Linux Administration (Tips & Tricks)

Linux
Administration
Tips & Tricks
Raajeev Tyagi
INSTALLING APACHE WEB SERVER IN CENTOS 7

INSTALL APACHE
To install Apache, issue the following command in the terminal:
yum install httpd
This will install the Apache web server on the CentOS operating system. The
operating system retrieves the files from the internet, so a working network
connection will be necessary.
TURN APACHE ON/OFF

Once installed, Apache will need to be turned on. To simply turn in on, issue the
following command:
service httpd start
Similar to turning Apache on, Apache can be turned off by issuing the following
command:
service httpd stop
RUN APACHE
AT STARTUP
It is very common to run the Apache webserver when the computer first boots up.
To do this simply run the following command in the terminal:
chkconfig httpd on
VIEWING
YOUR WEB PAGES

The firewall on CentOS blocks the httpd service. In order to view the page from
outside the CentOS system you will need to open the firewall to allow outside traffic
to communicate with the httpd (Apache) service. To simply allow the httpd through
the firewall issue the following command:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
or
firewall-cmd --permanent --add-port=80/tcp
This will permanently allow the web server through the firewall
To restart the firewall service, issue the following command in the terminal:
service firewalld restart
You may need to access another computer, or if you are using a virtual machine,
your host computer may do, and navigate in your web browser to the IP address of
your CentOS computer to view the web pages. To obtain your CentOSs IP address,
issue the following command in the terminal:
ip addr
WEB SITE DIRECTORY

The files for the website should reside in the /var/www/html/ directory. You should
place your index.html page here. To tweak Apache, you may want to look at the
configuration file at /etc/httpd/conf.d/welcome.conf.
1.1 APACHE REDIRECT HTTP
TO
HTTPS
Written by Rahul
Apache Leave a Comment
Share it!
1
0
3
0
0
Force Redirect HTTP to HTTPS in Apache Many of sites required to always running with
ssl only. And we need to ensure that every use must access website through ssl. If any user tried
to access website with non-ssl url, He must be a redirect to ssl website. This tutorial will help
you to redirect website to ssl url each time using Apache mod_rewrite module.
1.2 OPTION 1:
Edit website VirtualHost in Apache configuration file and add the following options. Change
www.example.com with your actual domain name.
Redirect permanent / https://www.example.com/
1.3 OPTION 2:
Edit website VirtualHost in Apache configuration file and add the following settings. You may
also add the same settings in .htaccess file under document root of your website.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
If you want to redirect specific url to https. Use following settings. For example if anyone tried
to access always-secure.html file in website. The user must have to access url with ssl.
RewriteEngine On
RewriteRule ^always-secure\.html$ https://www.example.com/always-secure.html
[R=301,L]
1.4 HOW
TO
REMOVE FILE EXTENSION (.PHP, .HTML)
FROM
URL
USING .HTACCESS
Written by Rahul
General Articles 1 Comment
Share it!
1
0
1
0
0
As per SEO experts there are no effect on SEO if your website urls having .php, .htm or .html
extension in there url. But then why we need to remote these extension from urls. As per experts
says and my opinion that there are many pros of not having file extensions in url.
Back-end technology is hidden from end users. But its still not hard to identify
the technology for experts.
The best pros of this is that we can easily change backend technology without
affecting seo of pages.
Read: what is .htaccess File ?
First create a .htaccess file in your server document root and add following values in file as per
your requirement to remove file extension.
1.5 REMOVING .PHP EXTENSION
FROM
URL
For example you need to convert your url from http://example.com/demo.php to

http://example.com/demo. Edit .htaccess file and add following settings.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
1.6 REMOVING .HTML EXTENSION
FROM
URL
For example you need to convert your url from http://example.com/demo.html to

http://example.com/demo. Edit .htaccess file and add following settings.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]
1.7 VIRTUAL HOSTINGS

Confi gure Virtual Hostings to use maltiple domain names.
The example below is set on an environment which the domain name is [server.world], virt
directory[/home/cent/public_html])].
It's necessarry to set Userdir settings for this example, too.
[1] Confi gure Virtual Hostings.
[root@www ~]#
vi /etc/httpd/conf.d/vhost.conf
# create new
# for original domain

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.server.world
</VirtualHost>
# for virtual domain
<VirtualHost *:80>
DocumentRoot /home/cent/public_html
ServerName www.virtual.host
ServerAdmin webmaster@virtual.host
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
[root@www ~]#
systemctl restart httpd
[2] Create a test page and access to it from a client computer with a web browser. It's OK
[cent@www ~]$
vi ~/public_html/virtual.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>
SETTING UP AND SECURING SSH SERVER IN CENTOS

7
SSH SERVICE
IN CENTOS
If you just simply wish to turn on the SSH service in CentOS, issue the following
command:
service sshd start
This will turn on the SSH service and allow users to connect to the computer using
SSH on port 22. Now to turn off this service you could issue the command:
service sshd stop
AUTOMATICALLY RUNNING
THE SSH SERVICE

If you wish to have the SSH daemon run automatically as the computer boots up,
issue the command:
chkconfig sshd on
To make edits to
/etc/ssh/sshd_config.
the
configuration
of
SSH
edit
the
file
located
at
CHANGE SSH DEFAULT
PORT AND DISABLE ROOT LOGIN

In this case youll need to edit sshd_config file which is the main configuration file
of SSH service in your server. You can either use vi or nano to edit it. In this example
I use vi editor:
vi /etc/ssh/sshd_config
Then find following lines:
#port 22
Remove the # symbol and change the 22 (it is default port) to any number
between 1025 and 65536, for example is port 22000. Example:
port 22000
Next, also find:
#PermitRootLogin yes
Remove the # symbol and change yes to no
PermitRootLogin no
Next, find this line as well:
#UseDNS yes
Remove the # symbol and change yes to no
UseDNS no
Dont close vi editor just yet, now proceed to the next step:
ALLOW
NEW USER TO LOGIN VIA SSH TO YOUR SERVER

Simply add this line in the very bottom of that file:
AllowUsers newuser
Of course you have to replace newuser with your own username. Once done, save
the file.
DISABLE PROTOCOL 1
SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is
less secure and should be disabled unless you know that you specifically require it.
Look for the following line in config file:
# Protocol 2,1
Remove the # symbol and use only protocol 2
Protocol 2
RELOAD SSH SERVICE

To make sure the new configuration is used by the service, simply reload SSH by
using this command:
/etc/init.d/sshd reload
It should return with the OK message.
Give it a try! I assumed currently you are still logging in as root. Dont close the SSH
session yet before you test it and make sure all the settings you defined in SSH
config file really works. Now launch another Terminal windows or launch another
Putty instance then login using new SSH port, new username, and of course new
password.
You might not be able to login using new SSH port and new username. If that is the
case then make the necessary changes to port forwarding in your router and any
applicable firewall rules.
CHANGE FIREWALL
RULES ON CENTOS
On CentOS 7 you need to change firewalld:
$ firewall-cmd --add-port 22000/tcp
$ firewall-cmd --add-port 22000/tcp --permanent

On CentOS 6 and above you should also update selinux, labeling the chosen port
correctly, otherwise sshd will be prevented from accessing it. For example:
$ semanage port a t ssh_port_t p tcp 22000 #SSH Port Changed
Because SSH is no longer listening for connections on the standard port, you will
need to tell your client what port to connect on.
FILTER SSH
AT THE FIREWALL
If you only need remote access from one IP address (say from work to your home
server), then consider filtering connections at your firewall by either adding a
firewall rule on your router or in iptables to limit access on port 22 to only that
specific IP address. For example, in iptables this could be achieved with the
following type of rule:
iptables A INPUT p tcp s 72.232.194.162 --dport 22 j ACCEPT
SSH also natively supports TCP wrappers and access to the SSH service may be
similarly controlled using hosts.allow and hosts.deny.
If you are unable to limit source IP addresses, and must open the SSH port globally,
then iptables can still help prevent brute-force attacks by logging and blocking
repeated attempts to login from the same IP address. For example,
iptables A INPUT p tcp --dport 22 m state --state NEW m recent --set --name
ssh --rsource
iptables A INPUT p tcp --dport 22 m state --state NEW m recent ! --rcheck
--seconds 60 --hitcount 4 --name ssh --rsource j ACCEPT
The first rule records the IP address of each new attempt to access port 22 using the
recent module. The second rule checks to see if that IP address has attempted to
connect 4 or more times within he last 60 seconds, and if not then the packet is
accepted. Note this rule would require a default policy of DROP on the input chain.
Dont forget to change the port as appropriate if you are running SSH on a nonstandard port. Where possible, filtering at the firewall is an extremely effective
method of securing access to an SSH server.
USE PUBLIC/PRIVATE KEYS
FOR AUTHENTICATION
Using encrypted keys for authentication offers two main benefits. Firstly, it is
convenient as you no longer need to enter a password (unless you encrypt your
keys with password protection) if you use public/private keys. Secondly, once
public/private key pair authentication has been set up on the server, you can
disable password authentication completely meaning that without an authorized key
you cant gain access so no more password cracking attempts.
Its a relatively simple process to create a public/private key pair and install them
for use on your SSH server.
First, create a public/private key pair on the client that you will use to connect to the
server (you will need to do this from each client machine from which you connect):
$ ssh-keygen t rsa
This will create two files in your hidden ~/.ssh directory called: id_rsa and
id_rsa.pub. The first: id_rsa is your private key and other: id_rsa.pub is your
public key.
If you dont want to still be asked for a passphrase (which is basically a password to
unlock a given public key) each time you connect, just press enter when asked for
a passphrase when creating the key pair. It is up to you to decide whether or not
you should add the passphrase protective encryption to your key when you create
it. If you dont passphrase protect your key, then anyone gaining access to your
local machine will automatically have ssh access to the remote server. Also, root on
the local machine has access to your keys although one assumes that if you cant
trust root (or root is compromised) then youre in real trouble. Encrypting the key
adds additional security at the expense of eliminating the need for entering a
password for the ssh server only to be replaced with entering a passphrase for the
use of the key. This may be further simplified by the use of the ssh_agent program.
Now set permissions on your private key:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
Copy the public key (id_rsa.pub) to the server and install it to the authorized_keys
list:
$ cat id_rsa.pub >> ~/.ssh/authorized_keys
Note: Once youve imported the public key, you can delete it from the server.
And finally set file permissions on the server:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
The above permissions are required
/etc/ssh/sshd_config (the default).
if
StrictModes
is
set
to
yes
in
Ensure the correct SELinux contexts are set:

$ restorecon Rv ~/.ssh
Now when you login to the server you wont be prompted for a password (unless
you entered a passphrase when you created your key pair). By default, ssh will first
try to authenticate using keys. If no keys are found or authentication fails, then ssh
will fall back to conventional password authentication.
Once youve checked you can successfully login to the server using your
public/private key pair, you can disable password authentication complete by
adding the following setting to your /etc/ssh/sshd_config file:
# Disable password authentication forcing use of keys
PasswordAuthentication no
CHANGE DEFAULT RUNLEVEL IN CENTOS 7 / RHEL 7

In CentOS 7 / RHE 7, system uses targets instead of run-levels /etc/inittab is no
more used by system to change the run levels. This guide will help you to set up
default runlevel in CentOS 7 / RHEL 7.
Default runlevel can be set either by using the systemctl command or make
symbolic link of runlevel targets to default target file.
METHOD 1
Lets check the current run level by issuing the following command.
systemctl get-default
graphical.target
Before changing the default runlevel, we have to check out the available targets.
# systemctl list-units --type=target
Output will look like below.
UNIT
LOAD ACTIVE
SUB DESCRIPTION
basic.target
loaded
active active Basic System
cryptsetup.target
loaded
active active Encrypted Volumes
getty.target
loaded
active active Login Prompts
graphical.targetloaded
active active Graphical Interface
local-fs-pre.target
loaded
active active Local File Systems (Pre)
local-fs.target loaded
active active Local File Systems
multi-user.target
loaded
active active Multi-User System
network.target loaded
active active Network
nfs.target
loaded
active active Network File System Server
paths.target
loaded
active active Paths
remote-fs.target
loaded
active active Remote File Systems
slices.target
loaded
active active Slices
sockets.target loaded
active active Sockets
swap.target
loaded
active active Swap
sysinit.target loaded
active active System Initialization
timers.target loaded
active active Timers
LOAD
ACTIVE
SUB
type.
= Reflects whether the unit definition was properly loaded.

= The high-level unit activation state, i.e. generalization of SUB.
= The low-level unit activation state, values depend on unit
Change default to runlevel 3 (nothing but a multi-user.target).

