Jump to content

All Activity

This stream auto-updates     

  1. Earlier
  2. Hot to install Glances sudo apt-get install python-pip build-essential python-dev lm-sensors sudo pip install psutil logutils bottle batinfo https://bitbucket.org/gleb_zhulik/py3sensors/get/tip.tar.gz zeroconf netifaces pymdstat influxdb elasticsearch potsdb statsd pystache docker-py pysnmp pika py-cpuinfo bernhard sudo pip install glances Basic usage To start glances simply type glances in terminal. In glances you’ll see a lot of information about the resources of your system: CPU, Load, Memory, Swap Network, Disk I/O and Processes all in one page, by default the color code means: GREEN : the statistic is “OK” BLUE : the statistic is “CAREFUL” (to watch) VIOLET : the statistic is “WARNING” (alert) RED : the statistic is “CRITICAL” (critical) When Glances is running, you can press some special keys to give commands to it: c: Sort processes by CPU% m: Sort processes by MEM% p: Sort processes by name i: Sort processes by IO Rate d: Show/hide disk I/O stats f: Show/hide file system stats n: Show/hide network stats s: Show/hide sensors stats b: Bit/s or Byte/s for network IO w: Delete warning logs x: Delete warning and critical logs 1: Global CPU or Per Core stats h: Show/hide this help message q: Quit (Esc and Ctrl-C also work) l: Show/hide log messages Cpu , Ram , Swap Monitoring
  3. Step 1 — Installing OpenVPN To start, we will install OpenVPN on the server. We'll also install Easy RSA, a public key infrastructure management tool which will help us set up an internal certificate authority (CA) for use with our VPN. We'll also use Easy RSA to generate our SSL key pairs later on to secure the VPN connections. Log in to the server as the non-root sudo user, and update the package lists to make sure you have all the latest versions. sudo yum update -y The Extra Packages for Enterprise Linux (EPEL) repository is an additional repository managed by the Fedora Project containing non-standard but popular packages. OpenVPN isn't available in the default CentOS repositories but it is available in EPEL, so install EPEL: sudo yum install epel-release -y Then update your package lists once more: sudo yum update -y Next, install OpenVPN and wget, which we will use to install Easy RSA: sudo yum install -y openvpn wget Using wget, download Easy RSA. For the purposes of this tutorial, we recommend using easy-rsa-2 because there’s more available documentation for this version. You can find the download link for the latest version of easy-rsa-2 on the project’s Releases page: wget -O /tmp/easyrsa https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz Next, extract the compressed file with tar: tar xfz /tmp/easyrsa This will create a new directory on your server called easy-rsa-old-2.3.3. Make a new subdirectory under /etc/openvpn and name it easy-rsa: sudo mkdir /etc/openvpn/easy-rsa Copy the extracted Easy RSA files over to the new directory: sudo cp -rf easy-rsa-old-2.3.3/easy-rsa/2.0/* /etc/openvpn/easy-rsa Then change the directory’s owner to your non-root sudo user: sudo chown sammy /etc/openvpn/easy-rsa/ Once these programs are installed and have been moved to the right locations on your system, the next step is to customize the server-side configuration of OpenVPN. Step 2 — Configuring OpenVPN Like many other widely-used open-source tools, there are dozens of configuration options available to you. In this section, we will provide instructions on how to set up a basic OpenVPN server configuration. OpenVPN has several example configuration files in its documentation directory. First, copy the sample server.conf file as a starting point for your own configuration file. sudo cp /usr/share/doc/openvpn-2.4.4/sample/sample-config-files/server.conf /etc/openvpn Open the new file for editing with the text editor of your choice. We’ll use nano in our example, which you can download with the yum install nano command if you don’t have it on your server already: sudo nano /etc/openvpn/server.conf There are a few lines we need to change in this file, most of which just need to be uncommented by removing the semicolon, ;, at the beginning of the line. The functions of these lines, and the other lines not mentioned in this tutorial, are explained in-depth in the comments above each one. To get started, find and uncomment the line containing push "redirect-gateway def1 bypass-dhcp". Doing this will tell your client to redirect all of its traffic through your OpenVPN server. Be aware that enabling this functionality can cause connectivity issues with other network services, like SSH: /etc/openvpn/server.conf push "redirect-gateway def1 bypass-dhcp" Because your client will not be able to use the default DNS servers provided by your ISP (as its traffic will be rerouted), you need to tell it which DNS servers it can use to connect to OpenVPN. You can pick different DNS servers, but here we'll use Google's public DNS servers which have the IPs of 8.8.8.8 and 8.8.4.4. Set this by uncommenting both push "dhcp-option DNS ..." lines and updating the IP addresses: /etc/openvpn/server.conf push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" We want OpenVPN to run with no privileges once it has started, so we need to tell it to run with a user and group of nobody. To enable this, uncomment the user nobody and group nobody lines: /etc/openvpn/server.conf user nobody group nobody Next, uncomment the topology subnet line. This, along with the server 10.8.0.0 255.255.255.0 line below it, configures your OpenVPN installation to function as a subnetwork and tells the client machine which IP address it should use. In this case, the server will become 10.8.0.1 and the first client will become 10.8.0.2: /etc/openvpn/server.conf topology subnet It’s also recommended that you add the following line to your server configuration file. This double checks that any incoming client certificates are truly coming from a client, hardening the security parameters we will establish in later steps: /etc/openvpn/server.conf remote-cert-eku "TLS Web Client Authentication" Lastly, OpenVPN strongly recommends that users enable TLS Authentication, a cryptographic protocol that ensures secure communications over a computer network. To do this, you will need to generate a static encryption key (named in our example as myvpn.tlsauth, although you can choose any name you like). Before creating this key, comment the line in the configuration file containing tls-auth ta.key 0 by prepending it with a semicolon. Then, add tls-crypt myvpn.tlsauth to the line below it: /etc/openvpn/server.conf ;tls-auth ta.key 0 tls-crypt myvpn.tlsauth Save and exit the OpenVPN server configuration file (in nano, press CTRL - X, Y, then ENTER to do so), and then generate the static encryption key with the following command: sudo openvpn --genkey --secret /etc/openvpn/myvpn.tlsauth Now that your server is configured, you can move on to setting up the SSL keys and certificates needed to securely connect to your VPN connection. Step 3 — Generating Keys and Certificates Easy RSA uses a set of scripts that come installed with the program to generate keys and certificates. In order to avoid re-configuring every time you need to generate a certificate, you can modify Easy RSA’s configuration to define the default values it will use for the certificate fields, including your country, city, and preferred email address. We’ll begin our process of generating keys and certificates by creating a directory where Easy RSA will store any keys and certs you generate: sudo mkdir /etc/openvpn/easy-rsa/keys The default certificate variables are set in the vars file in /etc/openvpn/easy-rsa, so open that file for editing: sudo nano /etc/openvpn/easy-rsa/vars Scroll to the bottom of the file and change the values that start with export KEY_ to match your information. The ones that matter the most are: KEY_CN: Here, enter the domain or subdomain that resolves to your server. KEY_NAME: You should enter server here. If you enter something else, you would also have to update the configuration files that reference server.key and server.crt. The other variables in this file that you may want to change are: KEY_COUNTRY: For this variable, enter the two-letter abbreviation of the country of your residence. KEY_PROVINCE: This should be the name or abbreviation of the state of your residence. KEY_CITY: Here, enter the name of the city you live in. KEY_ORG: This should be the name of your organization or company. KEY_EMAIL: Enter the email address that you want to be connected to the security certificate. KEY_OU: This should be the name of the “Organizational Unit” to which you belong, typically either the name of your department or team. The rest of the variables can be safely ignored outside of specific use cases. After you’ve made your changes, the file should look like this: /etc/openvpn/easy-rsa/vars . . . # These are the default values for fields # which will be placed in the certificate. # Don't leave any of these fields blank. export KEY_COUNTRY="US" export KEY_PROVINCE="NY" export KEY_CITY="New York" export KEY_ORG="DigitalOcean" export KEY_EMAIL="sammy@example.com" export KEY_EMAIL=sammy@example.com export KEY_CN=openvpn.example.com export KEY_NAME="server" export KEY_OU="Community" . . . Save and close the file. To start generating the keys and certificates, move into the easy-rsa directory and source in the new variables you set in the vars file: cd /etc/openvpn/easy-rsa source ./vars Run Easy RSA’s clean-all script to remove any keys and certificates already in the folder and generate the certificate authority: ./clean-all Next, build the certificate authority with the build-ca script. You'll be prompted to enter values for the certificate fields, but if you set the variables in the vars file earlier, all of your options will already be set as the defaults. You can press ENTER to accept the defaults for each one: ./build-ca This script generates a file called ca.key. This is the private key used to sign your server and clients’ certificates. If it is lost, you can no longer trust any certificates from this certificate authority, and if anyone is able to access this file they can sign new certificates and access your VPN without your knowledge. For this reason, OpenVPN recommends storing ca.key in a location that can be offline as much as possible, and it should only be activated when creating new certificates. Next, create a key and certificate for the server using the build-key-server script: ./build-key-server server As with building the CA, you'll see the values you’ve set as the defaults so you can hit ENTER at these prompts. Additionally, you’ll be prompted to enter a challenge password and an optional company name. If you enter a challenge password, you will be asked for it when connecting to the VPN from your client. If you don’t want to set a challenge password, just leave this line blank and press ENTER. At the end, enter Y to commit the changes. The last part of creating the server keys and certificates is generating a Diffie-Hellman key exchange file. Use the build-dh script to do this: ./build-dh This may take a few minutes to complete. Once your server is finished generating the key exchange file, copy the server keys and certificates from thekeys directory into the openvpn directory: cd /etc/openvpn/easy-rsa/keys sudo cp dh2048.pem ca.crt server.crt server.key /etc/openvpn Each client will also need a certificate in order for the OpenVPN server to authenticate it. These keys and certificates will be created on the server and then you will have to copy them over to your clients, which we will do in a later step. It’s advised