance that if you never heard specifically by some WordPress Security Expert forum or some Security plugin (such as WP Titan Anti Spam & Security) installed to report the WP KEY / SALT you might have never noticed it in the config.

There are 8 WordPress security keys in current WP Installs, but not all of them have been introduced at the same time.
Historically they were introduced in WP versions in below order:

WordPress 2.7: NONCE_KEY

Setting a custom random generated values is an easy task as there is already online Wordpress Security key Random generator.
You can visit above address and you will get an automatic randomly generated values which could be straight copy / pasted to your wp-config.php.

Howeever if you're a paranoic on the guessability of the random generator algorithm, I would advice you use the generator and change some random values yourself on each of the 8 line, the end result in the configuration should be something similar to:


define('AUTH_KEY',         '|w+=W(od$V|^hy$F5w)g6O-:e[WI=NHY/!Ez@grd5=##!;jHle_vFPqz}D5|+87Q');
define('SECURE_AUTH_KEY',  'rGReh.<%QBJ{DP )p=BfYmp6fHmIG~ePeHC[MtDxZiZD;;_OMp`sVcKH:JAqe$dA');
define('LOGGED_IN_KEY',    '%v8mQ!)jYvzG(eCt>)bdr+Rpy5@t fTm5fb:o?@aVzDQw8T[w+aoQ{g0ZW`7F-44');
define('NONCE_KEY',        '$o9FfF{S@Z-(/F-.6fC/}+K 6-?V.XG#MU^s?4Z,4vQ)/~-[D.X0<+ly0W9L3,Pj');
define('AUTH_SALT',        ':]/2K1j(4I:DPJ`(,rK!qYt_~n8uSf>=4`{?LC]%%KWm6@j|aht@R.i*ZfgS4lsj');
define('SECURE_AUTH_SALT', 'XY{~:{P&P0Vw6^i44Op*nDeXd.Ec+|c=S~BYcH!^j39VNr#&FK~wq.3wZle_?oq-');
define('LOGGED_IN_SALT',   '8D|2+uKX;F!v~8-Va20=*d3nb#4|-fv0$ND~s=7>N|/-2]rk@F`DKVoh5Y5i,w*K');
define('NONCE_SALT',       'ho[<2C~z/:{ocwD{T-w+!+r2394xasz*N-V;_>AWDUaPEh`V4KO1,h&+c>c?jC$H');



Once above defines are set, do not forget to comment or remove old AUTH_KEY / SECURE_AUTH_KEY / LOGGED_IN_KEY / AUTH_SALT / SECURE_AUTH_SALT / LOGGED_IN_SALT /NONCE_SALT keys.

The values are configured one time and never have to be changed, WordPress installation automatic updates or Installed WP Plugins will not tamper the value with time.
You should never expand or show your private generated keys to anyone otherwise this could be used to hack your website site.
It is also a good security practice to change this keys, especially if you have some suspects someone has somehow stolen your wp-onfig keys. 


Having AUTH KEYs and Properly configured is essential step to improve your WordPress site security. Anytime having any doubt for a browser hijacked session (or if you have logged in) to your /wp-admin via unsecured public Computer with a chance of a stolen site cookies you should reset keys / salts to a new random values. Setting the auth keys is not a panacea and frequent WP site core updates and plugins should be made to secure your install. Always do frequent audits to WP owned websites with a tool such as WPScan is essential to keep your WP Website unhacked.



Report haproxy node switch script useful for Zabbix or other monitoring

Tuesday, June 9th, 2020

For those who administer corosync clustered haproxy and needs to build monitoring in case if the main configured Haproxy node in the cluster is changed, I've developed a small script to be integrated with zabbix-agent installed to report to a central zabbix server via a zabbix proxy.
The script  is very simple it assumed DC1 variable is the default used haproxy node and DC2 and DC3 are 2 backup nodes. The script is made to use crm_mon which is not installed by default on each server by default so if you'll be using it you'll have to install it first, but anyways the script can easily be adapted to use pcs cmd instead.

Below is the bash shell script:

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi

To configure it with zabbix monitoring it can be configured via UserParameterScript.

The way I configured  it in Zabbix is as so:

1. Create the userpameter_active_node.conf

Below script is 3 nodes Haproxy cluster

# cat > /etc/zabbix/zabbix_agentd.d/userparameter_active_node.conf

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }'); do ((f++)); DC[$f]="$i"; done; \
DC=$(sudo /usr/sbin/crm_mon -n -1 | grep 'Current DC' | awk '{ print $1 " " $2 " " $3}' | awk '{ print $3 }'); \
if [ “$DC” == “${DC[1]}” ]; then echo “1 Default DC Switched to ${DC[1]}”; elif [ “$DC” == “${DC[2]}” ]; then \
echo "2 Default DC Switched to ${DC[2]}”; elif [ “$DC” == “${DC[3]}” ]; then echo “3 Default DC: ${DC[3]}"; fi

Once pasted to save the file press CTRL + D

The version of the script with 2 nodes slightly improved is like so:

