How to Disabled SELinux using Command Line on CentOS 6/RHEL 6

In this short article, I’ll show you an easy way to disable SELinux in RHEL or CentOS 6 6. You only need to run the following command line. After that, make sure you reboot your CentOS server for changes to take effect.

1. Verify the SELINUX setting before changes :

[root@centos66 ~]# sestatus
SELinux status:                 enforcing

Check the config file :

[root@centos66 ~]# cat /etc/sysconfig/selinux
..
..
SELINUX=enforcing
..
..

2. Issue the following command to changes the config file :

[root@centos66 ~]# sed -i 's/(^SELINUX=).*/SELINUX=disabled/' /etc/sysconfig/selinux

3. Verify the SELINUX status again :

[root@centos66 ~]# sestatus
SELinux status:                 disabled

Check the config file again :

[root@centos66 ~]# cat /etc/sysconfig/selinux

It will change the following, SELINUX=disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

4. Reboot the CentOS/RHEL server :

[root@centos66 ~]# reboot

2015 will be the year Linux takes over the enterprise (and other predictions)

The crystal ball has been vague and fuzzy for quite some time. Every pundit and voice has opined on what the upcoming year will mean to whatever topic it is they hold dear to their heart. In my case, we’re talking Linux and open source.

In previous years, I’d don the rose-colored glasses and make predictions that would shine a fantastic light over the Linux landscape and proclaim 20** will be the year of Linux on the _____ (name your platform). Many times, those predictions were wrong, and Linux would wind up grinding on in the background.

This coming year, however, there are some fairly bold predictions to be made, some of which are sure things. Read on and see if you agree.

Linux takes over big data

This should come as no surprise, considering the advancements Linux and open source has made over the previous few years. With the help of SuSE, Red Hat, and SAP Hana, Linux will hold powerful sway over big data in 2015. In-memory computing and live kernel patching will be the thing that catapults big data into realms of uptime and reliability never before known. SuSE will lead this charge like a warrior rushing into a battle it cannot possibly lose.

This rise of Linux in the world of big data will have serious trickle down over the rest of the business world. We already know how fond enterprise businesses are of Linux and big data. What we don’t know is how this relationship will alter the course of Linux with regards to the rest of the business world.

My prediction is that the success of Linux with big data will skyrocket the popularity of Linux throughout the business landscape. More contracts for SuSE and Red Hat will equate to more deployments of Linux servers that handle more tasks within the business world. This will especially apply to the cloud, where OpenStack should easily become an overwhelming leader.

As the end of 2015 draws to a close, Linux will continue its take over of more backend services, which may include the likes of collaboration servers, security, and much more.

Smart machines

Linux is already leading the trend for making homes and autos more intelligent. With improvements in the likes of Nest (which currently uses an embedded Linux), the open source platform is poised to take over your machines. Because 2015 should see a massive rise in smart machines, it goes without saying that Linux will be a huge part of that growth. I firmly believe more homes and businesses will take advantage of such smart controls, and that will lead to more innovations (all of which will be built on Linux).

One of the issues facing Nest, however, is that it was purchased by Google. What does this mean for the thermostat controller? Will Google continue using the Linux platform — or will it opt to scrap that in favor of Android? Of course, a switch would set the Nest platform back a bit.

The upcoming year will see Linux lead the rise in popularity of home automation. Wink, Iris, Q Station, Staples Connect, and more (similar) systems will help to bridge Linux and home users together.

The desktop

The big question, as always, is one that tends to hang over the heads of the Linux community like a dark cloud. That question is in relation to the desktop. Unfortunately, my predictions here aren’t nearly as positive. I believe that the year 2015 will remain quite stagnant for Linux on the desktop. That complacency will center around Ubuntu.

As much as I love Ubuntu (and the Unity desktop), this particular distribution will continue to drag the Linux desktop down. Why?

Convergence… or the lack thereof.

Canonical has been so headstrong about converging the desktop and mobile experience that they are neglecting the current state of the desktop. The last two releases of Ubuntu (one being an LTS release) have been stagnant (at best). The past year saw two of the most unexciting releases of Ubuntu that I can recall. The reason? Because the developers of Ubuntu are desperately trying to make Unity 8/Mir and the ubiquitous Ubuntu Phone a reality. The vaporware that is the Ubuntu Phone will continue on through 2015, and Unity 8/Mir may or may not be released.

