Posted on

How to Configure Linux TCP keepalive Setting

TCP keepalive Setting

In line with the increase in internet users, the traffic and workload on the web server is also increased. Hence, the webmaster or system administrator needs to make sure that the web server is able to accommodate a sufficient number of TCP connections.

If your web server has begun to show an increase in the number of visitors, you may start planning to perform basic tcp tuning on the linux operating system.

On average, most people that visit the website or blog that comes from search engines only read a page just for 1-2 minutes. After they got the answer for what they really want, they simply leave the page and visit other sites. But the old opened connection still remains and unused for a long time.

For low and average number of website visitors, the default values for the keepalive parameter should be sufficient.

But for high concurrency web server or in a busy server, decrease timeouts on TCP sockets can help to clean up the tcp connections from clients that have been disconnected. This can be done by changing the default value of tcp_keepalive setting in sysctl.conf.

What is TCP Keepalive Setting?

TCP keepalive is a mechanism for TCP connections that help to determine whether the other end has stopped responding or not.

TCP will send the keepalive probe contains null data to the network peer several times after a period of idle time. If the peer does not respond, the socket will be closed automatically.

The application will then receive a notification about the socket closure, which it should handle in the correct manner.

Most of the operating systems and hosts that support TCP also support TCP Keepalive.

Basically, tuning some of the settings in sysctl.conf really help speeding things up under heavy usage.

Tunable TCP settings can be found on /proc/sys/net/ipv4

What are the default values of TCP KeepAlive setting ?

tcp_keepalive_time = 7200 (seconds)
tcp_keepalive_intvl = 75 (seconds)
tcp_keepalive_probes = 9 (number of probes)

TCP keepalive process waits for two hours (7200 secs) for socket activity before sending the first keepalive probe, and then resend it every 75 seconds. As long as there is TCP/IP socket communications going on and active, no keepalive packets are needed.

How to Configure Linux TCP keepalive Settings ?

Please note that the following tuning is for linux operating system only. This steps has been tested in CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Optionally you can do further tuning of the web applications level such as Apache or Nginx web server.

1. Edit your /etc/sysctl.conf

# vi /etc/sysctl.conf

2. Add the following setting :

net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.tcp_keepalive_probes = 6

Explanation for above parameter in section a), b) and c).

3. To load settings, enter the following command :

# sysctl -p

KeepAlive Parameter Details

a) Decrease the time default value for tcp_keepalive_time connection from 7200 seconds to 60 seconds. This determine the time of connection inactivity after which the first keep alive request is sent. Parameter below shows that the TCP will begin sending keepalive null packets after 1 minute.

net.ipv4.tcp_keepalive_time = 60

b) The following parameter (tcp_keepalive_intvl) determines the keepalive probe will resend every 10 seconds after first keep alive probe. This reduce from 75 seconds to 10 seconds gap or time interval between each of the keep alive probes.

net.ipv4.tcp_keepalive_intvl = 10

c) Next parameter (tcp_keepalive_probes) is expressed in the pure number. The following setting determine the number of probes before timing out. We recommend to reduce number of retransmitted from 9 to 6 before the connection is considered broken.

net.ipv4.tcp_keepalive_probes = 6

With this, your application will detect dead TCP connections after 120 seconds (60s + 10s + 10s + 10s + 10s + 10s + 10s).

Posted on

How to Install and Setup Munin on CentOS 7

Munin on CentOS 7

Munin is open source and free software for monitoring computer system, network monitoring and application infrastructure monitoring software. Munin offers monitoring and alerting for servers, switches, applications, and services.

Munin can help system administrators to analyze the trend of the computer system whether it is experiencing problems or not. It can be an easier alternative to the popular open-source software zabbix monitoring.

In this article, I will explain how you can monitor your linux CentOS with Munin and the simple steps to install and setup Munin on CentOS 7.

