LinOxide

Hello penguins, on this article we are going to learn to hunt rootkits with Rootkit Hunter, among other threats, you will be able to use it to find signs of some variants of the XOR.DDoS malware, that is currently being used to create botnets with Linux systems for massive distributed denial of service attacks.

Install
- Download
- Patch - (optional )
- Install
Configure
- tests
- logs
- whilelists
- misc
Run
- flags
- cron scheduling

Install

Download Rkhunter, try cURL to do this.

curl http://nbtelecom.dl.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz -o rkhunter-1.4.2.tar.gz

Then extract the contents of the package.

tar zxvf rkhunter-1.4.2.tar.gz

Enter tarball directory.

cd rkhunter-1.4.2

Patch (Optional)

This step will against will patch the rkhunter script and its database to look for the XOR DDoS Linux malware. This patch is based on the port and files found on the reports made by Akamai, Avast and Malware Must Die.

Enter on the files directory under rkthunter directory.

cd files

Install the patch utility with yum.

yum install patch

Now download the patch.

curl http://sourceforge.net/p/rkhunter/patches/44/attachment/rkhunter.patch -o rkhunter.patch

Alternatively, you can copy and past the contents of the rkhunter.patch file from here.

--- rkhunter    2014-03-12 17:54:55.000000000 -0300
+++ rkhunter.new        2015-10-02 17:01:25.040000000 -0300
@@ -7797,6 +7797,19 @@
#

+       # XOR.DDoS
+       XORDDOS_FILES="/lib/udev/udev
+                      /lib/udev/debug
+                      /etc/cron.hourly/cron.sh
+                      /etc/cron.hourly/udev.sh
+                      /lib/libgcc4.so
+                      /var/run/udev.pid
+                      /var/run/sftp.pid"
+       XORDDOS_DIRS=
+       XORDDOS_KSYMS=
+
+
+
# 55808 Variant A
W55808A_FILES="/tmp/.../r
/tmp/.../a"
@@ -11907,6 +11920,13 @@
return
fi

+       # XOR.DDoS Rootkit
+       SCAN_ROOTKIT="XOR.DDoS - Rootkit"
+       SCAN_FILES=${XORDDOS_FILES}
+       SCAN_DIRS=${XORDDOS_DIRS}
+       SCAN_KSYMS=${XORDDOS_KSYMS}
+       scanrootkit
+

# 55808 Trojan - Variant A

--- backdoorports.dat   2010-11-13 20:41:19.000000000 -0300
+++ backdoorports.dat.new       2015-10-02 17:10:24.086000000 -0300
@@ -12,6 +12,7 @@
2001:Scalper:UDP:
2006:CB Rootkit or w00tkit Rootkit SSH server:TCP:
2128:MRK:TCP:
+3502:Possible XOR.DDoS Botnet Malware:TCP:
6666:Possible rogue IRC bot:TCP:
6667:Possible rogue IRC bot:TCP:
6668:Possible rogue IRC bot:TCP:

Apply the patch on the rkhunter script and backdoors.dat files with the following command.

patch < rkhunter.patch

rkhunter.patch output

Patch is done, now go back to the tarball root directory to continue the install.

cd ..

Install files

Run the installer script with the following parameters to install it under /usr/local.

./installer.sh --install --layout /usr/local

You can also use the --examples flag to show more layout information and examples or and the --show option instead of the --install to show what is to be installed on your layout.

Install Unhide (recommended)

The unhide and unhide-tcp utilities will look for hidden process and ports, while not mandatory, it is highly recommended as most sophisticated rootkits will hide their presence.

First, we need to install GNU Compiler Collection.

yum install gcc

Install glibc-static, needed to create the striped binaries.

yum install glibc-static

Compile unhide-linux.

gcc -Wall -O2 --static -pthread unhide-linux*.c unhide-output.c -o unhide-linux

Compile unhide-tcp.

gcc -Wall -O2 --static unhide-tcp.c unhide-tcp-fast.c unhide-output.c -o unhide-tcp

Install the files under /usr/local/bin and create a symbolic link to unhide.

cp unhide-linux unhide-tcp /usr/local/bin && cd /usr/local/bin/ && ln -s unhide-linux unhide && cd -

Configure

On this section I will show some of the options found on the rkhunter.conf file, the options are separated in group and their description are simplified, read the actual description on the file and if you are unsure just ignore as default options should be enough, most of them are commented.

You are encouraged to do a first run before do the actual changes on the configuration file, this will give you a better comprehension of how rkhunter works and the possibility to identify some false positives to be whitelisted on the configuration file.

Just call rkhunter with the -c or --check parameters.

rkhunter -c

Running rkhunter

As you can see on the image above, there will be some warnings about files like egrep or ifup to be script instead of ELF binaries, however they are legitimate system files and most of the options on the configuration file are about how make rkhunter ignore such occurrences.

Tests

The following options ENABLE_TESTS and DISABLE_TESTS sets what types of testes are to be made, enable all and then disable the undesired ones. It is a good idea to have at least suspscan disabled by default as it is prone to false positives.

ENABLE_TESTS=ALL

DISABLE_TESTS=suspscan

Secure Shell

It's never a good idea to enable root login on SSH connections, use su/sudo instead, otherwise set this to yes.

ALLOW_SSH_ROOT_USER=no

The version 1 of the SSH protocol is known to be insecure, set this to 1 need to ignore this protocol check

ALLOW_SSH_PROT_V1=0

Network ports

Allowed network ports with format protocol:port

PORT_WHITELIST

Set the whitelist for some programs with the syntax path_to_binary:protocol:port_number

PORT_PATH_WHITELIST=/usr/sbin/squid:TCP:3801

Application Version

This option let you run some outdated applications, this is generally not recommended and you must be sure that the application is safe before you put it on this list.

APP_WHITELIST=openssl:0.9.7d gpg httpd:1.3.29

Sniffers

Allow the use of sniffers, software that capture network packets.

Allow the following process to listen to the network, as the following line.

ALLOWPROCLISTEN=/usr/sbin/snort-plain

This will allow the listed network interface to listen to the network in promiscuous mode.

ALLOWPROMISCIF=eth0

Files

You will need create some exceptions to the tests made by rkhunter, the following options let you to bypass tests to specific objects, such as files, directories.

Allow some hidden directories.

ALLOWHIDDENDIR=/etc/.java

Allow some hidden files.

ALLOWHIDDENFILE=/usr/share/man/man1/..1.gz
ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz

This whitelist will allow some files to be scripts instead of an ELF binary.

SCRIPTWHITELIST=/usr/sbin/ifdown
SCRIPTWHITELIST=/usr/sbin/ifup
SCRIPTWHITELIST=/usr/bin/egrep
SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/ldd

Allow file to be world writable.

WRITEWHITELIST=/usr/bin/date

Allow file to have attributes changes.

ATTRWHITELIST=/usr/bin/date

Allow process to query deleted files.

ALLOWPROCDELFILE=/sbin/cardmgr

Log Options

This will define which file to log to.

LOGFILE=/var/log/rkhunter.log

Set this one to 1 if you want to continue logging on the same file every time rkhunter runs, default is 0, that will append '.old' to the log file and create a new one.

APPEND_LOG=0

If you want to keep the log file when there is something wrong, set the following option to 1.

COPY_LOG_ON_ERROR=0

Uncomment and set the log facility if you want to use syslog.

USE_SYSLOG=authpriv.warning

By default, whitelisted itens will report ok on tests, if you want to highlight whitlisted items you must set this option to 1.

WHITELISTED_IS_WHITE=0

Operating System options

Set the package manager option to RPM on Red Hat like systems, which include CentOS.

PKGMGR=RPM

Enable this to report warning when operating system changes version/release.

WARN_ON_OS_CHANGE

Should we update our database when operating system change?

UPDT_ON_OS_CHANGE

Where to find the operating system release file, set to /etc/redhat-release on CentOS.

OS_VERSION_FILE=/etc/redhat-release

Locking

If you are likely to have more than one rkhunter running at the same time you should enable this option to enable the use of lock files and avoid database corruption.

USE_LOCKING=0

If you enabled the use of locks, then you should set a timeout to avoid deadlocks.

LOCK_TIMEOUT

Should we warn about locked sessions?

SHOW_LOCK_MSGS

Startup and Superdeamon

Where is the inetd config file.

INETD_CONF_PATH=/etc/inetd.conf

Which services are allowed to run through the inetd.

INETD_ALLOWED_SVC=/usr/sbin/rpc.metad /usr/sbin/rpc.metamhd

Xinetd config file.

XINETD_CONF_PATH=/etc/xinetd.conf

RC startup files paths.

STARTUP_PATHS=/etc/rc.d /etc/rc.local

Accounts

The file that contains the shadowed passwords.

PASSWORD_FILE=/etc/shadow

Allow user accounts other than root to have UID 0.

UID0_ACCOUNTS=toor rooty

Allow accounts without password.

PWDLESS_ACCOUNTS=abc

Syslog

Syslog config file.

SYSLOG_CONFIG_FILE=/etc/syslog.conf

Allow syslog to log remotely.

ALLOW_SYSLOG_REMOTE_LOGGING=0

Reports

Report the number of warnings?

SHOW_SUMMARY_WARNINGS_NUMBER

Show the total time needed to run the tests?

SHOW_SUMMARY_TIME

To receive mail reports when rkhunter find something you must set the following options as well as to have a mail application.

Who will receive the email.

MAIL-ON-WARNING=your-email@your.domain

Which command used to send email.

MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"

Running rkhunter

OK, at this point you should already had run rkhunter at least once, now take a look at some other flags that can be used with rkhunter.

Check Your Changes

After you are done with the configuration, run rkhunter with the -C or --check-config flag to check for any error in the file.

rkhunter -C

Properties Update

Now, and every time you change the configuration file, make sure to update the file properties database.

rkhunter --propupd

Report Warnings Only.

rkhunter --rwo

Sometimes you want to run only a specific test, for this try --list tests to get the names of the available tests and then use the --enable flag followed by the test name.

rkhunter --list tests

rkhunter checking network

The following option will disable the key press prompt.

rkhunter --sk

To run rkhunter on a cronjob use the --cronjob flag, create the executable file /etc/cron.daily/rkhunter.sh with the following contents to do a daily check

#!/bin/sh

( /usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update

/usr/local/bin/rkhunter --cronjob -c ) >> /dev/null 2>&1

Conclusion

This should get you started with rkhunter, providing you with one more security layer, however this will not be enough if you neglect basic security principles as well as if you put every warning you met on whitelists instead of mitigating the problems. Also have in mind that rkhunter will help you to prevent you machines to become members of a Linux botnet but will not protect your site from being target of a DDoS campaign. Thanks for reading!

The post Hunting XOR DDoS and other Malware with RKHunter on CentOS 7 appeared first on LinOxide.

Hi, today we are going to setup OMD (Open Monitoring Distribution) which is one the best solution for network and and systems monitoring that comes with bundle of different network monitoring tools that is Nagios, Icinga and Shinkin including some of there required addons. The addons makes the process simple for OMD setup to install it on any major Linux distribution that comes with one single installation package.

So, OMD implements a completely new concept of how to install, maintain and update a monitoring system built on Nagios by providing a lot of features that are necessary for the system administrators to keeps track of your servers' service status, hardware and uptime that keep them informed by sending alerts about the critical situation.

Basic Setup

In this tutorial we will be using Ubuntu 15.04 server with basic packages while the basic system resources we are using is 1 GB of RAM, 2 CPUs and 20 GB of disk space on our Ubuntu cloud Server.

Further we have configured the statci IP with FQDN and have root access to the server to perform all system level tasks.

So, we will start from the very basic step to update the server before starting the OMD installation process. To do so run the below command to update your ubuntu server.

#apt-get update

#apt-get upgrade

Download OMD Package

The latest distribution package of OMD for Ubuntu can be downloaded from the official web page of OMD Download, that consists of a list of all the released packages for Open ource Linux distribution.

Copy the source link, and download it using the below command.

#wget http://files.omdistro.org/releases/debian_ubuntu/omd-1.20.trusty.amd64.deb

Installing OMD on Ubuntu

After downloading the debian package of OMD distribution , we will run the following command for its installation on ubuntu server.

#dpkg -i omd-1.20.trusty.amd64.deb

The installation will ends due to some of its required dependencies as shown in the above image. To install all of these missing dependencies run the below command.

#apt-get -f install

The missing dependencies will need to get about 60.9 MB of archives.
After this operation, 1,736 kB disk space will be freed.
To proceed we have to Press "Y" to continue.

During the installation process you will prompted to configure your MySQL database password.
So, configure your secure password and press "OK" key to continue.

Once the installation process complete, we will run the "omd" command as shown below to confirm its successful setup.

Here in the above image we can see all its available options that will be used with omd for managing our OMD server.

Creating OMD Instance

Now we will are going to create our first OMD monitoring install that will be used for further configurations through its web interface.

Let's run the below command with any relevant name that you wish to use for web access using sudo or root user.

# omd create monitoring

Before accessing the above URL in your web browser you have to initiate your instance by using the below command.

# omd start monitoring

Starting rrdcached...OK
Starting npcd...OK
Starting nagios...OK
Starting dedicated Apache for site monitoring...OK
Initializing Crontab...OK

Login to OMD Instance

We have done our installation setup, created and started our first monitoring instance, now open your web browser and access the default user interface as shown below by providing the default credentials as shown in the above image.

http://your_servers_ip/monitoring/

Upon successful login credentials you will be directed to the Open Monitoring Distribution web console as shown.

Chek-MK Admin Tool

Monitoing Host Agent

Now you will see that how we can add and monitor the new host agent using OMD's Chek-MK web administration tool. Simply click on the Hosts icon, fill out the host name choose the correct IP address and other information that you have.

After putting information of the new host that you want to add for monitoring, click on the "save and test" icon to check the results, if the agent is reachable to ICMP and Check-MK agent port.

Here we can see the status of all the hosts that has been added for monitoring through OMD Check-MK Web administration tool.

Conclusion

Open Monitoring Distribution tool is one best NMS solution for system administrators for monitoring their whole IT infrastructure through OMD. As it provides and efficient and simple way to monitor multiple hosts through multiple open source monitoring tools.

The post How to Setup OMD on Ubuntu 14.04 / 15.04 appeared first on LinOxide.

Hello Everybody, our today's article is on an Open Source Secure Cloud Storage platform that is Seafile. You can use Seafile Storage at your home or in office to synchronize your files and data with PC and mobile devices easily or use its web interface for managing your data files. So, its an ideal Storage solution mostly for small business purposes where you have the flexibility of group sharing and multiple projects, without necessarily using a public server with complete security by providing client-side encryption of data.

You can also choose to host your data on the seafile cloud or run your own local Seafile server by following this installation and configuration guide on RHEL or CentOS 6.6/7.0.

Prerequisites

Seafile secure cloud storage installation setup depends upon the number following prerequisites.

System Update

Login to your CentOS server with root credentials, configure FQDN with a static IP address then run the below command to update your server with lates updates.

# yum update

LAMP Setup

You must have setup your basic LAMP Server on your CentOS server and make sure that its services and working fine. Here in this tutorial we will using Apache web server with MariaDB as a database server.

Python Packages

Seafile storage setup requires some puthon modules that must be installed on your server, otherwise your installation setup will be unsuccessful and your will be asked to install all missing dependencies.

You can install the required python modules by using the following command.

# yum install MySQL-python python-imaging python-simplejson python-setuptools

Download Seafile Server Package

Seafile server package can be downloaded from their official link of Seafile Download Page where you can see its cross platform packages. We will be choosing the generic linux 64-bit package as shown.

You can download this package in temp directory using wget command by providing the complete download path as below.

# wget https://bintray.com/artifact/download/seafile-org/seafile/seafile-server_4.4.1_x86-64.tar.gz

When the downloading of package complete, create a new directory in the web document root directory of your server and extract the seafile server package in it.

# mkdir /var/www/storage/
# tar -zxvf seafile-server_4.4.1_x86-64.tar.gz -C /var/www/storage/

Seafile Installation Setup

To start the installation setup, move to the folder where we extracted the installation package and execute the following script.

[root@centos-seafile seafile-server]# ./setup-seafile-mysql.sh

The script will check out the required dependencies, then you will be as asked Press the Enter key to continue.

Once you hit the enter key, you will be asked to configure some of its required parameters where you to have to mention your server's name, its FQDN/IP and choose the default port for seafile fileserver.

Then you will be asked to configure your seafile databases, if you have not already created your databases then don't worry and choose the options to create the new databases during the seafile installation setup as shown below.

-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------

[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases

[ 1 or 2 ] 1

What is the host of mysql server?
[ default "localhost" ]

What is the port of mysql server?
[ default "3306" ]

What is the password of the mysql root user?
[ root password ]

verifying password of user root ... done

Enter the name for mysql user of seafile. It would be created if not exists.
[ default "root" ] seafile

Enter the password for mysql user "seafile":
[ password for seafile ]

Enter the database name for ccnet-server:
[ default "ccnet-db" ]

Enter the database name for seafile-server:
[ default "seafile-db" ]

Enter the database name for seahub:
[ default "seahub-db" ]

After hitting the Enter key, the installation process will continue to configure and setup its configuration and database files as below.

Generating ccnet configuration ...

done
Successfully create configuration dir /var/www/storage/ccnet.
Generating seafile configuration ...

Done.
done
Generating seahub configuration ...

----------------------------------------
Now creating seahub database tables ...

----------------------------------------

creating seafile-server-latest symbolic link ... done

Upon successful completion of seafile installation you will be greeted with following usefull information and instructions to continue with other configurations.

Starting Seafile Server

To start the seafile, execute the below seafile script as shown.

[root@centos-seafile seafile-server]# ./seafile.sh start

Then you will be asked to configured your admin email account, you will be greeted with below successful message.

----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------

What is the email for the admin account?
[ admin email ] kashifs@linoxide.com

What is the password for the admin account?
[ admin password ]

Enter the password again:
[ admin password again ]

----------------------------------------
Successfully created seafile admin
----------------------------------------

Seahub is started

Done.

Login to Seahub

Now open any one the web browser to access the seahub dashboard to manage and shared your libraries and folders etc.

Open the URL with your FQDN or Server's IP address with your configured default port and login with admin email address that you created during the seahub server startup.

http://your_servers_ip:8000

Creating New Libraries

Upon successful credentials you will be greeted with a Welcome screen and then directed towards its dashboad where will organizes files into libraries and each library can be synced and shared separately. There is an already created personal library but you are now free create more libraries whether it is your personal you for sharing purpose.

Uploading your data

TO upload your data like folders or image, you just have to click on that particular folder then then choose from the available options to upload your data as shown.

Seafile Client Installation

Our Seafile Server setup is ready now we will show you its client side installation on Windows 7 Operating system. The seafile client package is available for different operating systems but we will choose for Windows here.

