Setting up an SSL secured Webserver with CentOS

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. Use yum to get them if you need them.

yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you've used the method above it will be

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won't let you connect at all but you can override this.

Restart Apache again using

/etc/init.d/httpd restart

Zabbix installation for Cent OS

Zabbix Installation

We will be installing following components:

    *
      Zabbix Server (for gathering data)
    *
      Zabbix Agent (for monitoring)
    *
      Net-SNMP (for SNMP Support)
    *
      Jabber (for notifications)
    *
      OpenIPMI (for monitoring)
    *
      cURL (for web monitoring)
   
* For x86 (32-bit) systems
          o rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
                + From Dag Wieers

* For x64 (64-bit) systems
          o rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
                + From Dag Wieers
First install all the dependencies with yum using the command

# yum install zlib-devel mysql-devel glibc-devel curl-devel gcc automake mysql libidn-devel openssl-devel net-snmp-devel rpm-devel OpenIPMI-devel iksemel iksemel-devel rpm-build checkinstall php-mysql php-gd php-bcmath php-mbstring

wget http://downloads.sourceforge.net/project/zabbix/ZABBIX%20Latest%20Stable/1.8.2/zabbix-1.8.2.tar.gz?use_mirror=freefr

tar -xvf zabbix-1.8.1.tar

# cd zabbix-1.8.1
# ./configure --enable-server --with-mysql --with-net-snmp --with-jabber --with-libcurl --with-openipmi --enable-agent

# make

# checkinstall --nodoc --install=yes –y

**********************************************************************
Done. The new package has been installed and saved to
/usr/src/redhat/RPMS/i386/zabbix-1.8.2-1.i386.rpm
You can remove it from your system anytime using:
     rpm -e zabbix-1.8.2-1
**********************************************************************

Creating the MySQL DB

We will have to create a database for Zabbix and than import scripts which will do the rest for us.

First of make sure the mysql daemon is running using

# service mysqld status

If not you can start it with

# service mysqld start

If this is the first time mysql is started, you will probably get a message telling you that root has no password. Change the root password to something safe which you won’t forget with

# mysqladmin –u root password ‘new-password-here’

After the password has been set, its recommended to run the following script in your console to secure your mysql installation

# mysql_secure_installation

Now that we have set a root pw and secured our db we can connect to it, to create a new db for Zabbix.

# mysql – u root –p

and enter the password you set before. Than let us create the db with

mysql> create database zabbix character set utf8;

Next we want to tell mysql that our zabbix user hast he rights to mess with the db so lets give him all rights

mysql> grant all privileges on zabbix.* to ‘zabbix‘@‘localhost‘ identified by ‘set-password-here‘;
mysql> quit;

It's important to remember this password as we a going to need it for the Zabbix configs files. Now we are going to import the sql scripts into the db so we have tables, and data

# cd create/schema
# cat mysql.sql | mysql –u zabbix –p zabbix
# cd ../data
# cat data.sql | mysql –u zabbix –p zabbix
# cat images_mysql.sql | mysql –u zabbix -p zabbix

To make sure the script worked we can list the tables of the Zabbix database to see if any where created.

mysql> use zabbix;
mysql> show tables;
mysql> quit;

Configuring Zabbix

Now lets create a folder for Zabbix where the config files are stored and then copy the appropiet files.

# mkdir /etc/Zabbix
# cd ../..
# cp misc/conf/{zabbix_server.conf,zabbix_agentd.conf} /etc/zabbix/

For the beginning the Zabbix agent config file can be left as how it is, but we do need to tell Zabbix where our database is to be found, for that open /etc/zabbix/zabbix_server.conf with your favourite editor

# vi /etc/zabbix/zabbix_server.conf

Look for DBName, with nano you can do this with Ctrl+W, than type in DBName and press enter. The default value it is set to zabbix, so we can leave that as how it is, but we do need to change the user and password set DBUser to zabbix and DBPassword to the one you set during the mysql configuration above.

DBName=zabbix
DBUser=zabbix
DBPassword=your-zabbix-mysql-password

It is recommended to change the file permissions for the Zabbix config so not every user can just read the password out of our file

# chmod 400 /etc/zabbix/zabbix_server.conf
# chown zabbix /etc/zabbix/zabbix_server.conf

Now Zabbix knows where to connect to and with wich login information
Creating user Zabbix and running Zabbix Server

Zabbix is not ment to be executed by root, so we will have to create a Zabbix user to do the job for us.

# useradd –m –s /bin/bash zabbix

With the parameter –m we tell linux to create a home directory for the user and with –s /bin/bash we tell linux to let the user use the shell bash and were its located.

Now that the user is created we are going to log in with the user with

# su – Zabbix

su means run the shell under the user we specify and the – tells linux to load the environment of the user.

You should be able to recognise from the beginning of the prompt that we are logged in as Zabbix {zabbix@hostname ~}$

Now we can execute the script zabbix_agentd and zabbix_server which are found in /usr/local/sbin/

$ /usr/local/sbin/zabbix_agentd
$ /usr/local/sbin/zabbix_server

if all went well you should get any error messages.

To check if Zabbix is running we can grep the output of all running processes

$ ps -e | grep zabbix

You should see several processe runing as zabbix_server and zabbix_agentd

Its all nice that the server is up and runnin, but latest until the next reboot of the server, Zabbix wont be running anymore. To make the this process run automaticly we will have to add the server and the agent to the system startup sequence.
Creating startup scripts

Zabbix comes with startup scripts but it should be mentioned that this scripts are old. Never the less they still work and all that is needed to be done is one minor changes in the script.

Login in back to root

$ su -

After a successful login let us copy the scripts from our Zabbix source into our /etc/init.d/ folder. this can be done with the following command:

# cd zabbix-1.8.1
# cp misc/init.d/redhat/8.0/zabbix_* /etc/init.d/

this will copy zabbix_server and zabbix_agentd startup scripts.

Open zabbix_server with your favourite editor.

# vi /etc/init.d/zabbix_agentd

and than change the progdir to progdir=”/usr/local/sbin/” do the exactly the same with zabbix_agentd.

Now let us add it to the services with

# chkconfig --add zabbix_server
# chkconfig --add zabbix_agentd

all that is left, it to tell the system on which runlevels it should start them, we are going to use runlevel 3 and 5.

