ConfigServer Security & Firewall (CSS) is an iptables based firewall for Linux systems. In our previous tutorial read installation tutorial of CSF on Linux system. CSF also provides in-built web UI for the managing firewall from the web interface. In this tutorial, you will find how to enable CSF Firewall Web UI on your system. Step 1 – Install Required Perl Modules: CSF UI required some of Perl modules to be installed on your system. Use the following commands to install required modules as per your operating system. Debian based systems: $ sudo apt-get install libio-socket-ssl-perl libcrypt-ssleay-perl \ libnet-libidn-perl libio-socket-inet6-perl libsocket6-perl Redhat based systems: $ sudo yum install perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN \ perl-IO-Socket-INET6 perl-Socket6 Step 2 – Enable CSF Firewall Web UI: To enable CSF web UI edit /etc/csf/csf.conf file in your favorite text editor and update the following values. $ sudo vim /etc/csf/csf.conf # 1 to enable, 0 to disable web ui UI = "1" # Set port for web UI. The default port is 6666, but # I change this to 1025 to easy access. Default port create some issue # with popular chrome and firefox browser (in my case) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # Set username for authetnication UI_USER = "admin" # Set a strong password for authetnication UI_PASS = "admin" After making changes, edit /etc/csf/ui/ui.allow configuration file and add your public IP to allow access to CSF UI. Change OUR_PUBLIC_IP_ADDRESS with your public IP address. $ sudo echo "YOUR_PUBLIC_IP_ADDRESS" >> /etc/csf/ui/ui.allow Web…
Introduction Config Server Firewall (or CSF) is a free and advanced firewall for most Linux distributions and Linux based VPS. In addition to the basic functionality of a firewall – filtering packets – CSF includes other security features, such as login/intrusion/flood detections. As mentioned CSF includes UI integration for cPanel, DirectAdmin and Webmin, but this tutorial only covers the command line usage. CSF is able to recognize many attacks, such as port scans, SYN floods, and login brute force attacks on many services. It is configured to temporarily block clients who are detected to be attacking the cloud server. The full list of supported operating systems and features can be found on ConfigServer’s website. Installing ConfigServer Firewall First we need to make sure that perl is installed yum install wget vim perl-libwww-perl.noarch perl-Time-HiRes Then we can go ahead and download CSF cd /usr/src/ wget https://download.configserver.com/csf.tgz The next step is to extract the downloaded tar archive and run the install script: tar -xzf csf.tgz cd csf sh install.sh Configure CSF CentOS 7 has a default firewall application called “firewalld”. You have to stop firewalld and remove it from the startup. Stop firewalld: systemctl stop firewalld and disable it: systemctl disable firewalld Now we can enable CSF disabling the default TESTING state: cd /etc/csf/ next open the csf.conf file using your favourite text editor - vim, vi ,nano and etc vim csf.conf On line 11 you will see that the “TESTING ” is set to “1” , make sure this is set to “0” TESTING = "0" Now we can start and enable both lfd and csf `systemctl…
Step 1 Remove MariaDB 5.5/10.0/10.1/10.2 Before installing it is recommended to backup your databases, although it is not necessary if you followed this steps carefully. First backup your current my.cnf config : Now we need to remove current version of mariadb 5.5 installed on centos 7 : For MariaDB 5.5 : At this point MariaDB 5.5 will be removed completely but the databases are not removed don’t need to worry. For MariaDB 10.0/10.1/10.2 : At this point MariaDB 10.0/10.1/10.2 will be removed completely but the databases are not removed don’t need to worry. Then Install MariaDB 10.5.5 : Step 2 Installation/Updating from MariaDB 5.5/10.0/10.1/10.2 to MariaDB 10.3 Install/enable Official repo for mariadb 10.5.5: Now edit/create the Repo file : Ensure you don’t have any other MariaDB repo file in /etc/yum.repos.d if exists delete or backup the existing repo file : then paste this lines and save it : After that we’ll install Mariadb 10.5.5 Restore the my.cnf file : Then enable mariadb to start on boot and start the service : Final Step After that we need to upgrade current databases by this command : that’s it you’ve successfully upgraded MariaDB 5.5/10.0/10.1/10.2 to MariaDB 10.3. You can confirm the version by running this command from terminal ssh:
