Knowledge Base

Installing ProFTPd on CentOS 6

ProFTPd is a powerful FTP server. It has a very simple configuration file (/usr/local/etc/proftp.conf) that allows for easy customization. Unfortunately  if you type yum install proftpd, a default CentOS install will return you “No package proftpd available.”  The following is an easy tutorial on how to get ProFTPd on CentOS 6.

  • You will first want to remove any FTP servers currently installed. This will minimize conflicts.
  • Next, you will need to get the ProFTPd tarball. The current version is 1.3.4a

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.gz

  • Move it to /usr/src and untar it.

mv proftpd-1.3.4a.tar.gz /usr/src

cd /usr/src

tar -zxcf proftpd-1.3.4a.tar.gz

  • You will now want to go into the newly created directory and compile ProFTPd.

cd proftpd-1.3.4a

./configure

make

make install

proftpd -v

  • You now have ProFTPd! Since you will most likely use a variation of the basic configuration, copy basic.conf to /etc/proftpd.conf

cp /usr/src/proftpd-1.3.4a/sample-configurations/basic.conf /etc/proftpd.conf

  • You can now configure ProFTPd by editing the proftp.conf file.

nano /etc/proftpd.conf

Configuring and L2TP VPN on Ubuntu

Configure L2TP VPN on Ubuntu

  • Install server with Ubuntu 10.04 LTS and perform update
  • We will need an IPSec daemon to provide encryption and authentication

 sudo aptitude install openswan

  • You will be prompted regarding RSA keys. Since we will be using preshared keys (PSK), say no/skip the RSA prompts
  • Next we will be adjusting /etc/ipsec.conf

 

sudo mv /etc/ipsec.conf /etc/ipsec.conf.old

sudo nano /etc/ipsec.conf

  • Copy and paste the following into /etc/ipsec.conf

version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=netkey

conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=[Server IP address]
leftnexthop=[Server Gateway]
leftprotoport=17/1701
right=%any
rightprotoport=17/%any

 

  • Now, we save the preshared key

 sudo mv /etc/ipsec.secrets /etc/ipsec.secrets.old

sudo nano /etc/ipsec.secrets

 

[Server IP address] %any: PSK “[Your preshared key]

  • The preshared key is anything you choose, but be sure to remember it as you will need it for authentication. EG: “testkey”
  • Switch to root and input the following command to make sure that IPSec runs properly

 

sudo su

for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done

su [primary user]

sudo ipsec verify

  • It should say that everything is running properly except for Opportunistic Encryption Support

 

sudo /etc/init.d/ipsec restart

  • Now let’s install and configure L2TP

 

sudo aptitude install xl2tpd

sudo mv /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.old

sudo nano /etc/xl2tpd/xl2tpd.conf

  • Paste the following

[global]
ipsec saref = yes

[lns default]
ip range = 10.1.2.2-10.1.2.255
local ip = 10.1.2.1
refuse chap = yes
refuse pap = yes
require authentication = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes

 

  • The ip range is the range of internal ip addresses. The local ip is the internal address of the server itself.
  • Now we acquire and configure PPP

 

sudo aptitude install ppp

sudo nano /etc/ppp/options.xl2tpd

  • Paste the following (don’t worry, the file is supposed to be empty)

require-mschap-v2
ms-dns 8.8.8.8
ms-dns 209.139.209.33
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4

  • Now we will need to create user credentials to be used for the VPN login

 

sudo nano /etc/ppp/chap-secrets

  • In this file, you will see something similar to this. Give it the credentials that you choose and remember them. They will be used every time you access the VPN.

user                      server           password           ip
[username]            [server]        [password]        *

  •  save the file and restart the service

sudo /etc/init.d/xl2tpd restart

If you are using iptables, input the following

 

iptables –table nat –append POSTROUTING – jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

  • openswan doesn’t appear to start after rebooting. Add this line to /etc/rc.local

 

sudo nano /etc/rc.local

iptables –table nat –append POSTROUTING –jump MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done

/etc/init.d/ipsec restart

 

*** After creating the VPN, go to the VPN’s properties on the client side. Make sure that your server’s external IP is in the general tab. Next, go to the security tab. Make the “Type of VPN” Layer 2 Tunneling Protocol with IPsec. Then click Advanced settings. Make the preshared key for authentication the same as what you made it on your server. Change data encryption to “optional”. When connecting to the VPN, use the credentials from /etc/ppp/chapsecrets.

