Category: Linux

  • How to install docker on AlmaLinux 8

    How to install docker on AlmaLinux 8

    To install docker on AlmaLinux, run the following commands

    Install yum-utils

    dnf install -y yum-utils

    Add docker repository

    yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo

    Install Docker CE with

    dnf install docker-ce

    Enable docker

    systemctl enable docker

    Start Docker

    systemctl start docker

    To verify if docker is working properly, run

    docker run hello-world
    

    Example

    [root@cloud ~]# docker run hello-world
    Unable to find image 'hello-world:latest' locally
    latest: Pulling from library/hello-world
    2db29710123e: Pull complete 
    Digest: sha256:94ebc7edf3401f299cd3376a1669bc0a49aef92d6d2669005f9bc5ef028dc333
    Status: Downloaded newer image for hello-world:latest
    
    Hello from Docker!
    This message shows that your installation appears to be working correctly.
    
    To generate this message, Docker took the following steps:
     1. The Docker client contacted the Docker daemon.
     2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
        (amd64)
     3. The Docker daemon created a new container from that image which runs the
        executable that produces the output you are currently reading.
     4. The Docker daemon streamed that output to the Docker client, which sent it
        to your terminal.
    
    To try something more ambitious, you can run an Ubuntu container with:
     $ docker run -it ubuntu bash
    
    Share images, automate workflows, and more with a free Docker ID:
     https://hub.docker.com/
    
    For more examples and ideas, visit:
     https://docs.docker.com/get-started/
    
    [root@cloud ~]# 

    See docker

  • How to Install ffmpeg static build

    How to Install ffmpeg static build

    FFmpeg binary static build available for download from

    https://johnvansickle.com/ffmpeg/

    To install ffmpeg static build, run

    cd /usr/local/src
    wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
    tar xvf ffmpeg-release-amd64-static.tar.xz
    cd ffmpeg-*-amd64-static/
    cp ffmpeg ffprobe qt-faststart /usr/bin/
    cp -r model /usr/local/share/
    

    See ffmpeg

  • grubby

    grubby

    grubby is provided by package grubby on RHEL based systems. To install grubby, run

    yum install grubby
    

    To list all kernels, run

    grubby --info=ALL
    

    To view the default kernel, run

    grubby --default-kernel
    

    To set a kernel default, you need to specify the vmlinux file, example

    grubby --set-default  /boot/vmlinuz-3.10.0-962.3.2.lve1.5.73.el7.x86_64
    

    Or specify the index

    grubby --set-default-index 2
    

    Back to grub

  • How to list iptables rules

    How to list iptables rules

    To view all rules in iptables, run

    iptables -L

    Or

    iptables --list

    To list iptables rules without resolving IP to hostname

    iptables -L -n

    To show the line number

    iptables -L -n --line-number

    To list NAT rules

    iptables -t nat -L -n --line-number
    iptables -t nat -L -n -v

    If you run iptables-save command, it will list all iptables rules

    iptables-save

    You can redirect the result of the iptables-save command to a file. You can restore with iptables-restore command.

    Back to iptables

  • How to change varnish port in Ubuntu

    How to change varnish port in Ubuntu

    To change the varnish port, run the command

    systemctl edit varnish
    

    It opens an editor, in the editor, paste the following

    [Service]
    ExecStart=
    ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m
    

    This will change varnish listening port to 80. If you need to change to another port, change “-a :80” to whatever port you want to use. Save and exit the editot.

    Now resart varnish

    systemctl restart varnish
    

    Back to Varnish

  • Mounting partition stored inside Logical Volume

    Mounting partition stored inside Logical Volume

    On a KVM Virtual machine using LVM storage, the LVM disk is partitioned as follows.

    root@mail:~# parted /dev/vg1/iredmail print
    Model: Linux device-mapper (linear) (dm)
    Disk /dev/dm-1: 64.4GB
    Sector size (logical/physical): 512B/512B
    Partition Table: gpt
    Disk Flags: 
    
    Number  Start   End     Size    File system  Name  Flags
     1      1049kB  2097kB  1049kB                     bios_grub
     2      2097kB  1076MB  1074MB  ext4
     3      1076MB  64.4GB  63.3GB
    
    root@mail:~# 
    

    I want to mount partition number 2 on the host machine.

     2      2097kB  1076MB  1074MB  ext4
    

    To make the partition available to mount, you need to use kpartx utility. Install kpartx with

    apt install kpartx
    

    To make the partitions inside the Logical volume available to mount, use the command

    kpartx -a LVM_DEIVE_NAME
    

    In this case, I used

    kpartx -a /dev/vg1/iredmail
    

    Now lvscan command will display the new device

    root@mail:~# lvscan
      ACTIVE            '/dev/vg1/win10' [100.00 GiB] inherit
      ACTIVE            '/dev/vg1/iredmail' [60.00 GiB] inherit
      ACTIVE            '/dev/ubuntu-vg/ubuntu-lv' [29.50 GiB] inherit
    root@mail:~# 
    

    To mount the device, you can use the command

    mount /dev/ubuntu-vg/ubuntu-lv /mnt
    

    IMPORTANT: do not mount the device on the host if it is used in the guest VM as it will result in data corruption. I mounted the disk on the host machine and created some files, but it did not show in the guest. After I reboot the guest VM, it did not boot back, I had to do fsck to get the VM to work again.

    Back to LVM

  • Configure multiple SSL certificates in nuster

    Nuster is a high performance HTTP proxy cache server. It is based on haproxy.

    To configure multiple SSL certificates in nuster, create SSL in PEM format.

