zimbra mail server update ssl certificate on Command line Instructions

If you are failing to install the certificate from admin console, use these steps to install it from command line.

1) mkdir /root/certs and place the cert files in there

2) cat gd_cross_intermediate.crt gd_intermediate.crt gd-class2-root.crt >> /root/certs/commercial_ca.crt
    or rename gd_bundle.crt (given by GoDaddy when downloading certificate) to commercial_ca.crt.

3) verify the certificate
     cd /root/certs
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key ./<server_name>.crt ./commercial_ca.crt

4) deploy the cert
    cd /root/certs
    /opt/zimbra/bin/zmcertmgr deploycrt comm ./<server_name>.crt ./commercial_ca.crt

5) restart the zimbra services

su - zimbra
zmcontrol stop
zmcontrol start

 

How To Use a Bash Script To Restart Linux Server Services

Use a script to restart critical Linux services such as the web or database server.

Restart nginx, apache2, MySQL or PHP-fpm automatically.

If you manage your own WordPress web server then you have undoubtedly come across many situations where your web apache, nginx, MySQL or PHP-fpm services have stopped.

Sometimes the reason is unknown and things just crash from time to time.

Using the Linux crontab service we can write a simple bash script to test to see if these services have stopped and restart them.

You can use whatever editor you are comfortable with.

Here’s the command line code to create the file in nano:

sudo nano /opt/crashed-services.sh

Here is the bash script.

#!/bin/bash

service mysql status | grep ‘active (running)’ > /dev/null 2>&1

if [ $? != 0 ]
then
sudo service mysql restart > /dev/null
fi

service nginx status | grep ‘active (running)’ > /dev/null 2>&1

if [ $? != 0 ]
then
sudo service nginx restart > /dev/null
fi

service php-fpm status | grep ‘active (running)’ > /dev/null 2>&1

if [ $? != 0 ]
then
sudo service php-fpm restart > /dev/null
fi

[save & close]

 

Change the service names to the ones you are running, e.g. “apache2” or whatever PHP version you are running.

The script uses the service <name> status command to output the status of a particular service such as mysql.

We then run this through grep looking for the phrase “active (running)”.

If this is not found, we ask the system to restart the service.

Save the file to /opt/launch-crashed-services.sh

Then ensure that it is runnable from the command line using:

sudo chmod +x /opt/crashed-services.sh

 

Scheduling Service Restarts Using Crontab

It would be a pain to have to SSH into our server every time a service crashes to run the script.

Instead we can call the script directly from a crontab service and have it running as frequently as we need it to.

Edit your root crontab list using:

sudo crontab -e

It’s important to use the root crontab using the command above and not to edit your own user profile crontab, otherwise, it will not work properly.

Add the following line to the bottom of the root crontab list:

*/1 * * * * /root/crashed-services.sh > /dev/null 2>

This will run the script every minute but you can change that for whatever works for your server.

Now if a critical service crashes, the server will attempt to restart it.

Happy days.

Install Aptana Studio 3 in Ubuntu 14.04

Aptana Studio 3, the world’s most powerful open-source web development IDE just got better. Build web applications quickly and easily using the industry’s leading web application IDE. Aptana Studio harnesses the flexibility of Eclipse and focuses it into a powerful web development engine.  It has support for the latest browser technology specs such as HTML5, CSS3, JavaScript, Ruby, Rails, PHP and Python. We’ve got you covered.

Features

• Aids in authoring of HTML, CSS, JavaScript, PHP, and Ruby. Supports the latest HTML5 specifications. Includes information about the level of support for each element in the major web browsers
• Support for one-shot as well as keep-synchronized setups. Multiple protocols including FTP, SFTP, FTPS and Capistrano. Ability to automatically publish your Ruby & Rails applications to hosting services such as Heroku and Engine Yard.
• Set breakpoints, inspect variables, control execution. The integrated Ruby & Rails and JavaScript debuggers help you squash those bugs.
• Easily put your projects under git source code control. Collaborate with team members thru merge, pull and push actions to remote repositories such those hosted on Github. Facilitates git-based deployments.
• Quickly access a command line terminal for execution of operating system commands and language utilities such as gem, rake, etc

