How to Enable EPEL and Remi Repository into CentOS 6

EPEL stand for Extra Packages for Enterprise Linux. EPEL repository is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Enterprise Linux(OEL). Remi repository is a yum repository maintained by a French dude – Remi Collet. This post describe the basic steps to prepare and install the additional CentOS packages with EPEL and Remi Repository into CentOS 6.

EPEL Repository

rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Remi Repository

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Example :

[root@centos6 ~]# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
[root@centos6 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@centos6 ~]# rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
[root@centos6 ~]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Retrieving http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Preparing...                ########################################### [100%]
   1:remi-release           ########################################### [100%]

Example of EPEl and Remi repo usage :

[root@centos6 ~]# yum --enablerepo=epel install httpd -y
[root@centos6 ~]# yum --enablerepo=remi install httpd -y

How to Secure OpenSSH (SSHD) on Linux

OpenSSH is a open source alternative to the proprietary Secure Shell software. It is also the SSH connectivity tools that allows you to remotely login, transfer remote file via scp or sftp. It was created as an open source alternative to the proprietary Secure Shell software. OpenSSH options are controlled through the /etc/ssh/sshd_config file. In order to improve OpenSSH server security, certain default sshd setting need to be change. This post will show you three example to Secure OpenSSH (SSHD) on Linux. This steps has been tested on CentOS 6.3 and may working on CentOS 6.2, CentOS 5.x and Redhat Enterprise Linux 5 (RHEL 5) and Redhat Enterprise Linux 6 (RHEL 6).

1.Change SSH Default Port :

By default ssh runs on port 22. Hacker would need to know the SSH port number in order to access your system. One of the method to improve security is to change the default port to a non-standard port. That would helps to stop brute force attacks.

#Port 22

Uncomment and change to :

Port 2202

2. Disable Root Login (PermitRootLogin) :

Add the following entry to sshd_config to disable root to login to the server directly.

#PermitRootLogin yes

Uncomment and change to :

PermitRootLogin no

3. Listen Specific IP only :

By default ssh will listen on all of the above ip-addresses. If you want users to login only using ip-address 192.168.1.200 and 192.168.1.202, do the following in your sshd_config :

ListenAddress 192.168.1.200
ListenAddress 192.168.1.202

How to Check Realtime RAM Memory Usage Available in Linux VPS

rhelOn the previous post, i have teach you on how to check the memory usage on linux virtual Private Server (VPS) but only top command had provide real-time information and updates . This quick post will covers on how to check realtime RAM memory usage available in Linux VPS using watch command. Watch runs command repeatedly, displaying its output change over time or at regular intervals. Watch will run until interrupted. This command has been tested on Redhat Linux Enterprise 6 (RHEL 6) and may working on CentOS 6.x as well.

The basic syntax of watch is :

# watch [option(s)] command

1. Check memory usage using “top” command. Watch command not required for top command as top will update the result periodically. :

[root@rhel6 ~]# top

2. Check memory usage using “/proc/meminfo” with watch command :

[root@rhel6 ~]# watch -n 1 cat /proc/meminfo

Output :

Every 1.0s: cat /proc/meminfo                                               Mon Oct 15 13:48:17 2012

MemTotal:        1031320 kB
MemFree:          626372 kB
Buffers:           58576 kB
Cached:           217004 kB
SwapCached:            0 kB
Active:           148516 kB
Inactive:         164708 kB
Active(anon):      37816 kB
Inactive(anon):       84 kB
Active(file):     110700 kB
Inactive(file):   164624 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:        141256 kB
HighFree:            280 kB
LowTotal:         890064 kB
LowFree:          626092 kB
SwapTotal:       2064376 kB
SwapFree:        2064376 kB
Dirty:                 4 kB
Writeback:             0 kB
AnonPages:         37652 kB
Mapped:            19096 kB
Shmem:               264 kB
Slab:              81048 kB
SReclaimable:      62096 kB
SUnreclaim:        18952 kB
..
..
..

3. Check memory usage using “free” with watch command :

[root@rhel6 ~]# watch -n 1 free

Output :

Every 1.0s: free                                                            Mon Oct 15 13:47:26 2012

             total       used       free     shared    buffers     cached
Mem:       1031320     404548     626772          0      58564     217004
-/+ buffers/cache:     128980     902340
Swap:      2064376          0    2064376

4. Check memory usage using “vmstat” with watch command :

[root@rhel6 ~]# watch -n 1 vmstat

Output :

Every 1.0s: vmstat                                                          Mon Oct 15 13:46:44 2012

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 0  0      0 626280  58552 217004   30    0     0    14   46   73  0  1 98  1  0

4 Top Command Howto on Linux RHEL 6/CentOS 6

In this article, i will help you to explore most frequently used top commands that linux system administrator use when analyzing the linux performance and use for daily system administrative jobs. Top command displays system summary information such as tasks currently being managed by the Linux kernel, displays ongoing look at processor activity in real time and will displays a listing of the most CPU-intensive tasks on the system. It also will show the processor and memory are being used and other information like running processes. It will help you to summarize how much of your system’s resources are taking up.

1. How to display top command result :

[root@rhel6 ~]# top

top
This command will show information like tasks, memory, cpu load average, swap and number of users. Press ‘q’ to quit window.

2. How to display selected user using top -u :

[root@rhel6 ~]# top -u apache

top

3. How to display specific process with given PIDs Using top -p(e.g PID 2449, 2450) :

[root@rhel6 ~]# top -p 2449,2450

top

4. How to quit top command after a specified number of iterations :

[root@rhel6 ~]# top -n 10

This top command will automatically exit after 10 number of repetition.

How to Setup Lynis Linux Auditing Tool on CentOS 6.2/CentOS 6.3

Lynis is a free and open source auditing tool for Unix-based operating system. It will provide report and makes suggestion after it scans the system and detect general system information, installed packages, configuration errors and security issues. Lynis aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. Follow this steps to setup Linux Auditing Tool on CentOS 6.3.

1. Create lynis directory under /usr/local/ :

[root@centos63 ~]# mkdir /usr/local/lynis

2. Download lynis software from http://www.rootkit.nl/projects/lynis.html :

# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz

Example :

[root@centos63 ~]# wget http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
--2012-10-06 12:18:13--  http://www.rootkit.nl/files/lynis-1.3.0.tar.gz
Resolving www.rootkit.nl... 31.7.1.110
Connecting to www.rootkit.nl|31.7.1.110|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 119797 (117K) [application/x-gzip]
Saving to: âlynis-1.3.0.tar.gzâ

100%[==========================================================>] 119,797     96.3K/s   in 1.2s

2012-10-06 12:18:15 (96.3 KB/s) - âlynis-1.3.0.tar.gzâ

3. Copy lynis-1.3.0.tar.gz to the created directory :

[root@centos63 ~]# cp lynis-1.3.0.tar.gz /usr/local/lynis

Then go to the created lynis directory :

[root@centos63 ~]# cd /usr/local/lynis

4. Extract lynis-1.3.0.tar.gz into /usr/local/lynis :

# tar xzvf lynis-1.3.0.tar.gz

Example :

