How to Install phpMyAdmin on Ubuntu 14.04

phpMyAdmin is a open source software that intended to manage and administer MySQL over the Web browsers and it was written in PHP. It is one of the most popular tools for managing the MySQL database and you’ll need to install and configure Apache, PHP, and the PHP MySQL in order to make it run perfectly. Follow the following steps to install phpMyAdmin on Ubuntu 14.04 virtual private server (VPS)and dedicated server.

1. Assumed that Apache web server and MySQL database server has been prepared.

2. Install phpmyadmin :

ehowstuff@ubuntu14:~$ sudo apt-get install phpmyadmin -y

phpmyadmin-ubuntu14-1
phpmyadmin-ubuntu14-2

3. Configure Apache :

ehowstuff@ubuntu14:~$ sudo vi /etc/phpmyadmin/apache.conf

Add IP as below :

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        Require ip 127.0.0.1 192.168.0.0/24
        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_admin_flag allow_url_fopen Off
                php_value include_path .
                php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
                php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/
        </IfModule>

</Directory>

4. Restart Apache :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]
ehowstuff@ubuntu14:~$

5. Access to “http://IP_address/phpmyadmin/” and login to MySQL.
phpmyadmin-ubuntu14-3

How to Install ClamAV on Ubuntu Server 14.04

Linux system is design to makes it hard for viruses to run and that why it is more secure than windows operating system. However we still need to install Clam AntiVirus (ClamAV) on linux server to protect it from virus. This because the linux malware and viruses are increasing everyday. ClamAV is free antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats and one of the main uses is on main servers as server-side email virus scanner. ClamAV can be integrate with mail servers to scan the attachment and files. This article will describe on how to install ClamAV on Ubuntu Server 14.04 virtual private server (VPS) or dedicated server.

install clamav ubuntu server

How to Install ClamAV on Ubuntu Server 14.04

1. Install clamav and clamav-daemon. Clamav daemon is for automated use.

ehowstuff@ubuntu14:~$ sudo apt-get install clamav clamav-daemon -y

2. Update the clamav pattern file :

ehowstuff@ubuntu14:~$ sudo freshclam

3. Check files in the all users home directories:

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
[sudo] password for ehowstuff:
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.139 sec (0 m 20 s)
ehowstuff@ubuntu14:~$

4. Download test virus :

ehowstuff@ubuntu14:~$ wget http://www.eicar.org/download/eicar.com
--2014-05-24 15:05:13--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 188.40.238.250
Connecting to www.eicar.org (www.eicar.org)|188.40.238.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: âeicar.comâ

100%[==========================================================>] 68          --.-K/s   in 0s

2014-05-24 15:05:13 (8.12 MB/s) - âeicar.comâ saved [68/68]

5. Check again the directory should contain the downloaded test virus :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 19.874 sec (0 m 19 s)

6. Scan and remove virus files :

ehowstuff@ubuntu14:~$ sudo clamscan --infected --remove --recursive /home
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND
/home/ehowstuff/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.930 sec (0 m 20 s)

7. Scan again home directory. The downloaded virus file should be remove now :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.151 sec (0 m 20 s)

8. Start clamav-daemon (clamd):

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon start
 * Starting ClamAV daemon clamd                                                              [ OK ]

9. Check clamd status :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon status
 * clamd is running

10. Start and check the status of clamav-freshclam :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam start
 * Starting ClamAV virus database updater freshclam                                          [ OK ]
ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam status
 * freshclam is running

11. Verify ClamAV version number :

ehowstuff@ubuntu14:~$ sudo clamdscan -V
ClamAV 0.98.1/19025/Sat May 24 10:04:32 2014

12. See more option for clamscan by issue “sudo clamscan –help” command:

ehowstuff@ubuntu14:~$ sudo clamscan --help

                       Clam AntiVirus Scanner 0.98.1
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

I hope this article gives you some ideas and essential guidance on how to install clamav ubuntu server 14.04 virtual private server (VPS) or dedicated server.