that you generate separate keys and certificates for each client you intend to connect to your VPN. Because we'll only set up one client here, we called it client, but you can change this to a more descriptive name if you’d like: cd /etc/openvpn/easy-rsa ./build-key client Finally, copy the versioned OpenSSL configuration file, openssl-1.0.0.cnf, to a versionless name, openssl.cnf. Failing to do so could result in an error where OpenSSL is unable to load the configuration because it cannot detect its version: cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf Now that all the necessary keys and certificates have been generated for your server and client, you can move on to setting up routing between the two machines. Step 4 — Routing So far, you’ve installed OpenVPN on your server, configured it, and generated the keys and certificates needed for your client to access the VPN. However, you have not yet provided OpenVPN with any instructions on where to send incoming web traffic from clients. You can stipulate how the server should handle client traffic by establishing some firewall rules and routing configurations. Assuming you followed the prerequisites at the start of this tutorial, you should already have firewalld installed and running on your server. To allow OpenVPN through the firewall, you’ll need to know what your active firewalld zone is. Find this with the following command: sudo firewall-cmd --get-active-zones Output trusted Interfaces: tun0 Next, add the openvpn service to the list of services allowed by firewalld within your active zone, and then make that setting permanent by running the command again but with the --permanent option added: sudo firewall-cmd --zone=trusted --add-service openvpn sudo firewall-cmd --zone=trusted --add-service openvpn --permanent You can check that the service was added correctly with the following command: sudo firewall-cmd --list-services --zone=trusted Output openvpn Next, add a masquerade to the current runtime instance, and then add it again with the --permanentoption to add the masquerade to all future instances: sudo firewall-cmd --add-masquerade sudo firewall-cmd --permanent --add-masquerade You can check that the masquerade was added correctly with this command: sudo firewall-cmd --query-masquerade Output yes Next, forward routing to your OpenVPN subnet. You can do this by first creating a variable (SHARK in our example) which will represent the primary network interface used by your server, and then using that variable to permanently add the routing rule: SHARK=$(ip route get 8.8.8.8 | awk 'NR==1 {print $(NF-2)}') Be sure to implement these changes to your firewall rules by reloading firewalld: sudo firewall-cmd --reload Next, enable IP forwarding. This will route all web traffic from your client to your server’s IP address, and your client’s public IP address will effectively be hidden. Open sysctl.conf for editing: sudo nano /etc/sysctl.conf Then add the following line at the top of the file: /etc/sysctl.conf net.ipv4.ip_forward = 1 Finally, restart the network service so the IP forwarding will take effect: sudo systemctl restart network.service With the routing and firewall rules in place, we can start the OpenVPN service on the server. Step 5 — Starting OpenVPN OpenVPN is managed as a systemd service using systemctl. We will configure OpenVPN to start up at boot so you can connect to your VPN at any time as long as your server is running. To do this, enable the OpenVPN server by adding it to systemctl: sudo systemctl -f enable openvpn@server.service Then start the OpenVPN service: sudo systemctl start openvpn@server.service Double check that the OpenVPN service is active with the following command. You should see active (running) in the output: sudo systemctl status openvpn@server.service Output: We’ve now completed the server-side configuration for OpenVPN. Next, you will configure your client machine and connect to the OpenVPN server. Step 6 — Configuring a Client Regardless of your client machine's operating system, it will need a locally-saved copy of the CA certificate and the client key and certificate generated in Step 3, as well as the static encryption key you generated at the end of Step 2. Locate the following files on your server. If you generated multiple client keys with unique, descriptive names, then the key and certificate names will be different. In this article we used client. /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.key /etc/openvpn/myvpn.tlsauth Copy these files to your client machine. You can use SFTP or your preferred method. You could even just open the files in your text editor and copy and paste the contents into new files on your client machine. Regardless of which method you use, be sure to note where you save these files. Next, create a file called client.ovpn on your client machine. This is a configuration file for an OpenVPN client, telling it how to connect to the server: sudo nano client.ovpn Then add the following lines to client.ovpn. Notice that many of these lines reflect those which we uncommented or added to the server.conf file, or were already in it by default: client.ovpn client tls-client ca /path/to/ca.crt cert /path/to/client.crt key /path/to/client.key tls-crypt /path/to/myvpn.tlsauth remote-cert-eku "TLS Web Client Authentication" proto udp remote your_server_ip 1194 udp dev tun topology subnet pull user nobody group nobody When adding these lines, please note the following: You'll need to change the first line to reflect the name you gave the client in your key and certificate; in our case, this is just client You also need to update the IP address from your_server_ip to the IP address of your server; port 1194 can stay the same Make sure the paths to your key and certificate files are correct This file can now be used by any OpenVPN client to connect to your server. Below are OS-specific instructions for how to connect your client: Windows: On Windows, you will need the official OpenVPN Community Edition binaries which come with a GUI. Place your .ovpn configuration file into the proper directory, C:\Program Files\OpenVPN\config, and click Connect in the GUI. OpenVPN GUI on Windows must be executed with administrative privileges. macOS: On macOS, the open source application Tunnelblick provides an interface similar to the OpenVPN GUI on Windows, and comes with OpenVPN and the required TUN/TAP drivers. As with Windows, the only step required is to place your .ovpn configuration file into the ~/Library/Application Support/Tunnelblick/Configurations directory. Alternatively, you can double-click on your .ovpn file. Linux: On Linux, you should install OpenVPN from your distribution's official repositories. You can then invoke OpenVPN by executing: sudo openvpn --config ~/path/to/client.ovpn After you establish a successful client connection, you can verify that your traffic is being routed through the VPN by checking Google to reveal your public IP. Conclusion You should now have a fully operational virtual private network running on your OpenVPN server. You can browse the web and download content without worrying about malicious actors tracking your activity. There are several steps you could take to customize your OpenVPN installation even further, such as configuring your client to connect to the VPN automatically or configuring client-specific rules and access policies. For these and other OpenVPN customizations, you should consult the official OpenVPN documentation. If you’re interested in other ways you can protect yourself and your machines on the internet, check out our article on 7 Security Measures to Protect Your Servers.
  4. Step 1 - Add Plex Repository The first step we need to do for this guide is to add the Plex repository to our CentOS 7 system. Go to the 'yum.repos.d' directory and create new repo file 'plex.repo' using the vim editor. cd /etc/yum.repos.d/ vim plex.repo Paste the following Plex repository configuration there. # Plex.repo file will allow dynamic install/update of plexmediaserver. [PlexRepo] name=PlexRepo baseurl=https://downloads.plex.tv/repo/rpm/$basearch/ enabled=1 gpgkey=https://downloads.plex.tv/plex-keys/PlexSign.key gpgcheck=1 Save and exit. Plex repository has been added to the CentOS 7 system. Step 2 - Install Plex Media Server on CentOS 7 Now we will install Plex media server on our CentOS server. Run the yum command below. sudo yum -y install plexmediaserver After the installation is complete, start the plex service and enable it to launch everytime at system boot using the systemctl commands below. systemctl start plexmediaserver systemctl enable plexmediaserver Plex media server has been installed - check it using the following command. systemctl status plexmediaserver And you will get the result as shown below. The Plex Media Server is now running on the CentOS 7 server. Step 3 - Configure Firewalld Rules for Plex Media Server In this tutorial, we will enable Firewalld services. Make sure firewalld packages are installed on the system. Or you can install them using the yum command below. sudo yum -y install firewalld Now start the firewalld service and enable it to launch every time at system boot. systemctl start firewalld systemctl enable firewalld Next, we need to add new firewalld configuration for our plex installation. Plex media server needs some port in the 'LISTEN' state, so we will create new firewalld XML configuration. Go to the '/etc/firewalld/service' directory and create a new service firewalld configuration 'plex.xml' using vim. cd /etc/firewalld/services/ vim plexmediaserver.xml There, paste the following configuration. <?xml version="1.0" encoding="utf-8"?> <service> <short>plexmediaserver</short> <description>Ports required by plexmediaserver.</description> <port protocol="tcp" port="32400"></port> <port protocol="udp" port="1900"></port> <port protocol="tcp" port="3005"></port> <port protocol="udp" port="5353"></port> <port protocol="tcp" port="8324"></port> <port protocol="udp" port="32410"></port> <port protocol="udp" port="32412"></port> <port protocol="udp" port="32413"></port> <port protocol="udp" port="32414"></port> <port protocol="tcp" port="32469"></port> </service> Save and exit. Now add the 'plexmediaserver' service to the firewalld services list, then reload the configuration. sudo firewall-cmd --add-service=plexmediaserver --permanent sudo firewall-cmd --reload And you will get the result as below. The plexmediaserver service has been added to firewalld - check it using the firewalld command below. firewall-cmd --list-all And you should get 'plexmediaserver' on service list. Step 4 - Configure Plex Media Server Before configuring the Plex media server, make sure you have an account for Plex. If not, you can register using the URL below. https://app.plex.tv/ And then login to your account. If you're a registered user and logged in with your browser, you can open your Plex media server installation url in the following way. http://192.168.33.10:32400/web/ And you will be redirected to the plex login as below. Click the 'SIGN IN' button. And you will get the page about how plex works - just click the GOT IT button. Now the server setup page. Type your server name and click the 'NEXT' button. Now you will see the page for plex library configuration. Click the 'NEXT' button again. And the plexmediaserver configuration has been completed - click the 'DONE' button. And you will get the plex Dashboard. Now you can add media files to your plex media server. Below is an example library from our Plex installation. Plex Media Server installation and configuration on CentOS 7 server has been completed successfully.
  5. brent

