Posted on

How to Change RunLevel on CentOS 7 / RHEL 7

Old method to change the runlevel via /etc/inittab in Redhat Enterprise Linux version and CentOS server has become obsolete on RHEL 7 and CentOS 7. This latest Linux operating system uses systemd system management daemon and relies on systemctl command in order to change the runlevel. RunLevel is set with linking to /etc/systemd/system/default.target. Please make sure you have already install Gnome GUI before you proceed to change runlevel.

1. Check the current runlevel :

# runlevel
N 3

or

# systemctl get-default
multi-user.target

2. We can display the default.target by using list command :

# ll /etc/systemd/system/default.target
lrwxrwxrwx. 1 root root 37 Sep  1  2014 /etc/systemd/system/default.target -> /lib/systemd/system/multi-user.target

3. For example to list all currently loaded targets :

# systemctl list-units -t target

UNIT                LOAD   ACTIVE SUB    DESCRIPTION
basic.target        loaded active active Basic System
cryptsetup.target   loaded active active Encrypted Volumes
getty.target        loaded active active Login Prompts
local-fs-pre.target loaded active active Local File Systems (Pre)
local-fs.target     loaded active active Local File Systems
multi-user.target   loaded active active Multi-User System
network.target      loaded active active Network
paths.target        loaded active active Paths
remote-fs.target    loaded active active Remote File Systems
slices.target       loaded active active Slices
sockets.target      loaded active active Sockets
swap.target         loaded active active Swap
sysinit.target      loaded active active System Initialization
timers.target       loaded active active Timers

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

14 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.

4. Type the following command to change the RunLevel to Graphical-login :

# systemctl set-default graphical.target

rm '/etc/systemd/system/default.target'
ln -s '/usr/lib/systemd/system/graphical.target' '/etc/systemd/system/default.target'

5. Verify the changed runlevel :

# runlevel
N 5

or

# systemctl get-default
graphical.target

6. Reboot the server to login to GNOME gui.

redhat-banner

Posted on

How to Fix GNOME License Not Accepted Issue on CentOS 7

This post assume that you have just finished the Gnome GUI installation on CentOS 7 by using “yum groupinstall “GNOME Desktop” “Graphical Administration Tools” -y” command. Previously you are running a minimum CentOS 7, only with command line via terminal. But after you reboot the server you get the following screen.

Initial setup of CentOS Linux 7 (core)
1) [x] Creat user 2) [!] License information
(no user will be created) (license not accepted)
Please make your choice from above ['q' to quit | 'c' to continue | 'r' to refresh]:

Gnome-Gui-License-1

To fix the issue, you have to perform the following :

a) Press 1
b) Press 2 in order to change [ ] to [x] in front of 2) I accept the license agreement
c) Press q
d) Accept license menu does not prompt anymore at boot.

Gnome-Gui-License-2

Posted on

How to Setup Multiple WordPress Sites on Nginx

This article describes how to install and configure multiple WordPress sites on Nginx and the steps have been prepared based on CentOS 7.0 and Nginx 1.6.3. NGINX (pronounced Engine ex) is an open source high performance web servers and able to handle large number of concurrent connections. It has the lowest memory footprint if compared to the alternate web server, apache http server. Please follow the following steps to host multiple WordPress sites on Nginx. Please note that this configuration also tested working on RHEL 7 and Oracle Linux 7.

Steps to Setup Multiple WordPress Sites on Nginx

1. First, we need to set up directories for multi-sites the server blocks and additional WordPress configuration files :

# mkdir -p /etc/nginx/conf.d
# mkdir -p /etc/nginx/sites-available

2. Tell the main nginx.conf file to look for the new setup directories :

# vi /etc/nginx/nginx.conf

Add the following into the configuration file :

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;
}

3. Add new wordpress configuration file :

# vi /etc/nginx/conf.d/wordpress.conf

# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}
# PLUGINS : Enable Rewrite Rules for SiteMap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;

4. Add new common configuration file :

# vi /etc/nginx/conf.d/common.conf

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port

listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   #    expires max;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

5. Create the document root for mutiple websites :

# mkdir -p /var/www/html/example-site1
# mkdir -p /var/www/html/example-site2

6. Add the server block configuration for example-site1.com :

# vi /etc/nginx/sites-available/example-site1.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site1.com;
    rewrite ^/(.*)$ http://www.example-site1.com/$1 permanent;
}

server {
        server_name www.example-site1.com;
        root /var/www/html/example-site1;
        access_log /var/log/nginx/example-site1.com.access.log;
        error_log /var/log/nginx/example-site1.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