 

How to Hide Apache Information on Ubuntu VPS/Dedicated Web server

By default the sensitive server information such as of Apache version, modules, operating System was not hide from the HTTP Header. This information will be display when there is a request to it. Attackers can use those information when they performing attacks to your VPS webserver. This post will show you how to hide apache details on Ubuntu 14.04 VPS or dedicated server.

1. Modify security.conf :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf

Change “ServerTokens OS” to “ServerTokens Prod” then
Change “ServerSignature On” to “ServerSignature Off”

..
..
ServerTokens Prod
..
..

..
ServerSignature Off
..
..

2. After done the changes, restart the apache2 :

ehowstuff@ubuntu14:~$ sudo service apache2 restart
 * Restarting web server apache2                                                             [ OK ]

3. Perform the following command before change and after change the configuration :

ehowstuff@ubuntu14:~$ sudo curl -I http://192.168.0.114

The result should be as below :

Before :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:25:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

After hide should be like this :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:29:50 GMT
Server: Apache
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

Done!!

How to Secure your MySQL On VPS or Dedicated Server

Running a WordPress on a Virtual private Server or dedicated server is not an easy as running a WordPress on shared hosting server. There are a few things need to install and configure. Basically you will need web server(Apache, Nginx or Lighttpd) and database server(MySQL). The most popular database for WordPress platform is MySQL. Installation of the MySQL is very easy, but most of the webmaster will facing difficulties on the configuration part. Therefore i have prepared the article that will cover configuring and securing your MySQL on Virtual private Server(VPS) or on dedicated server. MySQL database is actually the brain of your website or blog. It will store all the configuration information, the posts, comments, login information, user information and etc. This article assumed that you already installed the MySQL server on your VPS or dedicated server and then you may proceed to configure and harden it as below :

1. Run pre-install mysql script, mysql_secure_installation. This will do the following :

a) Set the root password ensures that nobody can log into the MySQL root user without the proper authorization.
b) Remove anonymous users
c) Remove test database and access to it
d) Normally, root should only be allowed to connect from ‘localhost’. Disallow root login remotely if you want. However i prefer to disallow it later

[root@mysql-server ~]# /usr/bin/mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

2. List of MySQL users, make sure all users have password :

mysql> SELECT User,Host,Password FROM mysql.user;
+---------------+-------------+-------------------------------------------+
| User          | Host        | Password                                  |
+---------------+-------------+-------------------------------------------+
| root          | localhost   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | mysql       | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| root          | 127.0.0.1   | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| wordpressuser | 192.168.0.5 | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+---------------+-------------+-------------------------------------------+
4 rows in set (0.00 sec)

3. Set a strong password for the MySQL root account and also existing user account :

Existing user account :

mysql> select Host,User,Password from user;
+-------------+---------------+-------------------------------------------+
| Host        | User          | Password                                  |
+-------------+---------------+-------------------------------------------+
| localhost   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| mysql       | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 127.0.0.1   | root          | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
| 192.168.0.5 | wordpressuser | *2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19 |
+-------------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

Set new strong password :

mysql> set password for 'root'@'localhost'=password('newstrongpassword');
mysql> set password for 'root'@'127.0.0.1'=password('newstrongpassword');
mysql> set password for 'wordpressuser'@'192.168.0.5'=password('newstrongpassword');

4. Make sure logging such as general_log, slow_query_log and log-error has been enabled in mysql :

[root@mysql-server ~]# vim /etc/my.cnf
[mysqld]
..
..
..
general_log_file=/var/log/mysql/mysqld.log
general_log=1
slow_query_log_file=/var/log/mysql/mysqld.slow.log
slow_query_log=1

[mysqld_safe]
log-error=/var/log/mysql/mysqld.error.log
...
..

Create folder for mysql log and change the folder owner to mysql:

[root@mysql-server ~]# chown -R mysql:mysql /var/log/mysql

Verify the logs :

[root@mysql-server ~]# ll /var/log/mysql
total 12
-rw-r----- 1 mysql mysql 3547 Apr  7 16:57 mysqld.error.log
-rw-rw---- 1 mysql mysql  373 Apr  7 16:58 mysqld.log
-rw-rw---- 1 mysql mysql  174 Apr  7 16:57 mysqld.slow.log

This Will help administrators to monitor critical events and helps in troubleshooting.