    How to install Samba4 on Centos7

    Install Samba4 in CentOS 7 1. First install Samba4 and required packages from the default CentOS repositories using the yum package manager tool as shown. # yum install samba samba-client samba-common Install Samba4 on CentOS 7 2. After installing the samba packages, enable samba services to be allowed through system firewall with these commands. # firewall-cmd --permanent --zone=public --add-service=samba # firewall-cmd --reload Open Samba on Firewalld Check Windows Machine Workgroup Settings 3. Before you proceed to configure samba, make sure the Windows machine is in the same workgroup to be configured on the CentOS server. There are two possible ways to view the Windows machine workgroup settings: Right clicking on “This PC” or “My Computer” → Properties → Advanced system settings → Computer Name. Check Windows WorkGroup Alternatively, open the cmd prompt and run the following command, then look for “workstation domain” in the output as shown below. >net config workstation Verify Windows WorkGroup Configuring Samba4 on CentOS 7 4. The main samba configuration file is /etc/samba/smb.conf, the original file comes with pre-configuration settings which explain various configuration directives to guide you. But, before configuring samba, I suggest you to take a backup of the default file like this. # cp /etc/samba/smb.conf /etc/samba/smb.conf.orig Then, proceed to configure samba for anonymous and secure file sharing services as explained below. Samba4 Anonymous File Sharing 5. First create the shared directory where the files will be stored on the server and set the appropriate permissions on the directory. # mkdir -p /srv/samba/anonymous # chmod -R 0775 /srv/samba/anonymous # chown -R nobody:nobody /srv/samba/anonymous Also, you need to change the SELinux security context for the samba shared directory as follows. # chcon -t samba_share_t /srv/samba/anonymous Create Samba Shared Directory 6. Next, open the samba configuration file for editing, where you can modify/add the sections below with the corresponding directives. # vi /etc/samba/smb.conf Samba Configuration Settings [global] workgroup = WORKGROUP netbios name = centos security = user [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous browsable =yes writable = yes guest ok = yes read only = no force user = nobody 7. Now verify current samba settings by running the command below. # testparm Verify Samba Current Configuration Settings Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print$]" Processing section "[Anonymous]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = centos printcap name = cups security = USER idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories browseable = No inherit acls = Yes read only = No valid users = %S %D%w%S [printers] comment = All Printers path = /var/tmp browseable = No printable = Yes create mask = 0600 [print$] comment = Printer Drivers path = /var/lib/samba/drivers create mask = 0664 directory mask = 0775 write list = root [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous force user = nobody guest ok = Yes read only = No 8. Finally, start and enable samba services to start automatically at next boot and also apply the above changes to take effect. # systemctl enable smb.service # systemctl enable nmb.service # systemctl start smb.service # systemctl start nmb.service Testing Anonymous Samba File Sharing 9. Now on the Windows machine, open “Network” from a Windows Explorer window, then click on the CentOShost, or else try to access the server using its IP address (use ifconfig command to get IP address). e.g. \\192.168.43.168. Shared Network Hosts 10. Next, open the Anonymous directory and try to add files in there to share with other users. Samba Anonymous Share Add Files to Samba Anonymous Share Setup Samba4 Secure File Sharing 11. First start by creating a samba system group, then add users to the group and set a password for each user like so. # groupadd smbgrp # usermod tecmint -aG smbgrp # smbpasswd -a tecmint 12. Then create a secure directory where the shared files will be kept and set the appropriate permissions on the directory with SELinux security context for the samba. # mkdir -p /srv/samba/secure # chmod -R 0770 /srv/samba/secure # chown -R root:smbgrp /srv/samba/secure # chcon -t samba_share_t /srv/samba/secure 13. Next open the configuration file for editing and modify/add the section below with the corresponding directives. # vi /etc/samba/smb.conf Samba Secure Configuration Settings [Secure] comment = Secure File Server Share path = /srv/samba/secure valid users = @smbgrp guest ok = no writable = yes browsable = yes 14. Again, verify the samba configuration settings by running the following command. $ testparm Verify Secure Configuration Settings Load smb config files from /etc/samba/smb.conf rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) Processing section "[homes]" Processing section "[printers]" Processing section "[print$]" Processing section "[Anonymous]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] netbios name = centos printcap name = cups security = USER idmap config * : backend = tdb cups options = raw [homes] comment = Home Directories browseable = No inherit acls = Yes read only = No valid users = %S %D%w%S [printers] comment = All Printers path = /var/tmp browseable = No printable = Yes create mask = 0600 [print$] comment = Printer Drivers path = /var/lib/samba/drivers create mask = 0664 directory mask = 0775 write list = root [Anonymous] comment = Anonymous File Server Share path = /srv/samba/anonymous force user = nobody guest ok = Yes read only = No [Secure] comment = Secure File Server Share path = /srv/samba/secure read only = No valid users = @smbgrp 15. Restart Samba services to apply the changes. # systemctl restart smb.service # systemctl restart nmb.service Testing Secure Samba File Sharing 16. Go to Windows machine, open “Network” from a Windows Explorer window, then click on the CentOS host, or else try to access the server using its IP address. e.g. \\192.168.43.168. You’ll be asked to provide your username and password to login the CentOS server. Once you have entered the credentials, click OK. Samba Secure Login 17. Once you successfully login, you will see all the samba shared directories. Now securely share some files with other permitted users on the network by dropping them in Secure directory.
  6. navigate to the following location. /etc/sysconfig/network-scripts/ in this location you will find your NIC file. modify the file with your editor of choice. BOOTPROTO=dhcp To: BOOTPROTO=static Now you'll need to add the entries to set not only the IP address, but the netmask, gateway, and DNS addresses. At the bottom of that file, add the following: IPADDR=192.168.1.200 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=1.0.0.1 DNS2=1.1.1.1 DNS3=8.8.4.4 Save the file restart networking sudo systemctl restart network
  7. Run the following: curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python -
  8. brent

    How to install Plex Media Server

    Plex is a free feature-rich media library platform that provides a way to store all your movies, shows, and other media in one place. You can access Plex from any device, whether you’re at home or on-the-go. There are many different media tools available in the world like, Kodi, Xmbc, OSMC and Mediatomb, but the Plex Media Server is perhaps one of the most popular solutions for managing media. Plex runs on Windows, macOS, Linux, FreeBSD and many more. Plex is a client-server media player system made up from two main components, 1) The Plex Media Server, which organizes music, photos and videos content from personal media libraries and streams it to their player, 2) The Players that can be the Plex web UI, Plex Apps or Plex home theater. Plex Media Server supports Chromecast, Amazon FireTV, Android, iOS, Xbox, PlayStation, Apple TV, Roku, Android TV and various types of smart TVs. If you are looking for a way to watch your movies from anywhere, then Plex is best choice for you. In this tutorial, we will learn how to install and configure Plex Media Server on Ubuntu 16.04. Requirements A server running Ubuntu 16.04. A not-root user with sudo privileges setup on your server. A static IP address 192.168.0.227 setup on your server. Getting Started Before starting, make sure your system is fully up to date by running the following command: sudo apt-get update -y sudo apt-get upgrade -y Once your system is updated, restart your system to apply all these changes with the following command: sudo reboot After restarting, log in with sudo user and proceed to the next step. 1. Install Plex Media Server First, you will need to download the latest version of the Plex from their official website. You can download it by running the following command: wget https://downloads.plex.tv/plex-media-server/1.7.5.4035-313f93718/plexmediaserver_1.7.5.4035-313f93718_amd64.deb Once Plex is downloaded, run the following command to install Plex: sudo dpkg -i plexmediaserver_1.7.5.4035-313f93718_amd64.deb Next, start Plex Media Server and enable it to start on boot time by running the following command: sudo systemctl start plexmediaserver sudo systemctl enable plexmediaserver You can check the status of Plex Media Server at any time by running the following command: sudo systemctl status plexmediaserver You should see the following output: ? plexmediaserver.service - Plex Media Server for Linux Loaded: loaded (/lib/systemd/system/plexmediaserver.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2017-08-05 11:48:52 IST; 17s ago Main PID: 3243 (sh) CGroup: /system.slice/plexmediaserver.service ??3243 /bin/sh -c LD_LIBRARY_PATH=/usr/lib/plexmediaserver "/usr/lib/plexmediaserver/Plex Media Server" ??3244 /usr/lib/plexmediaserver/Plex Media Server ??3288 Plex Plug-in [com.plexapp.system] /usr/lib/plexmediaserver/Resources/Plug-ins-313f93718/Framework.bundle/Contents/Resources/Versions/ Aug 05 11:49:04 Node1 systemd[1]: Started Plex Media Server for Linux. Aug 05 11:49:04 Node1 sh[3243]: Error in command line:the argument for option '--serverUuid' should follow immediately after the equal sign Aug 05 11:49:04 Node1 sh[3243]: Crash Uploader options (all are required): Aug 05 11:49:04 Node1 sh[3243]: --directory arg Directory to scan for crash reports Aug 05 11:49:04 Node1 sh[3243]: --serverUuid arg UUID of the server that crashed Aug 05 11:49:04 Node1 sh[3243]: --userId arg User that owns this product Aug 05 11:49:04 Node1 sh[3243]: --platform arg Platform string Aug 05 11:49:04 Node1 sh[3243]: --url arg URL to upload to Aug 05 11:49:04 Node1 sh[3243]: --help show help message Aug 05 11:49:04 Node1 sh[3243]: --version arg Version of the product Next, you will need to create a directory to store your Plex media. You can create this by running the following command: sudo mkdir -p /root/plex/movie Or if you already have shares on your server, skip this step Once you are finished, you can proceed to the next step. 2. Configure Plex Now, all the components are installed on your system, it's time to configure and access Plex. Open your web browser and type the URL http://192.168.0.227:32400/web, you should see the following page: After accepting the user agreement, you will need to create a Plex account, click on "Sign Up" button for a new account. You should see the following page: Here, provide all the required details like, Username, Email, Password, and click on the "Sign Up" button. You should see the following screen: Here, give your server name and click on the Next button, you should see the following screen: Click on the Next button, you should see the following screen: The final step of the initial server setup is to allow remote access to your media server and send anonymous data to Plex. By default both are checked. It is recommended to leave them checked, next click on the "Done" button to finish server setup. You should see the Plex dashboard in the following screen: Now, click on "Add Library" button, you should see the following screen: Here, select your library type. Repeat these steps for TV shows, music, and photos. It isn’t necessary to populate all the libraries. Click on the Nextbutton, you should see the following screen: Navigate to the corresponding media directory that you created previously, then click on Add button. Next, you will need to disable DLNA features. To do so, click the wrench icon in the upper right corner, select Server click on DLNA and uncheck "Enable the DLNA server" then click Save Changes. Congratulations! your Plex Media Server is ready, you are now ready to connect to it from your Plex client application or Web browser.
  9. brent

