Friday 20 September 2013

Fail2Ban Security

Fail2Ban Security

Fail2ban is very useful application for you, if you are managing security of server, or you are running your own vps or physical server. Fail2ban scan log files created on system and has ability to ban ips which found malicious bassed on configuration rules. We can use it for monitoring various system services logs like Apache, SSH and blog the ips which are trying to breach the system’s security

Simply, the Fail2ban application scans the log files and fetches the failed as well as fraudulent login attempts and blocks that particular IPs.
Generally Fail2ban application is used to update the iptables rules to reject. That means, this application find out the fraud IP address from the server log files and reject them for a particular time period by using iptables. It’s very helpful to protect the server from Brute-Force-Attack.By using the service Fail2ban, we can protect different services on the server like SSH, FTP, Apache, Lighttpd etc. The installation and configuration of Fail2ban is simple.


Write your personal IP address into the ignoreip line. You can separate each address with a space. 


IgnoreIP allows you white list certain IP addresses and make sure that they are not locked out from
your Server.
Including your address will guarantee that you do not accidentally ban yourself from your own server.

The next step is to decide on a bantime, the number of seconds that a host would be blocked from the server if they are found to be in violation of any of the rules.
This is especially useful in the case of bots, that once banned, will simply move on to the next target. The default is set for 10 minutes—you may raise this to an hour (or higher) if you like.

Maxretry is the amount of incorrect login attempts that a host may have before they get banned for the length of the ban time.

Findtime refers to the amount of time that a host has to log in.
The default setting is 10 minutes; this means that if a host attempts, and fails, to log in more than the maxretry number of times in the designated 10 minutes, they will be banned.



Fail2ban Installation Steps

#yum install gamin
#yum install fail2ban

#vi /etc/fail2ban/jail.conf

[DEFAULT]
ignoreip = 127.0.0.1/8 192.168.1.0/24
bantime  = 86400
findtime  = 600
maxretry = 5
backend = auto
usedns = warn

[sasl-iptables]
enabled  = true
filter   = sasl
backend  = auto
action   = iptables[name=sasl, port=smtp, protocol=tcp]
           sendmail-whois[name=sasl, sender=fail2ban@linukstricks.com,dest=devendra.joshi@linukstricks.com]
logpath  = /var/log/maillog

[postfix-iptables]
enabled  = true
filter   = postfix
action   = iptables[name=postfix, port=smtp, protocol=tcp]
           sendmail-whois[name=Postfix, sender=fail2ban@linukstricks.com,dest=devendra.joshi@linukstricks.com]
logpath  = /var/log/maillog
bantime  = 86400
maxretry = 3


[ssh-iptables]
enabled  = true
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest=root, sender=fail2ban@
linukstricks.com,dest=devendra.joshi@linukstricks.com]
logpath  = /var/log/secure



[proftpd-iptables]
enabled  = false
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD,

sender=fail2ban@linukstricks.com,dest=devendra.joshi@linukstricks.com]
logpath  = /var/log/proftpd/proftpd.log


[vsftpd-iptables]

enabled  = true
filter   = vsftpd
action   = iptables[name=VSFTPD, port=21, protocol=tcp]
           sendmail-whois[name=VSFTPD,
sender=fail2ban@linukstricks.com,dest=devendra.joshi@linukstricks.com] 
logpath  = /var/log/vsftpd.log
bantime  = 1800


#vi /etc/fail2ban/filter.d/sasl.conf

failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed

#vi  /etc/fail2ban/filter.d/postfix.conf
failregex = reject: RCPT from (.*)\[<HOST>\]: 554

#fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/sasl.conf
#fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf



#/etc/init.d/fail2ban restart
# chkconfig fail2ban on

#tail -f /var/log/fail2ban.log



Note :
1: Instead of 192.168.1.0/24  put your Local IP Pool.
2: Instead of devendra.joshi@linukstricks.com put your Email ID.

HAProxy+SSL+WAF+Apache

HAProxy+SSL+WAF+Apache


Ref:http://blog.exceliance.fr/2012/10/12/scalable-waf-protection-with-haproxy-and-apache-with-modsecurity/

http://blog.exceliance.fr/page/2/

http://blog.exceliance.fr/2012/09/10/how-to-get-ssl-with-haproxy-getting-rid-of-stunnel-stud-nginx-or-pound/

https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-Installation_for_Apache
----------------------------------------------------------------------------------------------------
1) Install Dependencies for Apache+ModSecurity
----------------------------------------------------------------------------------------------------
gcc
zlib-devel
openssl-devel
pcre-devel
apr-devel
libxml2-devel
libcurl-devel
expat-devel
ModSecurity 2.x works only with Apache 2.0.x or higher
mod_uniqueid
libapr and libapr-util
libpcre
libxml2
liblua v5.1.x
libcurl v7.15.1 or higher


----------------------------------------------------------------------------------------------------
2) Install HAProxy (frontend_http)
----------------------------------------------------------------------------------------------------
#cd /softwares/
#wget http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev17.tar.gz
#tar -zxvf haproxy-1.5-dev17.tar.gz
#cd haproxy-1.5-dev17
#make TARGET=linux2628 CPU=native USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1
#make PREFIX=/opt/haproxy-ssl install
#rm -rf /softwares/haproxy-1.5-dev17

-------------------------------------------------------------------------------------------------
3) Generate SSL Certificates using openssl
-------------------------------------------------------------------------------------------------
#cd /opt/haproxy-ssl/certs/
#openssl genrsa -out haproxy.key 1024
#openssl req -new -key haproxy.key -out haproxy.csr
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:MAHARASHTRA
Locality Name (eg, city) [Default City]:NAVI MUMBAI
Organization Name (eg, company) [Default Company Ltd]:example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:secure.example.com
Email Address []: root@secure.example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#openssl x509 -req -days 365 -in haproxy.csr -signkey haproxy.key -out haproxy.crt
#cat haproxy.key haproxy.crt > haproxy.pem
-------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------
4) Configure HAProxy to inbuild SSL Support
-------------------------------------------------------------------------------------------------
Note: Following file contains sample configuration
#vi /opt/haproxy-ssl/haproxy.cfg

# this config needs haproxy-1.5-dev17
global
     daemon
     maxconn      25000
defaults
     mode http
     timeout connect 15000ms
     timeout client 50000ms
     timeout server 50000ms
     timeout queue 60s
listen frontend_http *:80
     mode http
     acl no_waf nbsrv(bk_waf) eq 0
     use_backend bk_http if no_waf
     default_backend bk_waf
backend bk_waf
     mode http
     option  forwardfor
     server s1 127.0.0.1:83 maxconn 1024 check
listen frontend_waf *:8000
     mode http
     acl https_uri url_beg /https/
     redirect prefix https://secure.example.com if https_uri
     default_backend bk_http
frontend ft_https
     mode http
     bind 0.0.0.0:443 ssl crt /opt/haproxy-ssl/certs/haproxy.pem
     option forceclose
     option  forwardfor
     acl http_uri url_beg /
     acl https_uri url_beg /https/
     redirect prefix http://secure.example.com if !https_uri http_uri
     default_backend bk_http
backend bk_http
     mode http
#    cookie JSESSIONID prefix
     cookie SRV insert indirect nocache
     balance leastconn
     option forceclose
     option persist
option redispatch
     option  forwardfor
     server server1 127.0.0.1:81 cookie server1_cookie maxconn 1024 check
     server server2 127.0.0.1:82 cookie server2_cookie maxconn 1024 check
     acl force_sticky_server1 hdr_sub(server1_cookie) TEST=true
     force-persist if force_sticky_server1
     acl force_sticky_server2 hdr_sub(server2_cookie) TEST=true
     force-persist if force_sticky_server2

#/opt/haproxy-ssl/sbin/haproxy -f /opt/haproxy-ssl/haproxy.cfg
----------------------------------------------------------------------------------------------------



Note: Apache should be compile with --enable-unique-id --with-included-apr

----------------------------------------------------------------------------------------------------
5) Install Apache+Modsecurity (bk_waf)
----------------------------------------------------------------------------------------------------

