How to Install Zimbra 8.6.0 on RHEL 7/CentOS 7

Zimbra 8.6.0 brings new features, improvements in Mail server and better web clients experience. Some that caught my attention was local lmtp client can communicate over ssl for mail server, better organization of shared folders for web client and the calendar now can run search on description for location or resources. You can get detailed information on this Release Notes. In this article, I will explain step by step how to install Zimbra 8.6.0 on RHEL 7 or CentOS 7. Starting with ZCS8.5 and later, there is now a DNS caching service available for installation. However, i have excluded zimbra-dnscache in the installation steps.

Prerequisites :
Prepare for Zimbra 8 Installation Prerequisites on RHEL 7/CentOS 7

1. Log in as root to the server and download Zimbra Zimbra Open Source Edition 8.6.0 using the command wget. Before that, please make sure your Zimbra server can access the internet :

wget https://files.zimbra.com/downloads/8.6.0_GA/zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

2. Extract the downloaded tar file :

tar xzf zcs-8.6.0_GA_1153.RHEL7_64.20141215151110.tgz

3. cd to the directory where the extracted ZCS Open Source Edition :

cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110

4. Start the installation with the following command :

./install.sh --platform-override

Full installation steps :

./install.sh --platform-override

Operations logged to /tmp/install.log.14668
Checking for existing installation...
    zimbra-ldap...NOT FOUND
    zimbra-logger...NOT FOUND
    zimbra-mta...NOT FOUND
    zimbra-dnscache...NOT FOUND
    zimbra-snmp...NOT FOUND
    zimbra-store...NOT FOUND
    zimbra-apache...NOT FOUND
    zimbra-spell...NOT FOUND
    zimbra-convertd...NOT FOUND
    zimbra-memcached...NOT FOUND
    zimbra-proxy...NOT FOUND
    zimbra-archiving...NOT FOUND
    zimbra-core...NOT FOUND


PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.
ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.

License Terms for the Zimbra Collaboration Suite:
  http://www.zimbra.com/license/zimbra-public-eula-2-5.html



Do you agree with the terms of the software license agreement? [N] y



Checking for prerequisites...
     FOUND: NPTL
     FOUND: nmap-ncat-6.40-4
     FOUND: sudo-1.8.6p7-11
     FOUND: libidn-1.28-3
     FOUND: gmp-5.1.1-5
     FOUND: libaio-0.3.109-12
     FOUND: libstdc++-4.8.2-16.2
     FOUND: unzip-6.0-13
     FOUND: perl-core-5.16.3-283

Checking for suggested prerequisites...
     FOUND: perl-5.16.3
     FOUND: sysstat
     FOUND: sqlite
Prerequisite check complete.

Checking for installable packages

Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy


Select the packages to install

Install zimbra-ldap [Y]

Install zimbra-logger [Y]

Install zimbra-mta [Y]

Install zimbra-dnscache [Y] N

Install zimbra-snmp [Y]

Install zimbra-store [Y]

Install zimbra-apache [Y]

Install zimbra-spell [Y]

Install zimbra-memcached [Y]

Install zimbra-proxy [Y]
Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.

Installing:
    zimbra-core
    zimbra-ldap
    zimbra-logger
    zimbra-mta
    zimbra-snmp
    zimbra-store
    zimbra-apache
    zimbra-spell
    zimbra-memcached
    zimbra-proxy

The system will be modified.  Continue? [N] Y

Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.

Finished removing Zimbra Collaboration Server.