You should now be able to connect to the internet through your VPN gateway. If you are able to connect to the VPN, but it is reporting that there is no internet connectivity, rebooting the server will usually fix this.

Connecting to a V8 Server using RealVNC

Each new V8 server is set up to allow remote access and control using VNC Viewer Plus. You can download it by visiting the RealVNC website: http://www.realvnc.com/products/viewerplus/.

Note: You do not need to buy VNC Viewer Plus. The free version has everything needed to connect to and manage your V8 server. Additionally, after you select download, you can skip entering your personal information as none of it is required to download the software.

Once you have downloaded and installed VNC Viewer Plus (default installation is fine), open it to the following window:

AMT Server: This is where you’ll want to enter your servers KVM IP address.
Encryption: This should be set as None.
Connection Mode: Set this to Intel AMT KVM.

That’s it! You’re now ready to connect to your V8 server using remote KVM/IP. Click Connect to access your servers console and management tools.

ProFTPd versus vsFTPd

ProFTPd and vsFTPd are two very popular FTP servers for Unix/Linux systems. Although they are very similar in terms of functionality, there are some notable differences.
The main benefit of ProFTPd is that it has a very easily managed configuration file. The syntax of proftpd.conf is very similar to the Apache configuration file. This makes for a pretty efficient standardization of configuration files. This is easily recognizable because of its modular architechture.
vsFTPd is the default FTP server for Ubuntu, CentOS, Fedora, and Red Hat. This makes it very easy to install in comparison with ProFTPd, but it does not present as easy of a configuration file. vsFTPd is also reported to be more secure.
In my opinion, vsFTPd is the better FTP server. vsFTPd is easier to install and can perform all that you would expect from an FTP daemon while maintaining a solid level of security.
Ultimately, it all comes down to personal preference. Both FTP servers are reliable, powerful, and they support FTP over SSL. When an FTP user is created, their home directory acts as the FTP root directory. When you connect to your server using an FTP client, you will be brought directly to /home/(the ftp user’s directory). This makes for a pretty safe method of operation. Just like with Linux distributions, what is right for one person is not necessarily what is right for someone else. Work with what makes you most comfortable.

Worpress Installation and Configuration on CentOS

Prepare the Prerequisites

  • Install Webmin (instructions: http://www.webmin.com/rpm.html)
  • Configure Linux Firewall to only allow ports 22 (ssh), 10000 (webmin), 21 (ftp) and 80 (web)
  • Install the prerequisites
    yum update
    yum install php mysql-server php-mysql httpd vsftpd ntpdate gd php-gd
  • Lock up MySQL.
    service mysqld start
    /usr/bin/mysql_secure_installation
    (follow the prompts)
  • Create a MySQL database to use with the new wordpress site.  Create a MySQL user/pw to access it.  Localhost access is the only thing you need for a basic install.
  • Create a Linux user for FTP access.  Set yourFTPusername’s  home directory to /home/yoursitename.
  • Set Bootup options to turn off most services.  Make sure httpd (Apache), mysqld, vsftpd and ntpd are all set to start on boot.
  • Turn off SELinux (/etc/selinux/config) or virtual hosting wont work in Apache.  There are workarounds if you want to fight them.  Be careful with CentOS as it has two editable lines lost in a bunch of comments, and it’s easy to edit the wrong one.
  • Point DNS records for yoursitename (A) and www.yoursitename (CNAME) to your server.

Download WordPress

cd /tmp
wget http://wordpress.org/latest.tar.gz
gunzip latest.tar.gz
tar xvf latest.tar
rm -rf latest.tar
mv wordpress /home/yoursitename
chown -R yourFTPusername /home/yoursitename
mv /home/yoursitename/wordpress/wp-config-sample.php /home/yoursitename/wordpress/wp-config.php
mv /home/yoursitename/wordpress/* /home/yoursitename

nano /home/yoursitename/wp-config.php
(and enter your settings from above)

Set up Apache

Create a virtual host for your WordPress site and aim it to /home/yoursitename
Edit /etc/httpd/conf/httpd.conf and add the following directives:

  • ServerAlias (as needed – usually www.yoursitename in addition to ServerName yoursitename)
  • Inside the directory section of your virtual server section, be sure to add AllowOverride All or nothing will work.