[root@centos63 lynis]# tar xzvf lynis-1.3.0.tar.gz
lynis-1.3.0/CHANGELOG
lynis-1.3.0/FAQ
lynis-1.3.0/INSTALL
lynis-1.3.0/LICENSE
lynis-1.3.0/README
lynis-1.3.0/db/
lynis-1.3.0/db/integrity.db
lynis-1.3.0/db/sbl.db
lynis-1.3.0/db/fileperms.db
lynis-1.3.0/db/malware-susp.db
lynis-1.3.0/db/malware.db
lynis-1.3.0/db/hints.db
lynis-1.3.0/default.prf
lynis-1.3.0/dev/
lynis-1.3.0/dev/README
lynis-1.3.0/dev/files.dat
lynis-1.3.0/dev/TODO
lynis-1.3.0/dev/openbsd/
lynis-1.3.0/dev/openbsd/+CONTENTS
lynis-1.3.0/dev/check-lynis.sh
lynis-1.3.0/dev/build-lynis.sh
lynis-1.3.0/include/
lynis-1.3.0/include/profiles
lynis-1.3.0/include/tests_malware
lynis-1.3.0/include/tests_accounting
lynis-1.3.0/include/parameters
lynis-1.3.0/include/tests_ssh
lynis-1.3.0/include/tests_time
lynis-1.3.0/include/tests_firewalls
lynis-1.3.0/include/tests_nameservices
lynis-1.3.0/include/binaries
lynis-1.3.0/include/tests_webservers
lynis-1.3.0/include/tests_squid
lynis-1.3.0/include/tests_storage_nfs
lynis-1.3.0/include/tests_insecure_services
lynis-1.3.0/include/tests_scheduling
lynis-1.3.0/include/tests_tooling
lynis-1.3.0/include/tests_hardening
lynis-1.3.0/include/tests_networking
lynis-1.3.0/include/report
lynis-1.3.0/include/tests_boot_services
lynis-1.3.0/include/functions
lynis-1.3.0/include/tests_memory_processes
lynis-1.3.0/include/tests_file_permissions
lynis-1.3.0/include/tests_file_integrity
lynis-1.3.0/include/tests_shells
lynis-1.3.0/include/tests_databases
lynis-1.3.0/include/tests_homedirs
lynis-1.3.0/include/osdetection
lynis-1.3.0/include/tests_ldap
lynis-1.3.0/include/tests_ports_packages
lynis-1.3.0/include/tests_hardening_tools
lynis-1.3.0/include/tests_logging
lynis-1.3.0/include/tests_mail_messaging
lynis-1.3.0/include/tests_banners
lynis-1.3.0/include/tests_crypto
lynis-1.3.0/include/tests_kernel
lynis-1.3.0/include/tests_mac_frameworks
lynis-1.3.0/include/tests_solaris
lynis-1.3.0/include/tests_virtualization
lynis-1.3.0/include/tests_kernel_hardening
lynis-1.3.0/include/tests_snmp
lynis-1.3.0/include/tests_authentication
lynis-1.3.0/include/tests_filesystems
lynis-1.3.0/include/tests_storage
lynis-1.3.0/include/tests_printers_spools
lynis-1.3.0/include/tests_php
lynis-1.3.0/include/consts
lynis-1.3.0/include/tests_tcpwrappers
lynis-1.3.0/lynis
lynis-1.3.0/lynis.8
lynis-1.3.0/plugins/
lynis-1.3.0/plugins/README
lynis-1.3.0/plugins/custom_plugin.template

5. Enter the extracted lynis directory, lynis-1.3.0 :

[root@centos63 lynis]# cd lynis-1.3.0

6. Check if Lynis is up-to-date :

# ./lynis --check-update

Example :

[root@centos63 lynis-1.3.0]# ./lynis --check-update

 == Lynis ==

  Version         :   1.3.0
  Release date    :   28 April 2011
  Update location :   http://www.rootkit.nl/

 == Databases ==
                      Current          Latest           Status
  -----------------------------------------------------------------------------
  Malware         :   2008062700       2008062700       Up-to-date
  File perms      :   2008053000       2008053000       Up-to-date


Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/

7. By running ./lynis without any option, it will provide you a complete list of available parameters and you can use this as a references :

# ./lynis

Example :

[root@centos63 lynis-1.3.0]# ./lynis

[ Lynis 1.3.0 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.

 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################

[+] Initializing program
------------------------------------
  Scan options:
    --auditor ""            : Auditor name
    --check-all (-c)              : Check system
    --no-log                      : Don't create a log file
    --profile            : Scan the system with the given profile file
    --quick (-Q)                  : Quick mode, don't wait for user input
    --tests ""             : Run only tests defined by 
    --tests-category "" : Run only tests defined by 

  Layout options:
    --no-colors                   : Don't use colors in output
    --quiet (-q)                  : No output, except warnings
    --reverse-colors              : Optimize color display for light backgrounds

  Misc options:
    --check-update                : Check for updates
    --view-manpage (--man)        : View man page
    --version (-V)                : Display version number and quit

  Error: No parameters specified!
  See man page and documentation for all available options.

Exiting..

8. To start Lynis with full system scanning, define a –check-all or -c option to begin scanning of your entire Linux system. It will prompt you “[ Press [ENTER] to continue, or [CTRL]+C to stop ]” for every process that it scans.

# ./lynis -c

Example :

[root@centos63 lynis-1.3.0]# ./lynis -c

[ Lynis 1.3.0 ]

################################################################################
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 welcome to redistribute it under the terms of the GNU General Public License.
 See LICENSE file for details about using this software.

 Copyright 2007-2012 - Michael Boelen, http://www.rootkit.nl/
################################################################################

[+] Initializing program
------------------------------------
  - Detecting OS...                                           [ DONE ]
  - Clearing log file (/var/log/lynis.log)...                 [ DONE ]

  ---------------------------------------------------
  Program version:           1.3.0
  Operating system:          Linux
  Operating system name:     CentOS
  Operating system version:  CentOS release 6.3 (Final)
  Kernel version:            2.6.32-279.1.1.el6.i686
  Hardware platform:         i686
  Hostname:                  centos63
  Auditor:                   [Unknown]
  Profile:                   ./default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  ---------------------------------------------------

[ Press [ENTER] to continue, or [CTRL]+C to stop ]

9. To proceed with quick mode and avoid user input, execute lynis command with -c and -Q options as shown below :

# ./lynis -c -Q

Examples :

[root@centos63 lynis-1.3.0]# ./lynis -c -Q

Examples result :

[+] Software: PHP
------------------------------------
  - Checking PHP...                                           [ FOUND ]
  - Checking PHP disabled functions...                        [ FOUND ]
    - Checking register_globals option...                     [ OK ]
    - Checking expose_php option...                           [ ON ]
    - Checking enable_dl option...                            [ OFF ]
    - Checking allow_url_fopen option...                      [ ON ]
    - Checking allow_url_include option...                    [ OFF ]