Installing packages

    zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
    zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_64.rpm...done
Operations logged to /tmp/zmsetup01032015-084819.log
Installing LDAP configuration database...done.
Setting defaults...No results returned for A lookup of centos7.ehowstuff.local
Checked nameservers:
        192.168.0.70
No results returned for AAAA lookup of centos7.ehowstuff.local
Checked nameservers:
        192.168.0.70


DNS ERROR resolving centos7.ehowstuff.local
It is suggested that the hostname be resolvable via DNS
Change hostname [Yes]
Please enter the logical hostname for this host [centos7.ehowstuff.local] mail.example.com
No results returned for A lookup of mail.example.com
Checked nameservers:
        192.168.0.70


DNS ERROR resolving mail.example.com
It is suggested that the hostname be resolvable via DNS
Re-Enter hostname [Yes]
Please enter the logical hostname for this host [centos7.ehowstuff.local] mail.example.local


DNS ERROR resolving MX for mail.example.local
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [mail.example.local] example.local
        MX: mail.example.local (192.168.0.70)

        Interface: 127.0.0.1
        Interface: ::1
        Interface: 192.168.0.70
done.
Checking for port conflicts

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-logger:                           Enabled
   4) zimbra-mta:                              Enabled
   5) zimbra-snmp:                             Enabled
   6) zimbra-store:                            Enabled
        +Create Admin User:                    yes
        +Admin user to create:                 admin@example.local
******* +Admin Password                        UNSET
        +Anti-virus quarantine user:           virus-quarantine.fsbv7fj6r0@example.local
        +Enable automated spam training:       yes
        +Spam training user:                   spam.7xlmrmrh3@example.local
        +Non-spam(Ham) training user:          ham.rt_1on1o@example.local
        +SMTP host:                            mail.example.local
        +Web server HTTP port:                 8080
        +Web server HTTPS port:                8443
        +Web server mode:                      https
        +IMAP server port:                     7143
        +IMAP server SSL port:                 7993
        +POP server port:                      7110
        +POP server SSL port:                  7995
        +Use spell check server:               yes
        +Spell server URL:                     http://mail.example.local:7780/aspell.php
        +Enable version update checks:         TRUE
        +Enable version update notifications:  TRUE
        +Version update notification email:    admin@centos7.ehowstuff.local
        +Version update source email:          admin@centos7.ehowstuff.local
        +Install mailstore (service webapp):   yes
        +Install UI (zimbra,zimbraAdmin webapps): yes

   7) zimbra-spell:                            Enabled
   8) zimbra-proxy:                            Enabled
   9) Enable VMware HA:                        no
  10) Default Class of Service Configuration:
   s) Save config to file
   x) Expand menu
   q) Quit

Address unconfigured (**) items  (? - help) 6


Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       yes
   3) Admin user to create:                    admin@example.local
** 4) Admin Password                           UNSET
   5) Anti-virus quarantine user:              virus-quarantine.fsbv7fj6r0@example.local
   6) Enable automated spam training:          yes
   7) Spam training user:                      spam.7xlmrmrh3@example.local
   8) Non-spam(Ham) training user:             ham.rt_1on1o@example.local
   9) SMTP host:                               mail.example.local
  10) Web server HTTP port:                    8080
  11) Web server HTTPS port:                   8443
  12) Web server mode:                         https
  13) IMAP server port:                        7143
  14) IMAP server SSL port:                    7993
  15) POP server port:                         7110
  16) POP server SSL port:                     7995
  17) Use spell check server:                  yes
  18) Spell server URL:                        http://mail.example.local:7780/aspell.php
  19) Enable version update checks:            TRUE
  20) Enable version update notifications:     TRUE
  21) Version update notification email:       admin@centos7.ehowstuff.local
  22) Version update source email:             admin@centos7.ehowstuff.local
  23) Install mailstore (service webapp):      yes
  24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 4

Password for admin@example.local (min 6 characters): [SBmeBXtA] password

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       yes
   3) Admin user to create:                    admin@example.local
   4) Admin Password                           set
   5) Anti-virus quarantine user:              virus-quarantine.fsbv7fj6r0@example.local
   6) Enable automated spam training:          yes
   7) Spam training user:                      spam.7xlmrmrh3@example.local
   8) Non-spam(Ham) training user:             ham.rt_1on1o@example.local
   9) SMTP host:                               mail.example.local
  10) Web server HTTP port:                    8080
  11) Web server HTTPS port:                   8443
  12) Web server mode:                         https
  13) IMAP server port:                        7143
  14) IMAP server SSL port:                    7993
  15) POP server port:                         7110
  16) POP server SSL port:                     7995
  17) Use spell check server:                  yes
  18) Spell server URL:                        http://mail.example.local:7780/aspell.php
  19) Enable version update checks:            TRUE
  20) Enable version update notifications:     TRUE
  21) Version update notification email:       admin@centos7.ehowstuff.local
  22) Version update source email:             admin@centos7.ehowstuff.local
  23) Install mailstore (service webapp):      yes
  24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 21

