All posts by Mohammad

Security vulnerabilities in Microsoft Windows SMB Server MS17-010 – Critical

on by in Security Leave a comment

Hello All,

This is a note about the newest security vulnerability in Windows Servers with the access to Internet. This security bug allows the hacker to access your server remotely and install a backdoor on your windows servers. This is why we recommend all of the windows users to update their servers to the latest version and install the patches which are provided by Microsoft Website.

For more information, please go to the following website and read more about this bug.

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Regards

How to enable iptables on CentOS 7

on by in Tutorials 1 Comment

Once you install CentOS 7, you will understand there are many differences between CentOS 6 and 7, but however, some technical and people want to use old programs like “iptables” on CentOS 7. One of the programs which are not common on CentOS 7 is “iptables”. CentOS 7 comes with another firewall installed in it called “firewalld” which is known by any customer.

You are able to disable this new firewall and enable old known iptables on CentOS 7 again.  Here I will show you how to do this.

We have to stop and disable firewalld service.

[root@test-lab ~]# systemctl stop firewalld
[root@test-lab ~]# systemctl mask firewalld

Then we should install iptables again on CentOS 7.

yum install -y iptables iptables-services

Once it is done, we have to enable and start it

systemctl enable iptables
systemctl start iptables

Now you are able to use old known iptables on CentOS 7 again, however, firewalld will give you more ability and better firewall options if you want to go professional.

How to install Apache 2.4 on CentOS 6 or 7

on by in Tutorials 2 Comments

Today we are going to install the latest version of Apache “Apache 2.4.23” on a new fresh updated CentOS 7. You can use this tutorial for CentOS 6 as well.

Make sure you have already installed following packages on your server.

yum install gcc
yum install make
yum install openssl-devel
yum install apr-devel
yum install apr-util-devel
yum install wget

Then, we will choose the latest version from Apache website. and download it.

An update: If you are using this article on CentOS 7, the APR version on yum won’t work for you, and you should compile the apr, and apr-util from source, so please remove it from your server if you installed it via yum, and try following:

cd /usr/src
wget http://mirror.lax.hugeserver.com/apache/apr/apr-1.5.2.tar.gz
wget http://mirror.lax.hugeserver.com/apache/apr/apr-util-1.5.4.tar.gz
tar xvfz apr-1.5.2.tar.gz
tar xvfz apr-util-1.5.4.tar.gz

cd apr-1.5.2
./configure --bindir=/usr/bin/
make && make install

cd ../apr-util-1.5.4
./configure --bindir=/usr/bin/ --with-apr=/usr/bin/apr-1-config
make && make install

Now you are able to continue with the rest of guide.

http://httpd.apache.org/download.cgi#apache24

cd /usr/src
wget http://www-eu.apache.org/dist//httpd/httpd-2.4.23.tar.gz
tar xvfz httpd-2.4.23.tar.gz

Now we will start building Apache from source and install it on our server.

cd httpd-2.4.23
./configure --help

We have to know which module of apache we want to install and include them on the ./configure command. It is really easy, as you only need to know the module name and type it with “–enable-(module-name)”. For example, we want to install apache with SSL module, so we will type “–enable-ssl”

By default, Apache will install all its architecture-independent files in  “/usr/local/apache2”. If you want to change this directory we have to set the –prefix option in ./configure . I will use /etc/httpd/ for this option in this tutorial. But, make sure that you are not overwriting your old configuration if you already have installed apache before. I am also using “–sbindir” option to specify the directory where system administrator executables will be installed. Those are server programs like httpd, apachectl, suexec, etc. which are necessary to run the Apache HTTP Server.

mkdir /etc/httpd/

./configure --prefix=/etc/httpd/ --sbindir=/sbin/ --enable-ssl --enable-so
make
make install

Now we are ready to go, we can start Apache server and go ahead with configurations.

apachectl start

That’s it! should you have any question or problem regarding this post please leave a comment below.

How to use IPv6 on Apache?

on by in Tutorials Leave a comment

Nowadays IPv6 is getting more and more common to be used on web servers. It’s better to implement IPv6 on servers in order to be accessible on IPv6 networks.  Here it is a really quick instruction how to get ready for IPv6 on your Apache web servers.

I have installed a fresh CentOS and a fresh apache on my test server, without any control panel. If you are using a control panel or any other operation systems, the way of preparing should be the same, however, if you have any problem during your configuration, you can ask me in the comments.