7. Add the server block configuration for example-site2.com :

# vi /etc/nginx/sites-available/example-site2.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site2.com;
    rewrite ^/(.*)$ http://www.example-site2.com/$1 permanent;
}

server {
        server_name www.example-site2.com;
        root /var/www/html/example-site2;
        access_log /var/log/nginx/example-site2.com.access.log;
        error_log /var/log/nginx/example-site2.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

8. Check the nginx syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

9. Restart Nginx service to apply for Multiple WordPress sites on Nginx configuration :

# sudo systemctl restart  nginx.service

Multiple WordPress sites on Nginx

Resource

Posted on

How To Get Email Alerts for SSH Login on Linux Server

Enable SSH server on a virtual private server (VPS) will expose the server to the internet and provide opportunities for hacking activities, especially when VPS still using root as a primary access. VPS should be configured with a email alert automatically to each successful login attempts via SSH server . VPS server owner shall be notified of any SSH server access log, such as who, when and which source IP address. This is an important security concern for server owners to protect the server from unknown login attempts. This is because if hackers use brute force to log into your VPS via ssh then it can be very dangerous. In this article, I will explain how to set up an email alert to all SSH login users on linux CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Login to your server as root user :

2. Configure at alert from source global definitions (/etc/bashrc). This will enabled for root and normal users :

[root@vps ~]# vi /etc/bashrc

Add the following at the bottom of the files.

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

3. Optionally you can enable alert for root only :

[root@vps ~]# vi .bashrc

Add the following at the bottom of /root/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

Full Configuration file example :

# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

4. Optionally you can enable alert for specify normal user (e.g skytech ) :

[root@vps ~]# vi /home/skytech/.bashrc

Add the following at the bottom of /home/skytech/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

fail2ban-security

Posted on

How to Use Fail2ban to Stop/Prevent SSH Brute Force on Linux

Brute-force break-in attempts are quite frequent against the SSH server. However, there is an open source software that can help you deal with this problem automatically, namely fail2ban. Fail2ban provides a way to protect private virtual server( VPS ) from malicious behavior by intruders or hackers automatically. This program works by scanning through log files and respond to unsuccessful login attempts and repeated login attempts. Here are the steps on how to implement fail2ban and steps have been tested on CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Install fail2ban :

# yum install fail2ban -y

2. Make a copy of original config file :

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

3. Update jail.local configuration file :

# vi /etc/fail2ban/jail.local

Add as below :

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=receipient@gmail.com, sender=fail2ban@ehowstuff.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 5

4. Configure the prefered “bantime”, “findtime” and “maxretry” before a host get banned :

# vi /etc/fail2ban/jail.local

Update to the following :

..
..
# "bantime" is the number of seconds that a host is banned.
bantime  = 7200

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
..
..

5. Verify sshd filter file :
You can verify the default sshd filter file.

# vi /etc/fail2ban/filter.d/sshd.conf

6. Restart fail2ban :

# service fail2ban restart

7. After a few hours of implementation, fail2ban start capturing and banned for such violence and attempts to guess the password for my VPS. Look at the log at path /var/log/secure for monitoring :

# tail -f /var/log/secure

Mar  3 13:37:59 rn sshd[30681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:02 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:05 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:07 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:09 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:12 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:13 rn sshd[30681]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:48 rn sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:50 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:52 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:54 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:56 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:00 rn sshd[30704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:02 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:04 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:07 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:09 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:11 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:12 rn sshd[30704]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:24 rn sshd[30708]: Invalid user admin from 115.231.218.57
Mar  3 13:39:24 rn sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57
Mar  3 13:39:26 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:27 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:30 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:33 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57

8. Fail2ban start to ban and unban after two hours :

# tail -f /var/log/messages

Mar  3 13:38:13 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Ban 115.231.218.57
Mar  3 13:38:58 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:12 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:33 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:56 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:20 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:30 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:41 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:46 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:31:35 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:34 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:02 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:54 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:34:06 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:38:14 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Unban 115.231.218.57

