Install vsFTP on CentOS/Redhat and enable TLS

By | All Linux HowTo's, Security HowTo's | No Comments

This tutorial demonstrates how to install vsftp on CentOS/Redhat and configure it to allow connections over TLS for additional security. We’ll also chroot the users to their own directory.

Install vsftp:

yum install vsftp

Edit the config file “/etc/vsftpd/vsftpd.conf” and set the following:

rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
chroot_local_user=YES
anonymous_enable=NO
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Create the certificates:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

If you’re using SELinux (you should be), enable home sharing via FTP:

setsebool -P ftp_home_dir 1

Finally we enable and restart vsftpd:

chkconfig vsftpd on
service vsftpd restart

Make sure to permit port 21 through your firewall(s).

Another good tutorial on this is: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-a-centos-vps

Detect newly added disks. Linux on VMWare.

By | All Linux HowTo's | No Comments

This one liner shows how to get Linux (CentOS in this case) to detect a newly added disk on a VMWare host. This was found on “http://wingloon.com/2013/05/07/how-to-detect-a-new-hard-disk-without-rebooting-vmware-linux-guest/”.

ls /sys/class/scsi_host/ | while read host ; do echo "- - -" > /sys/class/scsi_host/$host/scan ; done

There you have it.

Install and Configure Tripwire on CentOS/Redhat

By | All Linux HowTo's, Security HowTo's | No Comments

This article demonstrates how to install Tripwire on CentOS and Redhat.

yum -y install tripwire

The have a look at “/etc/tripwire/twcfg.txt” and “/etc/tripwire/twpol.txt”. Nothing needs changing unless you need to. I’d suggest adding “emailto=me@example.com” to “/etc/tripwire/twpol.txt” to have reports emailed to you.

Run the following:

tripwire-setup-keyfiles

The above requires you to enter a new passphrase. It will ask for it several times.

Finally you should initialise the database:

tripwire --init

Issue the command “/usr/sbin/tripwire –check” to check the system for changes. Or add the following to “crontab -e”:

# Midnight every night
0 0 * * * /usr/sbin/tripwire  --check --email-report

And you should be fine now.

Schedule jobs with the AT command

By | All Linux HowTo's | No Comments

You can schedule commands to run at a later time by using the ‘at’ command. Why use ‘at’ when you can use ‘cron’? Because ‘at’ is good for tasks that only need to run once.

To set a task (to email a log file at a later time) to run in one hour from now:

at now + 1 hour (Enter)
mail me@agix.com.au < /var/log/messages (Enter)
(Control+D)

To see your queued tasks:

atq

You will get output like this:

333	2015-03-12 14:27 a root

In the above you can see there is one task labeled '333'. You can see the command set by issuing the command:

at -c 333

The above command will output plenty of details. The part you want is the second to last line.

You can remove a tasks by issuing the following:

atrm 333

Install a Gnome Desktop on CentOS or Redhat

By | All Linux HowTo's | No Comments

This article explains how to install a GUI desktop (Gnome) on a Redhat or CentOS system and have the system boot to that GUI on startup.

yum -y groupinstall "Desktop" "Desktop Platform" "X Window System" "Fonts"

To have Gnome start on boot, you will need to edit the file “/etc/inittab” and replace the following:

id:3:initdefault:

With this:

id:5:initdefault:

You can change to the GUI without rebooting by entering the following:

init 5

Upgrade to php-5.5 on CentOS/Redhat

By | All Linux HowTo's | No Comments

This article demonstrates how to upgrade from php-5.3 to php-5.5 on CentOS or Redhat.

rpm -Uvh https://mirror.webtatic.com/yum/el6/latest.rpm

Now run the yum command to see a list of php-5.5 options:

yum list php55w*

Run the upgrade using the following commands:

yum install yum-plugin-replace
yum replace php-common --replace-with=php55w-common

You will receive a warning message. Saying YES has never caused me an issue. You will get the opportunity to see what will be removed and what will be installed after choosing YES.

At this point you should be able to run the following command to verify the upgrade. Note the version number:

php -v

cPanel overwriting my pg_hba.conf file

By | All Linux HowTo's | No Comments

This article describes and solves (work-around) a problems with PostgreSQL and cPanel. The issue is that cPanel modifies the file “/var/lib/pgsql/9.4/data/pg_hba.conf” setting it back to a default state.