# systemctl set-default multi-user.target
Confirm the default runlevel.

# systemctl get-default
multi-user.target
Reboot and check it out.
# reboot
METHOD 2
You may noticed the similar output when the systemctl set-default multi-user.target
command is issued. What the command is done is nothing but making symbolic link
of runlevel targets to the default target file.
rm /etc/systemd/system/default.target
ln
s
/usr/lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
Check the current level.
multi-user.target
Before making the symbolic link, lets list out the files in the systemd directory.
# ls /lib/systemd/system/runlevel*target -l
As per the previous step, current default run level 3. Issue the following command
to make symbolic link of runlevel5.target to default.target file.
# ln sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
Or
# ln sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
Again check the current level.
runlevel5.target
Now the default runlevel is 5 (graphical mode), reboot the server and check it out.
# reboot
Thats All!, hope this helped you.
HOW TO CHANGE TIMEZONE ON CENTOS/RHEL

7/6/5
Under CentOS/RHEL systems all timezone settings file are located under
/usr/share/zoneinfo/directory and /etc/localtime is the file used by operating
system to set current timezone for system. So the best way to change time zone of
server is to link /etc/localtime file to correct configuration file under
/usr/share/zoneinfo files.
First check current timezone used by your system using date command.
[root@testserver ~]# date
Fri Jan 2 05:10:00 EST 2015
As per above example our system timezone is set to EST.
CHANGE TIMEZONE
IN CENTOS/RHEL 7
In CentOS/RHEL 7 we use timedatectl command to change current timezone of
system. First use following command to list all timezones
# timedatectl list-timezones
Now use following command to change timezone to Asia/Calcutta.
# timedatectl set-timezone Asia/Calcutta
CHANGE TIMEZONE
IN CENTOS/RHEL 6/5
To change timezone on CentOS/RHEL 6/5 we can simply link /etc/localtime file with
correct timezone configuration file. For example we are setting Asia/Calcutta as
our local system timezone.
# mv /etc/localtime /root/localtime.old
# ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime
Your timezone has been changed successfully. Lets check timezone again.
[root@testserver ~]# date
Fri Jan 2 14:10:54 IST 2015
CHANGE HOSTNAME IN CENTOS 7 / RHEL 7

After installing the CentOS 7 on my server, I tried to change host name by
modifying the /etc/sysconfig/network; it did not take an effect of the modification.
Even after multiple reboot of server, the host name remains localhost.localdomain.
the procedure to change the host name in CentOS 7 is now totally different from the
previous version, this guide will help you to setup the host name on CentOS 7 /
RHEL 7.
CENTOS7
SUPPORTS THREE CLASS OF HOST NAMES:

Static The static host name is traditional host which can be chosen by the user
and is stored in /etc/hostname file.
Transient The transient host name is maintained by kernel and can be changed
by DHCP and mDNS.
Pretty It is a free form UTF-8 host name for the presentation to the user.
HOSTNAME
CAN BE,
64 character in a length
Recommend to have FQDN
Consists of a-z, A-Z, 0-9, -, _ and . Only
HOW
TO CHANGE
Before changing the host name, lets check the current host name.
[root localhost ~]# hostname
localhost.localdomain
1. nmtui tool:
NetworkManager tool is used to set the static host name in /etc/hostname file.
nmtui - Select Set HostName
Set the host name.
nmtui Change HostName 2

restart the hostnamed to force the hostnamectl to notice the change in static host
name.
[root localhost ~]# systemctl restart system-hostnamed
You can verify the change in host name.
[root server ~]# hostname
server.itzgeek.com
[root server ~]# cat /etc/hostname
server.itzgeek.com
[root server ~]# cat /etc/sysconfig/network
# Created by anaconda
HOSTNAME=server.itzgeek.com
2. hostnamectl:
hostnamectl is used to change the host name, with this tool we can change all the
three class of host name; here we look only static host name.
Check the current host name.
[root server ~]# hostnamectl status
Static hostname: server.itzgeek.com
Icon name: computer-vm
Chassis: vm
Machine ID: 565ea8b749544aca9d5563308f9e4bc2
Boot ID: 5c979d9b5f754df8b75a4e3aeabf2bad
Virtualization: vmware
Operating System: CentOS Linux 7 Core
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-123.el7.x86_64
Architecture: x86_64
Set the hostname.
[root server ~]# hostnamectl set-hostname client.itzgeek.com
Check the host name again (Close the session and open new session using putty or
console)
[root client ~]# hostnamectl status
Static hostname: client.itzgeek.com

Icon name: computer-vm
Chassis: vm
Machine ID: 565ea8b749544aca9d5563308f9e4bc2
Boot ID: 5c979d9b5f754d8b75a4e3aeabf2bad
Virtualization: vmware
Operating System: CentOS Linux 7 Core
CPE OS Name: cpe:/0:centos:centos:7
Kernel: Linux 3.10.0-123.el7.x86_64
Architecture: x86_64
If you use this command, you do not require to notify the change in host name.
Close the current session and re launch the terminal.
3. nmcli tool:
it can be used to query and setup the static host name in /etc/hostname file.
Check the hostname.
[root client ~]# nmcli general hostname
client.itzgeek.com
change the host name.
[root client ~]# nmcli general hostname server.itzgeek.com
Restart the hostnamed to force the hostnamectl to notice the change in static host
name.
[root client ~]# systemctl restart system-hostnamed
4. Edit /etc/hostname
This is the simple, but requires a reboot of server to take an effect.
Note: Use the hostnamectl to change the host name, which fair better than other
commands and does not require to update the kernel about the change in host
name.
One configuration you may want to change in the /etc/ssh/sshd_config file is too
take advantage of this templates design, use the Styles gallery on the Home tab.
You can format your headings by using heading styles, or highlight important text
using other styles, like Emphasis and Intense Quote. These styles come in formatted
to look great and work together to help communicate your ideas.
Go ahead and get started.
1.8 HOW
TO CREATE
Written by Rahul
BINARY FILE
FROM
SHELL SCRIPT
Bash Shell Leave a Comment

Share it!
1
0
3
0
0
While working with the Linux systems, we used many of commands on daily basis. Most of the
commands are available in binary format in /bin, /sbin , /usr/bin, /usr/sbin, etc directories. As a
system administrator or student we wrote many of shell script to do few task or automate them.
This article will help you to create binary file of your shell script, so no one can see the source
code of your script and we can use them as a command. To create binary file from a script we use
SHC compiler written by Francisco Javier Rosales Garca.
Follow the below steps to do this.
1.9 INSTALL REQUIRED PACKAGES

First we need to install required packages for SHC compiler.
1.9.1 For Ubuntu, Debian and LinuxMint
$ apt-get install libc6-dev
1.9.2 For CentOS, RHEL & Fedora

$ yum install glibc-devel
1.10DOWNLOAD
AND INSTALL
SHC:
Download the latest source code of SHC compiler from its official webpage or using below
commands and extract on your system.
$ cd /usr/src
$ wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz
$ tar xzf shc-3.8.9.tgz
Now compile the SHC source code on your system and install it using following command.
$ cd shc-3.8.9
$ make
$ make install
1.11CREATE SHELL SCRIPT:

Lets create a shell script as per your requirement or skip this step if you already created. For this
article we have created below sample script which add the integer values given on command line
parameter and show the sum of them.
vim script.sh
#!/bin/bash
total=0
for i in $@; do
if [ ! -z "${i##[0-9]*}" ]; then
echo "Please enter numeric only"
exit 1
fi
total=$(($total + $i))
done
if [ $total -eq 0 ]; then
echo "Plesae execute script like: $0 10 20 30"
exit 0
fi
echo $total
1.12CREATE BINARY
OF
SCRIPT:
At this stage we have installed SHC compiler and have a shell script named script.sh. Use the
following command to create binary file of your script.
$ shc -T -f script.sh
The above command will create two files in current directory. One will be script.sh.x.c which is
in C language format of your script. Second one will be script.sh.x which will be in binary
format.
1.13TEST BINARY SCRIPT:

If you try to open binary format of script, you will see that it is not in human readable format.
Now move this script under /usr/bin directory to use from anywhere in system. Also remove .sh.x
from file name. So it will be available with simple name. Also set the execute permissions to
everyone
$ mv script.sh.x /usr/bin/script
$ chmod +x /usr/bin/script
Now type command script from anywhere in system. You will see the same results as your shell
script does.
$ script 10 20 30
60
1.14BASH SCRIPT PROMPT
TO
CONFIRM (Y/N, YES/NO)
Written by Rahul
Bash Shell Leave a Comment
Share it!
0
0
0
0
0
Many times you have seen commands ask for confirmation [Y/n] or [Yes/No] input. This is very
useful part to know if user wants to proceed for remaining steps for not. You can also add the
same function to your script. This article will help you with examples for this type of inputs.
1.15EXAMPLE 1: PROMPT
FOR
CONFIRMATION (ONCE)
This example code will prompt for confirm once if you give wrong input, program will exit with
status 1. This example will accept only Y or N or YES or NO (Not case-sensitive) .
#!/bin/bash
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."

exit 1
;;
esac
1.16EXAMPLE 2: PROMPT
FOR
CONFIRMATION (IN LOOP)
This example code will prompt for confirmation until you give proper input like (Y, N, YES or
NO). If you give wrong input, it will again prompt for correct input and repeat the same steps.
This example will accept only Y or N or YES or NO (Not case-sensitive) .
#!/bin/bash
while true:
do
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
;;
[nN][oO]|[nN])
echo "No"
;;
*)
esac
echo "Invalid input..."

;;
done
1.17HOW
TO INCREASE
Written by Rahul
MAX OPEN FILE LIMIT
IN
LINUX SYSTEM
Filesystem Leave a Comment

Share it!
0
0
0
Some times we faced issue some think like Too many open files on heavy load server. It means
our server has hits max open file limit. Now question is how can I increase open file limit on
Linux. For your answer follow below article, I will help you for managing Open
1.18CHECK CURRENT OPEN FILE LIMIT

Q. How to check current open file limit in Linux system ?
A. Use following command to check open file limit in Linux system.
# cat /proc/sys/fs/file-max
50000
1.19INCREASE OPEN FILE LIMIT
IN
LINUX
We can increase open file limit temporarily or permanently as per our requirement. If we need
changes just for testing, then increase limit temporarily.
1.19.1
Temporarily Increase Open File Limit
Q. How to increase open file limit in temporarily on Linux system ?

A. Use one of following commands to temporarily increase open file limit on Linux system.
These setting will lost after system reboot.
# sysctl -w fs.file-max=500000
[or]
# echo "500000" > /proc/sys/fs/file-max
1.19.2
Permanently Increase Open File Limit
Q. How to increase open file limit in permanently on Linux system ?

A. Edit /etc/sysctl.conf and append following configuration to permanently increase open file
limit on Linux system. These setting will remain even after system reboot.
# vim /etc/sysctl.conf
fs.file-max = 500000
after appending configuration in file execute following command to changes take effect.
# sysctl p
2 HOW TO INCREASE SWAP IN LINUX/CENTOS/REDHAT

RAJ DECEMBER 7, 2012 0 COMMENTS CENTOS, FILESYSTEM. UBUNTU, LINUX, REDHAT, SWAP
http://www.itzgeek.com/how-tos/linux/centos-how-
tos/how-to-increase-swap-in-linux.html
Hi here we will go to know about the swap file system, and how to increase?
First thing, what is swap?
Swap is one type of file system (id=82), which is used as the virtual ram for the system, it
provide the extra memory resource to system when it required. In windows its called
pagefile.sys, and this file system will be created manually or automatically during
installation of operating system.
Once swap file system created, you may want to increase the swap space. For that you can
follow this tutorial.
In two methods we can create the swap space.
Using swap partition

Using swap file
Here we use the first method.

Let check the available swap space.
root@client ~]# swapon -s

Filename Type Size Used Priority
/dev/sda2 partition 2096472 0 -1
I am going to increase the swap form 2GB to 3GB.by the following command also. As per
this command total swap space is 2GB.
[root@client ~]# free -m

total used free shared buffers cached
Mem: 434 427 6 0 17 242
-/+ buffers/cache: 167 266
Swap: 2047 0 2047
As in the above /dev/sda2 is the swap file system. In my machine I dont have any space in
my primary HDD, so I use another HDD for demonstration. But you can use the same HDD
for new swap partition, if you have enough space.
Lets see the HDDs attached to this machine.
[root@client ~]# fdisk -l

Disk /dev/sda: 32.2 GB, 32212254720 bytes
255 heads, 63 sectors/track, 3916 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 274 2096482+ 82 Linux swap / Solaris
/dev/sda3 275 529 2048287+ 83 Linux
/dev/sda4 530 3916 27206077+ 5 Extended
/dev/sda5 530 1549 8193118+ 83 Linux
/dev/sda6 1550 2569 8193118+ 83 Linux
/dev/sda7 2570 2824 2048256 83 Linux
/dev/sda8 2825 3079 2048256 83 Linux
/dev/sda9 3080 3916 6723171 83 Linux
Disk /dev/sdb: 8589 MB, 8589934592 bytes

Disk /dev/sdb doesnt contain a valid partition table
In the above I have one extra HDD with free space, with the help of the HDD I am going to
create the new partition for swap size of 1 GB and assigning the id of 82. The size may be
depending on your swap size requirement.
Let create the partition with id of 82 for swap.
[root@client ~]# fdisk /dev/sdb

Device contains neither a valid DOS partition table, nor Sun, SGI
or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content wont be recoverable.
The number of cylinders for this disk is set to 1044.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
(e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected
by w(rite)
Command (m for help): p
> To See the Details


Command (m for help): n -> To create the new partition
Command action
e extended
p primary partition (1-4)
p
>To create the Primary Partition
Partition number (1-4): 1 > Partition Number

First cylinder (1-1044, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-1044, default
1044): +1000M
Command (m for help):
Command (m for help): p > List the Partition
/dev/sdb1 1 123 987966 83 Linux
Command (m for help): t > Change the partition ID
Selected partition 1
Hex code (type L to list codes): l > List the code
0 Empty 1e Hidden W95 FAT1 80 Old Minix bf Solaris
1 FAT12 24 NEC DOS 81 Minix / old Lin c1 DRDOS/sec (FAT2 XENIX root 39 Plan 9 82 Linux swap / So c4 DRDOS/sec (FAT3 XENIX usr 3c PartitionMagic 83 Linux c6 DRDOS/sec (FAT4 FAT16 <32M 40 Venix 80286 84 OS/2 hidden C: c7 Syrinx
5 Extended 41 PPC PReP Boot 85 Linux extended da Non-FS data
6 FAT16 42 SFS 86 NTFS volume set db CP/M / CTOS / .
7 HPFS/NTFS 4d QNX4.x 87 NTFS volume set de Dell Utility
8 AIX 4e QNX4.x 2nd part 88 Linux plaintext df BootIt
9 AIX bootable 4f QNX4.x 3rd part 8e Linux LVM e1 DOS access
a OS/2 Boot Manag 50 OnTrack DM 93 Amoeba e3 DOS R/O
b W95 FAT32 51 OnTrack DM6 Aux 94 Amoeba BBT e4 SpeedStor
c W95 FAT32 (LBA) 52 CP/M 9f BSD/OS eb BeOS fs
e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a0 IBM Thinkpad hi ee EFI GPT
f W95 Extd (LBA) 54 OnTrackDM6 a5 FreeBSD ef EFI (FAT-12/16/
10 OPUS 55 EZ-Drive a6 OpenBSD f0 Linux/PA-RISC b
11 Hidden FAT12 56 Golden Bow a7 NeXTSTEP f1 SpeedStor
12 Compaq diagnost 5c Priam Edisk a8 Darwin UFS f4 SpeedStor
14 Hidden FAT16 <3 61 SpeedStor a9 NetBSD f2 DOS secondary
16 Hidden FAT16 63 GNU HURD or Sys ab Darwin boot fb VMware VMFS
17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fc VMware VMKCORE
18 AST SmartSleep 65 Novell Netware b8 BSDI swap fd Linux raid auto
1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid fe LANstep
1c Hidden W95 FAT3 75 PC/IX be Solaris boot ff BBT
Hex code (type L to list codes): 82 > Id for swap

Changed system type of partition 1 to 82 (Linux swap / Solaris)
Command (m for help): p > List the partitions
/dev/sdb1 1 123 987966 82 Linux swap / Solaris
Command (m for help): w > Write the changes
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.
Tell the changes to kernel.
[root@client ~]# partprobe

Confirm the created partition.
[root@client ~]# fdisk -l
Disk /dev/sda: 32.2 GB, 32212254720 bytes
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 274 2096482+ 82 Linux swap / Solaris
/dev/sda3 275 529 2048287+ 83 Linux
/dev/sda4 530 3916 27206077+ 5 Extended

/dev/sda5 530 1549 8193118+ 83 Linux
/dev/sda6 1550 2569 8193118+ 83 Linux
/dev/sda7 2570 2824 2048256 83 Linux
/dev/sda8 2825 3079 2048256 83 Linux
/dev/sda9 3080 3916 6723171 83 Linux
/dev/sdb1 1 123 987966 82 Linux swap / Solaris
Make the swap partition using following command.
[root@client ~]# mkswap /dev/sdb1

Setting up swapspace version 1, size = 1011671 kB
Enable it using following command.
[root@client ~]# swapon /dev/sdb1

List the swap space available on the machine.
[root@client ~]# swapon -s
/dev/sdb1 partition 987956 0 -2
In the above you can find /dev/sdb1 has activated and serves the swap resource to the
machine with /dev/sda2.
Use the following command to see the memory available on the machine. In the follow you
will be able see the actual memory and virtual memory also.