Steps to Install and Setup Munin on CentOS 7

1. Enable or install the EPEL Repository into CentOS 7. Read more on how to Enable EPEL Repository on CentOS 7 / RHEL 7

2. Munin requires a web server to run. In this article, we will use apache. Install apache, Munin and Munin Node with yum command :

# yum install httpd munin munin-node -y

3. Start and enable apache and munin at boot.

# systemctl start httpd
# systemctl enable httpd
# systemctl start munin-node
# systemctl enable munin-node

4. We want munin to use the name centos72.ehowstuff.local instead of localhost. Please open edit the setting in /etc/munin/munin.conf

# vim /etc/munin/munin.conf

Original :

[localhost]
    address 127.0.0.1
    use_node_name yes

Change to :

[centos72.ehowstuff.local]
    address 127.0.0.1
    use_node_name yes

5. You also have optional to change the munin node hostname :

# vim /etc/munin/munin-node.conf

Original :

host_name localhost.localdomain

Change to :

host_name centos72.ehowstuff.local

6. Next go to the Apache virtual host configuration file to add the permission to access your network.

# vim /etc/httpd/conf.d/munin.conf

Add network segment that you allow to access to the CentOS server.

AuthUserFile /etc/munin/munin-htpasswd
AuthName "Munin"
AuthType Basic
require valid-user

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 192.168.0.0/24
..
..

7. Munin statistics page shall be protected by a username and password. We can add the new user (admin) and password to /etc/munin/munin-htpasswd with htpasswd command line. So we have to setup basic Apache authentication before we can start access the munin statistic page.

# htpasswd /etc/munin/munin-htpasswd admin
New password:
Re-type new password:
Adding password for user admin

8. Allow port 80 in the firewalld permanently. learn more how to configure Firewalld on CentOS 7.

a) Get default zone :

# firewall-cmd --get-active-zones
public
  interfaces: ens160

b) Allow port 80 permanently in firewalld :

# firewall-cmd --permanent --zone=public --add-port=80/tcp
success

c) reload the setting to take effect immediately :

# firewall-cmd --reload
success

d) List all active firewalld configuration :

# firewall-cmd --list-all
public (default, active)
  interfaces: ens160
  sources:
  services: dhcpv6-client ssh
  ports: 80/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

9. Try access munin statistic page from client.

http://192.168.0.14/munin

Munin on CentOS 7

Posted on

How to Prevent SSH Timing out from Server and Client

Prevent SSH Timing out

As a system administrator, you manage linux servers and for some others may have their own virtual private server (VPS).  In some cases you will need to spend a lot of time on the SSH connection to resolve any issues and do the routine work through command line. Some of you may have encountered an annoying issue where your session is disconnected after a period of inactivity.

SSH connection that is inactive or idle usually disconnected by the server after a specified period of time. It depends on the configuration in the SSH server(remote server) or the SSh client.  After the connection is cut, the client SSH / putty connection you will be presented with a message saying SSH time out or connection closed or message similar to below :

Read from remote host www.ehowstuff.com: Connection reset by peer Connection to www.ehowstuff.com closed

In order to prevent SSH timing out from the server, you need to configure /etc/ssh/sshd_config or /etc/ssh/ssh_config. If we keep the setting a value of 0 (the default) for both (ServerAliveInterval and ClientAliveInterval) will disable these features so your connection could drop if it is idle for too long. This article will

As the reference, i will explains how you can stop and prevent SSH timing out from server and client. This steps has been tested on CentOS 6 / CentOS 7 / RHEL 6 / RHEL 7 / Oracle Linux 6 / Oracle Linux 7.

What is /etc/ssh/sshd_config ?

sshd_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the daemon (SSH server/service)

What is /etc/ssh/ssh_config ?

ssh_config is a system configuration file for OpenSSH which allows you to set options that modify the operation of the linux client programs. If you are running windows client program you should configure it in Putty client.

Option 1 : How to Prevent SSH Timing out from OpenSSH Server :

a) As a root user, open sshd_config file :

# vi /etc/ssh/sshd_config

b) Find the ClientAliveInterval option to 60 (in seconds) or add the value if it is not there.