#wget http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz
#tar -zxvf httpd-2.2.21.tar.gz
#cd httpd-2.2.21
#./configure --prefix=/opt/apache83_waf1 --enable-mods-shared=all --enable-so --enable-cgi --enable-proxy --enable-headers --enable-expires --enable-vhost-alias --enable-info --enable-rewrite --enable-speling        --enable-usertrack --enable-deflate --enable-ssl --enable-mime-magic --enable-unique-id --with-included-apr
#make
#make install
#vi /opt/apache83_waf1/conf/httpd.conf
Listen 83
User apache
Group apache
#/opt/apache83_waf1/bin/apachectl -k restart
#rm -rf /softwares/httpd-2.2.21


----------------------------------------------------------------------------------------------------
6) Install modsecurity
----------------------------------------------------------------------------------------------------
#wget http://www.modsecurity.org/tarball/2.7.2/modsecurity-apache_2.7.2.tar.gz
#tar -zxvf modsecurity-apache_2.7.2.tar.gz
#cd modsecurity-apache_2.7.2
#./configure --with-apxs=/opt/apache83_waf1/bin/apxs --with-apr=/opt/apache83_waf1/bin/apr-1-config --with-apu=/opt/apache83_waf1/bin/apu-1-config
#make
#make CFLAGS=-DMSC_TEST test
Note: If all tests are OK then run below command.
#make install

----------------------------------------------------------------------------------------------------
7) Download and Install ModSecurity Rules
----------------------------------------------------------------------------------------------------
#cd /softwares
#wget http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz/download
#tar -zxvf modsecurity-crs_2.2.5.tar.gz
#mv modsecurity-crs_2.2.5 /opt/modsecurity-crs
#mkdir -p /opt/apache83_waf1/modsecurity.d
#cd /opt/modsecurity-crs
#cp -r base_rules /opt/apache83_waf1/modsecurity.d/rules
#cp modsecurity_crs_10_setup.conf.example /opt/apache83_waf1/modsecurity.d/modsecurity_crs_10_setup.conf
----------------------------------------------------------------------------------------------------
#vi /opt/apache83_waf1/conf/httpd.conf
LoadFile /usr/lib64/libxml2.so
LoadFile /usr/lib64/liblua-5.1.so
LoadModule security2_module modules/mod_security2.so



     SecPcreMatchLimit 1000000
     SecPcreMatchLimitRecursion 1000000
     SecDataDir logs/



ServerName *
     AddDefaultCharset UTF-8

   
             Include modsecurity.d/modsecurity_crs_10_setup.conf
             Include modsecurity.d/rules/*.conf

             SecRuleEngine On
             SecRequestBodyAccess On
             SecResponseBodyAccess On
   

     ProxyPreserveHost On
     ProxyRequests off
     ProxyVia Off
     ProxyPass / http://127.0.0.1:8000/
     ProxyPassReverse / http://127.0.0.1:8000/


#/opt/apache83_waf1/bin/apachectl -k restart
#rm -rf /softwares/modsecurity-apache_2.7.2
> Verify security2_module is loaded using following command
#/opt/apache83_waf1/bin/httpd -M |  grep security2_module
----------------------------------------------------------------------------------------------------




----------------------------------------------------------------------------------------------------
8) Install Apache (bk_http i.e. server1)
----------------------------------------------------------------------------------------------------

#wget http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz
#tar -zxvf httpd-2.2.21.tar.gz
#cd httpd-2.2.21
#./configure --prefix=/opt/apache81_bk1 --enable-mods-shared=all --enable-so --enable-cgi --enable-proxy --enable-headers --enable-expires --enable-vhost-alias --enable-info --enable-rewrite --enable-speling        --enable-usertrack --enable-deflate --enable-ssl --enable-mime-magic --enable-unique-id --with-included-apr
#make
#make install
#vi /opt/apache81_bk1/conf/httpd.conf
Listen 81
User apache
Group apache
#/opt/apache81_bk1/bin/apachectl -k restart
#rm -rf /softwares/httpd-2.2.21
----------------------------------------------------------------------------------------------------


----------------------------------------------------------------------------------------------------
9) Install Apache (bk_http i.e. server2)
----------------------------------------------------------------------------------------------------

#wget http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz
#tar -zxvf httpd-2.2.21.tar.gz
#cd httpd-2.2.21
#./configure --prefix=/opt/apache82_bk2 --enable-mods-shared=all --enable-so --enable-cgi --enable-proxy --enable-headers --enable-expires --enable-vhost-alias --enable-info --enable-rewrite --enable-speling        --enable-usertrack --enable-deflate --enable-ssl --enable-mime-magic --enable-unique-id --with-included-apr
#make
#make install
#vi /opt/apache82_bk2/conf/httpd.conf
Listen 82
User apache
Group apache
#/opt/apache82_bk2/bin/apachectl -k restart
#rm -rf /softwares/httpd-2.2.21
----------------------------------------------------------------------------------------------------



----------------------------------------------------------------------------------------------------
10) Install mod_rpaf to get the client IP in the bk_waf and bk_web for both tracking and logging.
----------------------------------------------------------------------------------------------------

#cd softwares
#wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
#tar -zxvf mod_rpaf-0.6.tar.gz
#cd mod_rpaf-0.6

#/opt/apache83_waf1/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
#vi /opt/apache83_waf1/conf/httpd.conf
 LoadModule rpaf_module modules/mod_rpaf-2.0.so
 # mod_rpaf Configuration
 RPAFenable On
 RPAFsethostname On
 RPAFproxy_ips 127.0.0.1
 RPAFheader X-Forwarded-For
#/opt/apache83_waf1/bin/apachectl -k restart


#/opt/apache81_bk1/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
#vi /opt/apache81_bk1/conf/httpd.conf
 LoadModule rpaf_module modules/mod_rpaf-2.0.so
 # mod_rpaf Configuration
 RPAFenable On
 RPAFsethostname On
 RPAFproxy_ips 127.0.0.1
 RPAFheader X-Forwarded-For
#/opt/apache81_bk1/bin/apachectl -k restart


#/opt/apache82_bk2/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
#vi /opt/apache82_bk2/conf/httpd.conf
 LoadModule rpaf_module modules/mod_rpaf-2.0.so
 # mod_rpaf Configuration
 RPAFenable On
 RPAFsethostname On
 RPAFproxy_ips 127.0.0.1
 RPAFheader X-Forwarded-For
#/opt/apache82_bk2/bin/apachectl -k restart



#rm -rf /softwares/mod_rpaf-0.6
----------------------------------------------------------------------------------------------------

Great Server with Open Source File Sharing + DHCP + DNS Management + Samba 4 + Manage Users & Groups

I found one Server with following Great Tools & its opensource (with Ubuntu), its owsome ... 

Open Source

File Sharing
Manage Users & Groups
Auto Drive Mapping
DHCP/DNS Management
Samba 4 Domain Controlle

http://www.resara.org/


Guys Its such Great Server.. Must install once.... 

Saturday 14 September 2013

Open source network monitoring system

Open source network monitoring system

cd /opt/
wget http://www.netxms.org/download/netxms-1.2.6.tar.gz
tar zxvf netxms-1.2.6.tar.gz 
cd netxms-1.2.6
sh ./configure --with-server --with-mysql --with-agent
yum install gcc gcc-c++ autoconf automake
yum install mysql mysql-devel mysql-lib
sh ./configure --with-server --with-mysql --with-agent
make


mysql -u root -p 

CREATE DATABASE netxms;
GRANT ALL ON netxms.* TO netxms IDENTIFIED BY 'netxms';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'netxms'@'localhost'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;



Apache Setting :-

# vi /etc/httpd/conf/httpd.conf

& Add Following Line at End of File.

<VirtualHost *:80>
    ServerAdmin admin@linukstricks.com
    DocumentRoot "/opt/netxms-1.2.6"
    ServerName linukstricks.com
    ServerAlias www.linukstricks.com
    </VirtualHost>


Then Continue with your Installation.

SSH Authentication Using SSH keys Using PUTTY


Generate Public key on your system

#ssh-keygen -t rsa

vi /home/deva/.ssh/id_rsa.pub

copy content of id_rsa.pub & paste in to remote server's authorized_keys

if .ssh directory is not on remote server then follow the step


#mkdir ~/.ssh

#touch ~/.ssh/authorized_keys


& try to login on server



if u get this following error:-

Agent admitted failure to sign using the key.

