How to Install and Configure 389 LDAP Directory Server on CentOS 6.5

Install and Configure 389 LDAPA directory server provides a centralized directory service for your organization. It is alternative to windows active directory. This post will describes how to install and configure 389 LDAP Directory Server with a basic Lightweight Directory Access Protocol (LDAP) directory implementation. 389 Directory Server was formerly known as the Fedora Directory Server and it is an enterprise-class open source LDAP. 389 Directory server has been developed by Red Hat, as part of Red Hat’s community-supported Fedora Project.

Steps to Install and Configure 389 LDAP Directory Server

TCP and Files system Tuning :
a) Decrease the time default value for tcp_keepalive_time connection. Edit the /etc/sysctl.conf file and add the following lines to the bottom of sysctl.conf ”

[root@ldap ~]# echo "net.ipv4.tcp_keepalive_time = 300" >> /etc/sysctl.conf
b) Increase number of local system ports available by editing this parameter in the /etc/sysctl.conf file :
[root@ldap ~]# echo "net.ipv4.ip_local_port_range = 1024 65000" >> /etc/sysctl.conf

c) Increase the file descriptors by running these commands:

[root@ldap ~]# echo "64000" > /proc/sys/fs/file-max
[root@ldap-05 ~]# echo "fs.file-max = 64000" >> /etc/sysctl.conf

d) Increase ulimit in /etc/profile :

[root@ldap ~]# echo "ulimit -n 8192" >> /etc/profile

389 Installation :

1. Prepare EPEL Repository on CentOS 6 :
How to Prepare EPEL Repository on CentOS 6

What packages and versions are available in EPEL?
You can take a look on any of the available EPEL mirrors from our mirror list

Alternately, you can browse the package set using repoview:

2. Configure hostname, FQDN and host file has been configured correctly :   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6     ldap.ehowstuff.local

3. Make sure selinux is disabled :
Disable SELinux on CentOS 6.5

4. Install the 389 Directory Server packages :

[root@ldap ~]# yum install 389-ds -y

5. Fix Error: command ‘getsebool httpd_can_connect_ldap’ failed – output [getsebool: SELinux is disabled :

[root@ldap ~]# mkdir ~/bin
[root@ldap ~]# vi ~/bin/getsebool
echo on
exit 0
[root@ldap ~]# vi ~/bin/setsebool
exit 0
[root@ldap ~]# chmod +x ~/bin/*sebool

6. Run setup script to start configure the ldap service :

[root@ldap ~]# PATH=~/bin:$PATH

This program will set up the 389 Directory and Administration Servers.

It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program

Would you like to continue with set up? [yes]:

Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production

389 Directory Server system tuning analysis version 23-FEBRUARY-2012.

NOTICE : System is x86_64-unknown-linux2.6.32-431.el6.x86_64 (1 processor).

Would you like to continue? [yes]:

Choose a setup type:

   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.

   2. Typical
       Allows you to specify common defaults and options.

   3. Custom
       Allows you to specify more advanced options. This is
       recommended for experienced server administrators only.

To accept the default shown in brackets, press the Enter key.

Choose a setup type [2]:

Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form

To accept the default shown in brackets, press the Enter key.

Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly.  If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:

Computer name [ldap.ehowstuff.local]:

WARNING: There are problems with the hostname.
Hostname 'ldap.ehowstuff.local' is valid, but none of the IP addresses
resolve back to ldap.ehowstuff.local
- address resolves to host centos6.5.ehowstuff.local

Please check the spelling of the hostname and/or your network configuration.
If you proceed with this hostname, you may encounter problems.

Do you want to proceed with hostname 'ldap.ehowstuff.local'? [no]: yes

The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.

If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.

System User [nobody]:
System Group [nobody]:

Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers.  If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server.  To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
.(e.g., the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL).  If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).

If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.

Do you want to register this software with an existing
configuration directory server? [no]:

Please enter the administrator ID for the configuration directory
server.  This is the ID typically used to log in to the console.  You
will also be prompted for the password.

Configuration directory server
administrator ID [admin]:
Password (confirm):

The information stored in the configuration directory server can be
separated into different Administration Domains.  If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.

If you are not using administrative domains, press Enter to select the
default.  Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.

