How to Install ClamAV on Ubuntu Server 14.04

Linux system is design to makes it hard for viruses to run and that why it is more secure than windows operating system. However we still need to install Clam AntiVirus (ClamAV) on linux server to protect it from virus. This because the linux malware and viruses are increasing everyday. ClamAV is free antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats and one of the main uses is on main servers as server-side email virus scanner. ClamAV can be integrate with mail servers to scan the attachment and files. This article will describe on how to install ClamAV on Ubuntu Server 14.04 virtual private server (VPS) or dedicated server.

install clamav ubuntu server

How to Install ClamAV on Ubuntu Server 14.04

1. Install clamav and clamav-daemon. Clamav daemon is for automated use.

ehowstuff@ubuntu14:~$ sudo apt-get install clamav clamav-daemon -y

2. Update the clamav pattern file :

ehowstuff@ubuntu14:~$ sudo freshclam

3. Check files in the all users home directories:

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
[sudo] password for ehowstuff:
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.139 sec (0 m 20 s)
ehowstuff@ubuntu14:~$

4. Download test virus :

ehowstuff@ubuntu14:~$ wget http://www.eicar.org/download/eicar.com
--2014-05-24 15:05:13--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 188.40.238.250
Connecting to www.eicar.org (www.eicar.org)|188.40.238.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: âeicar.comâ

100%[==========================================================>] 68          --.-K/s   in 0s

2014-05-24 15:05:13 (8.12 MB/s) - âeicar.comâ saved [68/68]

5. Check again the directory should contain the downloaded test virus :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 19.874 sec (0 m 19 s)

6. Scan and remove virus files :

ehowstuff@ubuntu14:~$ sudo clamscan --infected --remove --recursive /home
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND
/home/ehowstuff/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.930 sec (0 m 20 s)

7. Scan again home directory. The downloaded virus file should be remove now :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.151 sec (0 m 20 s)

8. Start clamav-daemon (clamd):

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon start
 * Starting ClamAV daemon clamd                                                              [ OK ]

9. Check clamd status :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon status
 * clamd is running

10. Start and check the status of clamav-freshclam :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam start
 * Starting ClamAV virus database updater freshclam                                          [ OK ]
ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam status
 * freshclam is running

11. Verify ClamAV version number :

ehowstuff@ubuntu14:~$ sudo clamdscan -V
ClamAV 0.98.1/19025/Sat May 24 10:04:32 2014

12. See more option for clamscan by issue “sudo clamscan –help” command:

ehowstuff@ubuntu14:~$ sudo clamscan --help

                       Clam AntiVirus Scanner 0.98.1
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

I hope this article gives you some ideas and essential guidance on how to install clamav ubuntu server 14.04 virtual private server (VPS) or dedicated server.

 

How to Hide Apache Information on Ubuntu VPS/Dedicated Web server

By default the sensitive server information such as of Apache version, modules, operating System was not hide from the HTTP Header. This information will be display when there is a request to it. Attackers can use those information when they performing attacks to your VPS webserver. This post will show you how to hide apache details on Ubuntu 14.04 VPS or dedicated server.

1. Modify security.conf :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf

Change “ServerTokens OS” to “ServerTokens Prod” then
Change “ServerSignature On” to “ServerSignature Off”

..
..
ServerTokens Prod
..
..

..
ServerSignature Off
..
..

2. After done the changes, restart the apache2 :

ehowstuff@ubuntu14:~$ sudo service apache2 restart
 * Restarting web server apache2                                                             [ OK ]

3. Perform the following command before change and after change the configuration :

ehowstuff@ubuntu14:~$ sudo curl -I http://192.168.0.114

The result should be as below :

Before :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:25:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

After hide should be like this :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:29:50 GMT
Server: Apache
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

Done!!