Mem: 434 430 3 0 17 246
Swap: 3012 0 3012
As per the above total size of swap is 3GB, this is as per our requirement.
If would like to off the swap, you can use the following command.
[root@client ~]# swapoff /dev/sda2

List the swap space. Because we swap off the above one, you will be able to see he one
swap partition which we created now.

/dev/sdb1 partition 987956 0 -2
In normal case, if you restart the server the swap will not get on automatically. So put it
on /etc/fstab
[root@client ~]# vi /etc/fstab

LABEL=/ / ext3 defaults 1 1
LABEL=/tmp /tmp ext3 defaults 1 2
LABEL=/home /home ext3 defaults,usrquota,grpquota 1 2
LABEL=/usr /usr ext3 defaults 1 2
LABEL=/var /var ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0

proc /proc proc defaults 0 0
LABEL=SWAP-sda2 swap swap defaults 0 0
/dev/sda9 /opt ext3 defaults 0 0
###########New Swap Partion###############
/dev/sdb1 swap swap defaults 0 0
Reboot the server.
[root@client ~]# reboot

Verify it.

Mem: 434 430 3 0 17 246
Swap: 3012 0 3012
If you want to make the priority of swap usage by system, use the following command. High
priority will be use more by system. High=10 low= -10.
[root@client ~]# swapon -p 10 /var/swapfile

Verify the priority.

/dev/sdb1 partition 1023992 0 10
Thats all
3 HOW TO INSTALL MEMCACHED ON CENTOS 6 / RHEL 6

RAJ MARCH 26, 2012 0 COMMENTS CACHE, CENTOS, CENTOS 6, MEMCACHE, MEMCACHED, RHEL, RHEL 6
Free & open source, high-performance, distributed memory object

caching system, generic in nature, but intended for use in speeding up dynamic web
applications by alleviating database load.Memcached is an in-memory key-value store for
small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or
page rendering.
Memcached is simple yet powerful. Its simple design promotes quick deployment, ease
of development, and solves many problems facing large data caches. Its APIis available for
most popular languages.
Here is the simple steps to install Memcached on CentOS 6.
Open Terminal and then switch to root user.
[raj@geeksite~/]$ su -l
3.1.1.1 Install Memcached:

Install Memcached using the following command.
[root@geeksite~/]# yum install memcached
Edit Memcached configuration file to change / enable the features.

[root@geeksite~/]# vi /etc/sysconfig/memcached
There are some default settings available in the configuration file, change it (if necessary).
The following is example settings for 256MB caching.
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="256"
OPTIONS=""
Start Memcached.
[root@geeksite~/]# /etc/init.d/memcached restart
To auto-start Memcached on booting.

[root@geeksite~/]# chkconfig memcached on
Confirm the Memcached running status.

[root@geeksite~/]# memcached-tool 127.0.0.1:11211 stats
#127.0.0.1:11211
Field
Value
accepting_conns
1
auth_cmds
0
auth_errors
0
bytes
0
bytes_read
7
bytes_written
0
cas_badval
0
cas_hits
0
cas_misses
0
cmd_flush
0
cmd_get
0
cmd_set
0
conn_yields
0
connection_structures
11
curr_connections
10
curr_items
0
decr_hits
0
decr_misses
0
delete_hits
0
delete_misses
0
evictions
0
get_hits
0
get_misses
0
incr_hits
0
incr_misses
0
limit_maxbytes
67108864
listen_disabled_num
0
pid
29594
pointer_size
64
rusage_system
0.002999
rusage_user
0.000000
threads
4
time 1332048624
total_connections
11
total_items
0
uptime
85
version
1.4.4
3.1.1.2 Iptables entry:

Add the following entry to allow the incoming connection on port no 11211.
-A INPUT -m state --state NEW -m tcp -p tcp --dport 11211 -j ACCEPT
Check the remote connectivity.

[root@geeksite~/]# echo stats | nc memcache_host_name_or_ip 11211
3.1.1.3 Install PHP Module:

Install Memcached PHP module to work with PHP5.
[root@geeksite~/]# yum install php php-pecl-memcache
Now restart the Memcached and Apache server to take effect.

[root@geeksite~/]# /etc/init.d/memcached restart
[root@geeksite~/]# /etc/init.d/httpd restart
Thats all!
4SETTING UP DNS SERVER

ON CENTOS 7
SK
AUGUST 20, 2014
DNS, stands for Domain Name System, translates hostnames or URLs into IP
addresses. For example, if we typewww.unixmen.com in browser, the DNS server
translates the domain name into its associated ip address. Since the IP addresses are
hard to remember all time, DNS servers are used to translate the hostnames like
www.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names
instead of its IP address.
This detailed tutorial will help you to set up a local DNS server on your CentOS 7
system. However, the steps are applicable for setting up DNS server on RHEL and
Scientific Linux 7 too.
5DNS SERVER INSTALLATION

5.1 SCENARIO
For the purpose of this tutorial, I will be using three nodes. One will be acting as Master
DNS server, the second system will be acting as Secondary DNS, and the third will be
our DNS client. Here are my three systems details.
5.1.1.1 Primary (Master) DNS Server Details:
Operating System
: CentOS 7 minimal server
Hostname
: masterdns.unixmen.local
IP Address
: 192.168.1.101/24
5.1.1.2 Secondary (Slave) DNS Server Details:
Operating System
: CentOS 7 minimal server
Hostname
: secondarydns.unixmen.local
IP Address
: 192.168.1.102/24
5.1.1.3 Client Details:
Operating System
: CentOS 6.5 Desktop
Hostname
: client.unixmen.local
IP Address
: 192.168.1.103/24
5.2 SETUP PRIMARY (MASTER) DNS SERVER

Install bind9 packages on your server.
yum install bind bind-utils -y
5.2.1
1. Configure DNS Server
Edit /etc/named.conf file.
vi /etc/named.conf
Add the lines as shown in bold:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
#
listen-on-v6 port 53 { ::1; };

directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ localhost; 192.168.1.0/24;}; ### IP Range ###
allow-transfer{ localhost; 192.168.1.102; };
### Slave DNS IP ###
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to

enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to do so
will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
5.2.2
Create
2. Create Zone files

forward
and
reverse
zone
files
which
the /etc/named.conf file.

5.2.2.1 2.1 Create Forward Zone
Create forward.unixmen file in the /var/named directory.
we
mentioned
in
vi /var/named/forward.unixmen
Add the following lines:
$TTL 86400
@
IN
SOA
masterdns.unixmen.local. root.unixmen.local. (
2011071001
;Serial
3600
;Refresh
1800
;Retry
604800
;Expire
86400
;Minimum TTL
)
@
IN
NS
masterdns.unixmen.local.
IN
NS
secondarydns.unixmen.local.
IN
192.168.1.101
IN
192.168.1.102
IN
192.168.1.103
masterdns
IN
192.168.1.101
secondarydns
IN
192.168.1.102
client
IN
192.168.1.103
5.2.2.2 2.2 Create Reverse Zone

Create reverse.unixmen file in the /var/named directory.
vi /var/named/reverse.unixmen
Add the following lines:
$TTL 86400
@
IN
SOA
masterdns.unixmen.local. root.unixmen.local. (
2011071001
;Serial
3600
;Refresh
1800
;Retry
604800
;Expire
86400
;Minimum TTL
)
@
IN
NS
IN
NS
IN
PTR
unixmen.local.
masterdns
IN
192.168.1.101
secondarydns
IN
192.168.1.102
client
IN
192.168.1.103
101
IN
PTR
102
IN
PTR
103
IN
PTR
client.unixmen.local.
5.2.3
3. Start the DNS service
Enable and start DNS service:
systemctl enable named

systemctl start named
5.2.4
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/udp
5.2.5
5. Restart Firewall
firewall-cmd --reload
5.2.6
6. Configuring Permissions, Ownership, and SELinux
Run the following commands one by one:
chgrp named -R /var/named

chown -v root:named /etc/named.conf
restorecon -rv /var/named

restorecon /etc/named.conf
5.2.7
7. Test DNS configuration and zone files for any
syntax errors
Check DNS default configuration file:
named-checkconf /etc/named.conf
If it returns nothing, your configuration file is valid.

Check Forward zone:
named-checkzone unixmen.local /var/named/forward.unixmen
Sample output:
zone unixmen.local/IN: loaded serial 2011071001

OK
Check reverse zone:
named-checkzone unixmen.local /var/named/reverse.unixmen
Sample Output:
zone unixmen.local/IN: loaded serial 2011071001

OK
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver
192.168.1.101
Save and close the file.

Restart network service:
systemctl restart network
5.2.8
8. Test DNS Server
dig masterdns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.
IN
;; ANSWER SECTION:
masterdns.unixmen.local. 86400
IN
192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.
86400
IN
NS
unixmen.local.
86400
IN
NS
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN
;; Query time: 0 msec

;; SERVER: 192.168.1.101#53(192.168.1.101)
192.168.1.102
;; WHEN: Wed Aug 20 16:20:46 IST 2014

;; MSG SIZE
rcvd: 125
nslookup unixmen.local
Sample Output:
Server:
Address:
Name:
192.168.1.101
192.168.1.101#53
unixmen.local
Address: 192.168.1.103
Name:
unixmen.local
Address: 192.168.1.101
Name:
unixmen.local
Address: 192.168.1.102
Now the Primary DNS server is ready to use.

It is time to configure our Secondary DNS server.
5.3 SETUP SECONDARY(SLAVE) DNS SERVER

Install bind packages using the following command:
yum install bind bind-utils -y
5.3.1
1. Configure Slave DNS Server
Edit file /etc/named.conf:
vi /etc/named.conf
Make the changes as shown in bold.
//
// named.conf
//
//
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
allow-query
{ localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
5.3.2
2. Start the DNS Service
systemctl enable named

systemctl start named
Now the forward and reverse zones are automatically replicated from Master DNS
server to /var/named/slaves/ in Secondary DNS server.
ls /var/named/slaves/
Sample Output:
unixmen.fwd
5.3.3
unixmen.rev
3. Add the DNS Server details
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
Edit file /etc/resolv.conf,
vi /etc/resolv.conf
Add the name server ip address:
nameserver
192.168.1.101
nameserver
192.168.1.102

Restart network service:
systemctl restart network
5.3.4
4. Firewall Configuration
We must allow the DNS service default port 53 through firewall.
5.3.5
5. Restart Firewall
firewall-cmd --reload
5.3.6
6. Configuring Permissions, Ownership, and SELinux
chgrp named -R /var/named

chown -v root:named /etc/named.conf
restorecon -rv /var/named

restorecon /etc/named.conf
5.3.7
7. Test DNS Server
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local

;; Got answer:
;masterdns.unixmen.local.
IN
;; ANSWER SECTION:
IN
192.168.1.101
unixmen.local.
86400
IN
NS
unixmen.local.
86400
IN
NS
192.168.1.102

;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:04:30 IST 2014
;; MSG SIZE
rcvd: 125
dig secondarydns.unixmen.local
Sample Output:
; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local

;; Got answer:
;secondarydns.unixmen.local.
IN
;; ANSWER SECTION:
192.168.1.102
unixmen.local.
86400
IN
NS
unixmen.local.
86400
IN
NS
IN

;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:05:50 IST 2014
;; MSG SIZE
rcvd: 125
Sample Output:
192.168.1.101
Server:
Address:
Name:
192.168.1.102
192.168.1.102#53
unixmen.local
Address: 192.168.1.101
Name:
unixmen.local
Address: 192.168.1.103
Name:
unixmen.local
Address: 192.168.1.102
5.4 CLIENT SIDE CONFIGURATION

Add the DNS server details in /etc/resolv.conf file in all client systems
vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102
Restart network service or reboot the system.
5.4.1
Test DNS Server
Now, you can test the DNS server using any one of the following commands:
dig secondarydns.unixmen.local
dig client.unixmen.local
Thats all about now. The primary and secondary DNS servers are ready to use.
6 THE PERFECT SERVER CENTOS 7.1 WITH

APACHE2, POSTFIX, DOVECOT, PURE-FTPD,
BIND AND ISPCONFIG 3
6.1.1 On this page
1 Requirements
2 Preliminary Note
3 Set the keyboard layout
4 Adjust /etc/hosts
5 Disable SELinux
6 Enable Additional Repositories And Install Some Software
7 Quota
Enabling quota on the / (root) partition
Enabling quota on a separate /var partition
8 Install Apache, MySQL, phpMyAdmin
This tutorial shows how to install ISPConfig 3 on a CentOS 7.1 (64Bit) server. ISPConfig 3
is a web hosting control panel that allows you to configure the following services
through a web browser: Apache web server, Postfix mail server, MySQL, BIND
nameserver, PureFTPd, SpamAssassin, ClamAV, Mailman, and many more. Since version
3.0.4, ISPConfig comes with full support for the nginx web server in addition to Apache;
this tutorial covers the setup of a server that uses Apache, not nginx.
6.1.2 1 Requirements
To install such a system you will need the following:
A Centos 7.1 minimal server system. This can be a server installed from scratch
as described in our Centos 7.1 minimal server tutorial or a virtual-server or rootserver from a hosting company that has a minimal Centos 7.1 setup installed.
A fast Internet connection.
6.1.3 2 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP
address 192.168.1.100and the gateway 192.168.1.254. These settings might differ for
you, so you have to replace them where appropriate.
6.1.4 3 Set the keyboard layout

In case that the keyboard layout of the server does not match your keybord, you can
switch to the right keyboard (in my case "de" for a german keyboard layout, with the
localectl command:
localectl set-keymap de
To get a list of all available keymaps, run:
localectl list-keymaps
I want to install ISPConfig at the end of this tutorial, ISPConfig ships with the Bastille
firewall script that Ilike to use as firewall, therefor I disable the default CentOS firewall
now. Of course, you are free to leave the CentOS firewall on and configure it to your
needs (but then you shouldn't use any other firewall later on as it will most probably
interfere with the CentOS firewall).
Run...
yum -y install net-tools

systemctl stop firewalld.service
systemctl disable firewalld.service
to stop and disable the CentOS firewall.

