Category Archives: Linux

How to get an SSL A+ rating with Apache

If you need a high rating with tests like https://www.ssllabs.com then i have an example on a working configuration that will get you the A+ score.

I’m using letsencrypt for my SSL site but you can use any certificate to get the result.

<VirtualHost *:80>
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
Redirect / https://www.pvangsgaard.com/
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
CustomLog /var/log/apache2/pvangsgaard.com.access.log combined
</VirtualHost>
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
DocumentRoot /home/pva/public_html/pvangsgaard.com
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLEngine on
SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
SSLHonorCipherOrder on
SSLCertificateFile    /etc/letsencrypt/live/pvangsgaard.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pvangsgaard.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/pvangsgaard.com/fullchain.pem
</VirtualHost>

Remember to enable headers with:

a2enmod headers
systemctl restart apache

I have also made an example for NGINX at this url https://www.pvangsgaard.com/2018/02/22/how-to-get-an-a-rating-with-100-score-on-the-ssllabs-test-with-nginx/

Linux | How to get Windows 10 License key from BIOS

If you have installed Linux on your laptop but wan’t to have a Windows VM in virtualbox then chances are that you need a serial number for windows 10.

Normally Windows read the embedded key that are hardcodet into the BIOS of the laptop and Windows in a virtual instance will not be able to read other than the vm’s virtual BIOS so you will need to type one in yourself.

With this command you can extract the serial number:

sudo hexdump -s 56 -e '"WIN key: " /29 "%s\n"' /sys/firmware/acpi/tables/MSDM

Exim | How to hide version number

To prevent showing hackers the version number of your Exim SMTP server it can be hidden by setting this SMTP banner.

Search for smtp_banner in /etc/exim.conf and replace it with:

smtp_banner = "${primary_hostname} ESMTP"

In some setups there is no smtp_banner set then just add the line to the config file

How to fix Chrome dependency problems on Kubuntu 18.04

If you wan’t Googles Chrome browser on Kubuntu 18.04 changes are that you run into an dependency problem when you install the deb package.

I got this result when i tried to install

pva@pva-laptop:~/Downloads$ sudo dpkg -i google-chrome-stable_current_amd64.deb 
Selecting previously unselected package google-chrome-stable.
(Reading database ... 217438 files and directories currently installed.)
Preparing to unpack google-chrome-stable_current_amd64.deb ...
Unpacking google-chrome-stable (76.0.3809.132-1) ...
dpkg: dependency problems prevent configuration of google-chrome-stable:
 google-chrome-stable depends on libappindicator3-1; however:
  Package libappindicator3-1 is not installed.

dpkg: error processing package google-chrome-stable (--install):
 dependency problems - leaving unconfigured
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...
Processing triggers for mime-support (3.60ubuntu1) ...
Errors were encountered while processing:
 google-chrome-stable

To resolve the issue you need to install theses dependencies

sudo apt install libappindicator3-1 libindicator3-7