How to Install and Configure Apache2, PHP and MySQL 5.6 on Ubuntu 14.04

LAMP stack is a group of open source software that installed together to let you run a server to host dynamic websites. “L” stand for Linux, “A” stand for Apache (to host Web server), “M” stand for MySQL(to store database) and “P” stand for PHP(to process dynamic content). With the release of Ubuntu 14.04 on April 17 2014, i would share the steps to setup Apache2, PHP and MySQL on Ubuntu 14.04 in order to run a dynamic websites. This may useful for those who plan to run their websites on Virtual private server (VPS) or dedicated server.

1. Install Apache2, MySQL and PHP :

ehowstuff@ubuntu14:~$ sudo apt-get install apache2 php5 php5-cgi libapache2-mod-php5 php5-common php-pear mysql-server-5.6 -y

During this installation, you will require to set MySQL’s root password :
1

2

2. Backup the original Apache2 configuration file :

ehowstuff@ubuntu14:~$ sudo cp -p /etc/apache2/conf-enabled/security.conf /etc/apache2/conf-enabled/security.conf.bak

3. Open security.conf and modify the OS to become Prod. For security reason, Prod will tells apache to only return Apache in the Server header, returned on every page request.

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf
..
..
ServerTokens Prod
..
..
ServerSignature Off
..
..

4. Add file extension that can be access :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
        DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

5. Specify server name :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/apache2.conf
# Do NOT add a slash at the end of the directory path.
#
#ServerRoot "/etc/apache2"
ServerName ubuntu14.ehowstuff.local
#
# The accept se

6. Specify webmaster’s email :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/sites-enabled/000-default.conf

        ServerAdmin webmaster@ubuntu14.ehowstuff.local
        DocumentRoot /var/www/html

7. Restart web server apache2 :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]

8. Near line 220: add extension for PHP :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/mods-enabled/mime.conf
..
..
AddHandler php5-script .php
..
..

9. Comment and add your timezone :

ehowstuff@ubuntu14:~$ sudo vi /etc/php5/apache2/php.ini
..
..
date.timezone = "Asia/Kuala Lumpur"
..
..

After change php.ini, restart the apache :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]

10. Connect to MySQL :

ehowstuff@ubuntu14:~$ sudo mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.6.17-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

11. Show user info :

mysql> select user,host,password from mysql.user;
+------------------+-----------+-------------------------------------------+
| user             | host      | password                                  |
+------------------+-----------+-------------------------------------------+
| root             | localhost | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | ubuntu14  | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | 127.0.0.1 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root             | ::1       | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| debian-sys-maint | localhost | *9C063813F4CC3C2E09995B0D043C7375C5E5538A |
+------------------+-----------+-------------------------------------------+
5 rows in set (0.00 sec)

12. Show databases :

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.01 sec)

Done!!

How to Print Unique Lines from a File?

Question :
How to Print Unique Lines from a File?

Answer :
In order to specify what you want to find, sort the result, pipe thru uniq to removes similar consecutive lines, issue the following syntax from you shell or console.

grep -oP "anystring"  | sort | uniq -c
[root@centos6-05 ~]# grep --help
Usage: grep [OPTION]... PATTERN [FILE]...
Search for PATTERN in each FILE or standard input.
PATTERN is, by default, a basic regular expression (BRE).
Example: grep -i 'hello world' menu.h main.c

Regexp selection and interpretation:
  -E, --extended-regexp     PATTERN is an extended regular expression (ERE)
  -F, --fixed-strings       PATTERN is a set of newline-separated fixed strings
  -G, --basic-regexp        PATTERN is a basic regular expression (BRE)
  -P, --perl-regexp         PATTERN is a Perl regular expression
  -e, --regexp=PATTERN      use PATTERN for matching
  -f, --file=FILE           obtain PATTERN from FILE
  -i, --ignore-case         ignore case distinctions
  -w, --word-regexp         force PATTERN to match only whole words
  -x, --line-regexp         force PATTERN to match only whole lines
  -z, --null-data           a data line ends in 0 byte, not newline