Administration Domain [ehowstuff.local]:

The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.

Directory server network port [389]:

Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.

Directory server identifier [ldap]:

The suffix is the root of your directory tree.  The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.

Suffix [dc=ehowstuff, dc=local]:

Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user.  The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.

Directory Manager DN [cn=Directory Manager]:
Password (confirm):

The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is

Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.

Administration port [9830]:

The interactive phase is complete.  The script will now set up your
servers.  Enter No or go Back if you want to change something.

Are you ready to set up your servers? [yes]:
Creating directory server . . .
Warning: Hostname ldap.ehowstuff.local is valid, but none of the IP addresses
resolve back to ldap.ehowstuff.local
        address resolves to host centos6.5.ehowstuff.local
Your new DS instance 'ldap' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server reconfiguration . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin:
output:                                                    [  OK  ]
The admin server was successfully started.
Admin server was successfully reconfigured and started.
Exiting . . .
Log file is '/tmp/setupGwS8hs.log'

7. Start dirsrv and dirsrv-admin service :

[root@ldap ~]# /etc/init.d/dirsrv start
[root@ldap ~]# /etc/init.d/dirsrv-admin start

8. Make dirsrv and dirsrv-admin service auto start at boot :

[root@ldap ~]# chkconfig dirsrv on
[root@ldap ~]# chkconfig dirsrv-admin on

9. Configure Iptables to allow server listen on port 22, 389 and 9830 :

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Restart iptables to take effect the changes :

[root@ldap ~]# service iptables restart
iptables: Applying firewall rules: [ OK ]

10. Verify port listen by the server using netstat :

[root@ldap ~]# netstat -plunt | grep LISTEN
tcp 0 0* LISTEN 1083/rpcbind
tcp 0 0* LISTEN 1125/perl
tcp 0 0* LISTEN 1116/sshd
tcp 0 0* LISTEN 1508/httpd.worker
tcp 0 0* LISTEN 1126/php-fpm
tcp 0 0 :::8140 :::* LISTEN 1161/httpd
tcp 0 0 :::111 :::* LISTEN 1083/rpcbind
tcp 0 0 :::80 :::* LISTEN 1161/httpd
tcp 0 0 :::22 :::* LISTEN 1116/sshd
tcp 0 0 :::443 :::* LISTEN 1161/httpd
tcp 0 0 :::8443 :::* LISTEN 1161/httpd
tcp 0 0 :::389 :::* LISTEN 1391/./ns-slapd

11. Verify port listen by the server and opened by iptables firewall :

[root@ldap ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp --
ACCEPT all --
ACCEPT tcp -- state NEW tcp dpt:22
ACCEPT tcp -- state NEW tcp dpt:389
ACCEPT tcp -- state NEW tcp dpt:9830
REJECT all -- reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Linux Top 3: Raspberry Pi B+, CentOS 7 and RHEL 5.11

1) Raspberry Pi B+

Few devices have captured the imagination of amateur computer hobbyists like the Raspberry Pi have in recent year. The promise of a small device that is flexible and Linux powered to do anything that a developer can imagine is one that many people have embraced.

While the Linux piece of the Raspberry Pi is about software, hardware does matter and the hardware is now getting an update.

The new Raspberry Pi Model B+ is an improvement on the existing B model and uses the same BCM2835 application processor. One of the most noticeable difference on the new device is the integration of 4x USB 2.0 ports instead of only two. Overall power consumption has been reduced by nearly a 1 watt and the board is now a neater form factor as well. There is now also a Micro-SD card slot, replacing the previous SD card slot.

Raspberry Pi Founder Eben Upton wrote:

“In the two years since we launched the current Raspberry Pi Model B, we’ve often talked about our intention to do one more hardware revision to incorporate the numerous small improvements people have been asking for. This isn’t a “Raspberry Pi 2?, but rather the final evolution of the original Raspberry Pi.

2) CentOS 7

Barely a month after Red Hat Enterprise LInux 7 was released, CentoOS 7 became available last week. The speed with which CentOS 7 has been released is particularly noteworthy. When RHEL 6 debuted in November of 2011, the CentOS project was unable to put out their corresponding CentOS 6 release until nine months later in July of 2012.

