Category: CentOS

  • SELinux

    To disable SELinux, edit

    sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config

    Now you need to reboot. If you don’t want to reboot, disable it for current session with

    setenforce 0

    If you use SELinux, you may need to configure it for each applications.

    For web server

    setsebool httpd_can_network_connect true
setsebool -P httpd_can_network_connect_db 1
setsebool -P memcached_connect_any 1

    CURL ERROR 7 could not establish a secure connection to WordPress.org
    SELinux allow non default SSH port

  • webmin create new admin user from command line

    webmin create new admin user from command line

    webmin

    PAM authentication failed n a webmin server with no errors on CentOS 6 server. To fix this, i created a nom PAM user “admin”.

    To add non PAM user, edit 

    /etc/webmin/miniserv.users

    Add

    admin:mypassword

    Edit file

    vi /etc/webmin/webmin.acl

    Add

    admin: acl adsl-client ajaxterm apache at backup-config bacula-backup bandwidth bind8 burner change-user cluster-copy cluster-cron cluster-passwd cluster-shell cluster-software cluster-useradmin cluster-usermin cluster-webmin cpan cron custom dfsadmin dhcpd dovecot exim exports fail2ban fdisk fetchmail filemin file filter firewall6 firewalld firewall fsdump grub heartbeat htaccess-htpasswd idmapd inetd init inittab ipfilter ipfw ipsec iscsi-client iscsi-server iscsi-target iscsi-tgtd jabber krb5 ldap-client ldap-server ldap-useradmin logrotate lpadmin lvm mailboxes mailcap man mon mount mysql net nis openslp package-updates pam pap passwd phpini postfix postgresql ppp-client pptp-client pptp-server procmail proc proftpd qmailadmin quota raid samba sarg sendmail servers shell shorewall6 shorewall smart-status smf software spam squid sshd status stunnel syslog syslog-ng system-status tcpwrappers telnet time tunnel updown useradmin usermin vgetty webalizer webmincron webminlog webmin wuftpd xinetd virtual-server virtualmin-awstats jailkit virtualmin-htpasswd virtualmin-sqlite virtualmin-dav ruby-gems virtualmin-git php-pear virtualmin-init virtualmin-slavedns virtualmin-registrar

    Set a password for user admin.

    /usr/libexec/webmin/changepass.pl /etc/webmin admin  PASSWORD_HERE

    Now you will be able to login to webmin at

    https://your-server-ip:10000
User = admin
PW = password you used in above step

  • Yum disable a repository

    To disable a repository, run

    yum-config-manager --disable REPO_NAME_HERE

    To list all enabled repository, run

    yum repolist

  • Install CentOS Web Panel (CWP)

    CentOS Web Panel (CWP) is a free hosting control panel for CentOS servers.

    CentOS Web Panel

    To install CentOS Web Panel, run

    yum -y install wget
cd /usr/local/src
wget http://centos-webpanel.com/cwp-latest
sh cwp-latest

    CWP use same Ports as popular Cpanel control panel.

    Admin Panel

    CWP Admin Panel available on following URL.

    You can login with system user “root” and its password.

    http://server-ip:2030
http://server-ip:2086
https://server-ip:2031
https://server-ip:2087

    User Panel

    http://server-ip:2082/
https://server-ip:2083/

    Webmail

    http://server-ip:2095
https://server-ip:2096

    On CWP server, you can find MySQL login details in following config files.

    /root/.my.cnf
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
/usr/local/cwpsrv/htdocs/resources/admin/include/postfix.php

    Document Root

    Web site files are stored in folder /home/USER/public_html

    Stop/Start Services

    systemctl start cwpsrv
systemctl start cwp-phpfpm
systemctl start httpd

    php-fpm used by cwp control panel

    systemctl stop cwpsrv-phpfpm
systemctl start cwpsrv-phpfpm
socket = /usr/local/cwp/php71/var/sockets/cwpsrv.sock

    Service files are stored in /usr/lib/systemd/system/

    Web Server

    CWP support multiple web servers. For Apache, it is installed in folder

    /usr/local/apache

    Apache config file is /usr/local/apache/conf.d/vhosts.conf

    CPW have its own apache package with name “cwp-httpd”, don’t use default httpd package provided by CentOS.

    CWP server log can be found at

    /var/log/cwp/webservers.log

    See Hosting Control Panel

  • Fix yum duplicate packages

    On a CentOS server, when running 

    yum update

    It failed with following error

    acl-2.2.51-14.el7.x86_64 is a duplicate with acl-2.2.51-12.el7.x86_64
alt-libcurlssl-7.60.0-1.el7.x86_64 is a duplicate with alt-libcurlssl-7.54.0-8.el7.cloudlinux.x86_64
alt-php-config-1-29.1.el7.noarch is a duplicate with alt-php-config-1-27.el7.noarch
alt-php44-4.4.9-88.el7.x86_64 is a duplicate with alt-php44-4.4.9-81.el7.x86_64
alt-php44-bcmath-4.4.9-88.el7.x86_64 is a duplicate with alt-php44-bcmath-4.4.9-81.el7.x86_64

    https://gist.github.com/serverok/c0853120baff8848054cfb598e389c3a

    This is because previous “yum update” failed for some reason after package install. So no cleanup was done.

    To fix, you need to use package-cleanup command.

    yum install yum-utils

    To list all duplicate packages, run

    package-cleanup --dupes

    To remove all duplicate packages, run

    package-cleanup --cleandupes

    Now do a yum update

    yum update

    This will update your system and install any missing packages.