    How to disable IPv6

    To disable ipv6, you have to open /etc/sysctl.conf using any text editor and insert the following lines at the end: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 If ipv6 is still not disabled, then the problem is that sysctl.conf is still not activated. To solve this, open a terminal(Ctrl+Alt+T) and type the command, sudo sysctl -p You will see this in the terminal: net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 After that, if you run: cat /proc/sys/net/ipv6/conf/all/disable_ipv6 It will report: 1 If you see 1, ipv6 has been successfully disabled.
  10. If you looking for an alternative to public IM and VOIP services like Skype and want to create a private secure IM / VOIP network, this guide is for you. This guide is intended as a relatively easy step by step guide to: Requirements: Ubuntu 12.04 or later installed machine to act as local IM server machine and one to act as IM client - the client computer can also be Windows or Mac OSX based as long as you install the relevant Spark client on these machines. 1. Install Java 6/7 JRE or JDK. On each computer you want to be part of your IM network require at least Java 6 JRE to be installed. Oracle / Sun Java 6 is no longer available in the Software Center as Oracle has changed the license to make it complicated to install and update on Ubuntu. More information about Java on Ubuntu available here. The easiest way I have found is to install Java on Ubuntu is via the Web Upd8 PPA . First add the PPA. Open a Terminal Window and enter : sudo add-apt-repository ppa:webupd8team/java sudo apt-get update A good idea to minimise any Java conflicts is to remove OpenJDK. open a Terminal Window and enter : sudo apt-get remove --purge openjdk* Then to install Oracle Java 6 version open a Terminal Window and enter : sudo apt-get install oracle-java6-installer To install Oracle Java 7 version open a Terminal Window and enter : sudo apt-get install oracle-java7-installer Tip: Top check the Java version installed on your system open a terminal and enter : java -version 2. Create new MySQL database for Openfire. You have several options for user authentication including LDAP, MtSQL or embeded DB. We will use the MySQL option and need to create a new database and user for Openfire to use. Log in to MySQL as root. Open the Terminal window and enter : sudo mysql -u root -p Then enter the following to create the database and add user openfire. Replace openfirepasswrd with a new password : mysql> CREATE DATABASE openfire CHARACTER SET='utf8'; mysql> CREATE USER 'openfire'@'localhost' IDENTIFIED BY 'openfirepasswrd'; mysql> GRANT ALL PRIVILEGES ON `openfire`.* TO 'openfire'@'localhost' WITH GRANT OPTION; mysql> FLUSH PRIVILEGES; mysql> quit 3. Install Openfire. The latest Debian version of Openfire can be downloaded from ignite realtime download page. Download Openfire 3.8.2 by opening a terminal window and enter : cd /tmp wget -O openfire_3.8.2_all.deb http://www.igniterea...e_3.8.2_all.deb Then install openfire. Open a Terminal window and enter : sudo dpkg -i openfire_3.8.2_all.deb Ignore all installation errors regarding user and folder permissions. As long as you do not get any Java version errors and openfire does install you are good to go. You need to point the openfire server startup file to the correct home folder of the Java version installed on your system. Replace java-6-sun with java-6-oracle or java-7-oracle depending on your version of java in the /etc/init.d/openfirefile in line 27, or open a terminal and enter: sudo apt-get install rpl sudo rpl '6-sun' '7-oracle' /etc/init.d/openfire sudo service openfire start 4. Open firewall ports for Openfire. You need to open some ports on your firewall for Openfire to work. Port 9090 : for the web interface. Port 9091 : for SSL web interface. Port 5222 : the main port used for client/server communication by Openfire. Port 7777 : used for file transfer. Port 7443 : used for unsecured Http client connections. Port 7070 : used for secure Http client connections. Port 3478, 3479 : used by the STUN Servive for entities behind a NAT. Complete port list used by Openfire available here. If you are using ufw firewall open a terminal and enter: sudo ufw allow 9090/tcp sudo ufw allow 9091/tcp sudo ufw allow 5222/tcp sudo ufw allow 7777/tcp sudo ufw allow 7443/tcp sudo ufw allow 7070/tcp sudo ufw allow 3478/tcp sudo ufw allow 3479/tcp 5. Configure Openfire server with web admin console. The rest of the Openfire configuration will be done in the admin console. Replace mydomain below with your FQDN or IP address of your server. Open a browser and go to : http://mydomain:9090/setup/index.jsp You will be presented with the Openfire setup wizard. Follow the instructions. When asked select Database Settings > Standard Connection Make sure you enter the MySQL database hostname and database name in the Database URL line below - this is easily missed . When done you can login to the admin console with your openfire admin username and password on : http://mydomain:9090/index.jsp You can also login securely with SSL encryption enabled on : https://mydomain:9091/index.jsp Some very important settings to consider are found under Server > Server Settings > Registration Settings Then go to the User/Groups menu and add IM users. How to remove openFire First we need to stop the service: sudo /etc/init.d/openfire stop Now we need to remove from services: sudo update-rc.d -f openfire remove Now to remove it from startup file: sudo rm /etc/init.d/openfire Now to delete all the files located at /opt/openfire: sudo rm -rf /opt/openfire Last Item is to dump the database in mysql.
  11. brent

    How to install TeamSpeak Server

    First you’ll need to login to your server, now lets begin by downloading the latest version of the Linux Teamspeak server:- https://www.teamspeak.com/downloads Head over to TeamSpeak and download the Server Linux version. Ok, so now lets extract the contents of the downloaded archive like so: (Current version of this article is 3.0.10.3) tar xzf teamspeak3-server_linux-amd64-3.0.10.3.tar.gz Next we’ll create a user account of which Teamspeak will run under on our server, we’ll simply use ‘teamspeak3’ as the username and disable the ability for a user to login to the server with this account (in effect making it a ‘local daemon account’ only) sudo adduser --disabled-login teamspeak3 Perfect! – Lets now move the Teamspeak binaries and configuration files into it’s new home, we’ll place these under /opt/ts3-server/ sudo mv teamspeak3-server_linux-amd64 /opt/ts3-server/ …and change the ownership to our ‘teamspeak3’ user that we set up a few minutes ago… sudo chown -R teamspeak3 /opt/ts3-server/ Fantastic, we are now very nearly done! – The last thing that we should do is to get Teamspeak to start on ‘boot up’ so first we will create a symlink (symbolic link) to the default init script that is included in the download archive:- sudo ln -s /opt/ts3-server/ts3server_startscript.sh /etc/init.d/teamspeak3 and now we set it to start on system boot up like so… sudo update-rc.d teamspeak3 defaults Here we go… we will now start the Teamspeak 3 server for the first time… sudo service teamspeak3 start You now have a Teamspeak 3 server up and running and as long as you’ve not got a firewall running you should now be able to connect to this server using your server’s hostname or IP address! (If you are running IPTables see my extended instructions below!) Just before you get carried away though, you should be shown a screen as follows: Adding firewall rules for IPTables If you have a firewall installed you’ll need to enable a few ports, if you are running IPtables on your server the rules required are as follows:- -A INPUT -p udp --dport 9987 -j ACCEPT -A INPUT -p udp --sport 9987 -j ACCEPT -A INPUT -p tcp --dport 30033 -j ACCEPT -A INPUT -p tcp --sport 30033 -j ACCEPT -A INPUT -p tcp --dport 10011 -j ACCEPT -A INPUT -p tcp --sport 10011 -j ACCEPT To manage your team speak server you can telnet into your server using putty, or you can download a client to manage the server using an interface here http://yat.qa/.
  12. brent

    How to install autosqlbackup

    How to install autosqlbackup First we want to: sudo apt-get update sudo apt-get upgrade Then we are going to run the following command. apt-get install automysqlbackup Next we want to edit the configuration file located /etc/default/automysqlbackup.conf /etc/default/autosqlbackup to see the stored location of backups look under sudo ls /var/lib/automysqlbackup You will see daily, monthly, and weekly I changed the default backup location to /opt/automysqlbackup/ This was done in /etc/default/automysqlbackup.conf P.S. You may also want to look at the following locations /usr/sbin/automysqlbackup /etc/cron.daily/automysqlbackup
  13. brent