UserParameter=active.dc,f=0; for i in $(sudo /usr/sbin/crm_mon -n -1|grep -i 'Node ' |awk '{ print $2 }' | sed -e 's#:##g'); do DC_ARRAY[$f]=”$i”; ((f++)); done; GET_CURR_DC=$(sudo /usr/sbin/crm_mon -n -1 | grep ‘Current DC’ | awk ‘{ print $1 ” ” $2 ” ” $3}’ | awk ‘{ print $3 }’); if [ “$GET_CURR_DC” == “${DC_ARRAY[0]}” ]; then echo “1 Default DC ${DC_ARRAY[0]}”; fi; if [ “$GET_CURR_DC” == “${DC_ARRAY[1]}” ]; then echo “2 Default Current DC Switched to ${DC_ARRAY[1]} Please check “; fi; if [ -z “$GET_CURR_DC” ] || [ -z “$DC_ARRAY[1]” ]; then printf "Error something might be wrong with HAProxy Cluster on  $HOSTNAME "; fi;

The script with a bit of more comments as explanations is available here 
2. Configure access for /usr/sbin/crm_mon for zabbix user in sudoers


# vim /etc/sudoers

zabbix          ALL=NOPASSWD: /usr/sbin/crm_mon

3. Configure in Zabbix for active.dc key Trigger and Item


Check if server is Physical Bare Metal or a Virtual Machine and its type

Tuesday, March 17th, 2020


In modern times the IT employee system administrator / system engineer / security engineer or a developer who has to develop and test code remotely on UNIX hosts, we have to login to multiple of different servers located in separate data centers around the world situated in Hybrid Operating system environments running multitude of different Linux OSes. Often especially for us sysadmins it is important to know whether the remote machine we have SSHed to is physical server (Bare Metal) or a virtual machines running on top of different kind of Hypervisor node OpenXen / Virtualbox / Virtuosso  / VMWare etc.

Then the question comes how to determine whether A remote Installed Linux is Physical or Virtual ?

1. Using the dmesg kernel log utility

The good old dmesg that is used to examine and control the kernel ring buffer detects plenty of useful information which gives you the info whether a server is Virtual or Bare Metal. It is present and accessible on every Linux server out there, thus using it is the best and simplest way to determine the OS system node type.

To grep whether a machine is Virtual and the Hypervisor type use:


nginx:~# dmesg | grep "Hypervisor detected"
[0.000000] Hypervisor detected: KVM

As you see above OS installed is using the KVM Virtualization technology.

An empty output of this command means the Remote OS is installed on a physical computer.


2. Detecting the OS platform the systemd way

Systemd along with the multiple over-complication of things that nearly all sysadmins (including me hate) so much introduced something useful in the fact of hostnamectl command
that could give you the info about the OS chassis platform.


root@pcfreak:~# hostnamectl status
 Static hostname: pcfreak
         Icon name: computer-desktop
           Chassis: desktop
        Machine ID: 02425d67037b8e67cd98bd2800002671
           Boot ID: 34a83b9a79c346168082f7605c2f557c
  Operating System: Debian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.0-5-amd64
      Architecture: x86-64



Below is output of a VM running on a Oracle Virtualbox HV.


linux:~# hostnamectl status
Static hostname: ubuntuserver
 Icon name: computer-vm
 Chassis: vm
 Machine ID: 2befe86cf8887ca098f509e457554beb
 Boot ID: 8021c02d65dc46b1885afb25fddcf18c
 Virtualization: oracle
 Operating System: Ubuntu 16.04.1 LTS
 Kernel: Linux 4.4.0-78-generic
 Architecture: x86-64


3. Detect concrete container virtualization with systemd-detect-virt 

Another Bare Metal or VM identify tool that was introducted some time ago by freedesktop project is systemd-detect-virt (usually command is part of systemd package).
It is useful to detect the exact virtualization on a systemd running OS systemd-detect-virt is capable to detect many type of Virtualization type that are rare like: IBM zvm S390 Z/VM, bochs, bhyve (a FreeBSD hypervisor), Mac OS's parallels, lxc (linux containers), docker containers, podman etc.

The output from the command is either none (if no virtualization is present or the VM Hypervisor Host type):


server:~# systemd-detect-virt


quake:~# systemd-detect-virt


4. Install and use facter to report per node facts


debian:~# apt-cache show facter|grep -i desc -A2
Description-en: collect and display facts about the system
 Facter is Puppet’s cross-platform system profiling library. It discovers and
 reports per-node facts, which are collected by the Puppet agent and are made

Description-md5: 88cdf9a1db3df211de4539a0570abd0a
Tag: devel::lang:ruby, devel::library, implemented-in::ruby,
root@jeremiah:/home/hipo# apt-cache show facter|grep -i desc -A1
Description-en: collect and display facts about the system
 Facter is Puppet’s cross-platform system profiling library. It discovers and

Description-md5: 88cdf9a1db3df211de4539a0570abd0a


– Install facter on Debian / Ubuntu / deb based Linux


# apt install facter –yes

– Install facter on RedHat / CentOS RPM based distros

# yum install epel-release


# yum install facter

– Install facter on OpenSuSE / SLES

# zypper install facter

Once installed on the system to find out whether the remote Operating System is Virtual:

# facter 2> /dev/null | grep virtual
is_virtual => false
virtual => physical

If the machine is a virtual machine you will get some different output like:

# facter 2> /dev/null | grep virtual
is_virtual => true
virtual => kvm

If you're lazy to grep you can use it with argument.

# facter virtual


6. Use lshw and dmidecode (list hardware configuration tool)

If you don't have the permissions to install facter on the system and you can see whether lshw (list hardware command) is not already present on remote host.