ClientAliveInterval 60

Note : ClientAliveInterval: number of seconds that the server will wait before sending a null packet to the client (to keep the connection alive).

c) Restart sshd daemon :
In CentOS 7 / RHEL 7

# sudo systemctl restart sshd.service

In CentOS 5/6 / RHEL 5/6

# service sshd restart

In above example, we sets a timeout interval to 60 seconds after idle time (which if no data has been received from the client), the ssh server will send a message through the encrypted channel to request
a response from the client. If no response, ssh server will let ssh client to exit (timeout) automatically.

Option 2 : How to Prevent SSH Timing out from Linux OpenSSH Client :

a) As a root user, open ssh_config file :

# vi /etc/ssh/ssh_config

b) Find the ServerAliveInterval option to 60 (in seconds) or add the value if it is not there.

ServerAliveInterval 60

Note : ServerAliveInterval: number of seconds that the client will wait before sending a null packet to the server (to keep the connection alive).

In above example, we set a timeout interval to 60 seconds after idle time, ssh client will send a message through the encrypted channel to request a response from the server, so that the server won’t disconnect the client.

Option 3 : How to Prevent SSH Timing out from Windows Putty Client :

a) Open Putty
b) Click on Connection tab
c) Check the box for Enable TCP keepalives (SO_KEEPALIVE option)
d) Input the second in between keepalives.

Prevent SSH Timing out

Conclusion

All of above settings will let the server or client send a packet to its partner every 60 seconds. After the configuration is done, SSH connection will remain active even if the user does not perform any activity at the command line or idle.

Reference
sysadmincasts.com
docs.oseems.com

Posted on

How to Setup SSH Login Without Password CentOS / RHEL

SSH Login Without Password

As a system administrator, you plan on using OpenSSH for Linux and automate your daily tasks such as transferring files or database dump file for the backup to another server. To achieve this goal, you need to log in automatically from the host A to host B. Login automatically mean you do not want to enter any password because you want to use ssh from a shell script.

In this article we’ll show you how to Setup SSH Login without Password on CentOS / RHEL. After automatic login has been configured, you can use it to move the file using SSH (Secure Shell) and secure copy (SCP).

SSH is open source and the most trusted network protocol which is used to login to the remote server. It is used by system administrators to execute commands, also used to transfer files from one computer to another over a network using SCP protocol.

After you setup SSH login without password, you can get the following advantages :

a) Automate your daily task via scripts.
b) If you login to your linux server using ssh key instead of normal loging using any user, it will enhance security of your linux server. This is one of the recommended method to prevent a brute force attack on virtual private server (VPS), SSH keys are nearly impossible to decipher by brute force alone.

What is ssh-keygen

ssh-keygen is a Unix utility that is used to generate, create, manage the public and private keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2.

What is ssh-copy-id

ssh-copy-id is a script that copies the local-host’s public key to the remote-host’s authorized_keys file. ssh-copy-id also append the indicated identity file to that machine’s ~/.ssh/authorized_keys file and assigns proper permission to the remote-host’s home.

SSH keys

SSH keys provide better and secure way of logging into a linux server with SSH. After you run ssh-keygen, you will generate public key and private key. You can place the public key on any server, and then unlock it by connecting to it with a client that already has the private key. When the two match up, the system unlocks without the need for a password.

Setup SSH Login Without Password on CentOS and RHEL.

This steps tested on CentOS 5/6/7, RHEL 5/6/7 and Oracle Linux 6/7.

Node1 : 192.168.0.9
Node2 : 192.168.0.10

Step One :
Test the connection and access from node1 to node2 :

[root@node1 ~]# ssh root@192.168.0.10
The authenticity of host '192.168.0.10 (192.168.0.10)' can't be established.
RSA key fingerprint is 6d:8f:63:9b:3b:63:e1:72:b3:06:a4:e4:f4:37:21:42.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.10' (RSA) to the list of known hosts.
root@192.168.0.10's password:
Last login: Thu Dec 10 22:04:55 2015 from 192.168.0.1
[root@node2 ~]#

Step Two :
Generate public and private keys using ssh-key-gen. Please take note that you can increase security by protecting the private key with a passphrase.