Once the client is downloaded, click on it to run the installation process and choose the appropriate options for its program files and click NEXT key and then click on the install button to start installation as shown below.

When you finish the installation process you asked to choose the location of any user with sufficient file space for storing seafile libraries.

Adding Seafile Account

To login on the seafile client portal you must have an account configured with your seafile server. You can also add new users from your seafile server. So, on windows we will be using our admin email account to login by providing the following parameters.

After adding your account you will be logged in to the seafile client portal and asked to download the default library. Simply click on the yes button to download it on the default location that you chooses in previous step.

Seafile organizes files by using libraries so after downloading the default library it will create a virtual disk where you will find the default document that contains some information to use seafile. Whenever you need to upload some data, just click on the particular library and click on the Plus icon to upload and share you files or folders.

Conclusion

Congrats, our seafile cloud storage has been all setup. Now you can easily manage your data for remote sharing. Its a great tool to be used because of its awesomeness. So, let's setup your own and feel free to get back to us in case on any issue and leave your valuable comments an suggestions.

The post How to Setup Seafile Secure Cloud Storage on CentOS 7 appeared first on LinOxide.

Flocker is a free and open source software for managing container data volume in a dockerized applications. In native docker technology, if we migrate a container from one server to another new server, the data volume is left behind whereas only container is moved. But with the advancement of technology and heavy development on Docker technology, a new platform was born named as Flocker. It not only moves containers but it helps to migrate both the container and data volume together. This makes flocker data volume which is also known as dataset, pretty portable and can be used with any container in the cluster. This key feature of Flocker makes it very popular among the ops team to run containerized stateful services like databases in production. This tutorial is all about how we can migrate a container from one server to another server along with data volume.

Here are some steps on how we can migrate a container with data volume from one server to another using Flocker.

Prerequisites

First of all, before we get started, we'll need to fulfill some essential things. We'll need to have 3 nodes to do this job. First we'll have a Client Node in which we'll store the configuration files and run flocker-cli on. A client node can be our own laptop, desktop or any other computer or even a server. Next, we'll need 2 other nodes in which we'll run the docker containers using flocker and move a running container along with its data volume without any interruption. Following are the systems that we are going to setup with their ip address which are running Ubuntu 15.04 as their operating system and are in the same flocker cluster.

Client Node 0	Container Node 1	Container Node 2
104.130.26.196	104.130.169.227	104.130.26.245

After we are done with setting up the flocker cluster, we'll now go for running a docker container using flocker.

1. Creating Application File

We'll now create a docker compose file or application file which will define the containers we want to run with their respective configurations such as docker image, name, ports, data volume and more. We'll create the YAML file using a text editor and under the structure of docker compose. To do so, we'll run the following command and start a text editor and create docker-compose.yml file in Node 0.

# nano docker-compose.yml

After opening the text editor, we'll now append the file as shown below.

web:
  image: clusterhq/flask
  links:
   - "redis:redis"
  ports:
   - "80:80"
redis:
  image: redis:latest
  ports:
   - "6379:6379"
  volumes: ["/data"]

The above configuration defines that on running the above configuration, it will create 2 containers one named web and another redis. The web one will run a container from an image clusterhq/flash and will expose on port 80 whereas the redis will run a container from the latest release of image redis and will expose on port 6379 with data volumer under /data directory.

2. Creating Deployment File

Next, we'll create another file named flocker-deploy1.yml in which we'll define the most important part of our tutorial, we'll define where those containers will be deployed. Here, we'll define to deploy both of the containers Python Web App (FLASK) and Redis Database Server under same host ie Node 1. To do so, we'll run the following command to open the text editor.

# nano flocker-deploy1.yml

After opening, we'll append the YAML file as shown below.

"version": 1
"nodes":
  "104.130.169.227": ["web", "redis"]
  "104.130.26.245": []

Then, we'll simply save the file and exit.

In above YAML file, we have defined to run the both of the containers ie web and redis to run under the same host ie node 1 without running anything under node 2.

3. Deploying Containers

After we have created those files, we'll now deploy the containers using those YAML files. To do so, we'll simply need to run the following command under sudo or root privilege.

# flocker-deploy control-service flocker-deploy1.yml docker-compose.yml

The cluster configuration has been updated. It may take a short while for changes to take effect, in parti
cular if Docker images need to be pulled.

We'll be prompted that it may take some time to get the containers deployed as defined by the above configuration. As we have defined in above configuration, both the FLASK and Redis must be running under the same host ie Node 1. So, we'll get into Node 1 to check if its running both of the containers or not.

4. Inspecting Docker Containers

To check if the Node 1 is running both the containers or not, we'll see the list of running docker containers in Node 1. We can do that by SSH tunneling into Node 1 which has ip address as104.130.169.227 and running docker command to see the list of running containers. To do so, we'll need to run the following command.

# ssh root@104.130.169.227 docker ps

5. Testing the Application

After we get those containers running, we'll surely wanna test the application running in Node 1. To do so, we'll gonna open those ip addresses using a web browser. When we browse http://104.130.169.227/ , we'll see that the visit count is displayed whereas when we browse http://104.130.26.245/ , we'll see that the visit count persists because flocker routes the traffic from either node defined in the Deployment file to the one that has the application. It makes flocker possible to move our containers and its volumes around the cluster without having to update any DNS or application settings.

6. Recreating Deployment File

Now, we'll finally rewrite the deployment file in order to move the container with its data volume. We'll gonna create a new file or edit the previous file, append and save as flocker-deploy2.yml.

# nano flocker-deploy2.yml

Then, we'll append the file as shown below.

"version": 1
"nodes":
  "104.130.169.227": ["web"]
  "104.130.26.245": ["redis"]

This will define the web container to run under node 1 and redis container to run under node 2.

7. Moving Container with Data Volume

Finally, we'll now deploy the newly created deploy YAML file which will migrate the running redis container from Node 1 to Node 2 including its data volume. This will keep the web container in the same node as before ie Node 1 without affecting the application.

# flocker-deploy control-service flocker-deploy2.yml docker-compose.yml

The cluster configuration has been updated. It may take a short while for changes to take effect, in particular if Docker images need to be pulled.

8. Inspecting the Migration

To check if the redis container is really migrated or not, we can see that by listing the running containers in those nodes. First, we'll see in Node 2 if the redis server is migrated or not via SSH tunneling by running the following command.

# ssh root@104.130.26.245 docker ps

As we can see, there is only Redis server container running in this node whereas the web container is not running in this node.

Now, to cross check, we'll gonna see what containers are running in the Node 1.

# ssh root@104.130.169.227 docker ps

And finally, we see that there is no Redis server running in this node whereas there is only web container running.

9. Checking the Application

We'll now check the application whether its running fine as expected or not. To do so, we'll open a web browser and point it to both of the nodes ie http://104.130.169.227/ and http://104.130.26.245/ . Here, we see that the count still persists while pointing on Node 1, even though the container with the volume has moved between hosts. And we also see that the visit count still persists on Node 2 even though the application is no longer running on that host. This verifies that the redis container has been successfully migrated with its data volume.

Conclusion

This tutorial is about how we easily we can migrate a container with its data volume in a flocker cluster from one host to another within the same cluster. Flocker can be used with popular container managers or orchestration tools like Docker Engine, Docker Swarm, Docker Compose and in different platforms like Amazon AWS, RackSpace, OpenStack, Vagrant. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !

The post How to Migrate Container Data Volume to Second Host with Flocker appeared first on LinOxide.

FAMP Stack or FreeBSD with Apache, MariaDB and PHP is a group of opensource software to run application based on php to your browser. FAMP similiar with LAMP (Linux Apache MAriaDB/MySQL and PHP) on linux server.

Mod Security is a Open source intrusion detection and prevention engine for web server. Support for Apache Nginx and IIS on windows server. It is one of the apache modules to prevent from hackers and other malicious attack like SQL Injection, XSS, LFI(Local File Inclusion), RFI(Remote File Inclusion) etc.

In this tutorial we will guide about Installation of FAMP Stack with FreeBSD 10.2, and then give you sample configuration of virtualhost on apache webserver. Next we will install and configure mod security to work with the FAMP Stack and activate on the virtualhost that have been created.

Step 1 - Update System

Please log in to your freebsd server with ssh and update your system with command :

freebsd-update fetch
freebsd-update install

Step 2 - Install and Configure Apache

Apache is the one of the best and popular web server, support for Linux windows and Mac OS. Apache developed by an open community of developers under the Apache Software Foundation. Support some language interfaces support Perl, Python, Tcl, and PHP.

We will install apache24 with pkg command :

pkg install apache24

Please go to the apache configuration directory "/usr/local/etc/apache24", and then edit a file "httpd.conf" with nano editor :

cd /usr/local/etc/apache24
nano httpd.conf

Change the value of "ServerAdmin" on line 210 and "ServerName" on line 219 :

ServerAdmin im@localhost
.....
ServerName localhost:80

Next, before run apache webserver, we need to add apache to the start up/boot time with "sysrc" command :

sysrc apache24_enable=yes

Now start Apache webserver :

service apache24 start

And open your browser and visit the server IP 192.168.1.112 :

Step 3 - Install and Configure MariaDB

MariaDB instead of MySQL develop and maintain by MySQL Developer under the GNU GPL. For from MySQL MySQL relational database management system.

We will install mariadb with pkg command :

pkg install mariadb100-server

That command will install mariadb100-client too.

Now copy the mariadb file configuration from "/usr/local/share/mysql/" to "/usr/local/etc/" :

cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf

Next, enable mariadb to start on boot time with sysrc command :

sysrc mysql_enable=yes

and the last, start mariadb :

service mysql-server start

So now you need to configure username and password for mariadb/mysql server. configure with command :

mysql_secure_installation

Enter current password for root (enter for none): PRESS ENTER
OK, successfully used password, moving on...

Set root password? [Y/n] Y
New password: ENTER YOUR PASSWORD
Re-enter new password: ENTER YOUR PASSWORD
Password updated successfully!

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Now try access your mariadb/mysql shell :

mysql -u root -p
ENTER YOUR PASSWORD

Step 4 - Install and Configure MariaDB

In this tutorial we will use version of php 5.6. install it with pkg command include with mod_php56 php56-mysql php56-mysqli php56-curl.

pkg install mod_php56 php56-mysql php56-mysqli php56-curl

Now copy php configuration file "php.ini-production" to "php.ini" in directory "/usr/local/etc/" :

cd /usr/local/etc/
cp php.ini-production php.ini

Edit php.ini files and add your timezone in line 926 :

nano php.ini

date.timezone = Asia/Jakarta

Next, configure php to work with apache, so you need to edit the apache configuration file and then add php configuration there.

To do it you must go to the apache configuration directory and edit "httpd.conf" with nano editor :

cd /usr/local/etc/apache24/
nano httpd.conf

Add the php configuration to under line 288 :

.....
<Files ".ht*">
Require all denied
</Files>

<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>

<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
.....

and add index.php on the dir_module directive :

<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>

Save and Exit

Step 5 - Configure Apache VirtualHost

In this tutorial we will create a virtualhost called "saitama.me.conf" with the domain "saitama.me".

Virtualhost configuration file stored at "/usr/local/etc/apache24/extra/" directory. But in this tutorial we will create new directory for virtualhost, so make you easy to configure your virtualhost if you have many configuration file.

Create new directory "virtualhost" in apache configuration directory :

cd /usr/local/etc/apache24/
mkdir virtualhost

Now create new file "saitama.me.conf" :

Add a virtualhost configuration below :

<VirtualHost *:80>
ServerAdmin im@saitama.me
# Directory for the file stored
DocumentRoot "/usr/local/www/saitama.me"
#Domain
ServerName saitama.me
ServerAlias www.saitama.me
ErrorLog "/var/log/saitama.me-error_log"
CustomLog "/var/log/saitama.me-access_log" common

<Directory "/usr/local/www/saitama.me">
Options All
AllowOverride All
# The syntax is case sensitive!
Require all granted
</Directory>
</VirtualHost>

Next include your virtualhost configuration to the apache "httpd.conf" file :

cd /usr/local/etc/apache24/
nano httpd.conf

Add this to the end of the line :

Include etc/apache24/virtualhost/*.conf

Next, Create new directory for the virtualhost that we created on the "/usr/local/www/" :

mkdir -p /usr/local/www/saitama.me
cd /usr/local/www/saitama.me

And create new file "index.php" and give php info script, you can do it with "echo" command :

echo '<?php phpinfo(); ?>' > index.php

Now restart your apache and then open your browser "www.saitama.me" :

service apache24 restart

and you can see the php info :

Step 6 - Install and Configure Mod Security

Mod Security is part of apache modules, so you can install it from the repository. You can install from the source, but we here use pkg command to install from the repository :

pkg install ap24-mod_security-2.9.0

Now load new module "unique_id" that needed by mod security by editing the apache configuration file "httpd.conf" and uncomment the line 120 :

cd /usr/local/etc/apache24/
nano httpd.conf

LoadModule unique_id_module libexec/apache24/mod_unique_id.so

Save and Exit.

And if you have done, please clone the owasp modsecurity Core Rules Set(CRS) with git command to the crs directory :

cd /usr/local/etc/
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs crs

Now go to the crs directory and copy the example configuration file :

cd crs/
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf

Next, load the modsecurity module with owasp crs rules by create new file "000_modsecurity.conf" on "modules.d" directory :

cd /usr/local/etc/apache22/modules.d/
nano 000_modsecurity.conf

Paste configuration below :

# Load ModSecurity
LoadModule security2_module libexec/apache24/mod_security2.so

<IfModule security2_module>
# Include ModSecurity configuration
Include /usr/local/etc/modsecurity/modsecurity.conf

# Include OWASP Core Rule Set (CRS) configuration and base rules
Include /usr/local/etc/crs/modsecurity_crs_10_setup.conf
Include /usr/local/etc/crs/base_rules/*.conf

# Remove Rule by id
SecRuleRemoveById 981173
</IfModule>

Save and Exit.

Step 7 - Adding Mod Security to the VirtualHost

To configure a virtualhost with mod security, you need to edit the virtualhost file :

cd /usr/local/etc/apache24/virtualhost/
nano saitama.me.conf

Inside Directory directive, add script below :

......

<IfModule security2_module>
SecRuleEngine On
</IfModule>

......

And now restart apache web server :

service apache24 restart

Note :

If you have an error like this :

[unique_id:alert] [pid 4372] (EAI 8)hostname nor servname provided, or not known: AH01564: unable to find IPv4 address of "YOURHOSTNAME"

please add your hostname to the hosts file :

nano /etc/hosts

Add your hostname

127.0.0.1 YOURHOSTNAME

Step 8 - Testing Mod Security

Edit the file "modsecurity.conf" in the mod security directory "/usr/local/etc/modsecurity/" :

cd /usr/local/etc/modsecurity
nano modsecurity.conf

Change the value of "SecRuleEngine " to the "On" :

SecRuleEngine On

Save and Exit.

Restart Apache :

service apache24 restart

See the apache log file to ensure the mod security is loaded :

tail -f /var/log/httpd-error.log

Another test in virtualhost with SQL Injection attack on wordpress plugins :

Mod Security and Apache running successfully.

Conclusion

FAMP Stack or Apache MariaDB and PHP on FreeBSD instead of LAMP on Linux server. It is easy to install and Configure. You can Install it with pkg command or if you have time, you can compile it from "/usr/ports" directory. Mod Security is web application firewall that prevent you from hacker and the malicious attacks like SQL Injection. You can define your rule and then add it to work with apache for your web application security.

The post How to Install FAMP Stack and Mod Security on FreeBSD 10.2 appeared first on LinOxide.

Icinga is an open source network monitoring application that provides us with Icinga Web 1 and Icinga Web 2 interfaces to fully manage and monitor the hosts and services through its dashboard. Icinga Web 2 is the successor of Icinga web which is lightweight, fast and flexible to embed into other projects that supports multiple authentication methods like Active Directory, LDAP or database and multiple monitoring back ends. So, this a major advance in the creation of hosts and services actions, instead of defining them via Icinga's configuration files and every user is now enabled to create them with the web interface and even share them to others.

We can customize and configure the Icinga Web 2 using many modules for its views, filters and dashboards. Timestamps and status updates can be refreshed automatically every second, rolling along smoothly saving your eyes the strain of flickering displays.

In this article we will be using the CentOS 7 for the complete installation and configuration of Icinga Web 2. If you want to use Ubuntu as your base Operating system then you can also refer to our previous article of Icinga2 on Ubuntu 15.04.

Installing Prerequisites

Icinga Web 2 installation depends upon a number of following packages that must be installed on your system before the installation of Icinga Web 2 on CentOS 7 or Ubuntu 15.

Let's follow the below steps to complete the prerequisites by installing required packages and other settings.

1) System Update

For CentOS:

# yum update

For Ubuntu:

# apt-get update

2) Installing Icinga 2

To install Icinga 2 we will use the official package repositories that can be downloaded from this Icinga Web Page.

To setup EPRL repositories for Icinga Installation run the following commands.

For CentOS:
To import the archive key and to setup the surrent stable builds of Icinga, run below command.

# rpm --import http://packages.icinga.org/icinga.key

# wget http://packages.icinga.org/epel/ICINGA-release.repo -O /etc/yum.repos.d/ICINGA-release.repo

# yum makecache

Now run the Icinga 2 Installation command as shown below.

# yum install icinga2

The following number of packages including the dependencies will be installed as shown. To proceed run type the "Y" key to continue.

===========================================================================================
Package Arch Version Repository Size
===========================================================================================
Installing:
icinga2 x86_64 2.3.10-1.el7.centos icinga-stable-release 9.1 k
Installing for dependencies:
boost-program-options x86_64 1.53.0-23.el7 base 155 k
boost-regex x86_64 1.53.0-23.el7 base 294 k
boost-system x86_64 1.53.0-23.el7 base 39 k
boost-thread x86_64 1.53.0-23.el7 base 56 k
icinga2-bin x86_64 2.3.10-1.el7.centos icinga-stable-release 2.2 M
icinga2-common x86_64 2.3.10-1.el7.centos icinga-stable-release 73 k

Transaction Summary
===========================================================================================
Install 1 Package (+6 Dependent packages)

Total download size: 2.8 M
Installed size: 15 M
Is this ok [y/d/N]: y

For Ubuntu
Run the below commands to add the Icinga repository to your package management configuration using PPA.

# add-apt-repository ppa:formorer/icinga

# apt-get update

# apt-get install icinga2

The installation process will be installing the Icinga 2 including some of its required dependencies.