Version update destination address: [admin@centos7.ehowstuff.local] admin@example.local

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       yes
   3) Admin user to create:                    admin@example.local
   4) Admin Password                           set
   5) Anti-virus quarantine user:              virus-quarantine.fsbv7fj6r0@example.local
   6) Enable automated spam training:          yes
   7) Spam training user:                      spam.7xlmrmrh3@example.local
   8) Non-spam(Ham) training user:             ham.rt_1on1o@example.local
   9) SMTP host:                               mail.example.local
  10) Web server HTTP port:                    8080
  11) Web server HTTPS port:                   8443
  12) Web server mode:                         https
  13) IMAP server port:                        7143
  14) IMAP server SSL port:                    7993
  15) POP server port:                         7110
  16) POP server SSL port:                     7995
  17) Use spell check server:                  yes
  18) Spell server URL:                        http://mail.example.local:7780/aspell.php
  19) Enable version update checks:            TRUE
  20) Enable version update notifications:     TRUE
  21) Version update notification email:       admin@example.local
  22) Version update source email:             admin@centos7.ehowstuff.local
  23) Install mailstore (service webapp):      yes
  24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] 22

Version update source address: [admin@centos7.ehowstuff.local] admin@example.local

Store configuration

   1) Status:                                  Enabled
   2) Create Admin User:                       yes
   3) Admin user to create:                    admin@example.local
   4) Admin Password                           set
   5) Anti-virus quarantine user:              virus-quarantine.fsbv7fj6r0@example.local
   6) Enable automated spam training:          yes
   7) Spam training user:                      spam.7xlmrmrh3@example.local
   8) Non-spam(Ham) training user:             ham.rt_1on1o@example.local
   9) SMTP host:                               mail.example.local
  10) Web server HTTP port:                    8080
  11) Web server HTTPS port:                   8443
  12) Web server mode:                         https
  13) IMAP server port:                        7143
  14) IMAP server SSL port:                    7993
  15) POP server port:                         7110
  16) POP server SSL port:                     7995
  17) Use spell check server:                  yes
  18) Spell server URL:                        http://mail.example.local:7780/aspell.php
  19) Enable version update checks:            TRUE
  20) Enable version update notifications:     TRUE
  21) Version update notification email:       admin@example.local
  22) Version update source email:             admin@example.local
  23) Install mailstore (service webapp):      yes
  24) Install UI (zimbra,zimbraAdmin webapps): yes

Select, or 'r' for previous menu [r] r

Main menu

   1) Common Configuration:
   2) zimbra-ldap:                             Enabled
   3) zimbra-logger:                           Enabled
   4) zimbra-mta:                              Enabled
   5) zimbra-snmp:                             Enabled
   6) zimbra-store:                            Enabled
   7) zimbra-spell:                            Enabled
   8) zimbra-proxy:                            Enabled
   9) Enable VMware HA:                        no
  10) Default Class of Service Configuration:
   s) Save config to file
   x) Expand menu
   q) Quit

