How to Enable mod_perl on Linux CentOS 6.3

The default apache configuration installed without mod_perl. This can be a good idea in order to minimize the number of things that can go wrong. This post will covers the steps to enable mod_perl on linux CentOS 6.3. This will make Perl script be fast and increase the performance.

Prerequisites:
How to Install Httpd on CentOS 6.3

1. To Enable mod_perl, simply run the following command :

[root@centos63 ~]# yum install mod_perl -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_perl.i686 0:2.0.4-10.el6 will be installed
--> Processing Dependency: perl(BSD::Resource) for package: mod_perl-2.0.4-10.el6.i686
--> Running transaction check
---> Package perl-BSD-Resource.i686 0:1.29.03-3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                       Arch             Version                      Repository        Size
====================================================================================================
Installing:
 mod_perl                      i686             2.0.4-10.el6                 base             3.2 M
Installing for dependencies:
 perl-BSD-Resource             i686             1.29.03-3.el6                base              35 k

Transaction Summary
====================================================================================================
Install       2 Package(s)

Total download size: 3.2 M
Installed size: 6.0 M
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 3.2 M
(1/2): mod_perl-2.0.4-10.el6.i686.rpm                                        | 3.2 MB     00:27
(2/2): perl-BSD-Resource-1.29.03-3.el6.i686.rpm                              |  35 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               117 kB/s | 3.2 MB     00:27
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-BSD-Resource-1.29.03-3.el6.i686                                             1/2
  Installing : mod_perl-2.0.4-10.el6.i686                                                       2/2
  Verifying  : mod_perl-2.0.4-10.el6.i686                                                       1/2
  Verifying  : perl-BSD-Resource-1.29.03-3.el6.i686                                             2/2

Installed:
  mod_perl.i686 0:2.0.4-10.el6

Dependency Installed:
  perl-BSD-Resource.i686 0:1.29.03-3.el6

Complete!

2. Configure PerlRun mode :

[root@centos63 ~]# vi /etc/httpd/conf.d/perl.conf

a) Original :

#PerlSwitches -w

Uncomment or change to :

PerlSwitches -w

b) Original :

#PerlSwitches -T

Uncomment or change to :

PerlSwitches -T

c) Original :

#Alias /perl /var/www/perl
#<Directory /var/www/perl>
#    SetHandler perl-script
#    PerlResponseHandler ModPerl::Registry
#    PerlOptions +ParseHeaders
#    Options +ExecCGI
#</Directory>

Uncomment or change to :

Alias /perl /var/www/perl
<Directory /var/www/perl>
    SetHandler perl-script
#   AddHandler perl-script .cgi
#   PerlResponseHandler ModPerl::Registry
    PerlResponseHandler ModPerl::PerlRun
    PerlOptions +ParseHeaders
    Options +ExecCGI
</Directory>

d) Original :

#<Location /perl-status>
#    SetHandler perl-script
#    PerlResponseHandler Apache2::Status
#    Order deny,allow
#    Deny from all
#    Allow from .example.com
#</Location>

Uncomment or change to :

<Location /perl-status>
    SetHandler perl-script
    PerlResponseHandler Apache2::Status
    Order deny,allow
    Deny from all
    Allow from 192.168.2.0/24
</Location>

3. Restart Apache :

[root@centos63 ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

4. Make sure if it works normally :

Browse to http://192.168.2.54/perl-status

mod_perl

5. Configure Registry mode :

Alias /perl /var/www/perl
<Directory /var/www/perl>
    SetHandler perl-script
# AddHandler perl-script .cgi
    PerlResponseHandler ModPerl::Registry
#  PerlResponseHandler ModPerl::PerlRun
    PerlOptions +ParseHeaders
    Options +ExecCGI
</Directory>

6. Restart Apache :

[root@centos63 ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

How to Secure OpenSSH (SSHD) on Linux

OpenSSH is a open source alternative to the proprietary Secure Shell software. It is also the SSH connectivity tools that allows you to remotely login, transfer remote file via scp or sftp. It was created as an open source alternative to the proprietary Secure Shell software. OpenSSH options are controlled through the /etc/ssh/sshd_config file. In order to improve OpenSSH server security, certain default sshd setting need to be change. This post will show you three example to Secure OpenSSH (SSHD) on Linux. This steps has been tested on CentOS 6.3 and may working on CentOS 6.2, CentOS 5.x and Redhat Enterprise Linux 5 (RHEL 5) and Redhat Enterprise Linux 6 (RHEL 6).

1.Change SSH Default Port :

By default ssh runs on port 22. Hacker would need to know the SSH port number in order to access your system. One of the method to improve security is to change the default port to a non-standard port. That would helps to stop brute force attacks.

#Port 22

Uncomment and change to :

Port 2202

2. Disable Root Login (PermitRootLogin) :

Add the following entry to sshd_config to disable root to login to the server directly.

#PermitRootLogin yes

Uncomment and change to :

PermitRootLogin no

3. Listen Specific IP only :

By default ssh will listen on all of the above ip-addresses. If you want users to login only using ip-address 192.168.1.200 and 192.168.1.202, do the following in your sshd_config :

ListenAddress 192.168.1.200
ListenAddress 192.168.1.202

How to Install Subversion on CentOS 6.3

This post will cover the quick steps to install Subversion 1.6 on linux CentOS 6.3 server. Apache Subversion (often abbreviated SVN) is a open source software versioning and revision control system. Some people called it source code control(SCC) software and source code management(SCM) software. By using subversion, developer will able to keep tracks the changes of their code, who is authoring the file, compare the source code and etc.

