How to Install Zimbra Patch on CentOS 7

Install Zimbra Patch

Many have asked me, did Zimbra Collaboration (ZCS) 8.6.0 Patch4 will include Patch1 to Patch3? Actually, if you read the release notes document, the answer is there. ZCS patches are cumulative, meaning ZCS 8.6.0 Patch4 includes ZCS 8.6.0 Patch3, ZCS 8.6.0 Patch2 and ZCS 8.6.0 Patch1. These patch release notes provide information about the Zimbra Collaboration (ZCS) 8.6.0 Patch4, including the enhancements, bug fixes, security fixes, considerations, Known issues, preparation before installing the Patch, step to install the patch, example of the Patch script and revision history information. This step to install zimbra patch has been tested on RHEL6, CentOS6, Oracle Linux 6, RHEL7, CentOS7 and Oracle Linux 7.

In release notes document (preparation before patch), one of the steps we need to take into consideration is to perform a full backup before applied any patch. This is because there is no automatic roll-back if anything goes wrong. If your environment is currently using VMware Vsphere, you can do a virtual machine snapshot before start installing any patch.

How to Install Zimbra Patch4 CentOS / RHEL

1. Before begin, you should get ready the following:

a) Zimbra Collaboration 8.6.0 GA installed (Tested in RHEL6/CentOS6/OL6/RHEL7/CentOS7/OL7)

# zmcontrol -v
Release 8.6.0_GA_1153.RHEL6_64_20141215151155 RHEL6_64 FOSS edition.

b) Zimbra Collaboration 8.6.0 Patch4 TGZ file already downloaded.

2. Copy the patch.tgz file(s) to your server.

# ls | grep zcs-patch
zcs-patch-8.6.0_GA_1182.tgz

3. Install Zimbra Collaboration 8.6.0 Patch4
a. Log in as root and cd to the directory where the tar file is saved. Type :

# tar xzvf zcs-patch-8.6.0_GA_1182.tgz
# cd zcs-patch-8.6.0_GA_1182

b. Switch to user zimbra :

c. The ZCS mailbox service must be stopped to install the patch. Type the following command :

# zmmailboxdctl stop

d. As root, install the patch. Type

# ./installPatch.sh
..
..
..
Updating files for package zimbra-core
  /opt/zimbra/lib/jars/zimbraclient.jar... copied.
  /opt/zimbra/lib/jars/zimbrastore.jar... copied.
  /opt/zimbra/conf/timezones.ics... copied.
  /opt/zimbra/lib/jars/zimbracommon.jar... copied.
  /opt/zimbra/libexec/zmfixperms... copied.
  /opt/zimbra/bin/zmtrainsa... copied.
  /opt/zimbra/lib/jars/zimbrasoap.jar... copied.

e. Switch to user zimbra

# su – zimbra

f. ZCS must be restarted to changes to take effect.

# zmcontrol restart

I hope this article gives you some ideas and quick guide on how to install Zimbra Patch on RHEL6, CentOS6, Oracle Linux 6, RHEL7, CentOS7 and Oracle Linux 7.

How to Download CentOS 7 ISO

Download CentOS 7 ISO

In July 2014, a welcome version of CentOS 7 which tagged as 1406 (CentOS 7.0) officially released. As of end-March 2015, the second CentOS 7 release tagged as 1503 (CentOS 7.1) is available for download and CentOS 7.2  that was tagged as 1511 was released on 14 December 2015.

As of end-March 2015, the second CentOS 7 release tagged as 1503 (CentOS 7.1) is available for download and CentOS 7.2  that was tagged as 1511 was released on 14 December 2015.

The latest release supersedes all previously released content for CentOS 7, therefore it is recommended for all users to upgrade their CentOS machines. This article will list the URL to download CentOS 7 ISO images.

CentOS is an Enterprise-class Linux Distribution derived from sources freely provided to the public by Red Hat.For those who do not want to perform

For those who do not want to perform fresh install of CentOS 7 on the existing machine, you also can get CentOS 7 running by following the upgrade path from CentOS-6 to CentOS-7.

But this path is only supported from the latest version of CentOS-6 (being 6.7 at the time of writing) to the latest version of CentOS-7.

Mirror list to download CentOS 7 ISO images available :

a) Download centos 7 64 bit (4.0GB)
b) Download centos 7 64 bit Everything (7.1GB)
c) Download centos 7 netinstall
d) Download centos 7 live cd

The following alternate mirrors should also have the ISO images available.