Then you should check that the firewall has really been disabled. To do so, run the
command:
iptables -L
The output should look like this:

[root@server1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
Chain OUTPUT (policy ACCEPT)
Or use the firewall-cmd command:
firewall-cmd --state
[root@server1 ~]# firewall-cmd --state

not running
[root@server1 ~]#
Now I will install the network configuration editor and the shell based editor "nano" that
I will use in the next steps to edit the config files:
yum -y install nano wget NetworkManager-tui
If you did not configure your network card during the installation, you can do that now.
Run...
nmtui
... and go to Edit a connection:
Select your network interface:
Then fill in your network details - disable DHCP and fill in a static IP address, a netmask,
your gateway, and one or two nameservers, then hit Ok:
Next select OK to confirm the changes that you made in the network settings
and Quit to close the nmtui network configuration tool.
You should run
ifconfig
now to check if the installer got your IP address right:

[root@server1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.100 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::20c:29ff:fecd:cc52 prefixlen 64 scopeid 0x20
ether 00:0c:29:cd:cc:52 txqueuelen 1000 (Ethernet)

RX packets 55621 bytes 79601094 (75.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 28115 bytes 2608239 (2.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0

inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
If your network card does not show up there, then it not be enabled on boot, In this
case, open the file /etc/sysconfig/network-scripts/ifcfg-eth0
nano /etc/sysconfig/network-scripts/ifcfg-ens33
and set ONBOOT to yes:

[...]
ONBOOT=yes
[...]
and reboot the server.
Check your /etc/resolv.conf if it lists all nameservers that you've previously
configured:
cat /etc/resolv.conf
If nameservers are missing, run
nmtui
and add the missing nameservers again.

Now, on to the configuration...
6.1.5 4 Adjust /etc/hosts

Next we edit /etc/hosts. Make it look like this:
nano /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

192.168.1.100 server1.example.com
server1
::1
localhost localhost.localdomain localhost6 localhost6.localdomain6
6.1.6 5 Disable SELinux

SELinux is a security extension of CentOS that should provide extended security. In my
opinion you don't need it to configure a secure system, and it usually causes more
problems than advantages (think of it after you have done a week of trouble-shooting
because some service wasn't working as expected, and then you find out that
everything was ok, only SELinux was causing the problem). Therefore I disable it (this is
a must if you want to install ISPConfig later on).
Edit /etc/selinux/config and set SELINUX=disabled:
nano /etc/selinux/config
# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
#
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#
targeted - Targeted processes are protected,
mls - Multi Level Security protection.
SELINUXTYPE=targeted
Afterwards we must reboot the system:
reboot
6.1.7 6 Enable Additional Repositories And Install Some Software

First we import the GPG keys for software packages:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
Then we enable the EPEL repository on our CentOS system as lots of the packages that
we are going to install in the course of this tutorial are not available in the official
CentOS 7 repository:
yum -y install epel-release

yum -y install yum-priorities
Edit /etc/yum.repos.d/epel.repo...
nano /etc/yum.repos.d/epel.repo
... and add the line priority=10 to the [epel] section:

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[...]
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
yum -y groupinstall 'Development Tools'
6.1.8 7 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this
chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
yum -y install quota
Now we check if quota is already enabled for the filesystem where the website
(/var/www) and maildir data (var/vmail) is stored. In this example setup, I have one big
root partition, so I search for ' / ':
mount | grep ' / '
[root@server1 ~]# mount | grep ' / '

/dev/mapper/centos-root on / type xfs (rw,relatime,attr2,inode64,noquota)
[root@server1 ~]#
If you have a separate /var partition, then use:
mount | grep ' /var '
instead. If the line contains the word "noquota", then proceed with the following steps
to enable quota.
6.1.9 Enabling quota on the / (root) partition

Normally you would enable quota in the /etc/fstab file, but if the filesystem is the root
filesystem "/", then quota has to be enabled by a boot parameter of the Linux Kernel.
Edit the grub configuration file:
nano /etc/default/grub
search fole the line that starts with GRUB_CMDLINE_LINUX and

add rootflags=uquota,gquota to the commandline parameters so that the resulting
line looks like this:
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/swap vconsole.font=latarcyrheb-sun16
rd.lvm.lv=centos/root crashkernel=auto vconsole.keymap=us rhgb quiet
rootflags=uquota,gquota"
and apply the changes by running the following command.
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_bak
grub2-mkconfig -o /boot/grub2/grub.cfg
and reboot the server.
reboot
Now check if quota is enabled:
mount | grep ' / '
[root@server1 ~]# mount | grep ' / '

/dev/mapper/centos-root on / type xfs
(rw,relatime,attr2,inode64,usrquota,grpquota)
[root@server1 ~]#
When quota is active, we can see "usrquota,grpquota" in the mount option list.
6.1.10
Enabling quota on a separate /var partition
If you have a separate /var partition, then edit /etc/fstab and add ,uquota,gquota to
the / partition (/dev/mapper/centos-var):
nano /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Sep 21 16:33:45 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /
xfs
defaults
11
/dev/mapper/centos-var /var
xfs
defaults,uquota,gquota
12
UUID=9ac06939-7e43-4efd-957a-486775edd7b4 /boot
xfs
defaults
3
/dev/mapper/centos-swap swap
swap defaults
00
Then run
mount -o remount /var

quotacheck -avugm
quotaon -avug
to enable quota. When you get a error that there is no oartition with quota enabled,
then reboot the server before you proceed.
6.1.11
8 Install Apache, MySQL, phpMyAdmin
We can install the needed packages with one single command:
yum -y install ntp httpd mod_ssl mariadb-server php php-mysql php-mbstring phpmyadmin

BIND AND ISPCONFIG 3 - PAGE 2
7.1.1 On this page
9 Install Dovecot
10 Install Postfix
11 Install Getmail
12 Set MySQL Passwords And Configure phpMyAdmin
13 Install Amavisd-new, SpamAssassin And ClamAV
14 Installing Apache2 With mod_php, mod_fcgi/PHP5, PHP-FPM And suPHP
15 Installation of mod_python
16 Install PureFTPd
17 Install BIND
18 Install Webalizer, And AWStats
19 Install Jailkit
20 Install fail2ban
21 Install rkhunter
22 Install Mailman
7.1.2 9 Install Dovecot

Dovecot can be installed as follows:
yum -y install dovecot dovecot-mysql dovecot-pigeonhole
Create a empty dovecot-sql.conf file and symlink:
touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
Now create the system startup links and start Dovecot:
systemctl enable dovecot

systemctl start dovecot
7.1.3 10 Install Postfix

Postfix can be installed as follows:
yum -y install postfix
Then turn off Sendmail and start Postfix and Mariadb (MySQL):
systemctl enable mariadb.service

systemctl start mariadb.service
systemctl
systemctl
systemctl
systemctl
stop sendmail.service
disable sendmail.service
enable postfix.service
restart postfix.service
We disable sendmail to ensure that it does not get started in case it is installed on your
server. So the error message "Failed to issue method call: Unit sendmail.service not
loaded." can be ignored.
7.1.4 11 Install Getmail

Getmail can be installed as follows:
yum -y install getmail
7.1.5 12 Set MySQL Passwords And Configure phpMyAdmin

Set passwords for the MySQL root account:
mysql_secure_installation
[root@server1 tmp]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@server1 tmp]#
Now we configure phpMyAdmin. We change the Apache configuration so that
phpMyAdmin allows connections not just from localhost (by commenting out the two
"Require ip" lines and adding the new line "Require all granted" in the <Directory
/usr/share/phpMyAdmin/> stanza):
nano /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php

#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin

Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Next we change the authentication in phpMyAdmin from cookie to http:
nano /etc/phpMyAdmin/config.inc.php
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]
Then we create the system startup links for Apache and start it:
systemctl enable httpd.service

systemctl restart httpd.service
Now you can direct your browser

to http://server1.example.com/phpmyadmin/ or http://192.168.0.100/phpmyadmin
/ and log in with the user name root and your new root MySQL password.
7.1.6 13 Install Amavisd-new, SpamAssassin And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:
yum -y install amavisd-new spamassassin clamav clamav-update unzip bzip2 perl-DBDmysql
Edit the freshclam configuration file /etc/freshclam.conf
nano /etc/freshclam.conf
and comment out the line "Example"

[....]
# Example
[....]
Then we start freshclam, amavisd, and clamd.amavisd:
sa-update
freshclam
systemctl enable amavisd.service
7.1.7 14 Installing Apache2 With mod_php, mod_fcgi/PHP5, PHP-FPM

And suPHP
ISPConfig 3 allows you to use mod_php, mod_fcgi/PHP5, cgi/PHP5, and suPHP on a per
website basis.
We can install Apache2 with mod_php5, mod_fcgid, and PHP5 as follows:
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear phpxml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap phptidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid phpcli httpd-devel php-fpm
Next we open /etc/php.ini...
nano /etc/php.ini
... and change the error reporting (so that notices aren't shown any longer), set the
timezone and uncomment cgi.fix_pathinfo=1:
[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PAppp.tldTH_INFO, see the cgi specs.
Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]
date.timezone = 'Europe/Berlin'
[...]
Next we install suPHP (there is a mod_suphp package available in the repositories, but
unfortunately it isn't compatible with ISPConfig, therefore we have to build suPHP
ourselves):
cd /usr/local/src
wget http://suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf suphp-0.7.2.tar.gz
CentOS 7.1 uses apache-2.4, so we need a patch suphp before we can compile it aganst
Apache. The patch gets applied like this:
wget -O suphp.patch
https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.p
atch
patch -Np1 -d suphp-0.7.2 < suphp.patch
cd suphp-0.7.2
autoreconf -if
[root@server1 suphp-0.7.2]# autoreconf -if

libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, `config'.
libtoolize: copying file `config/ltmain.sh'
libtoolize: Consider adding `AC_CONFIG_MACRO_DIR([m4])' to configure.ac
and
libtoolize: rerunning libtoolize, to keep the correct libtool macros intree.
libtoolize: Consider adding `-I m4' to ACLOCAL_AMFLAGS in Makefile.am.
configure.ac:9: warning: AM_INIT_AUTOMAKE: two- and three-arguments forms
are deprecated. For more info, see:
configure.ac:9:
http://www.gnu.org/software/automake/manual/automake.html#ModernizeAM_005fINIT_005fAUTOMAKE-invocation
configure.ac:24: installing 'config/config.guess'
configure.ac:24: installing 'config/config.sub'
configure.ac:9: installing 'config/install-sh'
configure.ac:9: installing 'config/missing'
src/Makefile.am: installing 'config/depcomp'
[root@server1 suphp-0.7.2]#
It will apply the patch, now we can compile the new source as follows:
./configure --prefix=/usr/ --sysconfdir=/etc/ --with-apr=/usr/bin/apr-1-config --withapache-user=apache --with-setid-mode=owner --with-logfile=/var/log/httpd/suphp_log

make
make install
Then we add the suPHP module to our Apache configuration...
nano /etc/httpd/conf.d/suphp.conf
LoadModule suphp_module modules/mod_suphp.so

... and create the file /etc/suphp.conf as follows:
nano /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
Edit the file /etc/httpd/conf.d/php.confto enable php parsing only for phpmyadmin,
roundcube and other system packages in /usr/share but not for websites in /var/www as
ISPConfig will activate PHP for each website individually.
nano /etc/httpd/conf.d/php.conf
change the lines:

<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
to:
<Directory /usr/share>
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
</Directory>
So that the PHP handler is enclosed by the Directory directive.
Enable httpd and PHP-FPM to get started at boot time and start the PHP-FPM service.
systemctl start php-fpm.service

systemctl enable php-fpm.service
systemctl enable httpd.service
Finally we restart Apache:
7.1.8 15 Installation of mod_python

The apache module mod_python is not available as RPM package, therefor we will
compile it from source. The first step is to install the python development files and
download the current mod_python version as tar.gz file
yum -y install python-devel

cd /usr/local/src/
wget http://dist.modpython.org/dist/mod_python-3.5.0.tgz
tar xfz mod_python-3.5.0.tgz
cd mod_python-3.5.0
and then configure and compile the module
./configure
make
make install
and enable the module in apache
echo 'LoadModule python_module modules/mod_python.so' > /etc/httpd/conf.modules.d/10python.conf

7.1.9 16 Install PureFTPd

PureFTPd can be installed with the following command:
yum -y install pure-ftpd
Then create the system startup links and start PureFTPd:
systemctl enable pure-ftpd.service

systemctl start pure-ftpd.service
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure
protocol because all passwords and all data are transferred in clear text. By using TLS,
the whole communication can be encrypted, thus making FTP much more secure.
OpenSSL is needed by TLS; to install OpenSSL, we simply run:
yum install openssl
Open /etc/pure-ftpd/pure-ftpd.conf...
nano /etc/pure-ftpd/pure-ftpd.conf
If you want to allow FTP and TLS sessions, set TLS to 1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#
including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :

# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,

# 3) Only compatible clients will log in.
TLS
[...]
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/,
therefore I create that directory first:
mkdir -p /etc/ssl/private/
Afterwards, we can generate the SSL certificate as follows:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pureftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your
Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit
Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully
Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
Change the permissions of the SSL certificate:
chmod 600 /etc/ssl/private/pure-ftpd.pem
Finally restart PureFTPd:
systemctl restart pure-ftpd.service
That's it. You can now try to connect using your FTP client; however, you should
configure your FTP client to use TLS.
7.1.10
17 Install BIND
We can install BIND as follows:
yum -y install bind bind-utils
Make a backup of the existing /etc/named.conf file and create a new one as follows:
cp /etc/named.conf /etc/named.conf_bak
cat /dev/null > /etc/named.conf
nano /etc/named.conf
//
// named.conf
//
//
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
allow-query
{ any; };
allow-recursion {"none";};
recursion no;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.conf.local";
Create the file /etc/named.conf.local that is included at the end
of /etc/named.conf (/etc/named.conf.local will later on get populated by ISPConfig
if you create DNS zones in ISPConfig):
touch /etc/named.conf.local
Then we create the startup links and start BIND:
systemctl enable named.service

systemctl start named.service
7.1.11
18 Install Webalizer, And AWStats
Webalizer and AWStats can be installed as follows:
yum -y install webalizer awstats perl-DateTime-Format-HTTP perl-DateTime-FormatBuilder
7.1.12
19 Install Jailkit
Jailkit is used to chroot SSH users and cronjobs. It can be installed as follows
(important: Jailkit must be installed before ISPConfig - it cannot be installed
afterwards!):
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
make install
cd ..
rm -rf jailkit-2.17*
7.1.13
20 Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log.
yum -y install iptables-services fail2ban fail2ban-systemd

systemctl mask firewalld.service
systemctl enable iptables.service
systemctl enable ip6tables.service
systemctl stop firewalld.service
systemctl start iptables.service
systemctl start ip6tables.service
Next we create the /etc/fail2ban/jail.local file and enable monitoring for ssh, email and
ftp service.
nano /etc/fail2ban/jail.local
Add the following content into the jail.local file:

[sshd]
enabled = true
action = iptables[name=sshd, port=ssh, protocol=tcp]
[pure-ftpd]
enabled = true
action = iptables[name=FTP, port=ftp, protocol=tcp]
maxretry = 3
[dovecot]
enabled = true
action = iptables-multiport[name=dovecot, port="pop3,pop3s,imap,imaps",
protocol=tcp]
maxretry = 5
[postfix-sasl]
enabled = true
action = iptables-multiport[name=postfix-sasl, port="smtp,smtps,submission",
protocol=tcp]
maxretry = 3
Then create the system startup links for fail2ban and start it:
systemctl enable fail2ban.service

systemctl start fail2ban.service
7.1.14
21 Install rkhunter
rkhunter can be installed as follows:
yum -y install rkhunter
7.1.15
22 Install Mailman
If you like to manage mailinglists with Mailman on your server, then install mailman
now. Mailman is supported by ISPConfig, so you will be able to create new mailinglists
trough ISPConfig later.
yum -y install mailman
Before we can start Mailman, a first mailing list called mailman must be created:
touch /var/lib/mailman/data/aliases
postmap /var/lib/mailman/data/aliases
/usr/lib/mailman/bin/newlist mailman
[root@server1 tmp]# /usr/lib/mailman/bin/newlist mailman

Enter the email of the person running the list: <-- admin email address, e.g. li
stadmin@example.com
Initial mailman password: <-- admin password for the mailman list
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:
## mailman mailing list
mailman:
"|/usr/lib/mailman/mail/mailman
mailman-admin:
mailman-bounces:
mailman-confirm:
mailman-join:
mailman-leave:
mailman-owner:
mailman-request:
mailman-subscribe:
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman
Hit enter to notify mailman owner... <-- ENTER
[root@server1 tmp]#
Open /etc/aliases afterwards...
vi /etc/aliases
post mailman"
admin mailman"
bounces mailman"
confirm mailman"
join mailman"
leave mailman"
owner mailman"
request mailman"
subscribe mailman"
unsubscribe mailman"
... and add the following lines:

[...]
mailman:
"|/usr/lib/mailman/mail/mailman post mailman"
mailman-admin:
"|/usr/lib/mailman/mail/mailman admin mailman"
mailman-bounces:
"|/usr/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:
mailman-join:
"|/usr/lib/mailman/mail/mailman confirm mailman"

"|/usr/lib/mailman/mail/mailman join mailman"
mailman-leave:
"|/usr/lib/mailman/mail/mailman leave mailman"
mailman-owner:
"|/usr/lib/mailman/mail/mailman owner mailman"
mailman-request:
"|/usr/lib/mailman/mail/mailman request mailman"
mailman-subscribe:
"|/usr/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe: "|/usr/lib/mailman/mail/mailman unsubscribe mailman"

Run
newaliases
afterwards and restart Postfix:
systemctl restart postfix.service
Now open the Mailman Apache configuration file /etc/httpd/conf.d/mailman.conf...
nano /etc/httpd/conf.d/mailman.conf
... and add the line ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/.

Comment out Alias /pipermail/ /var/lib/mailman/archives/public/ and add the
line Alias /pipermail /var/lib/mailman/archives/public/:
#
# httpd configuration settings for use with mailman.
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/

ScriptAlias /cgi-bin/mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
#Alias /pipermail/ /var/lib/mailman/archives/public/

Alias /pipermail /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AddDefaultCharset Off
</Directory>
# Uncomment the following line, to redirect queries to /mailman to the

# listinfo page (recommended).
# RedirectMatch ^/mailman[/]*$ /mailman/listinfo

Restart Apache:
Create the system startup links for Mailman and start it:
systemctl enable mailman.service

systemctl start mailman.service
After you have installed ISPConfig 3, you can access Mailman as follows:
You can use the alias /cgi-bin/mailman for all Apache vhosts (please note that suExec
and CGI must be disabled for all vhosts from which you want to access Mailman!),
which means you can access the Mailman admin interface for a list
at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users
of a mailing list can be found at http://<vhost>/cgibin/mailman/listinfo/<listname>.
Under http://<vhost>/pipermail/<listname> you can find the mailing list archives.

BIND AND ISPCONFIG 3 - PAGE 3
8.1.1 On this page
23 Install Roundcube webmail

24 Install ISPConfig 3
25 First ISPConfig Login
25.1 ISPConfig 3 Manual

25 Links
8.1.2 23 Install Roundcube webmail

To install the Roundcube webmail client, run...
yum -y install roundcubemail
Change the roundcubemail configuration file as follows:
nano /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail

Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail

# You can enlarge permissions once configured
#<Directory /usr/share/roundcubemail/>
#
# Apache 2.4
Require local
</IfModule>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from ::1
</IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
# Define who can access the installer

# keep this secured once configured
#<Directory /usr/share/roundcubemail/installer/>
#
# Apache 2.4
Require local
</IfModule>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from ::1
</IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/installer>
Options none
AllowOverride Limit
Require all granted
</Directory>
# Those directories should not be viewed by Web clients.

<Directory /usr/share/roundcubemail/bin/>
Order Allow,Deny
Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>
Restart Apache:
Now we need a database for roundcube mail, we will initialise it as follows:
mysql -u root -p
At mariadb prompt use:
CREATE DATABASE roundcubedb;

CREATE USER roundcubeuser@localhost IDENTIFIED BY 'roundcubepassword';
GRANT ALL PRIVILEGES on roundcubedb.* to roundcubeuser@localhost ;
FLUSH PRIVILEGES;
exit
I am using details for roundcube database as a test, please replace the values as per
your choice for security reasons.
Now we will install the roundcube on browser
at http://192.168.1.100/roundcubemail/installer
Now fill the entries for the
nano /etc/roundcubemail/config.inc.php
<?php
/* Local configuration for Roundcube Webmail */
// ---------------------------------// SQL DATABASE

// ---------------------------------// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql or sqlsrv
// For examples see http://pear.php.net/manual/en/package.database.mdb2.introdsn.php
// NOTE: for SQLite use absolute path: 'sqlite:////full/path/to/sqlite.db?mode=0646'
$config['db_dsnw'] =
'mysql://roundcubeuser:roundcubepassword@localhost/roundcubedb';
// ---------------------------------// IMAP
// ---------------------------------// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)

// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//
required to match old user data records with the new host.
$config['default_host'] = 'localhost';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'FHgaM7ihtMkM1cBwckOcxPdT';
// ---------------------------------// PLUGINS
// ---------------------------------// List of active plugins (in plugins/ directory)
$config['plugins'] = array();
// Set the spell checking engine. Possible values:

// - 'googie' - the default
// - 'pspell' - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'
- install your own After the Deadline server or check with the people at
http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, you need to
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the
'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';
Then press on the button "continue" in the web installer. On the following page, press
on the button "Initialize database".
Finally, disable the Roundecubemail installer. Change the apacheroundcubemail
configuration file:
nano /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
Alias /roundcubemail /usr/share/roundcubemail

Alias /webmail /usr/share/roundcubemail
# Define who can access the Webmail

# You can enlarge permissions once configured
#<Directory /usr/share/roundcubemail/>
#
# Apache 2.4
Require local
</IfModule>
# Apache 2.2
Order Deny,Allow
Deny from all
#
#
Allow from ::1

</IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
# Define who can access the installer

# keep this secured once configured
<Directory /usr/share/roundcubemail/installer/>
# Apache 2.4
Require local
</IfModule>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from ::1
</IfModule>
</Directory>
# Those directories should not be viewed by Web clients.

<Directory /usr/share/roundcubemail/bin/>
Order Allow,Deny
Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>
~
Restart Apache:
8.1.3 24 Install ISPConfig 3

Download the current ISPConfig 3 version and install it. The ISPConfig installer will
configure all services like Postfix, Dovecot, etc. for you. A manual setup as required for
ISPConfig 2 is not necessary anymore.
You now also have the possibility to let the installer create an SSL vhost for the
ISPConfig control panel, so that ISPConfig can be accessed usinghttps:// instead
of http://. To achieve this, just press ENTER when you see this question: Do you want
a secure (SSL) connection to the ISPConfig web interface (y,n) [y]:.
To install ISPConfig 3 from the latest released version, do this:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
The next step is to run
php -q install.php
This will start the ISPConfig 3 installer:

[root@server1 install]# php -q install.php
------------------------------------------------------------------------------_____ ___________
_____
__ _
____
|_
_/ ___| ___ \ / __ \
/ _(_)
/__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _
_/ /
| | `--. \ __/ | |
/ _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / |
| \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_|
\____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
-------------------------------------------------------------------------------
>> Initial configuration

Operating System: Redhat or compatible, unknown version.
Following will be a few questions for primary configuration so be care
ful.
Default values are in [brackets] and can be accepted with <ENTER>.
Tap in "quit" (without the quotes) to stop the installer.
Select language (en,de) [en]: <-- ENTER

Installation mode (standard,expert) [standard]: <-- ENTER
Full qualified hostname (FQDN) of the server, eg server1.domain.tld
er1.example.com]: <-- ENTER
MySQL server hostname [localhost]: <-- ENTER
MySQL root username [root]: <-- ENTER
MySQL root password []: <-- yourrootsqlpassword
MySQL database to create [dbispconfig]: <-- ENTER
MySQL charset [utf8]: <-- ENTER
Generating a 2048 bit RSA private key
..........................................................+++
[serv
................................+++
writing new private key to 'smtpd.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN
.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n)
[y]: <-- ENTER
Generating RSA private key, 4096 bit long modulus
.....................++
.......++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN
.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: <-- ENTER

State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: <-- ENTER
An optional company name []: <-- ENTER
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping mysqld:
Starting mysqld:
Shutting down postfix:
Starting postfix:
Stopping saslauthd:
Starting saslauthd:
Waiting for the process [1424] to terminate
Shutting down amavisd: Daemon [1424] terminated by SIGTERM
amavisd stopped
Starting amavisd:
[ OK ]
[ OK ]
[ OK ]
[ OK ]
[FAILED]
[ OK ]
OK
OK
Stopping clamd.amavisd:
[
Starting clamd.amavisd:
[
Stopping Dovecot Imap:
[
Starting Dovecot Imap:
[
Stopping httpd:
[
[Thu Mar 14 14:12:32 2013] [warn] NameVirtualHost *:80 has no
Starting httpd:
[
Stopping pure-ftpd:
[
Starting pure-ftpd:
[
Installation completed.
[root@server1 install]#
OK ]
OK ]
OK ]
OK ]
OK ]
VirtualHosts
OK ]
OK ]
OK ]
The error message "usage: doveadm [-Dv] [-f <formatter>] <command> [<args>]" can
be ignored, in case that you get it during ispconfig installation.
To fix the Mailman errors you might get during the ISPConfig installation,
open /usr/lib/mailman/Mailman/mm_cfg.py...
vi /usr/lib/mailman/Mailman/mm_cfg.py
... and set DEFAULT_SERVER_LANGUAGE = 'en':

[...]
#------------------------------------------------------------# The default language for this server.
DEFAULT_SERVER_LANGUAGE = 'en'
[...]
Restart Mailman:
systemctl restart mailman.service
Afterwards you can access ISPConfig 3

under http(s)://server1.example.com:8080/ or http(s)://192.168.1.100:8080/ (
http or httpsdepends on what you chose during installation). Log in with the
username admin and the password admin (you should change the default password
after your first login):
8.1.4 25 First ISPConfig Login

Afterwards you can access ISPConfig 3
under http(s)://server1.example.com:8080/ or http(s)://192.168.0.100:8080/ (
http orhttps depends on what you chose during installation).
Log in with the username admin and the password admin (you should change the default
password after your first login):
Next we have to adjust the BIND configuartion paths in ISPConfig. Click on "System" in
the upper menu, then on "Server config" in the right menu. In the list that appears then
on the left side, click on the server name.
Go to the "DNS" tab of the form:
and enter the DNS paths as follows:

BIND zonefiles directory: /var/named
BIND named.conf path: /etc/named.conf
BIND named.conf.local path: /etc/named.conf.local
The system is now ready to be used.
8.1.4.1 25.1 ISPConfig 3 Manual

