Posts

How to Jail FTP User

FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.

Step 1: Prerequisites

To Jail FTP User firstly Configure FTP Server.

Step 2: Modify ftpusers File

Modify ftpusers File in /etc/vsftpd/ftpusers and list the users for jailing.

# vi /etc/vsftpd/ftpusers
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

Step 3: Configure vsftpd.conf File

If we jail ftp user then we make following settings.

# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Step 4: Restart the service

Now restart the service vsftpd

# service vsftpd restart

How to Configure Munin Monitoring Server

Step 1: Prerequisites

Firstly install all the required libraries that are dependent on munin installation:

# yum install -y httpd php gcc glibc glibc-common libpcre rrdtool

Step 2: Install munin Package

In order to configure munin monitoring server firstly install munin & munin-node package from EPEL repository.

# yum --enablerepo=epel -y install munin munin-node

Step 3: Configure munin package

Edit the munin.conf file and add your hostname name

# vi /etc/munin/munin.conf
[beta.tecdistro.com]
    address 127.0.0.1
    use_node_name yes

Edit /etc/httpd/conf.d/munin.conf file and allow and deny the networks in order to access the munin monitoring service.

# vi /etc/httpd/conf.d/munin.conf
Order Deny,Allow
Deny from all
Allow from 127.0.0.1 10.0.0.0/24

Step 4: Configure Apache Authentication

We need to setup apache authentication for user munin-admin. Do not change this username. else you would required more changes in configuration.

# cd /var/www/html/munin
#vi .htaccess
AuthUserFile /var/www/html/munin/.htpasswd
AuthGroupFile /www.null
AuthName "Authorization Required"
AuthType Basic
require user munin-admin
Save the file and exit.
Execute the htpasswd to set the password againts munin-admin user
# htpasswd -c /var/www/html/munin/.htpasswd munin-admin
# vi /etc/httpd/conf/httpd.conf
 <Directory "/var/www/html/munin">
 AllowOverride AuthConfig
</Directory>
# service httpd restart

Now restart Apache service.

# service httpd restart
OR
# /etc/rc.d/init.d/httpd restart
Stopping httpd:             [ OK ]
Starting httpd:             [ OK ]

Step 5: Start Service

Configure Munin node as a monitoring target.

# vi /etc/munin/munin-node.conf
host_name tecdistro
# /etc/rc.d/init.d/munin-node start
Starting Munin Node:      [ OK ]

Also configure munin service to start on system start.

# chkconfig --add munin
# chkconfig munin on
# chkconfig munin-node on

Step 6: Configure Notifications & Alerts

# vi /etc/munin/munin.conf
contact.email.command mail -s "Munin-notification for ${var:group}::${var:host}" your_email_address
contact.log.command tee -a /var/log/munin/alert.log

To verify the notifications are configured properly execute the below command:

#su - munin --shell=/bin/bash -c "/usr/share/munin/munin-limits --contact email --force"

Step 7: Set the Alerts

Set the threshold of alerts(warning & critical notifications) in munin.conf file for services like cpu_load, disk_utilization, memory etc. Here we add cpu_load, disk_utilization in configuration file.

# vi /etc/munin/munin.conf
[tecdistro.com]
    address 127.0.0.1
    use_node_name yes
#Set warning and critical threshold of CPU
    cpu.user.warning :80
    cpu.user.critical :90
#Set warning and critical threshold of root partition
    df._dev_mapper_VolGroup_lv_root.warning :80
    df._dev_mapper_VolGroup_lv_root.critical :90
#Set warning and critical threshold of home2 partition(if exists)
    df._dev_mapper_VolGroup-lv_home2.warning :80
    df._dev_mapper_VolGroup_lv_home2.critical :90

How to Add Host in Munin Monitoring Server

In order to add munin client on target host follow the steps:

Install munin Package

In order to configure munin monitoring server firstly install munin & munin-node package from EPEL repository.

# yum --enablerepo=epel -y install munin munin-node

Configure munin package

Edit the munin-node.conf file and add your hostname

# vi /etc/munin/munin-node.conf 
host_name backup.distro
allow ^10\.10\.10\.20$

Start Service

# /etc/rc.d/init.d/munin-node start
Starting Munin Node:         [ OK ]

Also configure munin service to start on system start.

# chkconfig munin-node on

Add target host in monitoring server

Edit the munin.conf file and add remote host.