*** CONFIGURATION COMPLETE - press 'a' to apply
Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes]
Save config in file: [/opt/zimbra/config.23920]
Saving config in /opt/zimbra/config.23920...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup01032015-084819.log
Setting local config values...done.
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher  password...done.
Creating server entry for mail.example.local...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.example.local...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.example.local...done.
Adding mail.example.local to zimbraMailHostPool in default COS...done.
Creating domain example.local...done.
Setting default domain name...done.
Creating domain example.local...already exists.
Creating admin account admin@example.local...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.7xlmrmrh3@example.local...done.
Creating user ham.rt_1on1o@example.local...done.
Creating user virus-quarantine.fsbv7fj6r0@example.local...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.example.local...done.
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
        com_zimbra_proxy_config...done.
        com_zimbra_mailarchive...done.
        com_zimbra_attachmail...done.
        com_zimbra_url...done.
        com_zimbra_phone...done.
        com_zimbra_date...done.
        com_zimbra_ymemoticons...done.
        com_zimbra_clientuploader...done.
        com_zimbra_srchhighlighter...done.
        com_zimbra_tooltip...done.
        com_zimbra_webex...done.
        com_zimbra_bulkprovision...done.
        com_zimbra_email...done.
        com_zimbra_adminversioncheck...done.
        com_zimbra_cert_manager...done.
        com_zimbra_viewmail...done.
        com_zimbra_attachcontacts...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
        The VERSION of zcs installed (8.6.0_GA_1153_RHEL7_64)
        The ADMIN EMAIL ADDRESS created (admin@example.local)

Notify Zimbra of your installation? [Yes] no
Notification skipped
Setting up zimbra crontab...done.


Moving /tmp/zmsetup01032015-084819.log to /opt/zimbra/log


Configuration complete - press return to exit

5. Start zimbra services :

su - zimbra
zmcontrol start

How to Install Webmin on CentOS 7/RHEL 7/Oracle Linux 7

Webmin is a free software that is used by system administrators for system administration and configuration of the system where it is web based. Through Webmin, the system administrator can perform their daily tasks such as system administration and server administration through the graphical web-based interface where it is very easy to use while reducing errors. Webmin very suitable for beginners who do not know much about the unix or linux command line. For future reference, I will show how to install Webmin on CentOS 7/RHEL 7/Oracle Linux 7. Current Webmin version is 1.720.

Install Webmin on CentOS 7

Install Webmin on CentOS 7/RHEL 7/Oracle Linux 7

1. Enabling Yum repository for Webmin. Create the /etc/yum.repos.d/webmin.repo file containing :

[root@centos7 ~]# vi /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

2. Install my GPG key :

[root@centos7 ~]# rpm --import http://www.webmin.com/jcameron-key.asc

3. Run “yum install” command to install Webmin software and all required dependencies :

[root@centos7 ~]# yum install webmin -y

4. Start Webmin :

[root@centos7 ~]# /etc/init.d/webmin start

5. Webmin by default works on port 10000. Access your server on port 10000 using FQDN or IP.

http://192.168.0.x:10000/ or http://FQDN:10000/

Install Webmin on CentOS 7

 

How to Setup Bind DNS Server in Chroot Jail on CentOS 7

bind dns

BIND (Berkeley Internet Name Daemon) also known as NAMED is the most widely used linux dns server in the internet.

This tutorial will explain how we can setup BIND DNS in a chroot jail in CentOS 7, the process is simply unable to see any part of the filesystem outside the jail. For example, in this post, i will configure BIND dns to run chrooted to the directory /var/named/chroot/.

Well, to BIND dns, the contents of this directory will appear to be /, the root directory. A “jail” is a software mechanism for limiting the ability of a process to access resources outside a very limited area, and it’s purposely to enhance the security.

Unlike with earlier versions of BIND, you typically will not need to compile named statically nor install shared libraries under the new root.

Chroot Environment initialization script will mount the above configuration files using the mount –bind command, so that you can manage the configuration outside this environment. There is no need to copy anything into the /var/named/chroot/ directory because it is mounted automatically. This simplifies maintenance since you do not need to take any special care of BIND configuration files if it is run in a chroot environment. You can organize everything as you would with BIND not running in a chroot environment.

Chrooted Bind DNS server was by default configured to /var/named/chroot. You may follow this complete steps to implement Bind Chroot DNS Server on CentOS 7 virtual private server (VPS).