Miscellaneous:
  -s, --no-messages         suppress error messages
  -v, --invert-match        select non-matching lines
  -V, --version             print version information and exit
      --help                display this help and exit
      --mmap                ignored for backwards compatibility

Output control:
  -m, --max-count=NUM       stop after NUM matches
  -b, --byte-offset         print the byte offset with output lines
  -n, --line-number         print line number with output lines
      --line-buffered       flush output on every line
  -H, --with-filename       print the filename for each match
  -h, --no-filename         suppress the prefixing filename on output
      --label=LABEL         print LABEL as filename for standard input
  -o, --only-matching       show only the part of a line matching PATTERN
  -q, --quiet, --silent     suppress all normal output
      --binary-files=TYPE   assume that binary files are TYPE;
                            TYPE is `binary', `text', or `without-match'
  -a, --text                equivalent to --binary-files=text
  -I                        equivalent to --binary-files=without-match
  -d, --directories=ACTION  how to handle directories;
                            ACTION is `read', `recurse', or `skip'
  -D, --devices=ACTION      how to handle devices, FIFOs and sockets;
                            ACTION is `read' or `skip'
  -R, -r, --recursive       equivalent to --directories=recurse
      --include=FILE_PATTERN  search only files that match FILE_PATTERN
      --exclude=FILE_PATTERN  skip files and directories matching FILE_PATTERN
      --exclude-from=FILE   skip files matching any file pattern from FILE
      --exclude-dir=PATTERN  directories that match PATTERN will be skipped.
  -L, --files-without-match  print only names of FILEs containing no match
  -l, --files-with-matches  print only names of FILEs containing matches
  -c, --count               print only a count of matching lines per FILE
  -T, --initial-tab         make tabs line up (if needed)
  -Z, --null                print 0 byte after FILE name

Context control:
  -B, --before-context=NUM  print NUM lines of leading context
  -A, --after-context=NUM   print NUM lines of trailing context
  -C, --context=NUM         print NUM lines of output context
  -NUM                      same as --context=NUM
      --color[=WHEN],
      --colour[=WHEN]       use markers to highlight the matching strings;
                            WHEN is `always', `never', or `auto'
  -U, --binary              do not strip CR characters at EOL (MSDOS)
  -u, --unix-byte-offsets   report offsets as if CRs were not there (MSDOS)

`egrep' means `grep -E'.  `fgrep' means `grep -F'.
Direct invocation as either `egrep' or `fgrep' is deprecated.
With no FILE, or when FILE is -, read standard input.  If less than two FILEs
are given, assume -h.  Exit status is 0 if any line was selected, 1 otherwise;
if any error occurs and -q was not given, the exit status is 2.

How to Disable and Remove AppArmor on Ubuntu 14.04

remove AppArmor on UbuntuAppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.

Steps to Disable and Remove AppArmor on Ubuntu

1. How to check AppArmor status :

ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
   /sbin/dhclient
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

2. Disable AppArmor and unload the kernel module by entering the following:

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

or

ehowstuff@ubuntu14:~$ sudo service apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

3. Remove AppArmor software :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y

Example :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
 * Clearing AppArmor profiles cache                                                          [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.

To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...

Note : this steps works on ubuntu 14.04 minimal installation without GUI.

How to Allow root to use SSH on Ubuntu 14.04

Ubuntu is Debian-based distributions that don’t allow logins by the root user by default, either locally or remotely via SSH. Previous post, i have discussed how to enable root login on Ubuntu 14.04 by issue the following command :

sudo passwd root

Above command not allow the root user to remotely use SSH connection by default. There are a few more steps need to perform in order to allow root to use SSH on Ubuntu 14.04. Kindly follow below steps :

1. Login using normal user and su to root. Edit /etc/ssh/sshd_config :

ehowstuff@ubuntu14:~$ su - root
Password:
root@ubuntu14:~# vi /etc/ssh/sshd_config