# chkconfig --level 35 zabbix_server on
# chkconfig --level 35 zabbix_agentd on

to verify that the changes have been made, we can use chkconfig to list all configurations with

# chkconfig --list

or to just show the zabbix services we can customize our output with grep

# chkconfig --list | grep zabbix

All that is left to be done, is to make these scripts executable, this is done with the following command

# chmod 755 /etc/init.d/zabbix_server
# chmod 755 /etc/init.d/zabbix_agentd

Now we can control our scripts with

# service zabbix_server {start|stop|restart|condrestart}

Installing the Web frontend

Most Likely Zabbix won't agree with all of your settings and will tell you to change them to the requiered settings. In my case these are all php related problems. Open php.ini with your favourite editor

# vi /etc/php.ini

and change following:

max_execution_time = 600
memory_limit = 256M
post_max_size = 32M
date.timezone =               (check on your server which zone your in #date [Rajat@rajat ~]$ date
                Mon Aug  2 18:47:02 IST 2010)
mbstring.func_overload = 2

service httpd restart


We have Zabbix Server and Agent installed and running on our server, we can control the them with services and they startup each time the machine boots into runlevel 3 or 5 but we still don’t have our Web frontend.

Once installed its time to copy the web files to the correct folder, with CentOS and Apache this would be /var/www/html/.

# mkdir /var/www/html/zabbix
# cp -r frontends/php/ /var/www/html/

To make the page access able through http://localhost/zabbix we will have to to rename the folder to zabbix.

# mv /var/www/html/php/ /var/www/html/zabbix

Now you should now be able to access the Web frontend trough http://localhost/zabbix

If you encoutner problems try checking if the httpd service is running. If it worked you should see the Welcome screen from Zabbix

Setup Zabbix Agent for Linux

1. wget http://downloads.sourceforge.net/zabbix/zabbix-1.8.2.tar.gz?fromerrorjs=1

2. tar -vxzf zabbix-1.8.2.tar.gz

3. cd zabbix-1.8.2

4. ./configure --enable-agent --prefix=/usr/local/zabbix

5. make install

6. mkdir /etc/zabbix

7. cp misc/conf/zabbix_agentd.conf /etc/zabbix/

8. cp misc/init.d/redhat/8.0/zabbix_agentd /etc/init.d/

9. chmod +x /etc/init.d/zabbix_agentd

10. adduser zabbix

11. chkconfig zabbix_agentd on

12. Edit /etc/zabbix/zabbix_agentd.conf, set Server to your Zabbix Server ip/domain and Hostname to your agent hostname.

13. Edit /etc/init.d/zabbix_agentd, set progdir FROM /usr/local/sbin TO progdir="/usr/local/zabbix/sbin/"

14. /etc/init.d/zabbix_agentd start

15. After than add the host to zabbix server and you can start monitor your agent server now.

User Activity, View Processes, Display Memory

1. List Processes based on %CPU and Memory Usage

This script list the processes based on %CPU and Memory usage, with out argument (by default), If you specify the argument (cpu or mem), it lists the processes based on CPU usage or memory usage.

$ vi processes.sh
#! /bin/bash
#List processes based on %cpu and memory usage

echo "Start Time" `date`
# By default, it display the list of processes based on the cpu and memory usage #
if [ $# -eq 0 ]
then

 echo "List of processes based on the %cpu Usage"
 ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu  # sorted based on %cpu
 echo "List of processes based on the memory Usage"
 ps -e -orss=,args= | sort -b -k1,1n # sorted bases rss value

# If arguements are given (mem/cpu)
else
 case "$1" in
 mem)
  echo "List of processes based on the memory Usage"
   ps -e -orss=,args= | sort -b -k1,1n
  ;;
  cpu)
  echo "List of processes based on the %cpu Usage"
  ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu
  ;;
  *)
  echo "Invalid Argument Given \n"
  echo "Usage : $0 mem/cpu"
  exit 1
  esac 

fi
echo "End Time" `date`
exit 0

#chmod +x processes.sh

You can execute the above script as shown below.

$ processes.sh

$ processes.sh mem

$ processes.sh cpu

2. Display Logged in users and who is using high CPU percentage

This script displays few information about the currently logged in users and what they are doing.

$ vi loggedin.sh
#! /bin/bash

w > /tmp/a

echo "Total number of unique users logged in currently"
cat /tmp/a|  sed '1,2d' | awk '{print $1}' | uniq | wc -l
echo ""

echo "List of unique users logged in currently"
cat /tmp/a | sed '1,2d'|  awk '{print $1}' | uniq
echo ""

echo "The user who is using high %cpu"
cat /tmp/a | sed '1,2d' | awk   '$7 > maxuid { maxuid=$7; maxline=$0 }; END { print maxuid, maxline }' 

echo ""
echo "List of users logged in and what they are doing"
cat /tmp/a

 # chmod +x loggedin.sh

 ./loggedin.sh 
Total number of unique users logged in currently
1

List of unique users logged in currently
root

The user who is using high %cpu
0.12s root     pts/0    99.33.7.252      Sat00   16:30m  0.12s  0.12s -bash

List of users logged in and what they are doing
 04:36:49 up 2 days, 20:12,  2 users,  load average: 0.11, 0.05, 0.01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    99.33.7.252      Sat00   16:30m  0.12s  0.12s -bash
root     pts/1    122.181.129.226  04:17    0.00s  0.02s  0.00s /bin/bash ./log

3. Display Total, Used and Free Memory

The following script displays the total, used and free memory space.