Then type command


#ssh-add




### SSH Authentication Using SSH keys Using PUTTY###


At client machine:


> Generate Private and Public key using PUTTY key-gen


> Save Private and Public key at your machine for example under "Document" folder.


> Make sure that Private Key is saved with .ppk extention.


> Add public key on Remote server under $HOME/.ssh/authorized_keys file as per given procedure.


> In $HOME/.ssh/authorized_keys on server, cut/paste your public ssh key, on ONE LINE (That is very important!!!)


Do not add the BEGIN PUBLIC KEY or END PUBLIC KEY.

Do not add the rsa-key-20090614 at the end.

Make sure, there is ssh-rsa at the beginning, if its not in public key then add manually.


It should be something like:


ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBzPeFQv+295iKzuuPH0jA9449pSHVpCwXvCR9EstmYh...


>>>> On Server <<<<


Note: Disable Passwordauthentication in sshd_config file


#vi /etc/ssh/sshd_config

PasswordAuthentication no


#service sshd restart






#mkdir $HOME/.ssh

#touch $HOME/.ssh/authorized_keys

#chmod 700 $HOME/.ssh

#chmod 600 $HOME/.ssh/authorized_keys


Note: To add Public key on Server, Make sure spaces are not at the end or begining.


#vi $HOME/.ssh/authorized_keys

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChjD5jiLDPeC4jDF8kS8nN6eNzAb8D0ElqeUbCy6IGZqtqNwRnpcYxn2oixvN5wE1AXVXIFN4h2uf7zyWqtrJUXLPH6SRiOwbLeDgqUIJgxR+JNMR63GelDCwGDcbfn19pjcM1MA9e4Fj+u4yh+rqvJ+m98HXcQXHQF83zCN0Ly35VV6WtEXu+h89aHpGd9J6SynSGwq8EP24AAk/HFYgkQat2cnnwa/itlspQxQaRfg6LlHJc9h/YqPIg/xUO4yV+rCq6Sp84ztVOXlcKFAXMCvSICysJHqdVdMcazcvvFgNRFxpmAEKfCkW2TEtJScU1Jk+s8CNIdTUNjX3ha6Fd deva@DJ


## How to Login with ssh key using PUTTY##

Open PUTTY > Category > Connection > SSH > Auth


Under: Authentication Parameter > Browse Your Private key (.ppk) file

Then: Go to "Session" at the top of PUTTY

Login: Login by entring your server IP or Hostname

GLPI Inventory Setup

Go to http://pkgs.fedoraproject.org/repo/pkgs/glpi/glpi-0.72.21.tar.gz/495eacd40c30ccb9cd71e85f3af82009/

Download latest glpi tar.

#cd /opt

#wget http://pkgs.fedoraproject.org/repo/pkgs/glpi/glpi-0.72.21.tar.gz/495eacd40c30ccb9cd71e85f3af82009/glpi-0.72.21.tar.gz

#tar -zxvf glpi-0.72.21.tar.gz

Apache Setting :-

# vi /etc/httpd/conf/httpd.conf

& Add Following Line at End of File.

<VirtualHost *:80>

    ServerAdmin admin@linukstricks.com

    DocumentRoot "/extra/src/glpi"

    ServerName linukstricks.com

    ServerAlias www.linukstricks.com

    ErrorLog "logs/glpi/error_log"

    CustomLog "logs/glpi/access_log" common

</VirtualHost>

Mysql Setting :-

Create a MySQL database and user:

#mysqladmin -u root -p create glpi

Log into MySQL:

#mysql -u root -p

Create a user and grant it the appropriate privileges for your database:

#GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON glpi.* TO 'root'@'localhost' IDENTIFIED BY 'root';

#FLUSH PRIVILEGES;

#wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

#rpm -ivh remi-release-5.rpm

#wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

#rpm -ivh epel-release-5-4.noarch.rpm

#yum update php*

#yum install php*

#yum install php* --skip-broken

Access the glpi install with your browser for the web-based installation:

http://<yourserver>/glpi

#############################################################

Mentis Request Tracker



Mentis Request Tracker

http://sukhdevjadhav.blogspot.in/2010/12/how-to-install-mantis-on-fedora-14.html

#yum install httpd php php-pdo php-mysql php-gd mysql mysql-server

Go to the /var/www/html direcotory.

#wget -c http://space.dl.sourceforge.net/project/mantisbt/mantis-stable/1.2.4/mantisbt-1.2.4.tar.gz

#tar -zxvf mantisbt-1.2.4.tar.gz

#cd mantisbt-1.2.4

#chown -R apache.apache mantisbt-1.2.4

#cp config_inc.php.sample config_inc.php

#vim /var/www/html/mantisbt-1.2.4/config_inc.php

put appropriate database and host specific information

<?php

  $g_hostname = 'localhost';
  $g_db_type = 'mysql';
  $g_database_name = 'tracker';
  $g_db_username = 'mantisdbuser';
  $g_db_password = ''; ?>

# --- Anonymous Access / Signup ---

$g_allow_signup = ON;
$g_allow_anonymous_login = OFF;
$g_anonymous_account = '';



# --- Email Configuration ---

$g_phpMailer_method = PHPMAILER_METHOD_MAIL; # or PHPMAILER_METHOD_SMTP, PHPMAILER_METHOD_SENDMAIL
$g_smtp_host = 'localhost'; # used with PHPMAILER_METHOD_SMTP
$g_smtp_username = ''; # used with PHPMAILER_METHOD_SMTP
$g_smtp_password = ''; # used with PHPMAILER_METHOD_SMTP
$g_administrator_email = 'administrator@linukstricks.com';
$g_webmaster_email = 'webmaster@linukstricks.com';
$g_from_name = 'Mantis Bug Tracker';
$g_from_email = 'noreply@linukstricks.com'; # the "From: " field in emails
$g_return_path_email = 'admin@linukstricks.com'; # the return address for bounced mail
$g_email_receive_own = OFF;
$g_email_send_using_cronjob = OFF;
$g_enable_email_notification = OFF;

save and close file.




Create mysql database

mysql> create database tracker;
mysql> grant all on tracker.* to mantisdbuser@localhost identified by 'mantisdbpass';
mysql> flush privileges;
mysql> quit



Create virtual host in /etc/httpd/conf/httpd.conf

#ServerAdmin webmaster@linukstricks.com
Alias /mantisbt /var/www/html/mantisbt-1.2.4
#<DocumentRoot /var/www/html/mantisbt-1.2.4>
        ServerName linukstricks.com
        ErrorLog logs/linukstricks.com-error_log
        CustomLog logs/linukstricks.com-access_log common


put entry in host file

192.168.1.2 linukstricks.com


Open your mozilla firefox browser. And open bellow link.

http://IP-ADD/admin/install.php

Next screen

Now click on continue to login into mantis.

Now your mantis is installed.

Login with default admin username "Administrator"

password is "root"

##################################################################

Dell OMSA Installation

Documents For Commands

http://support.dell.com/support/edocs/software/svradmin/6.5/en/cli/html/reportst.htm#wp1077100

Installation Instruction:

http://linux.dell.com/wiki/index.php/Repository/OMSA

>>> Set up the Dell OpenManage Repository:

wget -q -O - http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash

>>>> Install OpenManage Server Administrator:

yum install srvadmin-all

>>> Start the srvadmin service

/opt/dell/srvadmin/sbin/srvadmin-services.sh    start

>> To access OMSA  GUI allow  1311 port and access  url as follows:

iptables -I RH-Firewall-1-INPUT 1 -p tcp -s 0/0 -d 0/0 --dport 1311 -m state --state NEW,ESTABLISHED -j ACCEPT

https://server_ip:1311

Default:

Username: root

Password:    system root password

Media Wiki

 Setup Media Wiki





yum install gcc openssl-* mysql mysql-server httpd php-* httpd php pcre php-mysql php-pear php-pecl-apc mysql-server ImageMagick sendmail php-intl wget system-config-firewall-tui

cd /var/www/
wget http://dumps.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz
tar -zxvf mediawiki-1.17.0.tar.gz
mv mediawiki-1.17.0 wiki
vi /etc/httpd/conf/httpd.conf

Alias /wiki /var/www/wiki/
<Directory /var/www/wiki/>
Options Indexes
AllowOverride none
DirectoryIndex index.php
Order allow,deny
allow from all
</Directory>




/etc/init.d/httpd restart


mysql -uroot -p
mysql> CREATE DATABASE my_wiki;
mysql> grant index, create, select, insert, update, delete, alter, lock tables on my_wiki.* to 'wikiuser'@'localhost' identified by 'wiki@123';
mysql> FLUSH PRIVILEGES;
mysql> quit


Goto Browser & access the Media Wiki & Follow The Instruction

See This Video :http://www.youtube.com/watch?v=Ku-vuy0d5po

########## Setup Media Wiki ##########

Mount / Enable ntfs partition under CentOS /RHEL 5 or 6

Mount / Enable NTFS Partition on CentOS  version 5 or 6?