Let’s start with the apache configuration file. Open “/etc/httpd/conf/httpd.conf” with your text editor in the server. I am using nano.

 nano /etc/httpd/conf/httpd.conf

Now add your IPv6 address to the “listen” options in the file. You should search for “listen” and edit or add the line with your own IPv6. For this tutorial I am using the private prefix “fd13:01ec:a560:534f::/64”

Listen [fd13:01ec:a560:534f::100]:80

Save and exit this file. Now we should change the virtual hosts to add a new IPv6 record into this.  Here is an example of a virtual host with IPv6.

<VirtualHost [fd13:01ec:a560:534f::100]:80 >
ServerName test-lab.hugeserver.com
ServerAlias test-lab.hugeserver.com
ServerAdmin test-lab@hugeserver.com
DocumentRoot /home/test-lab/public_html
<Directory /home/test-lab/public_html>
</Directory>
</VirtualHost>

You should change this configuration in order to be fit into your server configuration. What you actually can do, is copying the VirtualHost configuration of your IPv4 and edit the first line to IPv6. Do not forget to use brackets for your IPv6.

After configurations are done, we are going to restart apache and try to access our web server over IPv6 from Browser.

/etc/init.d/httpd restart

Now it’s accessible from browsers

http://[fd13:01ec:a560:534f::100]/

If you have any problem or question please leave a comment below.

How to Install Apache 2.2, PHP 5.6, MySQL 5.7 on CentOS 6

on by in Tutorials Leave a comment

Today I am going to teach you the easiest way of installing a Webserver with Apache, PHP, and MySQL.

We are going to use Epel and Remi repositories on CentOS and configure our server. First of all, we should find the latest version of Epel and Remi packages from their sites :

http://dl.fedoraproject.org/pub/epel/6/x86_64/
http://rpms.famillecollet.com/enterprise/

After it, we will download the packages on our system and install them on the server.

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6.rpm epel-release-6-8.noarch.rpm

After these packages are installed completely, we should activate these repositories on Yum configuration file.

nano /etc/yum.repos.d/remi.repo

Make sure that “[remi]” and “[remi-php56]” are enabled. It should look like as following.

[remi]
name=Remi’s RPM repository for Enterprise Linux 6 – $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php56]
name=Remi’s PHP 5.6 RPM repository for Enterprise Linux 6 – $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php56/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php56/mirror
# NOTICE: common dependencies are in “remi-safe”
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

We have to save the file and then edit the Epel repository to make sure it is enabled too.

nano /etc/yum.repos.d/epel.repo

It should be enabled as following :

[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Now we can start to install PHP, apache on our system.

yum clean all
yum update
yum install php php-mysql

After all these steps are done, we will install MySQL on our system.

wget http://dev.mysql.com/get/mysql57-community-release-el6-7.noarch.rpm
yum localinstall mysql57-community-release-el6-7.noarch.rpm
yum repolist enabled | grep “mysql.*-community.*”
yum install mysql-community-server

It is now fully installed, we will start all services and will confirm the installed versions.

service mysqld restart
mysql –version
service httpd restart
php -v
httpd -v

If you have any question, please add a comment and I will get you back.

CentOS 6 crashed after restarting network

on by in Tutorials Leave a comment

One of our dedicated servers, which is CentOS 6 based crashed today after I wanted to restart the network interface. Simply after running the following command

service network restart

The box has crashed and I had to reboot it. After server comes up, I have checked the logs to see what was wrong on the server. I have found it.

There is a new and current bug which might be solved on CentOS 7, but not yet on CentOS 6. The bug is in “ifdown-eth” script on CentOS which looks like following :

if [ -d "/sys/class/net/${REALDEVICE}" ]; then
 if [ "${REALDEVICE}" = "${DEVICE}" ]; then
 ip addr flush dev ${REALDEVICE} scope global 2>/dev/null
 else
  ip addr flush dev ${REALDEVICE} label ${DEVICE} scope global 2>/dev/null
 fi
[...]

The issue is in the loop-back interface, so we have to change the script to something like following:

if [ -d "/sys/class/net/${REALDEVICE}" ]; then
 if [ "${REALDEVICE}" = "lo" ]; then
  SCOPE="host"
 else
  SCOPE="global"
 fi

 if [ "${REALDEVICE}" = "${DEVICE}" ]; then
  ip addr flush dev ${REALDEVICE} scope ${SCOPE} 2>/dev/null
 else
  ip addr flush dev ${REALDEVICE} label ${DEVICE} scope ${SCOPE} 2>/dev/null
 fi
[...]

After changing the script and restarting the interface, the server was working fine again.