tmux (Terminal Multiplexer) is a program that you can use to have a detachable terminal session on your VPS. This means you can login, execute some commands, and then disconnect, returning hours or days later and connecting to the same session. This is different than just logging out. You’re probably familiar with running commands in the background, such as this: # some-long-process & If you’re a little more sophisticated, you might try this: # nohup some-long-process & That way your background process won’t be terminated if you disconnect. ‘nohup’ means ‘Ignore the HUP signal’, which is what is typically generated by your shell disconnecting. But what if you have a complex session going with many windows? Maybe you’re deep into some project and have a half-dozen files you’re editing, some status output flowing, and another window with an error message you’re looking at. Or what if you simply want the convenience of picking up a session exactly where you left off? Enter tmux. Installing tmux Getting tmux installed on Debian is as easy as apt-get install tmux Using tmux You could just type “tmux” to start a session, but it’s helpful to give them some kind of label. Let’s call our first session something clever like…”first”: tmux new -s first You’ll see a screen like this: Let’s fire up a command that will generate some output. while [ 1 ] ; do date ; sleep 30 ; done Now we’ll detach from the session. To do this, we need an out-of-band command, one that isn’t interpreted by the shell.…
In this tutorial we will be showing you how to set up a remote desktop on your Ubuntu 20.04 VPS, using the XRDP software. XRDP allows you to graphically access your remote Linux servers. RDP is used to access a remote server through another computer, just as if you are using it locally. XRDP is a handy tool as it provides useful features such as two-way clipboard transfer, audio redirection and drive redirection. The RDP protocol is also safe to use for sensitive data as it is encrypted with TLS. In this guide, we will instruct you on how to install and setup XRDP on your Ubuntu 20.04 server. Step 1. Install a desktop environment Most of the Linux servers do not come with a graphical desktop environment. Instead, they are used via the command-line. There are a couple of different desktop environments available for your server. These are already present in the Ubuntu repositories, so you don’t need to download anything. We will show you how to install Gnome and Xfce on the server. Gnome is the default Ubuntu desktop, to install it, run the following commands: On the other hand, Xfce is a lightweight and fast desktop, ideal for a remote server. To install it, run the following command: After running these commands, it might take some time to get everything installed. Step 2. Installing Xrdp The Xrdp comes loaded in the default Ubuntu repositories. Thus, you don’t need to download it. To install Xrdp, run the following command: Step 3. Verify the install…
SSHFS is a handy tool to share files securely. It is a filesystem based on the SSH File Transfer Protocol. As all Linux servers have already SSH installed, its very easy to configure and can be used to share files between two or more servers or desktops. You just have to mount the file system and it works like a charm. The idea of sshfs was taken from the SSHFS filesystem distributed with LUFS, which I found very useful. In this tutorial we will see how to install SSHFS with from the CentOS repository with the yum command and also how to compile it from Install SSHFS with yum Use the following command to install the SSHFS package with yum: When you installed the package with yum, proceed with the chapter "Mount a remote folder with SSHFS". Install SSHFS from source As an alternative (or when you want to get the latest SSHFS version) you can install SSHFS from source. To install SSHFS from source, you have to download the source files by using the following command which we will download from its official website: Now extract the folder by using the following command: You have to enter the folder with "cd" and then use configure and compile SSHFS: Now let's start using SSHFS as its successfully installed. Make a folder that you want to share with client end. Let's suppose we make a folder in /var/ with name "mnt" Mount a remote folder with SSHFS Now I will mount this folder from the remote server. In my case the remote server IP…