    How to install LAMP

    How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 16.04 Introduction A "LAMP" stack is a group of open source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is stored in a MySQL database, and dynamic content is processed by PHP. In this guide, we'll get a LAMP stack installed on an Ubuntu 16.04 Droplet. Ubuntu will fulfill our first requirement: a Linux operating system. Prerequisites Before you begin with this guide, you should have a separate, non-root user account with sudo privileges set up on your server. You can learn how to do this by completing steps 1-4 in the initial server setup for Ubuntu 16.04. Step 1: Install Apache and Allow in Firewall The Apache web server is among the most popular web servers in the world. It's well-documented, and has been in wide use for much of the history of the web, which makes it a great default choice for hosting a website. We can install Apache easily using Ubuntu's package manager, apt. A package manager allows us to install most software pain-free from a repository maintained by Ubuntu. For our purposes, we can get started by typing these commands: sudo apt-get update sudo apt-get install apache2 Since we are using a sudo command, these operations get executed with root privileges. It will ask you for your regular user's password to verify your intentions. Once you've entered your password, apt will tell you which packages it plans to install and how much extra disk space they'll take up. Press Y and hit Enter to continue, and the installation will proceed. Next, assuming that you have followed the initial server setup instructions to enable the UFW firewall, make sure that your firewall allows HTTP and HTTPS traffic. You can make sure that UFW has an application profile for Apache like so: sudo ufw app list Output Available applications: Apache Apache Full Apache Secure OpenSSH If you look at the Apache Full profile, it should show that it enables traffic to ports 80 and 443: sudo ufw app info "Apache Full" Output Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp Allow incoming traffic for this profile: sudo ufw allow in "Apache Full" You can do a spot check right away to verify that everything went as planned by visiting your server's public IP address in your web browser (see the note under the next heading to find out what your public IP address is if you do not have this information already): http://your_server_IP_address You will see the default Ubuntu 16.04 Apache web page, which is there for informational and testing purposes. If you see this page, then your web server is now correctly installed and accessible through your firewall. How To Find your Server's Public IP Address If you do not know what your server's public IP address is, there are a number of ways you can find it. Usually, this is the address you use to connect to your server through SSH. From the command line, you can find this a few ways. First, you can use the iproute2 tools to get your address by typing this: ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//' This will give you two or three lines back. They are all correct addresses, but your computer may only be able to use one of them, so feel free to try each one. An alternative method is to use the curl utility to contact an outside party to tell you how it sees your server. You can do this by asking a specific server what your IP address is: sudo apt-get install curl curl http://icanhazip.com Regardless of the method you use to get your IP address, you can type it into your web browser's address bar to get to your server. Step 2: Install MySQL Now that we have our web server up and running, it is time to install MySQL. MySQL is a database management system. Basically, it will organize and provide access to databases where our site can store information. Again, we can use apt to acquire and install our software. This time, we'll also install some other "helper" packages that will assist us in getting our components to communicate with each other: sudo apt-get install mysql-server Note: In this case, you do not have to run sudo apt-get update prior to the command. This is because we recently ran it in the commands above to install Apache. The package index on our computer should already be up-to-date. Again, you will be shown a list of the packages that will be installed, along with the amount of disk space they'll take up. Enter Y to continue. During the installation, your server will ask you to select and confirm a password for the MySQL "root" user. This is an administrative account in MySQL that has increased privileges. Think of it as being similar to the root account for the server itself (the one you are configuring now is a MySQL-specific account, however). Make sure this is a strong, unique password, and do not leave it blank. When the installation is complete, we want to run a simple security script that will remove some dangerous defaults and lock down access to our database system a little bit. Start the interactive script by running: sudo mysql_secure_installation You will be asked to enter the password you set for the MySQL root account. Next, you will be asked if you want to configure the VALIDATE PASSWORD PLUGIN. Warning: Enabling this feature is something of a judgment call. If enabled, passwords which don't match the specified criteria will be rejected by MySQL with an error. This will cause issues if you use a weak password in conjunction with software which automatically configures MySQL user credentials, such as the Ubuntu packages for phpMyAdmin. It is safe to leave validation disabled, but you should always use strong, unique passwords for database credentials. Answer y for yes, or anything else to continue without enabling. VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No: You'll be asked to select a level of password validation. Keep in mind that if you enter 2, for the strongest level, you will receive errors when attempting to set any password which does not contain numbers, upper and lowercase letters, and special characters, or which is based on common dictionary words. There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1 If you enabled password validation, you'll be shown a password strength for the existing root password, and asked you if you want to change that password. If you are happy with your current password, enter nfor "no" at the prompt: Using existing password for root. Estimated strength of the password: 100 Change the password for root ? ((Press y|Y for Yes, any other key for No) : n For the rest of the questions, you should press Y and hit the Enter key at each prompt. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately respects the changes we have made. At this point, your database system is now set up and we can move on. Step 3: Install PHP PHP is the component of our setup that will process code to display dynamic content. It can run scripts, connect to our MySQL databases to get information, and hand the processed content over to our web server to display. We can once again leverage the apt system to install our components. We're going to include some helper packages as well, so that PHP code can run under the Apache server and talk to our MySQL database: sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql This should install PHP without any problems. We'll test this in a moment. In most cases, we'll want to modify the way that Apache serves files when a directory is requested. Currently, if a user requests a directory from the server, Apache will first look for a file called index.html. We want to tell our web server to prefer PHP files, so we'll make Apache look for an index.php file first. To do this, type this command to open the dir.conf file in a text editor with root privileges: sudo nano /etc/apache2/mods-enabled/dir.conf It will look like this: /etc/apache2/mods-enabled/dir.conf <IfModule mod_dir.c> DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm </IfModule> We want to move the PHP index file highlighted above to the first position after the DirectoryIndexspecification, like this: /etc/apache2/mods-enabled/dir.conf <IfModule mod_dir.c> DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule> When you are finished, save and close the file by pressing Ctrl-X. You'll have to confirm the save by typingY and then hit Enter to confirm the file save location. After this, we need to restart the Apache web server in order for our changes to be recognized. You can do this by typing this: sudo systemctl restart apache2 We can also check on the status of the apache2 service using systemctl: sudo systemctl status apache2 Sample Output ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled) Drop-In: /lib/systemd/system/apache2.service.d └─apache2-systemd.conf Active: active (running) since Wed 2016-04-13 14:28:43 EDT; 45s ago Docs: man:systemd-sysv-generator(8) Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) Tasks: 6 (limit: 512) CGroup: /system.slice/apache2.service ├─13623 /usr/sbin/apache2 -k start ├─13626 /usr/sbin/apache2 -k start ├─13627 /usr/sbin/apache2 -k start ├─13628 /usr/sbin/apache2 -k start ├─13629 /usr/sbin/apache2 -k start └─13630 /usr/sbin/apache2 -k start Apr 13 14:28:42 ubuntu-16-lamp systemd[1]: Stopped LSB: Apache2 web server. Apr 13 14:28:42 ubuntu-16-lamp systemd[1]: Starting LSB: Apache2 web server... Apr 13 14:28:42 ubuntu-16-lamp apache2[13605]: * Starting Apache httpd web server apache2 Apr 13 14:28:42 ubuntu-16-lamp apache2[13605]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerNam Apr 13 14:28:43 ubuntu-16-lamp apache2[13605]: * Apr 13 14:28:43 ubuntu-16-lamp systemd[1]: Started LSB: Apache2 web server.
  14. brent