Setup Bind DNS Server in Chroot Jail on CentOS 7

1. Install Bind Chroot DNS server :

# yum install bind-chroot -y

2. To enable the named-chroot service, first check if the named service is running by issuing the following command:

# systemctl status named

If it is running, it must be disabled.
To disable named, issue the following commands as root:

# systemctl stop named
# systemctl disable named

3. Initialize the /var/named/chroot environment by running:

# /usr/libexec/setup-named-chroot.sh /var/named/chroot on
# systemctl stop named
# systemctl disable named
# systemctl start named-chroot
# systemctl enable named-chroot
ln -s '/usr/lib/systemd/system/named-chroot.service' '/etc/systemd/system/multi-user.target.wants/named-chroot.service'

The following directories are automatically mounted into the /var/named/chroot/ directory if the corresponding mount point directories underneath /var/named/chroot/ are empty:

Verify Chroot Environment :

# ll /var/named/chroot/etc
total 28
-rw-r--r-- 1 root root   372 Dec  1 23:04 localtime
drwxr-x--- 2 root named 4096 Nov 22 01:28 named
-rw-r----- 1 root named 1705 Mar 22  2016 named.conf
-rw-r--r-- 1 root named 2389 Nov 22 01:28 named.iscdlv.key
-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones
-rw-r--r-- 1 root named  487 Jul 19  2010 named.root.key
drwxr-x--- 3 root named 4096 Jan  4 22:12 pki
# ll /var/named/chroot/var/named
total 32
drwxr-x--- 7 root  named 4096 Jan  4 22:12 chroot
drwxrwx--- 2 named named 4096 Nov 22 01:28 data
drwxrwx--- 2 named named 4096 Nov 22 01:28 dynamic
-rw-r----- 1 root  named 2076 Jan 28  2013 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Nov 22 01:28 slaves

4. Create bind dns related files into chrooted directory :

# touch /var/named/chroot/var/named/data/cache_dump.db
# touch /var/named/chroot/var/named/data/named_stats.txt
# touch /var/named/chroot/var/named/data/named_mem_stats.txt
# touch /var/named/chroot/var/named/data/named.run
# mkdir /var/named/chroot/var/named/dynamic
# touch /var/named/chroot/var/named/dynamic/managed-keys.bind

5. Bind lock file should be writeable, therefore set the permission to make it writable as below :

# chmod -R 777 /var/named/chroot/var/named/data
# chmod -R 777 /var/named/chroot/var/named/dynamic

6. Copy /etc/named.conf chrooted bind config folder :

# cp -p /etc/named.conf /var/named/chroot/etc/named.conf

7.Configure main bind configuration in /etc/named.conf. Append the example.local zone information to the file :

# vi /var/named/chroot/etc/named.conf

Create forward and reverse zone into named.conf:

..
..
zone "example.local" {
    type master;
    file "example.local.zone";
};

zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.0.zone";
};
..
..

Full named.conf configuration :

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "example.local" {
    type master;
    file "example.local.zone";
};

zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "192.168.0.zone";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

8. Create Forward and Reverse zone files for domain example.local.

a) Create Forward Zone :

# vi /var/named/chroot/var/named/example.local.zone

Add the following and save :

;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     example.local. hostmaster.example.local. (
                               2014101901      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

;       Define the nameservers and the mail servers

               IN      NS      ns1.example.local.
               IN      NS      ns2.example.local.
               IN      A       192.168.0.70
               IN      MX      10 mx.example.local.

centos7          IN      A       192.168.0.70
mx               IN      A       192.168.0.50
ns1              IN      A       192.168.0.70
ns2              IN      A       192.168.0.80

b) Create Reverse Zone :

# vi /var/named/chroot/var/named/192.168.0.zone
;
;       Addresses and other host information.
;
$TTL 86400
@       IN      SOA     example.local. hostmaster.example.local. (
                               2014101901      ; Serial
                               43200      ; Refresh
                               3600       ; Retry
                               3600000    ; Expire
                               2592000 )  ; Minimum

0.168.192.in-addr.arpa. IN      NS      centos7.example.local.