[+] Squid Support
------------------------------------
  - Checking running Squid daemon...                          [ NOT FOUND ]

[+] Logging and files
------------------------------------
  - Checking for a running syslog daemon...                   [ OK ]
    - Checking Syslog-NG status                               [ NOT FOUND ]
    - Checking Metalog status                                 [ NOT FOUND ]
    - Checking RSyslog status                                 [ FOUND ]
    - Checking RFC 3195 daemon status                         [ NOT FOUND ]
  - Checking minilogd instances                               [ NONE ]
  - Checking logrotate presence                               [ OK ]
  - Checking log directories (static list)                    [ DONE ]
  - Checking open log files                                   [ DONE ]
  - Checking deleted files in use                             [ FILES FOUND ]

[+] Insecure services
------------------------------------
  - Checking inetd status...                                  [ ACTIVE ]
    - Checking inetd.conf...                                  [ NOT FOUND ]

[+] Banners and identification
------------------------------------
  - /etc/motd...                                              [ FOUND ]
    - /etc/motd permissions...                                [ OK ]
    - /etc/motd contents...                                   [ WEAK ]
  - /etc/issue...                                             [ FOUND ]
    - /etc/issue contents...                                  [ WEAK ]
  - /etc/issue.net...                                         [ FOUND ]
    - /etc/issue.net contents...                              [ WEAK ]

[+] Scheduled tasks
------------------------------------
  - Checking crontab/cronjob                                  [ DONE ]
  - Checking atd status                                       [ NOT RUNNING ]

[+] Accounting
------------------------------------
  - Checking accounting information...                        [ NOT FOUND ]
  - Checking auditd                                           [ ENABLED ]
    - Checking audit rules                                    [ SUGGESTION ]
    - Checking audit configuration file                       [ OK ]
    - Checking auditd log file                                [ FOUND ]

[+] Time and Synchronization
------------------------------------
  - Checking running NTP daemon...                            [ FOUND ]
  - Checking NTP client in crontab file...                    [ NOT FOUND ]
  - Checking NTP client in cron.d files...                    [ NOT FOUND ]
  - Checking for a running NTP daemon or client...            [ OK ]
  - Checking NTP daemon...                                    [ FOUND ]
  - Checking valid association ID's...                        [ FOUND ]
  - Checking high stratum ntp peers...                        [ OK ]
  - Checking unreliable ntp peers...                          [ FOUND ]
  - Checking selected time source...                          [ OK ]
  - Checking time source candidates...                        [ OK ]
  - Checking falsetickers...                                  [ OK ]
  - Checking NTP version...                                   [ FOUND ]

[+] Cryptography
------------------------------------
  - Checking SSL certificate expiration...                    [ OK ]

[+] Virtualization
------------------------------------

[+] Security frameworks
------------------------------------
  - Checking presence AppArmor                                [ NOT FOUND ]
  - Checking presence SELinux                                 [ FOUND ]
    - Checking SELinux status                                 [ DISABLED ]
  - Checking presence grsecurity                              [ NOT FOUND ]

[+] Software: file integrity
------------------------------------
  - Checking AFICK...                                         [ NOT FOUND ]
  - Checking AIDE...                                          [ NOT FOUND ]
  - Checking Osiris...                                        [ NOT FOUND ]
  - Checking Samhain...                                       [ NOT FOUND ]
  - Checking Tripwire...                                      [ NOT FOUND ]
  - Checking presence integrity tool...                       [ NOT FOUND ]

[+] Software: Malware scanners
------------------------------------
  - Checking chkrootkit...                                    [ NOT FOUND ]
  - Checking Rootkit Hunter...                                [ NOT FOUND ]
  - Checking ClamAV scanner...                                [ FOUND ]
  - Checking ClamAV daemon...                                 [ NOT FOUND ]

[+] System Tools
------------------------------------
  - Starting file permissions check...
    /etc/lilo.conf                                            [ NOT FOUND ]
    /root/.ssh                                                [ OK ]

[+] Home directories
------------------------------------
  - Checking shell history files...                           [ OK ]

[+] Kernel Hardening
------------------------------------
  - Comparing sysctl key pairs with scan profile...
      - kernel.core_uses_pid (exp: 1)                         [ OK ]
      - kernel.ctrl-alt-del (exp: 0)                          [ OK ]
      - kernel.exec-shield (exp: 1)                           [ OK ]
      - kernel.sysrq (exp: 0)                                 [ OK ]
      - net.ipv4.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv4.conf.all.accept_source_route (exp: 0)        [ OK ]
      - net.ipv4.conf.all.bootp_relay (exp: 0)                [ OK ]
      - net.ipv4.conf.all.forwarding (exp: 0)                 [ OK ]
      - net.ipv4.conf.all.log_martians (exp: 1)               [ DIFFERENT ]
      - net.ipv4.conf.all.mc_forwarding (exp: 0)              [ OK ]
      - net.ipv4.conf.all.proxy_arp (exp: 0)                  [ OK ]
      - net.ipv4.conf.all.rp_filter (exp: 1)                  [ DIFFERENT ]
      - net.ipv4.conf.all.send_redirects (exp: 0)             [ DIFFERENT ]
      - net.ipv4.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
      - net.ipv4.conf.default.accept_source_route (exp: 0)    [ OK ]
      - net.ipv4.conf.default.log_martians (exp: 1)           [ DIFFERENT ]
      - net.ipv4.icmp_echo_ignore_broadcasts (exp: 1)         [ OK ]
      - net.ipv4.icmp_ignore_bogus_error_responses (exp: 1)   [ OK ]
      - net.ipv4.tcp_syncookies (exp: 1)                      [ OK ]
      - net.ipv4.tcp_timestamps (exp: 0)                      [ DIFFERENT ]
      - net.ipv6.conf.all.accept_redirects (exp: 0)           [ DIFFERENT ]
      - net.ipv6.conf.all.accept_source_route (exp: 0)        [ OK ]
      - net.ipv6.conf.default.accept_redirects (exp: 0)       [ DIFFERENT ]
      - net.ipv6.conf.default.accept_source_route (exp: 0)    [ OK ]

[+] Hardening
------------------------------------
    - Installed compiler(s)...                                [ FOUND ]
    - Installed malware scanner...                            [ FOUND ]

================================================================================

  -[ Lynis 1.3.0 Results ]-

  Tests performed: 164
  Warnings:
  ----------------------------
   - [12:34:29] Warning: No password set on GRUB bootloader [test:BOOT-5121] [impact:M]
   - [12:34:33] Warning: No password set for single mode [test:AUTH-9308] [impact:L]
   - [12:34:51] Warning: Couldn't find 2 responsive nameservers [test:NETW-2705] [impact:L]
   - [12:34:52] Warning: Found mail_name in SMTP banner, and/or mail_name contains 'Postfix' [test:MAIL-8818] [impact:L]
   - [12:34:57] Warning: PHP option expose_php is possibly turned on, which can reveal useful information for attackers. [test:PHP-2372] [impact:M]