[root@node1 ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
b4:51:7e:1e:52:61:cd:fb:b2:98:4b:ad:a1:8b:31:6d root@node1.ehowstuff.local
The key's randomart image is:
+--[ RSA 2048]----+
|          . ++   |
|         o o  o  |
|        o o o  . |
|       . o + ..  |
|        S   .  . |
|         .   .. .|
|        o E oo.o |
|         = ooo.  |
|        . o.o.   |
+-----------------+

Step Three :
Copy or transfer the public key to remote-host using ssh-copy-id command. It will append the indicated identity file to ~/.ssh/authorized_keys on node2 :

[root@node1 ~]# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.0.10
root@192.168.0.10's password:
Now try logging into the machine, with "ssh '192.168.0.10'", and check in:

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

Step Four :
Try SSH login without Password to node2 :

[root@node1 ~]# ssh root@192.168.0.10
Last login: Sun Dec 13 14:03:20 2015 from www.ehowstuff.local

I hope this article gives you some ideas and quick guide on how to setup SSH login without password on Linux CentOS / RHEL.

Reference

 

Posted on

How to Remove Banned IP from Fail2ban on CentOS 6 / CentOS 7

Remove Banned IP from Fail2ban

Fail2ban is an intrusion prevention software framework that able to protect your server from brute-force attacks. Fail2ban written in the Python programming language and is widely used by most of the VPS servers. Fail2ban will scan log files and IP blacklists that shows signs of malicious, too many password failures, web server exploitation, WordPress plugin attacks and other vulnerabilities. If you already installed and used fail2ban to protect your web server, you may be wondering how to find the IP banned or blocked by Fail2ban, or you may want to remove banned ip from fail2ban jail on CentOS 6, CentOS 7, RHEL 6, RHEL 7 and Oracle Linux 6/7.

How to List of Banned IP address

To see all the blocked ip addresses, run the following command :

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-AccessForbidden  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-WPLogin  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-ConnLimit  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-ReqLimit  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-NoAuthFailures  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-SSH    tcp  --  anywhere             anywhere            tcp dpt:ssh
f2b-php-url-open  tcp  --  anywhere             anywhere            tcp dpt:http
f2b-nginx-http-auth  tcp  --  anywhere             anywhere            multiport dports http,https
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:EtherNet/IP-1
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


Chain f2b-NoAuthFailures (1 references)
target     prot opt source               destination
REJECT     all  --  64.68.50.128         anywhere            reject-with icmp-port-unreachable
REJECT     all  --  104.194.26.205       anywhere            reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

How to Remove Banned IP from Fail2ban jail

# iptables -D f2b-NoAuthFailures -s banned_ip -j REJECT

I hope this article gives you some ideas and quick guide on remove banned IP from Fail2ban jail on on CentOS 6, CentOS 7, RHEL 6, RHEL 7 and Oracle Linux 6/7.

 

Posted on

How to Install Zimbra Patch on CentOS 7

Install Zimbra Patch

Many have asked me, did Zimbra Collaboration (ZCS) 8.6.0 Patch4 will include Patch1 to Patch3? Actually, if you read the release notes document, the answer is there. ZCS patches are cumulative, meaning ZCS 8.6.0 Patch4 includes ZCS 8.6.0 Patch3, ZCS 8.6.0 Patch2 and ZCS 8.6.0 Patch1. These patch release notes provide information about the Zimbra Collaboration (ZCS) 8.6.0 Patch4, including the enhancements, bug fixes, security fixes, considerations, Known issues, preparation before installing the Patch, step to install the patch, example of the Patch script and revision history information. This step to install zimbra patch has been tested on RHEL6, CentOS6, Oracle Linux 6, RHEL7, CentOS7 and Oracle Linux 7.

In release notes document (preparation before patch), one of the steps we need to take into consideration is to perform a full backup before applied any patch. This is because there is no automatic roll-back if anything goes wrong. If your environment is currently using VMware Vsphere, you can do a virtual machine snapshot before start installing any patch.