Before you download, you also can read the Major Changes for CentOS 7.0 (1406) :
As with every first major release most of the packages have changed and have been updated to more recent versions. It would exceed the scope of this document to list them all. Most notable changes are:

  • Kernel updated to 3.10.0
  • Support for Linux Containers
  • Open VMware Tools and 3D graphics drivers out of the box
  • OpenJDK-7 as default JDK
  • In Place Upgrade from 6.5 to 7.0 (as already mentioned)
  • LVM-snapshots with ext4 and XFS
  • Switch to systemd, firewalld and GRUB2
  • XFS as default file system
  • iSCSI and FCoE in kernel space
  • Support for PTPv2
  • Support for 40G Ethernet Cards
  • Supports installations in UEFI Secure Boot mode on compatible hardware

Major Changes for CentOS 7.1 (1503)

  • As of March 2015 ABRT (>= 2.1.11-19.el7.centos.0.1) can report bugs directly to bugs.centos.org. You can find information about that feature at this page
  • Support for new processors (Intel Broadwell) and graphics (AMD Hawaii)
  • Full support for LVM cache
  • Ability to mount ceph block devices
  • Updated Hyper-V network drivers
  • New libguestfs features
  • Full support for OpenJDK-1.8.0
  • Improved clock stability (for PTP and NTP)
  • Updated Networkmanager packages to version 1.0
  • Updated docker to 1.4.1
  • Updated OpenSSH to 6.6.1
  • New package: Mozilla Thunderbird
  • Update to numerous storage, network and graphics drivers
  • Technology Preview: Support of the Btrfs file system, OverlayFS and the Cisco VIC kernel driver

Major Changes for CentOS 7.2 (1511)

  • Since release 1503 (abrt>= 2.1.11-19.el7.centos.0.1) CentOS-7 can report bugs directly to bugs.centos.org. You can find information about that feature at this page
  • sudo is now capable of verifying command checksums
  • A Kerberos https proxy is now available for identity management
  • NSS no longer accepts DH key parameters < 768 nor RSA/DSA certificates with key sizes < 1024 bits, NSS also now enables TLS1.1/1.2 by default
  • various packages now support TLS1.1/1.2 and EC ciphers
  • The maximum number of SCSI LUNs has been increased
  • The virt-v2v command line tool is now fully supported
  • dd can now show transfer progress
  • OpenJDK7 now supports ECC for TLS connections
  • TPM version 2.0 driver level support has been added
  • tcpdump now supports nanosecond timestamps
  • Various updates to the networking stack (i.e. VXLANs, Data Center TCP, TCP/IP Stack, IPSec, …)
  • Various atomic related packages have been updated
  • Update to the libATA, FCoE and DCB storage drivers
  • Updates to various storage, network and graphics drivers
  • Anaconda now supports NFS when adding additional repos during install
  • Major rebases for the following: Gnome from 3.8 to 3.14, KDE from 4.3 to 4.14, Xorg-X11-Server from 1.15 to 1.17, libreoffice from 4.2.8 to 4.3.7. openldap from 2.4.39 to 2.4.40 and more.

Read more on CentOS 7 Release Notes

I hope this article gives you some ideas and quick guide on where you can download CentOS 7 ISO.

 

How to Setup Linux Login Banner on CentOS 6 / CentOS 7

Linux Login Banner

Most system administrators have applied linux login banner on their servers. The purpose of this linux login banner is to show some messages or warnings when ssh session connected and before entry. The message displayed in the linux login banner is dedicated either to the system administrator who wants to perform routine system maintenance or intruders who want to launch brute force attacks on the server.

Linux Login Banner on CentOS 6 / CentOS 7 / RHEl 7 / Oracle Linux 7

To enable this in ssh you have to follow this simple steps:

1. Create a /etc/mybanner file and fill it with your desired message as below

# vi /etc/mybanner
Unauthorized access to this machine is prohibited
Only authorized System Administrator can access to this system
Press  if you are not an authorized user

Save and Quit the mybanner file.

Optionally you can give warning as below if it is involved a server with highly confidential information:

This service is restricted to authorized System Administrator only. All activities on this system are logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.

2. Edit /etc/ssh/sshd_config, to look like this Banner /etc/mybanner

113
114
115 # default banner path
116 Banner /etc/mybanner
117
118

3. Restart sshd service sshd restart

4. Test your session

login as: root
Unauthorized access to this machine is prohibited
Only authorized System Administrator can access to this system
Press  if you are not an authorized user
root@192.168.2.5's password:

I hope this article gives you some ideas and essential guidance on how to setup linux Login Banner on RHEL 7 / CentOS 7/ Oracle Linux 7

 

How to Install osCommerce on CentOS 7.1

Open Source Commerce (osCommerce) is a solution for online store software and alternative to Magento. It is indeed a complete software, easily installed and configured through a web-based installation procedure. It can be used on any web server with PHP and MySQL as the basic software. In this article, I will show you how to install osCommerce on CentOS 7.1 virtual private server (VPS). Before we proceed with step osCommerce installation, this tutorial assumes CentOS 7.1 server has been installed and LAMP or LEMP software also has been setup. The steps maybe similar to RHEL 7.1 and Oracle Linux 7.