Install Aptana Studio 3

• Click button below and choose ‘Customize Your Download’ to download Linux version

http://www.aptana.com/products/studio3/download

– Install dependencies

sudo apt-get install openjdk-7-jdk nodejs

– Unzip downloaded file

unzip Aptana_Studio_3_Setup_Linux_x86_64_3.4.2.zip

– Move folder to /opt

sudo mv/Aptana_Studio_3 /opt

– Create App Launcher for Aptana Studio by first installing gnome-panel if not already done that

sudo apt-get install --no-install-recommends gnome-panel

– Next run command below to launch the Create Launcher app. Enter details as follows; for command, browse to location of Aptana Studio which was /opt/Aptana_Studio_3 and select AptanaStudio file. Also click icon to choose the Aptana icon in same location

gnome-desktop-item-edit ~/Desktop/ --create-new

– Launch Aptana from Dash

Thanks..

– Install dependencies

sudo apt-get install openjdk-7-jdk nodejs

– Unzip downloaded file

unzip Aptana_Studio_3_Setup_Linux_x86_64_3.4.2.zip

– Move folder to /opt

sudo mv/Aptana_Studio_3 /opt

– Create App Launcher for Aptana Studio by first installing gnome-panel if not already done that

sudo apt-get install --no-install-recommends gnome-panel

– Next run command below to launch the Create Launcher app. Enter details as follows; for command, browse to location of Aptana Studio which was /opt/Aptana_Studio_3 and select AptanaStudio file. Also click icon to choose the Aptana icon in same location

gnome-desktop-item-edit ~/Desktop/ --create-new

– Launch Aptana from Dash

Thanks..

Installing MongoDB/PHP Driver on CentOS 6

Since the module is not included with the default PHP installation, you have to download it from the official repository:

cd
mkdir mongo-php-driver
cd mongo-php-driver
curl https://codeload.github.com/mongodb/mongo-php-driver/zip/master > mongo-php-driver-master.zip

Unzip it

unzip mongo-php-driver-master.zip
cd mongo-php-driver-master

You need phpize to build the module. You can install it from the remi repository:

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6.rpm
yum --enablerepo=remi install php-devel

Configure and build

phpize
./configure
make all
sudo make install

Make sure the installation directory is the same as the PHP extension directory by running:

php -i | grep extension_dir
  extension_dir => /usr/lib64/php/modules/

and then ls on that extension_dir

ls /usr/lib64/php/modules/

and verify you see the mongo.so file module.

If it’s not, change the extension_dir in php.ini or move mongo.so.

Make the mongo module available to php by creating the following file:

nano /etc/php.d/mongo.ini

And copy the following contents into it:

; Enable mongo extension
extension=mongo.so

Restart apache, nginx or php-fpm. Check with phpinfo() if the module was correctly installed.

Enjoy

How to Install the MongoDB PHP Driver (Extension) on CentOS 6

Pre-Flight Check

• These instructions are intended specifically for installing the MongoDB PHP Driver (Extension) on CentOS 6.
• I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Step 1: Setup Environment, Install PHP Extension & Application Repository (PEAR)

As a matter of best practice we’ll update our packages:

yum -y update

Then let’s install a compiler, the PHP Extension and Application Repository (PEAR), and PHP development tools:

yum -y install gcc php-pear php-devel

Step 2: Installation with the PHP Extension Community Library (PECL)

Now let’s install the MongoDB PHP driver (extension) with PECL:

pecl install mongo

Next you’ll be prompted regarding ‘MongoDB Enterprise Authentication’. If you’re not specifically using SASL (and already have it installed), then hit enter to continue (thus answering ‘no’):

Build with Cyrus SASL (MongoDB Enterprise Authentication) support? [no] :

Step 3:Configure PHP

For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor

vim /etc/php.ini

It is possible to place the following bit of code anywhere in the php.ini file. However, the most common location for extensions is in the Dynamic Extensions section.

Find Dynamic Extensions and insert the following in that section:

extension=mongo.so

Then exit and save the file with the command :wq .