CentOS 7 is also the first release from the CentOS community since it officially partnered with Red Hat in January of 2014.

3) RHEL 5.11

With RHEL 7 now generally available, Red Hat is gearing down its production releases of RHEL 5.  On July 9, Red Hat announced the final RHEL 5 beta.

“This release continues to provide system administrators with a secure, stable, and reliable platform for their organization’s enterprise applications,” Red Hat stated. “While primarily focused on improving security and stability, Red Hat Enterprise Linux 5.11 Beta provides additional enhancements to subscription management, debugging capabilities, and more.”

Click here for full Story

How to Install and use Glances – System Monitor In Ubuntu

There are various default system monitor tools in Ubuntu that come with basic functions. However, there is recommended powerful free monitoring called Glances – An eye on your system. Glances is the monitoring tools that used to monitor GNU/Linux or BSD operating system from a command line interface and it uses the library libstatgrab to retrieve information and it is written in Python. The steps on this post was tested on Ubuntu 14.04 linux.

1. How to install glances on Ubuntu :

ehowstuff@ubuntu14:~$ sudo apt-get install glances -y

2. To start glances simply type glances from command line :

ehowstuff@ubuntu14:~$ glances


There are a lot of information retrieved about the resources of your system such as CPU, Load, Memory, Swap Network, Disk I/O and Processes all in one page, by default the color code means:

GREEN : the statistic is “OK”
BLUE : the statistic is “CAREFUL” (to watch)
VIOLET : the statistic is “WARNING” (alert)
RED : the statistic is “CRITICAL” (critical)

3. By default, interval time is set to ’1‘ second. You can change the interval by issue the following command :

ehowstuff@ubuntu14:~$ glances -t 2

4. Once in the glaces monitoring screen, press h to find out more hot keys to gather output information while glances is running.

How to Reset Forgotten Root Password in Ubuntu 14.04

ubuntu 14.04 password reset

Sometimes it is necessary to get root access into the Ubuntu system. I was facing the issue when try to reset forgotten root password in Ubuntu 14.04 using recovery mode (Drop to root shell prompt). After done a few testing and do a research, i have found the working solution for it.

Steps to Reset Forgotten Root Password in Ubuntu 14.04

Give root password for maintenance (or type Control-D to continue)

1. First, make sure to choose the regular or default boot kernel that you always use, then press ‘e’.
reset ubuntu root password
2. Hit the down arrow key over to the “linux” option.
ubuntu root password
3. Remove the “ro” part with the backspace key, and then the following onto the end:

rw init=/bin/bash

Press Ctrl-X or F10 to boot.
ubuntu reset root password
4. Your system should able to boot up very quickly to a command prompt.
Reset Forgotten Root Password in Ubuntu
5. Use the following command to reset your password:


Once password has been set successfully, run sync command to write out data to the disk before rebooting.

reboot -f

Reset Forgotten Root Password in Ubuntu

Thats all. Now you should be able to login without any issues.

Red Hat Enterprise Linux Openstack 7 reaches general release

RED HAT HAS ANNOUNCED the release of Red Hat Enterprise Linux Openstack Platform 5 (RHELOP5).

The new version is the latest iteration of Openstack Icehouse, aimed at allowing service providers including telcos, ISPs and cloud providers to spin up Openstack powered clouds.

Introduced as a beta back in June, RHELOP5 will have a three-year lifecycle and support from over 250 Openstack partners.

VMware infrastructure is integrated for virtualisation management, storage and networking, with seamless integration from existing VMware vSphere resources to drive virtualised nodes, all controlled from the Openstack Dashboard.

RHELOP5 includes improved support for virtual machines with new cryptographic security using the para-virtualised random number generator introduced in Red Hat Enterprise Linux (RHEL7).

Also new is improved workload management across available cloud resources with server groups spread across the cloud, producing lower communication latency and improved performance.

Radhesh Balakrishnan, Red Hat GM of Virtualisation and Openstack, said, “We see momentum behind Openstack as a private cloud platform of choice from enterprise customers and service providers alike.

“Red Hat Enterprise Linux Openstack Platform 5 not only offers a production-ready, supported version of Openstack Icehouse, but it brings a number of features that will simplify its use, and enhance dependability for enterprise users.