How do I mount ntfs partition under RHEL 5 or 6?


wget ftp://ftp.univie.ac.at/systems/linux/fedora/epel/beta/6/i386/epel-release-6-5.noarch.rpm
# rpm -ivh epel-release-6-5.noarch.rpm

# yum -y install ntfs-3g


First, load the fuse driver, enter:
# modprobe fuse


Create a mount point, enter:
# mkdir /mnt/ntfs


To mount the ntfs partition, enter:
# mount -t ntfs-3g /dev/sda1 /mnt/ntfs


To Check the Partition
$ df -h





How Do I Unmount NTFS Partition?

Type the following command:
# umount /mnt/ntfs

Thursday 12 September 2013

Linux Permission

How Linux File System Permission Works....

2D Matrix Numerical Representation Linux Representation
755 or 0755

Recommended!
drwxr-xr-x
644 or 0644

Recommended!
drw-r--r--
700 or 0700 drwx------
777 or 0777

Not recommended!
drwxrwxrwx

Nagios Server Installation

Nagios Server Installation

yum install httpd php
yum install gcc
yum install glibc glibc-common
yum install gd gd-devel

#/usr/sbin/useradd -m nagios

#passwd nagios

#/usr/sbin/groupadd nagcmd


#/usr/sbin/usermod -a -G nagcmd nagios

#/usr/sbin/usermod -a -G nagcmd apache

#cd /opt

#wget "http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.4.1.tar.gz"
#tar  -zxvf nagios-3.4.1.tar.gz
#cd  nagios-3.4.1

#./configure --with-command-group=nagcmd
#make all; make install; make install-init; make install-config; make install-commandmode; make install-webconf


#vi /usr/local/nagios/etc/objects/contacts.cfg
email                           devendra.joshi@linukstricks.com


#htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

#service  httpd   restart

#wget  "http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.16/nagios-plugins-1.4.16.tar.gz"

#tar  -zxvf nagios-plugins-1.4.16.tar.gz
 #./configure --with-nagios-user=nagios --with-nagios-group=nagios
 #make; make   install
 #chkconfig --add nagios
 #chkconfig nagios on

#/usr/local/nagios/bin/nagios  -v   /usr/local/nagios/etc/nagios.cfg

#service  nagios  start

#iptables -I INPUT 1 -p tcp -s 0/0 -d 0/0 --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT

#/etc/init.d/iptables  save

#/etc/init.d/iptables  restart

#now  open   your  browser  "http://localhost/nagios" OR "http://ip/nagios"


###########################################################################




Note:  Dependencies  require: gcc compiler.

#yum   install  gcc


Create a new nagios user account and give it a password.

/usr/sbin/useradd nagios
 passwd nagios

 cd   /opt
 wget "http://downloads.sourceforge.net/project/nagiosplug/nagiosplug/1.4.15/nagios-plugins-1.4.15.tar.gz"
tar zxvf nagios-plugins-1.4.15.tar.gz
cd nagios-plugins-1.4.15

>>>> Compile and install the plugins

./configure --prefix=/opt/nagios
make
make install

>>> Create soft link

ln -s /opt/nagios /usr/local/nagios


>>> The permissions on the plugin directory and the plugins will need to be fixed at this point, so run the following
commands


chown -R  nagios.nagios /opt/nagios
chown -R nagios.nagios /opt/nagios/libexec
rm -rf /opt/nagios-plugins-1.4.15

yum install xinetd

 >>>>>> NoW   Install    NRPE

cd   /opt
wget "http://downloads.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.13/nrpe-2.13.tar.gz"
tar zxvf nrpe-2.13.tar.gz
cd nrpe-2.13


>>>> Compile NRPE     Note:  Dependencies require  openssl

# yum   install  openssl
# yum   install  openssl-devel
#./configure --prefix=/opt/nrpe

make all

>>>>Install the NRPE plugin (for testing), daemon, and sample daemon config file.

make install-plugin
make install-daemon
make install-daemon-config


>>>Install the NRPE daemon as a service under xinetd.

make install-xinetd

>>>> Create SOFT Link

 ln -s /opt/nrpe /usr/local/nrpe


>>>> Edit the /etc/xinetd.d/nrpe file and add the IP address of the monitoring server to the only_from directive

 vi /etc/xinetd.d/nrpe

only_from       = 127.0.0.1      192.168.1.100


NOTE:    Where     192.168.1.100    Nagios server IP address.


>>> Add the following entry for the NRPE daemon to the /etc/services file


  vi    /etc/services

nrpe            5666/tcp                        # NRPE



>>>  Restart the xinetd service.

service xinetd restart
/etc/init.d/xinetd restart
chkconfig xinetd on

>>>>> Run   Below command   to check   nrpe  is   running  and  listening  on port  5666

lsof -i :5666
COMMAND PID USER   FD   TYPE  DEVICE SIZE NODE NAME
xinetd  919 root    5u  IPv4 8550033       TCP *:nrpe (LISTEN)



>>>>
Next, check to make sure the NRPE daemon is functioning properly. To do this, run the check_nrpe plugin that
was installed for testing purposes.

/opt/nrpe/libexec/check_nrpe -H localhost
NRPE v2.13

/usr/local/nrpe/libexec/check_nrpe -H localhost
NRPE v2.13



>>>>>> Open firewall rules  for  nrpe  5666  port should be accessible

 iptables -I INPUT 1 -p tcp -s 0/0 -d 0/0 --dport 5666 -m state --state NEW,ESTABLISHED -j ACCEPT

FDisk

FDisk


 


Linux Partitioning Steps by FDisk

1: Delete All existing partition first

fdisk -l
fdisk /dev/sda
d (to delete partition)
1 (select partition number)
p (select primary partition)

Follow Above steps till all partition get deleted

w (to save the changes)
fdisk -l (verify the partition)


2: Create All partition now

fdisk /dev/sda

To Create Boot Partition

p (print exixting partion)
n (to create a partition)
p (select primary partition)
1 (select primary partition number)
Press Enter (Select First Cylender Number)
+200M (define size of Partition)
p(print exixting partion)




To Create Swap Partition

n (to create a partition)
p (select primary partition)
2 (select primary partition number)
Press Enter (Select First Cylender Number)
+16000M (define size of Partition)
p(print exixting partion)



To Create Extended Partition

n (to create a partition)
e (select extended partition)
3 (select primary partition number)
Press Enter (Select First Cylender Number)
Press Enter (define all remaining HDD size to Partition)
p(print exixting partion)




To Create LVM Partition

n (to create a partition)
l (select logical partition)
Press Enter (Select First Cylender Number)
Press Enter (define all remaining HDD size to Partition)
p(print exixting partion)



To Set Toggle Flag  On Boot Partition

a (to set toggle flag)
1 (to select boot partition)
p(print exixting partion)



To Set File Format for Swap Partition

t (to set file format to swap partition)
2 (To select swap parition by number)
82 (select swap partition format)
p(print exixting partion)




To Set File Format for LVM Partition

t (to set file format to LVM partition)
5 (To select LVM parition by number)
8e (select LVM partition format)
p(print exixting partion)



To Save Partition Configuration & Sync Partition Table
w (to save the changes)
fdisk -l (verify the partition)
sync (to sync partition table)
sync (to sync partition table)

########################################################################

Mod_Security



######################### APACHE START #########################


#wget "http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz"