And now we’ll restart Apache:

service httpd restart

Step 4: Verify the Extension is Available

Now verify that the extension is available by using the following command:

php -m | grep -i mongo

Your result should be:

mongo

Installing SVN support in Aptana Studio 3

Its been a few years since I have worked anywhere that still uses Subversion as their day to day version control system. But the other day at work I needed to check out some old legacy code which was stored in a svn repository on an old development server. Then it struck me I didn’t even have subversion available on my work machine!

I could have simply installed it from the command line but I use to like have the ability to compare code across multiple revisions directly within my IDE. Here I am going to cover off the required steps to getting support for Subversion installed into Aptana Studio 3. – See more at: http://www.development-cycle.com/2013/09/installing-svn-support-in-aptana-studio-3/#sthash.bddzHkqk.dpuf

First go to the menu up near the top of the application window – help -> Install new software.

Click the link near the top “Available Software Sites”. Select the entry “Eclipse Indigo Update Site” then click the OK button.

Select the Eclipse Indigo site from the drop down after a moment the area below will populate with a collection of eclipse packages that can be installed from the selected location.

Expand the “collaboration” section then scroll down through through the selections within and select all of the subversive options.

Click the next button down the bottom of the page then accept the required licenses for the packages.

Wait for the the packages to download and install.

When prompted restart Aptana Studio 3.

Upon restart you will need to select an SVN connector for Subversive to use. I selected SVN Kit 1.3.5. Then click finish and the it will compute the required dependencies that need to be installed and then show another software installation page, simply press “next” to continue.

As before a page reviewing the packages to be installed will be displayed, click next again. Accept the legal licenses for the connector and its dependencies. As before the connector its dependencies will then download install, and you will then be prompted to restart Aptana Studio again.

After restarting Aptana go file -> new -> project. In the new project wizard you will now see and option for and SVN project. Simply select this and click the next button. You will then see a page to enter the details of your Subversion repository and check out the code base.

Finish

Thanks…

Installing Zimbra 8.0.4 on CentOS 6.4 X64

Installing & Configuration Zimbra Mail Server

Steps
1. Update your system
yum update -y

1. install prerequisite package for zimbra
   yum install sudo sysstat libidn gmp litool-ltdl compat-glib vixie-cron nc perl libstdc++.i686
   yum -y install nc wget nano make nc sudo sysstat libtool-ltdl glibc perl ntp

2. modify /etc/hosts file
   nano /etc/hosts
   ip address mail.nextzone.com mail

4.disable start-up services
4a.chkconfig postfix off
4b.service postfix stop
4c.chkconfig sendmail off
4d.service sendmail stop

1. modify /etc/sudoers file
   nano /etc/sudoers
   comment out # Defaults requiretty *line

6.Disable or adjust your firewall
6a.chkconfig iptables off
6b.service iptables stop
6c.chkconfig ip6tables off
6d.service ip6tables stop
7. Disable selinux
nano /etc/sysconfig/selinux
SELINUX=disabled

Reboot is required at this step

8.Download the Zimbra Server using below command
wget http://files2.zimbra.com/downloads/8.0.4_GA/zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz

9.Now extract Zimbra tar file using below command
tar -zxpvf zcs-8.0.4_GA_5737.RHEL6_64.20130524120036.tgz

10.Now Change the directory & run below command to install zimbra
cd zcs-8.0.4_GA_5737.RHEL6_64.20130524120036
./install.sh

When we execute the above command we will get below output and follow the instructions :
Operations logged to /tmp/install.log.2570
Checking for existing installation…
zimbra-ldap…NOT FOUND
zimbra-logger…NOT FOUND
zimbra-mta…NOT FOUND
zimbra-snmp…NOT FOUND
zimbra-store…NOT FOUND
zimbra-apache…NOT FOUND
zimbra-spell…NOT FOUND
zimbra-convertd…NOT FOUND
zimbra-memcached…NOT FOUND
zimbra-proxy…NOT FOUND
zimbra-archiving…NOT FOUND
zimbra-cluster…NOT FOUND
zimbra-core…NOT FOUND

PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE. ZIMBRA, INC..