# lshw -class system  
    description: Computer
    width: 64 bits
    capabilities: smbios-2.7 vsyscall32

If the system is virtual you'll get an output similar to:

# lshw -class system  
 description: Computer
 product: VirtualBox
 vendor: innotek GmbH
 version: 1.2
 serial: 0
 width: 64 bits
 capabilities: smbios-2.5 dmi-2.5 vsyscall32
 configuration: family=Virtual Machine uuid=78B58916-4074-42E2-860F-7CAF39F5E6F5

Of course as it provides a verbosity of info on Memory / CPU type / Caches / Cores / Motherboard etc. virtualization used or not can be determined also with dmidecode / hwinfo and other tools that detect the system hardware this is described thoroughfully in my  previous article Get hardware system info on Linux.

7. Detect virtualziation using virt-what or imvirt scripts

imvirt is a little script to determine several virtualization it is pretty similar to virt-what the RedHat own script for platform identification. Even though virt-what is developed for RHEL it is available on other distros, Fedoda, Debian, Ubuntu, Arch Linux (AUR) just like is imvirt.

installing both of them is with the usual apt-get / yum or on Arch Linux with yay package manager (yay -S virt-what) …

Once run the output it produces for physical Dell / HPE / Fujitsu-Siemens Bare Metal servers would be just empty string.

# virt-what

Or if the system is Virtual Machine, you'll get the type, for example KVM (Kernel-based Virtual Machine) / virtualbox / qemu etc.




It was explained how to do a simple check whether the server works on a physical hardware or on a virtual Host hypervisor. The most basic and classic way is with dmesg. If no access to dmesg is due to restrictions you can try the other methods for systemd enabled OSes with hostnamectl / systemd-detect-virt. Other means if the tools are installed or you have the permissions to install them is with facter / lshw or with virt-what / imvirt scripts.
There definitely perhaps much more other useful tools to grasp hardware and virtualization information but this basics could be useful enough for shell scripting purposes.
If you know other tools, please share.

The beheading of Saint John the Baptist feats in Eastern Orthodox Church – A short history of saint John Forerunners Holy Relics

Saturday, September 14th, 2019


Saint John the Baptist (The Forerunner of Christ) is all known for being the baptizer of the Lord Jesus Christ in Jordan's river in Israel.

However as nowadays most people are away from the Church and from traditions, that many generations of our ancestors used to follow, little know the details of his beheading and the meaning of why he is venerated so much by so many generations in the last 2000 years.

Thus In this small article, I'll try to shed some light on the Saint John Beheading feast known in Church Slavonic world as Oseknovenie (Осекновение) = beheading and is considered a day of sorrow for the Church for the reason the biggest Old Testamental prophet, a hermit and a man of Gigantic spiritual significance Saint John the Baptist has been beheaded unfairly for having no fault at all but this happened so his righteousness raise up even more and be clear for the generations to come.

The feast of Saint John the Baptist is celebrated on 29 of August in Eastern Orthodox Church, where old Calendar Churches celebrate the feast (13 days) later on 11 of September – I'll not get into details about calendars as this is a long discussion for a separate article.

It should be said in the Church saint John the Baptist is considered the highest saint among all“the first among martyrs in grace”, venerated next in glory to Virgin Mary.

The Martyrdom of Saint John happened in the 32 years after the Nativity (The Birth) of Christ as this is said in the Gospel of Mathew 14:1-12 and Gospel of Mark (6:14-29) in New Testament.


Many of the small details, we know about saint John and his earthly living are not given in the Gospel however, but are instead given in the Chuch Tradition (that is kept in the main books and the Living of the Saints, as well as all the books written by the officially canonized saints over the years that used for Eastern Orthodox Church services Singing for many centuries).

From there we know the beheading of Saint John happened short time before the Crucifixion of Christ. After the death of Herode the Great, Romans divided the territory of Province of Palestine in 4 parts and on top of each placed his governor.

Herodos Antipa received by Emperor Augustus Galilea as a territory of Governance. He had a law binded marriage, who was a daughter of king Arepha. Herod left her and cohabited (unlawfully) with Herodias who was his mistress and brother's wife.

As Herodos was a governer and recpetively example for all his subordinate in his Kingdom and was living unlawfully with that woman saint John who knew him personally rebuked him multiple times publicly advising him to leave that woman and live with his lawfully marriaged one as it was written in God's law – that such people are worthy for death just like moreover this was the unwritten law followed by all kind of peoples of his time from noble to smallest and poorest.

Herodoes did not listened and wanted to get rid of saint Johns somehow but he was scared to accuse him for some kind of kingdom lawlessness as the knew saint John was a true prophet of God and feared the people who recognized him as a true prophet  as well as feared he might be put off throne for his evil deed if he finds an excuse to kill the prophet of God.

As the critics on Herodoes living with a concubine while being in marriage, eventually not finding any other way to shut Saint John's mouth, king Herodoes put saint John in Prison with the excuse Saint John was a rebel and preaching things against established authority (About this event is said in Bible Gospel of Luke 3, 19-20).

For his birthday Herodoes prepared enormous banquet in which in front of the many invited guests danced (Salome / Salomia) – the daughter of Herod II and Herodias and her dancing was so much pleasing for the already drunk Herod and in his drunkenness he promised to give her anything she desired up to half of his kingdom.
Salome was still young woman and as it was the tradition then not knowing what would be the best to ask for, she asked her Mother and the Mother being in unlawful relations with Herod in her hatred for the rebuking prophet saint John asked, the head of Saint John the Baptist on a platter.