“Alongside those new features, we’re extending our support lifecycle for Red Hat Enterprise Linux Openstack Platform, giving users confidence that the solution they deploy will be supported by our global team for the next three years.”

RHELOP5 for Red Hat Enterprise Linux 7 (RHEL7) is available now with support for RHEL6 to follow in the coming weeks.

Click here for full Story

How to Display MySQL root Password in Zimbra

In the situation we need to utilize the zimbra MySQL database server in order to host other databases, we may need to know what is the root password for MySQL. The following command will help you to find and display MySQL root password. These command has been tested on Zimbra 8.0.7 thas was running on CentOS 6.5 operating system.

To view system operating system :

[root@mail-server ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)

To view zimbra version :

[root@mail-server ~]# su - zimbra
[zimbra@mail-server ~]$ zmcontrol -v
Release 8.0.7_GA_6021.RHEL6_64_20140408123911 RHEL6_64 FOSS edition.

To view MySQL root password :

[root@mail-server ~]# su - zimbra
[zimbra@mail-server ~]$ zmlocalconfig -s | grep mysql_root_password
antispam_mysql_root_password =
mysql_root_password = ipXlRAJ7654321FDXHb4nMUFr9Uf

To display zimbra MySQL pasword :

[root@mail-server ~]# su - zimbra
[zimbra@mail-server ~]$ zmlocalconfig -s | grep mysql | grep password
antispam_mysql_password =
antispam_mysql_root_password =
mysql_root_password = ipXlRAJ7654321FDXHb4nMUFr9Uf
zimbra_mysql_password = c7dr5Tj7654321qcHCP6qJMVRVw

To view more options and help :

[root@mail-server ~]# su - zimbra
[zimbra@mail-server ~]$ zmlocalconfig --help
usage: zmlocalconfig [options] [args]
where [options] are:
 -c,--config    File in which configuration is stored.
 -d,--default        Show default values for keys listed in [args].
 -e,--edit           Edit configuration file, changing keys and values
                     specified. [args] is in key=value form.
 -f,--force          Allow editing of keys whose change is known to be
                     potentially dangerous.
 -h,--help           Show this usage information.
 -i,--info           Show documentation for keys listed in [args].
 -l,--reload         Send a SOAP request to the server to reload its local
 -m,--format    Show values in one of these formats: plain (default),
                     xml, shell, export, nokey.
 -n,--changed        Show values for only those keys listed in [args] that
                     have been changed from their defaults.
 -p,--path           Show which configuration file will be used.
 -q,--quiet          Suppress logging.
 -r,--random         Used with the edit option, sets specified key to
                     random password string
 -s,--show           Force display of password strings.
 -u,--unset          Remove a configuration key.  If this is a key with
                     compiled in defaults, set its value to the empty
 -x,--expand         Expand values.

How to Backup and Restore Email in Zimbra

This post will describes the quick steps how you can perform backup and restore in zimbra email server. Assumed that the domain ehowstuff.local have one user with the email id user@ehowstuff.local. Email administrator was requested to perform backup and restore without login to user, meaning the backup and restore task should be perform via command line using zmmailbox command. Kindly refer to below steps :

1. Make sure you have root access to zimbra email system and the backup destination should be writable by zimbra user. Create /backup and assign permission to zimbra user and group :

[root@mail-server ~]# mkdir /backup
[root@mail-server ~]# chown -R zimbra:zimbra /backup

2. As a zimbra user, issue the following command to backup the user mailbox :

[root@mail-server~]# su - zimbra
[zimbra@mail-server ~]$ zmmailbox -z -m user1@ehowstuff.local getRestURL "//?fmt=tgz" > /backup/user1@ehowstuff.local.tar.gz

3. As a zimbra user, issue the following command to restore the user mailbox :

[root@mail-server~]# su - zimbra
[zimbra@mail-server ~]$ zmmailbox -z -m user1@ehowstuff.local postRestURL "//?fmt=tgz" > /backup/user1@ehowstuff.local.tar.gz

Note : Please note that this will backup mailbox content only without user preferences.

How to Check gcc Version on Ubuntu

Question :
How to check gcc version on my Ubuntu ?