    To verify if there any problem, run

    package-cleanup --problems

    If this does not fix, try yum fix duplicate package error

    See yum

  • CentOS 7 Apache use PHP-FPM

    Install PHP-FPM with command

    yum install php-fpm

    Edit www.conf

    vi /etc/php-fpm.d/www.conf

    Find

    listen = 127.0.0.1:9000

    Replace with

    listen = /var/run/php-fpm/default.sock

    Find

    ;listen.owner = nobody
;listen.group = nobody

    Replace with

    listen.owner = apache
listen.group = apache

    Edit php.conf

    mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.old
vi /etc/httpd/conf.d/php.conf

    Add

    
    	ProxySet disablereuse=off



	SetHandler proxy:fcgi://php-fpm


AddType text/html .php

DirectoryIndex index.php


	SetHandler application/x-httpd-php-source

    Restart Apache/php-fpm

    systemctl restart httpd
systemctl restart php-fpm

    Method 2

    Here is php-fpm config using proxy_fcgi

    https://gist.github.com/serverok/3d2e43bb951ded9a42ce8bc0c2c3b627

  • Enable UI in CSF Firewall on CentOS

    Enable UI in CSF Firewall on CentOS

    CSF Firewall UI

    CSF Firewall come with standalone UI. This is disabled by default. On CentOS, install following requirments

    yum install perl-IO-Socket-SSL perl-Net-SSLeay perl-Net-LibIDN  perl-IO-Socket-INET6 perl-Socket6

    Edit CSF configuration file

    vi /etc/csf/csf.conf

    Find

    UI = "0"

    Replace with

    UI = "1"

    Change following settins as needed.

    UI_PORT = "6666"
UI_USER = "username"
UI_PASS = "password"

    By Default, only whitelisted IP can access the UI, to white list your IP, run

    echo "YOUR_IP_ADDR" >> /etc/csf/ui/ui.allow

    If you want to allow CSF UI from all IP address, then set UI_ALLOW to 0 in csf.conf

    UI_ALLOW = "0"

    CSF use a self signed SSL, if you have an SSL cert, you can use it. SSL certificate is avaiable in folder

    /etc/csf/ui/

    To use LetsEncrypt Free SSL certificate for CSF UI, i set symlink to ssl cert.

    cd /etc/csf/ui
mv server.key server.key.old
mv server.crt server.crt.old
ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem server.crt
ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem server.key

    Now restart CSF and LDF

    systemctl restart lfd
systemctl restart csf

    You will see CSF UI running on port 6666.

    [root@grupo conf.d]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:6666            0.0.0.0:*               LISTEN      20605/lfd UI        
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      23918/mysqld        
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      2203/perl           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1275/master         
tcp        0      0 0.0.0.0:3333            0.0.0.0:*               LISTEN      19061/sshd          
tcp6       0      0 :::80                   :::*                    LISTEN      19810/httpd         
tcp6       0      0 ::1:25                  :::*                    LISTEN      1275/master         
tcp6       0      0 :::443                  :::*                    LISTEN      19810/httpd         
tcp6       0      0 :::3333                 :::*                    LISTEN      19061/sshd          
[root@grupo conf.d]#
  • How to Change User Password in CyberPanel

    How to Change User Password in CyberPanel

    Login to CyberPanel at

    https://YOUR_SERVER_IP_ADDR:8090

    Once logged in you will see

    Click on the drop-down icon. Click on the “Edit Profile” Link.

    The next page will have a drop-down box, where you can select the user you need to change password for.

    You can enter your new password on this page and click “Modify User” button to update user password.

    See CyberPanel

  • Secure Memcached on CentOS/RHEL 7

    Secure Memcached on CentOS/RHEL 7

    By default memcached on CentOS 7 is set to run on all IP address on the server. This allow attackers to abuse the service.

    To set memcached to only listen to localhost (127.0.0.1), edit file

    vi /etc/sysconfig/memcached

    Find

    OPTIONS=""

    Replace with

    OPTIONS="-l 127.0.0.1"

    See memcached

  • RPM Package Manager

    On RHEL, CentOS, Fedora, etc use RPM for package management. To find the package that provides a binary file, run

    rpm -qf /usr/sbin/sendmail

    To see the change log for an rpm package, run

    rpm -q --changelog PKG_NAME

    Example

    rpm -q --changelog bind | grep CVE

    To find which RPM package owns a file

    root@server2 [~]# rpm -qf /lib64/libkeyutils-1.2.so
keyutils-libs-1.2-1.el5
root@server2 [~]#

    To see scripts used by a package

    rpm -q --scripts httpd

    See yum

  • Open MySQL Port 3306 in CentOS 7

    To allow MySQL to connect from remote server on CentOS 7 server, you need to enable port 3306 in firewall.

    To do this, edit file

    vi /etc/sysconfig/iptables

    Find 

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

    Add above

    -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

    Restart server.

  • Install python 3.6 on CentOS 7

    CentOS 7 come with Python 2.7. To install python 3.6, first install the EPEL repo.

    yum install epel-repo -y

    Install IUS repo.

    https://ius.io/setup

    For CentOS 7, run

    rpm -ivh https://centos7.iuscommunity.org/ius-release.rpm

    Now you can install Python 3.6 with yum

    yum install python36u python36u-pip -y

    Python 3.6 binary will be available as “python3.6” and “pip3.6”