In order to learn how to use ISPConfig 3, I strongly recommend to download the
ISPConfig 3 Manual.
On more than 300 pages, it covers the concept behind ISPConfig (admin, resellers,
clients), explains how to install and update ISPConfig 3, includes a reference for all
forms and form fields in ISPConfig together with examples of valid inputs, and provides
tutorials for the most common tasks in ISPConfig 3. It also lines out how to make your
server more secure and comes with a troubleshooting section at the end.
8.1.5 25 Links
CentOS: http://www.centos.org/
ISPConfig: http://www.ispconfig.org/
9 CENTOS 6 - APACHE AND PHP INSTALL
Article ID: 92
Last updated on October 15, 2015
Authored by: Rackspace Support
This article demonstrates how to install Apache and PHP on CentOS 6.
9.1 CONTENTS
1 CentOS - Installing Apache and PHP5
2 Apache Install
3 ServerName
4 Firewall
5 Default Page
6 Chkconfig
7 PHP5 Install
8 Almost
9.2 CENTOS - INSTALLING APACHE AND PHP5

CentOS comes with Apache v.2.2.3 and PHP v.5.1.6 and they are easily installed via the default CentOS
Package Manager, yum.
The advantage of using yum (as opposed to installing via source code) is that you will get any security
updates (if and when distributed) and dependencies are automatically taken care of.
9.3 APACHE INSTALL

A basic Apache install is very easy:
sudo yum install httpd mod_ssl
Oddly, the server does not start automatically when you install it so you have to do this by hand:
sudo /usr/sbin/apachectl start
The first thing you will see is this error:
Starting httpd: httpd: Could not reliably determine the server's fully
qualified domain name,
using 127.0.0.1 for ServerName
As you can see, the address 127.0.0.1 (or whatever address you see there, usually your main IP address)
is used as the server name by default. It's a good idea to set the ServerName for the next time the server
is started.
Open the main Apache config:
sudo nano /etc/httpd/conf/httpd.conf
Towards the end of the file you'll find a section that starts with ServerName and gives the example:
#ServerName www.example.com:80
All you need to do is enter your Cloud Server host name or a fully-qualified domain name:
ServerName demo
Note that my Cloud Server host name is demo.
Now just reload Apache:
sudo /usr/sbin/apachectl restart
And the warning has gone.
9.4 FIREWALL
Notice that in some versions of CentOS, a firewall is installed by default which will block access to port
80, on which Apache runs. The following command will open this port:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Remember to save your firewall rules after adding that instruction so your web server will be accessible
the next time you reboot:
sudo service iptables save
For more information on firewalls and their configuration, it is strongly recommended to read
the Firewalls section of our knowledge base.
9.5 DEFAULT PAGE

If you navigate to your Cloud Server IP address:
http://123.45.67.89
You will see the default CentOS Apache welcome screen:
This means the Apache install is a success.
9.6 CHKCONFIG
Now that we have Apache installed and working properly, we need to make sure that it's set to start
automatically when the Cloud Server is rebooted.
sudo /sbin/chkconfig httpd on
Let's check our work to confirm:
sudo /sbin/chkconfig --list httpd
httpd
0:off
1:off
2:on
3:on
4:on
5:on
6:off
The setting works.
9.7 PHP5 INSTALL

Let's move on to the PHP5 install. I'm not going to install all the modules available, just a few common
ones so you get the idea.
As before, due to using yum to install PHP5, any dependencies are taken care of:
sudo yum install php-mysql php-devel php-gd php-pecl-memcache php-pspell phpsnmp php-xmlrpc php-xml
Once done, reload Apache:
sudo /usr/sbin/apachectl restart
9.8 ALMOST DONE

The last thing we need to do is configure Apache for our setup so we can host multiple sites. We'll cover
that in the next article in this series.
Home Linux Centos How To Install Vtiger CRM on CentOS 7
10 HOW TO INSTALL VTIGER CRM
ON
CENTOS 7
r00t November 7, 2015
In this tutorial we will show you how to install and configuration of Vtiger CRM on your CentOS
7 server. For those of you who didnt know, Vtiger CRM is an open-source Customer
Relationship Management application written in PHP. It offers features such as sales
automation, marketing automation, analysis and reporting, customer support and many others.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and
most importantly, you host your site on your own VPS. The installation is quite simple. I will
show you through the step by step installation Vtiger CRM on CentOS 7 server.
10.1 VTIGER CRM FEATURES
End to end sales cycle management from campaigns, leads, potentials, quotes, invoices.
Support automation using a customer portal and support tickets.
Data import and export via CSV files, web-to-lead forms, reports and customizable user
dashboards.
Role based access control.
Mobile applications.
Workflows, tasks, and project management.
Outlook, Thunderbird, Firefox, and Gmail plugins.
Extensions marketplace for additional plugins.
10.1.1
Install Vtiger CRM on CentOS 7
Step 1. First lets start by ensuring your system is up-to-date.
1 yum -y update
Step 2. Install LAMP server.

A CentOS 7 LAMP server is required. If you do not have LAMP installed, you can follow our
guide here.
Step 3. Install Vtiger CRM.
Download the latest stable version of Vtiger CRM, At the moment of writing this article it is
version 6.4.0:
1
2
3
wget http://downloads.sourceforge.net/project/vtigercrm/vtiger%20CRM%206.4.0/Core
%20Product/vtigercrm6.4.0.tar.gz
tar -xzvf vtigercrm6.4.0.tar.gz
mv vtigercrm /var/www/html/
We will need to change some folders permissions:
1 chown apache: -R vtigercrm
Step 4. Configuring MariaDB.

By default, MariaDB is not hardened. You can secure MariaDB using the
mysql_secure_installation script. You should read and below each steps carefully which will set
root password, remove anonymous users, disallow remote root login, and remove the test
database and access to secure MariaDB.
1 mysql_secure_installation
Configure it like this:
1 - Set root password? [Y/n] y

2 - Remove anonymous users? [Y/n] y
3 - Disallow root login remotely? [Y/n] y
4 - Remove test database and access to it? [Y/n] y
5 - Reload privilege tables now? [Y/n] y
Next we will need to log in to the MariaDB console and create a database for the Vtiger CRM.
Run the following command:
1 mysql -u root -p
This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once
you are logged in to your database server you need to create a database for Vtiger CRM
installation:
1 MariaDB > CREATE DATABASE vtiger;

2 MariaDB > CREATE USER 'vtiger_user'@'localhost' IDENTIFIED BY 'PaSsWoRd';
3 MariaDB > GRANT ALL PRIVILEGES ON `vtiger`.* TO 'vtiger_user'@'localhost';
4 MariaDB > FLUSH PRIVILEGES;
5 MariaDB > \q
Now, lets tweak some of your PHP settings so you can later complete the VTiger installation:
1 nano /etc/php.ini
Make the below changes:
1 display_errors = Off
2 change to
3 display_errors = On
4
5 max_execution_time = 30
6 change to
7 max_execution_time = 600
8
9 error_reporting = E_ALL & ~E_DEPRECATED
10 change to
11 error_reporting = E_WARNING & ~E_NOTICE & ~E_DEPRECATED
12
13 log_errors = On
14 change to
15 log_errors = Off
16
17 short_open_tag = Off
18 change to
19 short_open_tag = On
Save and close the file. Restart the apache service for the changes to take effects:
1 systemctl restart httpd.service
Step 5. Accessing Vtiger CRM.

Vtiger CRM will be available on HTTP port 80 by default. Open your favorite browser and
navigate to http://yourdomain.com/vtigercrm or http://server-ip/vtigercrm and complete the
required the steps to finish the installation. If you are using a firewall, please open port 80 to
enable access to the control panel.
Congratulations! You have successfully installed Vtiger CRM. Thanks for using this tutorial for
installing Vtiger CRM in CentOS 7 system. For additional help or useful information, we
recommend you to check the official Vtiger CRM web site.
11HOW TO CONFIGURE VTIGER CRM ON CENTOS 7

November 25, 2015 | By Kashif S in LINUX HOWTO, OPEN SOURCE TOOLS
vTiger CRM is a web based, modular and complete Open Source full-fledged customer relationship
management system for sales force automation, customer support & service, marketing automation,
procurement & fulfillment effectively. In addition to managing your customer data, vtiger offers also
connectivity to a variety of other software systems in the existing software architecture. So vtiger can
be connected to enterprise resource planning (ERP) systems without any problems, for example, to
integrate already existing data into other critical processes of your business.
Vtiger CRM is a native thin-client, browser-based application built on the LAMP/WAMP
(Linux/Windows, Apache, MySQL and PHP) stack. We will be going to install it on Linux CentOS 7
with LAMP setup.
11.1 1) BASIC SYSTEM SETUP

Prepare your system with your minimum required system resources to install CentOS 7 and minimal
packages on it and make sure that you have configured your server with a fully qualified domain
name and are connected to Internet.
Then login to your server with root user or sudo user and update your with latest update with below
command.
# yum update
11.2 2) LAMP SETUP

You consider following our previous article to setup LAMP setup on CentOS 7 in details. We will be
using Apache web server with MySQL MariaDB and PHP as a prerequisites of vTiger CRM
installation on CentOS 7.
Starting the installation process of LAMP stack, let's run the below command that is all in one for
installing Apache,MySLQ and PHP with required libraries.
# yum install httpd php gd gd-devel php-gd php55w php55w-mysql mariadb-server php55w-mcrypt
php55w-dom php55w-imap php55w-mbstring
Press on the 'Y' key and enter to continue installing all the packages including their dependencies as
shown in the image below.
To start and enable services run automatically at the time of boot up, run the following commands.
# systemctl start httpd
# systemctl enable httpd
# systemctl start mariadb
# systemctl enable mariadb
11.3 3) VTIGER DB SETUP

After LAMP installation, now we connect to the MySQL/MariaDB after setting up its root user using
below commands.
# mysql_secure_installation
After executing the above command you will asked for few configurations to secure your database.
Let's choose the appropriate options as shown.
Now we can connect to the MySQL/MariaDB console using the root password. After connecting run
the commands below to create a new database and its user with specific user rights on the vtiger
DB.
# mysql -u root -p
> CREATE DATABASE vtiger;
> CREATE USER 'vtiger'@'localhost' IDENTIFIED BY 'tiger***';
> grant all privileges on `vtiger`.* to 'vtiger'@'localhost';
> FLUSH PRIVILEGES;
> exit
11.4 4) SETUP VTIGER DOWNLOAD

To download the installation package of vTiger for Linux, open the link of vTiger Download Page .
You can also copy the link of download source then use the below command to get it on your server.
# wget http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.4.0/Core
%20Product/vtigercrm6.4.0.tar.gz
To extract and move the package into the web document root directory use below commands.
# tar -zxvf vtigercrm6.4.0.tar.gz
# mv vtigercrm /var/www/html/
# chown apache: -R /var/www/html/vtigercrm
11.5 5) VTIGER WEB INSTALLATION

Its time to start the web installation of vTiger on CentOS 7. Open your web browser and point the
URL below.
http://172.25.10.173/vtigercrm/
Welcome to Vtiger CRM 6 Setup Wizard.

This wizard will guide you through the installation of Vtiger CRM6, click on the 'INSTALL' button to
proceed forward and accept the License agreement for using vTiger CRM.
License Agreement
Next you will reach at the Prerequisites check page where you will see the difference between and
required and the current values. You might need to fix some parameters in the configuration file of
PHP that 'php.ini' according the recommended settings shown in this section.
Make sure to restart Apache services after make changes in PHP file and click on the retest button
to verify all the prerequisites are fine.
Prerequisites Check
Choose the system configurations with data base and admin user settings.
System Configurations
In the next step you can verify all settings to finalize database, system and admin user settings.
Final Configurations
The last step is to choose the type of your industry then it will takes few minutes to complete the
installation.
Installation Progress
Choose you required CRM modules from the list of its different available features and click on the
NExt button to complete the installation.
vTiger Modules
That's it, you have completed the web installation setup of vTiger CRM. Now you can see its web
dashboard where you can add widgets to customize your dashboard according to your own way.
11.6 CONCLUSION
You can use the VTiger to enhance your marketing campaign creation and management, sales force
automation, using the same solid features, benefits and more than those solutions. They support
security, inventory and activity management. vTiger is all in one CRM solution that provide the
complete solution for managing your users, sales or support department of your industry. Thanks for
reading this article and leave your valuable comments or suggestions.
12 HOW TO CREATE A WEB-OFFICE USING

ONLYOFFICE ENTERPRISE EDITION ON
UBUNTU 14.04
12.1.1
On this page
Prerequisites
Installing ONLYOFFICE Enterprise Edition
Running and performing the ONLYOFFICE Enterprise Edition initial configuration
Configuring ONLYOFFICE Enterprise Edition using the Control Panel
Enabling the HTTPS protocol to secure the access
Installing the mail server, if needed

Useful links
ONLYOFFICE Enterprise Edition is a commercial version of an open source corporate

office suite developed to organize the teamwork online. If you have a team up to 5
users, you can install and use it free of charge.
This guide will describe how to install ONLYOFFICE Enterprise Edition on Ubuntu 14.04
using the provided Docker script.
12.2
PREREQUISITES
Before we begin, we need the following:
6 GB of RAM
8 GB swap file
To ensure the proper work of our web-office, we need a 8 GB of swap. To set up the
necessary amount under Ubuntu, we need to execute the following commands:
sudo
sudo
sudo
sudo
sudo
fallocate -l 8G /swapfile \
chmod 600 /swapfile \
mkswap /swapfile \
swapon /swapfile \
echo "/swapfile none swap sw 0 0" >> /etc/fstab
Docker v.1.4 or later

To be able to run ONLYOFFICE Enterprise Edition installation script we need the
latest Docker version installed. This tutorial will help with Docker installation.
Free activation key