The following extra packages will be installed:
icinga2-bin icinga2-common icinga2-doc libboost-program-options1.55.0 libboost-regex1.55.0 libboost-system1.55.0
libboost-thread1.55.0 libyajl2 nagios-plugins-basic nagios-plugins-common
Suggested packages:
nagios3 icinga
The following NEW packages will be installed
icinga2 icinga2-bin icinga2-common icinga2-doc libboost-program-options1.55.0 libboost-regex1.55.0 libboost-system1.55.0
libboost-thread1.55.0 libyajl2 nagios-plugins-basic nagios-plugins-common
0 to upgrade, 11 to newly install, 0 to remove and 92 not to upgrade.
Need to get 3,201 kB of archives.
After this operation, 18.4 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y

3) Starting Icinga 2

Upon successful installation of Icinga 2 , now start its services and enable them to start at each reboot.

For CentOS 7 / Ubuntu 15
Run the following commands to Enable, Start and check the the status of Icinga 2 service on Centos 7 and Ubuntu 15.

# systemctl enable icinga2

# systemctl start icinga2

# systemctl status icinga2

4) MySQL Database Setup

We will be using the MySQL data base that will be used for Icinga web 2 interface. So, let's run the below commands to install MySQL MariaDB.

For CentOS 7

# yum install mariadb-server mariadb

After installation completes, start the mariadb services and configure its root password using the below command.

#systemctl enable mariadb
#systemctl start mariadb

#mysql_secure_installation

For Ubuntu 15

To install the MySQL database run the below command and configure the root password during the installation process.

#apt-get install mysql-server mysql-client

#service mysql start

Create New Database

Now login to the mysql/mariadb and create the new database with a new user with its specific privileges on the database using the below commands.

MariaDB [(none)]> CREATE DATABASE icinga2;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga2.* TO 'icinga2'@'localhost' IDENTIFIED BY 'icinga123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]>exit

5) Installing MySQL IDO Module

For CentOS:

Run the below command to install IDO MySQL module for Icinga2.

#yum install icinga2-ido-mysql

Now import the Icinga 2 IDO schema using the following command.

# mysql -u root -p icinga2 < /usr/share/icinga2-ido-mysql/schema/mysql.sql

A new configuration file will be created after installation of Icinga IDO Module which is located in /etc/icinga2/features-available/ido-mysql.conf. So, open this file using any editor and update the database credentials in this file.

library "db_ido_mysql"
object IdoMysqlConnection "ido-mysql" {
//user = "icinga"
//password = "icinga"
//host = "localhost"
//database = "icinga"
}

Then enable module and check the list it should now listed under the enabled module by using the following command in centos 7.

[root@centos-7 ~]# icinga2 feature enable ido-mysql
warning/cli: Feature 'ido-mysql' already enabled.

[root@centos-7 ~]# icinga2 feature list
Disabled features: api command compatlog debuglog gelf graphite icingastatus livestatus opentsdb perfdata statusdata syslog
Enabled features: checker ido-mysql mainlog notification

For Ubuntu:

In ubuntu during the installation process of IDO MySQL Module, you will be asked Configure the icinga2-ido-mysql whether you want to enable it or not.

# apt-get install icinga2-ido-mysql

So, you will choose the "Yes" option and press OK to proceed then in the next steps you have to configure its configuration file by providing the MySQL root credentials that will configure the following new configuration files.

Creating config file /etc/dbconfig-common/config with new version
Setting up icinga2-ido-mysql (2.3.10-1~ppa1~vivid1) ...
dbconfig-common: writing config to /etc/dbconfig-common/icinga2-ido-mysql.conf

Creating config file /etc/dbconfig-common/icinga2-ido-mysql.conf with new version

Creating config file /etc/icinga2/features-available/ido-mysql.conf with new version
granting access to database icinga2idomysql for icinga2-ido-mysq@localhost: success.
verifying access for icinga2-ido-mysq@localhost: success.
creating database icinga2idomysql: success.
verifying database icinga2idomysql exists: success.
populating database via sql... done.
dbconfig-common: flushing administrative password

Like the same way run the below command to enale IDO MySQL Icinga Module.

root@ubuntu-15:~# icinga2 feature enable ido-mysql
Enabling feature ido-mysql. Make sure to restart Icinga 2 for these changes to take effect.
root@ubuntu-15:~# service icinga2 restart
root@ubuntu-15:~# icinga2 feature list
Disabled features: api command compatlog debuglog gelf graphite icingastatus livestatus opentsdb perfdata statusdata syslog
Enabled features: checker ido-mysql mainlog notification

You check and change the dtaabase configuration setting if required by using the below file.

# vim /etc/icinga2/features-available/ido-mysql.conf

6) Web server Setup

After completing the database installation and configuration setup, now we move towards Apache web server installation before starting the Icinga Web 2.

Let's run the below commands to to setup your web server installation.

For CentOS
In centOS, you can use the following commands to install apache server and start its services as shown.

# yum install httpd
# systemctl enable httpd
# systemctl start httpd

For Ubuntu
For ubuntu you will use the following commands for the apache web server installation.

# apt-get install apache2
# service apache2 start

Firewall Setting
Use the following commands to allow apache services in your firewall.

# firewall-cmd --add-service=http
# firewall-cmd --permanent --add-service=http
# firewall-cmd --reload

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# service iptables save

7) External Command Pipe Setup:

To enable the External Command Pipe we will be using the below, so that the Web interfaces and other Icinga addons are able to send commands to Icinga 2 through the external command pipe.

# icinga2 feature enable command
Enabling feature command. Make sure to restart Icinga 2 for these changes to take effect.
# service icinga2 restart
# icinga2 feature list
Disabled features: api compatlog debuglog gelf graphite icingastatus livestatus opentsdb perfdata statusdata syslog
Enabled features: checker command ido-mysql mainlog notification

Icinga Web 2 Installation

Now start the installation of Icinga Web 2

For CentOS 7:

# rpm --import http://packages.icinga.org/icinga.key

# curl -o /etc/yum.repos.d/ICINGA-release.repo http://packages.icinga.org/epel/ICINGA-release.repo

# yum makecache

# yum install icingaweb2 icingacli

For Ubuntu

# wget -O - http://packages.icinga.org/icinga.key | apt-key add -

# add-apt-repository 'deb http://packages.icinga.org/ubuntu icinga-trusty main'

# apt-get update

# apt-get install icingaweb2

Icinga Web 2 Setup:

When the installion is complete, Open your web browser and give the URL using your hostname or the IP address with the addition to ‘/icingaweb2/setup’. You will find the below Icinga Web 2 setup wizard as shown.

As shown above this asks for a setup token, so make sure you run the server this installation of Icinga Web 2 runs on. Go back to your terminal and run the below commands.

# icingacli setup token create

The newly generated setup token is: 8cfe15c9b0d7ef2a

I you forget the newly created token, you can check by using the below command.

# icingacli setup token show
The current setup token is: 8cfe15c9b0d7ef2a

Copy the newly created token and place it on the web setup to move to next setup.

Then you will be directed to the pre installed modules setup so, simply press the next key.

Now this the below is the main section to configure all the requirements before moving to the next step.

We have to fulfill all these requirements, so first of all we will configure the time zone and then install the required php modules using the below commands.

# vim /etc/php5/apache2/php.ini
[Date]
date.timezone = Europe/London
:wq!

# apt-get install php5-json php5-gd php5-imagick php5-pgsql php5-intl

After installation restart the apache web services and press the refresh key to re check the requirements and you will found no missing module as shown below.

Next option is to choose the authentication type, where as we will be using here the database as a authentication method.

Now we need to configure the database resource where to store users and user groups. Before moving to next option press the Database validation key.

Upon providing the credentials you might get the below message, but there is nothing to worry if your are unable to validate your database just choose the skip validation option and click on the next button.

If you chooses to skip validation, then you will be asked to recreate your administrator account, choose the user name and give it a password.

Then choose the appropriate options to adjust all application and logging related configuration options to fit your needs as shown.

At this point you've configured Icinga Web 2 successfully. You can review the changes supposed to be made before setting it up. Make sure that everything is correct (Feel free to navigate back to make any corrections!) so that you can start using Icinga Web 2 right after it has successfully been set up.

Welcome to the configuration of the monitoring module for Icinga Web 2!

This is the core module for Icinga Web 2. It offers various status and reporting views with powerful filter capabilities that allow you to keep track of the most important events in your monitoring environment.

Then choose the monitoring backend configuration that how it retrieve the information.

Choose the database name, user and its password that you created after installing the Icinga IDO MySQL Module and then validate the database.

Choose the default options for Command transport and Monitoring Security and that it you've configured the monitoring module successfully. Now take review of the changes and click on the finish button to ‘Finish’ to make sure everything has been setup well.

Icinga Web 2 Dashboard

Conclusion

We have successfully installed and configured Icinga Web 2 and ready to Monitoring our hosts and services through its interactive web interface. Hopefully you understand all the steps, so feel free to to share your your experience if you face any kind of difficulty while preparing your own Icinga Web 2 setup on CentOS or Ubutu.

The post How to Setup Icinga Web 2 on Centos 7.x / Ubuntu 15.04 appeared first on LinOxide.

Hi everybody! Our today's article is on PostgreSQL with phpPgAdmin installation setup on CentOS 7. PostgreSQL is one of the major and important open-source relational database management systems that have helped to shape the world of application development with advanced, SQL-compliant. The main advantage with using PostgreSQL is that it requires very minimum maintenance efforts because of its stability and the applications based on PostgreSQL has low cost of ownership in comparison with other database management systems. Its designed to be extensible in a way that you can define your own data types, index types, functional languages, etc.

Managing databases using individual SQL statements is a difficult task , so in this article we will also show you one of the best and most popular graphical user interface for managing a PostgreSQL database, that is phpPgAdmin.

PhpPgAdmin is a web-based GUI application that makes it simple for administering your PostgreSQL databases. phpPgAdmin will let you add, remove and manage databases, tables, and entries; run specific SQL queries, backup the database, search and import record, and much more.

Prerequisites

Before starting the installation of PotgreSQL and phpPgAdmin make sure that you have root access on your CentOS server and your are connected to the internet for the downloading the packages.

After login to your server, run the command below to update your centos 7 server with latest patches.

#yum update

If you going to setup PostgreSQL and phpPgAdmin on production environment with firewall and SELinux enabled, then make sure to allow the following default ports that will be used for postgreSQL and apache.

# firewall-cmd --permanent --add-port=5432/tcp
# firewall-cmd --permanent --add-port=80/tcp
# firewall-cmd --reload

To allow in SELinux run the below command.

# setsebool -P httpd_can_network_connect_db 1

PostgreSQL Installation

By default centos 7 comes with PostgreSQL Version 9.2.1 that can be installed by using the simple yum command while the current latest PostgreSQL Version is 9.4.5. So, in this tutorial we will be installing the latest version of PostgreSQL by using the PostgreSQL Yum Repository.

Installing PostgreSQL Repository
To get the latest yum repository for latest PostgreSQL package open the PostgreSQL Download Page or copy the link and run the below wget command.

# wget http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-redhat94-9.4-1.noarch.rpm

After downloading the rpm repository we have to install this rpm repository first before starting the PotgreSQL installation by using the below command.

# rpm -i pgdg-redhat94-9.4-1.noarch.rpm
# yum install postgresql94-server postgresql94-contrib

After running the above command there will be number of following package will be installed including few dependencies. To proceed the installation process press the "Y" key to continue as shown.

Dependencies Resolved
========================================================================================
Package Arch Version Repository Size
========================================================================================
Installing:
postgresql94-contrib x86_64 9.4.5-1PGDG.rhel7 pgdg94 610 k
postgresql94-server x86_64 9.4.5-1PGDG.rhel7 pgdg94 3.8 M
Installing for dependencies:
libxslt x86_64 1.1.28-5.el7 base 242 k
postgresql94 x86_64 9.4.5-1PGDG.rhel7 pgdg94 1.0 M
postgresql94-libs x86_64 9.4.5-1PGDG.rhel7 pgdg94 209 k

Transaction Summary
=======================================================================================
Install 2 Packages (+3 Dependent packages)

Total download size: 5.9 M
Installed size: 25 M
Is this ok [y/d/N]: y

Once the installation is complete, run the below command to initialize the database.

# /usr/pgsql-9.4/bin/postgresql94-setup initdb
Initializing database ... OK

Starting Database Service

To start the PostgreSQL service and to configure it for auto enable at boot up run the following commands and then check the status, it should be up and enabled.

# systemctl start postgresql-9.4
# systemctl enable postgresql-9.4

Using PostgreSQL Command line

During the installation process a new user was created by default with name "postgres" that will be used for administering PostgreSQL databases.

Let's switch user to the PostgreSQL user and connect to PostgreSQL command line interface for managing your database.

# su - postgres
-bash-4.2$ psql
psql (9.4.5)
Type "help" for help.

you can get more help on using the PostgreSQL database by typing help command as shown in the image.

Run the following command to update the default password of postgres user.

postgres=# \password postgres
Enter new password:*****
Enter it again:*****

Now we will create a new user and database using the PostgreSQL command line. To do let's run the below commands.

[root@centos-7 ~]# su - postgres
Last login: Sat Oct 10 19:26:10 BST 2015 on pts/1
-bash-4.2$ createuser kashif
-bash-4.2$ createdb testdb
-bash-4.2$ psql
postgres=# alter user kashif with encrypted password 'kashif123';
ALTER ROLE
postgres=# grant all privileges on database testdb to kashif;
GRANT

To list all the databases created on your system use the "\list" or "\l" command and to connect to a database use "\c db_name" as shown below.

Installing phpPgAdmin

In this section we are now going to setup Web based PostgreSQL administration tool. To do so first we have to install its packages that can done by using below yum command.

# yum install phpPgAdmin httpd

After running this command you will see a number of dependencies that will be required for installing the phpPgadmin and apache web server. So, to proceed forward choose the "Y" key to accept the changes and to complete the installation setup.

Dependencies Resolved
=======================================================================================
Package Arch Version Repository Size
=======================================================================================
Installing:
httpd x86_64 2.4.6-31.el7.centos.1 updates 2.7 M
phpPgAdmin noarch 5.1-2.rhel7 pgdg94 658 k
Installing for dependencies:
apr x86_64 1.4.8-3.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-31.el7.centos.1 updates 79 k
libzip x86_64 0.10.1-8.el7 base 48 k
mailcap noarch 2.1.41-2.el7 base 31 k
php x86_64 5.4.16-36.el7_1 updates 1.4 M
php-cli x86_64 5.4.16-36.el7_1 updates 2.7 M
php-common x86_64 5.4.16-36.el7_1 updates 563 k
php-pdo x86_64 5.4.16-36.el7_1 updates 97 k
php-pgsql x86_64 5.4.16-36.el7_1 updates 84 k

Transaction Summary
=======================================================================================
Install 2 Packages (+10 Dependent packages)

Total download size: 8.5 M
Installed size: 30 M
Is this ok [y/d/N]:y

phpPgAdmin Configuration

After installing the required packages, we will configure the phpPgAdmin with required parameters to allow access from the remote location as by default it will be only accessible through localhost.

# vim /etc/httpd/conf.d/phpPgAdmin.conf

Now Open the below configuration file using any editor and read it carefully before making any changes to it. Most of the parameters and this file are well explained and configured, but we only need to update some the following parameters.

# vim /var/lib/pgsql/9.4/data/pg_hba.conf

# vim /var/lib/pgsql/9.4/data/postgresql.conf

# vim /etc/phpPgAdmin/config.inc.php

// Hostname or IP address for server. Use '' for UNIX domain socket.
// use 'localhost' for TCP/IP connection on this computer
$conf['servers'][0]['host'] = 'localhost';

// Database port on server (5432 is the PostgreSQL default)
$conf['servers'][0]['port'] = 5432;

$conf['owned_only'] = true;

Save the changes and then restart both the services of PostgreSQL and Apache.

# systemctl restart postgresql-9.4
# systemctl restart httpd

phpPgAdmin Web Console

Let's open the below URL to access the phpPgAdmin console as shown below.

http://your_servers_ip/phpPgAdmin/

To login into the PostgreSQL simply click on the top left icon as shown and provide your credentials as created earlier.

Upon successful login, you will get access to create and manage your databases from phpPgAdmin console.

Conclusion

At the end of this article you learned about the installation and configuration of PostgreSQL with phpPgAdmin on CentOS 7. Still this was the first step in the world of PostgreSQL as there are its alot features upon them you have to work on as it has alot of awesome features like point in time recovery, tablespaces, asynchronous replication, Multi-Version Concurrency Control (MVCC), and write ahead logging for fault tolerance. So, we hope you find this article much helpful for you to start database administration with PostgreSQL.

The post How to Install and Configure PostgreSQL with phpPgAdmin on CentOs 7 appeared first on LinOxide.

Node.js is open source runtime environment for developing the server-side applications. Node.js application is written in javascript and can be run on the server that running Node.js runtime. It is cross-platform runtime, running on Linux, Windows, OSX, IBM AIX, including FreeBSD. Node.js was created by Ryan Dahl and other developer working at Joyent on 2009. It is designed to build scalable network applications.

Ghost is blogging platform coded in Node.js. It is open source publishing platform with beautifully designed, user-friendly, and free. It is allows you to easily publish your content on web, or create your portofolio website.

In this tutorial we will install a Ghost with Nginx as our web server on FreeBSD. We will install Node.js, Npm, nginx and sqlite3 on FreeBSD 10.2.

Step 1 - Install Node.js npm and Sqlite3

If you want to running ghost on your server, you must install node.js. In this section we will install node.js from the freebsd ports collection, please go to the ports directory "/usr/ports/www/node" and install by running command "make".

cd /usr/ports/www/node
make install clean

If you've done with node.js installation, please switch to the npm directory and install it. npm is Package manager for installs, publishes and manages node programs.

cd /usr/ports/www/npm/
make install clean

Next, please install sqlite3. By default ghost is use sqlite3 as the database system, but it is support too for mysql/mariadb and postgresql. We will use sqlite3 as the default database.

cd /usr/ports/databases/sqlite3/
make install clean

If all is installed, please check the version of node.js and npm :

node --version
v0.12.6

npm --version
2.11.3

sqlite3 --version
3.8.10.2

Step 2 - Add Ghost User

We will install and running ghost under normal users called "ghost". please create new user with "adduser" command :

adduser ghost
FILL With Your INFO

Step 3 - Installing Ghost

We will install ghost under "/var/www/" directory, so let's create it and then go to the installation directory :

mkdir -p /var/www/
cd /var/www/

Download ghost latest version with wget command :

wget --no-check-certificate https://ghost.org/zip/ghost-latest.zip

Extract it to the directory called "ghost" :

unzip -d ghost ghost-latest.zip

Next, change the owner as user "ghost", we will run and install it under that user.

chown -R ghost:ghost ghost/

If all is done, switch the user to "ghost" by typing command below :

su - ghost

Then go to the installation directory "/var/www/ghost/" :

cd /var/www/ghost/

And before install ghost, we need a sqlit3 modules for node js, install it with npm command :

setenv CXX c++ ; npm install sqlite3 --sqlite=/usr/local

Note : Run as "ghost" user, not root user.