#tar -zxvf httpd-2.2.21.tar.gz

#cd httpd-2.2.21

#./configure  --prefix=/opt/apache1

#make

#make install

#rm -rf /softwares/httpd-2.2.21

#vi /opt/apache1/conf/httpd.conf
Listen 81
User apache
Group apache
Include conf/php.conf


#cp /etc/httpd/modules/libphp5* /opt/apache1/modules/
#cp /etc/httpd/conf.d/php.conf /opt/apache1/conf/
#/opt/apache1/bin/apachectl -k restart

######################### APACHE END #########################





######################### Mod_Security START #########################

#yum install apr-devel
#yum install pcre-devel
#yum install libxm*

Downlaod package form official download :
#wget http://www.modsecurity.org/download/modsecurity-apache_2.5.13.tar.gz
#tar zxvf modsecurity-apache_2.5.13.tar.gz
#cd modsecurity-apache_2.5.13/apache2/

#./configure --with-apr=/usr/bin/apr-1-config
OR
./configure --with-apr=/usr/bin/apr

OR
./configure --prefix=/usr/local --with-apxs=/usr/local/sbin/


# make;make install


vi /etc/httpd/conf/httpd.conf (Add one line to your configuration to load module. you may find module under /usr/local/apache2/modules/)

LoadModule security2_module modules/mod_security2.so


# service httpd restart
Thats it, now you may check the loaded module.
#httpd -M |grep security

Syntax OK

#mkdir -p /etc/modsecurity2/base_rules/
#cd /etc/modsecurity2/base_rules/

wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
#tar -zxvf modsecurity-core-rules_2.5-1.6.1.tar.gz

#vi /etc/httpd/conf/httpd.conf (Add Following in Your Apache Config File)

<IfModule mod_security2.c>
# ModSecurity2 config file.
#
Include /etc/modsecurity2/base_rules/*conf
</IfModule>

Now Your mod security is working (On Detection Mode)

Goto Browser & Access :-

http://172.16.16.247


Your can check this bye accessing error log & access log of apache.

#tail -f /var/log/httpd/error_log
#tail -f /var/log/httpd/access_log

######################### Mod_Security END #########################

FTP Server Setup and configuration

######### FTP Server Setup and configuration #########

#yum install vsftpd

Note: Make sure following settings in vsftpd.conf   file.

#vi /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
download_enable=YES
dirlist_enable=YES
userlist_deny=NO


# /etc/init.d/vsftpd restart


#iptables -I RH-Firewall-1-INPUT 1 -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT

# /etc/init.d/iptables    save
#/etc/init.d/iptables   restart



Note: To  add new user in ftp follow the steps

# useradd -d  /var/ftp/testuser  -s /sbin/nologin  testuser

Note: Where /var/ftp/testuser  is users home directory.
Note:  add new user in user_list  file

#vi /etc/vsftpd/user_list

testuser

# /etc/init.d/vsftpd restart

YUM SERVER



#################### Y U M   S E R V E R ####################

[root@server~]#vi /etc/hosts

192.168.10.253 server.example.com server


[root@server~]#rpm -qa | grep yum #require packages

yum-3.0.1-5.el5
yum-metadata-parser-1.0-8.fc6
yum-rhn-plugin-0.4.3-1.el5
yum-updatesd-3.0.1-5.el5

[root@server~]#rpm -qa | grep createrepo

createrepo-0.4.4-2.fc6 # To create repository

[root@server~]#rpm -qa | grep vsftpd #FTP service for yum server

vsftpd-2.0.5-10.el5

#service vsftpd restart
#chkconfig vsftpd on

> Now mount RHEL- CD/DVD into /mnt folder

[root@server~]#mount /dev/cdrom /mnt OR U can Copy all rpm in pub directory

> Copy Server directory from /mnt and paste into /var/ftp/pub directory.

[root@server~]#cp -ar /mnt/Server  /var/ftp/pub

> Edit /etc/yum.repos.d/rhel-debuginfo.repo  file and modify as given bellow:

[root@server~]#vi /etc/yum.repos.d/rhel-debuginfo.repo

[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=ftp://server.example.com/pub/Server
enabled=1
gpgcheck=0

> Now create repositoy fo packages.

[root@server~]#createrepo -v /var/ftp/pub/Server

Note: It will take long time depends upon rpm packages and performance of machine.

> After repository created, It may be prompt for error that "remove .olddata directory manually"

[root@server~]#rm -rf /var/ftp/pub/Server/.olddata

> Everything done well then try to use yum utility by using yum command.

(Note: If allready yum is configured and you are configuring new yum server
then use #yum clean all  command)

[root@server~]#yum list #list rmp repository
[root@server~]#yum info vsftpd #Provide information about package
[root@server~]#yum install bind #To install packages
[root@server~]#yum install http*
[root@server~]#yum remove bind #To remove packages


#################### Y U M   S E R V E R ####################



----------------------------------------------------------------------------------------------------


#################### Y U M   C L I E N T ####################

> Make sure that vsftpd package is installed.
:> Suppose client is client.example.com

[root@client~]#rpm -qa | grep vsftpd


#service vsftpd restart
#chkconfig vsftpd on

> Edit /etc/yum.repos.d/rhel-debuginfo.repo  file and modify as given bellow:

[root@client~]#vi /etc/yum.repos.d/rhel-debuginfo.repo

[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=ftp://server.example.com/pub/Server
enabled=1
gpgcheck=0


[root@client~]#yum list


#################### Y U M   C L I E N T ####################

TWIKI SETUP



####################  TWIKI SETUP  ####################


yum install httpd gdal-perl perl-CGI perl-CGI-Session perl-HTML-Tree perl-Error perl-FreezeThaw gd

yum install httpd gdal-perl perl-CGI perl-CGI-Session perl-HTML-Tree perl-Error perl-FreezeThaw gd

yum install perl*

yum install http*

yum install mysql*

yum install gcc*

yum install perl

yum install rcs

yum install zip

yum install https

yum install https

yum install httpd

yum install make

yum install gcc

yum install gd

yum install gd-devel

yum install gd*

yum install php* --skip-broken

yum install wget




vi /etc/sysconfig/iptables


-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT


/etc/init.d/iptables restart

chkconfig --level 2345 httpd on




3. Install Perl modules for TWiki


First some modules with yum


yum install perl-CPAN

yum install perl-CGI

yum install perl-YAML

yum install perl-IPC-Cmd

yum install perl-Module-CoreList

yum install perl-ExtUtils-CBuilder

yum install perl-Module-Build



cd /srv/www/ducklington.org/twiki

#perl -MCPAN -e shell


Then from CPAN to get the latest and the rest


#perl -MCPAN -e shell

 install Term::ReadKey

 install Bundle::CPAN

 reload cpan

 install Encode

 install Error

 install HTML::Parser

 install Text::Diff

 install Time::Local

 install Authen::SASL

 install CGI::Session

 install Digest::SHA1

 install Locale::Maketext::Lexicon

 install URI

 install FreezeThaw

 install GD

 install HTML::Tree

 install Time::Timezone




cd /opt/

wget http://downloads.sourceforge.net/project/twiki/TWiki%20for%20all%20Platforms/TWiki-5.0.1/TWiki-5.0.1.tgz

tar -zxvf TWiki-5.0.1.tgz

chmod -R 777 /var/www/html/twiki/

mkdir -p /srv/www/ducklington.org/

ll

mv /opt/twiki /srv/www/ducklington.org/twiki

chown -R apache /srv/www/ducklington.org/twiki

cp /srv/www/ducklington.org/twiki/bin/LocalLib.cfg.txt /srv/www/ducklington.org/twiki/bin/LocalLib.cfg

vi /etc/httpd/conf.d/twiki.conf

mkdir -p /srv/www/ducklington.org/public_html

mkdir -p /srv/www/ducklington.org/logs


chown -R apache:apache twiki

cp twiki/bin/LocalLib.cfg.txt twiki/bin/LocalLib.cfg

chown apache:apache twiki/bin/LocalLib.cfg


chmod 777 /srv/www/ducklington.org/logs/error.log

vi /srv/www/ducklington.org/twiki/bin/LocalLib.cfg






cd /var/www/html


#cp twiki/twiki_httpd_conf.txt /etc/httpd/conf.d/twiki_httpd.conf

#cd twiki/data/

#htpasswd -c .htpasswd root


#### Edit Twiki Apache Config File & Change the Following ####




#vi /etc/httpd/conf.d/twiki_httpd.conf



######################################################################


#### Change the _second_ path to match your local installation

ScriptAlias /twiki/bin "/var/www/html/twiki/bin"