The dance of Salome with Saint John's head on a Platter Orthodox icon

Even though Herod was appaled by this strange request, he had to reluctanly agree to keep his word as he was a ruler of a great power and for that time, not keeping a word publicly given would make him though weak, a fraudulant and eventually this will be reason for a rumors for his unseriousness to circulate the kingdom, thus unwillingly he agreed sent soldier to the prison to behead Saint John and the Head of the saint was brought to the perverted Solome and the harlot mother of hers Herodias.

Due to Church tradition when the Head of the 'Biggest in Spiritual Power' of Man born after Christ, as the Gospel speaks was brought to the lecherous feast, the Head even in the platter continued to rebuke, the unwalfullness of Herod.

The Jewish famous Historian Flavius Josiphus in his historical book Antiques of the Jews wrote, the reason for beheading of Saint John was:

"lest the great influence John had over the people might put it into his [John’s] power and inclination to raise a rebellion, (for they seemed ready to do any thing he should advise), [so Herod] thought it best [to put] him to death."

Flavius also states that many of the Jews believed that the military disaster that fell upon Herod as his throne fall a by the hands of Aretas his (father-in-law) was God's immediate punishment for unrighteous behaviour.
There is no exact date when behading of Saint John occured but the historians place it somewhere in year 28 or 29 A. D. (Anno Dommini).


The body of saint John was buried immediately (separately from the body) as Herodias for her hatred for the prophet ordered the body to be buried separately from the head, it was buried in the small Palestinian Village (Sebaste), while Herodias took his holy head and buried it in a dung heep. 
Later Joanna (canonized later by saint known as Saint Joanna) – a wife of Herods steward, secretly went to place took the head and buried in the Mount of Olives, where it remained hidden for many centuries.

But the wrath of God is never late soon after Salome was passing a frozen river and while walking on it the ice collapsed and her body up to the head fall hanging in the water, while her head was sitting still over the water.
Just as she used to kick her feet on the ground, she was now, like dancing, making helpless movements in icy water.

So Salome hung until the sharp ice cut through her neck. Her head, cut off with a sharp ice, then her head was brought to Herod and Herodias, as John the Baptist's head had once been brought to them, and her body had never been found. The king of Arif of Arabia, in revenge for the dishonor of his daughter – the wife of Herod the four-owner – moved his troops against the wicked king and defeated him. The Roman emperor Guy Julius Caesar Caligula (37-41) in anger sent Herod, together with Herodias, into captivity to Gaul, and then to  . There they were consumed by the sprawling earth.

By a divine revelation the head of Saint John has been found in the 4th century (Celebrated in the Church with a special feast known as The First Finding of Saint John's the Baptist head by a governing official of Eastern Roman empire district who eventually choose to become a monk (monk Inokentij / Innocent). The head of saint John has been found by both divine revelation and the testimony of an Old Jew who confirmed the Jewish oral tradition for the burial of John the Baptist head on that exact place .
Innocent decided to build a Church and a monastic Cell in glory of Saint John the Baptist as the place was holy and sanctified by the graceous head of St. John.
Fearful that holy relics of such a high importance, might be soon stolen and sold, mocked over by unbelievers or destroyed, he immediately hide (burid) the St. John on the very same place, where he found it in the same vessel it was orginally.
Unfortunately on monk Innocent dead the Church fell into ruin was abandoned due to its desert location and eventually as it always happened in that times with old buildings, people used its construction stones for fortifying their own near village houses.

The Second Finding of the Head of Saint John the Baptist, happened some years later in 452 A.D. , during the days of Constantine the Great by two Christian monks who went for a Jerusalem for pilgrimage.who had God given revelation (Saint John himself appeared in a kind of a Vision to the two) and hsa indicated for the same hidden location where Innocent found it (laying under the Church ruins altar).
After digging on the place, the holy relic was found placed in a sack and brought with them to heir home land. On the way back they've met a potter not telling him what was inside the bag and asked him the bag to carry being lazy to do. Saint John the Baptist appeared the potter and told him to take his head and bring it away from this careless lazy monks immediately. The potter took Saint John's head home, and kept it there praying fervently to saint John the Baptist daily, soon before his death he put the head in a container and gave it to his sister.
The 1st and 2nd finding of saint Johns head is established as a feast celebrated yearly in Eastern Orthodox Church on 24 of February.


The feast of Beheading of Saint John in the Church is always observed in the Eastern Orthodox Churches Bulgarian, Russian, Serbian, Greek, Romanian, Georgian etc. with a strict fasting as a sign for the great sorrow we Christians have for the beheading of the Greatest of Prophets and Highest in sight of God born of man.

In some cultures, the pious will not eat food from a flat plate, use a knife, or eat round or red food (such as tomatoes, watermelon, red peppers etc.) on this day.

A short time after a Hieromonk Eustathius (considered by Church historians) to be part of the Arian heretical division happen to have th chance to possess the holy head and he used it frequently to attract followers to the Heretical teachings of Arius (a Lybian heretic presbyter who was condemned in 325 A.D. on the First Council of Nicea convened by Saint Emperor Constantine The Great. Being in a hardships Eustathius buried the head in a cave near Emesa (circa 810 – 820) and soon after a monastery was built on that place by God's providence.

In the year 452, St. John the Baptist appeared to Archimandrite Marcellus of this monastery and indicated where his head was hidden in a water jar buried in the earth. The relic was brought into the city of Emesa and was later transferred to Constantinople.