And now we ready to install ghost, please install it with npm command :

npm install --production

Next, copy the configuration file "config.example.js" to "config.js", then edit it with nano editor :

cp config.example.js config.js
nano -c config.js

change on line 25 server block :

host: '0.0.0.0',

Save and exit.

Now run ghost with command below :

npm start --production

And test by visiting the server ip and port 2368.

Ghost is installed on directory "/var/www/ghost", under user "ghost".

Step 4 - Run Ghost as FreeBSD Services

To run an application as service on freebsd, you need to add the script to the rc.d directory. we will create new service script for ghost in directory "/usr/local/etc/rc.d/".

Before we create the services script, we need to install a node.js module for running ghost as service, install forever module with npm command as sudo/root privileges :

npm install forever -g

Now please go to the rc.d directory and create new file called ghost there :

cd /usr/local/etc/rc.d/
nano -c ghost

Paste service script below :

#!/bin/sh

# PROVIDE: ghost
# KEYWORD: shutdown
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"

. /etc/rc.subr

name="ghost"
rcvar="ghost_enable"
extra_commands="status"

load_rc_config ghost
: ${ghost_enable:="NO"}

status_cmd="ghost_status"
start_cmd="ghost_start"
stop_cmd="ghost_stop"
restart_cmd="ghost_restart"

ghost="/var/www/ghost"
log="/var/log/ghost/ghost.log"
ghost_start() {
sudo -u ghost sh -c "cd $ghost && NODE_ENV=production forever start -al $log index.js"
}

ghost_stop() {
sudo -u ghost sh -c "cd $ghost && NODE_ENV=production forever stop index.js"
}

ghost_status() {
sudo -u ghost sh -c "NODE_ENV=production forever list"
}

ghost_restart() {
ghost_stop;
ghost_start;
}

run_rc_command "$1"

Save and exit.

Next, make ghost service script an executable :

chmod +x ghost

and create new directory and file for ghost log, and change the owner to ghost user :

mkdir -p /var/www/ghost/
touch /var/www/ghost/ghost.log
chown -R /var/www/ghost/

And the last if you want to run ghost service, you need to add ghost service to the boot time/startup application with sysrc command :

sysrc ghost_enable=yes

and start ghost with :

service ghost start

Other command :

service ghost stop
service ghost status
service ghost restart

Step 5 - Install and Configure Nginx for Ghost

By default, ghost running standalone,, you can run it without Nginx, apache or IIS webserver. But in this tutorial we will install and configre nginx to work with Ghost.

Please install nginx from the freebsd repository with pkg command :

pkg install nginx

Next, go to nginx configuration directory and make new directory for virtualhost configuration.

cd /usr/local/etc/nginx/
mkdir virtualhost/

go to the virtualhost directory, make new file called ghost.conf with nano editor :

cd virtualhost/
nano -c ghost.conf

Paste virtualhost configuration below :

server {
listen 80;

#Your Domain
server_name ghost.me;

location ~* \.(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
proxy_pass http://127.0.0.1:2368;
}

location / {
add_header X-XSS-Protection "1; mode=block";
add_header Cache-Control "public, max-age=0";
add_header Content-Security-Policy "script-src 'self' ; font-src 'self' ; connect-src 'self' ; block-all-mixed-content; reflected-xss block; referrer no-referrer";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options DENY;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:2368;
}

location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }

location ~ /\.ht {
deny all;
}

}

Save and exit.

To activate the virtualhost configuration, you need to include that file to the nginx.conf. please go to nginx configuration directory and edit nginx.conf file :

cd /usr/local/etc/nginx/
nano -c nginx.conf

Before the last line, include the virtualhost configuration directory :

[......]

include virtualhost/*.conf;

}

Save and exit.

Test nginx configuration with command "nginx -t", if there is no error, add nginx to the start up with command sysrc :

sysrc nginx_enable=yes

and start nginx :

service nginx start

Now test all nginx and virtualhost configuration. please open your browser and type the : ghost.me

Ghost.me is running successfully.

If you want to check the nginx server, use "curl" command.

Ghost is running with nginx.

Conclusion

Node.js is runtime environment created by Ryan Dahl for creating and developing scalable server-side applications. Ghost is open-source blogging platform coded in node.js, it is come with beautifully designed and easy to use for everyone. By default, the ghost is a web application that can stand on its own, does not require a webserver apache, nginx or IIS, but we can also integrate with a web server(In this tutorial use Nginx). Sqlite is default database used by ghost, but it supupport too for mysql/mariadb and postgresql. Ghost is fast and easy to use for you and configure.

The post How to Install Ghost with Nginx on FreeBSD 10.2 appeared first on LinOxide.

Cockpit is an easy to use server administrator for Linux based systems. It is a free software which is released under LGPL v2.1. Its purpose is to be able to manage multiple servers in a user-friendly manner. Unlike other tools, it does not go deep into server configuration but tries to simplify the server administration especially for beginners. Cockpit is useful in performing simple tasks like starting and stopping of different services, administering storage, journal inspection etc. It makes use of systemd underneath.

Installing Cockpit

I have used a CentOS 7 system in this article and as Cockpit is not available in the CentOS repository, it needs to be cloned from the sig-atomic-buildscripts repository.

[root@ceph-storage ~]# git clone https://github.com/baude/sig-atomic-buildscripts
Cloning into 'sig-atomic-buildscripts'...
remote: Counting objects: 95, done.
remote: Total 95 (delta 0), reused 0 (delta 0), pack-reused 95
Unpacking objects: 100% (95/95), done.

Now you can install it using yum:

yum install cockpit

If you are using Ubuntu, execute the following commands:

sudo add-apt-repository ppa:jpsutton/cockpit

sudo apt-get update

sudo apt-get install cockpit

Enable cockpit service

[root@ceph-storage ~]# systemctl enable cockpit.socket
ln -s '/usr/lib/systemd/system/cockpit.socket' '/etc/systemd/system/sockets.target.wants/cockpit.socket'

If firewall is enabled in your system, you need to add Cockpit to the list of trusted services and restart firewall.

[root@ceph-storage ~]# firewall-cmd --peranent --zone=public --add-service=cockpit

[root@ceph-storage ~]#firewall-cmd --reload

Start the service

[root@ceph-storage ~]# systemctl start cockpit.socket

If you are on CentOS, you will need another step before you start using Cockpit. We need to modify the cockpit service file to disable SSL as there seems to be some issue with this. For this, edit the file /usr/lib/systemd/system/cockpit.service and change the line starting with ExecStart to the following:

ExecStart=/usr/libexec/cockpit-ws --no-tls

Please note that this work around may not be recommended on a production environment. After this, reload systemd and restart cockpit.

[root@ceph-storage ~]# systemctl daemon-reload

[root@ceph-storage ~]# systemctl restart cockpit

Now you are ready to use the Cockpit GUI.

Web Interface

The Cockpit web interface can be accessed by using the server's ip address with port 9090

https://server-ip:9090

You can login as root and start administering the servers. Once logged in, you will notice the below screen which displays an overview of CPU, Memory, Network Traffic and Disk I/O usage.

Moving to the Services section, you have different tabs here namely Targets, System Services, Sockets, Timers and Paths. They show the different system services, whether they are enabled, disabled, active, inactive etc.

Containers part shows if Docker is installed / activated or not. If not, you can install / activate it from here.

The journaling, networking and storage display the different logs, network and storage usage details respectively.

Under the Tools section, we have Administrator Accounts using which we can either create new accounts or switch between different accounts.

Tools also provides a working console for the administrators.

Conclusion

Cockpit provides a pretty neat and simple user interface for new admins to manage Linux servers. But remember that it is accessible only via the web. You can visit its official page for more details. As this is relatively new, it might take some time before it gets wide-spread support.

The post How to Install Cockpit on Linux CentOS 7 appeared first on LinOxide.

Hi everyone, today Redis is the subject of our article, we are going to install it on CentOS 7. Build sources files, install the binaries, create and install files. After installing its components, we will set its configuration as well as some operating system parameters to make it more reliable and faster.

Redis server

Redis is an open source multi-platform data store written in ANSI C, that uses datasets directly from memory achieving extremely high performance. It supports various programming languages, including Lua, C, Java, Python, Perl, PHP and many others. It is based on simplicity, about 30k lines of code that do "few" things, but do them well. Despite you work on memory, persistence may exist and it has a fairly reasonable support for high availability and clustering, which does good in keeping your data safe.

Building Redis

There is no official RPM package available, we need to build it from sources, in order to do this you will need install Make and GCC.

Install GNU Compiler Collection and Make with yum if it is not already installed

yum install gcc make

Download the tarball from redis download page.

curl http://download.redis.io/releases/redis-3.0.4.tar.gz -o redis-3.0.4.tar.gz

Extract the tarball contents

tar zxvf redis-3.0.4.tar.gz

Enter Redis the directory we have extracted

cd redis-3.0.4

Use Make to build the source files

make

Install

Enter on the src directory

cd src

Copy Redis server and client to /usr/local/bin

cp redis-server redis-cli /usr/local/bin

Its good also to copy sentinel, benchmark and check as well.

cp redis-sentinel redis-benchmark redis-check-aof redis-check-dump /usr/local/bin

Make Redis config directory

mkdir /etc/redis

Create a working and data directory under /var/lib/redis

mkdir -p /var/lib/redis/6379

System parameters

In order to Redis work correctly you need to set some kernel options

Set the vm.overcommit_memory to 1, which means always, this will avoid data to be truncated, take a look here for more.

sysctl -w vm.overcommit_memory=1

Change the maximum of backlog connections some value higher than the value on tcp-backlog option of redis.conf, which defaults to 511. You can find more on sysctl based ip networking "tunning" on kernel.org website.

sysctl -w net.core.somaxconn=512.

Disable transparent huge pages support, that is known to cause latency and memory access issues with Redis.

echo never > /sys/kernel/mm/transparent_hugepage/enabled

redis.conf

Redis.conf is the Redis configuration file, however you will see the file named as 6379.conf here, where the number is the same as the network port is listening to. This name is recommended if you are going to run more than one Redis instance.

Copy sample redis.conf to /etc/redis/6379.conf.

cp redis.conf /etc/redis/6379.conf

Now edit the file and set at some of its parameters.

vi /etc/redis/6379.conf

daemonize

Set daemonize to no, systemd need it to be in foreground, otherwise Redis will suddenly die.

daemonize no

pidfile

Set the pidfile to redis_6379.pid under /var/run.

pidfile /var/run/redis_6379.pid

port

Change the network port if you are not going to use the default

port 6379

loglevel

Set your loglevel.

loglevel notice

logfile

Set the logfile to /var/log/redis_6379.log

logfile /var/log/redis_6379.log

dir

Set the directory to /var/lib/redis/6379

dir /var/lib/redis/6379

Security

Here are some actions that you can take to enforce the security.

Unix sockets

In many cases, the client application resides on the same machine as the server, so there is no need to listen do network sockets. If this is the case you may want to use unix sockets instead, for this you need to set the port option to 0, and then enable unix sockets with the following options.

Set the path to the socket file

unixsocket /tmp/redis.sock

Set restricted permission to the socket file

unixsocketperm 700

Now, to have access with redis-cli you should use the -s flag pointing to the socket file

redis-cli -s /tmp/redis.sock

requirepass

You may need remote access, if so, you should use a password, that will be required before any operation.

requirepass "bTFBx1NYYWRMTUEyNHhsCg"

rename-command

Imagine the output of the next command. Yes, it will dump the configuration of the server, so you should deny access to this kind information whenever is possible.

CONFIG GET *

To restrict, or even disable this and other commands by using the rename-command. You must provide a command name and a replacement. To disable, set the replacement string to "" (blank), this is more secure as it will prevent someone from guessing the command name.

rename-command FLUSHDB "FLUSHDB_MY_SALT_G0ES_HERE09u09u"
rename-command FLUSHALL ""
rename-command CONFIG "CONFIG_MY_S4LT_GO3S_HERE09u09u"

Access Redis through unix with password and command changes

Access through unix sockets with password and command changes

Snapshots

By default Redis will periodically dump its datasets to dump.rdb on the data directory we set. You can configure how often the rdb file will be updated by the save command, the first parameter is a timeframe in seconds and the second is a number of changes performed on the data file.

Every 15 hours if there was at least 1 key change

save 900 1

Every 5 hours if there was at least 10 key changes

save 300 10

Every minute if there was at least 10000 key changes

save 60 10000

The /var/lib/redis/6379/dump.rdb file contains a dump of the dataset on memory since last save. Since it creates a temporary file and then replace the original file, there is no problem of corruption and you can always copy it directly without fear.

Starting at boot

You may use systemd to add Redis to the system startup

Copy sample init_script to /etc/init.d, note also the number of the port on the script name

cp utils/redis_init_script /etc/init.d/redis_6379

We are going to use systemd, so create a unit file named redis_6379.service under /etc/systems/system

vi /etc/systemd/system/redis_6379.service

Put this content, try man systemd.service for details

[Unit]
Description=Redis on port 6379

[Service]
Type=forking
ExecStart=/etc/init.d/redis_6379 start
ExecStop=/etc/init.d/redis_6379 stop

[Install]
WantedBy=multi-user.target

Now add the memory overcommit and maximum backlog options we have set before to the /etc/sysctl.conf file.

vm.overcommit_memory = 1

net.core.somaxconn=512

For the transparent huge pages support there is no sysctl directive, so you can put the command at the end of /etc/rc.local

echo never > /sys/kernel/mm/transparent_hugepage/enabled

Conclusion

That's enough to start, with these settings you will be able to deploy Redis server for many simpler scenarios, however there is many options on redis.conf for more complex environments. On some cases, you may use replication and Sentinel to provide high availability, split the data across servers, create a cluster of servers. Thanks for reading!

The post How to Install Redis Server on CentOS 7 appeared first on LinOxide.

CSF stands for ConfigServer Security and Firewall is one the most useful Open Source security application for linux operating systems that is used as a Packet Inspection Firewall, Login and Intrusion detection for the linux servers. Using CSF helps to protect servers against many security attacks such as brute force attacking. It comes with a service called (LFD) Login Failure Daemon that prevents unauthorized access to network daemons by watches your user activity for excessive login failures that we want to restrict access by IP address to helps in preventing access to compromise networks daemons. So, whenever there comes a large number of wrong attempts from a specific IP, then that IP will immediately be temporarily blocked from all services on the server.

The ConfigServer Security & Firewall come with lot of features to provide SSH login notifications, excessive connection blocking , mod_security failures, suspicious process reporting and many others.

1) Prerequisites

CSF can be installed on any Linux distribution, bu in this tutorial we are going to install and configure it using CentOS 7.1 .

Login to your Centos 7 server with root user and make sure that you are connected to the Internet to update your system with latest updates and for installing the required dependent packages for CSF.

After login, run the below command for system update.

# yum update

Then to install the perl modules that are required for setting up csf on Centos 7 run the below command.

# yum -y install perl perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph wget unzip net-tools

2) Download CSF Installation Package

To download the ConfigServer Security & Firewall package, run the below command in the /usr/src/ directory as shown.

# wget https://download.configserver.com/csf.tgz

After downloading the archived package run the following command to extract this within the same directory.

# tar -xzf csf.tgz

Now change the directory to the extracted folder and use the list command to view its inside configuration and installation scripts as shown.

3) Installing ConfigServer Security Firewall

To start installation of CSF on CentOS 7, we will run the installation script that is present within the same directory as shown above.

Let's run the below command as shown.

# sh install.sh

The installation script will check for its basic perl modules and root access, then creates a number directories and compile different configurations files and libraries during its installation process as shown below.

*** USE_CONNTRACK Enabled
*** IPV6 Enabled
*** IPV6_SPI set to 1

TCP ports currently listening for incoming connections:
22,5432

UDP ports currently listening for incoming connections:
5353,43539

Note: The port details above are for information only, csf hasn't been auto-configured.

Don't forget to:
1. Configure the following options in the csf configuration to suite your server: TCP_*, UDP_*
2. Restart csf and lfd
3. Set TESTING to 0 once you're happy with the firewall, lfd will not run until you do so

Adding current SSH session IP address to the csf whitelist in csf.allow:
Adding 172.xx.xx.xx to csf.allow only while in TESTING mode (not iptables ACCEPT)
*WARNING* TESTING mode is enabled - do not forget to disable it in the configuration
‘lfd.service’ -> ‘/usr/lib/systemd/system/lfd.service’
‘csf.service’ -> ‘/usr/lib/systemd/system/csf.service’
ln -s '/usr/lib/systemd/system/csf.service' '/etc/systemd/system/multi-user.target.wants/csf.service'
ln -s '/usr/lib/systemd/system/lfd.service' '/etc/systemd/system/multi-user.target.wants/lfd.service'
‘/etc/csf/csfwebmin.tgz’ -> ‘/usr/local/csf/csfwebmin.tgz’

Installation Completed

We can see that before the installation process completes, csf auto-configures the already listening ports including the SSH port on installation and then auto-whitelists the connected IP address where possible on installation.

4) Testing CSF IPTable Modules

Once the installation process is complete, run the below command to test the status of required iptables modules.

# perl /usr/local/csf/bin/csftest.pl

5) CSF Configuration & Usage

To configure the CSF Firewall On CentOS 7 and other Red Hat Enterprise Linux (RHEL) based distributions, the default configuration file can be found in location of "/etc/csf/"

The configuration files include the following number of files as shown in the image.

To enable the fully functional CSF firewall configure the default csf configuration file with following parameters.

[root@centos-7 csf]# vim csf.conf
TESTING = "0"
:wq!

Now we will specify an email address to report errors from the Login Failure Daemon by making the following configuration changes.

After making configuration changes we have to reload the csf services by using the below command so that the configuration changes can take effect.

# csf -r

If you want to check the status of csf service then run the below command.

# service csf status

Run the following command for complete overview of all command line options that you use can with csf.

# csf --help

Conclusion

In this article we learned about installation, configuration and usage of ConfigServer Security and Firewall, which is one of the most widely used open source tool freely available for installing on linux platforms. Using this tool we can secure our servers from many threats by using its simple configurations and commands. Its installation process is very simple and its easy to use that's why many organizations prefer to use this tool. We can also use and manage it from graphical user interface which can be accessed after installing the webmin tool by using its available plug-ins.

The post How to Install CSF Firewall on CentOS 7 appeared first on LinOxide.

FTP or File Transfer Protocol is application layer standard network protocol used to transfer file from the client to the server, after user logged in to the FTP server over the TCP-Network, such as internet. FTP has been round long time ago, much longer then P2P Program, or World Wide Web, and until this day it was a primary method for sharing file with other over the internet and it it remain very popular even today. FTP provide an secure transmission, that protect username, password and encrypt the content with SSL/TLS.