Introduction One of the easiest ways to make your server more responsive, and guard against out-of-memory errors in your application, is to add some swap space. Swap is an area on a storage drive where the operating system can temporarily store data that it can no longer hold in memory. This gives you the ability to increase the amount of information that your server can keep in its working memory, with some caveats. Reading from and writing to swap is slower than using memory, but it can provide a good safety net for when your server is low on memory. Without swap, a server that runs out of memory may start killing applications to free up memory, or even crash. This can cause you to lose unsaved data or experience downtime. To ensure reliable data access, some applications require swap to function. In this guide, we will cover how to create and enable a swap file on a CentOS 7 server. Note Although swap is generally recommended for systems utilizing traditional spinning hard drives, using swap with SSDs can cause issues with hardware degradation over time. Due to this consideration, we do not recommend enabling swap on DigitalOcean or any other provider that utilizes SSD storage. Doing so can impact the reliability of the underlying hardware for you and your neighbors. If you need to improve the performance of your server, we recommend upgrading your Droplet. This will lead to better results in general and will decrease the likelihood of contributing to hardware issues that can affect your service. Prerequisites Before you…
Aria2 (https://github.com/aria2/aria2) aria2 is a lightweight multi-protocol & multi-source command-line download utility. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces. Install Aria2 Install directly through yum, you might need to install an EPEL source first Configure Aria2 Taking an example, in this case we create necessary files under /root directory Save and modify the following code to create an aria2.conf file. Note that you need to modify the file save path and RPC authorization token for later use. Run Aria2 Run Method 1 This way to run Aria2 will not allow you to save settings modifed during this connected session Run Method 2 This will save all the changes during the connected session Run Aria2 when server boot add "aria2c --conf-path=/root/.aria2/aria2.conf -D &" to /etc/rc.d/rc.local AriaNG (https://github.com/mayswind/AriaNg) AriaNg is a modern web frontend making aria2 easier to use. AriaNg is written in pure html & javascript, thus it does not need any compilers or runtime environment. You can just put AriaNg in your web server and open it in your browser. AriaNg uses responsive layout, and supports any desktop or mobile devices. Install AriaNG check the latest release at: https://github.com/mayswind/AriaNg/releases unzip the release zip file into your webserver http folder. eg. Setting up AriaNg Open browser visit domain where the unzipped index.html is, you will see the web interface of AriaNg. Navigate to AriaNg Settings fill up the token we typed in conf file previously and you will see on bottom left bar showing connected. Everthing is sweet now.
Did you ever want to add a Wikipedia like table of content box on some of your long articles? A table of content makes it easier for users to jump to the section they want to read. In this article, we will show you how to create a table of content in WordPress posts and pages without writing any HTML or CSS. Why Add Table of Contents in WordPress Posts? You may have seen the table of contents on websites like Wikipedia. A table of contents makes it easier for users to jump to the section they want to read in long articles. It also helps with your WordPress SEO because Google automatically adds a jump to section link next to your site in search results. You can manually create a table of contents in WordPress by writing HTML code. However that is difficult for beginners because you have to manually create a list, add links, and add ID attribute through-out the article. But there’s an easy way. Let’s take a look on how to easily create a table of contents in WordPress posts and pages. If you don’t want to watch the video tutorial, then you can continue reading the text version below: Creating a Table of Contents in WordPress First thing you need to do is to install and activate the Easy Table of Contents plugin. Upon activation, you need to visit Settings » Table of Contents page. From here, you can manage general settings for the table of contents like selecting position, choosing a label for the container, etc. You can also…