[root@centos63 ~]# yum install subversion mod_dav_svn -y

Example :

[root@centos63 ~]# yum install subversion mod_dav_svn -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: centos.ipserverone.com
 * extras: centos.ipserverone.com
 * updates: centos.ipserverone.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_dav_svn.i686 0:1.6.11-7.el6 will be installed
---> Package subversion.i686 0:1.6.11-7.el6 will be installed
--> Processing Dependency: perl(URI) >= 1.17 for package: subversion-1.6.11-7.el6.i686
--> Processing Dependency: libneon.so.27 for package: subversion-1.6.11-7.el6.i686
--> Running transaction check
---> Package neon.i686 0:0.29.3-2.el6 will be installed
--> Processing Dependency: libproxy.so.0 for package: neon-0.29.3-2.el6.i686
--> Processing Dependency: libpakchois.so.0 for package: neon-0.29.3-2.el6.i686
---> Package perl-URI.noarch 0:1.40-2.el6 will be installed
--> Running transaction check
---> Package libproxy.i686 0:0.3.0-2.el6 will be installed
--> Processing Dependency: libproxy-python = 0.3.0-2.el6 for package: libproxy-0.3.0-2.el6.i686
--> Processing Dependency: libproxy-bin = 0.3.0-2.el6 for package: libproxy-0.3.0-2.el6.i686
---> Package pakchois.i686 0:0.4-3.2.el6 will be installed
--> Running transaction check
---> Package libproxy-bin.i686 0:0.3.0-2.el6 will be installed
---> Package libproxy-python.i686 0:0.3.0-2.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                      Arch                Version                   Repository         Size
====================================================================================================
Installing:
 mod_dav_svn                  i686                1.6.11-7.el6              base               80 k
 subversion                   i686                1.6.11-7.el6              base              2.2 M
Installing for dependencies:
 libproxy                     i686                0.3.0-2.el6               base               38 k
 libproxy-bin                 i686                0.3.0-2.el6               base              8.0 k
 libproxy-python              i686                0.3.0-2.el6               base              8.3 k
 neon                         i686                0.29.3-2.el6              base              120 k
 pakchois                     i686                0.4-3.2.el6               base               21 k
 perl-URI                     noarch              1.40-2.el6                base              117 k

Transaction Summary
====================================================================================================
Install       8 Package(s)

Total download size: 2.6 M
Installed size: 12 M
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 2.6 M
(1/8): libproxy-0.3.0-2.el6.i686.rpm                                         |  38 kB     00:00
(2/8): libproxy-bin-0.3.0-2.el6.i686.rpm                                     | 8.0 kB     00:00
(3/8): libproxy-python-0.3.0-2.el6.i686.rpm                                  | 8.3 kB     00:00
(4/8): mod_dav_svn-1.6.11-7.el6.i686.rpm                                     |  80 kB     00:00
(5/8): neon-0.29.3-2.el6.i686.rpm                                            | 120 kB     00:00
(6/8): pakchois-0.4-3.2.el6.i686.rpm                                         |  21 kB     00:00
(7/8): perl-URI-1.40-2.el6.noarch.rpm                                        | 117 kB     00:00
(8/8): subversion-1.6.11-7.el6.i686.rpm                                      | 2.2 MB     00:20
----------------------------------------------------------------------------------------------------
Total                                                               111 kB/s | 2.6 MB     00:24
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-URI-1.40-2.el6.noarch                                                       1/8
  Installing : libproxy-python-0.3.0-2.el6.i686                                                 2/8
  Installing : libproxy-0.3.0-2.el6.i686                                                        3/8
  Installing : libproxy-bin-0.3.0-2.el6.i686                                                    4/8
  Installing : pakchois-0.4-3.2.el6.i686                                                        5/8
  Installing : neon-0.29.3-2.el6.i686                                                           6/8
  Installing : subversion-1.6.11-7.el6.i686                                                     7/8
  Installing : mod_dav_svn-1.6.11-7.el6.i686                                                    8/8
  Verifying  : libproxy-bin-0.3.0-2.el6.i686                                                    1/8
  Verifying  : libproxy-python-0.3.0-2.el6.i686                                                 2/8
  Verifying  : perl-URI-1.40-2.el6.noarch                                                       3/8
  Verifying  : pakchois-0.4-3.2.el6.i686                                                        4/8
  Verifying  : mod_dav_svn-1.6.11-7.el6.i686                                                    5/8
  Verifying  : neon-0.29.3-2.el6.i686                                                           6/8
  Verifying  : libproxy-0.3.0-2.el6.i686                                                        7/8
  Verifying  : subversion-1.6.11-7.el6.i686                                                     8/8

Installed:
  mod_dav_svn.i686 0:1.6.11-7.el6                   subversion.i686 0:1.6.11-7.el6

Dependency Installed:
  libproxy.i686 0:0.3.0-2.el6  libproxy-bin.i686 0:0.3.0-2.el6  libproxy-python.i686 0:0.3.0-2.el6
  neon.i686 0:0.29.3-2.el6     pakchois.i686 0:0.4-3.2.el6      perl-URI.noarch 0:1.40-2.el6

Complete!

How to Find Default Gateway IP address on Linux

A default gateway is the node (a router) or network point on the computer network that serves as an access point and entrance to another network. It passes traffic between different subnets and networks. Computers running on the network using IP, a default gateway address is needed to reach all computers that are not on the same local IP subnet. This post will show you how to Find default gateway IP address on linux operating system. This command has been tested on CentOS 6.3.

1. Print default gateway using route command :

[root@centos63 ~]# route

Output :

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     *               255.255.255.0   U     0      0        0 eth0
link-local      *               255.255.0.0     U     1002   0        0 eth0
default         192.168.1.1     0.0.0.0         UG    0      0        0 eth0

2. Print default gateway using netstat command :

[root@centos63 ~]# netstat -rn

Output :

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG        0 0          0 eth0

Note : The flag U indicates that route is up and G indicates that it is gateway.

How to Check Disk Read Write Speed in Linux

hard diskMeasuring sequential disk performance is easy in linux as every modern Linux distribution comes with a command line utility called hdparm. Hdparm is a free tool to measure sequential disk performance which is primarily used to tune and optimize disk parameters. It is important to read hdparm man page and perform full backup before using hdparm command line utility. The popular option for hdparm command line utility are -t and -T.

-t is to perform buffered disk read which is the data transfer rate directly from the disk to memory.

-T is to perform timing cached read which is the data transfer rate from a memory buffer without reading the hard drive.

If hdparm is not installed then follow this steps to install hdparm on CentOS 6.3.

Type hdparm without option to get full hard disk parameters as a reference.

[root@centos63 ~]# hdparm

hdparm - get/set hard disk parameters - version v9.16

Usage:  hdparm  [options] [device] ..