Pure-FTPd is free FTP Server with strong and focus on the software security. It was great choice for you if you want to provide a fast, secure, lightweight with feature rich FTP Services. Pure-FTPd can be install on variety of Unix-like operating system, include Linux and FreeBSD. Pure-FTPd is created by Frank Dennis in 2001, based on Troll-FTPd, and until now is actively developed by a team led by Dennis.

In this tutorial we will provide about installation and configuration of "Pure-FTPd" with Unix-like operating system FreeBSD 10.2.

Step 1 - Update system

The first thing you must do is to install and update the freebsd repository, please connect to your server with SSH and then type command below as sudo/root :

freebsd-update fetch
freebsd-update install

Step 2 - Install Pure-FTPd

You can install Pure-FTPd from the ports method, but in this tutorial we will install from the freebsd repository with "pkg" command. So, now let's install :

pkg install pure-ftpd

Once installation is finished, please add pure-ftpd to the start at the boot time with sysrc command below :

sysrc pureftpd_enable=yes

Step 3 - Configure Pure-FTPd

Configuration file for Pure-FTPd is located at directory "/usr/local/etc/", please go to the directory and copy the sample configuration for pure-ftpd to "pure-ftpd.conf".

cd /usr/local/etc/
cp pure-ftpd.conf.sample pure-ftpd.conf

Now edit the file configuration with nano editor :

nano -c pure-ftpd.conf

Note : -c option to show line number on nano.

Go to line 59 and change the value of "VerboseLog" to "yes". This option is allow you as administrator to see the log all command used by the users.

VerboseLog yes

And now look at line 126 "PureDB" for virtual-users configuration. Virtual users is a simple mechanism to store a list of users, with their password, name, uid, directory, etc. It's just like /etc/passwd. But it's not /etc/passwd. It's a different file and only for FTP. In this tutorial we will store the list of user to the file "/usr/local/etc/pureftpd.passwd" and "/usr/local/etc/pureftpd.pdb". Please uncomment that line and change the path for the file to "/usr/local/etc/pureftpd.pdb".

PureDB /usr/local/etc/pureftpd.pdb

Next, uncomment on the line 336 "CreateHomeDir", this option make you easy to add the virtual users, allow automatically create home directories if they are missing.

CreateHomeDir yes

Save and exit.

Next, start pure-ftpd with service command :

service pure-ftpd start

Step 4 - Adding New Users

At this step FTP server is started without error, but you can not log in to the FTP Server, because the default configuration of pure-ftpd is disabled for anonymous users. We need to create new users with home directory, and then give it the password for login.

On thing you must do befere you add new user to pure-ftpd virtual-user is to create a system user for this, lets create new system user "vftp" and the default group is same as username, with home directory "/home/vftp/".

pw useradd vftp -s /sbin/nologin -w no -d /home/vftp \
-c "Virtual User Pure-FTPd" -m

Now you can add the new user for the FTP Server with "pure-pw" command. For an example here, we will create new user named "akari", so please see command below :

pure-pw useradd akari -u vftp -g vftp -d /home/vftp/akari
Password: TYPE YOUR PASSWORD

that command will create user "akari" and the data stored at the file "/usr/local/etc/pureftpd.passwd", not at /etc/passwd file, so this means is that you can easily create FTP-only accounts without messing up your system accounts.

Next, you must generate the PureDB user database with this command :

pure-pw mkdb

Now restart the pure-ftpd services and try connect with user "akari" :

service pure-ftpd restart

Trying to connect with user akari :

ftp SERVERIP

NOTE :

If you want to add new user again, you can use "pure-pw" command. And if you want to delete the current user, you can use this :

pure-pw userdel useryouwanttodelete
pure-pw mkdb

Step 5 - Add SSL/TLS to Pure-FTPd

Pure-FTPd supports encryption using TLS security mechanisms. To support for TLS/SSL, make sure the OpenSSL library is already installed on your freebsd system.

Now you must generate new "self-signed certificate" on the directory "/etc/ssl/private". Before you generate the certificate, please create new directory there called "private".

cd /etc/ssl/
mkdir private
cd private/

Now generate "self-signed certificate" with openssl command below :

openssl req -x509 -nodes -newkey rsa:2048 -sha256 -keyout \
/etc/ssl/private/pure-ftpd.pem \
-out /etc/ssl/private/pure-ftpd.pem

FILL ALL WITH YOUR PERSONAL INFO.

Next, change the certificate permission :

chmod 600 /etc/ssl/private/*.pem

Once the certifcate is generated, Edit the pure-ftpd configuration file :

nano -c /usr/local/etc/pure-ftpd.conf

Uncomment on line 423 to enable the TLS :

TLS 1

And line 439 for the certificate file path :

CertFile /etc/ssl/private/pure-ftpd.pem

Save and exit, then restart the pure-ftpd services :

service pure-ftpd restart

Now let's test the Pure-FTPd that work with TLS/SSL. I'm here use "FileZilla" to connect to the FTP Server, and use user "akari" that have been created.

Pure-FTPd with TLS on FreeBSD 10.2 successfully.

Conclusion

FTP or File Transfer Protocol is standart protocol used to transfer file between users and the server. One of the best, lightweight and secure FTP Server Software is Pure-FTPd. It is secure and support for TLS/SSL encryption mechanism. Pure-FTPd is easy to to install and configure, you can manage the user with virtual user support, and it is make you as sysadmin is easy to manage the user if you have a much user ftp server.

The post How to Install Pure-FTPd with TLS on FreeBSD 10.2 appeared first on LinOxide.

In this article our focus is Pfsense setup, basic configuration and overview of features available in the security distribution of FreeBSD. In this tutorial we will run network wizard for basic setting of firewall and detailed overview of services. After the installation process following snapshot shows the IP addresses of WAN/LAN and different options for the management of Pfsense firewall.

After setup , following window appear which shows the url for configuration of Pfsense.

Open above given URL in the browser and login with username admin and password pfsense

After successful login, following wizard appears for the basic setting of Pfsense firewall. However setup wizard option can be bypassed and user can run it from the System menu from the web interface.

Click on the Next button to start basic configuration process on Pfsense firewall.

Setting hostname, domain and DNS addresses is shown in the following figure.

Setting time zone is shown in the below given snapshot.

Next window shows setting for the WAN interface. By defaults Pfsense firewall block bogus and private networks.

Setting LAN IP address which is used to access the Pfsense web interface for further configuration.

By default password for web interface is "pfsense". Enter new password for admin user on the following window to access the web interface for further configuration.Click on the "reload" button which is shown below. It applies the setting and redirect firewall user to main dashboard of Pfsense.

As shown in the following snapshot, Pfsense dashboard shows system information (such as cpu details, os version, dns detail, memory consumption) and status of ethernet/wireless interfaces etc.

Menu detail

PFsense consist of System, interfaces, firewall,services,vpn,status,diagnostics and help menus.

System Menu

Sub menus of System is given below.In the Advanced sub menu user can perform following operations.

Configuration of web interface
Firewall/Nat setting
Networking setting
System tuneables setting
Notification setting

In the Cert manager sub menu, firewall administrator generates certificates for CA and users.

In the Firmware sub menu, user can update Pfsense firmware manually/automatically. User can take full backup of Pfsense configurations.

In the General Setup sub menu, user can change basic setting such as hostname and domain etc.

As menu title indicates, user can enable/disable high availability feature from this sub menu.

Packages sub menu provides package manager facility in the web interface for Pfsense .

User can perform gateway and route management using Routing sub menu.

Setup Wizard sub menu opens following window which start basic configuration of Pfsense.

Management of user can be done from the User manager sub menu.

Interfaces Menu

This menu is used for the assignment of interfaces (LAN/WAN), VLAN setting,wireless and GRE configuration etc.

Firewall Menu

Firewall is the main and core part of Pfsense distribution and it provides following features.

Aliases

Aliases are defined for real hosts, networks or ports and they can be used to minimize the number of changes.

NAT (Network Address Translation)

NAT binds a specific internal address to a specific external address. Incoming traffic from the Internet to the specified IP will be directed toward the associated internal IP.

Firewall Rules

Firewall rules control what traffic is allowed to enter an interface on the firewall. After traffic is passed on the interface, it enters an entry in the state table is created.

Schedules

Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days of the week.

Traffic Shaper

Traffic shaping is the control of computer network traffic in order to optimize performance and lower latency.

Virtual IPs

Virtual IPs add knowledge of additional IP addresses to the firewall that are different from the firewall's real interface addresses.

Services Menu

Services menu shows services which are provided by the Pfsense distribution along firewall.

New program/software installed for some specific service is also shown in this menu such as snort. By default following services are listed in services menu.

Captive portal

The captive portal functionality in Pfsense allows securing a network by requiring a username and password entered on a portal page.

DHCP Relay

The DHCP Relay daemon will relay DHCP requests between broadcast domains for IPv4 DHCP.

DHCP Server

User can run DHCP service on the firewall for the network devices.

DNS Forwarder/Resolver/Dynamic DNS

DNS different services can be configured on the Pfsense firewall.

IGMP Proxy

User can configure IGMP on the Pfsense firewall from services menu.

Load Balancer

Load Balancing is one of the important feature which is also supported by the Pfsense firewall.

SNMP (Simple Network Management Protocol)

Pfsense supports all versions of snmp for remote management of firewall.

Wake on Lan

Using this feature packet sent to a workstation on a locally connected network which will power on a workstation.

VPN Menu

It is one of the most important feature of Pfsense. Its supports following types of vpn configuration.

VPN IPsec

IPsec is a standard for providing security to IP protocols via encryption and/or authentication.

L2TP IPsec

L2TP/IPsec is a common VPN type that wraps L2TP, an insecure tunneling protocol, inside a secure channel built using transport mode IPsec.

OpenVPN

OpenVPN is an Open Source VPN server and client that is supported on pfSense.

Status Menu

It shows the status of services provided by Pfsense such as dhcp server, ipsec and load balancer etc.

Diagnostic Menu

This menu helps administrator/user for the rectification of Pfsense issues or problems.

Help Menu

This menu provides links for different useful resources such as FreeBSD handbook,developer wiki, paid support and pfsense book.

Conclusion

In this article our focus was on the basic configuration and features set of Pfsense distribution. It is based on FreeBSD distribution and widely used due to security and stability features. In our future articles on Pfsense, our focus will be on the basic firewall rules setting, snort (IDS/IPS) and IPSEC VPN configuration.

The post How to Setup Pfsense Firewall and Basic Configuration appeared first on LinOxide.

Hello and welcome to our today's article on SQLite which is the most widely deployed SQL database engine in the world that comes with zero-configuration, that means no setup or administration needed. SQLite is public-domain software package that provides relational database management system, or RDBMS that is used to store user-defined records in large tables. In addition to data storage and management, database engine process complex query commands that combine data from multiple tables to generate reports and data summaries.

SQLite is very small and light weight that does not require a separate server process or system to operate. It is available on UNIX, Linux, Mac OS-X, Android, iOS and Windows which is being used in various software applications like Opera, Ruby On Rails, Adobe System, Mozilla Firefox, Google Chrome and Skype.

1) Basic Requirements:

There is are no such complex complex requirements for the installation of SQLite as it mostly comes support all major cross platforms.

So, let's login to your Ubuntu server with sudo or root credentials using your CLI or Secure Shell. Then update your system so that your operating system is upto date with latest packages.

In ubuntu, the below command is to be used for system update.

# apt-get update

If you are starting to deploy SQLite on on a fresh Ubuntu, then make sure that you have installed some basic system management utilities like wget, make, unzip, gcc.

To install wget, make and gcc packages on ubuntu, you use the below command, then press "Y" to allow and proceed with installation of these packages.

# apt-get install wget make gcc

2) Download SQLite

To download the latest package of SQLite, you can refer to their official SQLite Download Page as shown below.

You can copy the link of its resource package and download it on ubuntu server using the wget utility command.

# wget https://www.sqlite.org/2015/sqlite-autoconf-3090100.tar.gz

After downloading is complete, extract the package and change your current directory to the extracted SQLite folder by using the below command as shown.

# tar -zxvf sqlite-autoconf-3090100.tar.gz

3) Installing SQLite

Now we are going to install and configure the SQLite package that we downloaded. So, to compile and install SQLite on ubuntu run the configuration script within the same directory where your have extracted the SQLite package as shown below.

root@ubuntu-15:~/sqlite-autoconf-3090100# ./configure –prefix=/usr/local

Once the package is configuration is done under the mentioned prefix, then run the below command make command to compile the package.

root@ubuntu-15:~/sqlite-autoconf-3090100# make
source='sqlite3.c' object='sqlite3.lo' libtool=yes \
DEPDIR=.deps depmode=none /bin/bash ./depcomp \
/bin/bash ./libtool --tag=CC --mode=compile gcc -DPACKAGE_NAME=\"sqlite\" -DPACKAGE_TARNAME=\"sqlite\" -DPACKAGE_VERSION=\"3.9.1\" -DPACKAGE_STRING=\"sqlite\ 3.9.1\" -DPACKAGE_BUGREPORT=\"http://www.sqlite.org\" -DPACKAGE_URL=\"\" -DPACKAGE=\"sqlite\" -DVERSION=\"3.9.1\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -DHAVE_FDATASYNC=1 -DHAVE_USLEEP=1 -DHAVE_LOCALTIME_R=1 -DHAVE_GMTIME_R=1 -DHAVE_DECL_STRERROR_R=1 -DHAVE_STRERROR_R=1 -DHAVE_POSIX_FALLOCATE=1 -I. -D_REENTRANT=1 -DSQLITE_THREADSAFE=1 -DSQLITE_ENABLE_FTS3 -DSQLITE_ENABLE_RTREE -g -O2 -c -o sqlite3.lo sqlite3.c

After running make command, to complete the installation of SQLite on ubuntu run the 'make install' command as shown below.

# make install

4) Testing SQLite Installation

To confirm the successful installation of SQLite 3.9, run the below command in your command line interface.

# sqlite3

You will the SQLite verion after running the above command as shown.

5) Using SQLite

SQLite is very handy to use. To get the detailed information about its usage, simply run the below command in the SQLite console.

sqlite> .help

So here is the list of all its available commands, with their description that you can get help to start using SQLite.

Now in this last section , we make use of few SQLite commands to create a new database using the SQLite3 command line interface.

To to create a new database run the below command.

# sqlite3 test.db

To create a table within the new database run the below command.

sqlite> create table memos(text, priority INTEGER);

After creating the table, insert some data using the following commands.

sqlite> insert into memos values('deliver project description', 15);
sqlite> insert into memos values('writing new artilces', 100);

To view the inserted data from the table , run the below command.

sqlite> select * from memos;
deliver project description|15
writing new artilces|100

to exit from the sqlite3 type the below command.

sqlite> .exit

Conclusion

In this article you learned the installation of latest version of SQLite 3.9.1 which enables the recently JSON1 support in its 3.9.0 version and so on. Its is an amazing library that gets embedded inside the application that makes use of it to keep the resources much efficient and lighter. We hope you find this article much helpful, feel free to get back to us if you find any difficulty.

The post How to Install SQLite 3.9.1 with JSON Support on Ubuntu 15.04 appeared first on LinOxide.

Drupal is free and open source content management framework used by 2.1% of the web on the world web, written in PHP under GPL(GNU General Public License). It is used by a people around the world from a personal blog to corporate, government site or forum, political site and news site. It used too for business corporate and knowledge management. Drupal has been released on january 2001 by Dries Buytaert under GPL, and until this years 2015 drupal developer has provided more than 31.000 module.

Drupal Core is the core of of drupal itself, contains a basic of content management system and frameworks, including user management, page layout configuration and system administration etc. It is also contains a modules that can be activated/enable by administrator to extend the functionally of the website.

In this tutorial we will discuss about the drupal installation. We will install drupal 7 on FreeBSD 10.2 with Apache as the web server, MySQL as the database system and the last we will configure the SSL for it.

Step 1 - Install Apache and PHP

Apache is one of popular web server in the world. use by a million website to serve the site, provide a variety of modules, easy to install and configure and so powerful. You can install Apache and PHP from FreeBSD repository with pkg command.

pkg install apache24 mod_php56 php56-mysql php56-mysqli php56-curl

Now copy the php.ini-production file to php.ini.

cd /usr/local/etc/
cp php.ini-production php.ini

Edit php.ini file with nano editor, uncomment the value of "date.timezone" with your timezone.

nano -c php.ini

On the line 926.

date.timezone: Asia/Jakarta

Save and Exit. Go to the apache configuration directory, and edit the file "httpd.conf" with nano editor :

cd /usr/local/etc/apache24/
nano -c httpd.conf

Uncomment the line 220 and change the value to the localhost IP.

ServerName 127.0.0.1:80

add "index.php" to the line 278.

DirectoryIndex index.php index.html

Next, under the line 288, paste configuration below :

<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>

<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>

PHP Configuration

Save and Exit.

Next, add apache to the start up with sysrc command, and start it :

sysrc apache24_enable=yes
service apache24 start

Verify that apache is running by visiting FreeBSD server IP.

Step 2 - Install and Configure MySQL

Drupal 7 support for mysql - I've try on my box to use mariadb, but there is an error. In this tutorial we will use mysql as the database system. Install mysql with pkg command :

pkg install mysql56-server mysql56-client

Once installation is done, copy configuration file for mysql to directory "/usr/local/etc/".

cp /usr/local/share/mysql/my-default.cnf /usr/local/etc/my.cnf

And add the mysql service to the boot time with sysrc :

sysrc mysql_enable=yes

Now start mysql :

service mysql-server start

Next, configure mysql root password by typing command below :

mysql_secure_installation

Set root password? [Y/n] Y
New password: ENTER YOUR PASSWORD
Re-enter new password: REPEAT

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

mysql is configured with username root and your pasword.

Step 3 - Create Database for Drupal

In this step we will log in to the mysql shell with a username and password that has been set up. Log in to the mysql shell with command below :

mysql -u roop -p TYPE YOUR PASSWORD

Now we will create new database for drupal named "drupaldb", then add new mysql user called "drupaluser" with password "drupaluser@". Next grant the user to the database was created. You can do it by typing mysql command below :

create database drupaldb;
create user drupaluser@localhost identified by 'drupaluser@';
grant all privileges on drupaldb.* to drupaluser@localhost identified by 'drupaluser@';
flush privileges; \q

Database "drupaldb" for drupal is created.