When the new iteration of the Ubuntu Unity desktop is finally released, it will suffer a serious setback, because there will be so little hardware available to truly show it off. System76 will sell their outstanding Sable Touch, which will probably become the flagship system for Unity 8/Mir. As for the Ubuntu Phone? How many reports have you read that proclaimed “Ubuntu Phone will ship this year”?

I’m now going on the record to predict that the Ubuntu Phone will not ship in 2015. Why? Canonical created partnerships with two OEMs over a year ago. Those partnerships have yet to produce a single shippable product. The closest thing to a shippable product is the Meizu MX4 phone. The “Pro” version of that phone was supposed to have a formal launch of Sept 25. Like everything associated with the Ubuntu Phone, it didn’t happen.

Unless Canonical stops putting all of its eggs in one vaporware basket, desktop Linux will take a major hit in 2015. Ubuntu needs to release something major — something to make heads turn — otherwise, 2015 will be just another year where we all look back and think “we could have done something special.”

Outside of Ubuntu, I do believe there are some outside chances that Linux could still make some noise on the desktop. I think two distributions, in particular, will bring something rather special to the table:

  • Evolve OS — a ChromeOS-like Linux distribution
  • Quantum OS — a Linux distribution that uses Android’s Material Design specs

Both of these projects are quite exciting and offer unique, user-friendly takes on the Linux desktop. This is quickly become a necessity in a landscape being dragged down by out-of-date design standards (think the likes of Cinnamon, Mate, XFCE, LXCE — all desperately clinging to the past).

This is not to say that Linux on the desktop doesn’t have a chance in 2015. It does. In order to grasp the reins of that chance, it will have to move beyond the past and drop the anchors that prevent it from moving out to deeper, more viable waters.

Linux stands to make more waves in 2015 than it has in a very long time. From enterprise to home automation — the world could be the oyster that Linux uses as a springboard to the desktop and beyond.

What are your predictions for Linux and open source in 2015? Share your thoughts in the discussion thread below.

Click here for full Story

How to Fix “upstream timed out (110: Connection timed out) while reading response header from upstream” in NGINX

Problem :

I noticed there are the errors in NGINX when trying to update my WordPress post. In my case, NGINX service running as web service with php-fpm behind varnish proxy :

[root@vps ~]# tail -f /var/log/nginx/ehowstuff.com.error.log
2014/12/14 15:33:15 [error] 1040#0: *52134 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 127.0.0.1

Solution :

This is how i resolved my issue. I have added the following lines to /etc/nginx/nginx.conf

location ~ .php$ {
..
..
    fastcgi_send_timeout 150s;
    fastcgi_read_timeout 150s;
..
..
}

Then restart nginx service :

/etc/init.d/nginx restart

or

service nginx restart

Linux Continues to Grow in the Cloud Computing and Implementation of Enterprise Applications

The operating system of most famous open source is gaining ground in business particularly in cloud computing, according to a report from the Linux Foundation and Yeoman Technology Group.

The Linux Foundation has published a study called “2014 Enterprise End User Trends Report” that shows the steady growth of Linux in the market for large companies, especially in recent years driven by factors such as the growth of cloud computing, in addition to its known qualities in terms of safety, capacity deployment, costs or virtualization.

The study was carried out on large companies and government agencies with at least 500 employees or exceeding 500 million dollars in annual revenue show that in the last four years, the deployment of Linux systems has increased 14% while the windows has decreased by 9%.

Specifically, analysts found that enterprise server applications are being deployed at the expense of Windows and Unix in the past four years. Deploying Linux applications has increased during this period from 65% to 79%, while deploying Windows has fallen from 45% to 36%.

Linux drives business change to the cloud as it remains the top choice for the whole topic of cloud computing. The report found that 75 percent use it as main platform, compared with 24 percent using Windows and less than two percent using 2% using UNIX. Companies believe that Linux is superior in technical, safety and cost capacity. In fact, 78 percent of companies believe Linux is more secure than other operating systems.

In particular, private clouds are increasingly used by Linux environment. When it comes to adoption, 75% companies are using Linux for private clouds, 16% public clouds are using Linux and 25% use a mix of both private and public cloud.