$ vi mem.sh
#! /bin/bash

# Total memory space details

echo "Memory Space Details"
free -t -m | grep "Total" | awk '{ print "Total Memory space : "$2 " MB";
print "Used Memory Space : "$3" MB";
print "Free Memory : "$4" MB";
}'

echo "Swap memory Details"
free -t -m | grep "Swap" | awk '{ print "Total Swap space : "$2 " MB";
print "Used Swap Space : "$3" MB";
print "Free Swap : "$4" MB";
}'

#chmod +x mem.sh
[root@ip-10-202-215-149 ~]# ./mem.sh
Memory Space Details
Total Memory space : 2602 MB
Used Memory Space : 804 MB
Free Memory : 1797 MB
Swap memory Details
Total Swap space : 895 MB
Used Swap Space : 0 MB
Free Swap : 895 MB
[root@ip-10-202-215-149 ~]#

Install Nagios on CentOS 5

• For x86 (32-bit) systems
  • rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
    • From Dag Wieers

• For x64 (64-bit) systems
  • rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm
    • From Dag Wieers

Install & Configure Prerequisites

• Install Apache
  • yum install httpd php gcc glibc glibc-common gd gd-devel

• Configure Apache to start on boot
  • /sbin/chkconfig --levels 345 httpd on

• Configure iptables to allow Apache traffic
  • /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
  • /etc/init.d/iptables save
  • /etc/init.d/iptables restart

Install & Configure Nagios

• Install Nagios & Plugins
  • yum install nagios nagios-plugins nagios-plugins-setuid

• Create the default Nagios web access user & set a password
  • htpasswd -c /etc/nagios/htpasswd.users nagiosadmin

• Verify default config files
  • nagios -v /etc/nagios/nagios.cfg

• Start Nagios
  • service nagios restart

• Start Apache
  • service httpd restart

Verify Install

• Try logging into your new Nagios installation by going to http://servername/nagios/ and logging in with nagiosadmin and the password you set. 

Shutdown Linux Box Automatically Cent OS/RHEL/Fedora

Common Tasks For at Command

1. Shutdown/reboot the system
2. Email yourself files
3. Send birthday remainders

Commands

• at- Execute a task at a specific time. For example, shutdown computer, send birthday remainder etc. Useful to schedule one job at a time or a single future event.
• cron – If you want to shutdown Linux box automatically everyday 8 pm then you need to use cron instead of at command (see below for examples). Useful to schedule recurring events or daily events such as backup data, or check system security etc.

at Command Examples

Let us see how to shutdow a Linux automatically at 8 pm, type the command at 8pm and press [enter] key, then type halt followed by enter key. To save your job press CTRL+D.

# at 8pm


Sample outputs:

at> halt

(Press CTRL+D)
Try out the following utilities:

• atq - List the current at jobs pending.
• atrm - Used to remove pending at jobs.

at command accept fairly complex time specifications, for example:
Run job at 6am on monday:

at 6am monday

Run job in 5 minutes time:

at now + 5 minutes

Run job at 4pm but 3 days later:

at 4pm + 3 days

Run job at 10am on 31st July:

at 10am Jul 31

See the file /usr/share/doc/at/timespec for complete time specifications
and read man pages of at, atq, atrm. Make sure you have atd service 

running, if not start it using the following command: 

# /etc/init.d/atd start

Linux Cron job to Shutdown Linux server/Desktop system

First, login as the root user and at a shell prompt type crontab -e command so that you can add cronjob:

# crontab -e

OR

# crontab -e -u root

Append the following entry to it to shutdown box at 20:00 hrs [24 hour close format]:

0 20 * * * /sbin/shutdown -h now

Save and close the file. 

 

 

Hadoop install on AMIs centos!

cd /etc/yum.repos.d/

[root@ip-10-250-57-221 yum.repos.d]# ll

total 4

-rw-r--r-- 1 root root 2245 Oct 1 2009 CentOS-Base.repo

[root@ip-10-250-57-221 yum.repos.d]# wget http://archive.cloudera.com/redhat/cdh/cloudera-cdh3.repo

--2010-07-12 08:47:56-- http://archive.cloudera.com/redhat/cdh/cloudera-cdh3.repo

Resolving archive.cloudera.com... 184.73.170.21

Connecting to archive.cloudera.com|184.73.170.21|:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 211 [text/plain]

Saving to: `cloudera-cdh3.repo'

100%[======================================>] 211 --.-K/s in 0s

2010-07-12 08:47:56 (40.2 MB/s) - `cloudera-cdh3.repo' saved [211/211]

[root@ip-10-250-57-221 yum.repos.d]# ls

CentOS-Base.repo cloudera-cdh3.repo

[root@ip-10-250-57-221 yum.repos.d]#

yum install java-1.6.0-openjdk hadoop-0.20

Loaded plugins: fastestmirror

Determining fastest mirrors

* addons: mirror.fdcservers.net

* base: centos.mirror.nac.net

* extras: mirror.vcu.edu

* updates: mirror.rackspace.com

addons | 951 B 00:00

addons/primary | 202 B 00:00

base | 2.1 kB 00:00

base/primary_db | 1.6 MB 00:00

cloudera-cdh3 | 951 B 00:00

cloudera-cdh3/primary | 18 kB 00:00

cloudera-cdh3 62/62

extras | 2.1 kB 00:00

extras/primary_db | 185 kB 00:06

updates | 1.9 kB 00:00

updates/primary_db | 296 kB 00:00

Setting up Install Process

Resolving Dependencies

--> Running transaction check

---> Package hadoop-0.20.noarch 0:0.20.2+320-1 set to be updated

---> Package java-1.6.0-openjdk.i386 1:1.6.0.0-1.11.b16.el5 set to be updated

--> Processing Dependency: jpackage-utils >= 1.7.3-1jpp.2 for package: java-1.6.0-openjdk

--> Processing Dependency: libgif.so.4 for package: java-1.6.0-openjdk

--> Processing Dependency: tzdata-java for package: java-1.6.0-openjdk

--> Running transaction check

---> Package giflib.i386 0:4.1.3-7.1.el5_3.1 set to be updated

---> Package jpackage-utils.noarch 0:1.7.3-1jpp.2.el5 set to be updated

---> Package tzdata-java.i386 0:2010i-1.el5 set to be updated

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

Package Arch Version Repository Size

================================================================================

Installing:

hadoop-0.20 noarch 0.20.2+320-1 cloudera-cdh3 21 M

java-1.6.0-openjdk i386 1:1.6.0.0-1.11.b16.el5 updates 37 M

Installing for dependencies:

giflib i386 4.1.3-7.1.el5_3.1 base 39 k

jpackage-utils noarch 1.7.3-1jpp.2.el5 base 61 k

tzdata-java i386 2010i-1.el5 updates 176 k

Transaction Summary

================================================================================

Install 5 Package(s)

Update 0 Package(s)