Install osCommerce software on CentOS 7.1, RHEL 7.1 and Oracle Linux 7 via command line

1. Download osCommerce Online Merchant v2.3.4 Full Package and store it on web server root directory. This post use httpd web server and /var/www/html/ as the default root directory :

# cd /var/www/html/
# wget http://www.oscommerce.com/files/oscommerce-2.3.4.zip
# unzip oscommerce-2.3.4.zip

2. The webserver is not able to save the installation parameters to its configuration files. The following files need to have their file permissions set to world-writeable (chmod 777):

# cp -Rp oscommerce-2.3.4 oscommerce
# chmod 777 /var/www/html/oscommerce/catalog/includes/configure.php
# chmod 777 /var/www/html/oscommerce/catalog/admin/includes/configure.php

3. Setup database :

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 5.5.40-MariaDB MariaDB Server

Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE oscommercedb;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE USER oscommerceuser@localhost IDENTIFIED BY 'oscommercepassword';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES on oscommercedb.* to oscommerceuser@localhost;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

osCommerce Web Installation via Browser

4. Start osCommerce Web installation by browse the osccomerce URL as below :

http://192.168.0.70/oscommerce/catalog/install/index.php

Note : Replace IP address your own server IP address :

a. Press Start:

install osCommerce

b. Enter database information :

install osCommerce

c. You will notice that there is a message “The database structure is now being imported. Please be patient during this procedure.”. Just wait untill it proceed to next page below. Click continue to proceed.

install osCommerce

d. Enter online store information :
install osCommerce

e. If you see this page, you already have a working osCommerce installed in CentOS 7.0.

install osCommerce

I hope this article gives you some ideas and essential guidance on how to install osCommerce on linux / CentOS 7.1 / RHEL 7.1 / Oracle Linux 7.

 

Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7

About the Unbreakable Enterprise Kernel (UEK)

In September 2010, Oracle announced the new Unbreakable Enterprise Kernel (UEK) for Oracle Linux as a recommended kernel for deployment with Oracle Linux 5.

Starting with Oracle Linux 5.5, Oracle give you could choose to use either the Red Hat Compatible Kernel or the UEK.

In Oracle Linux 5.6 and above, the UEK became the default kernel for Oracle Linux.

Switching Default UEK kernel to Redhat Kernel

Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7

This article will describe how to Switching Default UEK kernel to Redhat Kernel on Oracle Linux 7 with the following steps :

1. Original Kernel for Oracle Linux 7 will likely as below :

# uname -a
Linux localhost.localdomain 3.8.13-55.1.6.el7uek.x86_64 #2 SMP Wed Feb 11 14:18:22 PST 2015 x86_64 x86_64 x86_64 GNU/Linux

2. Grep the list of the available kernel in Oracle Linux 7. The sequence of entry will start with 0.

a) To display with command 1 :

# egrep ^menuentry /etc/grub2.cfg | cut -f 2 -d \'
Oracle Linux Server 7.1, with Linux 3.10.0-229.el7.x86_64
Oracle Linux Server 7.1, with Unbreakable Enterprise Kernel 3.8.13-55.1.6.el7uek.x86_64
Oracle Linux Server 7.1, with Linux 0-rescue-26ad0b77c2de4840ba8402282bdd9d17

b) To display with command 2 :

# grep '^menuentry' /boot/grub2/grub.cfg | cut -f 2 -d \'
Oracle Linux Server 7.1, with Linux 3.10.0-229.el7.x86_64
Oracle Linux Server 7.1, with Unbreakable Enterprise Kernel 3.8.13-55.1.6.el7uek.x86_64
Oracle Linux Server 7.1, with Linux 0-rescue-26ad0b77c2de4840ba8402282bdd9d17

3. Set entry 0 as the default kernel with this command :

# grub2-set-default 0
# grub2-mkconfig -o /etc/grub2.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.8.13-55.1.6.el7uek.x86_64
Found initrd image: /boot/initramfs-3.8.13-55.1.6.el7uek.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-26ad0b77c2de4840ba8402282bdd9d17
Found initrd image: /boot/initramfs-0-rescue-26ad0b77c2de4840ba8402282bdd9d17.img
done

4. Reboot the server :

# init 6

5. After reboot, verify that Red Hat Compatible Kernel will become the default :

# uname -a
Linux localhost.localdomain 3.10.0-229.el7.x86_64 #1 SMP Fri Mar 6 04:05:24 PST 2015 x86_64 x86_64 x86_64 GNU/Linux

I hope this article gives you some ideas and essential guidance on how to Switching Default UEK kernel to Redhat Kernel.