Run the WordPress Installer

 

  • Navigate to http://yoursitename in a browser and the installer should load.  It usually runs quickly and with almost no prompts.  Your site should now be live.
  • Test FTP to your site using host: yoursitename and user:yourFTPusername.  Test changing permissions on directories using FTP.  This should work if you’ve done the chown above correctly.

Create a .htaccess File

cd /home/yoursitename
touch .htaccess
chmod 777 .htaccess
nano .htaccess

Paste this:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Remember to change permalink settings in your wp-admin to not just use a number.

For all eSecureData.com dedicated servers which are highly optimized to run WordPress, visit us at www.esecuredata.com.

Adding additional IP’s to a Linux Server.

Adding IP’s to your linux machine can be a hard task at first but it can be broken down to these few steps.

To implement a temporary solution you can execute the command

Command:  ifconfig eth0:1 IP.ADDRESS.HERE. (Note IP.ADDRESS.HERE is the  additional IP you want linked to your machine.)

Note that:

Main IP: eth0:0

Secondary IP: eth0:1

Third IP: eth0:2

Fourth IP: eth0:3

Further note that computers start counting at 0 being a element number and up. Meaning 1 = 0 2=1 3=2 etc.

To make these changes Permit we will have to configuration the networking files to reflect these actions.

Starting out make sure that the ifcfg-eth0 file does not consist of any gateway=parameter. If it does remove this statement. The root to find this file is as following: etc/sysconfig/network-scripts/ifcfg-eth0

Next, copy the file ifcfg-eth0 and name it ifcfg-eth0:1

Command: cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:1

Once you have copied the file edit the ifcfg-eth0:1 and change the statement Device=eth0 to device eth0:1 and change the IPAddr= to the addon IP you want, that is assigned to your machine.  Start the Secondary interface with: ifup eth0:1

 

Repeat this step to add as many IP addresses as you desire.

 

 

Installing LAMP on Centos

Centos is one of the most common Linux OS.

 

I will be showing you how to install Apache, MySQL ,PHPMyAdmin and PHP.

Apache is the a software that responses to enquirys and replies. This means this is the script that displays your website.

 

To install Apache:

yum install httpd httpd-devel

If at the end of the installation the apache is not running you may need to manually start it.

/etc/init.d/httpd start

MySQL is a dynamic data stored in a table format. each table, column and rows can be called to display or store information.

 

To install MySQL Database Server.

yum install mysql mysql-server mysql-devel

 

This will install MySQL and the Username and password will be on the lines of the default.

 

To set the password to a new installed MySQL:

mysqladmin -u root password NEWPASSWORD

 

Install PHP MyAdmin

phpMyAdmin is a web control panel that allows you to manage your SQL databases and users.

yum install phpmyadmin


Access:

http://yourip/phpmyadmin

 

Note: pay close attention to the installation process due to a error can easily make this installation very complicated. When it requests username and password these are are the details of the root MySQL which you set earlier.



Installing PHP:

This command installs everything you need for PHP:

yum install php php-mysql php-common php-gd php-mbstring php-mcrypt php-devel php-xml

 

This completes the entire installation of what is computationally stated to be LAMP.

 

Your web server is now ready and running.


 

 


 

 

 

One Command LAMP Installation Ubuntu

To set-up a simple web server with all the basic settings you can install Linux Apache MySQL PHP (LAMP) Script to install them all at once. Installing LAMP on Ubuntu is the easiest out of them all with the one command installation.

In the case this package is not installed:

sudo apt-get install tasksel

or

sudo tasksel install lamp-server

Command:

sudo  tasksel

 

Configuring your Package.

