Monit is a free open source utility for managing and monitoring, processes, programs, files, directories and filesystems on a UNIX system. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.
Friday, 31 May 2013
Monday, 11 March 2013
How to Install Linux (LAMP) Apache, MySQL 5.5.30 & PHP 5.4.12 on RHEL/CentOS
LAMP using yum is very easy and takes only minutes. This is a good option for beginners who don’t feel comfortable installing from source.
Installing Apache, MySQL 5.5.30 & PHP 5.4.12 on RHEL 6.3/6.2/6.1/6.0/5.9/5.8/5.6, CentOS 6.3/6.2/6.1/6.0/5.9/5.8/5.6 (LAMP)
Step 1: Iptables Stop
# service iptables stop
# chkconfig iptables off
Step 2: Installing Repository
Install Remi & Epel Repository on RHEL/CentOS 6.3-6.0 - 32 Bit
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Install Remi & Epel Repository on RHEL/CentOS 6.3-6.0 - 64 Bit
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Install Remi Repository on RHEL/CentOS 5.9-5.0 - 32 Bit
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
Install Remi Repository on RHEL/CentOS 5.9-5.0 - 64 Bit
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
Step 3: Installing Apache, MySQL 5.5.30 & PHP 5.4.12 Modules
# yum --enablerepo=remi,remi-test install httpd mysql mysql-server mysql-devel php php-common php-mysql php-pgsql php-mbstring php-mcrypt
Step 4: Starting/Stopping Apache & MySQL 5.5.30
Enable Apache and MySQL on Run-Levels
# /etc/init.d/httpd start
# /etc/init.d/mysqld start
# chkconfig --levels 235 httpd on
# chkconfig --levels 235 mysqld on
Step 5: Secure Installation of MySQL
# mysql_secure_installation
During the installation, MySQL will ask you for your permission twice. After you say Yes to both, MySQL will install.
Once it is done installing, you can set a root MySQL password:
The prompt will ask you for your current root password.
Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Then the prompt will ask you if you want to set a root password. Go ahead and choose Y and follow the instructions.
CentOS automates the process of setting up MySQL, asking you a series of yes or no questions.
It’s easiest just to say Yes to all the options. At the end, MySQL will reload and implement the new changes.
By default, a MySQL installation has an anonymous user, allowing anyone
To run a quick test, use the command line program mysql:
you can login to mysql root account without providing any password as shown below.
# mysql -u root
1. Create a page called phpinfo.php under your Apache root directory and add the following lines to it. For example (/var/www/html/phpinfo.php).
<?php
phpinfo ();
?>
2. Now access the page via web browser like http://localhost/phpinfo.php. You will see below screenshot.
Installing Apache, MySQL 5.5.30 & PHP 5.4.12 on RHEL 6.3/6.2/6.1/6.0/5.9/5.8/5.6, CentOS 6.3/6.2/6.1/6.0/5.9/5.8/5.6 (LAMP)
Step 1: Iptables Stop
# service iptables stop
# chkconfig iptables off
Step 2: Installing Repository
Install Remi & Epel Repository on RHEL/CentOS 6.3-6.0 - 32 Bit
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Install Remi & Epel Repository on RHEL/CentOS 6.3-6.0 - 64 Bit
# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Install Remi Repository on RHEL/CentOS 5.9-5.0 - 32 Bit
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
Install Remi Repository on RHEL/CentOS 5.9-5.0 - 64 Bit
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
Step 3: Installing Apache, MySQL 5.5.30 & PHP 5.4.12 Modules
# yum --enablerepo=remi,remi-test install httpd mysql mysql-server mysql-devel php php-common php-mysql php-pgsql php-mbstring php-mcrypt
Step 4: Starting/Stopping Apache & MySQL 5.5.30
Enable Apache and MySQL on Run-Levels
# /etc/init.d/httpd start
# /etc/init.d/mysqld start
# chkconfig --levels 235 httpd on
# chkconfig --levels 235 mysqld on
Step 5: Secure Installation of MySQL
# mysql_secure_installation
During the installation, MySQL will ask you for your permission twice. After you say Yes to both, MySQL will install.
Once it is done installing, you can set a root MySQL password:
The prompt will ask you for your current root password.
Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Then the prompt will ask you if you want to set a root password. Go ahead and choose Y and follow the instructions.
CentOS automates the process of setting up MySQL, asking you a series of yes or no questions.