Answer :

gcc – GNU project C and C++ compiler. There are a few options to obtain GCC version in Ubuntu.

Option 1
Issue command “gcc –version
Example :

ehowstuff@ubuntu14:~$ gcc --version
gcc (Ubuntu 4.8.2-19ubuntu1) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO

Option 2
Issue command “gcc -v
Example :

ehowstuff@ubuntu14:~$ gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.8.2-19ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-libmudflap --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)

Option 3
Issue command “aptitude show gcc
Example :

ehowstuff@ubuntu14:~$ aptitude show gcc
Package: gcc
State: installed
Automatically installed: yes
Version: 4:4.8.2-1ubuntu6
Priority: optional
Section: devel
Maintainer: Ubuntu Developers 
Architecture: amd64
Uncompressed Size: 42.0 k
Depends: cpp (>= 4:4.8.2-1ubuntu6), gcc-4.8 (>= 4.8.2-5~)
Recommends: libc6-dev | libc-dev
Suggests: gcc-multilib, make, manpages-dev, autoconf, automake1.9, libtool, flex, bison, gdb,
Conflicts: gcc-doc (< 1:2.95.3), gcc-doc (< 1:2.95.3), gcc
Provides: c-compiler
Description: GNU C compiler
 This is the GNU C compiler, a fairly portable optimizing compiler for C.

 This is a dependency package providing the default GNU C compiler.

How to Install and Configure NTP Server on Ubuntu 14.04

The Network Time Protocol (NTP) is used to synchronize between computer systems over the network. Time synchronization is very crucial to determine when events happened to computers system or server systems. NTP will be very useful when we want to implement replication between servers. NTP uses 123/UDP protocol. Please make sure UDP port from each client to NTP has been opened. This article will describe how to install and configure NTP server on Ubuntu 14.04 server.

1. Install ntp service :

ehowstuff@ubuntu14:~$ sudo apt-get install ntp -y

2. Configure NTP service :

ehowstuff@ubuntu14:~$ sudo vi /etc/ntp.conf

For Malaysia, add the following NTP servers :


3. Once configuration file updated, restart ntp to take affect :

ehowstuff@ubuntu14:~$ sudo service ntp restart
 * Stopping NTP server ntpd                                                                  [ OK ]
 * Starting NTP server ntpd                                                                  [ OK ]

4. Verify that NTP service is synchronizing to remote NTP servers :

ehowstuff@ubuntu14:~$ sudo ntpq -p

Example :

ehowstuff@ubuntu14:~$ sudo ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
 balthasar.gimas    3 u    1   64    1  146.094  -10.741   0.000  .INIT.          16 u    -   64    0    0.000    0.000   0.000    .INIT.          16 u    -   64    0    0.000    0.000   0.000
 202-65-114-202. .INIT.          16 u    -   64    0    0.000    0.000   0.000
 europium.canoni .INIT.          16 u    -   64    0    0.000    0.000   0.000

5. Configure NTP for Client :

How to Setup Squid Proxy in Ubuntu Server 14.04

How to Setup Squid Proxy in UbuntuSquid is a proxy server that provide cache services to the clients. It redirects client requests from web browsers to the proxy server and delivers the client’s requests and keeps a copy of them in the proxy hard disk cache. This will speeding up internet access especially for frequently-used files and reduces internet bandwidth. Squid program does not requires intensive CPU usage. To increase efficiency, i would recommend to buy faster disks or add more memory into the squid proxy server. This post describes basic steps on how to Setup Squid Proxy in Ubuntu Server 14.04.