Step 4 - Install Drupal 7

Drupal 7 is available on freebsd repository, you can install it manually or from the freebsd ports. In this tutorial we will install Drupal 7 from the freebsd repository with pkg command. Instaling Drupal 7 with pkg command :

pkg install drupal7

Now drupal is installed on directory "/usr/local/www/drupal7/". Next, change the owner of the directory to the user called "www".

cd /usr/local/www/
chown -R www:www drupal7/

Next, copy the drupal configuration file, and change the owner of that file :

cd /usr/local/www/drupal7/sites/default/
cp default.settings.php settings.php
chown www:www settings.php

Step 5 - SSL Configuration for Drupal

We will gernerate new SSL certificate for Drupal site. make sure the openssl is installed inside the server. Generate new certificate with command openssl and stored the certificate file in to "/usr/local/etc/apache24/ssl/" directory.

cd /usr/local/etc/apache24/
mkdir ssl; cd ssl

And generate the certificate file :

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/etc/apache24/ssl/apache.key -out /usr/local/etc/apache24/ssl/apache.crt

Fill all with your personal information :

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Change permission of the cerificate file :

cd /usr/local/etc/apache24/ssl/
chmod 600 *

Next, load apache ssl module by editing apache configuration "httpd.conf".

cd /usr/local/etc/apache24/
nano -c httpd.conf

Uncomment this line :

#Line 70
LoadModule authn_socache_module libexec/apache24/mod_authn_socache.so

#Line 89
LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so

#Line 141
LoadModule ssl_module libexec/apache24/mod_ssl.so

Save and Exit.

Step 6 - VirtualHost Configuration for Drupal

In this section we will create new virtualhost configuration file on the apache directory. Now go to the apache directory and create new directory "virtualhost".

cd /usr/local/etc/apache24/
mkdir virtualhost/

Then create create new file for virtualhost with nano editor :

cd virtualhost/
nano -c drupal.conf

And paste virtualhost configuration below :

Listen 443
<VirtualHost _default_:443>
ServerAdmin im@saitama.me
# Directory for the file stored
DocumentRoot "/usr/local/www/drupal7"
#Domain
ServerName saitama.me:443
ServerAlias www.saitama.me:443
ErrorLog "/var/log/saitama.me-error_log"
CustomLog "/var/log/saitama.me-access_log" common

SSLEngine on
SSLCertificateFile /usr/local/etc/apache24/ssl/server.crt
SSLCertificateKeyFile /usr/local/etc/apache24/ssl/server.key

<Directory "/usr/local/www/drupal7">
Options Indexes FollowSymLinks MultiViews
Options All
AllowOverride All
# The syntax is case sensitive!
Require all granted
</Directory>
</VirtualHost>

Save and exit. Now back to the apache directory and edit "httpd.conf" file.

cd /usr/local/etc/apache24/ nano -c httpd.conf

Add to the end of the line new configuration below :

Include etc/apache24/virtualhost/*

Save and exit. Next, test the apache configuration with command :

apachectl configtest

If there is no error, restart the apache :

service apache24 restart

Step 7 - Configure Drupal 7

Now virtualhost for drupal is configured, so you visit the drupal domain with https option "https://saitama.me/". Next, you see the drupal site is up, now select the installation type "Standart" and click "Save and Continue".

Choose the language "English" and "Save and continue".

Then fill the database configuration with our database configuration. Save and continue.

Next, just wait for installation, and if it is done, fill with your configuration.

and Finished, drupal configuration is done.

If you want to check the site, click on "Visit your new site". You can see your drupal site :

Conclusion

Drupal is open source content management framework based on PHP developed by Dries Buytaert on 2001 under GPL(Genral Public License). Until the day drupal has been provide up to 31.000 modules. Core of drupal named "Drupal Core", contains a basic of content management system and frameworks, including user management, page layout configuration and system administration etc. Drupal is user firendly, easy to use and configure. You can configure drupal with nginx, apache web server. On freebsd, you can install drupal from freebsd repository with pkg command, or you can too install from the freebsd ports, it is easy to install.

The post How to Install Drupal 7 with SSL on FreeBSD 10.2 appeared first on LinOxide.

Distributed version control was never easy before git. Git is a free and open source software that is designed to handle everything from small to very large projects with ease and speed. Git was first developed by Linus Torvalds who was also the founder of well-known Linux Kernel. GitLab is an awesome development in the field of git and distributed version control system. It is a web based Git repository managing application which includes features like code reviews,wikis, issue tracking and much more. Creating, reviewing and deploying codes is very easy, managed and fast with GitLab. It can be hosted in our own server though it also provides free repository hosting in its official server which is similar to Github. GitLab has two different editions, Community Edition and Enterprise Edition. Community Edition is a complete free and open source software licensed under MIT License whereas Enterprise Edition is under a proprietary license, and contains features that are not present in the CE version. Here are some easy steps on how we can install GitLab Community Edition on our machine running Ubuntu, Fedora and Debian as operating system.

1. Installing Pre-requisties

First of all, we'll install the required dependencies by GitLab Community Edition. We'll install curl in order to download our required files, openssh-server in order to ssh into our machine, ca-certificates to add CA Certifications and postfix as an MTA (Mail Transfer Agent).

Note: To install GitLab CE, we need to have a linux machine with at least 2 GB RAM and 2 Cores CPU.

On Ubuntu 14 .04/Debian 8.x

As these packages are available on the official repository of box Ubuntu 14.04 and Debian 8.x, we'll simply install it using apt-get package manager. To do so, we'll need to execute the following command in a terminal or console.

# apt-get install curl openssh-server ca-certificates postfix

On Fedora 22

In Fedora 22, the default package manager is dnf as yum has been depreciated. So, we'll simply run the following dnf command in order to install those required packages.

# dnf install curl openssh-server postfix

2. Starting and Enabling Services

Now, we'll start the services of sshd and postfix using our default init system. And we'll also enable them to start automatically in every system boot.

On Ubuntu 14.04

As SysVinit is installed as init system in Ubuntu 14.04, we'll use services command to start sshd and postfix daemon.

# service sshd start
# service postfix start

Now, in order to make them start automatically in every boot, we'll need to run the following update-rc.d command.

# update-rc.d sshd enable
# update-rc.d postfix enable

On Fedora 22/Debian 8.x

As Fedora 22 and Debian 8.x is shipped with Systemd instead of SysVinit as default init system, we'll simply run the following command to start the sshd and postfix services.

# systemctl start sshd postfix

Now, in order to make them start automatically in every boot, we'll need to run the following systemctl command.

# systemctl enable sshd postfix

Created symlink from /etc/systemd/system/multi-user.target.wants/sshd.service to /usr/lib/systemd/system/sshd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.

3. Downloading GitLab

We'll now download the binary installation files from the official GitLab CE Repository using curl. First, we'll need to navigate to the repository in order to get the download link of the required file. To do so, we'll need to run the following command in our linux machine running the respective operating system.

On Ubuntu 14.04

As Ubuntu and Debian uses the same debian format file, we'll gonna search the required version of GitLab under https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs and click on the link of the required release with ubuntu/trusty tag as we are running Ubuntu 14.04. A new page will appear in which we can see the Download button, we'll gonna right click it, get the link of the file and then download it using curl as shown bellow.

# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/ubuntu/trusty/gitlab-ce_8.1.2-ce.0_amd64.deb

On Debian 8.x

Like Ubuntu, we'll gonna search the required version of it under https://packages.gitlab.com/gitlab/gitlab-ce?filter=debs and click on the link of the requried release with debian/jessie tag as we are running Debian 8.x. Then, a new page will appear in which we'll right click on the Download button and get the file's download link. We'll next download it using curl as shown below.

# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/debian/jessie/gitlab-ce_8.1.2-ce.0_amd64.deb/download

On Fedora 22

As Fedora uses the rpm file for packages, we'll gonna search the required version of GitLab under https://packages.gitlab.com/gitlab/gitlab-ce?filter=rpms and click on the link of the required release, here as we are running Fedora 22, we'll select the release with el/7 tag. A new page will appear in which we can see the Download button, we'll gonna right click it, get the link of the file and then download it using curl as shown bellow.

# curl https://packages.gitlab.com/gitlab/gitlab-ce/packages/el/7/gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm/download

4. Installing GitLab

After our repository source is added in our linux machine, we'll now go for the installation of GitLab Community Edition using the default package manger of the respective distribution of linux.

On Ubuntu 14.04/Debian 8.x

To install GitLab CE in machine running Ubuntu 14.04 or Debian 8.x linux distribution which has apt-get package manager, we'll simply run the following command.

# dpkg -i gitlab-ce_8.1.2-ce.0_amd64.deb

On Fedora 22

We can execute the following dnf command to install it in our Fedora 22 box.

# dnf install gitlab-ce-8.1.2-ce.0.el7.x86_64.rpm

5. Configuring and Starting GitLab

Next, as GitLab CE has been successfully installed in our linux system. We'll now go ahead for configuring and starting it. To do so, we'll need to run the following command which is same in Ubuntu, Debian and Fedora distributions.

# gitlab-ctl reconfigure

6. Allowing Firewall

If we have firewall program enabled for security in our linux box, we'll need to allow port 80 which is the default port of GitLab CE in order to make the web interface accessible across the network. Firewalld and iptables are most widely used firewall programs in linux distributions. In order to do so, we'll need to run the following commands.

On Iptables

Iptables are installed and used in Ubuntu 14.04 by default. So, we'll need to run the following iptables commands to open port 80 in it.

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

# /etc/init.d/iptables save

On Firewalld

As Fedora 22 and Debian 8.x has systemd installed by default, it contains firewalld running as firewall problem. In order to open the port 80 (http service) on firewalld, we'll need to execute the below commands.

# firewall-cmd --permanent --add-service=http

success

# firewall-cmd --reload

success

7. Accessing GitLab Web Interface

Finally, we'll now go for accessing the web interface of GitLab CE. To do so, we'll need to point our web browser to the GitLab server with http://ip-address/ or http://domain.com/ according to our configuration. After we have pointed successfully, we'll see the following screen.

Gitlab Login Screen

Now, in order to login to the panel, we'll need to click on Login button which will ask us an username and a password. We'll now enter the default username and password ie root and 5iveL!fe respectively. After logging into the dashboard, we'll be asked to compulsorily enter the new password for our GitLab root user.

8. Creating Repository

After we have successfully changed the password and logged in to our dashboard, we'll now create a new repository for our new project. To do so, we'll need to go under Projects and click on NEW PROJECT green button.

Then, we'll be asked to enter the required information and settings for our repository as shown below. We can even import our project from many git repository providers and repositories.

After thats done, we'll be able to access our Git repository using any Git client including the basic git command line. We can see every activities done in the repository with other functions like creating a milestone, managing issues, merge requests, managing members, labels and Wiki for our projects.

Conclusion

GitLab is an awesome open source web application for managing our git repository. It has a beautiful, responsive interface with plenty of cool features. It is packed with many cool features like managing groups, deploying keys, Continuous Integration, viewing logs, broadcast messages, hooks, system OAuth applications, templates and more. It has the ability to integrate tons of tools such as Slack, Hipchat, LDAP, JIRA, Jenkins, many types of hooks and a complete API. It has the minimum requirement of 2 GB RAM and 2 Cores CPU to run smoothly up to 500 users but also can be scaled to multiple active servers. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !

The post How to Install GitLab on Ubuntu / Fedora / Debian appeared first on LinOxide.

This article is about Tripwire installation and configuration on Debian OS. It is a host based Intrusion detection system (IDS) for Linux environment. Prime function of tripwire IDS is to detect and report any unauthorized change (files and directories ) on linux system. After tripwire installation, baseline database created first, tripwire monitors and detects changes such as new file addition/creation, file modification and user who changed it etc. If the changes are legitimate, you can accept the changes to update tripwire database.

Installation and Configuration

Tripwire installation on Debian VM is shown below.

# apt-get install tripwire

During installation, tripwire prompt for following configuration.

Site key Creation

Tripwire required a site passphrase to secure the tw.cfg tripwire configuration file and tw.pol tripwire policy file. Tripewire encrypte both files using given passphrase. Site passphrase is must even for a single instance tripwire.

Local Key passphrase

Local passphrase is needed for the protection of tripwire database and report files . Local key used by the tripwire to avoid unauthorized modification of tripwire baseline database.

Tripwire configuration path

Tripwire configuration saved in the /etc/tripwire/twcfg.txt file. It is used to generate encrypted configuration file tw.cfg.

Tripwire Policy path

Tripwire saves policies in /etc/tripwire/twpol.txt file . It is used for the generation of encrypted policy file tw.pol used by the tripwire.

Final installation of tripwire is shown in the following snapshot.

Tripwire Configuration file (twcfg.txt)

Tripwire configuration file (twcfg.txt) details is given below. Paths of encrypted policy file (tw.pol), site key (site.key) and local key (hostname-local.key) etc are given below.

ROOT =/usr/sbin

POLFILE =/etc/tripwire/tw.pol

DBFILE =/var/lib/tripwire/$(HOSTNAME).twd

REPORTFILE =/var/lib/tripwire/report/$(HOSTNAME)-$(DATE).twr

SITEKEYFILE =/etc/tripwire/site.key

LOCALKEYFILE =/etc/tripwire/$(HOSTNAME)-local.key

EDITOR =/usr/bin/editor

LATEPROMPTING =false

LOOSEDIRECTORYCHECKING =false

MAILNOVIOLATIONS =true

EMAILREPORTLEVEL =3

REPORTLEVEL =3

SYSLOGREPORTING =true

MAILMETHOD =SMTP

SMTPHOST =localhost

SMTPPORT =25

TEMPDIRECTORY =/tmp

Tripwire Policy Configuration

Configure tripwire configuration before generation of baseline database. It is necessary to disable few policies such as /dev , /proc ,/root/mail etc. Detailed policy file twpol.txt is given below.

@@section GLOBAL
TWBIN = /usr/sbin;
TWETC = /etc/tripwire;
TWVAR = /var/lib/tripwire;

#
# File System Definitions
#
@@section FS

#
# First, some variables to make configuration easier
#
SEC_CRIT = $(IgnoreNone)-SHa ; # Critical files that cannot change

SEC_BIN = $(ReadOnly) ; # Binaries that should not change

SEC_CONFIG = $(Dynamic) ; # Config files that are changed
# infrequently but accessed
# often

SEC_LOG = $(Growing) ; # Files that grow, but that
# should never change ownership

SEC_INVARIANT = +tpug ; # Directories that should never
# change permission or ownership

SIG_LOW = 33 ; # Non-critical files that are of
# minimal security impact

SIG_MED = 66 ; # Non-critical files that are of
# significant security impact

SIG_HI = 100 ; # Critical files that are
# significant points of
# vulnerability

#
# Tripwire Binaries
#
(
rulename = "Tripwire Binaries",
severity = $(SIG_HI)
)
{
$(TWBIN)/siggen           -> $(SEC_BIN) ;
$(TWBIN)/tripwire       -> $(SEC_BIN) ;
$(TWBIN)/twadmin       -> $(SEC_BIN) ;
$(TWBIN)/twprint       -> $(SEC_BIN) ;
}
{
/boot           -> $(SEC_CRIT) ;
/lib/modules       -> $(SEC_CRIT) ;
}

(
rulename = "Boot Scripts",
severity = $(SIG_HI)
)
{
/etc/init.d       -> $(SEC_BIN) ;
#/etc/rc.boot       -> $(SEC_BIN) ;
/etc/rcS.d       -> $(SEC_BIN) ;
/etc/rc0.d       -> $(SEC_BIN) ;
/etc/rc1.d       -> $(SEC_BIN) ;
/etc/rc2.d       -> $(SEC_BIN) ;
/etc/rc3.d       -> $(SEC_BIN) ;
/etc/rc4.d       -> $(SEC_BIN) ;
/etc/rc5.d       -> $(SEC_BIN) ;
/etc/rc6.d       -> $(SEC_BIN) ;
}

(
rulename = "Root file-system executables",
severity = $(SIG_HI)
)
{
/bin -> $(SEC_BIN) ;
/sbin -> $(SEC_BIN) ;
}

#
# Critical Libraries
#
(
rulename = "Root file-system libraries",
severity = $(SIG_HI)
)
{
/lib -> $(SEC_BIN) ;
}

#
# Login and Privilege Raising Programs
#
(
rulename = "Security Control",
severity = $(SIG_MED)
)
{
/etc/passwd       -> $(SEC_CONFIG) ;
/etc/shadow       -> $(SEC_CONFIG) ;
}
{
#/var/lock       -> $(SEC_CONFIG) ;
#/var/run       -> $(SEC_CONFIG) ; # daemon PIDs
/var/log       -> $(SEC_CONFIG) ;
}

# These files change the behavior of the root account
(
rulename = "Root config files",
severity = 100
)
{
/root               -> $(SEC_CRIT) ; # Catch all additions to /root
#/root/mail           -> $(SEC_CONFIG) ;
#/root/Mail           -> $(SEC_CONFIG) ;
/root/.xsession-errors       -> $(SEC_CONFIG) ;
#/root/.xauth           -> $(SEC_CONFIG) ;
#/root/.tcshrc           -> $(SEC_CONFIG) ;
#/root/.sawfish           -> $(SEC_CONFIG) ;
#/root/.pinerc           -> $(SEC_CONFIG) ;
#/root/.mc           -> $(SEC_CONFIG) ;
#/root/.gnome_private       -> $(SEC_CONFIG) ;
#/root/.gnome-desktop       -> $(SEC_CONFIG) ;
#/root/.gnome           -> $(SEC_CONFIG) ;
#/root/.esd_auth           -> $(SEC_CONFIG) ;
#   /root/.elm           -> $(SEC_CONFIG) ;
#/root/.cshrc                -> $(SEC_CONFIG) ;
#/root/.bashrc           -> $(SEC_CONFIG) ;
#/root/.bash_profile       -> $(SEC_CONFIG) ;
#   /root/.bash_logout       -> $(SEC_CONFIG) ;
#/root/.bash_history       -> $(SEC_CONFIG) ;
#/root/.amandahosts       -> $(SEC_CONFIG) ;
#/root/.addressbook.lu       -> $(SEC_CONFIG) ;
#/root/.addressbook       -> $(SEC_CONFIG) ;
#/root/.Xresources       -> $(SEC_CONFIG) ;
#/root/.Xauthority       -> $(SEC_CONFIG) -i ; # Changes Inode number on login
/root/.ICEauthority            -> $(SEC_CONFIG) ;
}

#
# Critical devices
#
(
rulename = "Devices & Kernel information",
severity = $(SIG_HI),
)
{
#/dev -> $(Device) ;
#/proc -> $(Device) ;
}

Tripwire Report

tripwire –check command checks the twpol.txt file and based on this file generates tripwire report which is shown below. If this is any error in the twpol.txt file, tripwire does not generate report.

Report in text form

root@VMdebian:/home/labadmin# tripwire --check

Parsing policy file: /etc/tripwire/tw.pol

*** Processing Unix File System ***

Performing integrity check...