######################################################################


#### Change the path to match your local installation

Alias /twiki/pub "/var/www/html/twiki/pub"


##############################################################################


#### Change the path to match your local installation

<Directory "/var/www/html/twiki/bin/configure">

       AllowOverride None

       Order Allow,Deny

       Allow from all

       Deny from env=blockAccess


##############################################################################



### Password file for TWiki users

       AuthUserFile /var/www/html/twiki/data/.htpasswd

       AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'

       AuthType Basic


##############################################################################


##############################################################################


<FilesMatch "^configure.*">

       SetHandler cgi-script

       Order Deny,Allow

       Deny from all

       Allow from 127.0.0.1  172.16.16.245

       Require user root

       Satisfy Any

</FilesMatch>


#############################################################################


#### Change the path to match your local installation

<Directory "/var/www/html/twiki/pub">


#############################################################################




# /etc/init.d/httpd restart


Continue with web based configuration as per documentation


http://172.16.16.247/twiki/bin/configure




####################  TWIKI SETUP  ####################

Setup Media Wiki


################ Setup Media Wiki ################


yum install gcc openssl-* mysql mysql-server httpd php-* httpd php pcre php-mysql php-pear php-pecl-apc mysql-server ImageMagick sendmail php-intl wget system-config-firewall-tui


cd /var/www/

wget http://dumps.wikimedia.org/mediawiki/1.17/mediawiki-1.17.0.tar.gz

tar -zxvf mediawiki-1.17.0.tar.gz

mv mediawiki-1.17.0 wiki

vi /etc/httpd/conf/httpd.conf


Alias /wiki /var/www/wiki/

<Directory /var/www/wiki/>

Options Indexes

AllowOverride none

DirectoryIndex index.php

Order allow,deny

allow from all

</Directory>





/etc/init.d/httpd restart



mysql -uroot -p

mysql> CREATE DATABASE my_wiki;

mysql> grant index, create, select, insert, update, delete, alter, lock tables on my_wiki.* to 'wikiuser'@'localhost' identified by 'wiki@123';

mysql> FLUSH PRIVILEGES;

mysql> quit



Follow The Intruction


See This Vedeo :http://www.youtube.com/watch?v=Ku-vuy0d5po


################ Setup Media Wiki ################

Setup Knowledge Base (Knowledgeroot)

###################### Setup Knowledgeroot  ######################


REF LINK :- http://www.informaticapressapochista.com/linux/how-to-install-knowledgeroot-in-debian/




yum install mysql-server php5 php5-mysql



######################### APACHE START #########################


#wget "http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz"

#tar -zxvf httpd-2.2.21.tar.gz

#cd httpd-2.2.21

#./configure  --prefix=/opt/apache

#make

#make install

#rm -rf /softwares/httpd-2.2.21

#vi /opt/apache/conf/httpd.conf

Listen 81

User apache

Group apache

Include conf/php.conf


#cp /etc/httpd/modules/libphp5* /opt/apache/modules/

#cp /etc/httpd/conf.d/php.conf /opt/apache/conf/

#/opt/apache/bin/apachectl -k restart



### KNOWLEDGEROOT ###


Alias /knowledgeroot /var/www/knowledgeroot/

<Directory /var/www/knowledgeroot/>

Options Indexes

AllowOverride none

DirectoryIndex install.php

Order allow,deny

allow from all

</Directory>


######################### APACHE END #########################


http://www.knowledgeroot.org/downloads.html


Download Latest Version. ( knowledgeroot-1.0.3.tar.gz)


tar -zxvf  knowledgeroot-1.0.3.tar.gz

mv  knowledgeroot-1.0.3  knowledgeroot

cp  knowledgeroot /var/www/


#/opt/apache/bin/apachectl -k restart

#mysql -u root -pMYSQL-ROOT-PASSWORD

mysql> create database knowledgeroot;


mysql> grant all on knowledgeroot.* to knowledgeroot@localhost identified by 'knowledgeroot';


mysql> flush privileges;


chmod 777 /var/www/knowledgeroot/cache/

Goto Browser http://ip/knowledgeroot/

Continues setup


###################### Setup Knowledgeroot  ######################

SARG Monitoring Tool

SARG Monitoring Tool


 #yum install gcc make wget httpd
#yum install squid
#mv sarg-2.3.1.tar.gz /software/
#cd /software/
#ll
#tar zxvf sarg-2.3.1.tar.gz
#ll
#cd sarg-2.3.1
#./configure --prefix=/opt/sarg
#make
#make install
#cd /software/
 #rm -rf sarg-2.3.1
#ll
#cd /opt/
 #cd sarg/
#cd etc/
#cd /opt/sarg/
#cd bin/
#vi /opt/sarg/etc/sarg.conf
#/opt/sarg/bin/sarg -x
#vi /opt/sarg/etc/sarg.conf
#touch /var/log/sarg_access.log
#/opt/sarg/bin/sarg -x


#vi /opt/sarg/etc/sarg.conf
Uncomment following

access_log /var/log/squid/access.log
graphs yes
output_dir /opt/sarg/squid-reports
date_format e
remove_temp_files yes
overwrite_report yes
mail_utility mailx
output_email user@domain.com


#/opt/sarg/bin/sarg -x
#mv /root/access.log /var/log/squid/
#/opt/sarg/bin/sarg -x
#less /opt/sarg/squid-reports/2012Dec02-2012Dec04
#locate squid-reports
#updatedb
#locate squid-reports

#vi /etc/httpd/conf/httpd.conf

Alias /sarg "/opt/sarg/squid-reports/"
     <Directory "/opt/sarg/squid-reports/">
        AllowOverride None
        Options IncludesNoExec
        Order allow,deny
        Allow from all
    </Directory>


# /etc/init.d/httpd restart
#vi /opt/sarg/etc/sarg.conf
#/opt/sarg/bin/sarg -x


Access from Browser


  http://SERVER-IP/sarg

Openfire Chat Server

Openfire Chat Server




cd /opt/

wget http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_3_7_1.tar.gz

ll

tar -xzvf openfire_3_7_1.tar.gz

cd openfire

ll

cd bin/

./openfire status

./openfire start

./openfire status

yum install mysql mysql-server

/etc/init.d/mysqld start

mysqladmin -p  create openfire

/etc/init.d/mysqld restart


mysql -u root -p

Enter password:

mysql> use mysql

mysql> GRANT ALL ON openfire.* to root@'192.168.59.111' IDENTIFIED BY 'root';

mysql> FLUSH PRIVILEGES;

mysql> GRANT ALL ON openfire.* to admin@'192.168.59.111' IDENTIFIED BY 'admin';


http://192.168.58.111:9090


Mysql-Installation-With TAR



Mysql-Installation-With TAR


First Lets Verify dependacy exit

yum install gcc-c++ ncurses-devel gcc zlib zlib-devel


Installation


Download mysql-version-os.tar.gz
groupadd mysql
useradd -g mysql mysql
tar -zxvf mysql-5.1.24-rc.tar.gz
cd mysql-5.1.24-rc
./configure --prefix=/opt/mysql
make
make install
cp support-files/my-medium.cnf /etc/my.cnf          
cp support-files/mysql.server /etc/init.d/mysqld
chmod +x /etc/init.d/mysqld
chkconfig --add mysqld
cd /opt/mysql/
chown -R mysql  .
chgrp -R mysql  .


cp /etc/my.cnf   /etc/my.cnf.org
Note : Take a backup of my.cnf original file

Make changes in /etc/my.cnf if required
Note : This step is not necessary
but some configuration  changes you cant make after mysql is restarted


ex:  innodb_log_file_size = 512M  ,  innodb_log_buffer_size = 8M

default-storage_engine=innodb
basedir=/opt/mysql/
datadir=/opt/mysql/data/


bin/mysql_install_db --user=mysql
Note : This step install mysql SYSTEM TABLES


chown -R mysql  .
chgrp -R mysql  .
bin/mysqld_safe --user=mysql &

Note : This Step is to start mysql server first time  


service mysqld stop
service mysqld start

Set root password  (Since first time root dont have any password)
mysqladmin -u root password passwd