License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra_public_eula_2.1.html
Do you agree with the terms of the software license agreement? [N] Y
Do you agree with the terms of the software license agreement? [N] Y
License Terms for the Zimbra Collaboration Suite:
http://www.zimbra.com/license/zimbra_public_eula_2.1.html
Do you agree with the terms of the software license agreement? [N] Y
Do you agree with the terms of the software license agreement? [N] Y

Checking for prerequisites…
FOUND: NPTL
FOUND: nc-1.84-22
FOUND: sudo-1.8.6p3-12
FOUND: libidn-1.18-2
FOUND: gmp-4.3.1-7
FOUND: /usr/lib64/libstdc++.so.6
Checking for suggested prerequisites…
FOUND: perl-5.10.1
FOUND: sysstat
FOUND: sqlite

Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy

Select the packages to install
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] Y
Install zimbra-snmp [Y] n
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] y
Install zimbra-memcached [N] n
Install zimbra-proxy [N] n
Checking required space for zimbra-core
Checking space for zimbra-store
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy

The system will be modified. Continue? [N] Y
Removing /opt/zimbra
Removing zimbra crontab entry…done.
Cleaning up zimbra init scripts…done.
Cleaning up /etc/ld.so.conf…done.
Cleaning up /etc/security/limits.conf…done.
Finished removing Zimbra Collaboration Server.

Installing packages
zimbra-core……zimbra-core-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-ldap……zimbra-ldap-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-logger……zimbra-logger-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-mta……zimbra-mta-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-snmp……zimbra-snmp-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-store……zimbra-store-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-apache……zimbra-apache-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-spell……zimbra-spell-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-memcached……zimbra-memcached-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
zimbra-proxy……zimbra-proxy-8.0.4_GA_5737.RHEL6_64-20130524120036.x86_64.rpm…done
Operations logged to /tmp/zmsetup.12152013-081656.log
Installing LDAP configuration database…done.

Setting defaults…No results returned for A lookup of zimbra.kesariinfotech.com
Checked nameservers:
ip address
ip address
No results returned for AAAA lookup of zimbra.kesariinfotech.com
Checked nameservers:
ip address
ip address

DNS ERROR resolving Domain Name
It is suggested that the hostname be resolvable via DNS
Change hostname [Yes] no

DNS ERROR resolving MX for Mail Sever Name
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes]
Create domain: [Domain Name] Domain Name

DNS ERROR resolving MX for Domain Name
It is suggested that the domain name have an MX record configured in DNS
Re-Enter domain name? [Yes] no
done.
Checking for port conflicts

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@Domain Name
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.q1nij5qjun@Domain Name
+Enable automated spam training: yes
+Spam training user: spam.a4bqznpxlq@Domain Name
+Non-spam(Ham) training user: ham.n8ucqdfyt@Domain Name
+SMTP host: Mail Server Name
+Web server HTTP port: 80
+Web server HTTPS port: 443
+Web server mode: https
+IMAP server port: 143
+IMAP server SSL port: 993
+POP server port: 110
+POP server SSL port: 995
+Use spell check server: yes
+Spell server URL: http://Domain Name:7780/aspell.php
+Configure for use with mail proxy: FALSE
+Configure for use with web proxy: FALSE
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@Domain Name
+Version update source email: admin@Domain Name

4) zimbra-mta: Enabled
5) zimbra-logger: Enabled
6) zimbra-spell: Enabled
7) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

Address unconfigured (**) items (? – help) 3

Store configuration

1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@Domain Name
** 4) Admin Password UNSET
5) Anti-virus quarantine user: virus-quarantine.q1nij5qjun@Domain Name
6) Enable automated spam training: yes
7) Spam training user: spam.a4bqznpxlq@Domain Name
8) Non-spam(Ham) training user: ham.n8ucqdfyt@Domain Name
9) SMTP host: Mail Server Name
10) Web server HTTP port: 80
11) Web server HTTPS port: 443
12) Web server mode: https
13) IMAP server port: 143
14) IMAP server SSL port: 993
15) POP server port: 110
16) POP server SSL port: 995
17) Use spell check server: yes
18) Spell server URL: http://Domain Name:7780/aspell.php
19) Configure for use with mail proxy: FALSE
20) Configure for use with web proxy: FALSE
21) Enable version update checks: TRUE
22) Enable version update notifications: TRUE
23) Version update notification email: admin@Domain Name
24) Version update source email: admin@Domain Name