70.0.168.192.in-addr.arpa. IN PTR mx.example.local.
70.0.168.192.in-addr.arpa. IN PTR ns1.example.local.
80.0.168.192.in-addr.arpa. IN PTR ns2.example.local.

Bind dns related articles

Reference :
https://www.centos.org/docs/2/rhl-rg-en-7.2/ch-bind.html
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-bind.html
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-BIND.html

New Naming Scheme for the Network Interface on RHEL 7/CentOS 7

Red Hat Enterprise Linux 7 (RHEL 7) and CentOS 7 come with the new naming scheme for the network devices.

These features change the name of network interfaces on a system in order to make the network interfaces fully predictable, fully automatic, easier to differentiate and that broken hardware can be replaced seamlessly.

This affects both network adapters embedded on the motherboard (Lan-on-Motherboard, or additional adapters such as PCI network card and etc.

Traditionally, network interfaces in Linux used eth[0123…]. In RHEL7/CentOS7, the default network interface name is based on firmware, topology, and location information.

The following different naming schemes for network interfaces are now supported by udev natively:

  • Names incorporating Firmware or BIOS provided index numbers for on-board devices (example: eno1)
  • Names incorporating Firmware or BIOS provided PCI Express hotplug slot index numbers (example: ens1)
  • Names incorporating physical location of the connector of the hardware (example: enp2s0)
  • Names incorporating the interface’s MAC address (example: enx78e7d1ea46da)
  • The traditional unpredictable kernel-native ethX naming (example: eth0)

The names have two character prefixes based on the type of interface:

  • en for Ethernet,
  • wl for wireless LAN (WLAN),
  • ww for wireless wide area network (WWAN).
FormatDescription
o<index>on-board device index number
s<slot>[f<function>][d<dev_id>]hotplug slot index number
x<MAC>MAC address
p<bus>s<slot>[f<function>][d<dev_id>]PCI geographical location
p<bus>s<slot>[f<function>][u<port>][..][c<config>][i<interface>]USB port number chain

ifconfig utility is not installed by default in minimal installation. You can use “ip link show“, “ip addr” or “ip address” to display the auto assigned devices name :

[root@centos7 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
    link/ether 00:0c:29:ba:3e:fe brd ff:ff:ff:ff:ff:ff
[root@centos7 ~]# ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:0c:29:ba:3e:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.18/24 brd 192.168.0.255 scope global dynamic ens160
       valid_lft 604707sec preferred_lft 604707sec
    inet6 fe80::20c:29ff:feba:3efe/64 scope link
       valid_lft forever preferred_lft forever

How to Install and Use Traceroute in Linux RHEL 6/7, CentOS 6/7, Oracle Linux 6/7

Traceroute command is a network diagnostic tool for displaying the route packets take to network host or destination. It shows how long each hop will takes and how many hops that the packet requires to reach the specify destination. In linux, traceroute command is used while in windows and dos environment, they used tracert command. In this post i will show you how to install and how to use traceroute command to diagnose your IP network related issues. This steps has been tested on RHEL 6/7, CentOS 6/7 and Oracle Linux 6/7.

1. If your linux VPS or dedicated server does not installed with traceroute, it will return this warning :

# traceroute www.google.com
-bash: traceroute: command not found

Or you can verify the traceroute install or not by issue which command :

# which traceroute
/usr/bin/which: no traceroute in (/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin)

2. To install traceroute, run the following command :

# yum install traceroute -y

3. Verify the command install or not :

# which traceroute
/bin/traceroute

4. How to use traceroute command :

a. Find the network path from my centos6 server to google.com :

# traceroute [options]

Example :

# traceroute www.google.com
traceroute to www.google.com (58.27.108.153), 30 hops max, 60 byte packets
 1  192.168.2.1 (192.168.2.1)  9.233 ms  9.020 ms  8.857 ms
 2  219.93.218.177 (219.93.218.177)  20.717 ms  20.529 ms  27.526 ms
 3  60.49.55.93 (60.49.55.93)  57.368 ms  57.446 ms  57.187 ms
 4  10.55.32.58 (10.55.32.58)  76.846 ms 10.55.32.56 (10.55.32.56)  66.418 ms  66.906 ms
 5  58.27.105.125 (58.27.105.125)  75.779 ms  65.556 ms  65.592 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

1 is the internet gateway on the network this traceroute was done (ADSL modem local IP)
2 is the ISP the origin computer is connected to.