How to Install Zimbra Patch4 CentOS / RHEL

1. Before begin, you should get ready the following:

a) Zimbra Collaboration 8.6.0 GA installed (Tested in RHEL6/CentOS6/OL6/RHEL7/CentOS7/OL7)

# zmcontrol -v
Release 8.6.0_GA_1153.RHEL6_64_20141215151155 RHEL6_64 FOSS edition.

b) Zimbra Collaboration 8.6.0 Patch4 TGZ file already downloaded.

2. Copy the patch.tgz file(s) to your server.

# ls | grep zcs-patch
zcs-patch-8.6.0_GA_1182.tgz

3. Install Zimbra Collaboration 8.6.0 Patch4
a. Log in as root and cd to the directory where the tar file is saved. Type :

# tar xzvf zcs-patch-8.6.0_GA_1182.tgz
# cd zcs-patch-8.6.0_GA_1182

b. Switch to user zimbra :

c. The ZCS mailbox service must be stopped to install the patch. Type the following command :

# zmmailboxdctl stop

d. As root, install the patch. Type

# ./installPatch.sh
..
..
..
Updating files for package zimbra-core
  /opt/zimbra/lib/jars/zimbraclient.jar... copied.
  /opt/zimbra/lib/jars/zimbrastore.jar... copied.
  /opt/zimbra/conf/timezones.ics... copied.
  /opt/zimbra/lib/jars/zimbracommon.jar... copied.
  /opt/zimbra/libexec/zmfixperms... copied.
  /opt/zimbra/bin/zmtrainsa... copied.
  /opt/zimbra/lib/jars/zimbrasoap.jar... copied.

e. Switch to user zimbra

# su – zimbra

f. ZCS must be restarted to changes to take effect.

# zmcontrol restart

I hope this article gives you some ideas and quick guide on how to install Zimbra Patch on RHEL6, CentOS6, Oracle Linux 6, RHEL7, CentOS7 and Oracle Linux 7.

Posted on

How to Setup Linux Login Banner on CentOS 6 / CentOS 7

Linux Login Banner

Most system administrators have applied linux login banner on their servers. The purpose of this linux login banner is to show some messages or warnings when ssh session connected and before entry. The message displayed in the linux login banner is dedicated either to the system administrator who wants to perform routine system maintenance or intruders who want to launch brute force attacks on the server.

Linux Login Banner on CentOS 6 / CentOS 7 / RHEl 7 / Oracle Linux 7

To enable this in ssh you have to follow this simple steps:

1. Create a /etc/mybanner file and fill it with your desired message as below

# vi /etc/mybanner

Unauthorized access to this machine is prohibited
Only authorized System Administrator can access to this system
Press  if you are not an authorized user

Save and Quit the mybanner file.

Optionally you can give warning as below if it is involved a server with highly confidential information:

This service is restricted to authorized System Administrator only. All activities on this system are logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

2. Edit /etc/ssh/sshd_config, to look like this Banner /etc/mybanner

113
114
115 # default banner path
116 Banner /etc/mybanner
117
118

3. Restart sshd service sshd restart

4. Test your session

login as: root
Unauthorized access to this machine is prohibited
Only authorized System Administrator can access to this system
Press  if you are not an authorized user
root@192.168.2.5's password:

I hope this article gives you some ideas and essential guidance on how to setup linux Login Banner on RHEL 7 / CentOS 7/ Oracle Linux 7

 

Posted on

How to Install osCommerce on CentOS 7.1

Open Source Commerce (osCommerce) is a solution for online store software and alternative to Magento. It is indeed a complete software, easily installed and configured through a web-based installation procedure. It can be used on any web server with PHP and MySQL as the basic software. In this article, I will show you how to install osCommerce on CentOS 7.1 virtual private server (VPS). Before we proceed with step osCommerce installation, this tutorial assumes CentOS 7.1 server has been installed and LAMP or LEMP software also has been setup. The steps maybe similar to RHEL 7.1 and Oracle Linux 7.