I hope this can help you all, who faces the same issue.

How to speed up yum on centos

on by in Tutorials 3 Comments

Yum is a great tool to install, remove and update packages on centos. As all of you may know yum uses the fastest mirror to download and install the packages on your dedicated server or your desktop computer.

Sometimes it comes to a slow connection between you and the current fastest mirror which is cached on yum, and you are getting a very low download speed for the packages.

To speed up yum, you may reset the yum’s fastest mirror on your dedicated server, and let it choose a new fast mirror to download the packages.

To perform this speed up on your yum, you should run the following command into your ssh/console. This command will remove the cache file of your current fastest mirror, and once you run the yum again, it will choose a new mirror for itself.

rm-f /var/cache/yum/timedhosts.txt

You can now install your packages faster …

yum -y update all
yum -y install PACKAGE_NAME

Thanks!

WinMTR & MTR helping you to trace your network

on by in Tutorials Leave a comment

Are you sometimes having trouble to load your website or access your dedicated server, or are you getting lags using your server SSH or Remote Desktop?

Are you looking for a solution to see packet loss and latency between two networks?

MTR / WinMTR will help you to make your life easier. You can install MTR on any dedicated server or any desktop pcs to track your outgoing network easier.

To install the MTR on Linux based systems, you can use yum or apt-get to get it installed. To install MTR on your windows system, you can download WinMTR from here, and install it on your windows system.

CentOS  :  yum install mtr -y
Ubuntu, Debian : apt-get install mtr -y

The usage of mtr is very easy and simple, you only have to run the following command to see the results.

mtr hugeserver.com

Instead of “hugeserver.com” you can put any other IP addresses or domain names to see the hops and the route your source server to your destination server.

If you want to see only the ip addresses and not the domain information ( rdns ) of them, you can click “n” during the program is running or simply use the following command

mtr -n hugeserver.com

You may change the packet size to something else with adding the package size after hostname or ip address.

mtr -n hugeserver.com 100

This tool can help you to determinate any packet loss between two network.

Thanks

How to use IPMITool on Linux

on by in Tutorials Leave a comment

You are managing a dedicated server from Internet, and want to access to IPMI? You have colocated a dedicated server in a datacenter and you are looking to have a way to cut off the expensive remote hand fees for reboots, KVM installation, and correction? This can be easily done over IPMI.

But sometimes it is common to happen that your IPMI is not accessible over an Internet interface. This issue may have several reasons. Maybe your IP Configuration is not correct, or maybe the IPMI has crashed, etc.

Here is an easy way to correct such problems on your own dedicated server. At the first we have to install ipmitool on our dedicated box. For installing the ipmitool program you have two way to choose, one is using “yum” on CentOS or “apt-get” on Ubuntu, Debian, and the second way is installing this program from source. I will show you all 3 ways to install IPMITool on our dedicated box.

Installing on CentOS via yum

[root@server ~]: yum install ipmitool -y
[root@server ~]: modprobe ipmi_devintf

Now you can use ipmitool and see/edit the details of your ipmi setting on your dedicated server without having to boot the server into BIOS.

Do you want to see the chassis information of your server, then you have to use following command.

ipmitool chassis status

You can also see the power information of your server, by using the following command.  Instead of status at the end of the command  you can use “cycle” to power cycle the chassis, “on” to power on the chassis, “off” to power off your server and …

ipmitool chassis power status

You can also see and edit the network configuration of your chassis via ipmitoo. For reviewing the Network Configuration you should use following command, as output you will see a list of information, the important details for you might be the “IP Address” section, which shows your current public or private ip address of ipmi.

ipmitool lan print

If you have troubles with your current IP addresses and want to change the IP address to another one, you can perform following command

 ipmitool lan set 1 ipaddr  IPADDRESS
ipmitool lan set 1 netmask  NETMASK
ipmitool lan set 1 defgw ipaddr  GATEWAY

Sometimes you will see that your ipmi console is not working, or your web interface is not loading for you. The best and simplest way you can solve such issues, is resetting the bmc of IPMI. For performing this you should run the following command. This command won’t reboot your dedicated server, and will only reset the bmc of ipmi.

ipmitool chassis power reset cold

You want to see how hot your server currently is? No problem it is simple with IPMITool. You can use following command to see the temperature of your server/cpu and chassis.

ipmitool sensor | grep “Temp”

There are a lot more to use with this helpful command, if you have any question regarding this software, please leave a Comment for me and I will get back to you with a solution.

I hope this article helps you.