To get an activation key, we need to send a request on the official website.
Registered domain name (if we would like to use the mail server as well)
12.3
INSTALLING ONLYOFFICE ENTERPRISE EDITION
Step 1. Download Enterprise Edition scriptwget

http://download.onlyoffice.com/install/enterprise-install.sh
cd /tmp
wget http://download.onlyoffice.com/install/enterprise-install.sh
Step 2. Install ONLYOFFICE Enterprise Editionbash enterprise-install.sh -
bash enterprise-install.sh -ims false -pms true
The script will install Community Server, Document Server and Control Panel (see
below). As I have no a registered domain name for mail server, I decided to install it
later using Control Panel (see below).
12.4
RUNNING AND PERFORMING THE ONLYOFFICE
ENTERPRISE EDITION INITIAL CONFIGURATION
Once the installation is finished, open a browser and enter the local network computer
IP address to the browser address bar. ONLYOFFICE Enterprise Edition will be up and
running.
The Welcome page will open allowing us to perform the ONLYOFFICE activation and
initial configuration:
Upload the provided free licence key (see Prerequisites) to activate ONLYOFFICE.
Select and confirm the password and specify the email address to access your
web-office the next time.
Choose the language for the web-office interface. When working in ONLYOFFICE,
you will be able to change the language for all the users or for your own account
only.
Set the correct time zone. It's particularly important for the notifications and the
correct calendar work.
Finally, click the Save button to complete the ONLYOFFICE activation and configuration.
12.5
CONFIGURING ONLYOFFICE ENTERPRISE EDITION

USING THE CONTROL PANEL
The main difference between ONLYOFFICE community and enterprise edition is a Control
Panel providing with tools to automate the web-office configuration. To use it, sign in to
your web-office and click the Control Panel link on the Start Page. Then select the
section you need:Enabling the HTTPS protocol to secure the access
12.5.1
Enabling the HTTPS protocol to secure the access
As I use ONLYOFFICE for my small team, I decided to generate the self-signed certificate.
Click the GENERATE button on the HTTPS page. A popup message box will inform you
that the certificate and private key are successfully generated. They will be
automatically uploaded to the corresponding fields. Just click the Apply button to save
the changes.
It's also possible to upload an existing certificate if you have one.
12.5.2
Installing the mail server, if needed
Open the Update page. Scroll the page down until the Mail Server section appears. Click
the INSTALL button next to it. The Domain Name window will open. Specify your own
domain name and click the OK button to start the installation process. Your web-office
will be restarted and become unavailable during the installation. It can take some
minutes.
Besides, using Control Panel you can:
Replace the ONLYOFFICE logos with your own ones.

Track user actions and login history.
Automatically backup and restore data.
Import users from Active Directory.
Automatically update ONLYOFFICE once the new version is available.
12.6
USEFUL LINKS
ONLYOFFICE official website: www.onlyoffice.com

Help Center: http://helpcenter.onlyoffice.com
13 HOW TO INSTALL GHOST BLOG SOFTWARE

WITH APACHE AND SSL ON UBUNTU 15.10
13.1.1
On this page
Prerequisites
Step 1- Install Node.js on Ubuntu
Step 2 - Install Ghost Blog
Step 3 - Configure Ghost
Step 4 - Install Apache and the Ghost VirtualHost
Step 5 - Enable SSL for Ghost
Testing
Conclusion
Nodejs is an open source javaScript runtime built on Chrome's V8 JavaScript engine

(v4) for developing server-side web applications. Nodejs is a cross-platform runtime that
can run on OS X, Microsoft Windows, Linux, and FreeBSD. It provides an event-driven
architecture and non-blocking I/O model that makes it lightweight and efficient for realtime web applications. The Node.js project has been started in 2009 by Ryan Dahl and
reached version 4.2.0 (LTS) as of today.
Ghost is a powerful open source publishing and blog platform that is beautifully
designed and easy to use. Ghost is written in javascript and uses node.js as runtime
environment. Ghost has been released in 2013 under MIT license.
13.2
PREREQUISITES
Ubuntu 15.10
root privileges
What we will do in this tutorial:
Install Node.js
Install Ghost
Configure Ghost
Install Apache and add the Ghost VirtualHost
Enable SSL for Ghost
13.3
STEP 1- INSTALL NODE.JS ON UBUNTU
For this tutorial, we will use node.js v0.12. Node.js can be installed from source or from
the nodesource.com repository. We will use the node.js
repository https://deb.nodesource.com/node_0.12 for the installation.
Please add and update repository by executing command below:
curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -
Next install node.js with apt:
sudo apt-get install -y nodejs
Now check node.js version:
node --version
v0.12.7
And check npm version:
npm --version
2.11.3
Npm is the node.js package manager that is used to install, publish and manage node
programs.
13.4
STEP 2 - INSTALL GHOST BLOG
We will install ghost in the directory "/var/www/" and use the latest version of Ghost.
Please make a new directory "www" in /var and enter it with "cd":
mkdir -p /var/www/
cd /var/www/
Download Ghost with the wget command, then extract it to a directory

called "ghostblog" :
wget https://ghost.org/zip/ghost-latest.zip
unzip -d ghostblog ghost-latest.zip
NOTE : -d : automatically creates the directory.

Then go to the ghostblog directory and install Ghost with the npm command as
root/sudo:
cd ghostblog/
npm install --production
13.5
STEP 3 - CONFIGURE GHOST
Please go to the ghostblog directory and then copy the config sample file
to "config.js"
cd /var/www/ghostblog/
cp config.example.js config.js
Now open the config file with the vim editor:
vim config.js
In the server block (line 27), change host value to 0.0.0.0.

host = 0.0.0.0
To allow the blog to be accessed from outside. Save and exit.
Then add new user "ghost". This user will be used to run ghost:
sudo adduser --shell /bin/bash ghost

ENTER YOUR PASSWORD
Now change the owner for ghost installation directry to the user "ghost".
chown -R ghost:ghost /var/www/ghostblog
Test the ghost blog by executing the npm command as ghost user. Please log in to the
user ghost:
su - ghost
And go to the Ghost installation directory and start it:
cd /var/www/ghostblog
npm start --production
Visit the server IP on port 2368, in my case: 192.168.1.104:2368
To make it easier for us to start ghost, we will create a systems service to run Ghost.
Please go back to the sudo/root user and make a new file called"ghost.service" in the
directory "/lib/systemd/system/".
sudo cd /lib/systemd/system/
sudo vim ghost.service
Paste the systemd script below:

[Unit]
Description=ghost
After=network.target
[Service]
Type=simple
# Ghost installation Directory
WorkingDirectory=/var/www/ghostblog
User=ghost
Group=ghost
ExecStart=/usr/bin/npm start --production
ExecStop=/usr/bin/npm stop --production
Restart=always
SyslogIdentifier=Ghost
[Install]
WantedBy=multi-user.target
And save the file Then reload the systemd daemon:
sudo systemctl daemon-reload
Add the Ghost service to start automatically at boot time and start Ghost with systemctl
command:
sudo systemctl enable ghost

sudo systemctl start ghost
13.6
STEP 4 - INSTALL APACHE AND THE GHOST
VIRTUALHOST
Install apache with the apt-get command:
sudo apt-get install apache2
Once the installation is finished, create a new file for the ghost virtual host in the
directory "/etc/apache2/sites-available/".
sudo cd /etc/apache2/sites-available/
sudo vim ghostblog.conf
Paste the configuration below:

<VirtualHost *:80>
#Domain Name
ServerName ghostblog.me
ServerAlias www.ghostblog.me
#HTTP proxy/gateway server

ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
Save and exit.
Activate the HTTP proxy module in apache with the command a2enmod as shown below:
sudo a2enmod proxy proxy_http
Finally, we have to activate the Ghost virtual host and then restart apache:
sudo a2ensite ghostblog

sudo systemctl restart apache2
Restart ghost:
sudo systemctl restart ghost
Test by visiting the domain: http://ghostblog.me
13.7
STEP 5 - ENABLE SSL FOR GHOST
To enable SSL on apache, please make sure the openssl library is installed on the
system. We will generate new key and crt file in the directory"/etc/apache2/certs".
First we make new directory certs:
sudo mkdir -p /etc/apache2/certs
And generate the certificate key with the command below :
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/apache2/certs/ghostblog.key -out /etc/apache2/certs/ghostblog.crt
Please change the permission of certificate file:
sudo cd /etc/apache2/certs/
sudo chmod 600 *
Next, add the ssl configuration to ghost virtualhost by editing

the "ghostblog.conf" file.
sudo cd /etc/apache2/sites-available/
sudo vim ghostblog.conf
Paste the new configuration script below:

<VirtualHost *:80>
ServerAlias www.ghostblog.me
# Force http to https

Redirect permanent / https://ghostblog.me/
#
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/certs/ghostblog.crt
SSLCertificateKeyFile /etc/apache2/certs/ghostblog.key
ProxyPass / http://127.0.0.1:2368/
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
</VirtualHost>
Save and Exit.
Activate the OpenSSL apache module and restart apache :
sudo a2enmod ssl headers

sudo systemctl restart apache2
13.8
TESTING
Visit http://ghostblog.me, and you will be forced to the HTTPS/SSL site of your blog.
Ghost with apache and SSL is now successfully installed.
13.9
CONCLUSION
Nodejs is an open source multi-platform javascript runtine to build server-side web

applications. It is lightweight and efficient for real-time web applications. Ghost is a
blogging platform written in Javascript for Node.js. Ghost is beautifully designed and
user-friendly. The intuitive interface makes this blog system easy to use. Ghost can be
installed standalone or with a web server like Apache or Nginx. You can secure Ghost
with openssl. Configuring Ghost with Apache and OpenSSL is easy, you just have to
setup the apache http_proxy module and generate an SSL Certificate.
14 LINUX INCREASE THE MAXIMUM NUMBER OF OPEN

FILES / FILE DESCRIPTORS (FD)
by VIVEK GITE on APRIL 18, 2006 LAST UPDATED SEPTEMBER 16, 2015
in BASH SHELL , CENTOS , DEBIAN / UBUNTU , FILE SYSTEM , LINUX , REDHAT AND
FRIENDS ,SUSE , UBUNTU LINUX
ow do I increase the maximum number of open files under CentOS Linux? How do
I open more file descriptors under Linux?

The ulimit command provides control over the resources available to the shell and/or to
processes started by it, on systems that allow such control. The maximum number of
open file descriptors displayed with following command (login as the root user).
14.1 COMMAND TO LIST NUMBER OF OPEN FILE DESCRIPTORS

Use the following command command to display maximum number of open file
descriptors:
cat /proc/sys/fs/file-max
Output:
75000
75000 files normal user can have open in single login session. To see the hard and soft
values, issue the command as follows:
# ulimit -Hn
# ulimit -Sn
To see the hard and soft values for httpd or oracle user, issue the command as follows:
# su - username
In this example, su to oracle user, enter:

# su - oracle
$ ulimit -Hn
$ ulimit -Sn
14.2 SYSTEM-WIDE FILE DESCRIPTORS (FD) LIMITS

The number of concurrently open file descriptors throughout the system can be
changed via /etc/sysctl.conf file under Linux operating systems.
14.2.1 The Number Of Maximum Files Was Reached, How Do I Fix This Problem?
Many application such as Oracle database or Apache web server needs this range quite
higher. So you can increase the maximum number of open files by setting a new value
in kernel variable /proc/sys/fs/file-max as follows (login as the root):
# sysctl -w fs.file-max=100000
Above command forces the limit to 100000 files. You need to edit /etc/sysctl.conf file
and put following line so that after reboot the setting will remain as it is:
# vi /etc/sysctl.conf
Append a config directive as follows:

fs.file-max = 100000
Save and close the file. Users need to log out and log back in again to changes take
effect or just type the following command:

# sysctl -p
Verify your settings with command:

# cat /proc/sys/fs/file-max
OR
# sysctl fs.file-max
14.3 USER LEVEL FD LIMITS

The above procedure sets system-wide file descriptors (FD) limits. However, you can
limit httpd (or any other users) user to specific limits by editing /etc/security/limits.conf
file, enter:
# vi /etc/security/limits.conf
Set httpd user soft and hard limits as follows:

httpd soft nofile 4096
httpd hard nofile 10240
Save and close the file. To see limits, enter:

# su - httpd
$ ulimit -Hn
$ ulimit -Sn
14.4 A NOTE ABOUT RHEL/CENTOS/FEDORA/SCIENTIFIC LINUX USERS

Edit /etc/pam.d/login file and add/modify the following line (make sure you get
pam_limts.so):
session required pam_limits.so
15 LINUX AND UNIX NLOAD APP: MONITOR NETWORK

TRAFFIC AND BANDWIDTH USAGE IN REAL TIME
by VIVEK GITE on MARCH 23, 2014 LAST UPDATED APRIL 17, 2014
in NETW ORKING , DEBIAN LINUX , COMMAND LINE HACKS
f you want to monitor network throughput on the command line interface, use nload
application. It is a console application which monitors network traffic and bandwidth

usage in real time. It visualizes the in and outgoing traffic using two graphs and provides
additional info like total amount of transferred data and min/max network usage.
15.1 INSTALL NLOAD ON A CENTOS/RHEL/RED HAT/FEDORA LINUX

First, turn on EPEL repo on a CentOS or RHEL based system. Type the following yum
command to install nload:
# yum install nload
15.2 INSTALL NLOAD ON A DEBIAN OR UBUNTU LINUX

Type the following apt-get command:
$ sudo apt-get install nload
15.3 INSTALL NLOAD ON A FREEBSD SYSTEM

To install the nload via port, type:
# cd /usr/ports/net/nload/ && make install clean
Or add the package

# pkg install net/nload
15.4 INSTALL NLOAD ON A OPENBSD SYSTEM

Type the following command:
$ sudo pkg_add -i nload
15.5 INSTALL NLOAD USING A SOURCE CODE ON A UNIX-LIKE SYSTEMS

First, grab the source code using either wget command or curl command:
$ cd /tmp
$ wget http://www.roland-riegel.de/nload/nload-0.7.4.tar.gz
To untar a tar file called nload-0.7.4.tar.gz, use tar command, enter:
$ tar xvf nload-0.7.4.tar.gz
Cd to the directory containing the nloads's source code using cd command:

$ cd nload*
And type ./configure to configure the package for your system:

$ sh ./configure
OR
$ ./configure
Running configure takes a while. Type make command to compile the nload:
$ make
Finally, type make install to install the nload programs and related files as root user:
$ sudo make install
OR
# make install
15.6 HOW DO I USE NLOAD TO DISPLAY THE CURRENT NETWORK USAGE?