Wrote report file: /var/lib/tripwire/report/VMdebian-20151024-122322.twr

Open Source Tripwire(R) 2.4.2.2 Integrity Check Report

Report generated by: root

Report created on: Sat Oct 24 12:23:22 2015

Database last updated on: Never

Report Summary:

=========================================================

Host name: VMdebian

Host IP address: 127.0.1.1

Host ID: None

Policy file used: /etc/tripwire/tw.pol

Configuration file used: /etc/tripwire/tw.cfg

Database file used: /var/lib/tripwire/VMdebian.twd

Command line used: tripwire --check

=========================================================

Rule Summary:

=========================================================

-------------------------------------------------------------------------------

Section: Unix File System

-------------------------------------------------------------------------------

Rule Name Severity Level Added Removed Modified

--------- -------------- ----- ------- --------

Other binaries 66 0 0 0

Tripwire Binaries 100 0 0 0

Other libraries 66 0 0 0

Root file-system executables 100 0 0 0

Tripwire Data Files 100 0 0 0

System boot changes 100 0 0 0

(/var/log)

Root file-system libraries 100 0 0 0

(/lib)

Critical system boot files 100 0 0 0

Other configuration files 66 0 0 0

(/etc)

Boot Scripts 100 0 0 0

Security Control 66 0 0 0

Root config files 100 0 0 0

Invariant Directories 66 0 0 0

Total objects scanned: 25943

Total violations found: 0

=========================Object Summary:================================

-------------------------------------------------------------------------------

# Section: Unix File System

-------------------------------------------------------------------------------

No violations.

===========================Error Report:=====================================

No Errors

-------------------------------------------------------------------------------

*** End of report ***

trademark of Tripwire, Inc. This software comes with ABSOLUTELY NO WARRANTY;

for details use --version. This is free software which may be redistributed

or modified only under certain conditions; see COPYING for details.

Integrity check complete.

Conclusion

In this article, we learned installation and basic configuration of open source IDS tool Tripwire. First it generates baseline database and detects any change (file/folder) by comparing it with already generated baseline. However, tripwire is not live monitoring IDS.

The post How to Configure Tripwire IDS on Debian appeared first on LinOxide.

Hello everybody, today we are going to show you the installation and configuration steps to use OpenGTS that is well known as Open GPS Tracking System. OpenGTS is the only open source and web based GPS tracking system which is being widely used in different countries for tracking their different devices. OpenGTS can be operated in any specific GPS tracking device or the protocol that supports it like OpenDMTP (Open Source Device Monitoring and Tracking Protocol). It has a number of features like the customization of its web pages, reports and mapping services.

OpenGTS is fully written in Java and should run fine on any system that fully supports private JVM environment and an SQL database server (like MySQL).

Prerequisites

In this article we will be installing the Open GPS Tracking System on Ubuntu / CentOS. we are using the Ubuntu server 14.04 in our test environment. There are number of its prerequisites that we will have to setup first before the OpenGTS installation.

1) System Update

Login to your ubuntu / centos server using the root or sudo credentials to update your system using the below commands receptively.

# apt-get update
# yum update

2) LAMP Setup

As we mentioned earlier that OpenGTS is a web based application, that's why we will setup the LAMP stack as a prerequisite of OpenGTS. We will be using the Apache Web server and MySQL data base in our LAMP stack. Let's run the below commands to install the required packages.

For Ubuntu:

# sudo apt-get install apache2 php5 mysql-server libmysql-java wget curl unzip ant

For CentOS:

# yum install httpd php5 mysql-server libmysql-java wget curl unzip ant

In Ubuntu you will be asked to configure the root password on MySQL data base, choose your appropriate password and press OK to proceed.

While in CentOS you can run the below command to setup the root password.

# mysql_secure_installation

To start mysql and apache services on your ubuntu or centos server you can use the below commands.

For Ubuntu

# /etc/init.d/mysql start
# /etc/init.d/apache2 start

For CentOS

# /etc/init.d/mysqld start
# /etc/init.d/httpd start

3) JAVA Setup

To setup the JAVA environment we will be using the JAVA OpenJDK version 7 and then configure its environment using the below commands.

For Ubuntu / centOS:

# apt-get install openjdk-7-jdk

When the installation is complete setup the JAVA_HOME environment variables using the below commands.

# export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64

# echo "export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64" >> ~/.bashrc

4) Tomcat Setup

To install and configure the Tomcat setup follow the link to Download Tomcat, then copy the linked URL and download it using the wget command on the server.

# wget -c http://apache.mirror.uber.com.au/tomcat/tomcat-7/v7.0.65/bin/apache-tomcat-7.0.65.zip

Run the command below to extract the above downloaded zipped package.

# unzip apache-tomcat-7.0.65.zip

Now copy the package into the '/usr/local/' directory from teh current directory.

root@open-gts:~# cp -a apache-tomcat-7.0.65 /usr/local/

By using the below commands we will setup the CATALINA_HOME environment for the tomcat.

# export CATALINA_HOME=/usr/local/apache-tomcat-7.0.65/

# cd /usr/local

# ln -s $CATALINA_HOME tomcat
# cd $CATALINA_HOME/bin
# chmod a+x *.sh

When the Catalina Home environment has been setup, run the command as shown below to start tomcat.

# $CATALINA_HOME/bin/startup.sh

# echo "export CATALINA_HOME=/usr/local/apache-tomcat-7.0.65" >> ~/.bashrc

5) Setup JAVA Connector

To setup the JAVA connector, there's as mysql java connector package is available that we we download from the this LINK

Download the connector package using the below wget command.

# wget -c http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.37.zip

Then extract the zipped package and copy its files into the 'ext' directory of the JAVA_HOME by using below commands.

# unzip mysql-connector-java-5.1.37.zip

# cd mysql-connector-java-5.1.37/

# cp mysql-connector-java-5.1.37-bin.jar $JAVA_HOME/jre/lib/ext

JAVA Mail Setup

To install the Java mail setup, we can download the latest Jar repository from this LINK

Copy the link address and download it using the below wget command in the command line interface.

# wget -c https://maven.java.net/content/repositories/releases/com/sun/mail/javax.mail/1.5.2/javax.mail-1.5.2.jar

Copy this Jar repository in to the '/ext/' directoy and then change its name using the commands as shown below.

# cp javax.mail-1.5.2.jar $JAVA_HOME/jre/lib/ext/

# mv $JAVA_HOME/jre/lib/ext/javax.mail-1.5.2.jar $JAVA_HOME/jre/lib/ext/javax.mail.jar

Installing OpenGTS

We are ready to go with installation of OpenGTS Tracking System. We will be using the curl command to get the latest available package of OpenGTS from this LINK by using the below command.

# curl -L http://sourceforge.net/projects/opengts/files/server-base/2.6.0/OpenGTS_2.6.0.zip > OpenGTS_2.6.0.zip

Then extract the OpenGTS package into the '/usr/local/' directory using below command.

# unzip OpenGTS_2.6.0.zip -d /usr/local

Its recommended to run the OpenGTS with a general user, for this purpose we will run the below command to change the ownership.

# chown -R gts:sudo /usr/local/OpenGTS_2.6.0/

Then export the environment variables to set the OpenGTS home environment.

# export GTS_HOME=/usr/local/OpenGTS_2.6.0/

# echo "export GTS_HOME=/usr/local/OpenGTS_2.6.0" >> ~/.bashrc

1) Setup Environment

To setup the environment variables with ANT and creating the symbolinks, run the following commands.

# echo "export ANT_HOME=/usr/share/ant" >> ~/.bashrc
# source ~/.bashrc

# ln -s $JAVA_HOME /usr/local/java
# ln -s $CATALINA_HOME /usr/local/tomcat
# ln -s $GTS_HOME /usr/local/gts

2) OpenGTS Configurations

Open the default configuration file of OpenGTS to configure some of its basic parameters. To so do use the following command and uncomment the below mentioned line in the configuration file.

# vim $GTS_HOME/config.conf

Save the configuration file changes, and then list the CATALINA_HOME folder to check if it linked to its folder or not.

# ls -l $CATALINA_HOME

In case if its pointing to itself then you can run the command below unlink it.

# unlink /usr/local/apache-tomcat-7.0.65/apache-tomcat-7.0.65

3) OpenGTS Compilation

Finally we are ready to compile the OpenGTS, to do first change you directory to the GTS-HOME and the run the command to compile it with 'ant all' command as shown.

# cd $GTS_HOME

root@open-gts:/usr/local/OpenGTS_2.6.0# ant all

The compilation process will takes a while to compile all the required data.

4) OpenGTS Initialization

To initialize the OpenGTS database , we will be using the below command to by providing the root credetials of our database.

root@open-gts:/usr/local/OpenGTS_2.6.0# bin/initdb.sh -rootUser=root -rootPass=******

This be creating the new database with name and user 'gts' and grant him the privileges as shown below.

Version: 2.6.0
Database created: gts
Privileges granted to user: gts

Validating table columns ...
---------------------------------------------------------------------------
Table 'Account' --- Creating table ...
Table 'AccountString' --- Creating table ...
Table 'User' --- Creating table ...
Table 'UserAcl' --- Creating table ...
Table 'GroupList' --- Creating table ...
Table 'Device' --- Creating table ...
Table 'Transport' --- Creating table ...
Table 'UniqueXID' --- Creating table ...
Table 'DeviceGroup' --- Creating table ...
Table 'DeviceList' --- Creating table ...
Table 'Driver' --- Creating table ...
Table 'EventData' --- Creating table ...
Table 'Geozone' --- Creating table ...
Table 'Resource' --- Creating table ...
Table 'Role' --- Creating table ...
Table 'RoleAcl' --- Creating table ...
Table 'StatusCode' --- Creating table ...
Table 'SystemProps' --- Creating table ...
Table 'EventTemplate' --- Creating table ...
Table 'PendingPacket' --- Creating table ...
Table 'Property' --- Creating table ...
Table 'Diagnostic' --- Creating table ...
---------------------------------------------------------------------------
Column validation completed successfully.
---------------------------------------------------------------------------

Updating GTS Version: 2.6.0
Updating DMTP Version: 1.3.6

5) Testing Installation

To test the installation of OpenGTS run the below command with the home directory of GTS_HOME as shown below.

root@open-gts:/usr/local/OpenGTS_2.6.0# bin/checkInstall.sh

after executing the above command you might see some errors, warnings and recommendation taht you you can figure them out.

6) Creating New Account

To create the new admin account run the below command by mentioning your account name and password.

root@open-gts:/usr/local/OpenGTS_2.6.0# bin/admin.sh Account -account=sysadmin -pass=****** -create
Entry Point: org.opengts.db.tables.Account
Created Account-ID: sysadmin

7) Install Track Java Servlet

To install the Track Java Servelet followed by copying its webapp, use the below commands.

root@open-gts:/usr/local/OpenGTS_2.6.0# ant track

root@open-gts:/usr/local/OpenGTS_2.6.0# cp build/track.war $CATALINA_HOME/webapps/

Open OpenGTS Web Interface

Open your web browser and give the below URL to access the web interface on OpenGTS GPS Tracking system to start tracking your devices.

http://your_servers_ip:8080/track/Track

In case if you unable to login using your credentials, then stop the Tomcat services and then restart it again using below commands.

#$CATALINA_HOME/bin/shutdown.sh
#rm -rf $CATALINA_HOME/webapps/track*
#cp $GTS_HOME/build/track.war $CATALINA_HOME/webapps/
#$CATALINA_HOME/bin/startup.sh

Welcome to OpenGTS GPS Tracking

We have successfully setup OpenGTS, by using its web console now you can easily manage and track vehicles.

Conclusion

In this article you have learned the installation and configuration of OpenGTS Open GPS Tricking system including all of its required dependencies on Ubuntu. Hope you under each and every stept that we performed in the article. This was only the server side setup, in our next article we will show you its client side setup for OpenGTS Testing. Leave your valuable comments or suggestions if you face any issue or your recommendations.

The post How to Setup OpenGTS GPS Tracking System on Ubuntu / CentOS appeared first on LinOxide.

Redmine is a free and open source web based flexible project management and issue tracking tool written in Ruby on Rails framework which is released under the terms of the GNU General Public License v2 (GPL). Redmine integrates with various version control systems like SVN, CVS, Git, Bazaar, etc and includes a repository browser and diff viewer. It has been localized in more than 34 languages and can be run in any platform as it is cross-platform and cross-database from the core. It makes users easy to manage multiple projects with its associated sub-projects. Here are some remarkable features of Redmine which has made it such a popular open source project management product.

Redmine supports multiple projects with sub-projects.
It has a flexible role based access control.
It consists of issue tracking as well as time tracking system with email creation.
It supports SCM integration (SVN, CVS, Git, Mercurial, Bazaar and Darcs).
It has integrated Gantt chart and calendar, news, documents & files management.
It allows web Feeds & email notifications with per project wiki and forums.
Custom fields for issues, time-entries, projects and users
It supports multiple LDAP authentication, multilanguage and multiple database making it highly flexible.
It supports various plugins and provides a REST API

Here are some easy steps on how we can setup the latest release of Redmine version 3.1.1 in our machine running Fedora 22.

System Requirements

Before we get into the installation of Redmine, we'll need to ensure that we have a machine with at least 10GB storage and 1GB ram with 1GB swap file for better performance. As this tutorial is specifically on Fedora 22 so we'll also need to ensure that our machine is running Fedora 22 in it. All these installation work requires the user to have access to root or sudo commands so, here in this tutorial we'll run all the commands under root user. After everything is checked, we'll now go further towards the installation of the latest release of Redmine version 3.1.1.

1. Installing Dependencies

First of all, we'll need to ensure that we have got all the required dependencies installed in our Fedora 22 linux machine. Some of the required dependencies are Apache Web Server, MariaDB server, Ruby and Postfix (MTA) with other dependencies. In order to install them, we'll need to run the following commands in a terminal or console under root or sudo access.

# dnf install apr-devel apr-util-devel curl-devel gcc gcc-c++ git httpd httpd-devel ImageMagick-devel mariadb-devel mariadb-server postfix ruby-devel tar libxslt-dev libxml2-dev

2. Starting and Enabling Services

Now, as we have got our required dependencies installed and ready to get configured, we'll first need to start the required applications and make them start automatically in every boot. As we know, fedora 22 has systemd preinstalled as init system so, we'll need to run the following systemd command in order to start the daemon services.

# systemctl start httpd mariadb postfix

After its started, we'll now make it able to start automatically in every system boot.

# systemctl enable httpd mariadb postfix

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.

3. Configuring MariaDB Database

After we have started MariaDB for the first time in our machine, we'll need to configure our mariadb and set a new password for its root user. To do so, we'll need to run the following command as shown below.

# mysql_secure_installation

This will ask us to enter the password for root but as we haven’t set any password before and its our first time we’ve installed mariadb, we’ll simply press enter and go further. Then, we’ll be asked to set root password, here we’ll hit Y and enter our password for root of MariaDB. Then, we’ll simply hit enter to set the default values for the further configurations.

….
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on…
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
… Success!
…
installation should now be secure.
Thanks for using MariaDB!

4. Creating a new Redmine DB

After we have successfully configure our MariaDB server, we'll now go for creating a new Redmine Database so that redmine will be able to use MariaDB to store its required data and information. So, we'll need to login to the MariaDB command prompt as root by executing the following command in a terminal or console.

# mysql -u root -p

Here, we’ll need to enter the password of the MariaDB root account that we had set above. After we’re logged in into the mariadb command prompt, we’ll gonna create the database for our redmine application.

> CREATE DATABASE redminedb CHARACTER SET utf8;
> CREATE USER 'redmineuser'@'localhost' IDENTIFIED BY 'Pa$$worD123';
> GRANT ALL PRIVILEGES ON redminedb.* TO 'redmineuser'@'localhost';
> FLUSH PRIVILEGES;
> EXIT;

Note: We’ve successfully created a new database for our redmine application named redminedb with username redmineuser and password as Pa$$worD123 . It is strongly recommended to replace the above variables as your desire for the security issue.

5. Installing Redmine

Now, as our servers are up and running, we'll now go to grab our latest stable release of redmine from its official website https://www.redmine.org/releases/ . As the latest stable release while writing this article is 3.1.1 so, we'll gonna download the tarball of this release from the above site using wget command as shown below.

# cd /tmp/
# wget https://www.redmine.org/releases/redmine-3.1.1.tar.gz

--2015-11-04 06:44:08-- https://www.redmine.org/releases/redmine-3.1.1.tar.gz
Resolving www.redmine.org (www.redmine.org)... 46.4.36.71
Connecting to www.redmine.org (www.redmine.org)|46.4.36.71|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2246322 (2.1M) [application/x-gzip]
Saving to: ‘redmine-3.1.1.tar.gz’
redmine-3.1.1.tar.gz 100%[========================>] 2.14M 61.2KB/s in 21s
2015-11-04 06:44:32 (102 KB/s) - ‘redmine-3.1.1.tar.gz’ saved [2246322/2246322]

After we have successfully downloaded it, we'll now extract that tarball using tar command.

# tar xfzv redmine-3.1.1.tar.gz

Next, we'll gonna move our extracted redmine directory to the location of our Apache Web Server as follows.

# mv redmine-3.1.1 /var/www/redmine

Then, we'll need to change the ownership of our redmine installation directory to apache so that apache process owner will have full access over the directory and files.

# chown apache:apache -R /var/www/redmine

6. Configuring Redmine

We'll now configure our redmine so that it will be able to connect the MariaDB database that we had just created above. For that, we'll need the database name, database user and password which was noted above. We'll first need to copy the example of configuration file provided by the Redmine Team which is under config folder. To do so, we'll need to run the following command in a terminal or console.

# cd /var/www/redmine/config
# cp database.yml.example database.yml

Next, we'll gonna edit the database.yml and configure it to connect with the MariaDB database.

# nano database.yml

Now, we'll need to append the file database.yml under the production definition as shown below and make it connect with the database.

production:
 adapter: mysql2
 database: redminedb
 host: localhost
 username: redmineuser
 password: "Pa$$worD123" 
 encoding: utf8

After done, we'll need to save and exit the file.

7. Configuring Email Service

Next, we'll need to configure our SMTP settings of our Redmine, so that redmine will be able to send notifications via emails. To do so, we'll need to configure production definition under configuration.yml . The example of configuration file is already prepacked with our redmine package so, we'll simply use that example configuration file. To do so, we'll simply copy that example configuration file to configuration.yml using copying command.

# cd /var/www/redmine/config
# cp configuration.yml.example configuration.yml

Next, we'll gonna edit the configuration.yml using a text editor.

# nano configuration.yml

We'll now search for production definition and append it as shown below.

production:
    email_delivery:
        delivery_method: :smtp
        smtp_settings:
            address: "localhost"
            port: 25
            domain: 'redmine.linoxide.com'
    rmagick_font_path: /usr/share/fonts/ipa-pgothic/ipagp.ttf

8. Installing Ruby Gem

We'll now install the required ruby dependencies for running our Redmine. Those dependencies are managed by bundle. So, to install it, first we'll need to install bundler by running the following command.