My PPPoE modem WAN IP details :
1

b. Find the network path from my centos6 server to google.com and do not resolve IP addresses to their domain names :

# traceroute www.google.com -n

c. Find the network path from my centos6 server to google.com and set the number of seconds to wait for response to a probe to 0.1 seconds (Default is 5.0) :

# traceroute www.google.com -w 0.1

d. Find the network path from my centos6 server to google.com and set the number of probes per each hop to 5 (Default is 3) :

# traceroute www.google.com -q 5

5. Display basic command line options help for more usage :

# traceroute --help
Usage:
  traceroute [ -46dFITnreAUV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] host [ packetlen ]
Options:
  -4                          Use IPv4
  -6                          Use IPv6
  -d  --debug                 Enable socket level debugging
  -F  --dont-fragment         Do not fragment packets
  -f first_ttl  --first=first_ttl
                              Start from the first_ttl hop (instead from 1)
  -g gate,...  --gateway=gate,...
                              Route packets through the specified gateway
                              (maximum 8 for IPv4 and 127 for IPv6)
  -I  --icmp                  Use ICMP ECHO for tracerouting
  -T  --tcp                   Use TCP SYN for tracerouting
  -i device  --interface=device
                              Specify a network interface to operate with
  -m max_ttl  --max-hops=max_ttl
                              Set the max number of hops (max TTL to be
                              reached). Default is 30
  -N squeries  --sim-queries=squeries
                              Set the number of probes to be tried
                              simultaneously (default is 16)
  -n                          Do not resolve IP addresses to their domain names
  -p port  --port=port        Set the destination port to use. It is either
                              initial udp port value for "default" method
                              (incremented by each probe, default is 33434), or
                              initial seq for "icmp" (incremented as well,
                              default from 1), or some constant destination
                              port for other methods (with default of 80 for
                              "tcp", 53 for "udp", etc.)
  -t tos  --tos=tos           Set the TOS (IPv4 type of service) or TC (IPv6
                              traffic class) value for outgoing packets
  -l flow_label  --flowlabel=flow_label
                              Use specified flow_label for IPv6 packets
  -w waittime  --wait=waittime
                              Set the number of seconds to wait for response to
                              a probe (default is 5.0). Non-integer (float
                              point) values allowed too
  -q nqueries  --queries=nqueries
                              Set the number of probes per each hop. Default is
                              3
  -r                          Bypass the normal routing and send directly to a
                              host on an attached network
  -s src_addr  --source=src_addr
                              Use source src_addr for outgoing packets
  -z sendwait  --sendwait=sendwait
                              Minimal time interval between probes (default 0).
                              If the value is more than 10, then it specifies a
                              number in milliseconds, else it is a number of
                              seconds (float point values allowed too)
  -e  --extensions            Show ICMP extensions (if present), including MPLS
  -A  --as-path-lookups       Perform AS path lookups in routing registries and
                              print results directly after the corresponding
                              addresses
  -M name  --module=name      Use specified module (either builtin or external)
                              for traceroute operations. Most methods have
                              their shortcuts (`-I' means `-M icmp' etc.)
  -O OPTS,...  --options=OPTS,...
                              Use module-specific option OPTS for the
                              traceroute module. Several OPTS allowed,
                              separated by comma. If OPTS is "help", print info
                              about available options
  --sport=num                 Use source port num for outgoing packets. Implies
                              `-N 1'
  -U  --udp                   Use UDP to particular port for tracerouting
                              (instead of increasing the port per each probe),
                              default port is 53
  -UL                         Use UDPLITE for tracerouting (default dest port
                              is 53)
  -P prot  --protocol=prot    Use raw packet of protocol prot for tracerouting
  --mtu                       Discover MTU along the path being traced. Implies
                              `-F -N 1'
  --back                      Guess the number of hops in the backward path and
                              print if it differs
  -V  --version               Print version info and exit
  --help                      Read this help and exit