Options:
 -a   get/set fs readahead
 -A   get/set the drive look-ahead flag (0/1)
 -b   get/set bus state (0 == off, 1 == on, 2 == tristate)
 -B   set Advanced Power Management setting (1-255)
 -c   get/set IDE 32-bit IO setting
 -C   check drive power mode status
 -d   get/set using_dma flag
 -D   enable/disable drive defect management
 -E   set cd/dvd drive speed
 -f   flush buffer cache for device on exit
 -F   flush drive write cache
 -g   display drive geometry
 -h   display terse usage information
 -H   read temperature from drive (Hitachi only)
 -i   display drive identification
 -I   detailed/current information directly from drive
 -k   get/set keep_settings_over_reset flag (0/1)
 -K   set drive keep_features_over_reset flag (0/1)
 -L   set drive doorlock (0/1) (removable harddisks only)
 -M   get/set acoustic management (0-254, 128: quiet, 254: fast)
 -m   get/set multiple sector count
 -N   get/set max visible number of sectors (HPA) (VERY DANGEROUS)
 -n   get/set ignore-write-errors flag (0/1)
 -p   set PIO mode on IDE interface chipset (0,1,2,3,4,...)
 -P   set drive prefetch count
 -q   change next setting quietly
 -Q   get/set DMA queue_depth (if supported)
 -r   get/set device  readonly flag (DANGEROUS to set)
 -R   obsolete
 -s   set power-up in standby flag (0/1) (DANGEROUS)
 -S   set standby (spindown) timeout
 -t   perform device read timings
 -T   perform cache read timings
 -u   get/set unmaskirq flag (0/1)
 -U   obsolete
 -v   defaults; same as -acdgkmur for IDE drives
 -V   display program version and exit immediately
 -w   perform device reset (DANGEROUS)
 -W   get/set drive write-caching flag (0/1)
 -x   obsolete
 -X   set IDE xfer mode (DANGEROUS)
 -y   put drive in standby mode
 -Y   put drive to sleep
 -Z   disable Seagate auto-powersaving mode
 -z   re-read partition table
 --dco-freeze      freeze/lock current device configuration until next power cycle
 --dco-identify    read/dump device configuration identify data
 --dco-restore     reset device configuration back to factory defaults
 --direct          use O_DIRECT to bypass page cache for timings
 --drq-hsm-error   crash system with a "stuck DRQ" error (VERY DANGEROUS)
 --fibmap          show device extents (and fragmentation) for a file
 --fibmap-sector   show absolute LBA of a specfic sector of a file
 --fwdownload            Download firmware file to drive (EXTREMELY DANGEROUS)
 --fwdownload-mode3      Download firmware using min-size segments (EXTREMELY DANGEROUS)
 --fwdownload-mode3-max  Download firmware using max-size segments (EXTREMELY DANGEROUS)
 --fwdownload-mode7      Download firmware using a single segment (EXTREMELY DANGEROUS)
 --idle-immediate  idle drive immediately
 --idle-unload     idle immediately and unload heads
 --Istdin          read identify data from stdin as ASCII hex
 --Istdout         write identify data to stdout as ASCII hex
 --make-bad-sector deliberately corrupt a sector directly on the media (VERY DANGEROUS)
 --prefer-ata12    use 12-byte (instead of 16-byte) SAT commands when possible
 --read-sector     read and dump (in hex) a sector directly from the media
 --security-help   display help for ATA security commands
 --trim-sectors    tell SSD firmware to discard unneeded data sectors (lba and count)
 --verbose         display extra diagnostics from some commands
 --write-sector    repair/overwrite a (possibly bad) sector directly on the media (VERY DANGEROUS)

Note : Substitute /dev/sda with the name of the disk device.

Example on how to check disk Disk Read Write Speed for /dev/sda on CentOS6.3 :

[root@centos63 ~]# hdparm -tT /dev/sda

/dev/sda:
 Timing cached reads:   4128 MB in  2.00 seconds = 2065.62 MB/sec
 Timing buffered disk reads:  276 MB in  3.06 seconds =  90.30 MB/sec

Example on how to check disk Disk Read Write Speed for /dev/sdb on CentOS6.3 :

[root@centos63 ~]# hdparm -tT /dev/sdb

/dev/sdb:
 Timing cached reads:   3410 MB in  2.00 seconds = 1705.84 MB/sec
 Timing buffered disk reads:  364 MB in  3.00 seconds = 121.29 MB/sec

How to Fix “-bash: hdparm: command not found” on Linux CentOS 6.3

hard diskQuestion:
When i try to run hdparm command to check to check the hard drive read and writing speed, the following error has been returned. Hdparm is a command line utility to measure sequential disk performance which is primarily used to tune and optimize disk parameters. Hdparm is free software under the BSD license.

[root@centos63 ~]# hdparm -t /dev/sda
-bash: hdparm: command not found

To Fix this, install hdparm command line utility on CentOS 6.3 using two method :

Method 1: Install hdparm using yum command :

[root@centos63 ~]# yum install hdparm -y

Example :

[root@centos63 ~]# yum install hdparm -y
Loaded plugins: fastestmirror, presto, priorities
Loading mirror speeds from cached hostfile
 * base: mirrors.sin3.sg.voxel.net
 * extras: mirrors.sin3.sg.voxel.net
 * updates: mirror.issp.co.th
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package hdparm.i686 0:9.16-3.4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package               Arch                Version                        Repository           Size
====================================================================================================
Installing:
 hdparm                i686                9.16-3.4.el6                   base                 72 k

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 72 k
Installed size: 134 k
Downloading Packages:
Setting up and reading Presto delta metadata
Processing delta metadata
Package(s) data still to download: 72 k
hdparm-9.16-3.4.el6.i686.rpm                                                 |  72 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : hdparm-9.16-3.4.el6.i686                                                         1/1
  Verifying  : hdparm-9.16-3.4.el6.i686                                                         1/1

Installed:
  hdparm.i686 0:9.16-3.4.el6

Complete!

Method 2 : Install hdparm using RPM packages as per OS and bit :

For 32 Bit :

[root@centos63 ~]# rpm -Uvh http://mirrors.hostemo.com/CentOS/6.3/os/i386/Packages/hdparm-9.16-3.4.el6.i686.rpm

For 64 Bit :

[root@centos63 ~]# rpm -Uvh http://mirrors.hostemo.com/CentOS/6.3/os/x86_64/Packages/hdparm-9.16-3.4.el6.x86_64.rpm

Verify if the hdparm RPM is installed or not by using the following command :