# vi /etc/munin/munin.conf
[backup.tecdistro.com]
    address 10.10.10.20
    use_node_name yes

How to install Xymon Monitoring System

Step 1: PreRequisites

Following are some services/packages which are necessary for xymon installation

# yum update
# yum install xinetd gcc fping libpcre rrdtool pcre-devel openssl-devel openldap-devel c-ares libcares.so.2 rrdtool-devel

Step 2: Package fping Installation

Download package fping, install and configure it on server

# cd /usr/local/
# wget http://fping.sourceforge.net/download/fping.tar.gz
# tar -zxvf fping.tar.gz
# cd fping-2.4b2_to/
# ./configure
# make
# make install

Step 3: Download Xymon Source Files

In order to make Xymon Monitoring server, download the source files from sourceforge.net

# wget http://sourceforge.net/projects/xymon/files/latest/download

Step 4: Create Xymon User

# useradd xymon

Step 5: Xymon Installation and Configuration

Extract the source files, install and configure the files:

# tar -zxvf download
# mkdir /usr/local/xymon
# chown xymon:apache xymon
# cd xymon-4.3.20/
# ./configure
Configuration script for Xymon

This script asks a few questions and builds a Makefile to compile Xymon

Checking your make-utility
Checking pre-requisites for building Xymon

Checking for fping ...
Xymon has a built-in ping utility (xymonping)
However, it is not yet fully stable and therefore it
may be best to use the external fping utility instead.
I found fping in /usr/local/sbin/fping
Do you want to use it [Y/n] ?
Y
Checking to see if '/usr/local/sbin/fping 127.0.0.1' works ...
127.0.0.1 is alive
OK, will use '/usr/local/sbin/fping' for ping tests
NOTE: If you are using an suid-root wrapper, make sure the 'xymond'
      user is also allowed to run fping without having to enter passwords.
      For 'sudo', add something like this to your 'sudoers' file:
      xymon ALL=(ALL) NOPASSWD: /usr/local/sbin/fping

Checking for PCRE ...
Compiling with PCRE library works OK
Linking with PCRE library works OK

Checking for C-ARES library ...
Compiling with c-ares library works OK
C-ARES version: Found 1.10.0 - OK, require 1.10.0
Linking with c-ares library works OK

Checking for RRDtool ...
Not RRDtool 1.0.x, checking for 1.2.x
Compiling with RRDtool works OK
Linking with RRDtool works OK

Checking for OpenSSL ...
Compiling with SSL library works OK
Linking with SSL library works OK
Checking if your SSL library has SSLv2 enabled
Will support SSLv2 when testing SSL-enabled network services

Xymon can use the OpenSSL library to test SSL-enabled services
like https-encrypted websites, POP3S, IMAPS, NNTPS and TELNETS.
If you have the OpenSSL library installed, I recommend that you enable this.

Do you want to be able to test SSL-enabled services (y) ?
(enter)
Checking for LDAP ...
Compiling with LDAP works OK
LBER library not needed
Linking with LDAP works OK

Xymon can use your OpenLDAP LDAP client library to test LDAP servers.

Do you want to be able to test LDAP servers (y) ?
(enter)
Checking for clock_gettime() requiring librt ...
clock_gettime() requires librt

Checking for Large File Support ...
Large File Support OK

Setting up for a Xymon server

What userid will be running Xymon [xymon] ?
Found passwd entry for user xymon:x:516:517::/home/xymon:/bin/bash

Where do you want the Xymon installation [/home/xymon] ?
OK, will configure to use /usr/local/xymon as the Xymon toplevel directory

What URL will you use for the Xymon webpages [/xymon] ?
(enter)
Where to put the Xymon CGI scripts [/usr/local/xymon/cgi-bin] ?
(Note: This is the filesystem directory - we will get to the URL shortly)
(enter)

What is the URL for the Xymon CGI directory [/xymon-cgi] ?
(Note: This is the URL - NOT the filesystem directory)
(enter)

********************** SECURITY NOTICE ****************************
If your Xymon server is accessible by outsiders, then you should
restrict access to the CGI scripts that handle enable/disable of
hosts, and acknowledging of alerts. The easiest way to do this is
to put these in a separate CGI directory and require a password to
access them.
Even if your Xymon server is on a secured, internal network, you
may want to have some operations (like disabling a host) be password-
protected - that lets you see who disabled or acknowledged an alert.