Introduction One of the easiest ways to make your server more responsive, and guard against out-of-memory errors in your application, is to add some swap space. Swap is an area on a storage drive where the operating system can temporarily store data that it can no longer hold in memory. This gives you the ability to increase the amount of information that your server can keep in its working memory, with some caveats. Reading from and writing to swap is slower than using memory, but it can provide a good safety net for when your server is low on memory. Without swap, a server that runs out of memory may start killing applications to free up memory, or even crash. This can cause you to lose unsaved data or experience downtime. To ensure reliable data access, some applications require swap to function. In this guide, we will cover how to create and enable a swap file on a CentOS 7 server. Note Although swap is generally recommended for systems utilizing traditional spinning hard drives, using swap with SSDs can cause issues with hardware degradation over time. Due to this consideration, we do not recommend enabling swap on DigitalOcean or any other provider that utilizes SSD storage. Doing so can impact the reliability of the underlying hardware for you and your neighbors. If you need to improve the performance of your server, we recommend upgrading your Droplet. This will lead to better results in general and will decrease the likelihood of contributing to hardware issues that can affect your service. Prerequisites Before you…
After creating disk partitions and formatting them properly, you may want to mount or unmount your drives. On Linux, mounting drives is done via mountpoints on the virtual filesystem, allowing system users to navigate the filesystem as well as create and delete files on them. In this tutorial, we are going to see how you can mount and unmount drives on your Linux system. We are also going to see how you can amend the fstab file in order to make your mount settings permanent. Prerequisites In order to mount drives and filesystems on Linux, you need to have sudo privileges on your machine. To verify that you have sudo privileges, you can run the “sudo” command with the “-l” in order to list the privileges you currently own. $ sudo -l User <user> may run the following commands on schkn-ubuntu: (ALL : ALL) ALL If you are not sure how to give sudo rights to users on Debian/Ubuntu or CentOS/RHEL, make sure to check our dedicated guides on the subject. Mount Drives on Linux In order to mount drives on Linux, you have to use the “mount” command using the following syntax $ sudo mount <device> <dir> First of all, you need to check the disk partitions already created on your system that are not already mounted. To list partitions with filesystems types, use the “lsblk” command with the “-f” option. $ lsblk -f NAME FSTYPE LABEL UUID MOUNTPOINT sda ├─sda1 ext4 0935df16-40b0-4850-9d47-47cd2daf6e59 sdb ├─sdb1 ext4 b9df59e6-c806-4851-befa-12402bca5828 / Alternatively, you can use the “blkid” command in order to locate and list block devices on your system. Unfortunately, this command does not list the…
As system administrators, we would have got requirements wherein we need to configure raw hard disks to the existing servers as part of upgrading server capacity or sometimes disk replacement in case of disk failure. Attaching BuyVM/FranTech Block Storage Slabs to a Linux has the similar approach. In this article, I will take you through the steps by which we can add the new Block Storage Slabs to an existing Linux server such as RHEL/CentOS or Debian/Ubuntu. Important: Please note that the purpose of this article is to show only how to create a new partition and doesn’t include partition extension or any other switches. I am using fdisk utility to do this configuration. I have added a hard disk of 512GB capacity to be mounted as a /data partition. fdisk is a command line utility to view and manage hard disks and partitions on Linux systems. Firstly, you need to login BuyVM/FranTech Stallion control panel to attach your Block Storage Slabs to your VM. This will list the current partitions and configurations. After attaching the hard disk of 512GB capacity, the fdisk -l will give the below output. New disk added is shown as /dev/sda. Some will show as /dev/xvdcbased of the disk type. To partition a particular hard disk, for example /dev/sda. Type m to print command options Here since we are creating a partition use n option to create either primary/extended partitions. By default we can have upto 4 primary partitions. ive the partition number as desired. Recommended to go for the default value 1. Give the value of the first sector. If it is a new disk, always select default value. If you…
1. Check the current running Kernel Version 2. List the Kernel Entries as per GRUB2 file: 3. Let us modify the Kernel Version to "CentOS Linux (5.8.5-1.el7.elrepo.x86_64) 7 (Core)" which is at line number 2 but denoted as entry 1. 4. Changes to /etc/default/grub require rebuilding the grub.cfg file as follows: Reboot the Server and it will boot with Kernel Version 5.8.5-1.el7.elrepo.x86_64.