Linux continues to grow year after year at the expense of other operating systems. Over 87% said they are planning to implement Linux servers this year, and 82% plan to add more in the next. In fact, the deployment on Linux has increased, while deploying Windows continues to fall. To date, more than half (51%) of large companies are running production systems in the cloud, and 39 percent are planning to increase their activities in cloud computing in the next 12 months, so it is likely the market share of Linux continues to increase thanks to solutions like KVM, Xen or the famous Linux Containers.

Linux Foundation also notes that one of the most stable trend in the growing use of Linux compared to other operating system is to support mission-critical workloads. This figure has increased dramatically, from 60% in 2011 to 72% this year.

This growth makes the need for trained personnel in Linux, which is the main concern of businesses. Some businesses are using hesitant to use Linux because of system (41%), surpassing aspects as fragmentation (32%), compatibility (29%) or availability of drivers (27%) issues.

Among the respondents are Morgan Stanley, Goldman Sachs, Bank of America, Bristol-Myers Squibb, NTT, Deutsche Bank, DreamWorks, ADP, NYSE, NASDAQ, Goodrich, MetLife and AIG. It is remarkable that the number of companies in the Fortune 500 list already rely on Linux to choose and support their most critical software.

Click here for full Story

How to Setup VsFTPD Service with SSL/TLS on Linux CentOS 7 / RHEL 7 / Oracle Linux 7

Setup VsFTPD service

If you have your own dedicated server or virtual private server (VPS) that run in linux operating system to host your website or blog, it is recommended to install and setup ftp Service in order to facilitate the transfer of files and update your website. Among the well-known FTP software is VsFTPD.

VsFTPD means “Very Secure FTP Daemon” is the free FTP for Linux and UNIX operating systems, which are very stable, fast and safe to use even if the server is in the internet.

Is ftp secure ?

Any server in the internet is vulnerable to intruders that may spying on data transfer and steal confidential information such as id and password if encryption is not configured.

In this article, I will share the basic steps to setup VsFTPD service with SSL/TLS encryption on CentOS 7, RHEL 7 and Oracle Linux 7 operating system.

Steps to Setup VsFTPD Service with SSL/TLS

1. Install and setup VsFTPD Service :

# yum install vsftpd -y

2. Add ftp user :

# useradd user1
# passwd user1
Changing password for user user1.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

3. Now Edit VsFTPd configuration file /etc/vsftpd/vsftpd.conf :

Enable the following :

..
..
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
# When SELinux is enforcing check for SE bool ftp_home_dir
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
..
..

Optionaly. you can customize the banner :

..
..
# You may fully customise the login banner string:
ftpd_banner=Welcome to ehowstuff FTP service.
..
..

4. Create ssl and private directory :

# mkdir -p /etc/vsftpd/ssl
# mkdir -p /etc/vsftpd/ssl/private/

5. Create a SSL certificate using on of following command :

# openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/private/vsftpd.key -out /etc/vsftpd/ssl/vsftpd.pem

You will be prompted with a series of question, which you answer as they appear :

Example :

# openssl req -x509 -nodes -days 720 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/private/vsftpd.key -out /etc/vsftpd/ssl/vsftpd.pem
Generating a 2048 bit RSA private key
......................+++
..........................+++
writing new private key to '/etc/vsftpd/ssl/private/vsftpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:MY
State or Province Name (full name) []:Malaysia
Locality Name (eg, city) [Default City]:Kuala Lumpur
Organization Name (eg, company) [Default Company Ltd]:ehowstuff
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:centos7
Email Address []:admin@ehowstuff.local

6. Assign the permission :

# chmod 400 /etc/vsftpd/ssl/vsftpd.pem
# chmod 400 /etc/vsftpd/ssl/private/vsftpd.key

7. Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf. Specify the location of our certificate and key files then add the following line at the bottom of vsftpd.conf :

..
..
# Add follows to the bottom
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/ssl/private/vsftpd.key

8. Stop and Start VsFTPD Service and make it auto start at boot :

# systemctl stop vsftpd
# systemctl start vsftpd
# systemctl enable vsftpd

9. Check VsFTPD status :

# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled)
   Active: active (running) since Sat 2014-12-13 10:31:30 MYT; 34s ago
  Process: 20864 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
 Main PID: 20865 (vsftpd)
   CGroup: /system.slice/vsftpd.service
           ââ20865 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

Dec 13 10:31:30 centos7.ehowstuff.local systemd[1]: Starting Vsftpd ftp daemon...
Dec 13 10:31:30 centos7.ehowstuff.local systemd[1]: Started Vsftpd ftp daemon.