2. Comment out #PermitRootLogin without-password, add PermitRootLogin yes into the line :

# Authentication:
LoginGraceTime 120
#PermitRootLogin without-password
PermitRootLogin yes
StrictModes yes

3. Restart ssh service to take affect the changes :

root@ubuntu14:~# service sshd restart
ssh stop/waiting
ssh start/running, process 1499
root@ubuntu14:~#

4. That’s all.

How to Setup Open Source Puppet Server and Puppet Agent on Centos 6.5

Puppet is an open source IT automation software and configuration management tool for systems administrators that helping them to manage and operate infrastructure of Unix-like and Microsoft Windows systems. It will improve the efficiency because with puppet, we can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage the changes. This post will show how to setup Open Source Puppet Server and Puppet Agent on Centos 6.5.

Puppet Server : puppet-server.ehowstuff.local (192.168.0.5)
Puppet Agent : puppet-agent.ehowstuff.local (192.168.0.6)

A : Setting Up Puppet Server :

1. Set up Puppet Labs Repository :

[root@puppet-server ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
warning: /var/tmp/rpm-tmp.sPYqlZ: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:puppetlabs-release     ########################################### [100%]

2. Install Puppet Master :

[root@puppet-server ~]# yum install puppet-server -y

3. Start the Puppet-Server :

[root@puppet-server ~]# /etc/init.d/puppetmaster start
Starting puppetmaster:                                     [  OK  ]

4. Make Puppet-Server star at boot :

[root@puppet-server ~]# puppet resource service puppetmaster ensure=running enable=true

5. Install Apache and necessary dependencies :

[root@puppet-server ~]# yum install httpd httpd-devel mod_ssl openssl-devel gcc-c++ curl-devel zlib-devel make automake ruby-devel rubygems -y

6.Install Rack Passenger :

[root@puppet-server ~]# gem install rack passenger
Successfully installed rack-1.5.2
Building native extensions.  This could take a while...
Successfully installed rake-10.3.1
Successfully installed daemon_controller-1.2.0
Successfully installed passenger-4.0.41
4 gems installed
Installing ri documentation for rack-1.5.2...
Installing ri documentation for rake-10.3.1...
Installing ri documentation for daemon_controller-1.2.0...
Installing ri documentation for passenger-4.0.41...
Installing RDoc documentation for rack-1.5.2...
Installing RDoc documentation for rake-10.3.1...
Installing RDoc documentation for daemon_controller-1.2.0...
Installing RDoc documentation for passenger-4.0.41...
[root@puppet-server ~]# passenger-install-apache2-module

At the end of the installation you will get this message. So change your puppetmaster config file path correctly :

..
..
..
Almost there!

Please edit your Apache configuration file, and add these lines:

   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
   <ifmodule mod_passenger.c>
     PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41
     PassengerDefaultRuby /usr/bin/ruby
   </ifmodule>

After you restart Apache, you are ready to deploy any number of web
applications on Apache, with a minimum amount of configuration!

Press ENTER to continue.


--------------------------------------------

Deploying a web application: an example

Suppose you have a web application in /somewhere. Add a virtual host to your
Apache configuration file and set its DocumentRoot to /somewhere/public:

   <virtualhost *:80>
      ServerName www.yourhost.com
      # !!! Be sure to point DocumentRoot to 'public'!
      DocumentRoot /somewhere/public
      <directory /somewhere/public>
         # This relaxes Apache security settings.
         AllowOverride all
         # MultiViews must be turned off.
         Options -MultiViews
      </directory>
   </virtualhost>

And that's it! You may also want to check the Users Guide for security and
optimization tips, troubleshooting and other useful information:

  /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/doc/Users guide Apache.html
  http://www.modrails.com/documentation/Users%20guide%20Apache.html

Enjoy Phusion Passenger, a product of Phusion (www.phusion.nl) :-)
https://www.phusionpassenger.com

Phusion Passenger is a trademark of Hongli Lai & Ninh Bui.