Remove 0 Package(s)

Total download size: 58 M

Is this ok [y/N]: y

Downloading Packages:

(1/5): giflib-4.1.3-7.1.el5_3.1.i386.rpm | 39 kB 00:00

(2/5): jpackage-utils-1.7.3-1jpp.2.el5.noarch.rpm | 61 kB 00:00

(3/5): tzdata-java-2010i-1.el5.i386.rpm | 176 kB 00:00

(4/5): hadoop-0.20-0.20.2+320-1.noarch.rpm | 21 MB 00:01

(5/5): java-1.6.0-openjdk-1.6.0.0-1.11.b16.el5.i386.rpm | 37 MB 00:03

--------------------------------------------------------------------------------

Total 12 MB/s | 58 MB 00:04

Running rpm_check_debug

Running Transaction Test

Finished Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : giflib 1/5

Installing : jpackage-utils 2/5

Installing : tzdata-java 3/5

Installing : hadoop-0.20 4/5

Installing : java-1.6.0-openjdk 5/5

Installed:

hadoop-0.20.noarch 0:0.20.2+320-1

java-1.6.0-openjdk.i386 1:1.6.0.0-1.11.b16.el5

Dependency Installed:

giflib.i386 0:4.1.3-7.1.el5_3.1 jpackage-utils.noarch 0:1.7.3-1jpp.2.el5

tzdata-java.i386 0:2010i-1.el5

Complete!

[root@ip-10-250-57-221 yum.repos.d]#

[root@ip-10-250-57-221 conf]# vi hadoop-env.sh

# The java implementation to use. Required.

export JAVA_HOME=/usr/java/jdk1.6.0_14/ (remove # and set JAVA environment)

[root@ip-10-250-57-221 java]# vi ~/.bash_profile

# .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ]; then

. ~/.bashrc

fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:

JAVA_HOME=/usr/java/jdk1.6.0_14/

export PATH

export JAVA_HOME

unset USERNAME

[root@ip-10-250-57-221 ~]# . .bash_profile

[root@ip-10-250-57-221 ~]# . .bash_profile

[root@ip-10-250-57-221 ~]# . .bash_profile

[root@ip-10-250-57-221 ~]# . .bash_profile

[root@ip-10-250-57-221 ~]# java -version

java version "1.6.0_14"

Java(TM) SE Runtime Environment (build 1.6.0_14-b08)

Java HotSpot(TM) Client VM (build 14.0-b16, mixed mode)

[root@ip-10-250-57-221 ~]# echo $JAVA_HOME

/usr/java/jdk1.6.0_14/

[root@ip-10-250-57-221 ~]# echo $PATH

/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/home/ec2/bin:/home/ec2/bin:/root/bin:/home/ec2/bin:/root/bin:/usr/java/default/bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin:

[root@ip-10-250-57-221 java]# vi ~/.bash_profile

# .bash_profile

# Get the aliases and functions

if [ -f ~/.bashrc ]; then

. ~/.bashrc

fi

# User specific environment and startup programs

PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:

JAVA_HOME=/usr/java/jdk1.6.0_14/

HADOOP_HOME=/usr/lib/hadoop-0.20

export PATH

export JAVA_HOME

export HADOOP_HOME

unset USERNAME

echo $HADOOP_HOME

/usr/lib/hadoop-0.20

[root@ip-10-250-57-221 hadoop-0.20]# echo $PATH

/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/home/ec2/bin:/home/ec2/bin:/root/bin:/home/ec2/bin:/root/bin:/usr/java/default/bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin::/home/ec2/bin:/root/bin:/usr/java/jdk1.6.0_14//bin:

[root@ip-10-250-57-221 conf]# pwd

--> #/usr/lib/hadoop-0.20/conf

--> #conf/core-site.xml:

--> #

--> #

--> # fs.default.name

--> # hdfs://:9000

--> #

--> #

--> #conf/hdfs-site.xml:

--> #

--> #

--> # dfs.replication

--> # 1

--> #

--> #

--> #conf/mapred-site.xml:

--> #

--> #

--> # mapred.job.tracker

--> # :9001

--> #

--> #

Setup passphraseless ssh

Now check that you can ssh to the localhost without a passphrase:

# ssh localhost

If you cannot ssh to localhost without a passphrase, execute the following commands:

# ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa

# cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys

Format a new distributed-filesystem:

# bin/hadoop namenode -format

Start the hadoop daemons:

# bin/start-all.sh

open port 50070 and 50030

Browse the web interface for the NameNode and the JobTracker; by default they are

available at:

NameNode - http://:50070/

JobTracker - http://:50030/

TeamCity with LAMP Cent OS AMIs

 Installing MySQL 5
To install MySQL, we do this:
yum install mysql mysql-server
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the
system boots) and start the MySQL server:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
Run
mysql_secure_installation
to set a password for the user root (otherwise anybody can access your MySQL database!):
[root@server1 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
     SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): <-- ENTER
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] <-- ENTER
 ... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] <-- ENTER
 ... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] <-- ENTER
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] <-- ENTER
 ... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
Installing Apache2
Apache2 is available as a Fedora package, therefore we can install it like this:
yum install httpd
Now configure your system to start Apache at boot time...
chkconfig --levels 235 httpd on
... and start Apache:
/etc/init.d/httpd start
Now direct your browser to http://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com/ and you should see
the Apache2 placeholder
 page:
(( Optional ))
Installing PHP5
We can install PHP5 and the Apache PHP5 module as follows:
yum install php
We must restart Apache afterwards:
/etc/init.d/httpd restart
vi /var/www/html/info.php
phpinfo();
?>
Now we call that file in a browser (e.g. http://ec2-XX-xx-xxx-xxx.compute-
1.amazonaws.com/info.php):
Getting MySQL Support In PHP5
To get MySQL support in PHP, we can install the php-mysql package. It's a good idea to install some
other PHP5 modules as well as you might need them for your applications. You can search for available
PHP5 modules like this:
yum search php
Pick the ones you need and install them like this:
yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-
eaccelerator php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-
snmp php-soap php-tidy
Now restart Apache2:
/etc/init.d/httpd restart
Now reload http://ec2-xXX-xX-xXx-XXx.compute-1.amazonaws.com/info.php in your browser and scroll
down to the modules section again. You should now find lots of new modules there, including the
MySQL module:
phpMyAdmin
phpMyAdmin is a web interface through which you can manage your MySQL databases.
phpMyAdmin can be installed as follows:
yum install phpmyadmin
Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows
connections not just from localhost (by commenting out the
stanza):
vi /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#
# order deny,allow
# deny from all
# allow from 127.0.0.1
# allow from ::1
#
# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#