[root@centos63 ~]# rpm -qa | grep hdparm
hdparm-9.16-3.4.el6.i686

How to Remove a Logical Volume on CentOS 6.3/RHEL6

In previous post, i have cover the steps to create additional Logical volume manager (LVM). In certain situation, linux administrator is required to remove the existing logical volume. It is possible to perform the required task if that system administrator has the right skill on linux. Otherwise, they will put themselves and the organization in the disaster or risk as this working with the system’s data. This post assumed centos63_vol has been created and will be remove later. In summary, removing a logical volume (centos63_vol) will involve the following processes:

a) Unmount the LV
b) Remove the LV
c) Update /etc/fstab

1. Begin by listing all the logical volumes on the system :

[root@centos63 ~]# lvs
  LV           VG          Attr     LSize Pool Origin Data%  Move Log Copy%  Convert
  lv_root      vg_centos63 -wi-ao-- 5.54g
  lv_swap      vg_centos63 -wi-ao-- 1.97g
  centos63_vol vg_data     -wi-ao-- 4.99g

2. Check current disk layout and find where centos63_vol is mounted :

[root@centos63 ~]# df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_centos63-lv_root
                      5.5G  2.2G  3.1G  41% /
tmpfs                 504M     0  504M   0% /dev/shm
/dev/sda1             485M   65M  395M  15% /boot
/dev/mapper/vg_data-centos63_vol
                      5.0G  139M  4.6G   3% /mydata

3. View current /etc/fstab value :

[root@centos63 ~]# cat /etc/fstab

#
# /etc/fstab
# Created by anaconda on Sun Jul 15 20:17:38 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos63-lv_root /                       ext4    defaults        1 1
UUID=2217c7b1-4467-4c81-8596-c3ee7758e2cc /boot                   ext4    defaults        1 2
/dev/mapper/vg_centos63-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
/dev/vg_data/centos63_vol /mydata                       ext4    defaults        1 1

4. Unmount centos63_vol (mounted at /mydata) :

[root@centos63 ~]# umount /mydata

5. Verify that centos63_vol has unmounted :

[root@centos63 ~]# df -lh
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_centos63-lv_root
                      5.5G  2.2G  3.1G  41% /
tmpfs                 504M     0  504M   0% /dev/shm
/dev/sda1             485M   65M  395M  15% /boot

6. Remove the logical volume /dev/mapper/vg_data-centos63_vol :

[root@centos63 ~]# lvremove /dev/mapper/vg_data-centos63_vol
Do you really want to remove active logical volume centos63_vol? [y/n]: y
  Logical volume "centos63_vol" successfully removed

7. Verify the logical volume has been removed :

[root@centos63 ~]# lvs
  LV      VG          Attr     LSize Pool Origin Data%  Move Log Copy%  Convert
  lv_root vg_centos63 -wi-ao-- 5.54g
  lv_swap vg_centos63 -wi-ao-- 1.97g
[root@centos63 ~]#

8. Update /etc/fstab to reflect the removal of the file system :

[root@centos63 ~]# vi /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Jul 15 20:17:38 2012
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_centos63-lv_root /                       ext4    defaults        1 1
UUID=2217c7b1-4467-4c81-8596-c3ee7758e2cc /boot                   ext4    defaults        1 2
/dev/mapper/vg_centos63-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0

How to Check Realtime RAM Memory Usage Available in Linux VPS

rhelOn the previous post, i have teach you on how to check the memory usage on linux virtual Private Server (VPS) but only top command had provide real-time information and updates . This quick post will covers on how to check realtime RAM memory usage available in Linux VPS using watch command. Watch runs command repeatedly, displaying its output change over time or at regular intervals. Watch will run until interrupted. This command has been tested on Redhat Linux Enterprise 6 (RHEL 6) and may working on CentOS 6.x as well.

The basic syntax of watch is :

# watch [option(s)] command

1. Check memory usage using “top” command. Watch command not required for top command as top will update the result periodically. :

[root@rhel6 ~]# top

2. Check memory usage using “/proc/meminfo” with watch command :

[root@rhel6 ~]# watch -n 1 cat /proc/meminfo

Output :

Every 1.0s: cat /proc/meminfo                                               Mon Oct 15 13:48:17 2012

MemTotal:        1031320 kB
MemFree:          626372 kB
Buffers:           58576 kB
Cached:           217004 kB
SwapCached:            0 kB
Active:           148516 kB
Inactive:         164708 kB
Active(anon):      37816 kB
Inactive(anon):       84 kB
Active(file):     110700 kB
Inactive(file):   164624 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:        141256 kB
HighFree:            280 kB
LowTotal:         890064 kB
LowFree:          626092 kB
SwapTotal:       2064376 kB
SwapFree:        2064376 kB
Dirty:                 4 kB
Writeback:             0 kB
AnonPages:         37652 kB
Mapped:            19096 kB
Shmem:               264 kB
Slab:              81048 kB
SReclaimable:      62096 kB
SUnreclaim:        18952 kB
..
..
..

3. Check memory usage using “free” with watch command :

[root@rhel6 ~]# watch -n 1 free

Output :

Every 1.0s: free                                                            Mon Oct 15 13:47:26 2012

             total       used       free     shared    buffers     cached
Mem:       1031320     404548     626772          0      58564     217004
-/+ buffers/cache:     128980     902340
Swap:      2064376          0    2064376

4. Check memory usage using “vmstat” with watch command :

[root@rhel6 ~]# watch -n 1 vmstat

Output :

Every 1.0s: vmstat                                                          Mon Oct 15 13:46:44 2012

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 0  0      0 626280  58552 217004   30    0     0    14   46   73  0  1 98  1  0

4 Top Command Howto on Linux RHEL 6/CentOS 6

In this article, i will help you to explore most frequently used top commands that linux system administrator use when analyzing the linux performance and use for daily system administrative jobs. Top command displays system summary information such as tasks currently being managed by the Linux kernel, displays ongoing look at processor activity in real time and will displays a listing of the most CPU-intensive tasks on the system. It also will show the processor and memory are being used and other information like running processes. It will help you to summarize how much of your system’s resources are taking up.

1. How to display top command result :

[root@rhel6 ~]# top

top
This command will show information like tasks, memory, cpu load average, swap and number of users. Press ‘q’ to quit window.

2. How to display selected user using top -u :

[root@rhel6 ~]# top -u apache

top

3. How to display specific process with given PIDs Using top -p(e.g PID 2449, 2450) :

[root@rhel6 ~]# top -p 2449,2450

top

4. How to quit top command after a specified number of iterations :

[root@rhel6 ~]# top -n 10

This top command will automatically exit after 10 number of repetition.

How to Setup Nginx With PHP-FastCGI on CentOS 6.2/CentOS 6.3 VPS Server

At the previous post, i have setup Nginx as reverse proxy to apache web server. This post will covers the steps how to setup nginx web server to use PHP-FastCGI for dynamic content. Nginx (pronounced “Engine-X”) is a free, open-source HTTP Web server and one of the alternative to Apache http server. It’s a high performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. FastCGI is a language independent, scalable, open extension to CGI that provides high performance without the limitations of server specific APIs. FastCGI provides better scalability and performance.