It’s easiest just to say Yes to all the options. At the end, MySQL will reload and implement the new changes.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Test MySQLTo run a quick test, use the command line program mysql:
you can login to mysql root account without providing any password as shown below.
# mysql -u root
Enter Password of root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.5.30 MySQL Community Server (GPL) by Remi
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Step 6: Verifying Apache, MySQL 5.5.30 & PHP 5.4.121. Create a page called phpinfo.php under your Apache root directory and add the following lines to it. For example (/var/www/html/phpinfo.php).
<?php
phpinfo ();
?>
2. Now access the page via web browser like http://localhost/phpinfo.php. You will see below screenshot.
Wednesday, 6 March 2013
Kernel 3.8 Released, how to Compile in Redhat, CentOS and Fedora.
Before starting, Compiling Kernel make sure the system has all the necessary packages installed.
Kernel 3.8 Dependencies
rpmdevtools
yum-utils
qt3-devel
libXi-devel
gcc
ncurses
ncurses-devel
yum-utils is a default package. To install the other package, use the following command
# yum install rpmdevtools yum-utils
# yum install qt3-devel libXi-devel
# yum install gcc ncurses ncurses-devel
After that
# yum update
Step 1:Downloading Kernel 3.8
Download the latest Kernel 3.8 using wget command.
goto
# cd /tmp
# wget https://www.kernel.org/pub/linux/kernel/v3.x/linux-3.8.2.tar.bz2
Step 2:Extracting Kernel 3.8
# tar -xvf linux-3.8.2.tar.bz2 -C /usr/src/
# cd /usr/src/linux-3.8.2/
Step 3:Configuring Kernel 3.8
Run the following command:
# make menuconfig
You will get similar to below screen, where you see number of menus to select configuration for your latest kernel.
You have to select different options as per your need. Each configuration option has HELP button associated with it so select help button to get help.
If you like to configure your latest kernel with old configuration then simple type the below command.
# make oldconfig
Step 4: Compiling Kernel 3.8
# make
The compilation would take at least 30-50 minutes depends on your system configuration.
Step 5: Installing Kernel 3.8
# make modules_install install
After Install new kernel entry in your grub.conf file.
Step 6: Verifying Kernel 3.8
To verify newly installed Kernel after reboot just type the following command on the terminal.
# uname -r
Before printing, please think about its necessity..
Step 4: Compiling Kernel 3.8
# make
The compilation would take at least 30-50 minutes depends on your system configuration.
Step 5: Installing Kernel 3.8
# make modules_install install
After Install new kernel entry in your grub.conf file.
Step 6: Verifying Kernel 3.8
To verify newly installed Kernel after reboot just type the following command on the terminal.
# uname -r
Before printing, please think about its necessity..
Sunday, 30 December 2012
How to Install SVN (Subversion) 1.7.8 Server Using uberSVN 13.2 on RedHat/CentOS
SVN (Subversion) is an open source free version control system. It is used to manage files and directories and the modification made to them over a period of time. In short, if your server fails, then this subversion allows you to recover your older version or the updated versions of your data by examine the history of how your data has been changed over time. Sounds great, doesn’t it?. But that’s not enough, it also used to keep the track of exact modifications of files that have been made in the past. In fact, you can even cross check to see the older version and the newer version changes directly. Subversion also has some key features.
SVN Features
* Versioning can be done on individual files and directories.
3. You’ll be warned that the installer is for new deployments of uberSVN and should
not be used for updating existing installations. Enter “Y“.
IMPORTANT: This installer is for new deployments of uberSVN and should not be used for updating existing installations!
Do you wish to continue with the installation? [Y/n] y
4. Next, you’re asked where uberSVN should be installed. Press Enter.
Where should uberSVN be installed? Note that installing to /root or a home directory (eg /home/name) may cause permission issues and is not recommended.
Enter installation location (/opt/ubersvn):
5. You are asked to confirm your install location. Enter "Y".
Are you sure you want to install to: /opt/ubersvn/ubersvn? [Y/n] y
6. You will be asked to confirm whether you want uberSVN to run on the port 1024.
Apache Subversion may be installed with the ability to run on a privileged port number below 1024. See http://www.ubersvn.com/below1024 for security considerations.