7. Create the directory structure for Puppet Master Rack Application

[root@puppet-server ~]# mkdir -p /usr/share/puppet/rack/puppetmasterd
[root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/public
[root@puppet-server ~]# mkdir /usr/share/puppet/rack/puppetmasterd/tmp
[root@puppet-server ~]# cp /usr/share/puppet/ext/rack/config.ru /usr/share/puppet/rack/puppetmasterd/
[root@puppet-server ~]# chown puppet /usr/share/puppet/rack/puppetmasterd/config.ru

8. Create a virtual host file for puppet and configure Apache server. Please not that some of the parameter on previous version in not required anymore such as “PassengerUseGlobalQueue” and “RackAutoDetect”
:

[root@puppet-server ~]# vim /etc/httpd/conf.d/puppetmaster.conf

Add below config file :

LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-4.0.41/
PassengerRuby /usr/bin/ruby

# And the passenger performance tuning settings:
PassengerHighPerformance On
# Set this to about 1.5 times the number of CPU cores in your master:
PassengerMaxPoolSize 6
# Recycle master processes after they service 1000 requests
PassengerMaxRequests 1000
# Stop processes if they sit idle for 10 minutes
PassengerPoolIdleTime 600

Listen 8140
<virtualhost *:8140>
    SSLEngine On

    # Only allow high security cryptography. Alter if needed for compatibility.
    SSLProtocol             All -SSLv2
    SSLCipherSuite          HIGH:!ADH:RC4+RSA:-MEDIUM:-LOW:-EXP
    SSLCertificateFile      /var/lib/puppet/ssl/certs/puppet-server.ehowstuff.local.pem
    SSLCertificateKeyFile   /var/lib/puppet/ssl/private_keys/puppet-server.ehowstuff.local.pem
    SSLCertificateChainFile /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCACertificateFile    /var/lib/puppet/ssl/ca/ca_crt.pem
    SSLCARevocationFile     /var/lib/puppet/ssl/ca/ca_crl.pem
    SSLVerifyClient         optional
    SSLVerifyDepth          1
    SSLOptions              +StdEnvVars +ExportCertData

    # These request headers are used to pass the client certificate
    # authentication information on to the puppet master process
    RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
    RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e

    DocumentRoot /usr/share/puppet/rack/puppetmasterd/public/
    <directory /usr/share/puppet/rack/puppetmasterd></directory>
        Options None
        AllowOverride None
        Order Allow,Deny
        Allow from All
    
</virtualhost>

9. Start the Apache :

[root@puppet-server ~]# /etc/init.d/puppetmaster stop
[root@puppet-server ~]# /etc/init.d/httpd start

10. Disable WEBrick and enable Apache on boot. Ensure that any WEBrick puppet master process is stopped before starting the Apache service; only one can be bound to TCP port 8140.:

[root@puppet-server ~]# chkconfig puppetmaster off
[root@puppet-server ~]# chkconfig httpd on

11. Make sure the port is open and it’s listening:

[root@puppet-server ~]# netstat -ln | grep 8140
tcp        0      0 :::8140                     :::*                        LISTEN

12. Set the server to auto-sign certs :

[root@puppet-server ~]# vim /etc/puppet/puppet.conf

Add the following line under [main]

[main]
   server = centos6.5.ehowstuff.local

Add the following at the bottom :

[master]
   certname = puppet-server.ehowstuff.local
   autosign = true

13. List outstanding certificate requests :

[root@puppet-server ~]# puppet cert list --all
+ "puppet-server.ehowstuff.local" (SHA256) 14:2C:1F:98:EF:23:8E:A0:0E:A3:81:65:97:FE:15:5D:E0:28:36:74:3D:3B:EC:F5:1B:35:B2:C5:E3:CD:79:36 (alt names: "DNS:puppet-server.ehowstuff.local")