Bugzilla Server Setup

Bugzilla Server Setup


References :
    http://linuxdrops.com/installing-bugzilla-on-centos/
    http://blog.codylab.com/install-bugzilla-centos-6-3-step-step/
    http://certcollection.org/forum/topic/142605-bugzilla-tutorial-on-centos-6/
    http://parsedcontent.blogspot.in/2011/05/disabling-account-creation-in-bugzilla.html


1) Make Sure yours System/OS Installed Properly. As per os setup way

a) System Date is Correct and up2date
  date +%Y%m%d -s "20120818"
  date +%T -s "07:21:20"

b) System Network Settings

     

2) Veify or Install dependent Software

a) Make Sure Apache and Mysql installed locally and running properly
  Better to use User  guide to setup mysql and apache

b) Make sure perl version is >= 5.8.1 as shown below.
          perl -v
  if perl not exist then please install
  yum install perl
  perl -v
 
c)  Install perl-CPAN module
           yum install perl-CPAN

       d) Check perl install modules 
          instmodsh

e) Configure Apache with mod_perl
          if apache does not contains mod_perl module , then setup/configure mod_perl module for apache


3) Download bugzilla
cd /opt/
wget http://ftp.mozilla.org/pub/mozilla.org/webtools/bugzilla-4.4.tar.gz
tar -zxvf bugzilla-4.4.tar.gz
mv bugzilla-4.4 bugzilla
rm -fr bugzilla-4.4.tar.gz


4) Check Required Module by Bugzilla

cd /opt/bugzilla
./checksetup.pl --check-modules

Note : It will check required modules exist or not, The modules which are not exist are highlighted.
      You can manually setup those modules one by one or in single go as specified in below steps
      if you are not able to install any module by perl CPAN way then even you can also install it by yum way
      example :
      if you are not able to install DBD::mysql module by perl CPAN way , i.e.
      /usr/bin/perl install-module.pl DBD::mysql  --> if no luck , then you can try following
      yum install perl-DBD-mysql

5) Install Required Module by Bugzilla
  /usr/bin/perl install-module.pl <MODULE NAME>

Note :  better setup require modules only , not all modules       

    

6) Check Required Module by Bugzilla Again
cd /opt/bugzilla
./checksetup.pl --check-modules

7) Create localconfig file
./checksetup.pl

8)Create  bugzilla database on database server

mysql -u root -p
create database bugzilla;
GRANT ALL ON bugzilla.* TO 'bugzilla'@'localhost' IDENTIFIED BY 'bugzilla' ;
GRANT ALL ON bugzilla.* TO 'bugzilla'@'%' IDENTIFIED BY 'bugzilla' ;


9) define database settings in localconfig file
vi ./localconfig
Adding the database name, username and password
$db_driver = 'mysql';
$db_host = 'localhost';
$db_name = 'bugzilla';
$db_user = 'bugzilla';
$db_pass = 'bugzilla';
$db_port = 3306;
$db_sock = '/tmp/mysql.sock';

10) Create bugzilla database tables
./checksetup.pl


11) setup Apache configuration for bugzilla

vi /opt/apache/conf/httpd.conf

############SECURITY  SETTINGS START##############
NameVirtualHost *:80

##PerlSwitches -I/opt/bugzilla -I/opt/bugzilla/lib -w -T
##PerlConfigRequire /opt/bugzilla/mod_perl.pl

<VirtualHost *:80>
   ServerName bugzilla.linukstricks.com
   ServerAlias bugzilla.linukstricks.com

   DocumentRoot /opt/bugzilla
   ErrorLog  logs/bugzilla-error_log
   CustomLog logs/bugzilla-access_log custom

   <Directory /opt/bugzilla>
AddHandler cgi-script cgi
DirectoryIndex index.cgi
##Options +Indexes +ExecCGI +FollowSymLinks -MultiViews +SymLinksIfOwnerMatch
Options +ExecCGI -Indexes +FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
   </Directory>

</VirtualHost>
############ SECURITYSETTINGS END##############


12) Restart Apache and verify error logs
/opt/apache/bin/apachectl -k restart


13) set permission , if you are getting some permission error in error log then
   chmod -R 777 /opt/bugzilla
   /opt/apache/bin/apachectl -k restart

--------------------------------------------------------------------------------------------------------------
Additional Steps
--------------------------------------------------------------------------------------------------------------
1) if any modules relared error while bugzilla usage  , then you may required following modules to be setup additionally
  Install only those modules for which error is given

  cd /opt/bugzilla
  /usr/bin/perl install-module.pl Time::HiRes
  /usr/bin/perl install-module.pl Apache2::SizeLimit
  /usr/bin/perl install-module.pl Linux::Pid

2) Configure Bugzilla Default Urlbase , So that will apper in the mails
    a) Log in as an Administrator
    b) Go to: Administration->Parameters->Required Settings
    c) in the urlbase text , define http://bugzilla.DOMAIN.com/
    d) Click on "Save Changes"

3) Configure Maintainer
    a) Log in as an Administrator
    b) Go to: Administration->Parameters->General
    c) specify maintainer as devendra.joshi@linukstricks.com
    d) Click on "Save Changes"

4) Define only yours domain users can self register

  a) Log in as an Administrator
  b) Go to: Administration->Parameters->User Authentication
  c) Go to 'createemailregexp' field
  d) Secify following in value
     .*@(linukstricks.com)
  e) Click on "Save Changes"
  f) logout and check only yours specified domain user can self register via "Open New Account" link


5) Set Require Login
  a) Log in as an Administrator
  b) Go to: Administration->Parameters->User Authentication
  c) set requirelogin field value to On
  d) Click on "Save Changes"
  e) Now all access to the system beyond the front page will require a login.

6) Set Maximum Attachment Size to 10 MB
  a) Log in as an Administrator
  b) Go to: Administration->Parameters->Attachments
  c) set maxattachmentsize field value to 10000
  d) Click on "Save Changes"

4) Configure Bugzilla Sendmail Configuration
    a) Log in as an Administrator
    b) Go to: Administration->Parameters->Email
    c) Do Senmail setting
    d) Click on "Save Changes"

5) Define different Project/Product
    a) Log in as an Administrator
    b) Go to: Administration->Products->Add

6) Define Users
    a) Log in as an Administrator
    b) Go to: Administration->Users->add a new user


--------------------------------------------------------------------------------------------------------------

Pound Load Balancer in CentOS

Pound Load Balancer



> Suppose you have two apache running on port 81 and 82 respectively.

> Following steps may help you to build software load balancer on top of apache

> This is very basic setup, you need to follow complete documentation for more functionality.


--------------------------------------------------------------------------------------------------------------------------------------------------------

#cd /softwares/

#wget   http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

#rpm -ivh epel-release-5-4.noarch.rpm

#yum --enablerepo=epel -y install Pound

#vi /etc/pound.cfg

User "pound"

Group "pound"

Control "/var/lib/pound/pound.cfg"

LogLevel 3

Alive 30

ListenHTTP

Address 0.0.0.0

Port 80

End

Service

BackEnd

    Address 127.0.0.1

    Port 81

End

BackEnd

    Address 127.0.0.1

    Port 82

End

End

#/etc/init.d/pound restart

#chkconfig pound on

Apache+MySQL+PHP in CentOS

Apache+MySQL+PHP

 -----------------------------------------------------------------------------------------------------------------------

http://dan.drydog.com/apache2php.html

Note: Download and install Additional YUM repositories,

-----------------------------------------------------------------------------------------------------------------------


 #mkdir  /software

#wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm

#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

#rpm -ivh epel-release-5-4.noarch.rpm

#rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm


 #yum install glibc glibc-common

#yum install gcc-*

#yum install zlib-*

#yum install openssl-*

#yum install libxml2-devel    (Require to compile PHP)

#yum install gdbm-devel     (GDM Library for PHP)



-----------------------------------------------------------------------------------------------------------------------

###### Install Mysql ######

-----------------------------------------------------------------------------------------------------------------------


 #cd /software


 Note:  If below mirror not working try another mirror for same version

#wget http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.25-linux2.6-x86_64.tar.gz/from/http://mysql.mirror.kangaroot.net/


 #groupadd mysql

 

#useradd -g mysql mysql


 #tar -zxvf mysql-5.5.25-linux2.6-x86_64.tar.gz


 #cp -r  /software/mysql-5.5.25-linux2.6-x86_64   /opt/mysql


 #cd /opt/mysql/


 #chown -R mysql .