The basic syntax is:
nload
nload device
nload [options] device1 device2
Just type the following command:

$ nload
$ nload eth0
$ nload em0 em2
Sample outputs:
Fig. 01: nload command in action
15.6.1 Controlling nload app

Once nload command executed, it begins to monitor the network devices. You can
control nload with the following key shortcuts:
1.
You can switch between the devices by pressing the left and right arrow keys
orEnter/Tab key.
2.
Press F2 to show the option window
3.
Press F5 to save current settings to the users config file.
4.
Press F6 reload settings from the config files.
5.
Press q or hit Ctrl+C to quit nload.
15.6.2 Setting the refresh interval of the display

The default value of interval is 100 milliseconds to refresh interval of the display. In this
example, change to 500 milliseconds:
$ nload -t {interval_number_in_millisec}
$ nload -t 500
Sample outputs:
Animated gif 01 - nload command in action
15.6.3 Setting the type of unit used for the display of traffic numbers
The syntax is:
$ nload -u h|H|b|B|k|K|m|M|g|G
$ nload -U h|H|b|B|k|K|m|M|g|G
$ nload -u h
$ nload -u G
$ nload -U G
Where,
The lower case -u option: h means human readable (auto), b Bit/s, k kBit/s, m MBit/s
and g GBit/s. The upper case letters mean the corresponding units in Bytes (instead of
Bits). The default is k.
The upper case -U option is same as lower case -u option, but for an amount of data,
e.g. Bit, kByte, GBit etc. (without "/s"). The default is M.
15.6.3.1.1 Conclusion
I found nload to be reliable and stable application. If you enjoyed nload, you might also
like to try out vnstat and iftop tools on Linux/Unix-like systems. See previous coverage
on nixCraft:
16 SOLARIS / LINUX: NICSTAT COMMAND SHOW

NETWORK INTERFACE CARD STATISTICS
by VIVEK GITE on MARCH 10, 2013 LAST UPDATED MARCH 13, 2013
in HARDWARE , NETW ORKING , COMMAND LINE HACKS
he nicstat command is top like utility
for network interface card (NIC). It displays information and statistics about all your
network card such as packets, kilobytes per second, average packet sizes and more. It
works under Solaris and Linux operating systems.
In this post, I will explain how to install and use the nicstat command to find out stats
about your NICs under Debian / Ubuntu / RHEL / CentOS Linux operating systems.
16.1 THE OLD GOOD NETSTAT -I COMMAND

The -i option display a table of all network interfaces along with the following
information:
# netstat -i
Sample outputs:
Kernel Interface table
Iface
MTU Met
RX-OK RX-ERR RX-DRP RX-OVR
TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0
1500 0 199549124
eth1
1500 0 138357627
630
lo
16436 0
0 153882468
0 151312724
0 BMRU
0 BMRU
0 LRU
However, nicstat provides more information about your nic such as:
1.
Show TCP statistics.
2.
Show UDP statistics.
3.
Reports bytes in & out.
4.
Report packets in & out.
5.
Reports nic utilization.
6.
Reports nic saturation and more.
16.2 STEP #1: DOWNLOAD AND INSTALL NICSTAT

Type the following wget command to download the latest version of nicstat :
# wget http://nchc.dl.sourceforge.net/project/nicstat/nicstat-1.92.tar.gz
16.2.1 Extract tar ball

Use tar command to extract the tar ball called nicstat-1.92.tar.gz, enter:
# tar xvf nicstat-1.92.tar.gz
You will get both source code and binary files:

# cd nicstat-1.92
# ls -la
Sample outputs:
drwxr-xr-x. 2 509833 wheel 4096 Mar 10 07:43 .
dr-xr-x---. 13 root root
4096 Mar 10 07:43 ..
-rw-r--r--. 1 509833 wheel 4952 Oct 22 13:05 ChangeLog.txt
-rwxr-xr-x. 1 509833 wheel
475 Oct 15 16:49 dladm.sh
-rw-r--r--. 1 509833 wheel 1312 Oct 17 18:47 enicstat
-rw-r--r--. 1 509833 wheel 8902 Oct 17 18:47 LICENSE.txt
-rw-r--r--. 1 509833 wheel 1629 Sep 4 2012 Makefile.Linux
-rw-r--r--. 1 509833 wheel 1596 Oct 17 19:31 Makefile.Solaris
-rw-r--r--. 1 509833 wheel 9423 Oct 22 13:05 nicstat.1
-rw-r--r--. 1 509833 wheel 67376 Oct 22 13:05 nicstat.c
-rwxr-xr-x. 1 509833 wheel 29645 Mar 10 07:46 .nicstat.RedHat_5_i386
-rwxr-xr-x. 1 509833 wheel 4134 Oct 15 20:38 nicstat.sh
-rwxr-xr-x. 1 509833 wheel 69772 Oct 18 19:35 .nicstat.Solaris_10_i386
-rwxr-xr-x. 1 509833 wheel 74920 Oct 18 19:36 .nicstat.Solaris_10_sparc
-rwx------. 1 509833 wheel 32250 Oct 18 20:02 .nicstat.Ubuntu_8_i386
-rw-r--r--. 1 509833 wheel
834 Oct 22 13:05 README.txt
16.3 STEP #2: INSTALL REQUIRED 32-BIT PACKAGE

You need to install the 32 bit glibc package. It contains standard libraries which is used
by nicstat command. Only install the following packages if you are using 64-bit version:
16.3.1 A note about Debian Linux 6.0.5 64 bit version
Type the following command to install required 32 bit libc6:
$ sudo apt-get install libc6-i386
16.3.2 A note about Ubuntu Linux 12.04 LTS 64 bit version

$ sudo apt-get install libc6:i386
cd into nicstat directory and type the following command to crate a soft link to
Ubuntu_8_i386 binary:
# cd nicstat-1.92
# ln -s .nicstat.Ubuntu_8_i386 .nicstat.Linux_i386
16.3.3 A note about CentOS / RHEL 6.4 64 bit version

# yum install glibc.i686
cd into nicstat directory and type the following command to crate a soft link to
.nicstat.RedHat_5_i386 binary:
# cd nicstat-1.92
# ln -s .nicstat.RedHat_5_i386 .nicstat.RedHat_6_i386
16.4 HOW DO I USE NICSTAT COMMAND?

Simply type the following command:
# ./nicstat.sh
Sample outputs:
Fig.01: nicstat in action
Pass the -x option to see extended output:

# ./nicstat.sh -x
Sample outputs:
15:39:22
RdKB
WrKB RdPkt WrPkt IErr OErr Coll NoCP Defer %Util
eth0
349.4 31.98 325.0 250.6 0.00 0.00 0.00 0.00 0.00 3.12
eth1
28.68 169.4 226.3 247.4 0.00 0.00 0.00 0.00 0.00 1.62
Pass the -s option to see extended output:

# ./nicstat.sh -s
Sample outputs:
Time
Int
rKB/s
15:40:55
eth0
349.372
15:40:55
eth1
28.686
wKB/s
31.981
169.365
To print summary every 1 second, type:

./nicstat.sh 1
To print summary every 2 second 5 times only, type:

./nicstat.sh 2 5
Sample outputs:
Fig.02: nicstat displaying output 5 times only
16.4.1 Understanding nicstat output

The fields of nicstat's from the above output display are:
1.
5:51:22 (HH:MM:SS) : The time corresponding to the end of the sample in 24 hour
clock format.
2.
eth0 and eth1 : The interface name.
3.
rKB/s : Kilobytes/second received.
4.
wKB/s : Kilobytes/second written.
5.
rPk/s : Packets/second received.
6.
wPk/s : Packets/second written.
7.
rAvs : Average size of packets received).
8.
wAvs : Average size of packets transmitted.
9.
%Util : Percentage utilization of the interface. For full-duplex interfaces, this is the
greater of rKB/s or wKB/s as a percentage of the interface speed. For half-duplex

interfaces, rKB/s and wKB/s are summed.
10.
Sat : This the number of errors/second seen for the interface. An indicator the interface
may be approaching saturation. This statistic is combined from a number of kernel statistics.
It is recommended to use the -x option to see more individual statistics when attempting to
diagnose a network issue.
16.4.2 How do I see my TCP nic stats?

Pass the -t option to see the TCP stats:
# ./nicstat.sh -t
Sample outputs:
16:13:44
TCP
InKB OutKB InSeg OutSeg Reset AttF %ReTX InConn OutCon Drops
0.00
0.00 811.3 592.2 0.01 0.02 0.000 12.6 2.09 0.02
Where,
1.
InKB : Kilobytes/second received.
2.
OutKB : Kilobytes/second transmitted.
3.
InSeg : TCP Segments/second received.
4.
OutSeg : TCP Segments/second transmitted.
5.
Reset : The number of times TCP connections have made a direct transition to the
CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
6.
AttF : The number of times that TCP connections have made a direct transition to the
CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of
times TCP connections have made a direct transition to the LISTEN state from the SYNRCVD state.
7.
%ReTX : Percentage of TCP segments retransmitted - that is, the number of TCP
segments transmitted containing one or more previously transmitted octets.

8.
InConn : The number of times that TCP connections have made a direct transition to the
SYN-RCVD state from the LISTEN state.

9.
OutCon : The number of times that TCP connections have made a direct transition to the
SYN-SENT state from the CLOSED state..

10.
Drops : Number of connections dropped from the completed connection queue and
incomplete connection queue.
16.4.3 How do I see my UDP nic stats?

Pass the -u option to see the UDP stats:
# ./nicstat.sh -u
Sample outputs:
16:15:11
InDG OutDG
UDP
0.35
0.36
InErr OutErr
0.00
0.00
Where,
1.
InDG : UDP Datagrams)/second received.
2.
OutDG : UDP Datagrams)/second transmitted.
3.
InErr : Packets received that could not be processed because they contained errors.
4.
OutErr : Packets that were not successfully transmitted because of errors.
16.4.4 Other option

You can combine options
# ./nicstat.sh -x -t -u
OR pass the -a option which is equivalent to -x -t -u:

# ./nicstat.sh -a
Sample outputs:
16:34:10
TCP
16:34:10
InKB OutKB InSeg OutSeg Reset AttF %ReTX InConn OutCon Drops
0.00
0.00 545.4 448.5 2.71 0.03 0.000 10.9 21.3 0.00
InDG OutDG
InErr OutErr
UDP
16:34:10
0.01
RdKB
0.01
0.00
0.00
WrKB RdPkt WrPkt IErr OErr Coll NoCP Defer %Util
eth0
348.9 31.94 324.5 250.3 0.00 0.00 0.00 0.00 0.00 3.12
eth1
28.71 169.2 227.1 248.1 0.00 0.00 0.00 0.00 0.00 1.62
Print statistics for eth0 interfaces, setting speed of "eth0" and "eth1" to 100mbps/fullduplex and 100mbps/full-duplex, respectively:
# ./nicstat.sh -S eth0:100Full,eth1:100Full 5
Print statistics for eth0 interfaces, setting speed of "eth0" and "eth1" to 100mbps/halfduplex and 1000mbps/full-duplex, respectively:
# ./nicstat.sh -S eth0:100h,eth1:1000 5
16.4.4.1.1 References:
http://tecadmin.net
http://www.server-world.info/en/note?os=CentOS_7&p=httpd&f=6
https://www.howtoforge.com

Linux Administration (Tips &amp; Tricks)

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Linux Administration (Tips &amp; Tricks)

Hochgeladen von

Copyright:

Verfügbare Formate

Linux

INSTALLING APACHE WEB SERVER IN CENTOS 7

TURN APACHE ON/OFF

YOUR WEB PAGES

WEB SITE DIRECTORY

1.1 APACHE REDIRECT HTTP

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

REMOVE FILE EXTENSION (.PHP, .HTML)

1.5 REMOVING .PHP EXTENSION

For example you need to convert your url from http://example.com/demo.php to

1.6 REMOVING .HTML EXTENSION

For example you need to convert your url from http://example.com/demo.html to

1.7 VIRTUAL HOSTINGS

# for original domain

SETTING UP AND SECURING SSH SERVER IN CENTOS

THE SSH SERVICE

CHANGE SSH DEFAULT

PORT AND DISABLE ROOT LOGIN

NEW USER TO LOGIN VIA SSH TO YOUR SERVER

RELOAD SSH SERVICE

$ firewall-cmd --add-port 22000/tcp --permanent

USE PUBLIC/PRIVATE KEYS

Ensure the correct SELinux contexts are set:

CHANGE DEFAULT RUNLEVEL IN CENTOS 7 / RHEL 7

= Reflects whether the unit definition was properly loaded.

Change default to runlevel 3 (nothing but a multi-user.target).

Confirm the default runlevel.

HOW TO CHANGE TIMEZONE ON CENTOS/RHEL

CHANGE HOSTNAME IN CENTOS 7 / RHEL 7

SUPPORTS THREE CLASS OF HOST NAMES:

nmtui - Select Set HostName

Set the host name.

nmtui Change HostName 2

Static hostname: client.itzgeek.com

Bash Shell Leave a Comment

1.9 INSTALL REQUIRED PACKAGES

1.9.2 For CentOS, RHEL & Fedora

1.11CREATE SHELL SCRIPT:

1.13TEST BINARY SCRIPT:

1.14BASH SCRIPT PROMPT

CONFIRM (Y/N, YES/NO)

echo "Invalid input..."

CONFIRMATION (IN LOOP)

echo "Invalid input..."

MAX OPEN FILE LIMIT

Filesystem Leave a Comment

1.18CHECK CURRENT OPEN FILE LIMIT

1.19INCREASE OPEN FILE LIMIT

Temporarily Increase Open File Limit

Q. How to increase open file limit in temporarily on Linux system ?

Permanently Increase Open File Limit

Q. How to increase open file limit in permanently on Linux system ?

2 HOW TO INCREASE SWAP IN LINUX/CENTOS/REDHAT

Using swap partition

Here we use the first method.

root@client ~]# swapon -s

[root@client ~]# free -m

[root@client ~]# fdisk -l

255 heads, 63 sectors/track, 1044 cylinders

[root@client ~]# fdisk /dev/sdb

> To See the Details

Disk /dev/sdb: 8589 MB, 8589934592 bytes

Units = cylinders of 16065 * 512 = 8225280 bytes

Linux Administration (Tips & Tricks)

Linux Administration (Tips & Tricks)