Security is an important topic for anything hosted online, and SSL (Secure Sockets Layer) is key when you have information that needs to be transferred securely between a client browsers and a web server. In the Windows Cloud VPS hosting world, this means managing the SSL settings within Microsoft Internet Information Services (IIS) – the standard Microsoft web services that are included with Windows Server. Everyone has heard the expression, when given lemons, make lemonade. In the IIS world, .crt and .key files are the equivalent of lemons since they can not be used in their current form to install an SSL certificate. This post will show you how to turn those files into lemonade or, more appropriately and useful, a pfx file. As IIS Administrators we find ourselves from time to time (well, in all honesty, pretty much yearly) having to support the renewal and implementation of SSL certificates. In a perfect world, this would be a seamless process. We, the administrators, would create and provide the certificate signing request (CSR) to the responsible purchasing party. The certificate would be purchased and we would be provided the certificate response file from the Certificate Authority (CA) for completing the certificate request and installing the certificate. This is not the way that things always happen. Sometimes we are provided text blobs of the certificate that look like this: —–BEGIN PRIVATE KEY—– MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC+MWFUhHn7RnDA TBDa/YEtz7yJSaQHJu0OvcfkLe67Dk3XmJlvlIR1ZSAi3VHEe0tZCbGLUH+QpMfZ /+CZ/jOqy/T2br0N1+Nz8pXTK2pyWCoWyEuTA1F/KimtJyuBglCXctrxWR4U/Bvg= —–END PRIVATE KEY—– —–BEGIN CERTIFICATE—– MIIFODCCBCCgAwIBAgIQAv9+bZ/eqYYHETW+Sh9SHzANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQG EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYD Wtw75qW8mqQXZfa+e7gaVwaQ70uuEuXXmxG6I00= —–END CERTIFICATE—– Disclaimer: These are not actual certificate or key blobs but are provided as examples only Or we…
How to install PHP 7 (stable) on VestaCP server running on CentOS 7 with some test results of how VestaCP + PHP 7 can perform together serving WordPress site. For your information, PHP 7 has just been released and many rumors say it can perform multiple times faster than previous stable PHP version and also as fast as HHVM. This is the most anticipated PHP version ever bringing many new features, enhancements, and improved performance. Until the time I write this post, VestaCP is by default using PHP 5.4.x installed and running with web server (either Apache or Nginx). I’m not really sure why its developer still pack PHP 5.4 within VestaCP installation but as far as I know PHP 5.4 is the most popular stable version after 5.3 that many scripts, web apps and CMS are supported (can still run well with the PHP environment). As per PHP 7, there are still not enough information of how many CMS / scripts except WordPressand OwnCloud those are already PHP 7 compatible. So if you are planning to build a WordPress site with VestaCP, you can try this tutorial and feel the awesomeness of PHP 7. But I must also remind you that since VestaCP doesn’t include PHP 7 by default yet, so I recommend you to not using VestaCP + PHP 7 on production websites unless you are a sysadmin Ninja. However, with default Vesta setup (Nginx as proxy + Apache + PHP), this method still can work properly so it is safe if you’ll just want to host personal…
Symptoms The server reports a hard drive warning in POST (Power On Self Test) Virtual machines cannot power on due to VMFS corruption on local hard drives Very poor performance on local hard drives Purpose This article provides steps to: Help diagnose a local hard drive fault. Read the S.M.A.R.T. status of a hard drive (Self-Monitoring, Analysis, and Reporting Technology) Resolution In ESXi 5.1, VMware added S.M.A.R.T. functionality to monitor hard drive health. The S.M.A.R.T. feature records various operation parameters from physical hard drives attached to a local controller. The feature is part of the firmware on the circuit board of a physical hard disk (HDD and SSD). When looking for high quality standing plastic surgery center