The current pressumable relics of head of Saint John the Baptist kept in San Silvestro in Capite Rome

The head of John Baptist disappeared once again after it was transferred from Comana of Cappadocia during a period of Muslim raids (about 820) and was again hidden in the ground during a period of iconoclastic persecusion.
After the veneration of icons was restored in year 850, A vision was revelead by God to patriarch Ignatius of Constantinople (ruling on patriarchial throne in 847 – 857) saw a vision revealing the place where the head of saint John was hidden around y. 850. The patriarch as the order was then communicated about his vision to emperor Michael III, who sent a delegation to Comana, where the head was found. Soon after the head was transferred to city of Nyc and here on 25 of May it was placed in a church in emperor court in Constantinople. The Church feast of the Third Finding of Saint John Baptist head is established for celebration in the Eastern Orthodox Church on 25 of May.


Currently many small particles of Saint John Head are available for generation among many Eastern Orthodox and Roman Catholic Churches.


The head  is claimed to be in San Silvestro (Saint Silvester) in Capite in Rome or in Amiens Cathedral, said to have been brought from Constantinople by Wallon de Sarton as he was returning from the Fourth Crusade.
There are also some sources claiming that the real head of John the Baptist is buried in Turkish Antioch or Southern France.


Amiens Cathedrale Notre Dame France – one of most magnificent Gothic edifice in Europe.

During the French Revolution the kept Head in Amiens has been secretly hidden by the Amiens city Mayor in his own home to protect this sacred relic from the destruction (as many holy relics saints disappeared or have been destroyed) by the rebellious enraged crowds fighting for the rights of "Liberty, Equality, Fraternity" being the goals of the Masonic bortherhoods and many secret societies in France in that time.

Also a reliquary at the Residenz in Munich, Germany, is labeled as containing the skull of John the Baptist by Catholics. In history some sources claim the St. John used to be owned by Knight Templars
А piece of Saint John Baptist skull is held at the Eastern Orthodox Romanian skete Prodromos on Mount Athos.

Further on according to Church tradition saint Luke the Evangelist went to the city of Sebaste bringing with him the right hand of Saint John the Forerunner which was conducting numerous of miracles.

Some of the Relics of John the Baptist are said to be in the possession of the Coptic Orthodox Monastery of Saint Macarius the Great in Scetes, Egypt.
It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.


It is said John the Baptist's arm and a piece of his skull can be found at the Topkapı Palace in Istanbul, Turkey.
At the time of Mehmed the Conqueror, the skull was held in Topkapı, while after his death, his stepmother Mara Branković, a Serbian princess, brought it to Serbia. It was then kept a while at the Dionisios monastery at Mount Athos, then the skull fragment was sent to a nearby island in order to prevent the outbreak of a plague; however, the Ottoman fleet seized it and delivered it to Hasan Pasha of Algeria, who held it in his home until his death. It was then returned to Topkapı. The skull is kept on a golden plate decorated with gold bands with gems and Old Serbian inscriptions. The plate itself is stored in a 16th-century rock crystal box.


The face of St. John the Baptist, in the Cathedral of Our Lady in Amiens.

St. John's arm was brought from Antioch to Constantinople at the time of Constantine VII. It was kept in the Emperor's chapel in the 12th century, then in the Church of the Virgin of the Pharos, then in the Church of Peribleptos in the first half of the 15th century. Spanish envoy Clavijo reported that he saw two different arms in two different monasteries while on a visit to Constantinople in 1404. With the Fall of Constantinople, the Ottomans seized possession of it. In 1484, Bayezid II sent it the knights of Rhodes, while they held his brother Cem captive in return. In 1585, Murad III had the arms brought from Lefkosia castle to Constantinople (henceforth known as Istanbul). The arm is kept in a gold-embellished silver reliquary. There are several inscriptions on the arm: "The beloved of God" on the forefinger, "This is the hand of the Baptist" on the wrist, and "belongs to (monk) Dolin Monahu" on the band above the elbow.

In July 2010, a small reliquary was discovered under the ruins of a 5th-century monastery on St. Ivan Island, Bulgaria. Local archaeologists opened the reliquary in August and found bone fragments of a skull, a hand and a tooth, which they believe belong to st. John the Baptist, based on their interpretation of a Greek inscription on the reliquary.The remains have been carbon-dated to the 1st century. Currently The found relics are being placed for veneration in the sea resort town  of Sozopol, Bulgaria in the Church of saint saint Cyril and Methodius.


Saint John the Baptist Holy Relics in Sozopol Bulgaria


 A Lity (Orthodox Vespers) in front of Saint Cyril and Methodius Church in Sozopol resort Bulgaria

There is much to be said in Saint Johns beheading and many great Theology books have been written on the topic however I hope the goal of this article to give a very brief overview for the ordinary people to know our human history over the last 2000 which is highly entangled with Christian faith  succeeded to give a very brief overview on the history of the beheading of saint John the Baptist and the deep history across his holy relics veneration over the centuries.

As a closure for the Article I find worthly to share the sung troparion in the Church services glorifying of saint John the Forerunner in Old Bulgarian / Church Slavonic, Greek and English


Па́мять пра́веднаго с похвала́ми, тебе́ же довле́ет свиде́тельство Госпо́дне, Предте́че: показа́л бо ся еси́ вои́стинну и проро́ков честне́йший, я́ко и в струя́х крести́ти сподо́бился еси́ Пропове́даннаго. Те́мже за и́стину пострада́в, ра́дуяся, благовести́л еси́ и су́щим во а́де Бо́га, я́вльшагося пло́тию, взе́млющаго грех ми́ра и подаю́щаго нам ве́лию ми́лость.