 

Choose Software to Install:

  • DNS Server
  • Edubuntu Server
  • LAMP Server
  • Edubuntu Desktop
  • Kubuntu Desktop
  • Ubuntu Desktop
  • Xubuntu Desktop
  • Edubuntu Live CD
  • Kubuntu Live CD
  • Ubuntu Live CD
  • Xubuntu Live CD

 

Select LAMP Server and follow the on screen instructions.

 

Changing the default root password to MySQL. (Note Replace NEWPASS to a your own password you want).

mysqladmin -u root password NEWPASS

Please take note of this password, you will need it for installing phpmyadmin.

 

Install PHPMyAdmin:

sudo apt-get install phpmyadmin

 

(Be careful that you enter all details correctly as it may cause problems to resolve the issue. The way to fix it may result in removing, pruning and starting again.)

Once completed you should be able to login as MySQL root at http://YourIP/phpmyadmin once completed.

 

Done!

Once you have completed all of the above steps you have successfully installed Apache, MySQL, PHP and PHPMyAdmin.

 

 

 

Installing cPanel on Centos

How to install cPanel 11 in a short few commands.

cPanel requires more then 512MB of RAM to install and run correctly. Be sure that you have this system requirement before you start.

First go to the home directory:

cd /home

Next we will download the latest version of cPanel installation file:

wget http://httpupdate.cpanel.net/latest

Once it has finished downloading you need to activate the installation:

sh latest

This installation will take up to 30 minutes – 2 hours to install.

Once the installation was finished you have installed cPanel 11 and you can now login to WHM to configure your new server.

You can login as root from https://yourServerIP:2087

 

Automatically Checking Free Disk Space on a Linux Server

I’ve just written a little script I should have written years ago. I think we’ve all forgotten a server or two in our lives and ended up running out of disk space. I know I have more than once. This little script can be thrown into a cron job and will automatically alert you by email if your server(s) ever come close to running out.


<?php

//------------------------------------------------------------------------------
// Disk Space Checker
// 2011-07-31
// This script was written by Reg Natarajan and is hereby released into the
// public domain with no warranties of any kind.
//------------------------------------------------------------------------------

//------------------------------------------------------------------------------
// Setup. Change these values to suit your needs.
//------------------------------------------------------------------------------
$ComputerName = "your.server.com";
$PartitionToCheck = "/";
$ReportWhenLessThanThisManyGigsFree=10; //in gigabytes, obviously
$EmailAddressesToAlert="email1@yourdomain.com,email2@yourdomain.com";
$AlwaysAlertByEmail=false; //Report by email even if you're within limits
$From="support@yourdomain.com";

//------------------------------------------------------------------------------
// Primary script. Do not change below this line.
//------------------------------------------------------------------------------

//Get the number of bytes free
$FreeBytes = disk_free_space($PartitionToCheck);
$Results = number_format($FreeBytes/(1024 * 1024 * 1024)) .
" GB free on $PartitionToCheck on $ComputerName. \n
Warning threshold set to $ReportWhenLessThanThisManyGigsFree GB.";

//Convert the number of Gigs to bytes
$BytesFreeLimit = $ReportWhenLessThanThisManyGigsFree * 1024 * 1024 * 1024;

//If the limit has been reached
if ($FreeBytes<=$BytesFreeLimit)
{
$Subject = "URGENT WARNING: FREE SPACE BELOW
$ReportWhenLessThanThisManyGigsFree GB ON $ComputerName.";
$ReportByEmail=true;
}
else //Limit not reached
{
$Subject = "Disk space ok. Free Space is above
$ReportWhenLessThanThisManyGigsFree GB on $ComputerName.";
$ReportByEmail=$AlwaysAlertByEmail; //If it's set to false, don't report
}

//If an email report is required
if ($ReportByEmail)
{
$Results = wordwrap($Results, 70);
$Headers = "From: $From\r\n" .
"Reply-To: $From";
mail ($EmailAddressesToAlert, $Subject , $Results, $Headers);
}

//Echo the results
echo $Subject . " " . $Results;

?>

If you throw it into a cron job to run daily, you’ll get an email whenever your server falls below the limit you’ve set (default is 10gb).

44 4 * * * /usr/bin/php /backup/diskfreespace.php