Reference : http://dev.mysql.com/doc/refman/5.7/en/server-logs.html

Once you have done above configuration, make sure yo restart the mysqld service :

[root@mysql-server ~]# service mysqld restart
Stopping mysqld:                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

Note : This configuration and hardening practice is very basic, you can fine tune your database based on your expected security level and also you can implement host iptables, physical firewall protection and operating system hardening in order to protect the MySQL server. You may refer to “Securing and Hardening Linux Dedicated Server

How to Setup Webmin 1.620 using YUM repository on CentOS 6.4 VPS

webminThis post will brief you on how to setup Webmin 1.620 using yum repository in CentOS 6.4 virtual private server (VPS). Webmin is an open source system administration and system configuration tool which provide you web-based interface to manage, administer and configure your CentOS VPS or dedicated server through web browser. It’s provide graphical interface remote administration instead of manually edit the configuration using command line from putty or console.

1. Enabling Yum repository for Webmin. Create the /etc/yum.repos.d/webmin.repo file containing :

[root@centos64 ~]# vi /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

2. Fetch and install my GPG key :

[root@centos64 ~]# wget http://www.webmin.com/jcameron-key.asc
[root@centos64 ~]# rpm --import jcameron-key.asc

3. Run “yum install” command to install all required dependencies :

[root@centos64 ~]# yum install webmin -y

Example :

[root@centos64 ~]# yum install webmin -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: mirrors.hostemo.com
 * extras: mirrors.hostemo.com
 * updates: mirrors.hostemo.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package webmin.noarch 0:1.620-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package                Arch                   Version                 Repository              Size
====================================================================================================
Installing:
 webmin                 noarch                 1.620-1                 Webmin                  21 M

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 21 M
Installed size: 21 M
Downloading Packages:
webmin-1.620-1.noarch.rpm                                                    |  21 MB     04:09
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : webmin-1.620-1.noarch                                                            1/1
Operating system is CentOS Linux
Webmin install complete. You can now login to http://centos64.ehowstuff.local:10000/
as root with your root password.
  Verifying  : webmin-1.620-1.noarch                                                            1/1

Installed:
  webmin.noarch 0:1.620-1

Complete!

4. By default Webmin runs on port 10000, therefore port 10000 need to be open in order to allow you to access web base interface remotely.

[root@centos64 ~]# vi /etc/sysconfig/iptables

Add the following rule to existing iptables firewall :

-A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

Restart IPtables :

[root@centos64 ~]# service iptables restart

5. Access and login to Webmin using URL http://serveripaddress:10000/

Linode VPS – Lish SSH Gateway

We’re rolling out a new Lish SSH gateway that simplifies Lish by introducing a single place to access Lish for all of your Linodes, regardless of their host or datacenter. It eliminates the need for per-Linode Lish passwords and SSH keys. Instead, the Lish gateway uses your existing Linode Manager credentials for authentication. You will also notice a new “Lish SSH Keys” field in the My Profile section of the Linode Manager, where you can submit SSH public keys to authenticate yourself to these new Lish gateway boxes.

To provide a little background, Lish is the Linode Shell. It provides you with the ability to issue reboot and shutdown jobs, check the status of your Linode, and most importantly, access and interact with the console of your running Linode. Lish is an out-of-band console, which means you can access it even when your Linode’s networking is disabled.

Previously, each Linode required its own Lish SSH username, password, and SSH keys. Access to Lish was via a direct SSH connection to your Linode’s host machine. In the coming weeks, we will be completely removing host access from the public Internet, and as such the old Lish access methods will no longer function.

Lish-via-SSH into hosts will cease to function on Friday, May 10, 2013 1:00PM EDT.  As such, please adjust any scripts or aliases to utilize the new Lish gateway.