NOte : – Set Admin Password
Select, or ‘r’ for previous menu [r] 4

Note :- Set Admin Password
Password for admin@Domain Name (min 6 characters): [BCoe0K5um] password

Store configuration

1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@Domain Name
4) Admin Password set
5) Anti-virus quarantine user: virus-quarantine.q1nij5qjun@Domain Name
6) Enable automated spam training: yes
7) Spam training user: spam.a4bqznpxlq@Domain Name
8) Non-spam(Ham) training user: ham.n8ucqdfyt@Domain Name
9) SMTP host: Mail Server Name
10) Web server HTTP port: 80
11) Web server HTTPS port: 443
12) Web server mode: https
13) IMAP server port: 143
14) IMAP server SSL port: 993
15) POP server port: 110
16) POP server SSL port: 995
17) Use spell check server: yes
18) Spell server URL: http://Domain Name:7780/aspell.php
19) Configure for use with mail proxy: FALSE
20) Configure for use with web proxy: FALSE
21) Enable version update checks: TRUE
22) Enable version update notifications: TRUE
23) Version update notification email: admin@Domain Name
24) Version update source email: admin@Domain Name

Select, or ‘r’ for previous menu [r] r

Main menu

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-store: Enabled
4) zimbra-mta: Enabled
5) zimbra-logger: Enabled
6) zimbra-spell: Enabled
7) Default Class of Service Configuration:
r) Start servers after configuration yes
s) Save config to file
x) Expand menu
q) Quit

*** CONFIGURATION COMPLETE – press ‘a’ to apply
Select from menu, or press ‘a’ to apply config (? – help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.14392]
Saving config in /opt/zimbra/config.14392…done.
The system will be modified – continue? [No] yes
Operations logged to /tmp/zmsetup.07202015-184420.log
Setting local config values…done.
Initializing core config…Setting up CA…done.
Deploying CA to /opt/zimbra/conf/ca …done.
Creating SSL zimbra-store certificate…done.
Creating new zimbra-ldap SSL certificate…done.
Creating new zimbra-mta SSL certificate…done.
Installing mailboxd SSL certificates…done.
Installing MTA SSL certificates…done.
Installing LDAP SSL certificate…done.
Initializing ldap…done.
Setting replication password…done.
Setting Postfix password…done.
Setting amavis password…done.
Setting nginx password…done.
Creating server entry for Domain Name…done.
Setting Zimbra IP Mode…done.
Saving CA in ldap …done.
Saving SSL Certificate in ldap …done.
Setting spell check URL…done.
Setting service ports on Mail Server Name…done.
Adding Mail Server Name to zimbraMailHostPool in default COS…done.
Setting zimbraFeatureTasksEnabled=TRUE…done.
Setting zimbraFeatureBriefcasesEnabled=FALSE…done.
Setting MTA auth host…done.
Setting TimeZone Preference…done.
Initializing mta config…done.
Setting services on Mail Server Name…done.
Creating domain Domain Name…done.
Setting default domain name…done.
Creating domain Domain Name…already exists.
Creating admin account admin@Domain Name…done.
Creating root alias…done.
Creating postmaster alias…done.
Creating user spam.a4bqznpxlq@Domain Name…done.
Creating user ham.n8ucqdfyt@Domain Name…done.
Creating user virus-quarantine.q1nij5qjun@Domain Name…done.
Setting spam training and Anti-virus quarantine accounts…done.
Initializing store sql database…done.
Setting zimbraSmtpHostname for Mail Server Name…done.
Setting up syslog.conf…done.
Starting servers…done.
Installing common zimlets…
com_zimbra_ymemoticons…done.
com_zimbra_attachmail…done.
com_zimbra_email…done.
com_zimbra_bulkprovision…done.
com_zimbra_attachcontacts…done.
com_zimbra_date…done.
com_zimbra_cert_manager…done.
com_zimbra_phone…done.
com_zimbra_url…done.
com_zimbra_tooltip…done.
com_zimbra_adminversioncheck…done.
com_zimbra_webex…done.
com_zimbra_clientuploader…done.
com_zimbra_proxy_config…done.
com_zimbra_srchhighlighter…done.
com_zimbra_viewmail…done.
Finished installing common zimlets.
Restarting mailboxd…done.
Creating galsync account for default domain…done.