# gem install bundler

Successfully installed bundler-1.10.6
Parsing documentation for bundler-1.10.6
Installing ri documentation for bundler-1.10.6
Done installing documentation for bundler after 5 seconds
1 gem installed

Next, we'll gonna install all those required ruby dependencies by excluding postgresql, sqlite, test and development dependencies using --without flag.

# bundle install --without postgresql sqlite test development

9. Initializing Redmine Database

Now, we'll go further for the initialization of Redmine database. To do so, we'll first generate a secret key for session management by running the following command.

# cd /var/www/redmine
# /usr/local/bin/rake generate_secret_token

Next, we'll setup the database with exporting RAILS_ENV variable as "production" with below command.

# /usr/local/bin/rake db:migrate RAILS_ENV="production"

Then, finally the database needs to be populated with default data by executing the following command. This command will prompt us to choose a language for it, we'll simply go with the default language ie English (en).

# /usr/bin/rake redmine:load_default_data RAILS_ENV="production"

Select language: ar, az, bg, bs, ca, cs, da, de, el, en, en-GB, es, es-PA, et, eu, fa, fi, fr, gl, he, hr, hu, id, it, ja, ko, lt, lv, mk, mn, nl, no, pl, pt, pt-BR, ro, ru, sk, sl, sq, sr, sr-YU, sv, th, tr, uk, vi, zh, zh-TW [en] en
====================================
Default configuration data loaded.

10. Installing and Configuring Passenger

As we are going to setup for production, we'll gonna go for installing Passenger so that we can host our Redmine through apache2 via Passenger. To setup the Passenger bootstrap, we'll need to run the following command.

# gem install passenger

Fetching: passenger-5.0.21.gem (100%)
Building native extensions. This could take a while...
Successfully installed passenger-5.0.21
Parsing documentation for passenger-5.0.21
unable to convert "\x88" from ASCII-8BIT to UTF-8 for src/cxx_supportlib/vendor-modified/boost/thread/future.hpp, skipping
unable to convert "\x97" from ASCII-8BIT to UTF-8 for src/cxx_supportlib/vendor-modified/boost/utility/declval.hpp, skipping
Installing ri documentation for passenger-5.0.21
Done installing documentation for passenger after 69 seconds
1 gem installed

Next, after we have installed passenger, we'll need to install a passenger-apache2 module. To do so, we'll need to run the below command.

# /usr/local/bin/passenger-install-apache2-module

It will help us to diagnose any issues as well as provide some default settings for our specific installation.

Note: To compile Passenger, our machine requires at least 1GB of RAM or 1GB of RAM + Swap space combined.

After its installed, we'll now go further towards the configuration of Passenger.

Now, as we have got our required packages installed in our fedora 22 machine, we'll now need to configure our apache server for proper use of passenger. To do so, we'll need to create a new file passenger.conf in which we'll define configuration for our passenger.

# nano /etc/httpd/conf.d/passenger.conf

After its opened via our text editor, we'll need to append this file with the configuration as shown below.

LoadModule passenger_module /usr/local/share/gems/gems/passenger-5.0.21/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
 PassengerRoot /usr/local/share/gems/gems/passenger-5.0.21
 PassengerDefaultRuby /usr/bin/ruby
</IfModule>

Once done, we'll need to save and exit the editor.

11. Configuring Apache Web Server

Now, as our passenger is configured completely, we'll now configure our apache configuration in order to run our Redmine via Apache Web Server. To do so, we'll need to create a new conf file under /etc/httpd/conf.d/redmine.conf using a text editor.

# nano /etc/httpd/conf.d/redmine.conf

Then, we'll need to copy the following lines of configuration into the file.

<VirtualHost *:80>
   ServerName redmine.linoxide.com
   DocumentRoot /var/www/redmine/public
   <Directory /var/www/redmine/public>
      AllowOverride all
      Options -MultiViews
   </Directory>
</VirtualHost>

Once done, we'll simply save and exit the editor.

12. Restarting Web Server

Once everything above is configured and installed properly as done above, we'll now need to restart our Apache Web Server in order to run our Redmine for the first time. As Fedora 22 is shipped with systemd as init system by default, we'll simply run a systemd command in order to restart it.

# systemctl restart httpd

13. Allowing Firewall

Next, we'll need to configure our firewall program running in our linux machine to allow port 80 or http service so that our apache web server will be accessible within our network. As Fedora 22 has systemd preinstalled, firewalld is popular firewall program in it. So, we'll need to execute the following commands to allow port 80 or http service to expose from our linux machine.

# firewall-cmd --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=http

14. Accessing Redmine

Now, as we have our apache web server running and http port forwarded, we should be able to access our Redmine web interface using a web browser. We'll simply need to point our web browser to http://ip-address/ or http://redmine.domain.com/ according to our configuration. Here, in this tutorial, we pointed our browser to http://redmine.linoxide.com/ as we had configured it in the apache web server in the above step. If everything went as expected, we should see our Redmine application running as follows.

Next, we'll gonna login into our Redmine Dashboard. To do so, we'll need to click on the Login button present just above in the navigation bar. Then, a login screen will appear which will ask for username and password. The default username and password of Redmine application is admin and admin respectively.

After we have successfully logged in, we'll go for creating our Projects. We can do that by navigating to Administration page from the above menu.

Then, we'll need to click on Projects and click on a button (+) New Project.

A form will appear in which we'll need to enter the required information and configuration for our Project as shown below. After we have completed the required information and settings, we'll need to Click on Create and Continue.

Conclusion

In this article, we learned how to setup a popular project management web application Redmine on a machine running Fedora 22 as operating system. It is an awesome cross platform application which makes project management, bug tracking and time tracking pretty easy with a bunch of different essential features. It is completely built and maintained by active community volunteers who are pretty helpful and loves to support its users. If you would like to take a demo of Redmine before going for installation, you can always visit http://demo.redmine.org/ . If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !

The post How to Setup Redmine - Project Management Web Application on Fedora 22 appeared first on LinOxide.

Are you tired of cloning, building, testing, and deploying codes time and again? If yes, switch to continuous integration. Continuous Integration aka CI is practice in software engineering of making frequent commits to the code base, building, testing and deploying as we go. CI helps to quickly integrate new codes into the existing code base. If this process is made automated, then this will speed up the development process as it reduces the time taken for the developer to build and test things manually. Drone is a free and open source project which provides an awesome environment of continuous integration service and is released under Apache License Version 2.0. It integrates with many repository providers like Github, Bitbucket and Google Code and has the ability to pull codes from the repositories enabling us to build the source code written in number of languages including PHP, Node, Ruby, Go, Dart, Python, C/C++, JAVA and more. It is made such a powerful platform cause it uses containers and docker technology for every build making users a complete control over their build environment with guaranteed isolation.

1. Installing Docker

First of all, we'll gonna install Docker as its the most vital element for the complete workflow of Drone. Drone does a proper utilization of docker for the purpose of building and testing application. This container technology speeds up the development of the applications. To install docker, we'll need to run the following commands with respective the distribution of linux. In this tutorial, we'll cover the steps with Ubuntu 14.04 and CentOS 7 linux distributions.

On Ubuntu

To install Docker in Ubuntu, we can simply run the following commands in a terminal or console.

# apt-get update
# apt-get install docker.io

After the installation is done, we'll restart our docker engine using service command.

# service docker restart

Then, we'll make docker start automatically in every system boot.

# update-rc.d docker defaults

Adding system startup for /etc/init.d/docker ...
/etc/rc0.d/K20docker -> ../init.d/docker
/etc/rc1.d/K20docker -> ../init.d/docker
/etc/rc6.d/K20docker -> ../init.d/docker
/etc/rc2.d/S20docker -> ../init.d/docker
/etc/rc3.d/S20docker -> ../init.d/docker
/etc/rc4.d/S20docker -> ../init.d/docker
/etc/rc5.d/S20docker -> ../init.d/docker

On CentOS

First, we'll gonna update every packages installed in our centos machine. We can do that by running the following command.

# sudo yum update

To install docker in centos, we can simply run the following commands.

# curl -sSL https://get.docker.com/ | sh

After our docker engine is installed in our centos machine, we'll simply start it by running the following systemd command as systemd is the default init system in centos 7.

# systemctl start docker

Then, we'll enable docker to start automatically in every system startup.

# systemctl enable docker

ln -s '/usr/lib/systemd/system/docker.service' '/etc/systemd/system/multi-user.target.wants/docker.service'

2. Installing SQlite Driver

It uses SQlite3 database server for storing its data and information by default. It will automatically create a database file named drone.sqlite under /var/lib/drone/ which will handle database schema setup and migration. To setup SQlite3 drivers, we'll need to follow the below steps.

On Ubuntu 14.04

As SQlite3 is available on the default respository of Ubuntu 14.04, we'll simply install it by running the following apt command.

# apt-get install libsqlite3-dev

On CentOS 7

To install it on CentOS 7 machine, we'll need to run the following yum command.

# yum install sqlite-devel

3. Installing Drone

Finally, after we have installed those dependencies successfully, we'll now go further towards the installation of drone in our machine. In this step, we'll simply download the binary package of it from the official download link of the respective binary formats and then install them using the default package manager.

On Ubuntu

We'll use wget to download the debian package of drone for ubuntu from the official Debian file download link ie http://downloads.drone.io/master/drone.deb . Here is the command to download the required debian package of drone.

# wget downloads.drone.io/master/drone.deb

Resolving downloads.drone.io (downloads.drone.io)... 54.231.48.98
Connecting to downloads.drone.io (downloads.drone.io)|54.231.48.98|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7722384 (7.4M) [application/x-debian-package]
Saving to: 'drone.deb'
100%[======================================>] 7,722,384 1.38MB/s in 17s
2015-11-06 14:09:28 (456 KB/s) - 'drone.deb' saved [7722384/7722384]

After its downloaded, we'll gonna install it with dpkg package manager.

# dpkg -i drone.deb

Selecting previously unselected package drone.
(Reading database ... 28077 files and directories currently installed.)
Preparing to unpack drone.deb ...
Unpacking drone (0.3.0-alpha-1442513246) ...
Setting up drone (0.3.0-alpha-1442513246) ...
Your system ubuntu 14: using upstart to control Drone
drone start/running, process 9512

On CentOS

In the machine running CentOS, we'll download the RPM package from the official download link for RPM ie http://downloads.drone.io/master/drone.rpm using wget command as shown below.

# wget downloads.drone.io/master/drone.rpm

--2015-11-06 11:06:45-- http://downloads.drone.io/master/drone.rpm
Resolving downloads.drone.io (downloads.drone.io)... 54.231.114.18
Connecting to downloads.drone.io (downloads.drone.io)|54.231.114.18|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7763311 (7.4M) [application/x-redhat-package-manager]
Saving to: ‘drone.rpm’
100%[======================================>] 7,763,311 1.18MB/s in 20s
2015-11-06 11:07:06 (374 KB/s) - ‘drone.rpm’ saved [7763311/7763311]

Then, we'll install the download rpm package using yum package manager.

# yum localinstall drone.rpm

4. Configuring Port

After the installation is completed, we'll gonna configure drone to make it workable. The configuration of drone is inside /etc/drone/drone.toml file. By default, drone web interface is exposed under port 80 which is the default port of http, if we wanna change it, we can change it by replacing the value under server block as shown below.

[server]
port=":80"

5. Integrating Github

In order to run Drone we must setup at least one integration points between GitHub, GitHub Enterprise, Gitlab, Gogs, Bitbucket. In this tutorial, we'll only integrate github but if we wanna integrate other we can do that from the configuration file. In order to integrate github, we'll need to create a new application in our github settings ie https://github.com/settings/developers .

To create, we'll need to click on Register a New Application then fill out the form as shown in the following image.

We should make sure that Authorization callback URL looks like http://drone.linoxide.com/api/auth/github.com under the configuration of the application. Then, we'll click on Register application. After done, we'll note the Client ID and Client Secret key as we'll need to configure it in our drone configuration.

After thats done, we'll need to edit our drone configuration using a text editor by running the following command.

# nano /etc/drone/drone.toml

Then, we'll find the [github] section and append the section with the above noted configuration as shown below.

[github]
client="3dd44b969709c518603c"
secret="4ee261abdb431bdc5e96b19cc3c498403853632a"
# orgs=[]
# open=false

6. Configuring SMTP server

If we wanna enable drone to send notifications via emails, then we'll need to specify the SMTP configuration of our SMTP server. If we already have an SMTP server, we can use its configuration but as we don't have an SMTP server, we'll need to install an MTA ie Postfix and then specify the SMTP configuration in the drone configuration.

On Ubuntu

We can install postfix in ubuntu by running the following apt command.

# apt-get install postfix

On CentOS

We can install postfix in CentOS by running the following yum command.

# yum install postfix

After installing, we'll need to edit the configuration of our postfix configuration using a text editor.

# nano /etc/postfix/main.cf

Then, we'll need to replace the value of myhostname parameter to our FQDN ie drone.linoxide.com .

myhostname = drone.linoxide.com

Now, we'll gonna finally configure the SMTP section of our drone configuration file.

# nano /etc/drone/drone.toml

Then, we'll find the [stmp] section and then we'll need to append the setting as follows.

[smtp]
host = "drone.linoxide.com"
port = "587"
from = "root@drone.linoxide.com"
user = "root"
pass = "password"

Note: Here, user and pass parameters are strongly recommended to be changed according to one's user configuration.

7. Configuring Worker

As we know that drone utilizes docker for its building and testing task, we'll need to configure docker as the worker for our drone. To do so, we'll need to edit the [worker] section in the drone configuration file.

# nano /etc/drone/drone.toml

Then, we'll uncomment the following lines and append as shown below.

[worker]
nodes=[
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock"
]

Here, we have set only 2 node which means the above configuration is capable of executing only 2 build at a time. In order to increase concurrency, we can increase the number of nodes.

[worker]
nodes=[
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock",
"unix:///var/run/docker.sock"
]

Here, in the above configuration, drone is configured to process four builds at a time, using the local docker daemon.

8. Restarting Drone

Finally, after everything is done regarding the installation and configuration, we'll now start our drone server in our linux machine.

On Ubuntu

To start drone in our Ubuntu 14.04 machine, we'll simply run service command as the default init system of Ubuntu 14.04 is SysVinit.

# service drone restart

To make drone start automatically in every boot of the system, we'll run the following command.

# update-rc.d drone defaults

On CentOS

To start drone in CentOS machine, we'll simply run systemd command as CentOS 7 is shipped with systemd as init system.

# systemctl restart drone

Then, we'll enable drone to start automatically in every system boot.

# systemctl enable drone

9. Allowing Firewalls

As we know drone utilizes port 80 by default and we haven't changed the port, we'll gonna configure our firewall programs to allow port 80 (http) and be accessible from other machines in the network.

On Ubuntu 14.04

Iptables is a popular firewall program which is installed in the ubuntu distributions by default. We'll make iptables to expose port 80 so that we can make our Drone web interface accessible in the network.

# iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save

On CentOS 7

As CentOS 7 has systemd installed by default, it contains firewalld running as firewall problem. In order to open the port 80 (http service) on firewalld, we'll need to execute the following commands.

# firewall-cmd --permanent --add-service=http

success

# firewall-cmd --reload

success

10. Accessing Web Interface

Now, we'll gonna open the web interface of drone using our favourite web browser. To do so, we'll need to point our web browser to our machine running drone in it. As the default port of drone is 80 and we have also set 80 in this tutorial, we'll simply point our browser to http://ip-address/ or http://drone.linoxide.com according to our configuration. After we have done that correctly, we'll see the first page of it having options to login into our dashboard.

As we have configured Github in the above step, we'll simply select github and we'll go through the app authentication process and after its done, we'll be forwarded to our Dashboard.

Here, it will synchronize all our github repository and will ask us to activate the repo which we want to build with drone.

After its activated, it will ask us to add a new file named .drone.yml in our repository and define the build process and configuration in that file like which image to fetch and which command/script to run while compiling, etc.

We'll need to configure our .drone.yml as shown below.

image: python
script:
 - python helloworld.py
 - echo "Build has been completed."

After its done, we'll be able to build our application using the configuration YAML file .drone.yml in our drone appliation. All the commits made into the repository is synced in realtime. It automatically syncs the commit and changes made to the repository. Once the commit is made in the repository, build is automatically started in our drone application.

After the build is completed, we'll be able to see the output of the build with the output console.

Conclusion

In this article, we learned to completely setup a workable Continuous Intergration platform with Drone. If we want, we can even get started with the services provided by the official Drone.io project. We can start with free service or paid service according to our requirements. It has changed the world of Continuous integration with its beautiful web interface and powerful bunches of features. It has the ability to integrate with many third party applications and deployment platforms. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you !

The post How to Setup Drone - a Continuous Integration Service in Linux appeared first on LinOxide.

Table of Contents

Install

Patch (Optional)

Install files

Install Unhide (recommended)

Configure

Tests

Secure Shell

Network ports

Application Version

Sniffers

Files

Log Options

Operating System options

Locking

Startup and Superdeamon

Accounts

Syslog

Reports

Running rkhunter

Check Your Changes

Properties Update

Conclusion

Basic Setup

Download OMD Package

Installing OMD on Ubuntu

Creating OMD Instance

Login to OMD Instance

Chek-MK Admin Tool

Monitoing Host Agent

Conclusion

Prerequisites

Download Seafile Server Package

Seafile Installation Setup

Starting Seafile Server

Login to Seahub

Creating New Libraries

Uploading your data

Seafile Client Installation

Adding Seafile Account

Conclusion

Prerequisites

1. Creating Application File

2. Creating Deployment File

3. Deploying Containers

4. Inspecting Docker Containers

5. Testing the Application

6. Recreating Deployment File

7. Moving Container with Data Volume

8. Inspecting the Migration

9. Checking the Application

Conclusion

Step 1 - Update System

Step 2 - Install and Configure Apache

Step 3 - Install and Configure MariaDB

Step 4 - Install and Configure MariaDB

Step 5 - Configure Apache VirtualHost

Step 6 - Install and Configure Mod Security

Step 7 - Adding Mod Security to the VirtualHost

Step 8 - Testing Mod Security

Conclusion

Installing Prerequisites

1) System Update

2) Installing Icinga 2

3) Starting Icinga 2

4) MySQL Database Setup

5) Installing MySQL IDO Module

6) Web server Setup

7) External Command Pipe Setup:

Icinga Web 2 Installation

Icinga Web 2 Setup:

Icinga Web 2 Dashboard

Conclusion

Prerequisites

PostgreSQL Installation

Starting Database Service

Using PostgreSQL Command line

Installing phpPgAdmin

phpPgAdmin Configuration

phpPgAdmin Web Console