9. All the ban action followed by the email trigger as per screenshot :
fail2ban-1

fail2ban-security

10. Check the Which IP already listed in the ban list :

# iptables -L

..
..
Chain fail2ban-NoAuthFailures (1 references)
target     prot opt source               destination
REJECT     all  --  141.101.98.8         anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.210.231      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.221.246      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.238.35       anywhere            reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
Posted on

4 lvcreate Command Examples on Linux

Logical volume management (LVM) is a widely-used technique and extremely flexible disk management scheme. It basically contain three basic command :

a. Creates the physical volumes using pvcreate
b. Create the volume group and add partition into volume group using vgcreate
c. Create a new logical volume using lvcreate

lvm-diagram1

The following examples focus on the command to create a logical volume in an existing volume group, lvcreate. lvcreate is the command do allocating logical extents from the free physical extent pool of that volume group. Normally logical volumes use up any space available on the underlying physical volumes on a next-free basis. Modifying the logical volume will frees and reallocates space in the physical volumes. The following lvcreate command has been tested on linux CentOS 5, CentOS 6, CentOS 7, RHEL 5, RHEl 6 and RHEL 7 version.

4 lvcreate Command Examples on Linux :

1. The following command creates a logical volume 15 gigabytes in size in the volume group vg_newlvm :

[root@centos7 ~]# lvcreate -L 15G vg_newlvm

2. The following command creates a 2500 MB linear logical volume named centos7_newvol in the volume group
vg_newlvm, creating the block device /dev/vg_newlvm/centos7_newvol :

[root@centos7 ~]# lvcreate -L 2500 -n centos7_newvol vg_newlvm

3. You can use the -l argument of the lvcreate command to specify the size of the logical volume in extents. You can also use this argument to specify the percentage of the volume group to use for the logical volume. The following command creates a logical volume called centos7_newvol that uses 50% of the total space in volume group vg_newlvm :

[root@centos7 ~]# lvcreate -l 50%VG -n centos7_newvol vg_newlvm

4. The following command creates a logical volume called centos7_newvol that uses all of the unallocated space in the volume group vg_newlvm :

[root@centos7 ~]# lvcreate --name centos7_newvol -l 100%FREE vg_newlvm

To see more lvcreate command options, issue the following command :

[root@centos7 ~]# lvcreate --help

  lvcreate: Create a logical volume

lvcreate
        [-A|--autobackup {y|n}]
        [-a|--activate [a|e|l]{y|n}]
        [--addtag Tag]
        [--alloc AllocationPolicy]
        [--cachemode CacheMode]
        [-C|--contiguous {y|n}]
        [-d|--debug]
        [-h|-?|--help]
        [--ignoremonitoring]
        [--monitor {y|n}]
        [-i|--stripes Stripes [-I|--stripesize StripeSize]]
        [-k|--setactivationskip {y|n}]
        [-K|--ignoreactivationskip]
        {-l|--extents LogicalExtentsNumber[%{VG|PVS|FREE}] |
         -L|--size LogicalVolumeSize[bBsSkKmMgGtTpPeE]}
        [-M|--persistent {y|n}] [--major major] [--minor minor]
        [-m|--mirrors Mirrors [--nosync] [{--mirrorlog {disk|core|mirrored}|--corelog}]]
        [-n|--name LogicalVolumeName]
        [--noudevsync]
        [-p|--permission {r|rw}]
        [--[raid]minrecoveryrate Rate]
        [--[raid]maxrecoveryrate Rate]
        [-r|--readahead ReadAheadSectors|auto|none]
        [-R|--regionsize MirrorLogRegionSize]
        [-T|--thin  [-c|--chunksize  ChunkSize]
          [--discards {ignore|nopassdown|passdown}]
          [--poolmetadatasize MetadataSize[bBsSkKmMgG]]]
          [--poolmetadataspare {y|n}]
        [--thinpool ThinPoolLogicalVolume{Name|Path}]
        [-t|--test]
        [--type VolumeType]
        [-v|--verbose]
        [-W|--wipesignatures {y|n}]
        [-Z|--zero {y|n}]
        [--version]
        VolumeGroupName [PhysicalVolumePath...]