    How to add a new drive to Ubuntu

    Command Line Partitioning You'll be using "fdisk" to accomplish this. Refer back to the logical name you noted from earlier. For illustration, I'll use /dev/sdb, and assume that you want a single partition on the disk, occupying all the free space. If the number of cylinders in the disk is larger than 1024 (and large hard drives always have more), it could, in certain setups, cause problems with: software that runs at boot time (e.g., old versions of LILO) booting and partitioning software from other OSs (e.g., DOS FDISK, OS/2 FDISK) Otherwise, this will not negatively affect you. 1) Initiate fdisk with the following command: sudo fdisk /dev/sdb 2) Fdisk will display the following menu: Command (m for help): m <enter> Command action a toggle a bootable flag b edit bsd disklabel c toggle the dos compatibility flag d delete a partition l list known partition types m print this menu n add a new partition o create a new empty DOS partition table p print the partition table q quit without saving changes s create a new empty Sun disklabel t change a partition's system id u change display/entry units v verify the partition table w write table to disk and exit x extra functionality (experts only) Command (m for help): 3) We want to add a new partition. Type "n" and press enter. Command action e extended p primary partition (1-4) 4) We want a primary partition. Enter "p" and enter. Partition number (1-4): 5) Since this will be the only partition on the drive, number 1. Enter "1" and enter. Command (m for help): If it asks about the first cylinder, just type "1" and enter. (We are making 1 partition to use the whole disk, so it should start at the beginning.) 6) Now that the partition is entered, choose option "w" to write the partition table to the disk. Type "w" and enter. The partition table has been altered! 7) If all went well, you now have a properly partitioned hard drive that's ready to be formatted. Since this is the first partition, Linux will recognize it as /dev/sdb1, while the disk that the partition is on is still /dev/sdb. Command Line Formatting To format the new partition as ext3 file system (best for use under Ubuntu): sudo mkfs -t ext3 /dev/sdb1 To format the new partition as fat32 file system (best for use under Ubuntu & Windows): sudo mkfs -t fat32 /dev/sdb1 As always, substitute "/dev/sdb1" with your own partition's path. Modify Reserved Space (Optional) When formatting the drive as ext2/ext3, 5% of the drive's total space is reserved for the super-user (root) so that the operating system can still write to the disk even if it is full. However, for disks that only contain data, this is not necessary. NOTE: You may run this command on a fat32 file system, but it will do nothing; therefore, I highly recommend not running it. You can adjust the percentage of reserved space with the "tune2fs" command, like this: sudo tune2fs -m 1 /dev/sdb1 This example reserves 1% of space - change this number if you wish. Using this command does not change any existing data on the drive. You can use it on a drive which already contains data. Create A Mount Point Now that the drive is partitioned and formatted, you need to choose a mount point. This will be the location from which you will access the drive in the future. I would recommend using a mount point with "/media", as it is the default used by Ubuntu. For this example, we'll use the path "/media/mynewdrive" sudo mkdir /media/mynewdrive Now we are ready to mount the drive to the mount point. Mount The Drive You can choose to have the drive mounted automatically each time you boot the computer, or manually only when you need to use it. Automatic Mount At Boot Note: Ubuntu now recommends to use UUID instead, see the instructions here:https://help.ubuntu....unity/UsingUUID You'll need to edit /etc/fstab: gksu gedit /etc/fstab or in terminal: sudo nano -Bw /etc/fstab Note: https://help.ubuntu....b#Editing_fstab Add this line to the end (for ext3 file system): /dev/sdb1 /media/mynewdrive ext3 defaults 0 2 Add this line to the end (for fat32 file system): /dev/sdb1 /media/mynewdrive vfat defaults 0 2The defaults part may allow you to read, but not write. To write other partition and FAT specific options must be used. If gnome nautilus is being used, use the right-click, mount method, from computer folder. Then launch the mount command from terminal, no options. The last entry should be the FAT drive and and look something like: /dev/sda5 on /media/mynewdrive type vfat (rw,nosuid,nodev,uhelper=hal,shortname=mixed,uid=1000,utf8,umask=077,flush)All of the parts between the parenthesis are the mount options and should replace "defaults" in the fstab file. The "2" at the end instructs your system to run a quick file system check on the hard drive at every boot. Changing it to "0" will skip this. Run 'man fstab' for more info here. You can now run "sudo mount -a" (or reboot the computer) to have the changes take effect. If you want to allow a normal user to create files on this drive, you can either give this user ownership of the top directory of the drive filesystem: (replace USERNAME with the username) sudo chown -R USERNAME:USERNAME /media/mynewdrive or in a more flexible way, practical if you have several users, allow for instance the users in the plugdev group (usually those who are meant to be able to mount removable disks, desktop users) to create files and sub-directories on the disk: sudo chgrp plugdev /media/mynewdrive sudo chmod g+w /media/mynewdrive sudo chmod +t /media/mynewdrive The last "chmod +t" adds the sticky bit, so that people can only delete their own files and sub-directories in a directory, even if they have write permissions to it (see man chmod). Manually Mount Alternatively, you may want to manually mount the drive every time you need it. For manual mounting, use the following command: sudo mount /dev/sdb1 /media/mynewdrive When you are finished with the drive, you can unmount it using: sudo umount /media/mynewdrive
  15. This guide was created on Ubuntu 12.04. This has also been tested on 16.04 Introduction: The installation of OpenVPN AS is much simpler compared to the traditional OpenVPN (without any GUI). Another great thing about about OpenVPN AS (Access Server) is that it has a mobile application for both Android and iOS platforms, enabling you to access your OpenVPN server on your smartphone as well. Basic Server Setup The ports that you need forwarded are as followed. 443, TCP 943, UDP 1194 Installing OpenVPN Acess Server (Visit openvpn.org for latest version) sudo wget http://swupdate.openvpn.org/as/openvpn-as-2.0.7-Ubuntu12.amd_64.deb To install OpenVPN AS, enter the following command: dpkg -i openvpn-as-2.0.7-Ubuntu12.amd_64.deb That's it. OpenVPN AS is now installed. However, there are still some things left to do before we can use it. During the installation, OpenVPN has created a default admin user called 'openvpn'. We need to set a password for 'openvpn'. To do that, enter the following command: sudo passwd openvpn Administration and Client Software SetupReplace "YourIPAddress" with your actual cloud server's IP address. Then, head over to the Client UI to use the access server. You'll see a big bad security warning. But don't be alarmed, it is perfectly okay since we've self-signed our server's SSL. Ignore the warning and click Ok/Proceed and you'll be prompted for username and password. Enter 'openvpn' as the username and the password should be what you've set for 'openvpn' before. After filling out username/password, click 'Go' and you'll see a screen like this: You can login to the Admin UI if you need to make changes to your access server, although default settings works fine. Now, have fun with your OpenVPN Access Server! https://domain.com:943/admin/
  16. If you have a start up script in init.d and want to remove the start up service here is the command. update-rc.d -f foobar remove
  17. Here is an example of how to use rysnc to copy data from a server to a remote server over SSH. rsync -av --progress /home/shares/data/ brent@10.123.153.129: /home/shares/data
  18. https://www.alfresco.com This document shows how to install Alfresco 4.2 on an Ubuntu 12.04 system. I am creating a virtual server for this that has 3.75 GiB of Memory Installing Java 7 Here are the commands to install Java 7 from Ubuntu 12.04 server. > sudo apt-get purge openjdk* > sudo apt-get install python-software-properties > sudo add-apt-repository ppa:webupd8team/java > sudo apt-get update > sudo apt-get install oracle-java7-installer > java -version Install Tomcat 7 ( a lot of this was derived from http://jensontaylor....-on-ubuntu.html ) · Download tomcat 7 to the local directory (this address could change see http://tomcat.apache...download-70.cgi [2]) > wget http://apache.osuosl.org/tomcat/tomcat-7/v7.0.50/bin/apache-tomcat-7.0.50.tar.gz Extract the file > tar xvzf apache-tomcat-7.0.50.tar.gz Move the tomcat over > sudo mv apache-tomcat-7.0.50 /opt/tomcat Now set up the tomcat users. > sudo nano /opt/tomcat/conf/tomcat-users.xml Add the following lines within the <tomcat-users> element (of course change the password to your own password) <role rolename="manager-gui"/> <role rolename="admin-gui"/> <user name="admin" password="password" roles="admin-gui, manager-gui, manager-script, admin-script" /> Fix the connector, > sudo nano +70 /opt/tomcat/conf/server.xml And add this to the connector URIEncoding="UTF-8" Set up start up script > sudo nano /etc/init.d/tomcat Then place the following in it. (adjust the jvm to the directory you have it in) # Tomcat auto-start # # description: Auto-starts tomcat # processname: tomcat # pidfile: /var/run/tomcat.pid export JAVA_HOME=/usr/lib/jvm/java-7-oracle case $1 in start) sh /opt/tomcat/bin/startup.sh ;; stop) sh /opt/tomcat/bin/shutdown.sh ;; restart) sh /opt/tomcat/bin/shutdown.sh sh /opt/tomcat/bin/startup.sh ;; esac exit 0 Make it executable > sudo chmod 755 /etc/init.d/tomcat Add it to autostart > sudo update-rc.d tomcat defaults Reboot to test auto start of tomcat > sudo reboot now Now open up a web browser (of course use your IP address, domain name) Change memory settings for tomcat > sudo nano /opt/tomcat/bin/catalina.sh Add the following line This gives it 2GiB to use, you may need to change it to your system JAVA_OPTS="-XX:MaxPermSize=160m -XX:NewSize=256m -Xms512m " JAVA_OPTS="$JAVA_OPTS -Xmx1024m -Xss512K " Restart tomcat > sudo /etc/init.d/tomcat restart Open up http://192.168.2.110.../manager/status to check the memory settings Here you can see here that it does have 2GiB of max memory (roughly) Install/Setup MySQL Install mysql on this server > sudo apt-get install mysql-server Log into mysql > mysql -u root -p -h localhost Run this command in mysql to create alfresco user and to give it alfresco access > CREATE USER 'alfresco'@'localhost' IDENTIFIED BY 'passalfresco'; > CREATE USER 'alfresco'@'%' IDENTIFIED BY 'passalfresco'; > grant all on alfresco.* to 'alfresco'@'%' identified by 'passalfresco' with grant option; > create database alfresco default character set utf8 collate utf8_bin; > exit Restart mysql > sudo /etc/init.d/mysql restart Create Alfresco Folder Make a alfresco folder > sudo mkdir /opt/alfresco Download Install Alfresco Some of the notes I used for this are at http://wiki.alfresco...fresco_in_Linux [3] Download the installer (this address will change over time) but you can probably be safe going to http://wiki.alfresco...nstall_Alfresco [4] or http://wiki.alfresco...file_list_4.2.c > cd > mkdir alfresco > cd alfresco > sudo sudo http://dl.alfresco.com/release/community/build-4848/alfresco-community-4.2.e.zip If you do not have unzip install it. > sudo apt-get install unzip unzip file > unzip alfresco-community-4.2.e.zip Install alfresco.war and share.war on tomcat Open up the tomcat web page http://192.168.0.231:8080/manager/html Then enter Context Path /alfresco War Directory /opt/alfresco/web-server/webapps/alfresco.war Click Deploy It will deploy but fail to start (which is fine) Now do the same for share.war Then enter Context Path /share War Directory /opt/alfresco/web-server/webapps/share.war Click Deploy Download and install mysql connector, it can be found at http://dev.mysql.com...ds/connector/j/ [5] > cd > wget http://cdn.mysql.com/Downloads/Connector-J/mysql-connector-java-5.1.28.zip > unzip mysql-connector-java-5.1.28.zip > cd mysql-connector-java-5.1.28/ > cp mysql-connector-java-5.1.28-bin.jar /opt/tomcat/lib/ setup the shared directory > cd > cd /opt/alfresco/web-server > sudo cp -r shared /opt/tomcat/ Set Global Properties Alfresco requires some additional installs to work. Alfresco out of the box uses a few other tools like OpenOffice and ImageMagick. Some of this was gleamed from http://www.howtoforg...0.04-lucid-lynx [6] First update your repository information > sudo apt-add-repository ppa:guilhem-fr/swftools > sudo add-apt-repository ppa:upubuntu-com/office > sudo apt-get update Install these via apt-get > sudo apt-get install imagemagick swftools libjodconverter-java ffmpeg ttf-mscorefonts-installer Copy these sample files to .xml files (it will allow the creation of thumbnails for videos) > cd /opt/tomcat/shared/classes/alfresco/extension/ > sudo cp video-thumbnail-context.xml.sample video-thumbnail-context.xml > sudo cp video-transformation-context.xml.sample video-transformation-context.xml Edit the /opt/tomcat/conf/catalina.properties file > sudo nano +74 /opt/tomcat/conf/catalina.properties Updated shared.loader to the following shared.loader=${catalina.base}/shared/classes,${catalina.base}/shared/lib/*.jar In the /opt/tomcat/shared/classes directory there is an alfresco-global.properties.sample folder. Rename it > cd /opt/tomcat/shared/classes > sudo cp alfresco-global.properties.sample alfresco-global.properties Now edit this file > sudo nano alfresco-global.properties Here is the file I made, Make sure to edit the mail.