When you log in to the new Lish gateway, you’ll see a list of your Linodes and their locations, as shown below:

$ ssh caker@lish-newark.linode.com 
Linodes located in this data center:
linode2345           Newark, NJ
linode3456           Newark, NJ
linode4567           Newark, NJ

Linodes located in other data centers:
sandbox              Dallas, TX
linode5678           Dallas, TX
[caker@lish-newark.linode.com]#

Then, at the command prompt, you can enter the name of the Linode to which you want to make your Lish connection. In the example shown above, you could enter “linode2345? to access the Lish console for linode2345. Once you’re on a specific Linode, Lish will work like it always has. When you exit linode2345?s Lish, you’ll be taken back to the gateway menu.

You can also do tricks like this to bypass the menu all together:

$ ssh -t caker@lish-newark.linode.com linode2345

And like this to send commands directly to a Linode’s Lish:

$ ssh -t caker@lish-newark.linode.com linode2345 logview

We’ve set up Lish gateways in all six data centers. You can use any gateway to get to any Linode, but we recommend using the one geographically closest to you or your Linodes. Here are the Lish gateway boxes:

  • lish-tokyo.linode.com
  • lish-fremont.linode.com
  • lish-dallas.linode.com
  • lish-atlanta.linode.com
  • lish-newark.linode.com
  • lish-london.linode.com

The Lish gateway boxes are accessible via both IPv4 and IPv6. The Ajax method of connecting to your Linode’s Lish is unaffected by these changes.

Enjoy!
-Chris

Click here for full Story

Linode NextGen: RAM Upgrade

This is the third and final post in a series about Linode: NextGen. The first post in the series focused on network upgrades and the second post focused on host hardware. This post announces yet another upgrade, and discusses the upgrade procedure and availability.

We’re doubling the RAM on all of our plans. This upgrade is available to existing and new customers. New Linodes will automatically be created with the new resources. Existing Linodes will need to go through the Upgrade Queue to receive the upgrades.

The new Linode plans lineup is now the following:

PlanRAMDiskXFERCPUPrice
Linode 1G1 GB24 GB2 TB8 cores (1x priority)$20 / mo
Linode 2G2 GB48 GB4 TB8 cores (2x priority)$40 / mo
Linode 4G4 GB96 GB8 TB8 cores (4x priority)$80 / mo
Linode 8G8 GB192 GB16 TB8 cores (8x priority)$160 / mo
Linode 16G16 GB384 GB20 TB8 cores (16x priority)$320 / mo
Linode 24G24 GB576 GB20 TB8 cores (24x priority)$480 / mo
Linode 32G32 GB768 GB20 TB8 cores (32x priority)$640 / mo
Linode 40G40 GB960 GB20 TB8 cores (40x priority)$800 / mo

Upgrade Queue

Here’s how to get the upgrade for your existing Linode: Log into the Linode Manager and view your Linode’s Dashboard, where you’ll have a new “Upgrade Available” box on the right-hand side. This links to a page describing the upgrade process, which is very simple. Simply click the button and your Linode will enter the Upgrade Queue. While in the queue, your Linode can remain booted.

Once it’s your Linode’s turn in the queue, your Linode will be shut down, upgraded, and migrated to another host. The migration will take about 1 minute per GB of disk images. After the migration has completed, your Linode will be returned to its last state (booted or shutdown) – but with the new RAM!

Full disclosure: the new plans are $0.05 more expensive per month. We did this to get rid of the legacy $19.95, $39.95, $59.95, etc pricing model in favor of a simpler $20, $40, $60 model. The upgrade is not mandatory, so if you’re not down with the 5 cent increase you can keep your existing resources and pricing.

Upgrade Availability

We’ll be enabling the upgrade by data center very soon, with the exception of Fremont which may take another week or two – we’ll be explaining more on Fremont in another post.

Fremont, CA: TBD
Dallas, TX: Upgrades are available
Atlanta, GA: Upgrades are available
Newark, NJ: Upgrades are available
London, UK: Upgrades are available
Tokyo, JP: Upgrades are available

Check back regularly for updates for your data center.