   Order Deny,Allow
   Deny from All
   Allow from None
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#
#
#      SecRuleInheritance Off
#
#
Restart Apache:
/etc/init.d/httpd restart
Afterwards, you can access phpMyAdmin under http://ec2-XXX-XX-XXX-XXX.compute-
1.amazonaws.com/phpmyadmin/:
Red Hat Enterprise Linux, CentOS, etc.
The OpenJDK 6 packages are also available in EPEL, a community-run project which makes Fedora
packages available to users of Red Hat Enterprise Linux 5, CentOS 5, and other RHEL 5 derivatives.
First install the package that enables the EPEL repository:
   $ su -c "rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-2.noarch.rpm"
If installing from a live image, such as a live CD or USB flash drive, add the OpenJDK 6 runtime after
the install:
   * To install with the graphical package manager, follow Applications > Add/Remove Software and
use search to find the package(s) to install.
   * To install from the command line:
       $ su -c "yum install java-1.6.0-openjdk"
     This package contains just the Java Runtime Environment. If you want to develop Java programs
then install the java-1.6.0-openjdk-devel package. You can also install all the OpenJDK 6 packages,
including the API documentation, by using the wildcard java-1.6.0-openjdk*.
On Fedora 8 the OpenJDK 7 runtime and development packages are installed by default during any
large-media install, such as from the Fedora 8 DVD, under the name IcedTea. If installing from a live
image then follow the above instructions but replace 1.6.0-openjdk with 1.7.0-icedtea.
 yum install tomcat5 tomcat5-webapps tomcat5-admin-webapps
Set JAVA_HOME / PATH for single user
Login to your account and open .bash_profile file
$ vi ~/.bash_profile
Set JAVA_HOME as follows using syntax export JAVA_HOME=. If your path is set
to /usr/java/jdk1.5.0_07/bin/java, set it as follows:
export JAVA_HOME=/usr/java/jdk1.6.0_16/bin/java
Set PATH as follows:
export PATH=$PATH:/usr/java/jdk1.6.0_16/bin
Save and close the file. Just logout and login back to see new changes:
$ echo $JAVA_HOME
$ echo $PATH
Edit the .bash_profile for Java Environment
PATH=$PATH:$HOME/bin:$JAVA_HOME/bin:
JAVA_HOME=/usr/java/jdk1.6.0_16/
export CATALINA_HOME=/opt/jetbrains/TeamCity
export PATH
export JAVA_HOME
unset USERNAME
http://www.jetbrains.com/teamcity/
Download TeamCity 5.1.2
http://download.jetbrains.com/teamcity/TeamCity-5.1.2.tar.gz
# cd /opt
# mkdir jetbrains
# cd jetbrains
# mkdir TeamCity
# cp TeamCity-5.1.2.tar.gz /opt/jetbrains/TeamCity
# vi /opt/jetnrains/TeamCity/conf/server.xml
 
           connectionTimeout="20000"
           redirectPort="8443"
           enableLookup="false"
           useBodyEncodingForURI="true"
      />
  
  
  
  
8543 will default port change to 8443
# service httpd restart
# chkconfig httpd on
# service mysqld restart
# chkconfig mysqld on
# service tomcat5 restart
# chkconfig tomcat5 on
# cd /opt/jetbrains/TeamCity/bin
TeamCity server can be started and stopped by the scripts provided in the /bin
directory
To start/stop TeamCity server and default agent at the same time, use the runAll script.
To start/stop only the TeamCity server, use teamcity-server script.
For example:
   * Use runAll.bat start to start the server and the default agent
   * Use runAll.bat stop to stop the server and the default agent
By default, TeamCity runs on http://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com:8111/ and has
one registered build agent that runs on the same computer.

MySQL root user password using MySQL sql command

This is another method. MySQL stores username and passwords in user table inside MySQL database. You can directly update password using the following method to update or change password for user vivek:
1) Login to mysql server, type following command at shell prompt:

$ mysql -u root -p

2) Use mysql database (type command at mysql> prompt):

mysql> use mysql;

3) Change password for user root:

mysql> update user set password=PASSWORD("NEWPASSWORD") where User='root';

4) Reload privileges:

mysql> flush privileges;
mysql> quit

Linux Backup: Hard Disk Clone with "dd"

Hard Disk Clone

Suppose you have a 40GB hard disk and a removable hard disk whose capacity is 60GB, and you want to backup all the files from the hard disk to the removable disk. With "dd", it is a very easy task. Again, suppose your hard disk's Unix device name is /dev/sda and the removable disk is /dev/sdb. The following command can copy all the content from /dev/sda to /dev/sdb:
dd if=/dev/sda of=/dev/sdb
Here, if=... sets the source and of=... sets the destination. "dd" doesn't care of the contents of the hard disk. It just reads bytes from /dev/sda and writes them into /dev/sdb. It doesn't know what are files. So, the hard disk file system and how many partitions it has are not important. For example, if /dev/sda is splitted into three partitions, the /dev/sdb will have the same partitions. i.e. "destination" is completely same with "source".
Notice: to execute "dd" you should login as "root" or switch to "root" using "su" command. And you must be careful, a small mistake may cause a serious problem!

Making a Hard Disk Image File

Most of time you don't want to make a complete duplication of your hard disk. You may prefer to creating an image file of the hard disk and save it in other storage devices. The following command will create an image file "disk1.img" in your user's directory from /dev/sda:
dd if=/dev/sda of=~/disk1.img
Since you have created an image file, you can compress it with "gzip" or "bzip2":
gzip disk1.img #generates disk1.img.gz or
bzip2 disk1.img #generates disk1.img.bz2
You can save much storage space with compression. But it will take very long time.