Note :
*Do not edit the GRUB 2 configuration file directly. On BIOS-based systems, the configuration file is /boot/grub2/grub.cfg. On UEFI-based systems, the configuration file is /boot/efi/EFI/redhat/grub.cfg.

*The grub2-mkconfig command generates the configuration file using the template scripts in /etc/grub.d and menu-configuration settings taken from the configuration file, /etc/default/grub.

Source

How to Install Virtualmin on CentOS 7 / RHEL 7 / Oracle Linux 7

Virtualmin is an advanced web hosting control panel that is very flexible and powerful for Linux and UNIX systems. It is based on the well-known Open Source web-based system management, Webmin. It is a Webmin module for managing multiple virtual hosts, multiple virtual domains, mailboxes, databases, applications, and the entire server, from one comprehensive and single friendly web interface. Virtualmin is an excellent alternative to cPanel and Plesk, with the same administrative structure based on user root, resellers, and customers. Virtualmin supports the account creation and management of Apache virtual hosts, BIND DNS domains, MySQL database. VirtualMin also provides functions for non-root users to manage their hosting account. In this article, i will show the steps to install Virtualmin on CentOS 7 / RHEL 7 / Oracle Linux 7. Steps maybe similar to older version of linux distribution.

Install Virtualmin on CentOS 7

There are two versions of Virtualmin exist:

  • Virtualmin GPL is a free and the open source version. (Discussed in this article)
  • Virtualmin Pro is a the commercial version of Virtualmin.

This tutorial assumes the following:

  • You have setup minimal installation for CentOS 7 / RHEL 7 / Oracle Linux 7.
  • You are running with root access.
  • If you are running as a normal user, you must have privileged access (sudo).

Install Virtualmin on CentOS 7 / RHEL 7 / Oracle Linux 7

1. It is recommended to install Virtualmin on the fresh server to avoid conflict when you start the installation. You need to update the system to ensure that we have all the latest software installed.

To update, run the following command :

# yum update -y

2. Download the VirtualMin installer into current directory:

# wget http://software.virtualmin.com/gpl/scripts/install.sh

3. Make the install.sh file executable :

# chmod +x install.sh

4. start the installation :

# ./install.sh
 The systems currently supported by install.sh are:
 CentOS/RHEL/Scientific Linux 7 on x86_64
 CentOS and RHEL 5-6 on i386 and x86_64
 Scientific Linux 6 on i386 and x86_64
 Debian 6, 7, and 8 on i386 and amd64
 Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS on i386 and amd64
 Amazon Linux 2012.03 on i386 and x86_64
 FreeBSD 7.0 and 8 on i386 and amd64

If your OS is not listed above, this script will fail. More details about the systems supported by the script can be found here:

http://www.virtualmin.com/os-support.html

Example :

# ./install.sh
Checking for Perl
found Perl at /usr/bin/perl


Welcome to the Virtualmin GPL installer, version 1.1.2

 WARNING:

 The installation is quite stable and functional when run on a freshly
 installed supported Operating System.

 If you have existing websites, email users, or if you manually installed
 Virtualmin via a Webmin 'wbm' module, you are likely to run into problems.
 Please read the Virtualmin Administrators Guide before proceeding if
 your system is not a freshly installed and supported OS.

 This script is not intended to update your system!  It should only be
 used to perform your initial Virtualmin installation.  If you have previously
 run the Virtualmin installer, you can perform upgrades and updates from within
 Virtualmin itself, or using your system's package manager. Once Virtualmin is
 installed, you never need to run this script again.