lvcreate
        { {-s|--snapshot} OriginalLogicalVolume[Path] |
          [-s|--snapshot] VolumeGroupName[Path] -V|--virtualsize VirtualSize}
          {-T|--thin} VolumeGroupName[Path][/PoolLogicalVolume]
                      -V|--virtualsize VirtualSize}
        [-c|--chunksize]
        [-A|--autobackup {y|n}]
        [--addtag Tag]
        [--alloc AllocationPolicy]
        [-C|--contiguous {y|n}]
        [-d|--debug]
        [--discards {ignore|nopassdown|passdown}]
        [-h|-?|--help]
        [--ignoremonitoring]
        [--monitor {y|n}]
        [-i|--stripes Stripes [-I|--stripesize StripeSize]]
        [-k|--setactivationskip {y|n}]
        [-K|--ignoreactivationskip]
        {-l|--extents LogicalExtentsNumber[%{VG|FREE|ORIGIN}] |
         -L|--size LogicalVolumeSize[bBsSkKmMgGtTpPeE]}
        [--poolmetadatasize MetadataVolumeSize[bBsSkKmMgG]]
        [-M|--persistent {y|n}] [--major major] [--minor minor]
        [-n|--name LogicalVolumeName]
        [--noudevsync]
        [-p|--permission {r|rw}]
        [-r|--readahead ReadAheadSectors|auto|none]
        [-t|--test]
        [--thinpool ThinPoolLogicalVolume[Path]]
        [-v|--verbose]
        [--version]
        [PhysicalVolumePath...]
Posted on

What are the Differences Between the Open-VM-Tools package and VMware Tools package

Question.
Many of the system administrator asked whether they need to install Open-VM-Tools package or VMware Tools package that ships with ESX/ESXi VMware products.

Answer.
VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s guest operating system and improves management of the virtual machine.

How to Install Vmware-tools for windows
How to Install Vmware-tools for Linux

The Open Virtual Machine Tools (open-vm-tools) are the open source implementation of VMware Tools. They consists of a suite of virtualization utilities that improves the functionality, administration, and management of virtual machines within a VMware environment. As virtualization technology rapidly becomes mainstream, each virtualization solution provider implements their own set of tools and utilities to supplement the guest virtual machine. The primary purpose for open-vm-tools is to enable operating system vendors and/or communities and virtual appliance vendors to bundle VMware Tools into their product releases.

open-vm-tools is available with these operating systems:

  • Fedora 19 and later releases
  • Debian 7.x and later releases
  • openSUSE 11.x and later releases
  • Recent Ubuntu releases (12.04 LTS, 13.10 and later)
  • Red Hat Enterprise Linux 7.0 and later releases
  • SUSE Linux Enterprise 12 – available Q4 2014
  • CentOS 7
  • Oracle Linux 7

Note : If your OS is not listed above, i would suggest you to install VMware Tools package that ships with ESX/ESXi VMware products.

VMware support policy

  • VMware recommends using open-vm-tools redistributed by operating system vendors.
  • VMware fully supports virtual machines that include open-vm-tools redistributed by operating system vendors, which is done in collaboration with the OS vendor and OS communities. However, the operating system release must be published as certified by the specific VMware product in the online VMware Compatibility Guide.
  • VMware provides assistance to operating system vendors and communities with the integration of open-vm-tools with OS releases.
  • VMware fully supports virtual appliances that include open-vm-tools, which is done in collaboration with the virtual appliance vendor.
  • VMware does not recommend removing open-vm-tools redistributed by operating system vendors.

References :
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073803
http://partnerweb.vmware.com/GOSIG/CentOS_7.html

Posted on

How to Configure Static IP Address on RHEL 7.0/CentOS 7.0/Oracle Linux 7

This article will describe the procedure to configure static Ip address on RHEL 7/CentOS 7/Oracle Linux 7 minimal installation. Network interface configuration files control the software interfaces for individual network devices. As the system boots, it uses these files to determine what interfaces to bring up and how to configure them. These files are usually named ifcfg-name. Since the release of RHEL 7, redhat come with the new naming scheme for the network devices. In RHEL7/CentOS7/Oracle Linux 7, the default network interface name is based on firmware, topology, and location information. In this procedure, the network interface name is ifcfg-ens160.