Install osCommerce software on CentOS 7.1, RHEL 7.1 and Oracle Linux 7 via command line

1. Download osCommerce Online Merchant v2.3.4 Full Package and store it on web server root directory. This post use httpd web server and /var/www/html/ as the default root directory :

# cd /var/www/html/
# wget http://www.oscommerce.com/files/oscommerce-2.3.4.zip
# unzip oscommerce-2.3.4.zip

2. The webserver is not able to save the installation parameters to its configuration files. The following files need to have their file permissions set to world-writeable (chmod 777):

# cp -Rp oscommerce-2.3.4 oscommerce
# chmod 777 /var/www/html/oscommerce/catalog/includes/configure.php
# chmod 777 /var/www/html/oscommerce/catalog/admin/includes/configure.php

3. Setup database :

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.40-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE oscommercedb;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE USER oscommerceuser@localhost IDENTIFIED BY 'oscommercepassword';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES on oscommercedb.* to oscommerceuser@localhost;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

osCommerce Web Installation via Browser

4. Start osCommerce Web installation by browse the osccomerce URL as below :

http://192.168.0.70/oscommerce/catalog/install/index.php

Note : Replace IP address your own server IP address :

a. Press Start:

install osCommerce

b. Enter database information :

install osCommerce

c. You will notice that there is a message “The database structure is now being imported. Please be patient during this procedure.”. Just wait untill it proceed to next page below. Click continue to proceed.

install osCommerce

d. Enter online store information :
install osCommerce

e. If you see this page, you already have a working osCommerce installed in CentOS 7.0.

install osCommerce

I hope this article gives you some ideas and essential guidance on how to install osCommerce on linux / CentOS 7.1 / RHEL 7.1 / Oracle Linux 7.

 

Posted on

Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7

About the Unbreakable Enterprise Kernel (UEK)

In September 2010, Oracle announced the new Unbreakable Enterprise Kernel (UEK) for Oracle Linux as a recommended kernel for deployment with Oracle Linux 5.

Starting with Oracle Linux 5.5, Oracle give you could choose to use either the Red Hat Compatible Kernel or the UEK.

In Oracle Linux 5.6 and above, the UEK became the default kernel for Oracle Linux.

Switching Default UEK kernel to Redhat Kernel

Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7

This article will describe how to Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7 with the following steps :

1. Original Kernel for Oracle Linux 7 will likely as below :

# uname -a
Linux localhost.localdomain 3.8.13-55.1.6.el7uek.x86_64 #2 SMP Wed Feb 11 14:18:22 PST 2015 x86_64 x86_64 x86_64 GNU/Linux

2. Grep the list of the available kernel in Oracle Linux 7. The sequence of entry will start with 0.

a) To display with command 1 :

# egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
Oracle Linux Server 7.1, with Linux 3.10.0-229.el7.x86_64
Oracle Linux Server 7.1, with Unbreakable Enterprise Kernel 3.8.13-55.1.6.el7uek.x86_64
Oracle Linux Server 7.1, with Linux 0-rescue-26ad0b77c2de4840ba8402282bdd9d17

b) To display with command 2 :

# grep '^menuentry' /boot/grub2/grub.cfg | cut -f 2 -d \'
Oracle Linux Server 7.1, with Linux 3.10.0-229.el7.x86_64
Oracle Linux Server 7.1, with Unbreakable Enterprise Kernel 3.8.13-55.1.6.el7uek.x86_64
Oracle Linux Server 7.1, with Linux 0-rescue-26ad0b77c2de4840ba8402282bdd9d17

3. Set entry 0 as the default kernel with this command :

# grub2-set-default 0
# grub2-mkconfig -o /etc/grub2.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.8.13-55.1.6.el7uek.x86_64
Found initrd image: /boot/initramfs-3.8.13-55.1.6.el7uek.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-26ad0b77c2de4840ba8402282bdd9d17
Found initrd image: /boot/initramfs-0-rescue-26ad0b77c2de4840ba8402282bdd9d17.img
done

4. Reboot the server :

# init 6

5. After reboot, verify that Red Hat Compatible Kernel will become the default :

# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 04:05:24 PST 2015 x86_64 x86_64 x86_64 GNU/Linux

I hope this article gives you some ideas and essential guidance on how to Switching Default UEK kernel to Redhat Kernel.