Allow Apache Subversion to run on a port below 1024? [y/N] y
7. Next you will be asked if you want to start uberSVN on boot. Enter “Y“.
Linux distribution was detected as Redhat
Do you want uberSVN to start on boot? (y/n) (y)
8. The installation will now prompt you to the URL of web interface screen, go to your browser and enter the below provided URL.
Your uberSVN installation is nearly ready. Visit the following URL to complete configuration:
http://yourip:9890/ubersvn
Step 4: Configuring uberSVN Interface
1. This is first uberSVN setup screen. This screen shows you a Installation Directory, Repository Storage Location and uberSVN key. If you don’t have a key, then follow this link to get it free key. Click the Next button to continue.
2. Create the Admin User‘s account. Enter full name, email address, user name and provide a password. To continue, Click the Next button.
3. Next, setup Portal and Apache. These settings controls your’s and users access to uberSVN and repositories you set up. Enter the BASE URL with your machine actually IP address, uberSVN Port and Apache Subversion Port. These settings ensures that your Subversion repositories will be available on the network. Click the Next button to continue.
4. Next, setup Email Settings to send out emails to your users. Enter your mail server details or Select “No“, if you don’t want to use this email feature or come back later for these settings.
5. uberSVN will take some time to setup your settings. Once setup is completes you will able to hit on the Start using uberSVN button.
Step 5: Logging into uberSVN Interface
You will get login prompt. Enter your admin username and password that you have entered in Step 4 of point #2.
Step 6: Creating Repositories and Adding Users
You’re now at Subversion panel, where you can easily create new repositories and set access for users.
Step 7: Starting/Stopping Subversion
1. Open a terminal and login into the system. Go to uberSVN’s binary directory.
# cd /opt/ubersvn/bin
2. Now run the start/stop script from hereon.
[root@kernelp bin]# ./ubersvncontrol start
Starting Tomcat
Using CATALINA_BASE: /opt/ubersvn/tomcat
Using CATALINA_HOME: /opt/ubersvn/tomcat
Using CATALINA_TMPDIR: /opt/ubersvn/tomcat/temp
Using JRE_HOME: /home/user/jre
Using CLASSPATH: /opt/ubersvn/tomcat/bin/bootstrap.jar
Please allow 30 seconds or so for the uberSVN portal to start
Thats it! for more details for setting up new repositories, adding users, adding teams etc. Visit docs.ubersvn.com/v1.0/admin.html
SVN Features
* Versioning can be done on individual files and directories.
* Provision for copying, adding, deleting and renaming of files and directoires.
* Keeping the track of File and directory properties over time, thereby providing a detailed history .
* Easy to implement new network functions.
* Subversion system works with other software and programming languages.
What is uberSVN?
uberSVN is a free open source application used to provides a complete intuitive and
configurable Web interface for Subversion with an integrated social coding
environment with built-in Apache Subversion versioning and revision control system.
Which makes life much easier for both users and programmers. Additional features of
uberSVN as follow.
uberSVN Features
Provides a real time coding interface that allows developers to collaborate the
code they commit to the repository.
A web interface for managing sever settings, user permissions and creating new
repositories.
Support for LDAP server integration with user authentication.
Provides an automated up-to-date updater for installing updates quickly.
A web based interface for accessing repositories and managing user permissions.
A tab manager to include and configure other pages served by other web
applications.
Requirements:-
TCP/IP networking must be configured and working.
uberSVN requires Java Runtime Environment.
Step 1: Downloading uberSVN Installer
Download the latest uberSVN 13.2 installer using the wget command (or go to
http://www.ubersvn.com/download page to download the latest version).
# cd /opt
# wget http://download.jp.as.ubersvn.com/uberSVN-32-1204.sh (32bit)
# cd /opt
# wget http://download.jp.as.ubersvn.com/uberSVN-32-1204.sh (32bit)
# wget http://download.jp.as.ubersvn.com/uberSVN-64-1302.sh (64bit)
Step 2: Setting Executable Permission
Set the executable permssion on installer, use the chmod command.
# chmod +x uberSVN-xxxx.sh
Step 3: Running Installer
1. Run the installer to download files to your current direcitory, use the command.
# ./uberSVN-xxxx.sh
Silent Install Option
In Linux you can use a 'silent install' option with arguments "-- -s", like this:
# ./uberSVN-32-1209.sh -- -s
This will install to the default */opt/ubersvn* location.