 The systems currently supported by install.sh are:
 CentOS/RHEL/Scientific Linux 7 on x86_64
 CentOS and RHEL 5-6 on i386 and x86_64
 Scientific Linux 6 on i386 and x86_64
 Debian 6, 7, and 8 on i386 and amd64
 Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS on i386 and amd64
 Amazon Linux 2012.03 on i386 and x86_64
 FreeBSD 7.0 and 8 on i386 and amd64

 If your OS is not listed above, this script will fail.  More details
 about the systems supported by the script can be found here:

   http://www.virtualmin.com/os-support.html

 Continue? (y/n) y
Checking for HTTP client...found /usr/bin/curl -s -O
Checking for perl...found /usr/bin/perl
Loading log4sh logging library...
INFO - Started installation log in /root/virtualmin-install.log
INFO - Checking for fully qualified hostname...
INFO - Hostname OK: fully qualified as centos71.ehowstuff.local
INFO - Installing serial number and license key into /etc/virtualmin-license
INFO - Loading OS selection library...
INFO - Download of http://software.virtualmin.com/lib/oschooser.pl Succeeded.
INFO - Loading OS list...
INFO - Download of http://software.virtualmin.com/lib/os_list.txt Succeeded.
INFO - Operating system name:    CentOS Linux
INFO - Operating system version: 7.1.1503
INFO - Configuring package manager for CentOS Linux 7.1.1503...
INFO - Disabling SELinux during installation...
/usr/sbin/setenforce: SELinux is disabled
INFO -   setenforce 0 failed: 1
INFO - Download of http://software.virtualmin.com/gpl/rhel/7.1.1503/x86_64/virtualmin-release-latest.noarch.rpm Succeeded.
warning: virtualmin-release-latest.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID a0bdbcf9: NOKEY
INFO -  Succeeded.
INFO - Installing dependencies using command: /usr/bin/yum -y -d 2 install bind bind-utils caching-nameserver httpd postfix spamassassin procmail perl-DBD-Pg
 perl-DBD-MySQL quota iptables openssl python mailman subversion mysql mysql-server mysql-devel mariadb mariadb-server postgresql postgresql-server rh-postgr
esql rh-postgresql-server logrotate webalizer php php-xml php-gd php-imap php-mysql php-odbc php-pear php-pgsql php-snmp php-xmlrpc php-mbstring mod_perl mod
_python cyrus-sasl dovecot spamassassin mod_dav_svn cyrus-sasl-gssapi mod_ssl ruby ruby-devel rubygems perl-XML-Simple perl-Crypt-SSLeay mlocate perl-LWP-Pro
tocol-https
                  
..
..
..

5. Once the install.sh script complete, you have to login to web management console :

https://IPADDRESS:10000/

The following are the summaries for the Post Setup Wizard task :

a) Once you login you will be prompted with a Post Setup Wizard. Click Next.

b) You will be prompted if you would like to pre-load certain libraries. Click Yes and then Next.

c) You will be prompted if you would like to run ClamAV virus scanner on your server. It is suggested that you select Yes and click Next.

d) You will be prompted if you would like to run the SpamAssassin e-mail spam scanner. If you are not running e-mail services it is not necessary to run this. However if you are hosting e-mail it is highly advised. Click Yes and Next if you are going to use SpamAssassin, otherwise click Next.

e) Next you will be prompted if you would like to run MySQL and/or PostgreSQL servers. This is entirely up to you as to which database servers you will provide to your customers (if any). Select your options and click Next. You will be prompted on the following screens for password information.

f) Once finished, you will be presented with an ‘All Done’ page. Click Next.

g) Once the main page loads you will need to reload your configuration. Click the Re-check and refresh configuration button in the yellow box.

I hope this article gives you some ideas and essential guidance on how to install Virtualmin on CentOS 7 / RHEL 7 / Oracle Linux 7.

 

How to Configure Firewalld in Linux CentOS 7 / RHEL7

Linux kernel includes powerful network filtering subsystem called Netfilter. It allows kernel modules to inspect each packet crossing the linux system such as to allow or drop incoming and outgoing network packet. In older Red Hat Enterprise Linux (RHEL) release such as RHEL 5 and RHEL 6, iptables was the main method of interacting with the kernel netfilter subsystem. The firewall capabilities were provided by the iptables utility, and configured either at the command line or through the graphical configuration tool, system-config-firewall.

configure firewalld in linux

In RHEL 7, firewalld has been introduced as a new method of interacting with netfilter. It is a default method for managing host-level firewalls. Basically the firewall capabilities are still provided by iptables. But linux administrators now interact with iptables through the dynamic firewall daemon, firewalld, and its configuration tools: firewall-config, firewall-cmd, and firewall-applet, which is not included in the default installation of Red Hat Enterprise Linux 7. Traffic management becomes easier after firewalld classifies all network traffic into a specific zone. Based on criteria such as source IP address of packets through the network, traffic was diverted into the firewall rules for approriate zone.

How to Configure Firewalld in Linux

There are three main ways for system administrators to interact with firewalld.