Partition Clone

Backing up a hard disk partition is much similar to backing up a whole hard disk. The reason is that Unix/Linux uses device name, such as /dev/sda1, /dev/sda5... to indicate the partitions. For example, if you want to create an image file from the first partition of /dev/sda, use "dd" like this:
dd if=/dev/sda1 of=~/disk2.img
Also, you can compress the image file:
gzip disk2.img
By the way, you can copy a partition to another partition completely, just set "of" to the partition's device name. For example:
dd if=/dev/sda1 of=/dev/sdb5
This command will copy all the contents from /dev/sda1 to /dev/sdb5. You must be sure that the capacity of /dev/sdb5 is larger than /dev/sda1.

Restoring from an Image File

To restore a partition or a hard disk from an image file, just exchange the arguments "if" and "of". For example, restore the whole hard disk from the image file "disk1.img":
dd if=disk1.img of=/dev/sda
Restore the first partition of /dev/sda from the image file "disk2.img":
dd if=disk2.img of=/dev/sda1

Postfix Mail Server,amavisd-new, spam assassin, clamav and sqlgrey

Applicable to Fedora Versions

• Fedora

Requirements

Mail servers rely on port 25 (tcp) to send and receive mail. It is also helpful to have a static IP address, however, it is not needed with todays offerings for dynamic DNS services. Some providers don't allow port 25 but this is mainly just restricted for "residential" lines. It is always good to keep Fedora updated and this howto assumes you are updated and running the latest versions for your release.

• Port 25 inbound
• Updated Fedora

Assumptions Made in HowTo

This howto assumes the following:

• Domain name: example.com
• Host name: host.example.com
• Firewall is already configured to allow port 25:tcp
• IPv4
• Local user account: local-user

Doing the Work

The first steps are to just get everything installed that will be needed to complete the full howto. At this time this includes a few things that are not in Fedora Extras yet. This howto will be updated as software makes it into Fedora Extras. We will be using mysql server for postgrey. If you don't want postgrey or you want to use a different database backend, either don't install a database server or install your database server of choice. Information about using Postgre SQL will be added at some point.

Install Needed Software

1. Install most of the needed software from Fedora Extras using yum:

yum install postfix mysql-server spamassassin clamav amavisd-new cyrus-sasl clamav-update sqlgrey

Configure and Test Postfix

1. Do some basic configuration to setup postfix before first starting it. Find the configuration variables and update them. Edit the /etc/postfix/main.cf configuration file and make the following changes:

mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host

2. Start the server for the first time:

/sbin/service postfix start

3. Send a test mail to a local user using telnet:
commands are in bold reponses are in italics

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix>
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
MAIL FROM: 
250 2.1.0 Ok

RCPT TO: 
250 2.1.5 Ok
DATA
354 End data with .
Subject: Hello local-user
Hey local-user,
I just wanted to send some test mail to you :-)
.250 2.0.0 Ok: queued as B95C8110064
QUIT

4. Check the users mail with the 'mail' command when logged in as the local-user:

mail

If this worked delete the users mail and move on, 'man mail' for more information about the mail command.

Do Some More Configuration for Postfix

This section start to configure postfix to be more secure. There are some options that are personal preferences of the author and may be changed. They are as follows:

• Mail is stored in $HOME
• TLS required for sending mail remotely
• Certificates in /etc/postfix
• The 'standard' is /etc/pki/tls

1. Update the /etc/postfix/main.cf postfix configuration file and make the following changes:
1. The following changes are updates:

home_mailbox = Maildir/

2. These changes are additions to the configuration file and may be added at the end of the file.

#TLS - SMTP AUTH
disable_vrfy_command = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file = /etc/postfix/cert.pem
smtpd_tls_key_file = /etc/postfix/key.pem
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
# Add some security
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination

2. Move your certificates to the proper location (/etc/postfix/cert.pem and /etc/postfix/key.pem respectivly) and set proper permissions (600).
   
   If you don't have a certificate already, you may generate a self signed cert with the following commands:

   cd /etc/postfix
   openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 3650
   chmod 600 *.pem

3. Restart the server:

/sbin/service postfix restart

4. Try to send test mail to your local-user account both from localhost and a remote server.
This should work. It would also be a good test to make sure that your server will not relay mail so try to send mail to another host using your server. It is recommended to continue to send testing mail with telnet so the maximum amount of information is available to debug what is going wrong. You should notice a new response from the server after you 'EHLO':

EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

5. Test if TLS is working correctly:
commands are in bold reponses are in italics

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 host.example.com ESMTP Postfix
EHLO testdomain.com
250-host.example.com
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSNSTARTTLS220 2.0.0 Ready to start TLS

If you do not see 'Ready to start TLS', something is wrong with your TLS setup.

Test SMTP Auth Using a Standard Mail Client

Use your favorite mail client to test if SMTP auth is working. If TLS is not working, SMTP auth will also not work because this howto forces postfix to use TLS when doing SMTP auth.
1. Start sasl:

/sbin/service saslauthd start

2. Start your favorite email client and send a test message to another server/mail system. Connect to the server with the following settings:
In addition to a remote account, you could also send a test message to root, another account or yourself.
• Host: host.example.com
• User: local-user
• Password: local-user's password
• Force TLS for SMTP
• Force SMTP Auth

Setup Amavisd-New, Spam Assassin, Clam-AV

Amavisd-new is the content filter that will run the spamassassin and clamav checks. It could also be configured to do other checks and has many other features. Those addtional features are outside the scope of this howto and might be added later.
1. Configure amavisd-new. Make the following changes to the /etc/amavisd/amavisd.conf config file:
   
   $myhostname is only needed when the server has not been assigned a FQDN, however, it does not hurt to set the variable; check with the command 'hostname'

$mydomain = 'example.com';
$myhostname = 'host.example.com';

2. Configure SpamAssassin to do extended checks such as rbl, pyzor, razor2, etc. Make the following changes to the /etc/mail/spamassassin/local.cf config file:

report_safe             1
use_bayes               1
bayes_auto_learn        1
skip_rbl_checks         0
use_razor2              1
use_dcc                 1
use_pyzor               1
whitelist_from *@example.com

3. Enable ClamAV to do automatic updates to virus definitions. Make the following changes to /etc/sysconfig/freshclam:
   
   Note: The change is to comment out this line.