offers you privacy, comfort, and convenience throughout your cosmetic surgery experience, check out Galumbeck Plastic Surgery for more information. To read the current data from a disk: Open a console or SSH session to the ESXi host. For more information, see Using ESXi Shell in ESXi 5.x (2004746). Determine the device parameter to use by running the command:# esxcli storage core device list Read the data from the device:# esxcli storage core device smart get -d device Where device is a value found in step 1. The expected output is a list with all SCSI devices seen by the ESXi host. For example:t10.ATA_____WDC_WD2502ABYS2D18B7A0________________________WD2DWCAT1H751520 Note: External FC/iSCSI LUNs or virtual disks from a RAID controller might not report a S.M.A.R.T. status. This table breaks down some example output: Parameter Value Threshold Worst Health Status OK N/A N/A Media Wearout Indicator 0 0 0 Write Error Count…
BFD (Brute Force Detection) is a script that runs on your linux server and checks log files for authentication errors. When it sees recurring authentication failures from a certain IP address it will instruct APF (Advanced Policy Firewall) to block the IP address. It’s simple to configure, just make sure you have APF running before you continue. Let’s download it: [[email protected] ~]# wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz Now extract it: [[email protected] ~]# tar -xzvf bfd-current.tar.gz Open the folder: [[email protected] ~]# cd bfd-1.5/ Now we can install it: [[email protected] bfd-1.5]# ./install.sh After installation we can edit the BFD configuration file: [[email protected] bfd-1.5]# vim /usr/local/bfd/conf.bfd Make sure you enable e-mail notifications: EMAIL_ALERTS="1" And configure your e-mail address: EMAIL_ADDRESS="[email protected]" It’s also a good idea to configure BFD to ignore your own IP address so you don’t lock yourself out. Just add your IP address to the following file: [[email protected] bfd]# vim /usr/local/bfd/ignore.hosts If you want to run BFD you can do this using the following command: [[email protected] bfd]# bfd -s It will also run automatically thanks to a cronjob: [[email protected] bfd]# vim /etc/cron.d/bfd */3 * * * * root /usr/local/sbin/bfd -q By default each 3 minutes it will run the script and check your log files. When BFD finds anything it will instruct APF to block the IP address and you’ll receive an e-mail that looks like this: The following is a summary event for exceeded login failures on VPS1.RMCSHOSTING.NL: SOURCE ADDRESS: 20.20.20.2 TARGET SERVICE: proftpd FAILED LOGINS: 15 EXECUTED COMMAND: /etc/apf/apf -d 20.20.20.2 {bfd.proftpd} SOURCE…
In our last "iptables Tips and Tricks" installment, we talked about Advanced Policy Firewall (APF) configuration, so it should come as no surprise that in this installment, we're turning our attention toConfigServer Security & Firewall (CSF). Before we get started, you should probably run through the list of warnings I include at the top of the APF blog post and make sure you have your Band-Aid ready in case you need it. To get the ball rolling, we need to download CSF and install it on our server. In this post, we're working with a CentOS 6.0 32-bit server, so our (root) terminal commands would look like this to download and install CSF: $ wget http://www.configserver.com/free/csf.tgz #Download CSF using wget. $ tar zxvf csf.tgz #Unpack it. $ yum install perl-libwww-perl #Make sure perl modules are installed ... $ yum install perl-Time-HiRes #Otherwise it will generate an error. $ cd csf $ ./install.sh #Install CSF. #MAKE SURE YOU HAVE YOUR BAND-AID READY $ /etc/init.d/csf start #Start CSF. (Note: You can also use '$ service csf start') Once you start CSF, you can see a list of the default rules that load at startup. CSF defaults to a DROP policy: $ iptables -nL | grep policy Chain INPUT (policy DROP) Chain FORWARD (policy DROP) Chain OUTPUT (policy DROP) Don't ever run "iptables -F" unless you want to lock yourself out. In fact, you might want to add "This server is running CSF - do not run 'iptables -F'" to your /etc/motd, just as a reminder/warning to others. CSF loads on…