B : Setting Up Puppet Agent :

14. Login to puppet client. Set up Puppet Labs Repository :

[root@puppet-agent ~]# rpm -ivh https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
Retrieving https://yum.puppetlabs.com/el/6/products/x86_64/puppetlabs-release-6-10.noarch.rpm
warning: /var/tmp/rpm-tmp.i5Nzgn: Header V4 RSA/SHA1 Signature, key ID 4bd6ec30: NOKEY
Preparing...                ########################################### [100%]
   1:puppetlabs-release     ########################################### [100%]

15. Install the Puppet Client/Agent on Client node :

[root@puppet-agent ~]# yum install puppet -y

16. Edit your hosts on puppet agent :

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.0.6     puppet-agent.ehowstuff.local
192.168.0.5     puppet-server.ehowstuff.local

17. Edit /etc/puppet/puppet.conf and add the agent variables under [agent]:

[root@puppet-agent ~]# vim /etc/puppet/puppet.conf
    server = puppet-server.ehowstuff.local
    report = true
    pluginsync = true

18. Set puppet to run on boot :

[root@puppet-agent ~]# chkconfig puppet on
[root@puppet-agent ~]# puppet agent --daemonize

19. Test the client :

[root@puppet-agent ~]# puppet agent -t

20. Connect you to the server which will automatically sign the cert :

[root@puppet-agent ~]# puppet cert --sign puppet-server.ehowstuff.local

Done..

How to Install Webmin on Ubuntu 14.04

Ubuntu 14.04 LTS final just released on 17th April 2014. Ubuntu 14.04 includes 3.13.0-24.46 Ubuntu Linux kernel. In this article i will show how you can install Webmin on Ubuntu 14.04. Webmin is a free program that allow system administrators to perform system administration and configuration via web-based interface. It require less command line and recommended for those who are not familiar with Debian’s operating system as the Ubuntu builds on the foundations of Debian’s architecture and infrastructure.

1. Enabling APT repository for Webmin :

ehowstuff@ubuntu14:~$ sudo vi /etc/apt/sources.list
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

2. Download and install GPG key :

ehowstuff@ubuntu14:~$ sudo wget http://www.webmin.com/jcameron-key.asc
ehowstuff@ubuntu14:~$ sudo wget http://www.webmin.com/jcameron-key.asc
--2014-05-01 11:41:32--  http://www.webmin.com/jcameron-key.asc
Resolving www.webmin.com (www.webmin.com)... 216.34.181.97
Connecting to www.webmin.com (www.webmin.com)|216.34.181.97|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1320 (1.3K) [text/plain]
Saving to: âjcameron-key.ascâ

100%[==========================================================>] 1,320       --.-K/s   in 0.006s

2014-05-01 11:41:37 (208 KB/s) - âjcameron-key.ascâ saved [1320/1320]

Install the key :

ehowstuff@ubuntu14:~$ sudo apt-key add jcameron-key.asc
OK

3. Install webmin by issue this command :

ehowstuff@ubuntu14:~$ sudo apt-get update
ehowstuff@ubuntu14:~$ sudo apt-get install webmin

Full example :