#FRESHCLAM_DELAY=disabled-warn  # REMOVE ME

4. Update /etc/freshclam.conf to enable automatic updates:
   
   Note: The change is to comment out 'Example'.

   #Example

5. Start everything up:

/sbin/service amavisd start
/sbin/service clamd.amavisd start
/sbin/service spamassassin start

Configure Postfix to Use the New Content Filtering System

Postfix needs to be told to use the new content filtering system. A few things need to be changed to enable the new filtering system.
1. Add the following to /etc/postfix/master.cf:

smtp-amavis unix -      -       n       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20


127.0.0.1:10025 inet n  -       n       -       -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

2. Add the following to the /etc/postfix/main.cf config file:

content_filter = smtp-amavis:[127.0.0.1]:10024

3. Restart postfix to apply the changes:

/sbin/service postfix restart

Setup Grey Listing

Grey listing is an anti-spam technique that is used to twart spammers from doing drive by spamming. There are two steps to get it working with postfix. Setting up the mysql database and then enabiling the checks. You may use any supported database you would like but additional database configurations are outside of the scope of this howto. Replace sensitive information such as passwords with unique settings.
1. Setup the mysql database:
This assumes mysql server has not been setup and we are dealing with a fresh configuration. If mysql is already setup, you will need to use the '-p' switch for the mysql commands and there is no reason to set a new mysql root password. Also note, you may use whatever user/database name you want but this will need to be updated in the conf file.

/sbin/service mysqld start
mysql -u root

2. This will bring you to the mysql shell where you can add the needed user and database for sqlgrey:
Commands are in bold responses are in italics

mysql> create database sqlgrey;
Query OK, 1 row affected (0.01 sec)
mysql> grant all on sqlgrey.* to sqlgrey@localhost identified by 'mysqlUserPassword';
Query OK, 0 rows affected (0.01 sec)
mysql> quit
Bye

3. Set a root password for mysql:

mysqladmin -u root password "mysqlRootPassword"

4. Configure sqlgrey for the database. Make the following changes to the /etc/sqlgrey/sqlgrey.conf config:

db_type = mysql
db_pass = mysqlUserPassword
admin_mail = server-admin@example.com

5. Start the sqlgrey service:

/sbin/service sqlgrey start

Setup Postfix to Do Grey Listing

Postfix needs to be configured to check the greylisting service for the status of a sender.
1. Configure postfix to do the greylist check. Make the following update to the /etc/postfix/main.cf config file:

smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service inet:127.0.0.1:2501

2. Restart postfix to apply the changes:

/sbin/service postfix restart

Set Services to Run on Boot

The combination of services need to get set to run on boot. Do so with 'chkconfig':

/sbin/chkconfig postfix on
/sbin/chkconfig amavisd on
/sbin/chkconfig clamd.amavisd on
/sbin/chkconfig spamassassin on
/sbin/chkconfig mysqld on
/sbin/chkconfig sqlgrey on

Ubuntu vsftpd ftp service / server install, configuration

Ubuntu Linux comes with various ftp servers to setup FTP service such as:
=> proftpd - Versatile, virtual-hosting FTP daemon
=> vsftpd - The Very Secure FTP Daemon
=> ftpd - FTP server
=> wu-ftpd - powerful and widely used FTP server
=> wzdftpd - A portable, modular, small and efficient ftp server
=> pure-ftpd - Pure-FTPd FTP server
I recommend using vsftpd. It is simple and quite secure FTP server. According to vsftpd man page:

vsftpd is the Very Secure File Transfer Protocol Daemon. The server can be launched via a super-server such as inetd or xinetd. Alternatively, vsftpd can be launched in standalone mode, in which case vsftpd itself will listen on the network.

=> Default ftp port : 21
=> Default configuration file : /etc/vsftpd.conf

How do I set up the vsftpd daemon to accept connections from another computer?

The configuration of the vsftpd FTP service (read as daemon ) simply requires three steps.

Step # 1: Install vsftpd

Type apt-get command to install vsftpd
$ sudo apt-get install vsftpd
Output:

Password:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  vsftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 121kB of archives.
After unpacking 438kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com edgy/main vsftpd 2.0.4-0ubuntu5 [121kB]
Fetched 121kB in 0s (246kB/s)
Selecting previously deselected package vsftpd.
(Reading database ... 31396 files and directories currently installed.)
Unpacking vsftpd (from .../vsftpd_2.0.4-0ubuntu5_amd64.deb) ...
Setting up vsftpd (2.0.4-0ubuntu5) ...
Adding system user `ftp' with uid 106...
Adding new user `ftp' (106) with group `nogroup'.
Not creating home directory `/home/ftp'.
 * Starting FTP server: vsftpd

Step # 2: Configure /etc/vsftpd.conf

The default vsftpd configuration file is /etc/vsftpd.conf. You need to edit this file using text editor such as vi:
$ sudo vi /etc/vsftpd.conf
Add the following line (uncomment line) to the vsftpd configuration file:
local_enable=YES
Above config directive will allow local users to log in via ftp
If you would like to allow users to upload file, add the following to the file:
write_enable=YES
For security you may restrict local users to their home directories. Add the following to the file:
chroot_local_user=YES
Save and close the file.

Step # 3: Restart vsftpd

To restart vsftpd type the command :
$ sudo /etc/init.d/vsftpd restart
Output:

* Stopping FTP server: vsftpd                                                                                       [ ok ]
 * Starting FTP server: vsftpd                                                                                       [ ok ]

How do I use ftp command line utility?

Now you should be able to FTP to this server with any account that exists on the system except for the root user. From Windows or other Linux system use ftp client, type the command:
$ ftp ftp.ossc.in
Output:

Connected to ftp.ossc.in.
220 (vsFTPd 2.0.4)
Name (ftp.ossc.in:rajat): rajat
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 1000     1000        91798 Aug 16 08:26 apf-current.tar.gz
-rwxr-xr-x    1 1000     1000          156 Nov 10 07:05 iptables.stop
drwxr-xr-x    3 0        0            4096 Dec 23 11:11 postfix
-rw-r--r--    1 0        0        10481942 Nov 29 23:35 webmin_1.310_all.deb
226 Directory send OK.
ftp> quit
221 Goodbye.