1. Prepared yum repository for nginx :

[root@centos63 ~]# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. Install Nginx :

[root@centos63 ~]# yum install nginx -y

3. Install required php packages :

[root@centos63 ~]# yum install php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy -y

Examples of Software Installed and the Dependency:

Installed:
  php-eaccelerator.i686 1:0.9.6.1-1.el6   php-imap.i686 0:5.3.3-14.el6_3      php-ldap.i686 0:5.3.3-14.el6_3
  php-magickwand.i686 0:1.0.9-1.el6       php-magpierss.noarch 0:0.72-6.el6   php-mssql.i686 0:5.3.3-1.el6
  php-odbc.i686 0:5.3.3-14.el6_3          php-pear.noarch 1:1.9.4-4.el6       php-shout.i686 0:0.9.2-6.el6
  php-snmp.i686 0:5.3.3-14.el6_3          php-soap.i686 0:5.3.3-14.el6_3      php-tidy.i686 0:5.3.3-14.el6_3
  php-xml.i686 0:5.3.3-14.el6_3           php-xmlrpc.i686 0:5.3.3-14.el6_3

Dependency Installed:
  ConsoleKit.i686 0:0.4.1-3.el6                        ConsoleKit-libs.i686 0:0.4.1-3.el6
  GConf2.i686 0:2.28.0-6.el6                           ImageMagick.i686 0:6.5.4.7-6.el6_2
  ORBit2.i686 0:2.14.17-3.1.el6                        atk.i686 0:1.28.0-2.el6
  avahi-libs.i686 0:0.6.25-11.el6                      cairo.i686 0:1.8.8-3.1.el6
  cups-libs.i686 1:1.4.2-48.el6_3.1                    dbus.i686 1:1.2.24-7.el6_3
  eggdbus.i686 0:0.6-3.el6                             fontconfig.i686 0:2.8.0-3.el6
  freetds.i686 0:0.91-2.el6                            ghostscript.i686 0:8.70-14.el6_3.1
  ghostscript-fonts.noarch 0:5.50-23.1.el6             gtk2.i686 0:2.18.9-10.el6
  hicolor-icon-theme.noarch 0:0.11-1.1.el6             jasper-libs.i686 0:1.900.1-15.el6_1.1
  lcms-libs.i686 0:1.19-1.el6                          libICE.i686 0:1.0.6-1.el6
  libIDL.i686 0:0.8.13-2.1.el6                         libSM.i686 0:1.1.0-7.1.el6
  libXcomposite.i686 0:0.4.1-2.el6                     libXcursor.i686 0:1.1.10-2.el6
  libXdamage.i686 0:1.1.2-1.el6                        libXext.i686 0:1.1-3.el6
  libXfixes.i686 0:4.0.4-1.el6                         libXfont.i686 0:1.4.1-2.el6_1
  libXft.i686 0:2.1.13-4.1.el6                         libXi.i686 0:1.3-3.el6
  libXinerama.i686 0:1.1-1.el6                         libXrandr.i686 0:1.3.0-4.el6
  libXrender.i686 0:0.9.5-1.el6                        libXt.i686 0:1.0.7-1.el6
  libc-client.i686 0:2007e-11.el6                      libcroco.i686 0:0.6.2-5.el6
  libfontenc.i686 0:1.0.5-2.el6                        libgsf.i686 0:1.14.15-5.el6
  libogg.i686 2:1.1.4-2.1.el6                          librsvg2.i686 0:2.26.0-5.el6_1.1.0.1.centos
  libshout.i686 0:2.2.2-5.1.el6                        libthai.i686 0:0.1.12-3.el6
  libtheora.i686 1:1.1.0-2.el6                         libtidy.i686 0:0.99.0-19.20070615.1.el6
  libtiff.i686 0:3.9.4-6.el6_3                         libvorbis.i686 1:1.2.3-4.el6_2.1
  libwmf-lite.i686 0:0.2.8.4-22.el6.centos             lm_sensors-libs.i686 0:3.1.1-10.el6
  net-snmp.i686 1:5.5-41.el6_3.1                       net-snmp-libs.i686 1:5.5-41.el6_3.1
  pango.i686 0:1.28.1-3.el6_0.5.1.centos               pixman.i686 0:0.18.4-1.el6_0.1
  polkit.i686 0:0.96-2.el6_0.1                         sgml-common.noarch 0:0.6.3-32.el6
  speex.i686 0:1.2-0.12.rc1.1.el6                      unixODBC.i686 0:2.2.14-11.el6
  urw-fonts.noarch 0:2.4-10.el6                        xorg-x11-font-utils.i686 1:7.2-11.el6

Dependency Updated:
  dbus-libs.i686 1:1.2.24-7.el6_3

Complete!

4. Configure EPEL Repository on CentOS 6.3 and install spawn-fcgi :

[root@centos63 ~]# yum install spawn-fcgi -y

5. Start configure nginx. It is better to backup original nginx config file :

[root@centos63 ~]# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

6. Create nginx DocumentRoot for ehowstuff.local virtual host :

[root@centos63 ~]# mkdir -p /var/www/html/ehowstuff.local
[root@centos63 ~]# mkdir -p /var/www/html/ehowstuff.local/public_html
[root@centos63 ~]# chown -R nginx:nginx /var/www/html/ehowstuff.local/public_html

7. Create folder where to store access.log and error.log :

[root@centos63 ~]# mkdir -p /var/log/nginx/ehowstuff.local
[root@centos63 ~]# chown -R nginx:nginx /var/log/nginx/ehowstuff.local

8. Modify default nginx config file :

[root@centos63 ~]# vi /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}


9. Add the host configuration file under /etc/nginx/conf.d/. Nginx config file will load all *.conf files under conf.d folder :

As example, the website domain is ehowstuff.local. So virtual server ehowstuff.local will be created and named as ehowstuff.local.conf :

[root@centos63 ~]# vi /etc/nginx/conf.d/ehowstuff.local.conf
server {
    server_name www.ehowstuff.local ehowstuff.local;
    access_log /var/log/nginx/ehowstuff.local/access.log;
    error_log /var/log/nginx/ehowstuff.local/error.log;
    root /var/www/html/ehowstuff.local/public_html;

    location / {
        index index.html index.htm index.php;
    }

    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass  127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/html/ehowstuff.local/public_html$fastcgi_script_name;
    }
}