10. From client PC, open filezilla and connect to your server and enter info, for encryption field, select “explicit FTP over TLS”.
vsftpd-centos7-1

Click the check box “Always trust certificate in the future sessions.” Then clik OK to proceed.
vsftpd-centos7-2

I hope this article gives you some ideas and essential guidance on how to setup VsFTPD service with SSL/TLS encryption on CentOS 7, RHEL 7 and Oracle Linux 7 operating system.

Resources :

How to Install Webmin on CentOS 7/RHEL 7/Oracle Linux 7

Webmin is a free software that is used by system administrators for system administration and configuration of the system where it is web based. Through Webmin, the system administrator can perform their daily tasks such as system administration and server administration through the graphical web-based interface where it is very easy to use while reducing errors. Webmin very suitable for beginners who do not know much about the unix or linux command line. For future reference, I will show how to install Webmin on CentOS 7/RHEL 7/Oracle Linux 7. Current Webmin version is 1.720.

Install Webmin on CentOS 7

Install Webmin on CentOS 7/RHEL 7/Oracle Linux 7

1. Enabling Yum repository for Webmin. Create the /etc/yum.repos.d/webmin.repo file containing :

[root@centos7 ~]# vi /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

2. Install my GPG key :

[root@centos7 ~]# rpm --import http://www.webmin.com/jcameron-key.asc

3. Run “yum install” command to install Webmin software and all required dependencies :

[root@centos7 ~]# yum install webmin -y

4. Start Webmin :

[root@centos7 ~]# /etc/init.d/webmin start

5. Webmin by default works on port 10000. Access your server on port 10000 using FQDN or IP.

http://192.168.0.x:10000/ or http://FQDN:10000/

Install Webmin on CentOS 7

 

Running mission-critical applications on Enterprise Linux servers

At the core of any organisation are important IT systems that are vital for continued successful operation. Mission-critical applications, such as ERP, CRM, business intelligence, data warehousing, and analytics, advance and support business in many fundamental ways. In the modern, global corporate landscape, it is almost certain that users will need to access these systems at any time of day, demanding around-the-clock, 24/7 availability. Any outage of mission-critical server infrastructure directly impacts revenue and profitability, so downtime must be avoided.

Mission-critical enterprise systems typically rely on expensive Unix or mainframe servers to fulfil high-availability and reliability requirements. Due in part to increasing budgetary constraints and initiatives promoting open standards, this situation has been changing recently. With a shift towards x86-based commodity server hardware, Intel has worked hard to develop reliability, availability, and serviceability (RAS) features in its Xeon processors, with recent hardware optimisations leading to better scalability and performance.

The Intel Xeon E7 processor family implements a powerful collection of RAS capabilities designed to minimize the frequency, cost, and duration of system downtime, which is vital for mission-critical services. Based on key concepts such as self-monitoring and self-healing, this technology enables servers to monitor key sub-systems for errors, and automatically repair known issues. Detecting and correcting problems (or isolating problems that cannot be immediately rectified) is important to maintain system integrity and protect mission-critical data. Support for multiple layers of system component redundancy and subsequent automated failover functionality ensures a higher level of availability. Servers powered by Intel Xeon E7 processors can take advantage of predictive failure analysis to identify problematic components before they fail, allowing them to be replaced during regular maintenance cycles, and ultimately minimising service costs.

Software support for hardware RAS features implemented by the Intel Xeon E7 processor family is included in the Linux operating system. With the largest subscription base in the industry, Red Hat Enterprise Linux has a proven track record of running mission-critical workloads, and can be deployed on either physical servers or in cloud environments. Red Hat’s Enterprise Linux High Availability Add-On offers failover clustering to further increase availability of mission-critical applications. The company also offers load balancing, a storage platform, and a scalable file system for improved system reliability.

To ensure the smooth operation of important business processes, mission-critical applications must run on highly reliable and available platforms. The emergence of Intel Xeon-powered commodity servers running Red Hat Enterprise Linux has provided a competitive alternative to traditional Unix systems for mission-critical tasks. This new approach to building infrastructure using standards-based hardware will allow organisations to re-architect their datacentre to become the foundation of next-generation private and hybrid cloud solutions.

Click here for full Story