Open FTP port using iptables (optional)

Add following rules to your iptables script. Assuming that default incoming policy is drop. If protocol is TCP and destination port is 21 (ftp):
iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
See - How do I open open ftp port 21 using iptables for more information.
There are a large number of other configuration options available for vsftpd that can be used to fine tune ftp server. Read vsftpd.conf man page by typing following command:
$ man vsftpd.conf

LAMP on Drupal Installation and configuration

Drupal Install and configuration on LAMP
yum install mysql mysql-server

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start

[root@rajat Rajat]# service mysqld restart
Stopping mysqld: [ OK ]
Initializing MySQL database: Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h rajat.synovaindia.com password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default. This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

[ OK ]
Starting mysqld: [ OK ]
[root@rajat Rajat]# /usr/bin/mysqladmin -u root password 'password'

Apache2 is available as a Fedora package, therefore we can install it like this:
yum install httpd
Now configure your system to start Apache at boot time...
chkconfig --levels 235 httpd on
... and start Apache:
/etc/init.d/httpd start
[root@rajat default]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]

We can install PHP5 and the Apache PHP5 module as follows:
yum install php
We must restart Apache afterwards:
/etc/init.d/httpd restart
Testing PHP5 / Getting Details About Your PHP5 Installation
vi /var/www/html/info.php

http://rajat.synovaindia.com/info.php

yum install php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-
eaccelerator php-magickwand php-magpierss php-mapserver php-mbstring php-mcrypt php-mssql php-
shout php-snmp php-soap php-tidy phpmyadmin
[root@rajat default]# service httpd restart
Stopping httpd:                              [ OK ]
Starting httpd:                             [ OK ]

http://drupal.org/project/drupal

tar -xvzf drupal-6.17.tar.gz /var/www/html/


goto
/var/www/html/sites/default
cp default.settings.php setting.php
chmod 777 settings.php

#chmod 755 settings.php

Install and configure munin for Server Monitoring

Munin is an efficient and lightweight Monitoring tool. Its available in ’server’ and ‘node’ packages. You can install server in a single machine and node in all other machines and then view all information/statistical data in server machine.
This quick copy and paste howto explains steps needed to setup server and multiple nodes. These steps are tested in CentOS 5.X Server.

Step 1. Prepare Server machine. For quick installation and dependency resolution, you can install DAG repository:
# rpm -Uhv http://apt.sw.be/packages/rpmforge-release/rpmforge-release-0.3.6-1.elX.rf.i386.rpm
Step 2. Install munin (server) and munin-node (node) on this machine:
# yum install munin munin-node
Step 3. Setup a directory to store munin generated htmls, you can create a directory in your server DocumentRoot or in munin directory itself. Here we create it in munin’s directory:
# cd /etc/munin
# mkdir html
# chown munin:munin html -R
Step 4. If in previous step, you created a directory in your web server root, then you dont need to set an alias, else if you did the exact whats written in above step, create an alias:
# vi /etc/httpd/conf/httpd.conf
—–
Alias /server-health/ “/etc/munin/html/”

AllowOverride None
Options None
Order allow,deny
Allow from all

—–
Step 5. Configure munin for monitoring localhost (you are already in /etc/munin directory):
# vi munin.conf
—-
htmldir /etc/munin/html
[localhost]
address 127.0.0.1
use_node_name yes
—-
here we set the html directory and section for local machine. Feel free to change ‘localhost’ to any meaningful name like Monitoring Server etc. You can further read the file for more options.
Step 6. Start munin service:
# chkconfig munin-node on
# service munin-node start
Step 7. Restart your web server and then access the munin page from your browser by pointing it to http://localhost/server-health/. You can also password protect the munin page by using .htaccess or inserting rules in your httpd.conf file but its optional.
You should be able to view various parameters/values/trends related to disk,network,apache,mail etc of your local machine/server via browser. Let us configure multiple nodes now:
Step 8. SSH to any other machine/ server and install DAG repository as described in Step 1 and then install the munin node:
# yum install munin-node
Step 10. Configure the node to allow our main server get input from this machine. For this purpose, we need to add ‘Allow IP ADDRESS’ line in config file. Note that there’s already a Allow line which allow localhost to get values, we just need to add another line for server:
# vi /etc/munin/munin-node.conf
—
allow ^192\.168\.0\.1$
—
Here 192.168.0.1 (change it as per your settings) is the IP of server machine, written in regex form which is required here.
Step 11. Start the node now:
# chkconfig munin-node on
# service munin-node start
Now configure the Server to monitor the above machine:
Step 12. Goto Server machine and update munin.conf and add a new section:
# vi /etc/munin.conf
—
[App_Server]
address 192.168.0.5
use_node_name yes
—
Here, App_Server is the name (you can write any), and 192.168.0.5 is the IP address of the machine in which we configured munin-node in Step 9 to Step 11.
After a while, Check you browser and munin should include the update from node machine.

Chmod Command

Following are the symbolic representation of three different roles:

■u is for user,
■g is for group,
■and o is for others.
Following are the symbolic representation of three different permissions:

■r is for read permission,
■w is for write permission,
■x is for execute permission.
Following are few examples on how to use the symbolic representation on chmod.

1. Add single permission to a file/directory
Changing permission to a single set. + symbol means adding permission. For example, do the following to give execute permission for the user irrespective of anything else:

$ chmod u+x filename2. Add multiple permission to a file/directory
Use comma to separate the multiple permission sets as shown below.

$ chmod u+r,g+x filename3. Remove permission from a file/directory
Following example removes read and write permission for the user.

$ chmod u-rx filename4. Change permission for all roles on a file/directory
Following example assigns execute privilege to user, group and others (basically anybody can execute this file).

$ chmod a+x filename5. Make permission for a file same as another file (using reference)
If you want to change a file permission same as another file, use the reference option as shown below. In this example, file2’s permission will be set exactly same as file1’s permission.

$ chmod --reference=file1 file26. Apply the permission to all the files under a directory recursively
Use option -R to change the permission recursively as shown below.

$ chmod -R 755 directory-name/7. Change execute permission only on the directories (files are not affected)
On a particular directory if you have multiple sub-directories and files, the following command will assign execute permission only to all the sub-directories in the current directory (not the files in the current directory).

$ chmod u+X *