Arguments:
+     host          The host to traceroute to
      packetlen     The full packet length (default is the length of an IP
                    header plus 40). Can be ignored or increased to a minimal
                    allowed value

Apache Reverse Proxy Configuration for Linux

Reverse Proxy is a gateway and it’s appears to the client like an ordinary web server. In this article, i will show quick steps to setup and configure Apache Reverse Proxy server. We need to add reverse proxy configuration into configuration to tell apache where it should be redirecting or caching information for clients that request for information. In this case, the following servers will involve in the setup.

(Server1) http://www.ehowstuff.local –> 192.168.2.54
(Server2) http://web.ehowstuff.local –> 192.168.2.55

When the client browsing /web on Server1, the traffic will redirecting to Server2.

Apache Reverse Proxy Configuration for Linux CentOS 6/ RHEL 6/ Oracle Linux 6

1. To use the Apache proxy directives, the following modules should be loaded :

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

2. Configure /web on Apache web server on Server1 :

# vi /etc/httpd/conf.d/reverse_proxy.conf

Add this lines :

<IfModule mod_proxy.c>
 ProxyRequests Off
 <Proxy *>
  Order allow,deny
  Allow from all
 </Proxy>

 ProxyPass /web http://web.ehowstuff.local
 ProxyPassReverse /web http://web.ehowstuff.local
</IfModule>

3. Restart or reload Apache to take effect :

# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

4. Browse the URL http://www.ehowstuff.local/web as below :

Apache Reverse Proxy

 

How to Unzip a File in Linux RHEL 6/CentOS 6/CentOS 7

How to Unzip a File in Linux

File compression can be done in a variety of methods on Linux systems. In Windows you might have come across a utility such as WinZip or Winrar for uncompressing files.

But in Linux you can do it two ways, from Graphical User Interface (GUI) and command line.

As linux system administrator most of the routine task playing with the linux command line. It is quite difficult to remember all the command that have been in use.

In this post, I will show the simple steps on how to unzip a file in Linux and how to zip a folder in Linux Red Hat Linux Enterprise 6 (RHEL 6).

This steps may also working on other versions such as CentOS 5.1, CentOS 5.2, CentOS 5.3, CentOS 5.4, CentOS 5.5, CentOS 5.6, CentOS 5.7, CentOS 6.x, RHEL 5.x and RHEL 6.x. CentOS 7 and Oracle Linux 7.

zip is a compression and file packaging utility for Unix, VMS, MSDOS, OS/2, Windows, Macintosh and linux operating systems. Meanwhile, unzip is utility to extract compressed files from a ZIP archive.

How to zip a folder in Linux

1. Creates the archive folder1.zip and puts all the files in the current directory in it in compressed form as below :

[root@rhel6 ~]# touch file1
[root@rhel6 ~]# touch file2
[root@rhel6 ~]# touch file3
[root@rhel6 ~]# ls
file1  file2  file3

Then zip folder1 :

[root@rhel6 ~]# zip folder1 *
  adding: file1 (stored 0%)
  adding: file2 (stored 0%)
  adding: file3 (stored 0%)
[root@rhel6 ~]# ls
file1  file2  file3  folder1.zip

How to Unzip a File in Linux

2. To unzip Joomla_2.5.3-Stable-Full_Package.zip into /var/www/html/joomla253 folder :

[root@rhel6 ~]# unzip Joomla_2.5.3-Stable-Full_Package.zip -d /var/www/html/joomla253

I hope the following tutorial on how to unzip a file in Linux will give you some basic idea on how to zip and unzip a folder on Linux.