Μνήμη Δικαίου μέτ' ἐγκωμίων, σοὶ δὲ ἀρκέσει ἡ μαρτυρία τοῦ Κυρίου Πρόδρομε· ἀνεδείχθης γὰρ ὄντως καὶ Προφητῶν σεβασμιώτερος, ὅτι καὶ ἐν ῥείθροις βαπτίσαι κατηξιώθης τὸν κηρυττόμενον. Ὅθεν τῆς ἀληθείας ὑπεραθλήσας, χαίρων εὐηγγελίσω καὶ τοῖς ἐν ᾍδῃ, Θεὸν φανερωθέντα ἐν σαρκί, τὸν αἴροντα τὴν ἁμαρτίαν τοῦ κόσμου, καὶ παρέχοντα ἡμῖν τὸ μέγα ἔλεος.

O Prophet and Forerunner of the coming of Christ, in spite of our eagerness to render you due honor, we fall short when singing your praise. Your glorious birth saved your mother from the shame of barrenness, returned to your father the power of speech, and proclaimed to the world the Incarnation of the Son of God.

The woman who had been barren becomes fertile and gives birth today to the Forerunner of Christ. He is the greatest and last of the prophets, for standing in the waters of the Jordon River, he placed his hands on Christ whom all the prophets had announced, and in so doing he became a prophet himself, a preacher and a forerunner of the Word of God.

Howto Configure Linux shell Prompt / Setup custom Terminal show Prompt using default shell variables PS1, PS2, PS3, PS4

Tuesday, August 27th, 2019


System Console, Command Operation Console  or Terminal is a Physical device for text (command) input from keyboard, getting the command output and monitoring the status of a shell or programs I/O operations generated traditionally with attached screen. With the development of Computers, physical consoles has become emulated and the input output is translated on the monitor usually via a data transfer  protocol historically mostly over TCP/IP connection to remote IP with telnet or rsh, but due to security limitations Consoles are now accessed over data (encrypted) network protocols with SHA2 / MD5 cryptography algorithm enabled such as over SSH (Secure Shell) network protocol..
The ancestors of physical consoles which in the past were just a Terminal (Monitoring / Monitor device attached to a MainFrame system computer).


What is Physical Console
A classical TTY (TeleTYpewriter) device looked like so and served the purpose of being just a communication and display deivce, whether in reality the actual computing and storage tape devices were in a separate room and communicating to Terminal.

TTYs are still present in  modern UNIX like GNU / Linux distrubions OSes and the BSD berkley 4.4 code based FreeBSD / NetBSD / OpenBSD if you have installed the OS on a physical computer in FreeBSD and Solaris / SunOS there is also tty command. TTY utility in *nix writes the name of the terminal attached to standard input to standard output, in Linux there is a GNU remake of same program part called GNU tty of coreutils package (try man tty) for more.

The physical console is recognizable in Linux as it is indicated with other tree letters pts – (pseudo terminal device) standing for a terminal device which is emulated by an other program (example: xterm, screen, or ssh are such programs). A pts is the slave part of a pts is pseudo there is no separate binary program for it but it is dynamically allocated in memory.
PTS is also called Line consle in Cisco Switches / Router devices, VTY is the physical Serial Console connected on your Cisco device and the network connection emulation to network device is creates with a virtual console session VTL (Virtual Terminal Line). In freebsd the actual /dev/pts* /dev/tty* temporary devices on the OS are slightly different and have naming such as /dev/ttys001.
But the existence of tty and pts emulator is not enough for communicating interrupts to Kernel and UserLand binaries of the Linux / BSD OS, thus to send the commands on top of it is running a System Shell as CSH / TSH / TCSH or BASH which is usually the first program set to run after user logs in over ptty or pseudo tty virtual terminal.



Setting the Bash Prompt in Terminal / Console on GNU / Linux

Bash has system environments to control multiple of variables, which are usually visible with env command, one important variable to change in the past was for example USER / USERNAME which was red by IRC Chat clients  such as BitchX / irssi and could be displayed publicly so if not changed to a separate value, one could have known your Linux login username by simple /whois query to the Nickname in question (if no inetd / xinetd service was running on the Linux box and usually inetd was not running).

Below is my custom set USER / USERNAME to separate

hipo@pcfreak:~$ env|grep USER

There is plenty of variables to  tune email such as MAIL store directory, terminal used TERM, EDITOR etc. but there are some
variables that are not visible with env query as they're not globally available for all users but just for the single user, to show this ones you need to use declare command instead, to get a full list of All Single and System Wide defined variables and functions type declare in the bash shell, for readability, below is last 10 returned results:


hipo@pcfreak:~$ declare | tail -10
    local quoted=${1//\'/\'\\\'\'};
    printf "'%s'" "$quoted"
quote_readline ()
    local quoted;
    _quote_readline_by_ref "$1" ret;
    printf %s "$ret"


PS1 is present there virtually on any modern Linux distribution and is installed through user home's directory $HOME/.bashrc , ~/.profile or .bash_profile or System Wide globally for all existing users in /etc/passwd (password database file) from /etc/bash.bashrc
In Debian / Ubuntu / Mint GNU / Linux this system variable is set in user home's .bashrc but in Fedora / RHEL Linux distro,
PS1 is configured from /home/username/.bash_profile to find out where PS1 is located for ur user:

cd ~
grep -Rli PS1 .bash*

Here is one more example:

hipo@pcfreak:~$ declare|grep -i PS1|head -1
PS1='\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '

hipo@pcfreak:~$ grep PS1 /etc/bash.bashrc
[ -z “$PS1” ] && return
# but only if not SUDOing and have SUDO_PS1 set; then assume smart user.
if ! [ -n “${SUDO_USER}” -a -n “${SUDO_PS1}” ]; then
  PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '

Getting current logged in user shell configured PS1 variable can be done with echo:

hipo@pcfreak:~$ echo $PS1
\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$

So lets observe a little bit the meaning of this obscure line of (code) instructions code which are understood by BASH when being red from PS1 var to do so, I'll give a list of meaning of main understood commands, each of which is defined with \.

