Posts

Showing posts with the label server

Apache Webserver, PHP, and Software Collections on RHEL7

The relatively short lifespan of PHP versions does not bode well with Extended Release Operating Systems like Red Hat Enterprise Linux and CentOS. The longevity of the OS is, perhaps, one of the most attractive features for server owners and Administrators. However, as with most things in life, there's always a trade-off. Extended Release Operating Systems provide a long "shelf life" and ongoing support and development for the most important part of a server. It's not surprising then that "bleeding edge" software isn't readily available in the default software repositories. This creates a dilemma in the days of DevOps and increasing Internet penetration. Software Collections have made this type of scenario less problematic. Software Collections provides a repository for more recent, development versions of software that are always separated from the system-wide software installations of a server. This allows us, for example, to run different ver…

Resource Load Tips and Tricks

Redirect dynamic page to static page if resource issues arise from high traffic to a single Webpagesar -qtop -cnetstat -antplsof -itcplsof -i :80

When you see the PID that is connecting to a remote port 80 rather than accepting a connection to local port 80, use lsof -p on that pid number to find the working directory of it.

Security
Check if we support insecure SSLv2:
openssl s_client -connect 127.0.0.1:443 -ssl2Check for outbound connections to remote port 80netstat -atnp |awk '$5 ~ /80/ {print $0}'The script above this line uses regex to search for "80" within the 5th column of the `netstat -atnp` command outputnetstat -atnp |awk '$5 ~ /80$/ {print $0}'Will do the same, making sure the string search looks for "80" at the end of a stringnetstat -atnp |awk '$5 ~ /:80$/ {print $0}'Will do the same, making sure the string search looks for "80" at the end of a string AND is preceded by a colon.


Centos 7 pulseaudio

Image
Centos 7 doesn't come with an option for `awesome-wm` installation.  Therefore, the only way to make use of this light-weight tiling manager one has to enable Fedora 19 repo or build the package from source.  For the Fedora 19 repo approach, see:

https://gist.github.com/ILMostro/1909a50e1858d0ee7e10

To use without GDM, GNOME's display manager, and without gnome services, one has to be aware of certain shortcomings that the gnome-services provide by default.  One such shortcoming is the lack of built-in Sound and Volume management.  Never fret, though, as there is a solution; namely, the PulseAudio-focused tools pavucontrol and pavumeter.  These packages are available from the "nux-desktop" repository available at at http://li.nux.ro/repos.html .
nux-desktop My unofficial, as-is, not for profit RPM repositories for EL (RHEL, CentOS, ScientificLinux etc): These repos may or may not be up to date or behave the way you expect them to; use them at your OWN RISK!

Some of…

cPanel Removal

It's a poorly-kept secret that cPanel wants to prevent Server owners and/or administrators from being able to purge their systems from the rootkit-like software.  While they've recently made a change claiming to focus on support for primarily rpm-based Linux distributions, i.e. mainly Red Hat and CentOS; cPanel software breaks almost EVERYTHING RHEL/rpm-related on the system!

Their use of binary packages and perl scripts along with choosing to disable SELinux completely puts this outdated and soon-to-be obsolete software in direct conflict with anything Linux! I wish they had switched to support Windows instead.

In any case, here's yet another blog post online outlining the procedure attempting to, relatively cleanly, remove cPanel from a VPS running CentOS 7 in a Virtuozzo container.
yum list \*cpanel\* yum remove \*cpanel\*
Remove the line in /etc/yum.conf starting with "exclude".
# cat /etc/yum.conf [main] #; exclude=courier* dovecot* exim* filesystem httpd…

LUKS Encryption and Unattended boot on Headless Servers

The anaconda installer on Redhat-based Linux distributions provides the user with an option to encrypt the /home partition by selecting a simple check-box. This adds an obviously valuable security/privacy feature to the system if it's selected. Consequently, this prompts the user for a password during the boot process, which then decrypts the partition and mounts it in the designated location on the filesystem. The default behaviour is not very well suited for unattended reboots or on headless servers. The crypttab(5) manual page provides great information on how to facilitate the process for unattended boots: DESCRIPTION
The /etc/crypttab file describes encrypted block devices that are set up during system boot.

Empty lines and lines starting with the "#" character are ignored. Each of the remaining lines describes one encrypted block device, fields on the line are delimited by white space. The first two fields are mandatory, the remaining two …

Configure rsyslog Server on Fedora

Image
It can be very beneficial for system administrators and network administrators, especially, to log system messages from other machines on the network to a centralized hub. Fedora 20 uses rsyslog as the default syslogd service; this allows administrators to configure remote logging. I'll be detailing the necessary configuration steps of rsyslog in Fedora 20 to allow logging messages from a DD-WRT router. This will entail Edit /etc/rsyslog.confSet up firewall rule to allow incoming connection to serverConfigure DD-WRT router to send syslogd messages to our server
rsyslog server Our server will be the Fedora 20 machine. There are two configuration files in the /etc/ directory that are of interest to us: /etc/rsyslog.conf /etc/sysconfig/rsyslog However, the latter file is not useful anymore as it states: # Options for rsyslogd # Syslogd options are deprecated since rsyslog v3. # If you want to use them, switch to compatibility mode 2 by "-c 2" # See rsyslogd(8) for mor…