How to Setup Squid Proxy in Ubuntu



How to Setup Squid Proxy in Ubuntu

1. Install Squid 3 :

ehowstuff@ubuntu14:~$ sudo apt-get install squid3 -y

2. Configure common setting :

ehowstuff@ubuntu14:~$ sudo vi /etc/squid3/squid.conf

Around line 919, define allowed LAN segment :

acl lan_ehowstuff src

Around line 1058, allow defined LAN :

http_access allow lan_ehowstuff

Listen on port 3128 :

# Squid normally listens to port 3128
http_port 3128

Save the configuration

3. Configure Squid Proxy Authentication using digest authentication scheme :

a. Install the program ‘htdigest’ :

ehowstuff@ubuntu14:~$ sudo apt-get install apache2-utils -y

b. Setting up user :

sudo htdigest -c /etc/squid3/passwords realm_name user_name

Example :

ehowstuff@ubuntu14:~$ sudo htdigest -c /etc/squid3/passwords proxy proxyuser1
Adding password for proxyuser1 in realm proxy.
New password:
Re-type new password:

c. At line 335-337, add digest squid authentication configuration. Please note that the file digest_pw_auth has been renamed to digest_file_auth in ubuntu 14.04. By default, the digest authentication scheme is not used unless the program is specified.

auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
auth_param digest realm proxy
acl authenticated_ehowstuff proxy_auth REQUIRED
http_access allow authenticated_ehowstuff

4. Restart the Squid to take affect the new configuration :

ehowstuff@ubuntu14:~$ sudo initctl restart squid3
squid3 start/running, process 2185


ehowstuff@ubuntu14:~$ sudo service squid3 restart

5. Verify port 3128 are listening :

ehowstuff@ubuntu14:~$ sudo netstat -plunt | grep 3128
tcp6       0      0 :::3128                 :::*                    LISTEN      2185/squid3

6. Configure at client browser :
How to Setup Squid Proxy in Ubuntu

7. Everytime you open the browser, proxy authentication box will be prompted :
How to Setup Squid Proxy in Ubuntu

8. Monitor the access log from proxy server. You can see proxyuser1 as authenticated user :

ehowstuff@ubuntu14:~$ sudo tail -f /var/log/squid3/access.log
RECT/ text/html
1409354804.372   1073 TCP_MISS/200 776 GET proxyuser1 HIER_DIRECT/ text/xml
1409354842.754    963 TCP_MISS/200 2285 POST proxyuser1 HIER_DIRECT/ application/ocsp-response
1409354843.234   1489 TCP_MISS/200 915 POST proxyuser1 HIER_DIRECT/ application/ocsp-response
1409354843.454   1549 TCP_MISS/200 2285 POST proxyuser1 HIER_DIRECT/ application/ocsp-response
1409354848.074   3249 TCP_MISS_ABORTED/000 0 POST proxyuser1 HIER_NONE/- -
1409354848.877   3248 TCP_MISS_ABORTED/000 0 POST proxyuser1 HIER_DIRECT/ -
1409354853.997   1120 TCP_MISS/200 794 GET;_ylu=X3oDMTQ0aHJqM2NuBGNjb2RlA2hvbWVydW4yBGNwb3MDMARnAzAyMTMtMGExNGQ5Zjc1NWZkZGUyYTY5M2E0ZmViNzE0MDUwOTctMDAxNARpbnRsA215BHBrZ3QDNARwb3MDMgRzZWMDdGQtb2ZsLWIEc2xrA3RpdGxlBHRlc3QDNjg0BHdvZQM5MTc5OTMzMg--/RV=1/RE=1410564437/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly9teS5zcG9ydHMueWFob28uY29tL2ZhbnRhc3kvc29jY2VyL3ByZW1pZXItbGVhZ3Vl/RS=%5EADA7H0JFo.Ud2RQRqK4zKbm5QoTGVg- proxyuser1 HIER_DIRECT/ text/html
1409354854.482    280 TCP_MISS/200 446 GET proxyuser1 HIER_DIRECT/ text/html
1409354854.750    549 TCP_MISS/200 4214 GET proxyuser1 HIER_DIRECT/ text/xml

I hope that above guidelines on how to Setup Squid Proxy in Ubuntu Server will help system administrator to start installing their own proxy server.

CoreOS Announces Managed Linux, World’s First “OS-as-a-Service”

CoreOS, the lightweight Linux distribution optimized for massive server deployments, on Monday introduced a new service called Managed Linux that its developers describe as the world’s first OS-as-a-Service.

The announcement of the monthly subscription service comes on the heels of Series A funding in which the commercial entity that distributes CoreOS raised $8.5 million from Kleiner Perkins Caufield & Byers, Sequoia Capital and Fuel Capital.