The ${debian_chroot} shell variable is defined from /etc/bash.bashrc

Easiest way to change PS1 is to export the string you like with the arguments like so:


root@linux:/home/hipo# export PS1='My-Custom_Server-Name# '
My-Custom_Server-Name# echo $PS1


  •     \a : an ASCII bell character (07)
  •     \d : the date in “Weekday Month Date” format (e.g., “Tue May 26”)
  •     \D{format} : the format is passed to strftime(3) and the result is inserted into the prompt string; an empty format results in a locale-specific time representation. The braces are required
  •     \e : an ASCII escape character (033)
  •     \h : the hostname up to the first ‘.’
  •     \H : the hostname
  •     \j : the number of jobs currently managed by the shell
  •     \l : the basename of the shell's terminal device name
  •     \n : newline
  •     \r : carriage return
  •     \s : the name of the shell, the basename of $0 (the portion following the final slash)
  •     \t : the current time in 24-hour HH:MM:SS format
  •     \T : the current time in 12-hour HH:MM:SS format
  •     \@ : the current time in 12-hour am/pm format
  •     \A : the current time in 24-hour HH:MM format
  •     \u : the username of the current user
  •     \v : the version of bash (e.g., 2.00)
  •     \V : the release of bash, version + patch level (e.g., 2.00.0)
  •     \w : the current working directory, with $HOME abbreviated with a tilde
  •     \W : the basename of the current working directory, with $HOME abbreviated with a tilde
  •     \! : the history number of this command
  •     \# : the command number of this command
  •     \$ : if the effective UID is 0, a #, otherwise a $
  •     \nnn : the character corresponding to the octal number nnn
  •     \\ : a backslash
  •     \[ : begin a sequence of non-printing characters, which could be used to embed a terminal control sequence into the prompt
  •     \] : end a sequence of non-printing characters

The default's PS1 set prompt on Debian Linux is:

echo $PS1
\[\e]0;\u@\h: \w\a\]${debian_chroot:+($debian_chroot)}\u@\h:\w\$

As you can see \u (print username) \h (print hostname)  and \W (basename of current working dir) or \w (print $HOME/current working dir)
are the most essential, the rest are bell character, escape character etc.

A very good way to make your life easier and learn the abbreviations / generate exactly the PS1 PROMPT you want to have is with Easy Bash PS1 Generator Web Utility
with which you can just click over buttons that are capable to produce all of the PS1 codes.

1. How to show current hour:minute:seconds / print full date in Prompt Shell (PS)

Here is an example with setting the Bash Shell prompt  to include also the current time in format hour:minute:seconds (very useful if you're executing commands on a critical servers and you run commands in some kind of virtual terminal like screen or tmux.

root@pcfreak:~# PS1="\n\t \u@\h:\w# "
14:03:51 root@pcfreak:/home#



export PS1='\u@\H \D{%Y-%m-%d %H:%M;%S%z}] \W ] \$ '



Make superuser appear in RED color (adding PS1 prompt custom color for a User)

root@pcfreak:~$  PS1="\\[$(tput setaf 1)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"



In above example the Shell Prompt Color changed is changed for administrator (root) to shebang symbol # in red, green, yellow and blue for the sake to show you how it is done, however this example can be adapted for any user on the system. Setting different coloring for users is very handy if you have to administer Mail Server service like Qmail or other Application that consists of multiple small ones of multiple daemons such as qmail + vpopmail + clamd + mysql etc. Under such circumstances, coloring each of the users in different color like in the example for debugging is very useful.

Coloring the PS1 system prompt on Linux to different color has been a standard practice in Linux Server environments running Redhat Enterprise Linux (RHEL) and SuSE Enterprise Linux and some Desktop distributions such as Mint Linux.

To make The Root prompt Red colored only for system super user (root) on any Linux distribution
, add the following to /etc/bashrc, e.g.

vim /etc/bashrc

# If id command returns zero, you've root access.
if [ $(id -u) -eq 0 ];
then # you are root, set red colour prompt
  PS1="\\[$(tput setaf 1)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"
else # normal
  PS1="[\\u@\\h:\\w] $"



2. How to make the prompt of a System user appear Green

Add to ~/.bashrc  following line



PS1="\\[$(tput setaf 2)\\]\\u@\\h:\\w #\\[$(tput sgr0)\\]"


3. Print New line, username@hostname, base PTY, shell level, history (number), newline and full working directory $PWD


export PS1='\n[\u@\h \l:$SHLVL:\!]\n$PWD\$ '


4. Showing the numbert of jobs the shell is currently managing.

This is useful if you run and switch with fg / bg (foreground / background) commands
to switch between jobs and forget some old job.


export PS1='\u@\H \D{%Y-%m-%d %H:%M;%S%z}] \W \$]'