Note :
*Do not edit the GRUB 2 configuration file directly. On BIOS-based systems, the configuration file is /boot/grub2/grub.cfg. On UEFI-based systems, the configuration file is /boot/efi/EFI/redhat/grub.cfg.

*The grub2-mkconfig command generates the configuration file using the template scripts in /etc/grub.d and menu-configuration settings taken from the configuration file, /etc/default/grub.

Source

Posted on

How to Configure FTP Server in Linux RHEL 6

In this post i will show how to install Very Secure FTP (Vsftpd) and how to configure ftp server in linux Red Hat Enterprise Linux 6 (RHEL 6). Vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast and it is stable.

As an example I will install and configure the vsftpd server and will also transfer files from the clients running on the Windows XP command prompt.

-A linux server with ip address 192.168.1.43 running on RHEL 6 Operating system
-A window client with ip address 192.168.1.52 running on Windows XP Pro
-RHEL 6 server Running portmap/rpcbind and xinetd services
-Firewall and SElinux should be off on server

how to configure ftp server in linux

How to Install FTP Server in Linux ?

1. Install vsftpd, rpcbind and xinetd service using the following command :

# yum install vsftpd rpcbind xinetd -y

2. Check vsftpd, xinetd and rpcbind/portmap exist and installed on the server :

# rpm -qa vsftpd
vsftpd-2.2.2-6.el6.i686

# rpm -qa xinetd
xinetd-2.3.14-29.el6.i686

# rpm -qa rpcbind
rpcbind-0.2.0-8.el6.i686

3. Make all these services auto start at boot :

# chkconfig vsftpd on
# chkconfig xinetd on
# chkconfig rpcbind on

4. Check the xinetd and rpcbind status :

# service xinetd status
xinetd (pid  1326) is running...

# service rpcbind status
rpcbind (pid  1178) is running...

5. Create the a new user named ftpuser and set password :

# useradd ftpuser
# passwd ftpuser
Changing password for user ftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

6. Login as ftpuser on other terminal and create a new files named “files”.

# su - ftpuser
[ftpuser@rhel6 ~]$ cat > files
This is file created on RHEL 6 ftp server

7. Start the vsftpd service :

# service vsftpd start
Starting vsftpd for vsftpd:                                [  OK  ]

8. Stop the iptables linux firewall and disabled selinux :

# service ip6tables stop
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]

# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
# setenforce 0
setenforce: SELinux is disabled

How to Configure FTP Server in Linux ?

9. It’s good to make backup of your original configuration file.

[root@rhel6 ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak

10. login from user account and download the files :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
331 Please specify the password.
Password:
230 Login successful.
ftp> get files
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for files (42 bytes).
226 Transfer complete.
ftp: 42 bytes received in 0.00Seconds 42000.00Kbytes/sec.
ftp> quit
221 Goodbye.

11. Check the contain of downloaded files :

D:\>type files
This is file created on RHEL 6 ftp server

12. By default root account is not allowed to login the vsftpd server as it’s exist in /etc/vsftpd/ftpusers.

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
530 Permission denied.
Login failed.
ftp>

13. Open /etc/vsftpd/ftpusers file. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose name are set in this file will not allowed to login from ftp.

[root@rhel6 ~]# vi /etc/vsftpd/ftpusers

# Users that are not allowed to login via ftp
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

14. Open /etc/vsftpd/user_list file. Remove or comment out entry in /etc/vsftpd/user_list files. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose names are set in this file are also not allowed to login from ftp even they are not prompt for password.

# vi /etc/vsftpd/user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

15. Root now allowed to access ftp server :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
331 Please specify the password.
Password:
230 Login successful.
ftp> quit
221 Goodbye.