2. The installer will start by extracting number of files. Seeing huge number of dots is normal.
3. You’ll be warned that the installer is for new deployments of uberSVN and should
not be used for updating existing installations. Enter “Y“.
IMPORTANT: This installer is for new deployments of uberSVN and should not be used for updating existing installations!
Do you wish to continue with the installation? [Y/n] y
4. Next, you’re asked where uberSVN should be installed. Press Enter.
Where should uberSVN be installed? Note that installing to /root or a home directory (eg /home/name) may cause permission issues and is not recommended.
Enter installation location (/opt/ubersvn):
5. You are asked to confirm your install location. Enter "Y".
Are you sure you want to install to: /opt/ubersvn/ubersvn? [Y/n] y
6. You will be asked to confirm whether you want uberSVN to run on the port 1024.
Apache Subversion may be installed with the ability to run on a privileged port number below 1024. See http://www.ubersvn.com/below1024 for security considerations.
Allow Apache Subversion to run on a port below 1024? [y/N] y
7. Next you will be asked if you want to start uberSVN on boot. Enter “Y“.
Linux distribution was detected as Redhat
Do you want uberSVN to start on boot? (y/n) (y)
8. The installation will now prompt you to the URL of web interface screen, go to your browser and enter the below provided URL.
Your uberSVN installation is nearly ready. Visit the following URL to complete configuration:
http://yourip:9890/ubersvn
Step 4: Configuring uberSVN Interface
1. This is first uberSVN setup screen. This screen shows you a Installation Directory, Repository Storage Location and uberSVN key. If you don’t have a key, then follow this link to get it free key. Click the Next button to continue.
2. Create the Admin User‘s account. Enter full name, email address, user name and provide a password. To continue, Click the Next button.
3. Next, setup Portal and Apache. These settings controls your’s and users access to uberSVN and repositories you set up. Enter the BASE URL with your machine actually IP address, uberSVN Port and Apache Subversion Port. These settings ensures that your Subversion repositories will be available on the network. Click the Next button to continue.
4. Next, setup Email Settings to send out emails to your users. Enter your mail server details or Select “No“, if you don’t want to use this email feature or come back later for these settings.
5. uberSVN will take some time to setup your settings. Once setup is completes you will able to hit on the Start using uberSVN button.
Step 5: Logging into uberSVN Interface
You will get login prompt. Enter your admin username and password that you have entered in Step 4 of point #2.
Step 6: Creating Repositories and Adding Users
You’re now at Subversion panel, where you can easily create new repositories and set access for users.
1. Open a terminal and login into the system. Go to uberSVN’s binary directory.
# cd /opt/ubersvn/bin
2. Now run the start/stop script from hereon.
[root@kernelp bin]# ./ubersvncontrol start
Starting Tomcat
Using CATALINA_BASE: /opt/ubersvn/tomcat
Using CATALINA_HOME: /opt/ubersvn/tomcat
Using CATALINA_TMPDIR: /opt/ubersvn/tomcat/temp
Using JRE_HOME: /home/user/jre
Using CLASSPATH: /opt/ubersvn/tomcat/bin/bootstrap.jar
Please allow 30 seconds or so for the uberSVN portal to start
Thats it! for more details for setting up new repositories, adding users, adding teams etc. Visit docs.ubersvn.com/v1.0/admin.html
Tuesday, 20 November 2012
Linux Malware Detect -LMD
Linux Malware Detect (LMD) is a malware scanner for Linux released under the GNU GPLv2 license, that is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems to extract malware that is actively being used in attacks and generates signatures for detection. In addition, threat data is also derived from user submissions with the LMD checkout feature and from malware community resources. The signatures that LMD uses are MD5 file hashes and HEX pattern matches, they are also easily exported to any number of detection tools such as ClamAV.