10. Check your nginx version :

[root@centos63 ~]# nginx -v
nginx version: nginx/1.2.4

11. Configure php-fastcgi :

[root@centos63 ~]# cd /opt
[root@centos63 opt]# wget -O php-fastcgi-rpm.sh http://library.linode.com/assets/696-php-fastcgi-rpm.sh
[root@centos63 opt]# mv php-fastcgi-rpm.sh /usr/bin/php-fastcgi
[root@centos63 opt]# chmod +x /usr/bin/php-fastcgi
[root@centos63 opt]# wget -O php-fastcgi-init-rpm.sh http://library.linode.com/assets/697-php-fastcgi-init-rpm.sh
[root@centos63 opt]# mv php-fastcgi-init-rpm.sh /etc/rc.d/init.d/php-fastcgi
[root@centos63 opt]# chmod +x /etc/rc.d/init.d/php-fastcgi

12. Start php-fastcgi to control spawn-fcgi :

[root@centos63 ~]# /etc/init.d/php-fastcgi start
Starting php-cgi: spawn-fcgi: child spawned successfully: PID: 3380
                                                           [  OK  ]

13. Start Nginx service :

[root@centos63 ~]# service nginx start

14. Make Nginx and php-fastcgi start at boot :

[root@centos63 opt]# chkconfig --add nginx
[root@centos63 opt]# chkconfig nginx on
[root@centos63 opt]# chkconfig --add php-fastcgi
[root@centos63 opt]# chkconfig php-fastcgi on

Nginx Reverse Proxy Setup for Linux Server

Nginx Reverse ProxyNginx also pronounced “Engine-X” is a free, open-source HTTP Web server and one of the best alternative to Apache http server. It is a high-performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. Nginx also provides a combination of Nginx web servers, Nginx reverse proxy and Nginx load balancing solution to the websites that running on high traffic and just wants to be consistently efficient. Nginx has the lowest memory footprint possible and optimizes CPU usage while delivering maximum performance even on a very cheap server hardware. More importantly, Nginx is able to continuously take more connections while maintaining low memory usage.

What is Nginx Reverse Proxy ?

When Nginx reverse proxy received request, it sends a request to the specified proxied server. In this case the specified proxied server is Apache web server. When Nginx reverse proxy fetches the response from Apache web server, It will sends it back to the client. In other words, Nginx reverse proxy serve as front-end server for Apache web service.

How to Setup Nginx Reverse Proxy for Linux

This article will show you how to install and configure Nginx reverse proxy for Apache web server. It was assumed that Apache web server has been running at 192.168.1.55 and nginx will be install at another server with Ip address, 192.168.1.54. This has been tested and working fine at CentOS 6 / CentOS 7 / RHEL 7 / Oracle Linux 7.

Nginx Reverse Proxy Server : 192.168.1.54
Apache Web server : 192.168.1.55

1. Prepared yum repository for nginx :

# vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

2. Perform yum install for nginx :

# yum install nginx -y

3. Backup original nginx config file :

# cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

4. Modify default nginx config file :

# vi /etc/nginx/nginx.conf
user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {

    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    charset   utf-8;
    keepalive_timeout  65;
    server_tokens       off;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         off;

    server {
          listen 80;
          server_name  _;
          root   /usr/share/nginx/html;
          index  index.html index.htm;     }

    include  conf.d/*.conf;
}

5. Add the host configuration file under /etc/nginx/conf.d/. Nginx config file will load all *.conf files under conf.d folder :

As example, the website domain is ehowstuff.local. So virtual server ehowstuff.local will be created and named as ehowstuff.local.conf :

# vi /etc/nginx/conf.d/ehowstuff.local.conf
server {
      listen 80;
      server_name  ehowstuff.local www.ehowstuff.local;

 access_log  off;
 error_log off;

location / {
  proxy_pass              http://192.168.1.55:80/;
  proxy_set_header        X-Real-IP       $remote_addr;
  proxy_set_header        Host  $host;
  proxy_redirect          off;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_connect_timeout   90;
  proxy_send_timeout      90;
  proxy_read_timeout      90;
  client_max_body_size    10m;
  client_body_buffer_size 128k;
  proxy_buffer_size       4k;
  proxy_buffers           4 32k;
  proxy_busy_buffers_size 64k;
}
}

On above configuration file, all the traffic to ehowstuff.local port 80 will be redirected to the Apache web server that hosted at 192.168.1.55. Nginx reverse proxy serve as front-end server for Apache web service.

6. Verify the configuration file :

# /usr/sbin/nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

7. Start nginx server :

# service nginx start

8. Configure nginx start at boot :

# chkconfig nginx on

 

How to Setup Lynis Linux Auditing Tool on CentOS 6.2/CentOS 6.3

Lynis is a free and open source auditing tool for Unix-based operating system. It will provide report and makes suggestion after it scans the system and detect general system information, installed packages, configuration errors and security issues. Lynis aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. Follow this steps to setup Linux Auditing Tool on CentOS 6.3.

1. Create lynis directory under /usr/local/ :

[root@centos63 ~]# mkdir /usr/local/lynis

2. Download lynis software from http://www.rootkit.nl/projects/lynis.html :

# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz

Example :

[root@centos63 ~]# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
--2012-10-06 12:18:13--  http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
Resolving www.rootkit.nl... 31.7.1.110
Connecting to www.rootkit.nl|31.7.1.110|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 119797 (117K) [application/x-gzip]
Saving to: âlynis-1.3.0.tar.gzâ

100%[==========================================================>] 119,797     96.3K/s   in 1.2s

2012-10-06 12:18:15 (96.3 KB/s) - âlynis-1.3.0.tar.gzâ

3. Copy lynis-1.3.0.tar.gz to the created directory :

[root@centos63 ~]# cp lynis-1.3.0.tar.gz /usr/local/lynis

Then go to the created lynis directory :

[root@centos63 ~]# cd /usr/local/lynis

4. Extract lynis-1.3.0.tar.gz into /usr/local/lynis :

# tar xzvf lynis-1.3.0.tar.gz

Example :

