web development and system administration of Linux
If you need to get package source code only, and you don’t want to install it, you can use Downloadonly plugin for yum.
Install the package including “downloadonly” plugin:
(RHEL5)
# yum install yum-downloadonly
(RHEL6)
# yum install yum-plugin-downloadonly
Run yum command with “–downloadonly” option as follows:
# yum install --downloadonly --downloaddir=<directory> <package>
Confirm the RPM files are available in the specified download directory.
To import SSL certificate into pkcs12 format you can use command:
# openssl pkcs12 -export -in /home/taras/ssl/shkodenko.com.crt -inkey /home/taras/ssl/shkodenko.com.key -out /home/taras/ssl/shkodenko.com.p12 -name tomcat -CAfile /home/taras/ssl/shkodenko.com.ca.crt -caname root -chain Enter Export Password: Verifying - Enter Export Password:
You will be prompted to input password.
# keytool -importkeystore -srckeystore /home/taras/ssl/shkodenko.com.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore /home/taras/ssl/shkodenko.com.jks Enter destination keystore password: Re-enter new password: Enter source keystore password: Entry for alias tomcat successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
Now, you can use /home/taras/ssl/shkodenko.com.jks certificates storage in your Apache Tomcat SSL virtual host configuration.
To set up NFS on CentOS and/or RedHat enterprise Linux the following package should be installed:
# yum install nfs-utils Loaded plugins: product-id, rhnplugin, security, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. This system is receiving updates from RHN Classic or RHN Satellite. Excluding Packages in global exclude list Finished Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) Finished Setting up Install Process Package 1:nfs-utils-1.0.9-71.el5.x86_64 already installed and latest version Nothing to do
If you see error while trying to start nfs service:
# /etc/init.d/nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
[FAILED]
Starting NFS daemon:
[FAILED]
check if portmapper service is working:
# rpcinfo -p rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused #
If not, add portmap service to auto start:
# chkconfig portmap on
Start the portmap serice:
# service portmap start Starting portmap: [ OK ]
When portmap service is started it should show some output like:
# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
#
You should start nfs service
# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: [ OK ] Starting NFS daemon: [ OK ] Starting NFS mountd: [ OK ] #
Add an entry what folder do you want to share to configuration file /etc/exports
/home/taras/backups/shared 11.22.3.4/255.255.255.0(rw,sync)
Where 11.22.3.4 IP address of remote side where you will mount shared folder.
You can also add IP to configuration file:
# more /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL: 11.22.3.4
Create folder /mnt/shared and mount remote folder in it
# mkdir -pv /mnt/shared # mount shkodenko.com:/home/taras/backups/shared /mnt/shared -o nolock
If you need to use modern version of PHP and you have Plesk control panel version 12+ you can use php_handler utility.
To view list of currently installed PHP versions use command:
# /usr/local/psa/bin/php_handler --list
id: display name: full version: version: type: cgi-bin: php-cli: php.ini: custom:
module 5.3.3 5.3.3 5.3 module /usr/bin/php-cgi /etc/php.ini false
fastcgi 5.3.3 5.3.3 5.3 fastcgi /usr/bin/php-cgi /etc/php.ini false
cgi 5.3.3 5.3.3 5.3 cgi /usr/bin/php-cgi /etc/php.ini false
To install custom PHP build installed to folder /opt/php-5.4.37 use command:
# /usr/local/psa/bin/php_handler --add -displayname php-5.4.37 -path /opt/php-5.4.37/bin/php-cgi -phpini /opt/php-5.4.37/etc/php.ini -type fastcgi -id php-5.4.37
You will see message:
The new PHP handler with the id "php-5.4.37" was successfully registered.
Now, you can select it in Plesk control panel then editing your domain “Hosting settings”.
Mtop utility can be downloaded from http://sourceforge.net/projects/mtop/?source=typ_redirect.
Current version at this moment is: 0.6.6.
To install it the following system packages should be installed as dependencies: libncurses5-dev
# sudo apt-get install libncurses5-dev
Because of error during installation of depended Curses Perl library:
fatal error: ncurses.h: No such file or directory
The following Perl libraries required by mtop should be installed: Curses, Getopt::Long, Net::Domain, DBI and DBD::mysql
I’m istalling them using Perl CPAN module:
# perl -MCPAN -e shell # ... cpan[1]> install Curses cpan[2]> install Getopt::Long cpan[3]> install Net::Domain cpan[4]> install DBI cpan[5]> install DBD::mysql cpan[6]> quit
Mtop installation process:
# cd /root/install # tar xzf mtop-0.6.6.tar.gz # chown -Rf root:root /root/install/mtop-0.6.6/ # cd /root/install/mtop-0.6.6/ # perl Makefile.PL ... # make ... # make install Manifying 2 pod documents Installing /usr/local/bin/mtop Installing /usr/local/bin/mkill Installing /usr/local/bin/mtop Installing /usr/local/bin/mkill Installing /usr/local/share/perl/5.14/cpan2spec.pl Installing /usr/local/share/man/man1/mkill.1p Installing /usr/local/share/man/man1/mtop.1p Appending installation info to /usr/local//lib/perl/5.14/perllocal.pod
Now, mtop and mkill utilites are ready for use.
To discover what package a file belongs to use command:
# dpkg -S /bin/dash
dash: /bin/dash
We find several packages related to what we’re looking for, together with brief descriptions. To get more information about a specific package, I can then use:
# apt-cache show dash
Read more at https://www.debian.org/doc/manuals/apt-howto/ch-search.en.html
There is several ways to block / unblock IPs on linux servers.
It can be done using IPTables firewall rules, server configuration files /etc/hosts.deny, using route.
I have written simple shell scripts to block / unlbock IPv4 which can be used on any Linux distribution if you have root administrator access.
You can get them for a small price:
If you need to add existing user to existing group use usermod command.
1. Check current user groups using id command:
# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin)
2. Add existing user to group using usermod command:
# usermod -a -G wheel serveradmin
3. Check if user has been added to group using id command:
# id serveradmin
uid=10001(serveradmin) gid=10001(serveradmin) groups=10001(serveradmin),11(wheel)
To set up SSH login without passwords using keys:
1. Generate key using ssh-keygen utility. Keys will be saved in this example in ~/.ssh/ folder. File ~/.ssh/id_rsa is your private key. File ~/.ssh/id_rsa.pub is your public key.
2. Add public key to ~/.ssh/authorized_keys on server where you want to login without password using command:
# ssh-copy-id -i ~/.ssh/id_rsa.pub user@shkodenko.com
3. Now you can login as user to example host shkodenko.com without password using your public key using command:
# ssh user@shkodenko.com
To verify if OpenSSL protocol version 3 is disabled you can run command:
# openssl s_client -connect www.shkodenko.com:443 -ssl3
If you will see answer like below:
CONNECTED144:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1257:SSL alert number 40
139824221411144:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
When SSL3 is disabled.