Multi Lines Prompt / Make very colorful Shell prompt full of stats info

PS1="\n\[\033[35m\]\$(/bin/date)\n\[\033[32m\]\w\n\[\033[1;31m\]\u@\h: \[\033[1;34m\]\$(/usr/bin/tty | /bin/sed -e ‘s:/dev/::’): \[\033[1;36m\]\$(/bin/ls -1 | /usr/bin/wc -l | /bin/sed ‘s: ::g’) files \[\033[1;33m\]\$(/bin/ls -lah | /bin/grep -m 1 total | /bin/sed ‘s/total //’)b\[\033[0m\] -> \[\033[0m\]"




5. Set color change on command failure

If you have a broken command or the command ended with non zero output with some kind of bad nasty message and you want to make, that more appearing making it red heighlighted, here is how:


PROMPT_COMMAND='PS1="\[\033[0;33m\][\!]\`if [[ \$? = “0” ]]; then echo “\\[\\033[32m\\]”; else echo “\\[\\033[31m\\]”; fi\`[\u.\h: \`if [[ `pwd|wc -c|tr -d ” “` > 18 ]]; then echo “\\W”; else echo “\\w”; fi\`]\$\[\033[0m\] “; echo -ne “\033]0;`hostname -s`:`pwd`\007"'


6. Other beautiful PS1 Color Prompts with statistics


PS1="\n\[\e[32;1m\](\[\e[37;1m\]\u\[\e[32;1m\])-(\[\e[37;1m\]jobs:\j\[\e[32;1m\])-(\[\e[37;1m\]\w\[\e[32;1m\])\n(\[\[\e[37;1m\]! \!\[\e[32;1m\])-> \[\e[0m\]"





7. Add Muliple Colors to Same Shell prompt


function prompt { local BLUE="\[\033[0;34m\]” local DARK_BLUE=”\[\033[1;34m\]” local RED=”\[\033[0;31m\]” local DARK_RED=”\[\033[1;31m\]” local NO_COLOR=”\[\033[0m\]” case $TERM in xterm*|rxvt*) TITLEBAR=’\[\033]0;\u@\h:\w\007\]’ ;; *) TITLEBAR=”” ;; esac PS1=”\u@\h [\t]> ” PS1=”${TITLEBAR}\ $BLUE\u@\h $RED[\t]>$NO_COLOR " PS2='continue-> ' PS4='$0.$LINENO+ ' }


8. Setting / Change Shell background Color



export PS1="\[$(tput bold)$(tput setb 4)$(tput setaf 7)\]\u@\h:\w $ \[$(tput sgr0)\]"


tput Color Capabilities:

  • tput setab [1-7] – Set a background color using ANSI escape
  • tput setb [1-7] – Set a background color
  • tput setaf [1-7] – Set a foreground color using ANSI escape
  • tput setf [1-7] – Set a foreground color

tput Text Mode Capabilities:

  • tput bold – Set bold mode
  • tput dim – turn on half-bright mode
  • tput smul – begin underline mode
  • tput rmul – exit underline mode
  • tput rev – Turn on reverse mode
  • tput smso – Enter standout mode (bold on rxvt)
  • tput rmso – Exit standout mode
  • tput sgr0 – Turn off all attributes

Color Code for tput:

  • 0 – Black
  • 1 – Red
  • 2 – Green
  • 3 – Yellow
  • 4 – Blue
  • 5 – Magenta
  • 6 – Cyan
  • 7 – White


9. Howto Use bash shell function inside PS1 variable

If you administrate Apache or other HTTPD servers or any other server whose processes are forked and do raise drastically at times to keep an eye while actively working on the server.


function httpdcount { ps aux | grep apache2 | grep -v grep | wc -l } export PS1="\u@\h [`httpdcount`]> "

10. PS2, PS3, PS4 little known variables

I'll not get much into detail to PS2, PS3, PS4 but will mention them as perhaps many people are not even aware they exist.
They're rarely used in the daily system administrator's work but useful for Shell scripting purposes of Dev Ops and Shell Scripting Guru Programmers.

  • PS2 – Continuation interactive prompt

A very long unix command can be broken down to multiple line by giving \ at the end of the line. The default interactive prompt for a multi-line command is “> “.  Let us change this default behavior to display “continue->” by using PS2 environment variable as shown below.

hipo@db-host :~$ myisamchk –silent –force –fast –update-state \
> –key_buffer_size=512M –sort_buffer_size=512M \
> –read_buffer_size=4M –write_buffer_size=4M \
> /var/lib/mysql/bugs/*.MYI
[Note: This uses the default “>” for continuation prompt]

  • PS3 – Prompt used by “select” inside shell script (usefulif you write scripts with user prompts)


  • PS4 – Used by “set -x” to prefix tracing output
    The PS4 shell variable defines the prompt that gets displayed.

You can find  example with script demonstrating PS2, PS3, PS4 use via small shell scripts in thegeekstuff's article Take control of PS1, PS2, PS3, PS4 read it here



In this article, I've shortly reviewed on what is a TTY, how it evolved into Pseudo TTY and how it relates to current shells which are the interface communicating with the modern UNIX like Operating systems's userland and kernel.
Also it was reviewed shortly how the current definitions of shell variables could be viewed with declare cmd. Also I went through on how to display the PS1 variable and  on how to modify PS1 and make the prompt different statistics and monitoring parameters straight into the command shell. I've shown some common PS1 strings that report on current date hour, minute, seconds, modify the coloring of the bash prompt shell, show processes count, and some PS1 examples were given that combines beuatiful shell coloring as well as how the Prompt background color can be changed.
Finally was shown how a combination of commands can be executed by exporting to PS1 to update process counf of Apache on every shell prompt iteration.
Other shell goodies are mostly welcome