Linux Malware Detect (LMD) Features:
* MD5 file hash detection for quick threat identification
* HEX based pattern matching for identifying threat variants
* statistical analysis component for detection of obfuscated threats (e.g: base64)
* integrated detection of ClamAV to use as scanner engine for improved performance
* integrated signature update feature with -u|–update
* integrated version update feature with -d|–update-ver
* scan-recent option to scan only files that have been added/changed in X days
* scan-all option for full path based scanning
* checkout option to upload suspected malware to rfxn.com for review / hashing
* full reporting system to view current and previous scan results
* quarantine queue that stores threats in a safe fashion with no permissions
* quarantine batching option to quarantine the results of a current or past scans
* quarantine restore option to restore files to original path, owner and perms
* quarantine suspend account option to Cpanel suspend or shell revoke users
* cleaner rules to attempt removal of malware injected strings
* cleaner batching option to attempt cleaning of previous scan reports
* cleaner rules to remove base64 and gzinflate(base64 injected malware
* daily cron based scanning of all changes in last 24h in user homedirs
* daily cron script compatible with stock RH style systems, Cpanel & Ensim
* kernel based inotify real time file scanning of created/modified/moved files
* kernel inotify monitor that can take path data from STDIN or FILE
* kernel inotify monitor convenience feature to monitor system users
* kernel inotify monitor can be restricted to a configurable user html root
* kernel inotify monitor with dynamic sysctl limits for optimal performance
* kernel inotify alerting through daily and/or optional weekly reports
* e-mail alert reporting after every scan execution (manual & daily)
* path, extension and signature based ignore options
* background scanner option for unattended scan operations
* verbose logging & output of all actions
After running the install script, you will be provided with successful installation output, in this information some of the main configuration and usage related information's are provided.
Using Linux Malware Detect (LMD)
The configuration of LMD is handled through /usr/local/maldetect/conf.maldet and all options are well commented for ease of configuration.
Once LMD is installed it can be run through the 'maldet' command, the '--help' option gives a detailed summary of usage options:
Below command will scan all users home dir for the malware:
# maldet --scan-all /home
The cronjob installed by LMD is located at /etc/cron.daily/maldet and is used to perform a daily update of signatures, keep the session, temp and quarantine data to no more than 14d old and run a daily scan of recent file system changes.
performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.
# maldet --quarantine SCANID
OR
# maldet --clean SCANID
Linux Malware Detect (LMD) Features:
* MD5 file hash detection for quick threat identification
* HEX based pattern matching for identifying threat variants
* statistical analysis component for detection of obfuscated threats (e.g: base64)
* integrated detection of ClamAV to use as scanner engine for improved performance
* integrated signature update feature with -u|–update
* integrated version update feature with -d|–update-ver
* scan-recent option to scan only files that have been added/changed in X days
* scan-all option for full path based scanning
* checkout option to upload suspected malware to rfxn.com for review / hashing
* full reporting system to view current and previous scan results
* quarantine queue that stores threats in a safe fashion with no permissions
* quarantine batching option to quarantine the results of a current or past scans
* quarantine restore option to restore files to original path, owner and perms
* quarantine suspend account option to Cpanel suspend or shell revoke users
* cleaner rules to attempt removal of malware injected strings
* cleaner batching option to attempt cleaning of previous scan reports
* cleaner rules to remove base64 and gzinflate(base64 injected malware
* daily cron based scanning of all changes in last 24h in user homedirs
* daily cron script compatible with stock RH style systems, Cpanel & Ensim
* kernel based inotify real time file scanning of created/modified/moved files
* kernel inotify monitor that can take path data from STDIN or FILE
* kernel inotify monitor convenience feature to monitor system users
* kernel inotify monitor can be restricted to a configurable user html root
* kernel inotify monitor with dynamic sysctl limits for optimal performance
* kernel inotify alerting through daily and/or optional weekly reports
* e-mail alert reporting after every scan execution (manual & daily)
* path, extension and signature based ignore options
* background scanner option for unattended scan operations
* verbose logging & output of all actions
Linux Malware Detect (LMD) Installation:
Open the terminal and type following command to download and install Linux Malware Detect (LMD):
# wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
# tar -xzvf maldetect-current.tar.gz
# cd maldetect-*
# sh install.sh
Using Linux Malware Detect (LMD)
The configuration of LMD is handled through /usr/local/maldetect/conf.maldet and all options are well commented for ease of configuration.
Once LMD is installed it can be run through the 'maldet' command, the '--help' option gives a detailed summary of usage options:
Below command will scan all users home dir for the malware:
# maldet --scan-all /home
The cronjob installed by LMD is located at /etc/cron.daily/maldet and is used to perform a daily update of signatures, keep the session, temp and quarantine data to no more than 14d old and run a daily scan of recent file system changes.
performed a scan but failed to turn on the quarantine option, don’t worry just use the following command to turn on and quarantine all previous malware scan results.
# maldet --quarantine SCANID
OR
# maldet --clean SCANID
Subscribe to:
Posts (Atom)