This article has more information: http://www.davidghedini.com/pg/entry/installing_postgresql_9_on_cpanel

By setting that file to your liking such as the following:

local all  all        md5
host samerole all  127.0.0.200   255.255.255.255   pam  pamservice=postgresql_cpses
host all all  127.0.0.1   255.255.255.255   md5
local all postgres        md5
host all postgres  127.0.0.1   255.255.255.255   md5

And setting it’s permissions to read-only:

chattr -ia /var/lib/pgsql/9.4/data/pg_hba.conf

If you need to make future changes to the above file, first reset it’s permissions using the following:

chattr +ia /var/lib/pgsql/9.4/data/pg_hba.conf

You should be able to move on without cPanel tripping you over in future.

You’ll need to restart PostgreSQL:

/etc/init.d/postgresql-9.4 status
/etc/init.d/postgresql-9.4 restart

CSS Basics

By | AGIX Discussion, Scripting HowTo's | No Comments

This article explains how CSS (style sheets) work to enhance websites. Essentially CSS is used to change the way content is displayed in a web browser.

Get more tips here http://www.w3schools.com/css/

Web browsers know what do to when text is marked-up. But you can change that with CSS. The following is a simple way to use CSS but it’s not the only way. Put the following in the head tags.

<style>
h1 {
  /* Colours can be specified as words (blue) or HEX (#453332) */
  color: #00ff00;
  font-family: serif;
}
</style>

So it would look like this in full:

<html>
<head>
<style>
h1 {
  color: #444444;
  font-family: serif;
}
</style>
</head>
<body>
<h1>This is the heading</h1>
This is the body. 
</body>
</html>

You will notice that the CSS has changed the heading style from defaults. Here are some other useful tips:

h1 {
  color: #444444;
  font-family: serif;
  font-size: 40px;
}
body {
  color: #111111;
  font-family: serif;
  font-size: 25px;
  background-color: #eeeeee;
}
p {
  color: #000000;
  font-family: serif;
  font-size: 20px;
}

The above are ways to manipulate the standard display of browsers. However, you may want to have two types of fonts in the body of the page. Use “classes”.

<html>
<head>
<style>
.bigtext {
  color: #000000;
  font-family: serif;
  /* Font sizes are in pixels */
  font-size: 20px;
}
.smalltext {
  color: #000000;
  font-family: serif;
  font-size: 10px;
}
</style>
</head>
<body>
<h1>This is the heading</h1>
<p class="bigtext">This is big. </p>
<p class="smalltext">This is small. </p>
</body>
</html>

The above method of including CSS in the HTML document is ok but not the best way. Imagine that you have hundreds of web pages that all need to use the same style. The above wouldn’t work well as you’d have to copy it to each HTML page. And making changes to CSS means making changes to every page.

A better method is to “include” the CSS from a CSS file that you have on your server. For example, put the CSS in a file called “style.css” and reference it like this:

<link rel="stylesheet" type="text/css" href="style.css">

The above should be within the head tags. Here’s an example. Create the file “style.css” in the same directory as the web page and put the following in it:

.bigtext {
  color: #000000;
  font-family: serif;
  font-size: 20px;
}
.smalltext {
  color: #000000;
  font-family: serif;
  font-size: 10px;
}

And create your HTML document like this:

<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css"> 
</head> 
<body> 
<h1>This is the heading</h1> 
<p class="bigtext">This is big. </p> 
<p class="smalltext">This is small. </p> 
</body> 
</html>

Login to PostgreSQL with PSQL on Redhat/CentOS

By | Uncategorized | No Comments

This article explains how to login to a PostgreSQL server using the psql tool on Redhat and/or CentOS.

You first need the psql tool:

yum install postgresql

Then use the format below to connect and login. Here we’ll use the username of ‘root’ and the hostname is ‘db.agix.com.au’.

psql -h db.agix.com.au -U root

Enter the password for the root user in the PostgreSQL database and you’re in.

Contact AGIX Support

Level 2, 170 Greenhill Road
Parkside 5063 South Australia
Phone: (08) 7324 4429
or 0422 927 598
support@agix.com.au