  Suggestions:
  ----------------------------
   - [12:34:29] Suggestion: Run grub-md5-crypt and create a hashed password. Add a line below the line timeout=, add: password --md5  [test:BOOT-5121]
   - [12:34:33] Suggestion: Configure password aging limits to enforce password changing on a regular base [test:AUTH-9286]
   - [12:34:33] Suggestion: Set password for single user mode to minimize physical access attack surface [test:AUTH-9308]
   - [12:34:33] Suggestion: Default umask in /etc/profile could be more strict like 027 [test:AUTH-9328]
   - [12:34:33] Suggestion: To decrease the impact of a full /home file system, place /home on a separated partition [test:FILE-6310]
   - [12:34:33] Suggestion: To decrease the impact of a full /tmp file system, place /tmp on a separated partition [test:FILE-6310]
   - [12:34:39] Suggestion: The database required for 'locate' could not be found. Run 'updatedb' or 'locate.updatedb' to create this file. [test:FILE-6410]
   - [12:34:39] Suggestion: Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [test:STRG-1840]
   - [12:34:39] Suggestion: Disable drivers like firewire storage when not used, to prevent unauthorized storage or data theft [test:STRG-1846]
   - [12:34:48] Suggestion: Install package 'yum-utils' for better consistency checking of the package database [test:PKGS-7384]
   - [12:34:51] Suggestion: Check your resolv.conf file and fill in a backup nameserver if possible [test:NETW-2705]
   - [12:34:52] Suggestion: You are adviced to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (/etc/postfix/main.cf) [test:MAIL-8818]
   - [12:34:53] Suggestion: Configure a firewall/packet filter to filter incoming and outgoing traffic [test:FIRE-4590]

For more information visit the offical Lynis page at http://www.rootkit.nl/projects/lynis.html.

How to Install and Configure Piwik on CentOS 6.2

Piwik is an open source web analytics software that makes it easy to get the information you want from your visitors. It’s free software alternative to Google Analytics.

1. To run Piwik, your host needs to meets the following minimum requirements :

-PHP version 5.1.3 or greater
-MySQL version 4.1 or greater
-Enabled PHP extension pdo and pdo_mysql, or the mysqli extension.(enabled by default)

If not, then install the following :

[root@centos62 ~]# yum install php-pdo php-gd php-xml -y

2. Enter apache’ document root directory :

[root@centos62 ~]# cd /var/www/html/

3. Download the latest release of Piwik from http://piwik.org/latest.zip :

[root@centos62 html]# wget http://piwik.org/latest.zip

4. Unzip the piwik’ zip file to document root :

[root@centos62 html]# unzip latest.zip

5. Enter piwik directory :

[root@centos62 html]# cd piwik

6. Change the permission for ./piwik/config and ./piwik/tmp as below :

[root@centos62 piwik]# chmod 777 config
[root@centos62 piwik]# chmod 777 tmp

7. Login to mysql server using root and create the following database and it’s permission. You can create a new user with the command :

mysql> CREATE USER 'piwik'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON piwik_db.* TO 'piwik'@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

8. Navigate the browser to the piwik portal as below :
http://192.168.1.44/piwik/

9. Complete the piwik installation wizard :

piwik

piwik

piwik

piwik

piwik

piwik

piwik

piwik

piwik

piwik

piwik

How to Configure NFS Client on Linux

nfsNetwork File System or NFS, is a server-client protocol for sharing files between computers on network. NFS server will enables it’s client to mount a file system on a remote server as if it were local to your own system. In this example, i will configure a nfs client on linux.

Prerequisites :
How to Configure Linux NFS Server on CentOS 6.2

NFS Server = centos62.ehowstuff.local
NFS Server Ip Address = 192.168.1.44

1. Install NFS client packages :

[root@NFS-Client ~]# yum install nfs-utils -y

Examples :

[root@NFS-Client ~]# yum install nfs-utils -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: mirror.oscc.org.my
 * epel: mirrors.ispros.com.bd
 * extras: mirror.oscc.org.my
 * rpmforge: mirror.oscc.org.my
 * updates: mirror.oscc.org.my
CentOS5.8-Repository                                                         | 1.3 kB     00:00
rpmforge/primary_db                                                          | 7.1 MB     01:07
updates                                                                      | 1.9 kB     00:00
updates/primary_db                                                           | 503 kB     00:04
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.i386 1:1.0.9-60.el5 set to be updated
--> Processing Dependency: portmap >= 4.0 for package: nfs-utils
--> Processing Dependency: libgssapi.so.2(libgssapi_CITI_2) for package: nfs-utils
--> Processing Dependency: librpcsecgss.so.2 for package: nfs-utils
--> Processing Dependency: libevent-1.4.so.2 for package: nfs-utils
--> Processing Dependency: libgssapi.so.2 for package: nfs-utils
--> Processing Dependency: nfs-utils-lib for package: nfs-utils
--> Processing Dependency: libnfsidmap.so.0 for package: nfs-utils
--> Processing Dependency: libgssapi for package: nfs-utils
--> Processing Dependency: libevent for package: nfs-utils
--> Running transaction check
---> Package libevent.i386 0:1.4.13-1 set to be updated
---> Package libgssapi.i386 0:0.10-2 set to be updated
---> Package nfs-utils-lib.i386 0:1.0.8-7.9.el5 set to be updated
---> Package portmap.i386 0:4.0-65.2.2.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                Arch          Version                   Repository                     Size
====================================================================================================
Installing:
 nfs-utils              i386          1:1.0.9-60.el5            CentOS5.8-Repository          401 k
Installing for dependencies:
 libevent               i386          1.4.13-1                  base                          112 k
 libgssapi              i386          0.10-2                    base                           22 k
 nfs-utils-lib          i386          1.0.8-7.9.el5             base                           64 k
 portmap                i386          4.0-65.2.2.1              base                           37 k

Transaction Summary
====================================================================================================
Install       5 Package(s)
Upgrade       0 Package(s)

Total download size: 636 k
Downloading Packages:
(1/5): libgssapi-0.10-2.i386.rpm                                             |  22 kB     00:00
(2/5): portmap-4.0-65.2.2.1.i386.rpm                                         |  37 kB     00:00
(3/5): nfs-utils-lib-1.0.8-7.9.el5.i386.rpm                                  |  64 kB     00:00
(4/5): libevent-1.4.13-1.i386.rpm                                            | 112 kB     00:01
----------------------------------------------------------------------------------------------------
Total                                                               287 kB/s | 636 kB     00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : libgssapi                                                                    1/5
  Installing     : portmap                                                                      2/5
  Installing     : libevent                                                                     3/5
  Installing     : nfs-utils-lib                                                                4/5
  Installing     : nfs-utils                                                                    5/5

Installed:
  nfs-utils.i386 1:1.0.9-60.el5

Dependency Installed:
  libevent.i386 0:1.4.13-1        libgssapi.i386 0:0.10-2     nfs-utils-lib.i386 0:1.0.8-7.9.el5
  portmap.i386 0:4.0-65.2.2.1

Complete!

2. Start NFS services :

[root@NFS-Client ~]# service portmap start
Starting portmap:                                          [  OK  ]
[root@NFS-Client ~]# /etc/rc.d/init.d/rpcidmapd start
Starting RPC idmapd:                                       [  OK  ]
[root@NFS-Client ~]# /etc/rc.d/init.d/nfslock start
Starting NFS statd:                                        [  OK  ]
[root@NFS-Client ~]# /etc/rc.d/init.d/netfs start
Mounting other filesystems:                                [  OK  ]

3. Make NFS services autostart at boot :

[root@NFS-Client ~]# chkconfig portmap on
[root@NFS-Client ~]# chkconfig rpcidmapd on
[root@NFS-Client ~]# chkconfig nfslock on
[root@NFS-Client ~]# chkconfig netfs on

4. create a mount point, by making a directory. Crete /shared folder as a mount point :

[root@NFS-Client ~]# mkdir /shared

5. Mount this /sharedfolder from NFS server on /shared mount point :

[root@NFS-Client ~]# mount -t nfs centos62.ehowstuff.local:/sharedfolder /shared
[root@NFS-Client ~]# df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda3             11064148   1639860   8853180  16% /
/dev/sda1               101086     11653     84214  13% /boot
tmpfs                   517336         0    517336   0% /dev/shm
/dev/hdc               3831642   3831642         0 100% /mnt
centos62.ehowstuff.local:/sharedfolder
                      12941696   4879104   7405184  40% /shared

6. Open /etc/fstab file. Make entry for nfs shared directory and define /shared to mount point :

[root@NFS-Client ~]# vi /etc/fstab
LABEL=/                 /                       ext3    defaults        1 1
LABEL=/boot             /boot                   ext3    defaults        1 2
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
LABEL=SWAP-sda2         swap                    swap    defaults        0 0
centos62.ehowstuff.local:/sharedfolder /shared  nfs     defaults        0 0

How to Configure Linux NFS Server on CentOS 6.2

nfsIn this example, i will configure a nfs server on CentOS 6.2. Network File System or NFS, is a server-client protocol for sharing files between computers on network. NFS server will enables it’s client to mount a file system on a remote server as if it were local to your own system. It’s also then can directly access any of the files on that remote file system. Follow the following steps to install NFS :

Prerequisites :
How to Setup Local Yum Repository from CD-ROM/DVD-ROM image on CentOS 6.2

1. Install using yum command :

[root@centos62 ~]# yum install nfs-utils -y
Loaded plugins: fastestmirror, priorities
Loading mirror speeds from cached hostfile
 * base: mirror1.ku.ac.th
 * epel: mirrors.ispros.com.bd
 * extras: mirror1.ku.ac.th
 * updates: mirror1.ku.ac.th
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nfs-utils.i686 1:1.2.3-15.el6_2.1 will be installed
--> Processing Dependency: nfs-utils-lib >= 1.1.0-3 for package: 1:nfs-utils-1.2.3-15.el6_2.1.i686
--> Processing Dependency: libnfsidmap.so.0 for package: 1:nfs-utils-1.2.3-15.el6_2.1.i686
--> Running transaction check
---> Package nfs-utils-lib.i686 0:1.1.5-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                  Arch            Version                          Repository          Size
====================================================================================================
Installing:
 nfs-utils                i686            1:1.2.3-15.el6_2.1               updates            307 k
Installing for dependencies:
 nfs-utils-lib            i686            1.1.5-4.el6                      base                66 k

Transaction Summary
====================================================================================================
Install       2 Package(s)

Total download size: 372 k
Installed size: 922 k
Downloading Packages:
(1/2): nfs-utils-1.2.3-15.el6_2.1.i686.rpm                                   | 307 kB     00:02
(2/2): nfs-utils-lib-1.1.5-4.el6.i686.rpm                                    |  66 kB     00:00
----------------------------------------------------------------------------------------------------
Total                                                               103 kB/s | 372 kB     00:03
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nfs-utils-lib-1.1.5-4.el6.i686                                                   1/2
  Installing : 1:nfs-utils-1.2.3-15.el6_2.1.i686                                                2/2

Installed:
  nfs-utils.i686 1:1.2.3-15.el6_2.1

Dependency Installed:
  nfs-utils-lib.i686 0:1.1.5-4.el6

Complete!

2. Uncomment Line 5 and change to your domain name :

[root@centos62 ~]# vi /etc/idmapd.conf
#Domain = local.domain.edu

Change to your domain. E.g ehowstuff.local :

Domain = ehowstuff.local

Save file with :wq and exit.

3. Create a /sharedfolder directory and grant full permission to it.

[root@centos62 ~]# mkdir /sharedfolder
[root@centos62 ~]# chmod 777 /sharedfolder

4. Open and configure /etc/exports file as below :

[root@centos62 ~]# vi /etc/exports

Share /sharedfolder for the network of 192.168.1.0/24 with read and write access

# write like below *note

/sharedfolder 192.168.1.0/24(rw,sync)

#Notes
#/sharedfolder --> shared directory
#192.168.1.0/24 --> range of networks NFS permits accesses
#rw --> writable
#sync --> synchronize
#no_root_squash --> enable root privilege
#no_all_squash --> enable users' authority

save file with :wq and exit.

5. Restart the nfs services :

[root@centos62 ~]# /etc/rc.d/init.d/rpcbind start
Starting rpcbind:                                          [  OK  ]
[root@centos62 ~]# /etc/rc.d/init.d/nfslock start
Starting NFS statd:                                        [  OK  ]
[root@centos62 ~]# /etc/rc.d/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]

6. Make nfs services start at boot :

[root@centos62 ~]# chkconfig rpcbind on
[root@centos62 ~]# chkconfig nfslock on
[root@centos62 ~]# chkconfig nfs on

7. How to Configure NFS Client on Linux

How to Install and Configure Munin on CentOS 6.2

Munin is a network/system monitoring application that presents output in graphs through a web interface.
Munin is a monitoring tool surveys all your computers and remembers what it saw. Munin is a simple to configure tool that make real nice graph about your server status. This post will show how to install munin on linux CentOS 6.2 server.

Prerequisites:
How to Install Httpd on CentOS 6.2

[root@centos62 ~]# yum --enablerepo=epel install munin munin-node -y
..
..
..
Dependencies Resolved

====================================================================================================
 Package                              Arch           Version                     Repository    Size
====================================================================================================
Installing:
 munin                                noarch         1.4.7-5.el6                 epel         124 k
 munin-node                           noarch         1.4.7-5.el6                 epel         375 k
Installing for dependencies:
 mailx                                i686           12.4-6.el6                  base         224 k
 munin-common                         noarch         1.4.7-5.el6                 epel          71 k
 perl-Compress-Raw-Zlib               i686           2.023-119.el6_1.1           base          67 k
 perl-Compress-Zlib                   i686           2.020-119.el6_1.1           base          43 k
 perl-Crypt-DES                       i686           2.05-9.el6                  epel          19 k
 perl-Date-Manip                      noarch         6.24-1.el6                  base         1.4 M
 perl-Digest-HMAC                     noarch         1.01-22.el6                 base          22 k
 perl-Digest-SHA1                     i686           2.12-2.el6                  base          49 k
 perl-Email-Date-Format               noarch         1.002-5.el6                 base          16 k
 perl-HTML-Parser                     i686           3.64-2.el6                  base         109 k
 perl-HTML-Tagset                     noarch         3.20-4.el6                  base          17 k
 perl-HTML-Template                   noarch         2.9-10.el6                  epel          70 k
 perl-IO-Compress-Base                i686           2.020-119.el6_1.1           base          66 k
 perl-IO-Compress-Zlib                i686           2.020-119.el6_1.1           base         133 k
 perl-IO-Multiplex                    noarch         1.13-1.el6                  epel          24 k
 perl-Log-Dispatch                    noarch         2.27-1.el6                  epel          71 k
 perl-Log-Dispatch-FileRotate         noarch         1.19-4.el6                  epel          24 k
 perl-Log-Log4perl                    noarch         1.30-1.el6                  epel         392 k
 perl-MIME-Lite                       noarch         3.027-2.el6                 base          82 k
 perl-MIME-Types                      noarch         1.28-2.el6                  base          32 k
 perl-Mail-Sender                     noarch         0.8.16-3.el6                epel          54 k
 perl-MailTools                       noarch         2.04-4.el6                  base         101 k
 perl-Net-CIDR                        noarch         0.14-1.el6                  epel          17 k
 perl-Net-SNMP                        noarch         5.2.0-4.el6                 epel         100 k
 perl-Net-Server                      noarch         0.97-7.el6                  epel         142 k
 perl-Params-Validate                 i686           0.92-3.el6                  base          75 k
 perl-TimeDate                        noarch         1:1.16-11.1.el6             base          34 k
 perl-URI                             noarch         1.40-2.el6                  base         117 k
 perl-XML-DOM                         noarch         1.44-7.el6                  base         136 k
 perl-XML-Parser                      i686           2.36-7.el6                  base         224 k
 perl-XML-RegExp                      noarch         0.03-7.el6                  base         9.8 k
 perl-YAML-Syck                       i686           1.07-4.el6                  base          75 k
 perl-libwww-perl                     noarch         5.833-2.el6                 base         387 k
 rrdtool-perl                         i686           1.3.8-6.el6                 base          36 k
 sysstat                              i686           9.0.4-18.el6                base         216 k

Transaction Summary
====================================================================================================
Install      37 Package(s)

Total download size: 5.0 M
Installed size: 19 M
Downloading Packages:
(1/37): mailx-12.4-6.el6.i686.rpm                                            | 224 kB     00:01
(2/37): munin-1.4.7-5.el6.noarch.rpm                                         | 124 kB     00:00
(3/37): munin-common-1.4.7-5.el6.noarch.rpm                                  |  71 kB     00:00
(4/37): munin-node-1.4.7-5.el6.noarch.rpm                                    | 375 kB     00:02
(5/37): perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686.rpm                    |  67 kB     00:00
(6/37): perl-Compress-Zlib-2.020-119.el6_1.1.i686.rpm                        |  43 kB     00:00
(7/37): perl-Crypt-DES-2.05-9.el6.i686.rpm                                   |  19 kB     00:00
(8/37): perl-Date-Manip-6.24-1.el6.noarch.rpm                                | 1.4 MB     00:11
(9/37): perl-Digest-HMAC-1.01-22.el6.noarch.rpm                              |  22 kB     00:00
(10/37): perl-Digest-SHA1-2.12-2.el6.i686.rpm                                |  49 kB     00:00
(11/37): perl-Email-Date-Format-1.002-5.el6.noarch.rpm                       |  16 kB     00:00
(12/37): perl-HTML-Parser-3.64-2.el6.i686.rpm                                | 109 kB     00:00
(13/37): perl-HTML-Tagset-3.20-4.el6.noarch.rpm                              |  17 kB     00:00
(14/37): perl-HTML-Template-2.9-10.el6.noarch.rpm                            |  70 kB     00:00
(15/37): perl-IO-Compress-Base-2.020-119.el6_1.1.i686.rpm                    |  66 kB     00:00
(16/37): perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686.rpm                    | 133 kB     00:01
(17/37): perl-IO-Multiplex-1.13-1.el6.noarch.rpm                             |  24 kB     00:00
(18/37): perl-Log-Dispatch-2.27-1.el6.noarch.rpm                             |  71 kB     00:00
(19/37): perl-Log-Dispatch-FileRotate-1.19-4.el6.noarch.rpm                  |  24 kB     00:00
(20/37): perl-Log-Log4perl-1.30-1.el6.noarch.rpm                             | 392 kB     00:02
(21/37): perl-MIME-Lite-3.027-2.el6.noarch.rpm                               |  82 kB     00:00
(22/37): perl-MIME-Types-1.28-2.el6.noarch.rpm                               |  32 kB     00:00
(23/37): perl-Mail-Sender-0.8.16-3.el6.noarch.rpm                            |  54 kB     00:00
(24/37): perl-MailTools-2.04-4.el6.noarch.rpm                                | 101 kB     00:01
(25/37): perl-Net-CIDR-0.14-1.el6.noarch.rpm                                 |  17 kB     00:00
(26/37): perl-Net-SNMP-5.2.0-4.el6.noarch.rpm                                | 100 kB     00:00
(27/37): perl-Net-Server-0.97-7.el6.noarch.rpm                               | 142 kB     00:01
(28/37): perl-Params-Validate-0.92-3.el6.i686.rpm                            |  75 kB     00:00
(29/37): perl-TimeDate-1.16-11.1.el6.noarch.rpm                              |  34 kB     00:00
(30/37): perl-URI-1.40-2.el6.noarch.rpm                                      | 117 kB     00:00
(31/37): perl-XML-DOM-1.44-7.el6.noarch.rpm                                  | 136 kB     00:00
(32/37): perl-XML-Parser-2.36-7.el6.i686.rpm                                 | 224 kB     00:01
(33/37): perl-XML-RegExp-0.03-7.el6.noarch.rpm                               | 9.8 kB     00:00
(34/37): perl-YAML-Syck-1.07-4.el6.i686.rpm                                  |  75 kB     00:00
(35/37): perl-libwww-perl-5.833-2.el6.noarch.rpm                             | 387 kB     00:02
(36/37): rrdtool-perl-1.3.8-6.el6.i686.rpm                                   |  36 kB     00:00
(37/37): sysstat-9.0.4-18.el6.i686.rpm                                       | 216 kB     00:02
----------------------------------------------------------------------------------------------------
Total                                                               115 kB/s | 5.0 MB     00:44
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : perl-IO-Compress-Base-2.020-119.el6_1.1.i686                                    1/37
  Installing : perl-URI-1.40-2.el6.noarch                                                      2/37
  Installing : munin-common-1.4.7-5.el6.noarch                                                 3/37
warning: user munin does not exist - using root
warning: group munin does not exist - using root
  Installing : 1:perl-TimeDate-1.16-11.1.el6.noarch                                            4/37
  Installing : perl-MailTools-2.04-4.el6.noarch                                                5/37
  Installing : perl-HTML-Tagset-3.20-4.el6.noarch                                              6/37
  Installing : perl-HTML-Parser-3.64-2.el6.i686                                                7/37
  Installing : perl-Net-CIDR-0.14-1.el6.noarch                                                 8/37
  Installing : perl-MIME-Types-1.28-2.el6.noarch                                               9/37
  Installing : perl-Email-Date-Format-1.002-5.el6.noarch                                      10/37
  Installing : perl-MIME-Lite-3.027-2.el6.noarch                                              11/37
  Installing : perl-Mail-Sender-0.8.16-3.el6.noarch                                           12/37
  Installing : perl-YAML-Syck-1.07-4.el6.i686                                                 13/37
  Installing : perl-Date-Manip-6.24-1.el6.noarch                                              14/37
  Installing : perl-XML-RegExp-0.03-7.el6.noarch                                              15/37
  Installing : perl-IO-Multiplex-1.13-1.el6.noarch                                            16/37
  Installing : perl-Net-Server-0.97-7.el6.noarch                                              17/37
  Installing : perl-HTML-Template-2.9-10.el6.noarch                                           18/37
  Installing : perl-Compress-Raw-Zlib-2.023-119.el6_1.1.i686                                  19/37
  Installing : rrdtool-perl-1.3.8-6.el6.i686                                                  20/37
  Installing : perl-Params-Validate-0.92-3.el6.i686                                           21/37
  Installing : perl-Log-Dispatch-2.27-1.el6.noarch                                            22/37
  Installing : perl-Digest-SHA1-2.12-2.el6.i686                                               23/37
  Installing : perl-Digest-HMAC-1.01-22.el6.noarch                                            24/37
  Installing : perl-Log-Dispatch-FileRotate-1.19-4.el6.noarch                                 25/37
  Installing : perl-IO-Compress-Zlib-2.020-119.el6_1.1.i686                                   26/37
  Installing : perl-Compress-Zlib-2.020-119.el6_1.1.i686                                      27/37
  Installing : perl-libwww-perl-5.833-2.el6.noarch                                            28/37
  Installing : perl-XML-Parser-2.36-7.el6.i686                                                29/37
  Installing : perl-XML-DOM-1.44-7.el6.noarch                                                 30/37
  Installing : perl-Log-Log4perl-1.30-1.el6.noarch                                            31/37
  Installing : perl-Crypt-DES-2.05-9.el6.i686                                                 32/37
  Installing : perl-Net-SNMP-5.2.0-4.el6.noarch                                               33/37
  Installing : mailx-12.4-6.el6.i686                                                          34/37
  Installing : sysstat-9.0.4-18.el6.i686                                                      35/37
  Installing : munin-node-1.4.7-5.el6.noarch                                                  36/37
  Installing : munin-1.4.7-5.el6.noarch                                                       37/37

Installed:
  munin.noarch 0:1.4.7-5.el6                     munin-node.noarch 0:1.4.7-5.el6

Dependency Installed:
  mailx.i686 0:12.4-6.el6                           munin-common.noarch 0:1.4.7-5.el6
  perl-Compress-Raw-Zlib.i686 0:2.023-119.el6_1.1   perl-Compress-Zlib.i686 0:2.020-119.el6_1.1
  perl-Crypt-DES.i686 0:2.05-9.el6                  perl-Date-Manip.noarch 0:6.24-1.el6
  perl-Digest-HMAC.noarch 0:1.01-22.el6             perl-Digest-SHA1.i686 0:2.12-2.el6
  perl-Email-Date-Format.noarch 0:1.002-5.el6       perl-HTML-Parser.i686 0:3.64-2.el6
  perl-HTML-Tagset.noarch 0:3.20-4.el6              perl-HTML-Template.noarch 0:2.9-10.el6
  perl-IO-Compress-Base.i686 0:2.020-119.el6_1.1    perl-IO-Compress-Zlib.i686 0:2.020-119.el6_1.1
  perl-IO-Multiplex.noarch 0:1.13-1.el6             perl-Log-Dispatch.noarch 0:2.27-1.el6
  perl-Log-Dispatch-FileRotate.noarch 0:1.19-4.el6  perl-Log-Log4perl.noarch 0:1.30-1.el6
  perl-MIME-Lite.noarch 0:3.027-2.el6               perl-MIME-Types.noarch 0:1.28-2.el6
  perl-Mail-Sender.noarch 0:0.8.16-3.el6            perl-MailTools.noarch 0:2.04-4.el6
  perl-Net-CIDR.noarch 0:0.14-1.el6                 perl-Net-SNMP.noarch 0:5.2.0-4.el6
  perl-Net-Server.noarch 0:0.97-7.el6               perl-Params-Validate.i686 0:0.92-3.el6
  perl-TimeDate.noarch 1:1.16-11.1.el6              perl-URI.noarch 0:1.40-2.el6
  perl-XML-DOM.noarch 0:1.44-7.el6                  perl-XML-Parser.i686 0:2.36-7.el6
  perl-XML-RegExp.noarch 0:0.03-7.el6               perl-YAML-Syck.i686 0:1.07-4.el6
  perl-libwww-perl.noarch 0:5.833-2.el6             rrdtool-perl.i686 0:1.3.8-6.el6
  sysstat.i686 0:9.0.4-18.el6

Complete!

2. On line 60, change the following to your hostname :

[root@centos62 ~]# vi /etc/munin/munin.conf

Original :

# a simple host tree
[x86-06.phx2.fedoraproject.org]
    address 127.0.0.1
    use_node_name yes

Change to :

# a simple host tree
[centos62.ehowstuff.local]
    address 127.0.0.1
    use_node_name yes

3. On line 29, please uncomment and change to your hostname :

[root@centos62 ~]# vim /etc/munin/munin-node.conf

Original :

#host_name x86-06.phx2.fedoraproject.org

Change to :

host_name centos62.ehowstuff.local

4. Change the following and allowed your network to access munin :

[root@centos62 ~]# vim /etc/httpd/conf.d/munin.conf
<directory /var/www/html/munin>
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1 192.168.1.0/24
</directory>

5. Restart Apache httpd service :

[root@centos62 ~]# /etc/rc.d/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

5. Start Munin :

[root@centos62 ~]# /etc/rc.d/init.d/munin-node start
Starting Munin Node:                                       [  OK  ]

6. Make munin start at boot :

[root@centos62 ~]# chkconfig munin-node on

7. Access to “http://(hostname or IP address)/munin/” with web browser after 5 minutes later.
munin

How to Check CentOS or Red Hat Version

rhelIn this post, i will share the quick steps on how to check linux CentOS version. This steps may working on any version of CentOS and Redhat Enterprise linux (RHEL) server. CentOS versions can easily be checked with some simple commands. There are two common command to check linux version :

1. Execute the issue command :

[root@centos62 ~]# cat /etc/issue
CentOS release 6.2 (Final)
Kernel \r on an \m

2. Execute redhat-release command :

[root@centos62 ~]# cat /etc/redhat-release
CentOS release 6.2 (Final)

Both command above return the same result.