“The big announcement today is we are offering some of our first commercial products beyond CoreOS,” Alex Polvi, CoreOS chief executive and co-founder, told CRN.

[Related: Google Offers CoreOS On Compute Engine Cloud]

Managed Linux is a monthly subscription service that offers updates and patches to CoreOS servers, often running as large clusters, through a tool called FastPatch. Subscribers also get CoreUpdate, a control panel and set of APIs for managing those rolling updates themselves.

CoreOS also integrates Docker 1.0, a popular package for deploying and managing the Linux containers that isolate applications.

“The novel thing about how we are delivering this is that it’s very much like Software-as-a-Service,” Polvi said.

“You get that rolling stream of continuous updates and patches. You’re always running the latest version,” he told CRN.

Managed Linux eliminates the inconvenience, common with other Linux distributions, of performing migrations when new versions of the OS are released, according to Polvi.

While CoreOS is an open-source operating system, the paid service will benefit enterprises that want to hire a company that will be accountable for the process of ensuring they are running the most stable and secure version, he said.

“The technology behind CoreOS is game-changing,” Mike Abbott, a partner at Kleiner Perkins Caufield & Byers, said in a statement.

“CoreOS is solving infrastructure problems that have plagued the space for years with an operating system that not only automatically updates and patches servers with the latest software, but also provides less downtime, furthering the security and resilience of Internet architecture,” Abbott said.

Managed Linux is available for CoreOS deployments on multiple platforms. The operating system works exactly the same on bare metal servers as it does when hosted on several public clouds, including Amazon, Google and Rackspace.

Polvi said CoreOS is probably most utilized by companies running big deployments on their own on-premises hardware, the typical customers buying Linux subscriptions today.

Because CoreOS is a relatively new project, it’s still distributing through a direct channel. However, that is expected to change down the road, according to Polvi.
“We’re just getting rolling with system integrators. Haven’t fired up a whole channel program yet, but I think it’s inevitable,” he told CRN.
Polvi believes CoreOS, aided by innovative technologies like Docker, is a leader in the larger trend toward warehouse-scale computing, a concept laid out a few years back in an influential research paper from Google.
The theory goes that datacenters will come to behave as individual computers, with massive clusters of servers connected by high-speed networks working in concert to fulfill the computing requirements of the future.

Click here for full Story

How to Install and Configure ProFTPD FTP Server on Ubuntu 14.04

ProFTPD (short for Pro FTP daemon) is a popular open-source FTP server. It’s an alternative to vsftpd. For those who run virtual private server (VPS) or dedicated server to host your blog or website, I would recommend you to install FTP service, it will be easy for you to upload and retrieved any files to the server. This post describes the steps to install and configure ProFTPD FTP Server on Ubuntu 14.04.

1. Install ProFTPD :

ehowstuff@ubuntu14:~$ sudo apt-get install proftpd -y

2. Open proftpd configuration file and make a few changes :

ehowstuff@ubuntu14:~$ sudo vi /etc/proftpd/proftpd.conf

a. Turn off if not needed

UseIPv6                         off

b. Change the hostname

ServerName                      "Ubuntu14.ehowstuff.local"

c. Specify root directory for chroot by uncomment this line. This will limit users to their home directory only :

DefaultRoot                     ~

Full example :

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off
# If set on you can experience a longer connection delay in many cases.
IdentLookups                    off

ServerName                      "Ubuntu14.ehowstuff.local"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-l"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
DefaultRoot                     ~


3. Add any users that you disallowed to use FTP connection. Remove root if you want to allow root :

ehowstuff@ubuntu14:~$ sudo vi /etc/ftpusers

By default below users are disallowed FTP access :

# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).


4. Restart ProFTPD :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/proftpd restart
 * Stopping ftp server proftpd                                                               [ OK ]
 * Starting ftp server proftpd                                                               [ OK ]

5. Test FTP connection using FTP client.

or you can access FTP server via command line :

Connected to
220 ProFTPD 1.3.5rc3 Server (Ubuntu14.ehowstuff.local) []
User ( ehowstuff
331 Password required for ehowstuff
230 User ehowstuff logged in
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
226 Transfer complete
ftp: 132 bytes received in 0.02Seconds 8.25Kbytes/sec.

Thats all.