Linode NextGen Recap

This has been a great couple of weeks for Linode and our customers. We’ve spent millions improving our network, a fleet refresh with new hardware and 8 core Linodes, and now this: doubling your RAM without doubling the price. Enjoy!

-Chris

Click here for full Story

Securing and Hardening Linux Dedicated Server

securing linuxWhen we hosted the linux dedicated server or virtual private server(VPS) in a data center, security of the system is very important in order to ensure the data and the information are safe from the hackers. Securing and hardening linux dedicated server is mandatory when nearly every computing resources and the application systems is online and susceptible to attack. This post share basic security and hardening tips for the linux dedicated server. If you are plan to host your own linux dedicated server, then this post should able to provide you a good baseline and ideas. The following are the best practices to securing and hardening linux dedicated server :

1. Patching Linux Systems
2. Keep Linux Kernel and Software such as WordPress/Joomla Up to Date
3. Secure SSH
4. Enforcing Stronger Passwords and Password Aging
5. Disable Unnecessary Processes, Services and Daemons
6. Install a host based firewall to protect your dedicated server from unauthorized access
7. Implement Linux Kernel /etc/sysctl.conf hardening
8. Configure Logging and Auditing
9. Install And Use Intrusion Detection System

How to Setup Apache httpd on CentOS Dedicated Server

apachehttpdThe Apache HTTP Server is a free or open source Web server developed by the Apache Software Foundation (http://www.apache.org/). This post describes the basic steps to setup Apache httpd on CentOS 6.4 64 bit dedicated server to host the website and blog. Having dedicated web server, you will get more control and flexibility on the configuration and you does not share its resources with anyone else. With at least 2GB RAM, you will get fairly consistent load times and better speed if compared to shared hosting and virtual private server (VPS). Bloggers or webmasters can get reasonable dedicated server price starting at $139 at very reputable companies such as hostgator.

1. How to Install httpd :

[root@centos64 ~]# yum install httpd -y

2. How to Check Apache server version :

[root@centos64 ~]# httpd -V
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 22 2013 11:19:58
Server's Module Magic Number: 20051115:25
Server loaded:  APR 1.3.9, APR-Util 1.3.9
Compiled using: APR 1.3.9, APR-Util 1.3.9
Architecture:   64-bit
Server MPM:     Prefork
  threaded:     no
    forked:     yes (variable process count)
Server compiled with....
 -D APACHE_MPM_DIR="server/mpm/prefork"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_LOCKFILE="logs/accept.lock"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"

3. Change /etc/hosts file :

[root@centos64 ~]# vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.2.62 centos64.ehowstuff.local

4. Always backup the original configuration file before doing any changes :

[root@centos64 ~]# cp -p /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.backup.01042013

Note : -p mean preserve the specified attributes (default: mode,ownership,timestamps)

5. How to Configure httpd Apache service :

[root@centos64 ~]# vi /etc/httpd/conf/httpd.conf
ServerTokens Prod
KeepAlive On
ServerAdmin root@ehowstuff.local
ServerName www.ehowstuff.local:80
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
DirectoryIndex index.html index.cgi index.php
ServerSignature Off
#AddDefaultCharset UTF-8
AddHandler cgi-script .cgi .pl

6. Restart Apache httpd :

[root@centos64 ~]# /sbin/service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

7. How to configure Apache httpd auto start at boot :

[root@centos64 ~]# chkconfig httpd on

8. How to check the apache access log :

[root@centos64 ~]# tail -f /var/log/httpd/access_log
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2524 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 HTTP/1.1" 200 2146 "http://192.168.2.62/" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:35 +0800] "GET / HTTP/1.1" 200 71412 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"
192.168.2.52 - - [01/Apr/2013:23:14:36 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0"

9 Steps to Setup Dedicated Server for your Website

dedicated serverThere are different types of hosting services are used in the computer technology such as shared hosting, VPS (Virtual Private Server) and Dedicated Server hosting. For new websites with low numbers of visitors, I would highly recommend getting a shared hosting. If you need more control of the server, then you should moving from shared hosting to a VPS. There are plenty of hosting companies offering Virtual Private Servers, and VPS hosting is getting cheaper. This blog hosted at RamNode VPS.