  • By directly editing congfiguration files in /etc/firewalld
  • By using the graphical firewall-config tool
  • By using firewalld-cmd from the command line (will be discussed in this article)

This article will discuss how to configure firewalld in linux CentoS 7, RHEL 7 and Oracle linux 7 by using firewalld-cmd command line. Please take note that the firewalld daemon is installed from the firewalld package. It is part of a base install, but not part of a minimal installation.

1. How to install Firewalld :

Firewalld package is installed by default in RHEL 7.1 and CentOS 7.1. If you noticed it is not installed, you can install it using the following YUM command.

# sudo yum install firewalld -y

2. How to disable or enable Firewalld at boot :

a) To disable start at boot :

# sudo systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/basic.target.wants/firewalld.service'

b) To enable start at boot :

# sudo systemctl enable firewalld

3. Verify that firewalld is enabled and running on your server system :

# sudo systemctl status firewalld.service

Example :

# sudo systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
   Active: active (running) since Wed 2015-09-09 21:26:25 MYT; 1 weeks 0 days ago
 Main PID: 2348 (firewalld)
   CGroup: /system.slice/firewalld.service
           ??2348 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Sep 09 21:26:25 centos71.ehowstuff.local systemd[1]: Started firewalld - dynamic firewall daemon.

4. How to query the current default zone ?

# sudo firewall-cmd --get-default-zone
public

In this case, the default zone is public.

5. How to list all available zones ?

# sudo firewall-cmd --get-zones
block dmz drop external home internal public trusted work

This will display all available zones.

6. Open up incoming http,https and mysql traffic for public zone :

# sudo firewall-cmd --permanent --zone=public --add-service=http
# sudo firewall-cmd --permanent --zone=public --add-service=https
# sudo firewall-cmd --permanent --zone=public --add-service=mysql

7. Activate the changes to your server firewall :

# sudo firewall-cmd --reload

8. Check the configuration of the running firewall on your system :

a) Query active zone :

# sudo firewall-cmd --get-active-zones

b) Display all running firewall configuration :

# sudo firewall-cmd --zone=public --list-all

Example :

# sudo firewall-cmd --zone=public --list-all
public (default, active)
  interfaces: ens32
  sources:
  services: dhcpv6-client http https mysql ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

I hope that this gives you some ideas and essential guidance on how to configure firewalld in linux RHEL 7 / CentOS 7.

 

How to Configure FTP Server in Linux RHEL 6

In this post i will show how to install Very Secure FTP (Vsftpd) and how to configure ftp server in linux Red Hat Enterprise Linux 6 (RHEL 6). Vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast and it is stable.

As an example I will install and configure the vsftpd server and will also transfer files from the clients running on the Windows XP command prompt.

-A linux server with ip address 192.168.1.43 running on RHEL 6 Operating system
-A window client with ip address 192.168.1.52 running on Windows XP Pro
-RHEL 6 server Running portmap/rpcbind and xinetd services
-Firewall and SElinux should be off on server

how to configure ftp server in linux

How to Install FTP Server in Linux ?

1. Install vsftpd, rpcbind and xinetd service using the following command :

# yum install vsftpd rpcbind xinetd -y

2. Check vsftpd, xinetd and rpcbind/portmap exist and installed on the server :

# rpm -qa vsftpd
vsftpd-2.2.2-6.el6.i686

# rpm -qa xinetd
xinetd-2.3.14-29.el6.i686

# rpm -qa rpcbind
rpcbind-0.2.0-8.el6.i686

3. Make all these services auto start at boot :

# chkconfig vsftpd on
# chkconfig xinetd on
# chkconfig rpcbind on

4. Check the xinetd and rpcbind status :

# service xinetd status
xinetd (pid  1326) is running...

# service rpcbind status
rpcbind (pid  1178) is running...

5. Create the a new user named ftpuser and set password :

# useradd ftpuser
# passwd ftpuser
Changing password for user ftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

6. Login as ftpuser on other terminal and create a new files named “files”.

# su - ftpuser
[ftpuser@rhel6 ~]$ cat > files
This is file created on RHEL 6 ftp server

7. Start the vsftpd service :

# service vsftpd start
Starting vsftpd for vsftpd:                                [  OK  ]

8. Stop the iptables linux firewall and disabled selinux :

# service ip6tables stop
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]

# service iptables stop
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
# setenforce 0
setenforce: SELinux is disabled

How to Configure FTP Server in Linux ?