 #chgrp -R mysql .


 #scripts/mysql_install_db --user=mysql


 #chown -R root .


 #chown -R mysql data


 #cp support-files/my-medium.cnf /opt/mysql/my.cnf


 #chown root.mysql /opt/mysql/my.cnf


 #bin/mysqld_safe --user=mysql &


 #cp support-files/mysql.server /etc/init.d/mysqld


 #vi /etc/init.d/mysqld


 basedir=/opt/mysql


 #/etc/init.d/mysqld start


 #chkconfig mysql on


 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Note: If you have install mysql from tarball with some preffix,you need some changes after installing this package:

(Error 1: MySQL is not running, but lock file (/var/lock/subsys/mysql[FAILED])

(Error 2: Starting MySQL.The server quit without updating PID file (/[FAILED]mysql/monitoring.example.com.pid).)


 #rm /var/lock/subsys/mysql

#mv  /etc/my.cnf /etc/my.cnf.backup

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


 #ln -s /opt/mysql/bin/mysql /usr/bin/mysql


 #cd /opt/mysql/


 #./bin/mysqladmin -u root password '******'


 #./bin/mysql -u root -p



mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY '******' WITH GRANT OPTION;


 mysql> create database example;


 mysql> create user example IDENTIFIED BY 'example';


 mysql> GRANT ALL PRIVILEGES ON *.* TO 'example'@'%' IDENTIFIED BY 'example' WITH GRANT OPTION;


 mysql> GRANT ALL ON example.* TO 'example'@'localhost' IDENTIFIED BY 'example' WITH GRANT OPTION;


 mysql> quit


 Note: You can test the MySQL daemon with mysql-test-run.pl


 #cd ./mysql-test ; perl mysql-test-run.pl    (Optional step if you have lots of time to waste)


 #lsof -i :3306


 #iptables -I RH-Firewall-1-INPUT 1 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT


 #/etc/init.d/iptables save


 #/etc/init.d/iptables restart


 #rm -rf /software/mysql-5.5.25-linux2.6-x86_64



-----------------------------------------------------------------------------------------------------------------------

##### Install Aapache #####

-----------------------------------------------------------------------------------------------------------------------


 #wget  http://archive.apache.org/dist/httpd/httpd-2.2.21.tar.gz


 #tar -zxvf httpd-2.2.21.tar.gz


 #cd httpd-2.2.21


 #./configure --prefix=/opt/apache1 --enable-mods-shared=all --enable-so --enable-cgi --enable-proxy --enable-headers --enable-expires --enable-vhost-alias --enable-info --enable-rewrite --enable-speling    --enable-usertrack --enable-deflate --enable-ssl --enable-mime-magic


 #make


 #make install


 #vi /opt/apache1/conf/httpd.conf

Listen 80

User apache

Group apache

Include conf/extra/httpd-vhosts.conf


 #/opt/apache1/bin/apachectl -k restart


 #iptables -I RH-Firewall-1-INPUT 1 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT


 #/etc/init.d/iptables save


 #/etc/init.d/iptables restart


 #rm -rf /software/httpd-2.2.21


 -----------------------------------------------------------------------------------------------------------------------

### Install PHP ###

-----------------------------------------------------------------------------------------------------------------------

#yum install gd

#yum install libpng

#yum install libjpeg

#yum install php-gd

#yum install libpng-devel

#yum install libjpeg-devel

#yum install libXpm-devel

#yum install libmcrypt-*

#yum install uw-imap*    Note:  this package is available at  wget ftp://rpmfind.net/linux/epel/5/x86_64/uw-imap-2007e-14.el5.x86_64.rpm

#yum install libc-client

#yum install libc-client-devel



#cd /software


 #wget http://us3.php.net/get/php-5.4.0.tar.gz/from/in.php.net/mirror


 #tar -zxvf php-5.4.0.tar.gz


 #cd php-5.4.0


 Node: following configuration parameter would install gd extention support also.


 #./configure --prefix=/opt/apache1/php --with-apxs2=/opt/apache1/bin/apxs --enable-cli --enable-exif --enable-ftp --enable-mbstring --enable-mbregex --enable-sockets --with-config-file-path=/opt/apache1/php --with-mysql=/opt/mysql --with-xmlrpc --without-pear --with-gd --with-jpeg-dir=/opt/apache1/php --with-png-dir=/opt/apache1/php --with-mcrypt --with-mcrypt --with-zlib --with-gettext --with-gdbm  --enable-pdo  --with-pdo-mysql --with-imap --with-imap-ssl --with-kerberos  --with-openssl


 #make


 #make install


 #cp /software/php-5.4.0/php.ini-production /opt/apache1/php/php.ini


 #vi /opt/apache1/php/php.ini


 short_open_tag = On


 #vi /opt/apache1/conf/httpd.conf


 #++++++++PHP+++++++++++

# Make sure there's only **1** line for each of these 2 directives:

# Use for PHP 4.x:

#LoadModule php4_module modules/libphp4.so

#AddHandler php-script  .php

# Use for PHP 5.x:

#LoadModule php5_module  modules/libphp5.so

AddHandler php5-script  .php

# Add index.php to your DirectoryIndex line:

DirectoryIndex index.html index.php

AddType text/html    .php

# PHP Syntax Coloring

# (optional but useful for reading PHP source for debugging):

AddType application/x-httpd-php-source phps

#++++++++++PHP+++++++++++++++



#/opt/apache1/bin/apachectl -k restart


 #/opt/apache1/bin/httpd -M | grep php

Syntax OK

php5_module (shared)


 #rm -rf  /software/php-5.4.0

-----------------------------------------------------------------------------------------------------------------------

Note: This is the output of command make install during compilation (Read Carefuly)


 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[root@ticket php-5.4.0]# make install

Installing PHP SAPI module:    apache2handler

/opt/apache1/build/instdso.sh SH_LIBTOOL='/opt/apache1/build/libtool' libphp5.la /opt/apache1/modules

/opt/apache1/build/libtool --mode=install cp libphp5.la /opt/apache1/modules/

cp .libs/libphp5.so /opt/apache1/modules/libphp5.so

cp .libs/libphp5.lai /opt/apache1/modules/libphp5.la

libtool: install: warning: remember to run `libtool --finish /software/php-5.4.0/libs'

chmod 755 /opt/apache1/modules/libphp5.so

[activating module `php5' in /opt/apache1/conf/httpd.conf]

Installing PHP CLI binary:     /opt/php/bin/

Installing PHP CLI man page:   /opt/php/php/man/man1/

Installing PHP CGI binary:     /opt/php/bin/

Installing build environment:  /opt/php/lib/php/build/

Installing header files:       /opt/php/include/php/

Installing helper programs:    /opt/php/bin/

  program: phpize

  program: php-config

Installing man pages:          /opt/php/php/man/man1/

  page: phpize.1

  page: php-config.1

Installing PEAR environment:   /opt/php/lib/php/

[PEAR] Archive_Tar - installed: 1.3.7

[PEAR] Console_Getopt - installed: 1.3.0

[PEAR] Structures_Graph- installed: 1.0.4

[PEAR] XML_Util    - installed: 1.2.1

[PEAR] PEAR        - installed: 1.9.4

Wrote PEAR system config file at: /opt/php/etc/pear.conf

You may want to add: /opt/php/lib/php to your php.ini include_path

/software/php-5.4.0/build/shtool install -c ext/phar/phar.phar /opt/php/bin

ln -s -f /opt/php/bin/phar.phar /opt/php/bin/phar

Installing PDO headers:       /opt/php/include/php/ext/pdo/


 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

-----------------------------------------------------------------------------------------------------------------------