* portion to an email account you have. (new in ubuntu 12.04 open office is now libreoffice) ############################### ## Common Alfresco Properties # ############################### # # Sample custom content and index data location # dir.root=/opt/alfresco/alf_data #dir.keystore=${dir.root}/keystore # # Sample database connection properties # db.username=alfresco db.password=Sp23rty4 #Disabled the guest login alfresco.authentication.allowGuestLogin=false # # External locations #------------- ooo.exe=/usr/bin/libreoffice ooo.enabled=true ooo.port=8100 jodconverter.officeHome=/usr/lib/libreoffice/program/soffice jodconverter.portNumbers=8100 jodconverter.enabled=true img.root=/usr img.dyn=${img.root}/lib img.exe=${img.root}/bin/convert swf.exe=/usr/bin/pdf2swf ffmpeg.exe=/usr/bin/ffmpeg # # Property to control whether schema updates are performed automatically. # Updates must be enabled during upgrades as, apart from the static upgrade scripts, # there are also auto-generated update scripts that will need to be executed. After # upgrading to a new version, this can be disabled. # #db.schema.update=true # # MySQL connection # db.driver=org.gjt.mm.mysql.Driver db.name=alfresco db.url=jdbc:mysql://localhost/alfresco?useUnicode=yes&characterEncoding=UTF-8 # # Oracle connection # #db.driver=oracle.jdbc.OracleDriver #db.url=jdbc:oracle:thin:@localhost:1521:alfresco # # PostgreSQL connection (requires postgresql-8.2-504.jdbc3.jar or equivalent) # #db.driver=org.postgresql.Driver #db.url=jdbc:postgresql://localhost:5432/alfresco # # DB2 connection # #db.driver=com.ibm.db2.jcc.DB2Driver #db.url=jdbc:db2://localhost:50000/alfresco:retrieveMessagesFromServerOnGetMessage=true; # # Index Recovery Mode #------------- #index.recovery.mode=AUTO # # Outbound Email Configuration #------------- mail.host=smtp.gmail.com mail.port=465 mail.protocol=smtps mail.username=yourname@example.com mail.password=yourpassword mail.smtp.timeout=30000 # New Properties mail.smtps.starttls.enable=true mail.smtps.auth=true # # Alfresco Email Service and Email Server #------------- # Enable/Disable the inbound email service. The service could be used by processes other than # the Email Server (e.g. direct RMI access) so this flag is independent of the Email Service. #------------- #email.inbound.enabled=true # Email Server properties #------------- #email.server.enabled=true #email.server.port=25 #email.server.domain=alfresco.com #email.inbound.unknownUser=anonymous # A comma separated list of email REGEX patterns of allowed senders. # If there are any values in the list then all sender email addresses # must match. For example: # .*\@alfresco\.com, .*\@alfresco\.org # Allow anyone: #------------- #email.server.allowed.senders=.* # # The default authentication chain # To configure external authentication subsystems see: # http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems #------------- #authentication.chain=alfrescoNtlm1:alfrescoNtlm # # URL Generation Parameters (The ${localname} token is replaced by the local server name) #------------- #alfresco.context=alfresco #alfresco.host=${localname} #alfresco.port=8080 #alfresco.protocol=http # #share.context=share #share.host=${localname} #share.port=8080 #share.protocol=http #imap.server.enabled=true #imap.server.port=143 #imap.server.host=localhost # Default value of alfresco.rmi.services.host is 0.0.0.0 which means 'listen on all adapters'. # This allows connections to JMX both remotely and locally. # alfresco.rmi.services.host=0.0.0.0 # # RMI service ports for the individual services. # These seven services are available remotely. # # Assign individual ports for each service for best performance # or run several services on the same port. You can even run everything on 50500 if needed. # # Select 0 to use a random unused port. # #avm.rmi.service.port=50501 #avmsync.rmi.service.port=50502 #attribute.rmi.service.port=50503 #authentication.rmi.service.port=50504 #repo.rmi.service.port=50505 #action.rmi.service.port=50506 #wcm-deployment-receiver.rmi.service.port=50507 #monitor.rmi.service.port=50508 Reboot the server >sudo reboot now It may take a while for alfresco to come up and set up the database the first time. What I do is log back into the system them tail the tomcat log to see if alfresco is starting correctly, and for when it is done (in my case it took 2 ½ minutes) > sudo tail -f /opt/tomcat/logs/catalina.out See the server startup message.
  19. Here is the command to clean cache from your server. sudo echo 3 | sudo tee /proc/sys/vm/drop_caches
  20. Installing Bind9 on Ubuntu Installing Bind9 (DNS Server) is a breeze on Ubuntu. Three packages will need to be installed: bind9, dnsutils, and bind9-doc. bind9: The DNS service. dnsutils: A set of tools such as dig which can be helpful for testing and trouble shooting. bind9-doc: Local info pages with information about bind and its configuration options. This is optional but recommended. You will need to be at the console of your Ubuntu server or have SSH setup and connected to your soon to be bind9 DNS server. Lets install the packages with the following command: sudo apt-get install bind9 dnsutils bind9-doc Basic Bind Configuration The next step is to configure the forwards addresses for bind. This tell bind where to look if it doesn't know the IP address of a domain. In this example we will use Google's Public DNS servers for the forward DNS servers. Google's DNS servers are fast, free, and have easy to remember IP addresses. If you want you can use your local internet provider's DNS servers. Another option is to use OpenDNS which gives you the ability to filter content. This can be nice if you have young children on the internet. Let's edit /etc/bind/named.conf.options and define the forward addresses. To keep things simple we will use the nano text editor in this tutorial. If you want to use Vim or Emacs instead, feel free to do so. sudo nano /etc/bind/named.conf.options forwarders { 8.8.8.8; 8.8.4.4; }; recursion yes; // to allow for DNS forward lookup Since we are using Google's Public DNS servers, we will want to replace 0.0.0.0 with Google's DNS server IPs 8.8.8.8 and 8.8.4.4. We also want to change the recursion no; to yes to use ISP dns for look up. The next step is to edit /etc/bind/named.conf.local. This file holds information on what zones to load when Bind9 is started. We will setup two zones files to load, the Forward and Reverse zones. In this example we will setup an internal domain with tne name linux.rocks. If you want to use something else just make sure you replace linux.rocks in the following steps with your internal domain name. The internal domain can be whatever you want. The reason I am using linux.rocks instead of something like linux.com, linux.net, linux.org..etc is a real domain on the internet could have this address. If this was the case I would not be able to access the real domain on the internet. Instead I would be directed to a device on my internal network. At this time .rocks is not a top level domain on the internet, but it does not mean it won't be tommorow. If you want to be sure there is no way your domain could be used externally, use a reserved top level domain like .test, .example, .invalid or .localhost. So in this example we could use linux.test and not have to worry about that domain every being a real domain on the internet. To learn more about reserved domains check out http://tools.ietf.org/html/rfc2606 We will need to figure out our IP address range of our internal network so we can build the correct reverse zone lookup file. When looking at our IP address the part we care about is the first three sets of octets (numbers). Then we just reverse them. So If my IP address is 192.168.1.100 my reverse lookup zone would be 1.168.192.in-addr.arpa. If my IP address is 172.20.16.120 my reverse zone would be 16.20.172.in-addr.arpa . sudo nano /etc/bind/named.conf.local Add The following. Note: Replace linux.local with the internal domain name you picked and replace 96.168.192 with your IP address scheme. Adjust the zone file names to fit your setup and make note of the names (db.linux.local and db.192) because we will need to build these files in the next few steps. zone "linux.local" { type master; file "/etc/bind/db.linux.local"; }; zone "2.168.198.in-addr.arpa" { type master; notify no; file "/etc/bind/db.192"; }; Building Your DNS Forward Zone Now that we have defined what zone files to load when Bind starts, we need to create these files. The first file we need to build is the forward zone file (db.linux.rocks). We can use a template to help speed things and prevent mistakes. Let's copy /etc/bind/db.local and name the file to the name we defined above in /etc/bind/named.conf.local . (Example: db.linux.rocks) sudo cp /etc/bind/db.local /etc/bind/db.linux.local sudo nano /etc/bind/db.linux.local Here is what the file should look like: ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA Server1.linux.local. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS Server1.linux.local. @ IN A 127.0.0.1 @ IN AAAA ::1 ;Below are A Record Addresses firewall IN A 192.168.2.1 server1 IN A 192.168.2.110 printer IN A 192.168.2.135 ; Below are CNAME Record Addresses (Aliases) - Point to an A Record Address ;Server1 IN CNAME Server1.linux.local. ;firewall IN CNAME firewall.linux.local. ;printer IN CNAME printer.linux.local. Building Your Reverse Lookup Reverse DNS is not a must have but it is very good practice and some services need it. Often times things can act a little goofy if it's not setup. It does the opposite of the forward zone file and maps IP addresses to names. You can use nslookup to look up a name by IP address. Here is an example of me doing an nslookup on up address 192.168.96.1 Note: This was done after the reverse zone was setup and running sudo cp /etc/bind/db.127 /etc/bind/db.192 now lets edit the file sudo nano /etc/bind/db.192 here is what it should look like ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA Server1.linux.local. root.localhost. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS Server1.linux.local. 1 IN PTR firewall.linux.local. 110 IN PTR Server1.linux.local. 135 IN PTR printer.linux.local.
  21. In this tip we will see how to use the terminal to check and change the current speed of your network card under Ubuntu or any Debian-based system. This tip will be useful for those having incorrect network card speed that is running for example at 100Mb/s rather than 1000Mb/s. To check the current network card speed, we will use the "ethtool" command line utility. To install it under Ubuntu/Debian, run the following command: sudo apt-get install ethtool Replace "eth0" with your own network interface (eth1, eth2, etc.). Here are the outputs returned for my system (speed is displayed under the "Advertised auto-negotiation (...) line): ~$ sudo ethtool eth0 Settings for eth0: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on MDI-X: Unknown Supports Wake-on: umbg Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes To change for example the speed of your network card from 100Mb/s to 1000M/s, run this command: sudo ethtool -s eth0 speed 1000 duplex full autoneg off