[root@centos63 lynis]# tar xzvf lynis-1.3.0.tar.gz
lynis-1.3.0/CHANGELOG
lynis-1.3.0/FAQ
lynis-1.3.0/INSTALL
lynis-1.3.0/LICENSE
lynis-1.3.0/README
lynis-1.3.0/db/
lynis-1.3.0/db/integrity.db
lynis-1.3.0/db/sbl.db
lynis-1.3.0/db/fileperms.db
lynis-1.3.0/db/malware-susp.db
lynis-1.3.0/db/malware.db
lynis-1.3.0/db/hints.db
lynis-1.3.0/default.prf
lynis-1.3.0/dev/
lynis-1.3.0/dev/README
lynis-1.3.0/dev/files.dat
lynis-1.3.0/dev/TODO
lynis-1.3.0/dev/openbsd/
lynis-1.3.0/dev/openbsd/+CONTENTS
lynis-1.3.0/dev/check-lynis.sh
lynis-1.3.0/dev/build-lynis.sh
lynis-1.3.0/include/
lynis-1.3.0/include/profiles
lynis-1.3.0/include/tests_malware
lynis-1.3.0/include/tests_accounting
lynis-1.3.0/include/parameters
lynis-1.3.0/include/tests_ssh
lynis-1.3.0/include/tests_time
lynis-1.3.0/include/tests_firewalls
lynis-1.3.0/include/tests_nameservices
lynis-1.3.0/include/binaries
lynis-1.3.0/include/tests_webservers
lynis-1.3.0/include/tests_squid
lynis-1.3.0/include/tests_storage_nfs
lynis-1.3.0/include/tests_insecure_services
lynis-1.3.0/include/tests_scheduling
lynis-1.3.0/include/tests_tooling
lynis-1.3.0/include/tests_hardening
lynis-1.3.0/include/tests_networking
lynis-1.3.0/include/report
lynis-1.3.0/include/tests_boot_services
lynis-1.3.0/include/functions
lynis-1.3.0/include/tests_memory_processes
lynis-1.3.0/include/tests_file_permissions
lynis-1.3.0/include/tests_file_integrity
lynis-1.3.0/include/tests_shells
lynis-1.3.0/include/tests_databases
lynis-1.3.0/include/tests_homedirs
lynis-1.3.0/include/osdetection
lynis-1.3.0/include/tests_ldap
lynis-1.3.0/include/tests_ports_packages
lynis-1.3.0/include/tests_hardening_tools
lynis-1.3.0/include/tests_logging
lynis-1.3.0/include/tests_mail_messaging
lynis-1.3.0/include/tests_banners
lynis-1.3.0/include/tests_crypto
lynis-1.3.0/include/tests_kernel
lynis-1.3.0/include/tests_mac_frameworks
lynis-1.3.0/include/tests_solaris
lynis-1.3.0/include/tests_virtualization
lynis-1.3.0/include/tests_kernel_hardening
lynis-1.3.0/include/tests_snmp
lynis-1.3.0/include/tests_authentication
lynis-1.3.0/include/tests_filesystems
lynis-1.3.0/include/tests_storage
lynis-1.3.0/include/tests_printers_spools
lynis-1.3.0/include/tests_php
lynis-1.3.0/include/consts
lynis-1.3.0/include/tests_tcpwrappers
lynis-1.3.0/lynis
lynis-1.3.0/lynis.8
lynis-1.3.0/plugins/
lynis-1.3.0/plugins/README
lynis-1.3.0/plugins/custom_plugin.template

5. Enter the extracted lynis directory, lynis-1.3.0 :

[root@centos63 lynis]# cd lynis-1.3.0

6. Check if Lynis is up-to-date :

# ./lynis --check-update

Example :

[root@centos63 lynis-1.3.0]# ./lynis --check-update

 == Lynis ==

  Version         :   1.3.0
  Release date    :   28 April 2011
  Update location :   http://www.rootkit.nl/

 == Databases ==
                      Current          Latest           Status
  -----------------------------------------------------------------------------
  Malware         :   2008062700       2008062700       Up-to-date
  File perms      :   2008053000       2008053000       Up-to-date


Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/

7. By running ./lynis without any option, it will provide you a complete list of available parameters and you can use this as a references :

# ./lynis

Example :

[root@centos63 lynis-1.3.0]# ./lynis

[ Lynis 1.3.0 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.

 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################

[+] Initializing program
------------------------------------
  Scan options:
    --auditor ""            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile            : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests ""             : Run only tests defined by 
    --tests-category "" : Run only tests defined by 

  Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

  Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

  Error: No parameters specified!
  See man page and documentation for all available options.

Exiting..

8. To start Lynis with full system scanning, define a –check-all or -c option to begin scanning of your entire Linux system. It will prompt you “[ Press [ENTER] to continue, or [CTRL]+C to stop ]” for every process that it scans.

# ./lynis -c

Example :

[root@centos63 lynis-1.3.0]# ./lynis -c

[ Lynis 1.3.0 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.

 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################

[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]

  ---------------------------------------------------
  Program version:           1.3.0
  Operating system:          Linux
  Operating system name:     CentOS
  Operating system version:  CentOS release 6.3 (Final)
  Kernel version:            2.6.32-279.1.1.el6.i686
  Hardware platform:         i686
  Hostname:                  centos63
  Auditor:                   [Unknown]
  Profile:                   ./default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  ---------------------------------------------------

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

9. To proceed with quick mode and avoid user input, execute lynis command with -c and -Q options as shown below :

# ./lynis -c -Q

Examples :

[root@centos63 lynis-1.3.0]# ./lynis -c -Q

Examples result :

[+] Software: PHP
------------------------------------
  - Checking PHP...                                           [ FOUND ]
  - Checking PHP disabled functions...                        [ FOUND ]
    - Checking register_globals option...                     [ OK ]
    - Checking expose_php option...                           [ ON ]
    - Checking enable_dl option...                            [ OFF ]
    - Checking allow_url_fopen option...                      [ ON ]
    - Checking allow_url_include option...                    [ OFF ]

[+] Squid Support
------------------------------------
  - Checking running Squid daemon...                          [ NOT FOUND ]

[+] Logging and files
------------------------------------
  - Checking for a running syslog daemon...                   [ OK ]
    - Checking Syslog-NG status                               [ NOT FOUND ]
    - Checking Metalog status                                 [ NOT FOUND ]
    - Checking RSyslog status                                 [ FOUND ]
    - Checking RFC 3195 daemon status                         [ NOT FOUND ]
  - Checking minilogd instances                               [ NONE ]
  - Checking logrotate presence                               [ OK ]
  - Checking log directories (static list)                    [ DONE ]
  - Checking open log files                                   [ DONE ]
  - Checking deleted files in use                             [ FILES FOUND ]