At some point, your site will get super slow server performance impact on limited resources when running VPS hosting. More server resources required is due to the increased number of visitors to the tens of thousands or hundreds of thousands per day.

At the situation when you are hitting super slow website performance due to huge numbers of traffic, I would recommend you to getting dedicated servers. Cheaper way is to setup VPS additional to balance the load. If cost is not an issue, I always recommend you to purchase a dedicated server as this will give you excellent processing performance. In a dedicated server environment , resources such as memory , hard drive storage capacity, processing power, and network access are all 100% to dedicated servers instead of shared with multiple VPS or dozens of shared hosting customers. Popular websites on the Internet certainly have excellent servers behind them. Without such an excellent server, web sites with high concurrency of visitors will not be able to survive.

If you are an experienced system administrator, the following articles may not attract you, but for web developers and those new to the web hosting, the following article can be a useful guide on their first steps. I believe the popular website on the internet has been setup by a consultant who specializes in servers or installed by an experienced system administrator. In this article, I would like to share 9 steps to setup Dedicated Server for your Website.

Once you have purchased a dedicated server, you can log in to your server to complete the setup of your server from start to finish. Below is a guide and checklist for you who are new to server administration.

9 Steps to Setup Dedicated Server

1. Choose and Install Linux operating system :

Choosing the right platform on which to host your dedicated server. Please make sure that you are familiar with the preferred operating system (OS) either CentOS or Fedora or Ubuntu or maybe Windows OS. If you choose linux OS, I would recommend you to do a clean minimal installed of the OS.

2. Update operating system :

Make sure that the OS has been applied the latest patches.
How to Update CentOS 6.4 System using ‘yum update’

3. Install Apache or Nginx Web server :

Apache httpd is one of the most popular web servers and has a lot of features that make it very extensible and useful for many different types of websites. As an alternative to Apache http server, you also can install NGINX. Nginx or “engine x” is a free, open-source HTTP server that provide high-performance edge web server with the lowest memory footprint and the key features to build modern and efficient web infrastructure. I used Nginx to run this blog.

How to Setup Nginx With PHP-FastCGI on CentOS 6.2/CentOS 6.3 VPS Server

4. Install MySQL Database server :

MySQL server is a database server that can stores and retrieves data for the blog, websites and applications. It is one of the most popular most used in the internet especially for content management and blogging site.

5. Install PHP :

PHP: Hypertext Preprocessor is a widely used, free and open-source server-side scripting language that was especially designed for web development to produce dynamic web pages and can be embedded into HTML.

6. Install Bind DNS server :

BIND (the Berkeley Internet Name Domain) also known as NAMED is the most widely used DNS server in the internet. Bind DNS helps to resolve domain name to ip address and ip address to domain name.

7. Install FTP server :

File Transfer Protocol (FTP) is a network protocol used transfer file in the network. one of the most popular FTP server for Unix/Linux is vsftpd. Vsftpd stand for Very Secure FTP Daemon. Vsftpd not only just another popular FTP server for Unix/Linux systems, but vsftpd delivers excellent performance by consuming less memory.

8. Harden and Secure the dedicated server :

There are a few steps to harden the OS of dedicated server.
a) Install a host based firewall to protect your dedicated server from unauthorized access:
Once you have your web server running, you have to install host based firewall and open only certain port in your firewall. I would recommend you tosetting up iptables on your linux dedicated server.

b) Use Strong passwords :
Password complexity requirements should be in place to enforce strong password. A strong password should have mixed case, special characters, numbers, and be longer than 8 characters. Additional security, the passwords should be changed regularly.

c) Disable Unnecessary Processes, Services and Daemons :
I would recommend you to disable unneeded processes,services and daemon such as bluetooth, hidd, cups, yum-updatesd, ypbind, nfs, snmpd, saslauthd, netfs, gpm, pcmcia and sendmail. SELinux also should be set to “Disabled”. This is still very experimental so I would leave this disabled unless you really know what you are doing.