Where to put the Xymon Administration CGI scripts [/usr/local/xymon/cgi-secure] ?
(Note: This is the filesystem directory - we will get to the URL shortly)
(enter)

What is the URL for the Xymon Administration CGI directory [/xymon-seccgi] ?
(Note: This is the URL - NOT the filesystem directory)
(enter)

** Note that you may need to modify your webserver configuration.
** After installing, see /usr/local/xymon/server/etc/xymon-apache.conf for an example configuration.

To generate Xymon availability reports, your webserver
must have write-access to a directory below the Xymon
top-level directory. I can set this up if you tell me
what group-ID your webserver runs with. This is typically
'nobody' or 'apache' or 'www-data'

What group-ID does your webserver use [nobody] ?
(enter)

Where to put the Xymon logfiles [/var/log/xymon] ?
(enter)

What is the name of this host [example.com] ?
(enter)

What is the IP-address of this host [127.0.0.1] ?
10.10.10.10

Where should I install the Xymon man-pages (/usr/local/man) ?
(enter)
Using Linux Makefile settings

Created Makefile with the necessary information to build Xymon
Some defaults are used, so do look at the Makefile before continuing.

Configuration complete - now run make (GNU make) to build the tools

Step:6 Install Xymon

Configuration is completed successfully, now execute make and make install command to install the xymon monitoring server.

# make
# make install

Step:7 Start Xymon Service

After Installation login with xymon user and start the xymon server

# su xymon
# /usr/local/xymon/server/bin/xymon.sh start
Xymon started

Step:8 Concatenate Config File

Concatenate xymon-apache.conf with httpd.conf

# cat /usr/local/xymon/server/etc/xymon-apache.conf >> /etc/httpd/conf/httpd.conf

TroubleShooting

Case 1: Directory Path

Create a softlink in /var/www/html / where you DocumentRoot is set(by default directory is /var/www/html)

# cd /var/www/html
# ln -s /usr/local/xymon xymon

Case 2: fping permissions issue

In case you face xymongen alert just change the ownership and file permissions of fping

# chown root:xymon /usr/sbin/fping
# chmod 710 /usr/sbin/fping
# chmod ug+s /usr/sbin/fping

Order of commands matters, Linux will reset setuid bit after a chown for security reasons.
So, you must do these commands in the order defined in the manual (chown first).

How to Configure Nagios monitoring server

Nagios is the most popular, open source, powerful monitoring system. It enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes. With Nagios, you can monitor your remote hosts and their services remotely on a single window. It shows warnings and indicates if something goes wrong in your servers which eventually helps us to detect some problems before they occur. It helps us to reduce downtime and business losses. Nagios has capability of monitoring application, services, entire IT infrastructure.

Step 1: Prerequisites

Firstly install all the required libraries that are dependent on nagios installation:

# yum install -y httpd php gcc glibc glibc-common gd gd-devel make net-snmp

Start Services:

# service httpd start

Step 2: Create User Accounts & group

Now create a new nagios user account and setup a password to this account

# useradd nagios
# passwd nagios

Now create a groud for nagios setup “nagcmd” and add nagios user to this group. Also add nagios user in apache group.

# groupadd nagcmd
# usermod -a -G nagcmd nagios
# usermod -a -G nagcmd apache

Step 3: Install Nagios Core Service

After installing required dependencies and adding user accounts. Lets start with Nagios core installation. Download latest nagios core service from official site.

# cd /opt/
# wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.0.8.tar.gz
# tar xzf nagios-4.0.8.tar.gz
# cd nagios-4.0.8
# ./configure --with-command-group=nagcmd
# make all
# make install
# make install-init
# make install-config
# make install-commandmode

Now use below command to setup apache configuration for Nagios installation.

# make install-webconf

Step 4: Configure Apache Authentication

We need to setup apache authentication for user nagiosadmin. Do not change this username. else you would required more changes in configuration.

# htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Now restart Apache service to make the new settings take effect.

# service httpd restart

Step 5: Install Nagios Plugins

After installing and configuring Nagios core service, Download latest nagios-plugins source and install using following commands.

# cd /opt
# wget http://nagios-plugins.org/download/nagios-plugins-2.0.3.tar.gz
# tar xzf nagios-plugins-2.0.3.tar.gz
# cd nagios-plugins-2.0.3

Now compile and install nagios plugins

# ./configure --with-nagios-user=nagios --with-nagios-group=nagios
# make
# make install

Step 6: Verify and Start Nagios

Use the following commands to verify nagios install and start nagios core service.

# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg
# service nagios start

Also configure nagios service to start on system start

# chkconfig --add nagios
# chkconfig nagios on

Step 7: Install Centreon

Use the following commands to install Centreon.

# cd /usr/local/src
# wget http://download.centreon.com/centreon/centreon-2.3.8.tar.gz
# tar -zxf centreon-2.3.8.tar.gz
# cd centreon-2.3.8
# ./install.sh -i

Step 8: Test in Web Browser

Nagios creates its own apache configuration file /etc/httpd/conf.d/nagios.conf. There are no need to make any changes to it. Simply open below url in browser.
[change domain name with your domain or ip]

 http://Your-IP-Address/nagios/

How to create NFS Server in Linux

Introduction

NFS (Network File Server) is used for sharing files between linux to linux, unix to linux and vice versa.

Package: nfs-utils
By Default Port: 2049
Configuration File: /etc/exports

Step 1: Install nfs package

First install nfs-utils package using following command:

# yum -y install nfs-utils

Step 2: Configuration

Edit file idmapd.conf and add the line:

# vi /etc/idmapd.conf
Domain = tecdistro-server

Insert the folder/directory along with network that you want to share it with other unix/linux machines:

# mkdir /data
# chmod a+rwx /data
# vi /etc/exports
/data *(ro)
/var 192.168.0.0/24(ro)
/home 172.0.0.0/24(rw,no_root_squash)

Step 3: Start Services

Start the services rpcbind, nfslock and nfs.

# service rpcbind start
Starting rpcbind:                         [  OK  ]
# service nfslock start
Starting NFS statd:                       [  OK  ]
# service nfs start
Starting NFS services:                    [  OK  ]
Starting NFS mountd:                      [  OK  ]
Starting NFS daemon:                      [  OK  ]
Starting RPC idmapd:                      [  OK  ]

OR
The following command is equivalent to nfs restart

# exports -ar

Run the services at startup/booting time.

# chkconfig rpcbind on
# chkconfig nfslock on
# chkconfig nfs on

Step 4: On Client Side

Now at the NFS client end, we need to mount that directory in our server to access it locally. To do so, first we need to find out that shares available on the remote server or NFS Server.

# showmount -e 192.168.0.10

Export list for 192.168.0.10:
/data 192.168.0.10

Above command shows that a directory named “data” is available at “192.168.0.10” to share with your server.
To mount the directory from NFS server to client server use the following command:

# mount 192.168.0.10:/var /local

How to install Nginx on RHEL/CentOS

Step 1: Install Nginx

Nginx is well known web server. Download and install nginx repos:

For RedHat

# wget http://nginx.org/packages/rhel/6/noarch/RPMS/nginx-release-rhel-6-0.el6.ngx.noarch.rpm
# rpm -ivh nginx-release-rhel-6-0.el6.ngx.noarch.rpm

For CentOS

# wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
# rpm -ivh nginx-release-centos-6-0.el6.ngx.noarch.rpm
# yum --enablerepo=epel -y install nginx

Step 2: Configure Nginx

Edit the nginx.conf file to configure Nginx.

# vi /etc/nginx/nginx.conf
worker_processes 2
gzip on;
# cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.org
# egrep -v "^ *#|^ *$" /etc/nginx/conf.d/default.conf.org > /etc/nginx/conf.d/default.conf

Edit default.conf file and enter the server name

# vi /etc/nginx/conf.d/default.conf
server_name www.example-server

Step 3: Start nginx Server

After configuration has made, restart nginx service.

# service nginx start 
OR
#/etc/rc.d/init.d/nginx start
Starting nginx: [ OK ]
# chkconfig nginx on

Step 4: Open Page on Browser

Hit the Server IP on your favorite browser, a default page of nginx appears:

nginx-homepage

How to Install PHP in Linux

Step 1: Prerequisite

Step 2: Install PHP

Run the yum install command

# yum install php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml

Step 3: How to configure PHP

# vi /etc/php.ini
memory_limit = 128M
max_execution_time = 120
max_upload_size = 50M
post_max_size = 50M

Step 4: Create PHP page

Create the /var/www/html/phpinfo.php file with the following text:

# touch /var/www/html/phpinfo.php
# vi /var/www/html/phpinfo.php
<?php
phpinfo();
?>

Step 5: Restart Apache Server

Now restart Apache Server

# service httpd restart

Step 6: Open Page on Browser

Test the php page on your favorite browser:
http://Your-IP-address/phpinfo.php

How to Install WordPress in Linux

Step 1: Prerequisites

Step 2: Create WordPress Database

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 834
Server version: 5.6.24 MySQL Community Server (GPL)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.02 sec)

mysql> create database wordpress;
Query OK, 1 row affected (0.01 sec)

mysql> grant all privileges on wordpress.* to wordpress@'localhost' identified by 'password';
Query OK, 0 rows affected (0.02 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

Step 3: Install WordPress

To Install wordpress package use the yum command i.e.