9. It’s good to make backup of your original configuration file.

[root@rhel6 ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak

10. login from user account and download the files :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
331 Please specify the password.
Password:
230 Login successful.
ftp> get files
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for files (42 bytes).
226 Transfer complete.
ftp: 42 bytes received in 0.00Seconds 42000.00Kbytes/sec.
ftp> quit
221 Goodbye.

11. Check the contain of downloaded files :

D:\>type files
This is file created on RHEL 6 ftp server

12. By default root account is not allowed to login the vsftpd server as it’s exist in /etc/vsftpd/ftpusers.

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
530 Permission denied.
Login failed.
ftp>

13. Open /etc/vsftpd/ftpusers file. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose name are set in this file will not allowed to login from ftp.

[root@rhel6 ~]# vi /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

14. Open /etc/vsftpd/user_list file. Remove or comment out entry in /etc/vsftpd/user_list files. Remove or comment out the line for user “root” and add “ftpuser” instead. Users whose names are set in this file are also not allowed to login from ftp even they are not prompt for password.

# vi /etc/vsftpd/user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
ftpuser
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

15. Root now allowed to access ftp server :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): root
331 Please specify the password.
Password:
230 Login successful.
ftp> quit
221 Goodbye.

16. ftpuser now not allowed to access ftp server :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 (vsFTPd 2.2.2)
User (192.168.1.43:(none)): ftpuser
530 Permission denied.
Login failed.
ftp>

17. How to set login banner for ftp server :
Open /etc/vsftpd/vsftpd.conf look for “ftpd_banner” :

# vi /etc/vsftpd/vsftpd.conf

Uncomment ftpd_banner and customize the login banner string as below :

# You may fully customise the login banner string:
ftpd_banner=Welcome to eHowStuff.com RHEL6 FTP server
#

18 Restart the ftp service :

# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

19. Try login to ftp server. Check the banner, it will appear before user login as below :

D:\>ftp 192.168.1.43
Connected to 192.168.1.43.
220 Welcome to eHowStuff.com RHEL6 FTP server
User (192.168.1.43:(none)):

If you encounter any issues on how to configure ftp server in linux, you can put a few questions in the comments below.

How to Install FTP Server Linux using ProFTPd

FTP Server Linux

Proftpd is one of the most popular FTP server, secure and reliable for the Linux operating system. Proftpd using a single configuration file and it is very easy to set up. The purpose of this article is to show you how easy it is to install FTP Server Linux ProFTPd server in CentOS 6 Linux.

What is FTP Server Linux?

FTP, which stands for File Transfer Protocol is a standard for exchanging program and data files across a network. The network could be the World Wide Web or simply a local area network (LAN).

Prerequisite :
How to Add the RPMforge Repository on CentOS 6/RHEL 6 Linux Server

1. Simply run this command to install FTP server linux, ProFTPd on CentOS 6 :

# yum install proftpd -y

2. How to start proftpd service :

# /etc/init.d/proftpd start

3. How to stop proftpd service :

# /etc/init.d/proftpd stop

4. How to restart proftpd service :

# /etc/init.d/proftpd restart

5. Configure proftpd start at boot :

[root@centos62 ~]# chkconfig proftpd on

If you encountered any issues while installing FTP Server Linux using proftpd, you can put a few questions in the comments below.

 

How to Install Linux FTP Server using Vsftpd

Vsftpd stands for Very Secure FTP Daemon. Vsftpd is not just another popular Unix / Linux FTP Server, but vsftpd delivering outstanding performance by taking less memory. It is running under xinetd and allows you run one process less because xinetd is shared among various other small services. For those webmasters or blogger who intend to run web server on Virtual Private Server (VPS) or Dedicated Server, Vsftpd would be the best choice. It is easy to install and can perform all that we expect from an FTP daemon while maintaining a higher level of security if configured properly. This article focuses on and covers the installation and configuration of the FTP server Vsftpd on CentOS Linux VPS.

1. Installing Linux FTP Server, vsftpd using yum command :

# yum install vsftpd -y

2. Makesure that xinetd has been installed :

# rpm -qa xinetd

If not installed, execute the following command :

# yum install xinetd -y

3. Make xinetd and Vsftpd daemon start at boot :

# chkconfig vsftpd on
# chkconfig xinetd on

4. It is recommended to do backup of your original configuration file, before do changes :

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf-bak

5. Configure Vsftpd :

# vi /etc/vsftpd/vsftpd.conf

a) Uncomment ftpd_banner and customize the login banner string as below :

# You may fully customise the login banner string:
ftpd_banner=Welcome to Linux FTP service.
#

b) This step is to configure not allowed users. By default root account is not allowed to login the vsftpd server as it’s existed on /etc/vsftpd/ftpusers. To allow it, open /etc/vsftpd/ftpusers files and remove or comment on the line of a user “root”. Users whose name are set in this file will not allow to login from ftp.