1. Original ip configuration :

# cat /etc/sysconfig/network-scripts/ifcfg-ens160
HWADDR=00:02:22:G4:EE:FF
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=34796933-af4b-4a41-8287-6e57ac131234
ONBOOT=no

2. Please change BOOTPROTO to static or none, ONBOOT statement is set on YES and don’t change HWADDR and UUID values provided by default. Please add IPADDR, NETMASK, GATEWAY and DNS1 line as below :

HWADDR=00:02:22:G4:EE:FF
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=ens160
UUID=34796933-af4b-4a41-8287-6e57ac131234
ONBOOT=yes
IPADDR=192.168.0.70
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=8.8.8.8

3. Restart network interface to take effect :

# systemctl restart network

or

# service network restart
Restarting network (via systemctl):                        [  OK  ]

4. Run ifconfig to display the ip address. If your ifconfig command is not found, please follow this instruction to install it.(How to Install ifconfig and netstat on RHEL 7.0/CentOS 7.0):

# ifconfig
ens160: flags=4163  mtu 1500
        inet 192.168.0.70  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:feba:3efe  prefixlen 64  scopeid 0x20
        ether 00:0c:29:ba:3e:fe  txqueuelen 1000  (Ethernet)
        RX packets 20775  bytes 1455662 (1.3 MiB)
        RX errors 0  dropped 40  overruns 0  frame 0
        TX packets 1289  bytes 179594 (175.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 656 (656.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Posted on

How to Install ifconfig and netstat on RHEL 7.0/CentOS 7.0/Oracle Linux 7

Question :
I have just setup on RHEL 7.0/CentOS 7.0/Oracle Linux 7 minimal server installation but i notice ifconfig and netstat command not found. How to make those command available ?

Solution :
By default, ifconfig and netstat utility is not installed on RHEL 7.0/CentOS 7.0/Oracle Linux 7 minimal server installation. You need to install net-tools utility manually, this include ifconfig and netstat command.

# ifconfig
-bash: ifconfig: command not found

1. Run installation command :

# yum install net-tools -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.biz.net.id
 * extras: mirror.smartmedia.net.id
 * updates: centos.biz.net.id
Resolving Dependencies
--> Running transaction check
---> Package net-tools.x86_64 0:2.0-0.17.20131004git.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package              Arch              Version                               Repository       Size
====================================================================================================
Installing:
 net-tools            x86_64            2.0-0.17.20131004git.el7              base            304 k

Transaction Summary
====================================================================================================
Install  1 Package

Total download size: 304 k
Installed size: 917 k
Downloading packages:
warning: /var/cache/yum/x86_64/7/base/packages/net-tools-2.0-0.17.20131004git.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID f4a80eb5: NOKEY
Public key for net-tools-2.0-0.17.20131004git.el7.x86_64.rpm is not installed
net-tools-2.0-0.17.20131004git.el7.x86_64.rpm                                | 304 kB  00:00:10
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Importing GPG key 0xF4A80EB5:
 Userid     : "CentOS-7 Key (CentOS 7 Official Signing Key) "
 Fingerprint: 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
 Package    : centos-release-7-0.1406.el7.centos.2.3.x86_64 (@anaconda)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : net-tools-2.0-0.17.20131004git.el7.x86_64                                        1/1
  Verifying  : net-tools-2.0-0.17.20131004git.el7.x86_64                                        1/1

Installed:
  net-tools.x86_64 0:2.0-0.17.20131004git.el7

Complete!

2. Try ifconfig command :

# ifconfig
ens160: flags=4163  mtu 1500
        inet 192.168.0.18  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::20c:29ff:feba:3efe  prefixlen 64  scopeid 0x20
        ether 00:0c:29:ba:3e:fe  txqueuelen 1000  (Ethernet)
        RX packets 10357  bytes 9459534 (9.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8239  bytes 2341646 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

3. Try netstat command :

# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1919/master
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1318/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      1919/master
tcp6       0      0 :::22                   :::*                    LISTEN      1318/sshd
udp        0      0 0.0.0.0:47445           0.0.0.0:*                           572/avahi-daemon: r
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           572/avahi-daemon: r
Posted on

How to Check Opened Port on Linux VPS Server

By default, the linux operating system manages 65536 ports. If you run Virtual private Server (VPS) on linux platform, it is better to turn off any services or ports that you don’t actually need. This is to ensure your VPS server will not become avenues of attack for any security threats. Simply run these commands to easily see open ports on your Linux VPS server that are currently listening.

1. List opened ports with protocol name :

[root@vps-server ~]# netstat --listen --tcp

Examples :

[root@vps-server ~]# netstat --listen --tcp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN

2. List opened ports with protocol number :

[root@vps-server ~]# netstat --listen --tcp -n

Examples :

[root@vps-server ~]# netstat --listen --tcp -n
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN