How to Install IonCube Loader in CentOS 6 / CentOS 7

ioncube loader

What is IonCube Loader ?

IonCube Loader is a PHP module or extension for PHP files decoding encrypted and is often required for many applications based on PHP. It helps us to protect php applications from unauthorized execution and at the same time can accelerate the website. This article will show you how you can install ioncube loader on CentOS 6 and the steps also works on CentOS 7.

1. Check and verify ioncube version :

# php -v
PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

Your PHP version must match ioncube version :
eg. PHP 5.5 will use file: ioncube_loader_lin_5.5.so
eg. PHP 5.4 will use file: ioncube_loader_lin_5.4.so
eg. PHP 5.3 will use file: ioncube_loader_lin_5.3.so

In this case, php version is PHP 5.4, and the matching ioncube loader version should be ioncube_loader_lin_5.4.so.

2. Create directory for ioncube :

# mkdir /usr/local/ioncube

3. Download and extract the ioncube:

# wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
# tar xzvf ioncube_loaders_lin_x86-64.tar.gz

4. Open the extracted ioncube folder and copy the ioncube loader file match to your php version. :

# cd ioncube
# cp -p ioncube_loader_lin_5.4.so /usr/local/ioncube

5. Now locate php.ini file. This is how you can find location of php.ini.

# php -i| grep php.ini
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini

6. Edit php.ini file and save :

# vim /etc/php.ini

Add the following at the bottom of php.ini :

..
..
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.4.so

7. Verify the php version, it is now should include file “ioncube_loader_lin_5.4.so” in PHP 5.4 if you get the display as below :

# php -v
PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.

If you can see the version of PHP with ionCube loader version, meaning you have successfully installed and configured ioncube PHP loader in your linux system.

How to Install CentOS Web panel(CWP) on CentOS 6

There are many open source control panel to run linux web hosting on the internet like ISPConfig, Webmin, Virtualmin and Open Panel. In this post, I want to share how to install CentOS Web panel (CWP) on CentOS 6. CentOS Web panel is a free Web Hosting panel designed for easy management of servers ( VPS & Dedicated ) without the need to use their expertise and knowledge in the linux command line and without SSH access to the server.

From the CWP official website, they do not provide uninstaller and reinstall the server to remove it. CWP should be install on the fresh CentOS operating system without any non-default configuration.

Follow the following step to install CWP on CentOS 6.6.

1. Install Fresh CentOS 6.6 with direct internet connection :
2. Allocate atleast 512MB RAM for 32 bit systems and 1024MB for 64 bit systems. In this example we will allocate 4GB RAM.

3. Configure your server hostname :
a. Modify the hostname and reboot the server to take effect:

# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos66.ehowstuff.local
GATEWAY=192.168.0.1

a. Verify hostname :

[root@centos66 ~]# hostname
centos66.ehowstuff.local

4. Update your server before begin. Reboot the server to take effect the changes :

# yum update -y

5. Install CWP:
a. Change directory to /usr/local/src/ directory:

# cd /usr/local/src

b. Download the installer via wget :

# wget http://centos-webpanel.com/cwp-latest

Or try the following URL if above url not working :

# wget http://dl1.centos-webpanel.com/files/cwp-latest

c. Start CWP installer

# sh cwp-latest

6. The installation will take up to 50 minutes, depend on your internet connection speed :

cmp-2

7. Once the installation completed, you will see the the screen below. In this case i leave mySQL root password blank.
cmp-3

Press Enter to reboot the server.

8. Go to your browser and enter CWP ip address with 2030 port number. You will see login page as below. CentOS WebPanel Admin GUI at http://SERVER-IP:2030/

Username: root
Password: your server root password

cmp-4

9. You can start configure your CWP via dasgboard panel below. Get consult from official website, and the CWP forum to proceed the configuration.

cmp-5

10. You can start configure your CWP server and then start hosting your website.

  • Setup nameservers
  • Setup shared ip (must be your public IP address)
  • Setup at least one hosting package (or edit default package)
  • Setup root email
  • & now you are ready to host domains…

11. Install Softaculous Apps Installer via command :

# /usr/local/src/install.sh --quick
-----------------------------------------------
 Welcome to Softaculous Apps Installer
-----------------------------------------------

///////////////////////////////
// INSTALLING SOFTACULOUS :
// 1) CONFIGURING universal.php
// 2) FETCHED A LICENSE
// 3) UPDATING Categories
// 4) UPDATING Scripts List
// 5) UPDATING Installed Scripts List
// 6) SETTING A CRON JOB
// 7) DOWNLOADING SCRIPTS
///////////////////////////////

ln: creating symbolic link `/usr/local/cwpsrv/conf.d/softaculous.conf': File exists
cwpsrvd: Could not reliably determine the server's fully qualified domain name, using centos66.ehowstuff.local for ServerName
=====================================================
Congratulations, Softaculous was installed successfully
Softaculous has been installed at:
Path : /usr/local/softaculous
Scripts Path : /var/softaculous

We request you to please register for updates and notifications at :
http://www.softaculous.com/board/index.php?act=register
It also inspires us when you register. Registration is free and just a one minute job.

If you need any support you can always count on us. Just drop in at our Support Board:
http://www.softaculous.com/board
Alternatively, you can contact us via Email at support@softaculous.com

Thank you for using Softaculous

How to Enable Logging for Email Subject Fields in Postfix Maillog

Postfix MTA basically just capture ‘From’ and ‘To’ field while the subject is not logged to the maillog. There are simple steps to enable logging of the e – mail subject in postfix maillog. This will very useful for email administrators when performing troubleshooting of problems related with email.

1. Assume that postfix has been installed. Open the postfix main configuration file :
# vi /etc/postfix/main.cf
2. Uncomment the following :
..
..
header_checks = regexp:/etc/postfix/header_checks
..
..
3. Open /etc/postfix/header_checks file and add the following line at the bottom :
# vi /etc/postfix/header_checks
..
..
/^Subject:/     WARN
4. Run postmap to apply the new configuration in /etc/postfix/header_checks :
# postmap /etc/postfix/header_checks :
5. Restart or reload postfix configuration :
# service postfix restart

or

# postfix reload
6. Test send email with subject:test-ABC :
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 centos66.ehowstuff.local ESMTP Postfix
ehlo abc.com
250-centos66.ehowstuff.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:admin@ehowstuff.com
250 2.1.0 Ok
rcpt to:admin@ehowstuff.com
250 2.1.5 Ok
data
354 End data with .
subject:test-ABC
.
250 2.0.0 Ok: queued as 196AD1FDEA
quit
221 2.0.0 Bye
Connection closed by foreign host.
7. Please confirm that the subject “test – ABC” is appearing in the log :
# tail -f /var/log/maillog
Apr  6 23:41:28 centos66 postfix/smtpd[4919]: connect from localhost[::1]
Apr  6 23:41:58 centos66 postfix/smtpd[4919]: 196AD1FDEA: client=localhost[::1]
Apr  6 23:42:07 centos66 postfix/cleanup[4924]: 196AD1FDEA: warning: header subject:test-ABC from localhost[::1]; from= to= proto=ESMTP helo=
Apr  6 23:42:07 centos66 postfix/cleanup[4924]: 196AD1FDEA: message-id=<20150406154158.196AD1FDEA@centos66.ehowstuff.local>
Apr  6 23:42:07 centos66 postfix/qmgr[4914]: 196AD1FDEA: from=, size=365, nrcpt=1 (queue active)
Apr  6 23:42:09 centos66 postfix/smtpd[4919]: disconnect from localhost[::1]

Postfix_logo

NGINX DDos Attack Tutorial – Implement Basic Protection

DDoS attacks are usually intended to paralyze websites and web services and it is better to mitigate it at the firewall level. But for the web server that runs on Nginx, I have prepared a basic step to provide DDoS protection which proved to work for small-scale DDoS attacks and DDoS attacks that aimed at applications. This DDos Attack Tutorial protection for Nginx guidelines has been tested on CentOS 6, CentOS 7, RHEL 7 and Oracle Linux 7. This steps may work on your environment but please note that this guidelines is not an official document and official recommendation from Nginx website.

DDos Attack Tutorial – Implement Basic Protection for Nginx :

1. In /etc/nginx/nginx.conf, include the following parameters :

client_body_buffer_size 128k;
large_client_header_buffers 4 256k;
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;
server {
    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;
}

2. Then restart or reload your Nginx service to apply DDoS protection for Nginx :

# /etc/init.d/nginx restart

or

# /etc/init.d/nginx reload

Explanation :

a) Limit the number of connections per single IP :

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

b) Limit the number of requests for a given session :

limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;

C) Zone which we want to limit by upper values, we want limit whole server :

server {
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;
}

If your WordPress is under DDoS attack, you will get the following log into Nginx files domain.access.log :

1.2.3.4 - - [25/Mar/2015:16:52:38 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"

Here is an example of the results after you perform basic DDoS protection for Nginx :

2015/03/28 11:44:33 [error] 22370#0: *71492 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71493 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71494 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71498 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71502 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71506 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"

Hope this DDos Attack Tutorial to Implement Basic Protection on NGINX help!!

DDos Attack Tutorial

How to Enable and Grant Remote Access to MySQL Database Server

For reasons of security, remote access to MySQL database server is disabled by default because they are considered potential security threats. However, due to some reason, it is necessary to allow access from a remote location or web server. Let assume that we are making connection from remote web server IP called 192.168.0.3 for database called db1 for user user1 at remote MySQL server, 192.168.0.2, then we need to grant access to this IP address.

If the remote access is not enable you will get this error :

ERROR 1130 (HY000): Host ‘192.168.0.3’ is not allowed to connect to this MySQL server

IP Adress 1 : 192.168.0.2 – MySQL Server
IP Adress 2 : 192.168.0.3 – Web Server (Nginx or Apache)

Steps to Enable and Grant Remote Access to MySQL Database Server

1. Edit the my.cnf file :

# vim /etc/mysql/my.cnf

Comment out or remove below line :

#bind-address           = 127.0.0.1

2. The following command will allow access to the MySQL database(192.168.0.2) from a remote web server IP address(192.168.0.3):

mysql> create user 'user1'@'192.168.0.3' identified by 'PASSWORD';
mysql> grant all on db1.* to 'user1'@'192.168.0.3';

3. Test the connection from the remote web server :

# mysql -u user1 -pPASSWORD -h 192.168.0.2

4. Verify the user privileges for user1 :

mysql> select * from information_schema.user_privileges where grantee like "'user1'%";

5. In case you want to revoke all options the access from all machine or web server(192.168.0.3) only :

mysql> revoke all privileges, grant option from 'user1'@'%';
mysql> revoke all privileges, grant option from 'user1'@'192.168.0.3';

database

How To Get Email Alerts for SSH Login on Linux Server

Enable SSH server on a virtual private server (VPS) will expose the server to the internet and provide opportunities for hacking activities, especially when VPS still using root as a primary access. VPS should be configured with a email alert automatically to each successful login attempts via SSH server . VPS server owner shall be notified of any SSH server access log, such as who, when and which source IP address. This is an important security concern for server owners to protect the server from unknown login attempts. This is because if hackers use brute force to log into your VPS via ssh then it can be very dangerous. In this article, I will explain how to set up an email alert to all SSH login users on linux CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Login to your server as root user :

2. Configure at alert from source global definitions (/etc/bashrc). This will enabled for root and normal users :

[root@vps ~]# vi /etc/bashrc

Add the following at the bottom of the files.

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

3. Optionally you can enable alert for root only :

[root@vps ~]# vi .bashrc

Add the following at the bottom of /root/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

Full Configuration file example :

# .bashrc

# User specific aliases and functions

alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

# Source global definitions
if [ -f /etc/bashrc ]; then
        . /etc/bashrc
fi
echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

4. Optionally you can enable alert for specify normal user (e.g skytech ) :

[root@vps ~]# vi /home/skytech/.bashrc

Add the following at the bottom of /home/skytech/.bashrc :

echo 'ALERT - Root Shell Access (vps.ehowstuff.com) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`" recipient@gmail.com

fail2ban-security

How to Use Fail2ban to Stop/Prevent SSH Brute Force on Linux

Brute-force break-in attempts are quite frequent against the SSH server. However, there is an open source software that can help you deal with this problem automatically, namely fail2ban. Fail2ban provides a way to protect private virtual server( VPS ) from malicious behavior by intruders or hackers automatically. This program works by scanning through log files and respond to unsuccessful login attempts and repeated login attempts. Here are the steps on how to implement fail2ban and steps have been tested on CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Install fail2ban :

# yum install fail2ban -y

2. Make a copy of original config file :

# cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

3. Update jail.local configuration file :

# vi /etc/fail2ban/jail.local

Add as below :

[ssh-iptables]

enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=receipient@gmail.com, sender=fail2ban@ehowstuff.com, sendername="Fail2Ban"]
logpath  = /var/log/secure
maxretry = 5

4. Configure the prefered “bantime”, “findtime” and “maxretry” before a host get banned :

# vi /etc/fail2ban/jail.local

Update to the following :

..
..
# "bantime" is the number of seconds that a host is banned.
bantime  = 7200

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
maxretry = 3
..
..

5. Verify sshd filter file :
You can verify the default sshd filter file.

# vi /etc/fail2ban/filter.d/sshd.conf

6. Restart fail2ban :

# service fail2ban restart

7. After a few hours of implementation, fail2ban start capturing and banned for such violence and attempts to guess the password for my VPS. Look at the log at path /var/log/secure for monitoring :

# tail -f /var/log/secure
Mar  3 13:37:59 rn sshd[30681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:02 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:05 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:07 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:09 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:12 rn sshd[30681]: Failed password for root from 115.231.218.57 port 2919 ssh2
Mar  3 13:38:13 rn sshd[30681]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:48 rn sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:38:50 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:52 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:54 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:56 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:38:58 rn sshd[30702]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:00 rn sshd[30704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:02 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:04 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:07 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:09 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:11 rn sshd[30704]: Failed password for root from 115.231.218.57 port 3090 ssh2
Mar  3 13:39:12 rn sshd[30704]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57  user=root
Mar  3 13:39:24 rn sshd[30708]: Invalid user admin from 115.231.218.57
Mar  3 13:39:24 rn sshd[30708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57
Mar  3 13:39:26 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:27 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:30 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:33 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: Failed password for invalid user admin from 115.231.218.57 port 2898 ssh2
Mar  3 13:39:35 rn sshd[30708]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.231.218.57

8. Fail2ban start to ban and unban after two hours :

# tail -f /var/log/messages
Mar  3 13:38:13 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Ban 115.231.218.57
Mar  3 13:38:58 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:12 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:33 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:39:56 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:20 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:30 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:41 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 13:40:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:30:46 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:31:35 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:34 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:32:51 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:02 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:32 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:43 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:33:54 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:34:06 rn fail2ban.actions[25912]: INFO [ssh-iptables] 115.231.218.57 already banned
Mar  3 15:38:14 rn fail2ban.actions[25912]: WARNING [ssh-iptables] Unban 115.231.218.57

9. All the ban action followed by the email trigger as per screenshot :
fail2ban-1

fail2ban-security

10. Check the Which IP already listed in the ban list :

# iptables -L
..
..
Chain fail2ban-NoAuthFailures (1 references)
target     prot opt source               destination
REJECT     all  --  141.101.98.8         anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.210.231      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.221.246      anywhere            reject-with icmp-port-unreachable
REJECT     all  --  108.162.238.35       anywhere            reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

How to Check and Verify the Version of Python on CentOS 6 / CentOS 7

Python is a popular programming language, which is widely used, high-level programming languages ??and has a design philosophy that emphasizes code readability. It is considered as a programming language that is easy to learn and master because of its focus on readability. Python syntax allows programmers to express concepts in fewer lines of code as possible in languages ??other programming such as C ++ or Java. This article show you how to check and verify the version of Python on CentOS 6, CentOS 7, RHEL 6 and RHEL 7.

1. Check Python version :

[root@vps ~]# python --version
Python 2.7.5

2. Enter python command line :

[root@vps ~]# python
Python 2.7.5 (default, Jun 17 2014, 18:11:42)
[GCC 4.8.2 20140120 (Red Hat 4.8.2-16)] on linux2
Type "help", "copyright", "credits" or "license" for more information.

3. To exit, run the following command :

>>> quit()

How to Install Varnish 4 on CentOS 6 / CentOS 7

Varnish is an open source web accelerator typically run in front of web servers such as Apache or Nginx. It is also known as HTTP reverse proxy and designed to serve static content, such as images, stylesheets or scripts. Varnish will keep copies of pages from page revisit the same web server ( Apache or Nginx ) and re-use the cached copy for subsequent requests. This will help dynamic website such as wordpress or joomla improve in website response times and also will reduce the server load.

Varnish is also can be downloaded from EPEL (Extra Packages for Enterprise Linux) package repositories but the new major versions will not hit EPEL and it is not necessarily up to date. The following steps will describe how we can install Varnish 4 on CentOS 6 and CentOS 7.

Install Varnish 4 on CentOS 6 :

1. Prepare varnish repository :

# rpm -Uvh http://repo.varnish-cache.org/redhat/varnish-4.0/el6/noarch/varnish-release/varnish-release-4.0-4.el6.noarch.rpm

2. Prepare EPEL repository :

# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

3. Install Varnish :

# yum install varnish -y

4. Start varnish and make varnish start at boot :

# service varnish start
# chkconfig varnish on

Install Varnish 4 on CentOS 7 :

1. Prepare EPEL repository :

# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
# rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

Or alternatively you can install by using yum command :

# sudo yum install epel-release -y

2. Install Varnish :

# sudo yum install varnish -y

3. Start varnish and make varnish start at boot :

# sudo systemctl start varnish.service
# sudo systemctl enable varnish.service

varnish-cache

How to Hide PHP Version in Linux

In general, most of the web server software has been installed with default settings that will lead to information leakage. One of them is a PHP software. PHP (Hypertest Preprocessor) is one of the most popular server-side HTML embedded scripting language for the websites today. In the current challenging times, there are lots of attacker will try to discover the weaknesses in your your server system. Hence, i will describe the simple way to hide the PHP information in Linux server.

By default expose_php is set to On. Turning off the “expose_php” parameter causes that PHP will hide it version details.

[root@centos66 ~]# vi /etc/php.ini

In your php.ini, locate the line containing expose_php On and set it to Off:

expose_php = Off

Before the changes, web server header will look like below :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache

After the changes, PHP will no longer show the version to the web server header :

[root@centos66 ~]# curl -I https://webhostinggeeks.com/howto/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 11 Feb 2015 15:38:14 GMT
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
X-Pingback: https://webhostinggeeks.com/howto/xmlrpc.php
Date: Wed, 11 Feb 2015 14:10:43 GMT
X-Page-Speed: 1.9.32.2-4321
Cache-Control: max-age=0, no-cache

How to Disable Autostart for a Service at boot on Linux CentOS 7 / RHEL 7

Question : Due to some reason, I had to stop a service on linux CentOS 7. But when i restarted the server, the service starts again automatically. How to stop or disabled auto start services at boot ?

Answer : Just issue the following command to disabled auto start for particular service.

Syntax :

sudo systemctl disable <service-named>.service

Example :

[root@centos7 ~]# sudo systemctl disable named-chroot.service
rm '/etc/systemd/system/multi-user.target.wants/named-chroot.service'

How to Reclaim Free Space for Linux Root Partition using Zerofree

This article discussed about how we can reclaim the free space for linux root partition that was implemented using thin provisioned disks in Linux VMware virtual machine (VM). Common advantages by implementing thin provisioned disks in VMware is the administrator are able to over-allocate storage because the provisioned thin disks consume only the space used. The concept of thin provisioning disk disregard either the operating system running on Linux or Windows. However, by using thin provisioned disks, you will find that vmdk file size still expands over the time whenever you install, uninstall or delete applications in VM. You will noticed that the vmdk file size does not shrink or return to its previous size. When this happens to the linux VM, we need to use zerofree utility to reclaim and shrink the free space. The following steps is mainly to reclaim free space for linux root partition, tested in CentOS 7 and RHEL 7.

1. Install “zerofree” on your virtualbox guest machine.

2. Run this command to boot into rescue mode :

# systemctl rescue

3. In the rescue mode, enter root password :

4. Mount the root partition as read-only. Then run zerofree command. Once zerofree command complete, kindly reboot the VM.

reclaim-freespace-zerofree-1

# mount -o remount, ro /dev/mapper/centos-root
# zerofree -v /dev/mapper/centos-root

5. Do a virtual clone V2V using vCenter or vmkfstool command. You will notice the vmdk size reduce to only the space used.