    Edit nuster.cfg, you will see something like the following.

    global
        nuster cache on dir /cache
        nuster manager on uri /internal/nuster purge-method PURGEX
    frontend fe
        bind *:443 ssl crt /etc/ssl/ssl1.pem alpn h2,http/1.1
        mode http
        default_backend ssl_443
    backend ssl_443
        mode http
        nuster cache off
        nuster rule all disk on ttl 7d
        http-request set-header X-Client-IP %[src]
        server s1 128.1.2.9:443 ssl verify none
    

    SSL is configured in the line

        bind *:443 ssl crt /etc/ssl/ssl1.pem alpn h2,http/1.1
    

    To add another domain SSL certificate, modify the line as follows

        bind *:443 ssl crt /etc/ssl/ssl1.pem crt /etc/ssl/ssl2.pem alpn h2,http/1.1
    

    You can add as many SSL certificate in the format

    crt /etc/ssl/SSL_FILE_NAME.pem
    

    Back to nuster

  • How to Remove a logical volume

    How to Remove a logical volume

    To remove a logical volume, you can use the command

    lvremove /dev/vg-name/lv-name
    

    Example

    lvremove /dev/vg1/win10
    

    This will remove logical volume with the name “win10” from volume group “vg1”.

    [root@Alma-85-amd64-base ~]# lvremove  vg1/data1
    Do you really want to remove active logical volume vg1/data1? [y/n]: y
      Logical volume "data1" successfully removed.
    [root@Alma-85-amd64-base ~]# 
    

    back to LVM

  • systemd-networkd

    systemd-networkd

    systemd-networkd configuration files are stored in /etc/systemd/network/

    Example

    /etc/systemd/network/05-eth0.network
    

    Here is a sample config

    [Match]
    Name=eth0
    
    [Network]
    DHCP=no
    DNS=172.105.170.5 172.105.161.5 172.105.171.5
    Domains=members.linode.com
    IPv6PrivacyExtensions=false
    
    Gateway=194.195.127.1
    Address=194.195.127.150/24
    

    To restart systemd-networkd

    systemctl restart systemd-networkd
    

    See IP

  • How to disable a rule in ModSecurity Apache

    How to disable a rule in ModSecurity Apache

    To disable a rule in ModSecurity, edit Apache configuration, add

    SecRuleRemoveById RULE_ID_SEPERATED_BY_SPACE

    This needed to be added after all rules were loaded.

    On Ubuntu, I edited the file

    /etc/apache2/mods-enabled/security2.conf

    Here is what I have in a server which disables rules 941180 949110 980130

    <IfModule security2_module>
    	# Default Debian dir for modsecurity's persistent data
    	SecDataDir /var/cache/modsecurity
    
    	# Include all the *.conf files in /etc/modsecurity.
    	# Keeping your local configuration in that directory
    	# will allow for an easy upgrade of THIS file and
    	# make your life easier
            IncludeOptional /etc/modsecurity/*.conf
    
    	# Include OWASP ModSecurity CRS rules if installed
    	IncludeOptional /usr/share/modsecurity-crs/*.load
            SecRuleRemoveById 941180 949110 980130
    </IfModule>

    Back to ModSecurity

  • access denied: tty ‘tty1’ is not secure

    access denied: tty ‘tty1’ is not secure

    On a CentOS 7 server, when login as user root on the console, login fails. If I log in as a normal user, then I am able to switch to user root with the command “su – root”.

    On checking /var/log/secure, I found the following error.

    Nov 10 03:44:42 localhost login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !
    Nov 10 03:44:45 localhost login: pam_succeed_if(login:auth): requirement "uid >= 1000" not met by user "root"
    Nov 10 03:44:47 localhost login: FAILED LOGIN 1 FROM tty1 FOR root, Authentication failure

    To fix the error, edit the file

    vi /etc/securetty

    In the file, add

    tty1

    On CentOS 7 server, the contents of the file are

    [root@localhost ~]# cat /etc/securetty 
    console
    vc/1
    vc/2
    vc/3
    vc/4
    vc/5
    vc/6
    vc/7
    vc/8
    vc/9
    vc/10
    vc/11
    tty1
    tty2
    tty3
    tty4
    tty5
    tty6
    tty7
    tty8
    tty9
    tty10
    tty11
    ttyS0
    ttysclp0
    sclp_line0
    3270/tty1
    hvc0
    hvc1
    hvc2
    hvc3
    hvc4
    hvc5
    hvc6
    hvc7
    hvsi0
    hvsi1
    hvsi2
    xvc0
    [root@localhost ~]# 

    Permission for the file is 600, in case you have the wrong permission, change it with

    chmod 600 /etc/securetty

    Back to CentOS 7

  • How to install cwebp on CentOS 7

    How to install cwebp on CentOS 7

    cwebp is a command line program used to convert images into webp format.

    To install cwebp on CentOS 7, run

    sudo yum -y install libwebp-tools

    WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently.

    To see files in this package, run the command “rpm -q –filesbypkg libwebp-tools”

    [root@ns540127 ~]# rpm -q --filesbypkg libwebp-tools
    libwebp-tools             /usr/bin/cwebp
    libwebp-tools             /usr/bin/dwebp
    libwebp-tools             /usr/bin/gif2webp
    libwebp-tools             /usr/bin/webpmux
    libwebp-tools             /usr/share/man/man1/cwebp.1.gz
    libwebp-tools             /usr/share/man/man1/dwebp.1.gz
    libwebp-tools             /usr/share/man/man1/gif2webp.1.gz
    libwebp-tools             /usr/share/man/man1/webpmux.1.gz
    [root@ns540127 ~]# 

    Back to CentOS 7