16. ftpuser now not allowed to access ftp server :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
530 Permission denied.
Login failed.
ftp>

17. How to set login banner for ftp server :
Open /etc/vsftpd/vsftpd.conf look for “ftpd_banner” :

# vi /etc/vsftpd/vsftpd.conf

Uncomment ftpd_banner and customize the login banner string as below :

# You may fully customise the login banner string:
ftpd_banner=Welcome to eHowStuff.com RHEL6 FTP server
#

18 Restart the ftp service :

# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

19. Try login to ftp server. Check the banner, it will appear before user login as below :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 Welcome to eHowStuff.com RHEL6 FTP server
User (192.168.1.43:(none)):

If you encounter any issues on how to configure ftp server in linux, you can put a few questions in the comments below.

Posted on

How to Install FTP Server Linux using ProFTPd

FTP Server Linux

Proftpd is one of the most popular FTP server, secure and reliable for the Linux operating system. Proftpd using a single configuration file and it is very easy to set up. The purpose of this article is to show you how easy it is to install FTP Server Linux ProFTPd server in CentOS 6 Linux.

What is FTP Server Linux?

FTP, which stands for File Transfer Protocol is a standard for exchanging program and data files across a network. The network could be the World Wide Web or simply a local area network (LAN).

Prerequisite :
How to Add the RPMforge Repository on CentOS 6/RHEL 6 Linux Server

1. Simply run this command to install FTP server linux, ProFTPd on CentOS 6 :

# yum install proftpd -y

2. How to start proftpd service :

# /etc/init.d/proftpd start

3. How to stop proftpd service :

# /etc/init.d/proftpd stop

4. How to restart proftpd service :

# /etc/init.d/proftpd restart

5. Configure proftpd start at boot :

[root@centos62 ~]# chkconfig proftpd on

If you encountered any issues while installing FTP Server Linux using proftpd, you can put a few questions in the comments below.

 

Posted on

How to Install Linux FTP Server using Vsftpd

Vsftpd stands for Very Secure FTP Daemon. Vsftpd is not just another popular Unix / Linux FTP Server, but vsftpd delivering outstanding performance by taking less memory. It is running under xinetd and allows you run one process less because xinetd is shared among various other small services. For those webmasters or blogger who intend to run web server on Virtual Private Server (VPS) or Dedicated Server, Vsftpd would be the best choice. It is easy to install and can perform all that we expect from an FTP daemon while maintaining a higher level of security if configured properly. This article focuses on and covers the installation and configuration of the FTP server Vsftpd on CentOS Linux VPS.

1. Installing Linux FTP Server, vsftpd using yum command :

# yum install vsftpd -y

2. Makesure that xinetd has been installed :

# rpm -qa xinetd

If not installed, execute the following command :

# yum install xinetd -y

3. Make xinetd and Vsftpd daemon start at boot :

# chkconfig vsftpd on
# chkconfig xinetd on

4. It is recommended to do backup of your original configuration file, before do changes :

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak

5. Configure Vsftpd :

# vi /etc/vsftpd/vsftpd.conf

a) Uncomment ftpd_banner and customize the login banner string as below :

# You may fully customise the login banner string:
ftpd_banner=Welcome to Linux FTP service.
#

b) This step is to configure not allowed users. By default root account is not allowed to login the vsftpd server as it’s existed on /etc/vsftpd/ftpusers. To allow it, open /etc/vsftpd/ftpusers files and remove or comment on the line of a user “root”. Users whose name are set in this file will not allow to login from ftp.

# cat /etc/vsftpd/ftpusers

# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

6. Test root login from windows command prompt at client PC using user, ehowstuff :

C:\>ftp 192.168.2.54
Connected to 192.168.2.54.
220 Welcome to Linux CentOS FTP service.
User (192.168.2.54:(none)): ehowstuff
331 Please specify the password.
Password:
230 Login successful.
ftp>

If you encounter any issues when setting up linux ftp server, you can put a few questions in the comments below.

linux ftp server

Credit : www.unixmen.com