9. Install or migrate over the content of your website or blog :

You can start to migrate over the content of your website or blog to your new dedicated server. For dynamic content blog, i would recommend you to use WordPress as a platform. WordPress is an open-source blogging platform. It’s a free blogging tool and content management system (CMS) based on PHP and MySQL.

I hope that this 9 steps to setup dedicated server can be a useful guide on your first steps to have your own dedicated server to run a websites.

Linode Network Upgrades and 8 Cores Xen Instances

Linode Network Upgrade

Early of March 2013, Linode has performed network upgrade that improves throughput, decrease latency and
add redundancy at their host layer. They are upgrading overall network in all six datacenters in the US, Europe, and Asia-Pacific. With zero downtime, Linode customer will get outbound network cap increased 5 times and amount of outbound transfer increased 10 times as below :

Linode 512 upgraded from 200GB to 2000GB (2TB)
Linode 1G upgraded from 400GB to 4000GB (4TB)
Linode 2G upgraded from 800GB to 8000GB (8TB)
Linode 4G upgraded from 1600GB to 16000GB (16TB)
Linode 8G upgraded from 2000GB to 20000GB (20TB)

8 Cores Xen instances

8coreIn 18th March 2013, Linode has upgrading new “NextGen’ host hardware specification, CPUs and a fleet refresh. Linode has upgrades all Linodes to 8 cores Xen instances. Customer will require to schedule a downtime for reboot and then get doubling in computing power. Customer will get faster websites, services, and processing at the same price points. Another things that Linode need to improve is the drive speed. Will they go for SSDs in the future ?

How to Check Realtime RAM Memory Usage Available in Linux VPS

rhelOn the previous post, i have teach you on how to check the memory usage on linux virtual Private Server (VPS) but only top command had provide real-time information and updates . This quick post will covers on how to check realtime RAM memory usage available in Linux VPS using watch command. Watch runs command repeatedly, displaying its output change over time or at regular intervals. Watch will run until interrupted. This command has been tested on Redhat Linux Enterprise 6 (RHEL 6) and may working on CentOS 6.x as well.

The basic syntax of watch is :

# watch [option(s)] command

1. Check memory usage using “top” command. Watch command not required for top command as top will update the result periodically. :

[root@rhel6 ~]# top

2. Check memory usage using “/proc/meminfo” with watch command :

[root@rhel6 ~]# watch -n 1 cat /proc/meminfo

Output :

Every 1.0s: cat /proc/meminfo                                               Mon Oct 15 13:48:17 2012

MemTotal:        1031320 kB
MemFree:          626372 kB
Buffers:           58576 kB
Cached:           217004 kB
SwapCached:            0 kB
Active:           148516 kB
Inactive:         164708 kB
Active(anon):      37816 kB
Inactive(anon):       84 kB
Active(file):     110700 kB
Inactive(file):   164624 kB
Unevictable:           0 kB
Mlocked:               0 kB
HighTotal:        141256 kB
HighFree:            280 kB
LowTotal:         890064 kB
LowFree:          626092 kB
SwapTotal:       2064376 kB
SwapFree:        2064376 kB
Dirty:                 4 kB
Writeback:             0 kB
AnonPages:         37652 kB
Mapped:            19096 kB
Shmem:               264 kB
Slab:              81048 kB
SReclaimable:      62096 kB
SUnreclaim:        18952 kB
..
..
..

3. Check memory usage using “free” with watch command :

[root@rhel6 ~]# watch -n 1 free

Output :

Every 1.0s: free                                                            Mon Oct 15 13:47:26 2012

             total       used       free     shared    buffers     cached
Mem:       1031320     404548     626772          0      58564     217004
-/+ buffers/cache:     128980     902340
Swap:      2064376          0    2064376

4. Check memory usage using “vmstat” with watch command :

[root@rhel6 ~]# watch -n 1 vmstat

Output :

Every 1.0s: vmstat                                                          Mon Oct 15 13:46:44 2012

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 0  0      0 626280  58552 217004   30    0     0    14   46   73  0  1 98  1  0