  22. PhpMyAdmin is a great easy to use web admin interface for your mysql databases. The one down side is it can be a security threat. Seems like many bots on the internet just go looking for phpmyadmin installed on web servers. Then run automated attacks. If you have logwatch installed you may often see many failed attempts To add an extra layer of security you can prevent any one from accessing phpMyAdmin except by defined IP address. We will be setting this up on an Ubuntu 12.04 Server. Before we begin we will need to know the IP Address that you will be using to connect to phpmyadmin. If the server you are going to be accessing is hosted or on another network you can use http://whatismyip.com to find your external address. Login to your server at the console or using SSH to connect to it remotely. The file we will be editing is /etc/apache2/conf.d/phpmyadmin.conf. In this example I am going to use command line text editor nano to keep things simple. If you preffer to use another text editor like vim or emacs feel free to do so. sudo nano /etc/apache2/conf.d/phpmyadmin.conf Add the following code. Note: Remove the "#" from the from of the thrid line and replace ENTER.YOUR.IP.ADDRESS with the IP address you wish to allow. Also If you are behind a router you may want to use your router IP eg: 192.168.2.1 Order Allow,Deny Allow from 127.0.0.1 #Allow from 192.168.2.106 Now lets restart apache. sudo /etc/init.d/apache2 restart
  23. In this tutorial we are going to setup and install a self signed ssl certificate for apache. We need to have apache installed and running. If you do not have apache installed simply install with. sudo apt-get install apache2 Follow the installation by restarting the apache server. sudo service apache2 restart Now we need to create a directory where we will store the key and certificate. sudo mkdir /etc/apache2/ssl Now to create the self signed certificate. When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year. You can feel free to change the number to a more suitable time period to meet your needs. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory. This command will prompt terminal to display a lists of fields that need to be filled in. The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address. You are about to be asked to enter information that will be incorporatedinto your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYC Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc Organizational Unit Name (eg, section) []:Dept of Merriment Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@awesomeinc.com Setting up the certificate. Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate. Open up the SSL config file: sudo nano /etc/apache2/sites-available/default You should make the following changes. Change the port on the virtual host to 443, the default SSL port: <VirtualHost *:443> Add a line with your server name right below the Server Admin email: ServerName example.com:443 Replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate). Add in the following three lines to your virtual host configuration, and make sure that they match the extensions below: SSLEngine onSSLCertificateFile /etc/apache2/ssl/apache.crt SSLCertificateKeyFile /etc/apache2/ssl/apache.key Activate the new Virtual Host sudo a2ensite default You are all set. Restarting your Apache server will reload it with all of your changes in place. sudo service apache2 reload In your browser, type https://youraddress, and you will be able to see the new certificate.
  24. Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), TLS and running in a chroot environment. Postfix is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. This software was formerly known as VMailer. It was released by the end of 1998 as the IBM Secure Mailer. From then on it has lived on as Postfix. This rpm supports LDAP, SMTP AUTH (trough cyrus-sasl) and TLS. Lets get started. First of all we need to install postfix sudo apt-get install postfix sudo /usr/lib/ssl/misc/CA.sh -newca CA certificate filename (or enter to create) (press Enter here) Making CA certificate ... Generating a 1024 bit RSA private key ..........++++++ .........++++++ writing new private key to './demoCA/private/./cakey.pem' Enter PEM pass phrase: <type a password here> Verifying - Enter PEM pass phrase: <retype the password> ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: <enter> State or Province Name (full name) [Some-State]: <enter> Locality Name (eg, city) []: <enter> Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter> Organizational Unit Name (eg, section) []: <enter> Common Name (eg, YOUR name) []: <your name> Email Address []: <your email> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <enter> An optional company name []: <enter> Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/./cakey.pem: <same password as before> Check that the request matches the signature Signature ok $ openssl genrsa -out NAS.key 1024 Generating RSA private key, 1024 bit long modulus $ openssl req -new -key NAS.key -out NAS.csr -days 3650 You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: <enter> State or Province Name (full name) [Some-State]: <enter> Locality Name (eg, city) []: <enter> Organization Name (eg, company) [Internet Widgits Pty Ltd]: <enter> Organizational Unit Name (eg, section) []: <type something here, this must be different from above> Common Name (eg, YOUR name) []: <your name> Email Address []: <your email> Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <enter> An optional company name []: <enter> $ openssl ca -days 3650 -crldays 3650 -out NAS.pem -infiles NAS.csr Using configuration from /usr/lib/ssl/openssl.cnf Enter pass phrase for ./demoCA/private/cakey.pem: <same password as before> Check that the request matches the signature Signature ok Certificate is to be certified until Oct 18 11:08:58 2021 GMT (365 days) Sign the certificate? [y/n]: <type y> 1 out of 1 certificate requests certified, commit? [y/n] <type y> Write out database with 1 new entries Data Base Updated sudo mkdir /etc/postfix/certs sudo cp NAS.key NAS.pem /etc/postfix/certs sudo cp /etc/ssl/certs/Equifax_Secure_CA.pem /etc/postfix/certs/cacert.pem sudo nano /etc/postfix/sasl/sasl_passwd and enter your email account and password. You can create a new gmail account if you are not happy to leave your password in the file. Also in case you sometimes change your own gmail password, you dont have remember to change it here. The file should look like this: gmail-smtp.l.google.com myaccount@gmail.com:mypassword smtp.gmail.com myaccount@gmail.com:mypassword Change the permissions of the sasl_passwd file with: sudo chmod 400 /etc/postfix/sasl/sasl_passwd We want to make a backup of postfix main.cf file: sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.orig sudo nano/etc/postfix/main.cf This is how the main.cf will look. # See /usr/share/postfix/main.cf.dist for a commented, more complete version # Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h readme_directory = no # auth smtp_sasl_auth_enable=yes smtp_sasl_password_maps = hash:/etc/postfix/sasl/sasl_passwd # TLS client side certificate smtp_use_tls = yes smtp_sasl_security_options = noanonymous smtp_sasl_tls_security_options = noanonymous smtp_tls_note_starttls_offer = yes tls_random_source = dev:/dev/urandom smtp_tls_scert_verifydepth = 5 smtp_tls_CAfile = /etc/postfix/certs/cacert.pem smtp_tls_key_file=/etc/postfix/certs/NAS.key smtp_tls_cert_file=/etc/postfix/certs/NAS.pem smtp_tls_enforce_peername = no # TLS parameters smtpd_tls_ask_ccert = yes smtpd_tls_req_ccert =no smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. myhostname = NAS alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = NAS, localhost.localdomain, , localhost #relayhost = relayhost = [smtp.gmail.com]:587 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all sudo postmap /etc/postfix/sasl/sasl_passwd sudo /etc/init.d/postfix reload from the box you will send emails from, login with your browser to: http://www.google.co...ayUnlockCaptcha and unlock your IP to allow you to send email from postfix Open two terminals: In one type tail -f /var/log/mail.log and in the other do your test to send out an email: lets send a test email telnet 127.0.0.1 25 EHLO test MAIL FROM: <from-email> RCPT TO: <recipient-email> DATA Type message here. <Enter>.<Enter> (press enter, type a dot, press enter) QUIT
  25. Note: Changing your default ssh port does not guarantee that you won't get hacked. How ever changing the default really helps cut down on the attempts. Please make sure you have other secure practices in place such as strong passwords. SSH is program and protocol for securely connecting into remote machines across a network. It allows you to run programs, and do a variety of tasks as if you were sitting at the machine. SSH is very similar to telnet except for it is with encryption to protect the transferred information and authentication. I have used ssh to remotely connect to different Linux systems and edit configuration files, start and stop services, check mail, run applications, and pull applications to my remote computer such as a web browser. (This can be handy if you are at school or work and they block specific sites.) Why Move SSH Port? Many people will change the default SSH port to add another layer of security, or sometimes the default port may be blocked at there work place or school and would like to connect.Often hackers will use tools to do automated attacks. They will go and scan for the default ssh port and try to get connected using an dictionary attacks. (Meaning, they will trying a huge list of passwords and usernames hoping to get lucky. ) All the more reason to have a secure password.By moving the default port it just one thing to prevent your system from being targeted.How to Change the default SSH port: Before we begin we will will need to find a port that we will want to use. You will need to be careful to not use a standard port for another application because you could run into conflicts. Many applications will have a default port. For example mail will be on port 25. SSH default port is 22, Microsoft's remote desktop port is 3389...etc. Most people know that the default SSH port is 22 and want something that will be easy to remember. Often they will assign it a port like 922. If you have a look at the link below, you should get an idea of what most of the standard ports are. Just look for an opening. The choice is up to you, just make sure it doesn't conflict with another application. I would recommend something about 2000.http://en.wikipedia....DP_port_numbersIn this example we will change the default ssh port on an Ubuntu server. These steps below will work for the Ubuntu desktop as well as disributions such as Arch Linux, CentOS, Fedora, Linux Mint and OpenSUSE. If you are on a different distribution the configuration file and the command to restart the SSH service may be slightly different.In these steps we will be doing all the configuration at the command line. If you are using a GUI desktop (Gnome) you can open the terminal by going to Applications > Accessories > Terminal.The SSH configuration file we will need to edit, is located in /etc/ssh directory. Let's navigate to this location by using the cd command. cd /etc/ssh Now we will want to edit sshd_config with sudo or the root user. You can use your favorite text editor. If you have not used a text editor in a terminal, I would recommend starting with Nano. To keep things simple we will use the Nano in this tutorial. sudo nano sshd_config As you can see once you are in the file towards the top you will see "port 22" is being used.You can simply change that to a different port. now if you would like you can have ssh run on 2 different ports. port 22 port 922 Now we just need to restart ssh for are changes to take effect.(Note: If you are doing this on a system that has a firewall or uses iptables built in you will need to enable the port as well. An example would be CentOS and iptables.) sudo /etc/init.d/ssh restart How to Connect using SSH on the new port:Note 4321 is the port I am using. Change the port to meed your setup. from a terminal: ssh -p 4321 user@server-ip-addressssh -p 4321 brent@192.168.2.105
  26. If you are running a headless server and would like to see what the processor you are using then here is the steps. cat /proc/cpuinfo and to see the cores grep -c processor /proc/cpuinfo
  1. Load more activity
×