[+] Insecure services
------------------------------------
  - Checking inetd status...                                  [ ACTIVE ]
    - Checking inetd.conf...                                  [ NOT FOUND ]

[+] Banners and identification
------------------------------------
  - /etc/motd...                                              [ FOUND ]
    - /etc/motd permissions...                                [ OK ]
    - /etc/motd contents...                                   [ WEAK ]
  - /etc/issue...                                             [ FOUND ]
    - /etc/issue contents...                                  [ WEAK ]
  - /etc/issue.net...                                         [ FOUND ]
    - /etc/issue.net contents...                              [ WEAK ]

[+] Scheduled tasks
------------------------------------
  - Checking crontab/cronjob                                  [ DONE ]
  - Checking atd status                                       [ NOT RUNNING ]

[+] Accounting
------------------------------------
  - Checking accounting information...                        [ NOT FOUND ]
  - Checking auditd                                           [ ENABLED ]
    - Checking audit rules                                    [ SUGGESTION ]
    - Checking audit configuration file                       [ OK ]
    - Checking auditd log file                                [ FOUND ]

[+] Time and Synchronization
------------------------------------
  - Checking running NTP daemon...                            [ FOUND ]
  - Checking NTP client in crontab file...                    [ NOT FOUND ]
  - Checking NTP client in cron.d files...                    [ NOT FOUND ]
  - Checking for a running NTP daemon or client...            [ OK ]
  - Checking NTP daemon...                                    [ FOUND ]
  - Checking valid association ID's...                        [ FOUND ]
  - Checking high stratum ntp peers...                        [ OK ]
  - Checking unreliable ntp peers...                          [ FOUND ]
  - Checking selected time source...                          [ OK ]
  - Checking time source candidates...                        [ OK ]
  - Checking falsetickers...                                  [ OK ]
  - Checking NTP version...                                   [ FOUND ]

[+] Cryptography
------------------------------------
  - Checking SSL certificate expiration...                    [ OK ]

[+] Virtualization
------------------------------------

[+] Security frameworks
------------------------------------
  - Checking presence AppArmor                                [ NOT FOUND ]
  - Checking presence SELinux                                 [ FOUND ]
    - Checking SELinux status                                 [ DISABLED ]
  - Checking presence grsecurity                              [ NOT FOUND ]

[+] Software: file integrity
------------------------------------
  - Checking AFICK...                                         [ NOT FOUND ]
  - Checking AIDE...                                          [ NOT FOUND ]
  - Checking Osiris...                                        [ NOT FOUND ]
  - Checking Samhain...                                       [ NOT FOUND ]
  - Checking Tripwire...                                      [ NOT FOUND ]
  - Checking presence integrity tool...                       [ NOT FOUND ]

[+] Software: Malware scanners
------------------------------------
  - Checking chkrootkit...                                    [ NOT FOUND ]
  - Checking Rootkit Hunter...                                [ NOT FOUND ]
  - Checking ClamAV scanner...                                [ FOUND ]
  - Checking ClamAV daemon...                                 [ NOT FOUND ]

[+] System Tools
------------------------------------
  - Starting file permissions check...
    /etc/lilo.conf                                            [ NOT FOUND ]
    /root/.ssh                                                [ OK ]

[+] Home directories
------------------------------------
  - Checking shell history files...                           [ OK ]

[+] Kernel Hardening
------------------------------------
  - Comparing sysctl key pairs with scan profile...
      - kernel.core_uses_pid (exp: 1)                         [ OK ]
      - kernel.ctrl-alt-del (exp: 0)                          [ OK ]
      - kernel.exec-shield (exp: 1)                           [ OK ]
      - kernel.sysrq (exp: 0)                                 [ OK ]
      - net.ipv4.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv4.conf.all.accept_source_route (exp: 0)        [ OK ]
      - net.ipv4.conf.all.bootp_relay (exp: 0)                [ OK ]
      - net.ipv4.conf.all.forwarding (exp: 0)                 [ OK ]
      - net.ipv4.conf.all.log_martians (exp: 1)               [ DIFFERENT ]
      - net.ipv4.conf.all.mc_forwarding (exp: 0)              [ OK ]
      - net.ipv4.conf.all.proxy_arp (exp: 0)                  [ OK ]
      - net.ipv4.conf.all.rp_filter (exp: 1)                  [ DIFFERENT ]
      - net.ipv4.conf.all.send_redirects (exp: 0)             [ DIFFERENT ]
      - net.ipv4.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
      - net.ipv4.conf.default.accept_source_route (exp: 0)    [ OK ]
      - net.ipv4.conf.default.log_martians (exp: 1)           [ DIFFERENT ]
      - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)         [ OK ]
      - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)   [ OK ]
      - net.ipv4.tcp_syncookies (exp: 1)                      [ OK ]
      - net.ipv4.tcp_timestamps (exp: 0)                      [ DIFFERENT ]
      - net.ipv6.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv6.conf.all.accept_source_route (exp: 0)        [ OK ]
      - net.ipv6.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
      - net.ipv6.conf.default.accept_source_route (exp: 0)    [ OK ]

[+] Hardening
------------------------------------
    - Installed compiler(s)...                                [ FOUND ]
    - Installed malware scanner...                            [ FOUND ]

================================================================================

  -[ Lynis 1.3.0 Results ]-

  Tests performed: 164
  Warnings:
  ----------------------------
   - [12:34:29] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]
   - [12:34:33] Warning: No password set for single mode [test:AUTH-9308] [impact:L]
   - [12:34:51] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
   - [12:34:52] Warning: Found mail_name in SMTP banner, and/or mail_name contains 'Postfix' [test:MAIL-8818] [impact:L]
   - [12:34:57] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M]

  Suggestions:
  ----------------------------
   - [12:34:29] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=, add: password --md5  [test:BOOT-5121]
   - [12:34:33] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
   - [12:34:33] Suggestion: Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]
   - [12:34:33] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
   - [12:34:33] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
   - [12:34:33] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
   - [12:34:39] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
   - [12:34:39] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
   - [12:34:39] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
   - [12:34:48] Suggestion: Install package 'yum-utils' for better consistency checking of the package database [test:PKGS-7384]
   - [12:34:51] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
   - [12:34:52] Suggestion: You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818]
   - [12:34:53] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]

For more information visit the offical Lynis page at http://www.rootkit.nl/projects/lynis.html.