# yum --enablerepo=epel -y install wordpress

Step 4: Configure WordPress

Edit the wp-config.php file to configure wordpress

# vi /etc/wordpress/wp-config.php

define('DB_NAME', 'wordpress');
define('DB_USER', 'wordpress');
define('DB_PASSWORD', 'password');
define('WPLANG', 'ja');
# vi /etc/httpd/conf.d/wordpress.conf
Allow from all
# mkdir /usr/share/wordpress/wp-content/languages
# wget -P /usr/share/wordpress/wp-content/languages \
http://svn.automattic.com/wordpress-i18n/ja/tags/`rpm -q wordpress | cut -d"-" -f2`/messages/ja.mo \
http://svn.automattic.com/wordpress-i18n/ja/tags/`rpm -q wordpress | cut -d"-" -f2`/messages/admin-ja.mo \
http://svn.automattic.com/wordpress-i18n/ja/tags/`rpm -q wordpress | cut -d"-" -f2`/messages/admin-network-ja.mo \
http://svn.automattic.com/wordpress-i18n/ja/tags/`rpm -q wordpress | cut -d"-" -f2`/messages/continents-cities-ja.mo

Step 5: Restart apache Server

Restart apache server:

# service httpd restart
OR
# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

How to Configure Multiple Domains in Web Server

Step 1: Prerequisite

Step 2: Add Domains in Apache Configuration File

To add multiple domains in web server edit /etc/http/conf/httpd.conf file and create virtual hosts.

# vi /etc/http/conf/httpd.conf
NameVirtualHost 10.0.0.10
<VirtualHost *:80>
    ServerAdmin webmaster@tecdistro.com
    DocumentRoot /var/www/html/tecdistro.com
    ServerName www.tecdistro.com
    ServerAlias tecdistro.com
    ErrorLog /var/log/tecdistro.com-error_log
    CustomLog /var/log/tecdistro.com-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@tecdistro.org
    DocumentRoot /var/www/html/tecdistro.org
    ServerName www.tecdistro.org
    ServerAlias tecdistro.org
    ErrorLog /var/log/tecdistro.org-error_log
    CustomLog /var/log/tecdistro.org-access_log common
</VirtualHost>
<VirtualHost *:80>
    ServerAdmin webmaster@tecdistro.net
    DocumentRoot /var/www/html/tecdistro.net
    ServerName www.tecdistro.net
    ServerAlias tecdistro.net
    ErrorLog /var/log/tecdistro.net-error_log
    CustomLog /var/log/tecdistro.net-access_log common
</VirtualHost>

Step 3: Restart Apache Server

After the changes have made, Restart the apache server:

# service httpd restart
OR
# /etc/rc.d/init.d/httpd restart

How to Configure Website Using Htaccess with Apache in Linux

Step 1: Prerequisite

Step 2: Create Directory

Create a directory in /var/www/html/ (where DocumentRoot of apache is pointed).

# mkdir /var/www/html/testfolder
# cd /var/www/html/testfolder

Step 3: Create .htaccess File

Now create a .htaccess file using the touch command and insert the following lines in it:

# touch .htaccess
# vi .htaccess
AuthUserFile /var/www/html/testfolder/.htpasswd
AuthGroupFile /www.null
AuthName "Authorization Required"
AuthType Basic

require user USER_NAME

Set the password by executing the htpasswd command for htaccess

# htpasswd -c /var/www/html/testfolder/.htpasswd USER_NAME

Step 4: Configuration in Apache

Edit the /etc/httpd/conf/httpd.conf file and add the lines:

# vi /etc/httpd/conf/httpd.conf
<Directory "/var/www/html/testfolder">
AllowOverride AuthConfig
</Directory>

Step 5: Restart Apache Server

In the end restart the httpd service:

# service httpd restart