# cat /etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

6. Test root login from windows command prompt at client PC using user, ehowstuff :

C:\>ftp 192.168.2.54
Connected to 192.168.2.54.
220 Welcome to Linux CentOS FTP service.
User (192.168.2.54:(none)): ehowstuff
331 Please specify the password.
Password:
230 Login successful.
ftp>

If you encounter any issues when setting up linux ftp server, you can put a few questions in the comments below.

linux ftp server

Credit : www.unixmen.com

 

How to a Add and Remove User Account on RHEL 6/7, CentOS 6/7, Oracle Linux 6/7

This article will explain and share how to add and remove user account with useradd(add) and userdel (remove) from the command-line on linux RHEL 6/7, CentOS 6/7, Oracle Linux 6/7 server.

1. Adding a New User to an Linux System.

a) Get the useradd manual :

# man useradd
useradd - create a new user or update default new user information

b) To creates the new account and the /home/john home directory :

# useradd --home /home/ehowstuff ehowstuff

c) useraddd command does not set any valid password by default, and user cannot log in until a password is set.To set the password user the following command :

# passwd ehowstuff
Changing password for user ehowstuff.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

d) Verify the values in /etc/password :

# cat /etc/passwd | grep ehowstuff
ehowstuff:x:501:501::/home/ehowstuff:/bin/bash

e) Verify the values in /etc/group :

# cat /etc/group | grep ehowstuff
ehowstuff:x:501:

f) Verify email user created for id ehowstuff :

# ls /var/spool/mail | grep ehowstuff
ehowstuff

More useradd options :

-c, –comment COMMENT
Add a value, such as a full name, to the GECOS field.

-g, –gid GROUP
Specify the primary group for the user account.

-G, –groups GROUPS
Specify a list if supplementary groups for the user account.

-a, –append
Used with the -G option to append the user to the supplemental groups mentioned without removing the user from other groups.

-d, –home HOME_DIR
Specify a new home directory to a new location. Must be used with the -d option.

-m, –move-home
Move a user home directory to a new location. Must be used with the -d option.

-s, –shell SHELL
Specify a new login shell for the user account.

-L, –lock
Lock a user account.

-U, –unlock
Unlock a user account.

2. Deleting a User from an Linux System.

a) Get userdel manual :

# man userdel
userdel - delete a user account and related files

b) userdel username removes the user from /etc/passwd, but leaves the home directory intact by default. Proper command to remove the user’s account, user’s home directory and mail spool as part of the deletion process :

# userdel --remove ehowstuff

or

# userdel -r ehowstuff

Warning :
When a user is removed with userdel without the -r option specified, the system will have files that are owned by an unassigned user ID number. This can also happen when files created by a deleted user exist outside their home directory. This situation can lead to information leakage and other security issues.

 

How to Increase PHP File Upload Size Limit

Q. When you try to update the blog post in WordPress or any php application, you might notice that the application such as WordPress has a prohibitive maximum PHP file upload size. How to increase this limit in PHP ? In the below screenshot, i configured my PHP upload size to 50MB.

PHP file upload

A. If you own the virtual private server of dedicated web server, it is very easy to increase this parameter or option. The options can be set in php.ini configuration file, this configuration apply to all your applications. Many shared hosting server allows a maximum PHP file upload size is very low. This method may not work for most shared hosting because you do not give root access. If you plan to receive larger files, you should consider to purchase virtual private server (VPS) or dedicated server hardware.

What is default PHP File Upload Size (upload_max_filesize)?

The default values for PHP will restrict you to a maximum 2 MB upload file size.

Note : Below require you to access the server using root access from the linux server console. The steps has been tested on PHP 5.3 and PHP 5.4.

a) Login to your server via ssh connection.

b) Open php.ini file using vi editor :

# vi /etc/php.ini

There are two PHP configuration options that control the maximum PHP file upload size which are “upload_max_filesize” and “post_max_size”.

By default post_max_size = 8M and upload_max_filesize = 2M. You can update this value to the following :

c) Update this value from 8M to 60M :

post_max_size = 60M

d) Update this value from 2M to 50M :

upload_max_filesize = 50M

Note : Technically, post_max_size should always be greater than upload_max_file size . But for such a large number 150M you can safely make them the same size.

e) After you have made a changes, Then restart your web server to take effect of new PHP file upload size (e.g Apache or Nginx).

You can read more on these posts which explains PHP file upload article.