How to Configure Persistent Static Routes on Linux CentOS 6.2

In this post, i will share on how to configure persistent static routes on linux CentOS 6.2 server. By using Static routes, we can improves overall performance of the network. Static route can be added and delete using “route” command. But the drawback is when linux server is rebooted, it will forget the static routes configuration. To avoid network interruption the following condition should be follow :

1. The static route configuration should take effect immediately without rebooting.
2. The static route configuration should also apply after the next reboot.

Solutions :
To make configuration take effect immediately, run the following command :

[root@centos62 ~]# route add -net <network> netmask <netmask> gw <gateway_ip> dev <interface>

Examples :

[root@centos62 ~]# route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1 dev eth0
[root@centos62 ~]# route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1 dev eth1
[root@centos62 ~]# route add -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1 dev eth2

To apply the configuration on next reboot, configure the following in /etc/sysconfig/static-routes :

[root@centos62 ~]# vi /etc/sysconfig/static-routes

Add the followings :

any -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1
any -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.2.1
any -net 192.168.3.0 netmask 255.255.255.0 gw 192.168.3.1

How to Setup phpMyAdmin 3.5.1 on CentOS 6.2 using Remi Repository

phpmyadminphpMyAdmin is a free and open source tool written in PHP intended to handle the administration of MySQL with the use of a Web browser. It is a tools that giving users the ability to interact with their MySQL databases to perform the task such as creating, modifying or drop databases, executing SQL statements, managing users and set permissions. This post will show you the steps on how to setup phpMyAdmin 3.5.1 on CentOS 6.2 using remi repository.

Prerequisites :
How to Install Remi yum Repository on CentOS 6.2 x86 and x86_64

Simply execute the following command to install phpmyadmin :

[root@centos62 ~]# yum install phpmyadmin -y
Loaded plugins: fastestmirror, priorities
Determining fastest mirrors
 * base: mirror.averse.net
 * extras: mirror.yourconnect.com
 * remi: iut-info.univ-reims.fr
 * remi-test: iut-info.univ-reims.fr
 * updates: mirror.yourconnect.com
base                                                                         | 3.7 kB     00:00
base/primary_db                                                              | 3.5 MB     00:34
extras                                                                       | 3.5 kB     00:00
extras/primary_db                                                            | 9.1 kB     00:00
remi                                                                         | 2.9 kB     00:00
remi/primary_db                                                              | 259 kB     00:02
remi-test                                                                    | 2.9 kB     00:00
remi-test/primary_db                                                         |  80 kB     00:01
updates                                                                      | 3.5 kB     00:00
updates/primary_db                                                           | 3.9 MB     00:35
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package phpMyAdmin.noarch 0:3.5.1-1.el6.remi will be installed
--> Processing Dependency: php-mysql >= 5.2.0 for package: phpMyAdmin-3.5.1-1.el6.remi.noarch
--> Processing Dependency: php-mcrypt >= 5.2.0 for package: phpMyAdmin-3.5.1-1.el6.remi.noarch
--> Processing Dependency: php-mbstring >= 5.2.0 for package: phpMyAdmin-3.5.1-1.el6.remi.noarch
--> Processing Dependency: php-gd >= 5.2.0 for package: phpMyAdmin-3.5.1-1.el6.remi.noarch
--> Running transaction check
---> Package php-gd.i686 0:5.4.4-1.el6.remi will be installed
---> Package php-mbstring.i686 0:5.4.4-1.el6.remi will be installed
---> Package php-mcrypt.i686 0:5.4.4-1.el6.remi will be installed
---> Package php-mysql.i686 0:5.4.4-1.el6.remi will be installed
--> Processing Dependency: php-pdo(x86-32) = 5.4.4-1.el6.remi for package: php-mysql-5.4.4-1.el6.remi.i686
--> Running transaction check
---> Package php-pdo.i686 0:5.4.4-1.el6.remi will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                 Arch              Version                       Repository            Size
====================================================================================================
Installing:
 phpMyAdmin              noarch            3.5.1-1.el6.remi              remi                 4.7 M
Installing for dependencies:
 php-gd                  i686              5.4.4-1.el6.remi              remi-test            132 k
 php-mbstring            i686              5.4.4-1.el6.remi              remi-test            921 k
 php-mcrypt              i686              5.4.4-1.el6.remi              remi-test             41 k
 php-mysql               i686              5.4.4-1.el6.remi              remi-test            122 k
 php-pdo                 i686              5.4.4-1.el6.remi              remi-test            107 k

Transaction Summary
====================================================================================================
Install       6 Package(s)

Total download size: 6.0 M
Installed size: 21 M
Downloading Packages:
(1/6): php-gd-5.4.4-1.el6.remi.i686.rpm                                      | 132 kB     00:11
(2/6): php-mbstring-5.4.4-1.el6.remi.i686.rpm                                | 921 kB     00:28
(3/6): php-mcrypt-5.4.4-1.el6.remi.i686.rpm                                  |  41 kB     00:01
(4/6): php-mysql-5.4.4-1.el6.remi.i686.rpm                                   | 122 kB     00:02
(5/6): php-pdo-5.4.4-1.el6.remi.i686.rpm                                     | 107 kB     00:01
(6/6): phpMyAdmin-3.5.1-1.el6.remi.noarch.rpm                                | 4.7 MB     01:14
----------------------------------------------------------------------------------------------------
Total                                                                50 kB/s | 6.0 MB     02:04
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : php-gd-5.4.4-1.el6.remi.i686                                                     1/6
  Installing : php-mcrypt-5.4.4-1.el6.remi.i686                                                 2/6
  Installing : php-pdo-5.4.4-1.el6.remi.i686                                                    3/6
  Installing : php-mysql-5.4.4-1.el6.remi.i686                                                  4/6
  Installing : php-mbstring-5.4.4-1.el6.remi.i686                                               5/6
  Installing : phpMyAdmin-3.5.1-1.el6.remi.noarch                                               6/6

Installed:
  phpMyAdmin.noarch 0:3.5.1-1.el6.remi

Dependency Installed:
  php-gd.i686 0:5.4.4-1.el6.remi                  php-mbstring.i686 0:5.4.4-1.el6.remi
  php-mcrypt.i686 0:5.4.4-1.el6.remi              php-mysql.i686 0:5.4.4-1.el6.remi
  php-pdo.i686 0:5.4.4-1.el6.remi

Complete!
[root@centos62 ~]# vim /etc/httpd/conf.d/phpMyAdmin.conf

Original configuration file :

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   order deny,allow
   deny from all
   allow from 127.0.0.1
   allow from ::1
</Directory>

Modify to the following :

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
   order deny,allow
   deny from all
   allow from 127.0.0.1
   allow from all
</Directory>

Once configured, restart the httpd as below :

[root@centos62 ~]# service httpd restart

Login to the phpmyadmin as below :
http://192.168.1.44/phpmyadmin