ehowstuff@ubuntu14:~$ sudo apt-get install webmin
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
  apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl libnet-ssleay-perl
The following NEW packages will be installed:
  apt-show-versions libapt-pkg-perl libauthen-pam-perl libio-pty-perl libnet-ssleay-perl webmin
0 upgraded, 6 newly installed, 0 to remove and 9 not upgraded.
Need to get 22.2 MB of archives.
After this operation, 141 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty/main libnet-ssleay-perl amd64 1.58-1 [243 kB]
Get:2 http://download.webmin.com/download/repository/ sarge/contrib webmin all 1.680 [21.8 MB]
Get:3 http://us.archive.ubuntu.com/ubuntu/ trusty/universe libauthen-pam-perl amd64 0.16-2build3 [27.8 kB]
Get:4 http://us.archive.ubuntu.com/ubuntu/ trusty/main libio-pty-perl amd64 1:1.08-1build4 [36.9 kB]
Get:5 http://us.archive.ubuntu.com/ubuntu/ trusty/main libapt-pkg-perl amd64 0.1.29build1 [85.9 kB]
Get:6 http://us.archive.ubuntu.com/ubuntu/ trusty/universe apt-show-versions all 0.22.3 [33.9 kB]
Fetched 22.2 MB in 4min 17s (86.4 kB/s)
Selecting previously unselected package libnet-ssleay-perl.
(Reading database ... 60528 files and directories currently installed.)
Preparing to unpack .../libnet-ssleay-perl_1.58-1_amd64.deb ...
Unpacking libnet-ssleay-perl (1.58-1) ...
Selecting previously unselected package libauthen-pam-perl.
Preparing to unpack .../libauthen-pam-perl_0.16-2build3_amd64.deb ...
Unpacking libauthen-pam-perl (0.16-2build3) ...
Selecting previously unselected package libio-pty-perl.
Preparing to unpack .../libio-pty-perl_1%3a1.08-1build4_amd64.deb ...
Unpacking libio-pty-perl (1:1.08-1build4) ...
Selecting previously unselected package libapt-pkg-perl.
Preparing to unpack .../libapt-pkg-perl_0.1.29build1_amd64.deb ...
Unpacking libapt-pkg-perl (0.1.29build1) ...
Selecting previously unselected package apt-show-versions.
Preparing to unpack .../apt-show-versions_0.22.3_all.deb ...
Unpacking apt-show-versions (0.22.3) ...
Selecting previously unselected package webmin.
Preparing to unpack .../archives/webmin_1.680_all.deb ...
Unpacking webmin (1.680) ...
Processing triggers for man-db (2.6.7.1-1) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Setting up libnet-ssleay-perl (1.58-1) ...
Setting up libauthen-pam-perl (0.16-2build3) ...
Setting up libio-pty-perl (1:1.08-1build4) ...
Setting up libapt-pkg-perl (0.1.29build1) ...
Setting up apt-show-versions (0.22.3) ...
** initializing cache. This may take a while **
Setting up webmin (1.680) ...
Webmin install complete. You can now login to https://ubuntu14:10000/
as root with your root password, or as any user who can use sudo
to run commands as root.
Processing triggers for ureadahead (0.100.0-16) ...

4. Finished. Now access webmin by enter: http://serverip:10000/ at your browser.

Note : By default Ubuntu don’t allow logins by the root user. However, the user created at system installation time can use sudo to switch to root. Webmin will allow any user who has this sudo capability to login with full root privileges. If you plan to enable root Login on Ubuntu 14.04, kindly follow this steps on How to Enable Root Login on Ubuntu 14.04.

How to Fix _default_ VirtualHost overlap on port 80, the first has precedence

Question :
I running wordpress blog on apache web server on Virtual private server (VPS). I had the problem when i restarted the httpd service on my VPS. This error came after i setup multiple domain on my httpd config file, meaning i used more than one VirtualHost on httpd.conf :

[root@vps ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: [Thu May 01 00:01:03 2014] [warn] _default_ VirtualHost overlap on port 80, the first has precedence
                                                           [  OK  ]

Solution :

After a few hours troubleshooting and googling to internet, i managed to fix the issue. When we decide to run multiple domain in one web server or web hosting world called it shared hosting service, you need to configure name-based virtual hosts on your apache httpd service. NameVirtualhost is require to be included in httpd.conf file as below :

..
..
#
# Use name-based virtual hosting.
#
NameVirtualHost *:80
#
# NOTE: NameVirtualHost cannot be used without a port specifier
# (e.g. :80) if mod_ssl is being used, due to the nature of the
# SSL protocol.
#
..
..

Then restart the apache httpd. Issue resolved!