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.0.4_GA_5737_RHEL6_64)
The ADMIN EMAIL ADDRESS created (admin@Domain Name)

Notify Zimbra of your installation? [Yes] no
A Yes/No answer is required

You have the option of notifying Zimbra of your installation.
This helps us to track the uptake of the Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.0.4_GA_5737_RHEL6_64)
The ADMIN EMAIL ADDRESS created (admin@Domain Name)

Notify Zimbra of your installation? [Yes] no
Notification skipped
Setting up zimbra crontab…done.

Moving /tmp/zmsetup.07202015-184420.log to /opt/zimbra/log

Configuration complete – press return to exit

1. check zimbra status
   su – zimbra
   zmcontrol status

Note:- If you have DNS server, don’t uncheck * Enable DNS lookups*

13.Go to admin colsole
click on configure opton
then click on Global Settings
then click on MTA option
uncheck TLS authentication only
uncheck Enable DNS lookups option

Install PECL uploadprogress on Debian 6, Ubuntu 10.04, Ubuntu 12.04 LTS and 14.04 LTS

Configurations

As the title states, I’ve installed the module under 3 system configurations :

• Debian 6 / PHP 5.3 / Virtualmin on a private server
• Ubuntu 10.04 LTS / PHP 5.3 on a development workstation
• Ubuntu 12.04 LTS / PHP 5.4 on a development workstation

Installation

Downloadprogress beind installed by PECL, the first step is to install pecl. In both distributions it’s included in the php-pear package. So :
sudo apt-get install php-pear

In the two operational configurations, the package was already installed ; as a basic component in the Ubuntu WS and as part of Virtualmin auto-installation on the Debian server.

At this stage, pecl is installed but it will need to compile the downloadprogress module as a step of the installation process. So more resources are needed before pecl can be invoked.
sudo apt-get install php5-dev

Accept the required dependeces and let apt-get do it’s job.
Ubuntu 12.04 (LTS):build-essential is another required package, otherwise the install will fail:

sudo apt-get install build-essential
Then pecl can be invoked :
sudo pecl install uploadprogress

The module is installed but won’t be loaded when php is run. The php “.ini” configuration files has to be properly set. The Debian (and Ubuntu) way to do it clean is to add a module dedicated ini file in the /etc/php5/apache2/conf.d directory (do not touch php.ini file). Use your favorite text editor…
sudo nano /etc/php5/apache2/conf.d/uploadprogress.ini

and insert the following two lines :
; activate and configurate for php uploadprogress module
extension=uploadprogress.so
Ubuntu 14.04 (LTS): insert the above two lines:
sudo nano /etc/php5/mods-available/uploadprogress.ini

And make a symbolic link:

sudo ln -s /etc/php5/mods-available/uploadprogress.ini /etc/php5/apache2/conf.d/20-uploadprogress.ini
Apache needs to be restarted in order to take this new configuration file into account :
sudo service apache2 restart

The uploadprogress module should be available for your PHP applications…

Installing dev packages on a WS is very common but it’s not appropriate on a server. So, on the Debian Virtualmin powered server :
sudo apt-get remove php5-dev

It works in both environments. On the Ubuntu WS php is running as a apache module with apache user’s rights (www-data). On Debian-Webmin php is running as fastcgi with site’s user’s rights.

Thanks…

Install MongoDB with Nginx + PHP on Ubuntu

Assuming you already have Nginx and PHP installed and want to add MongoDB support.

Install pre-requisites

apt-get update
apt-get install php5-cli php5-common php5-suhosin php5-cgi php5-curl php5-fpm php5-json php5-mcrypt php5-mysql php5-sqlite php5-dev php-pear php-apc

Enable Mongo

pecl install mongo
echo “extension=mongo.so” >> /etc/php5/fpm/php.ini

Install MongoDB

apt-get install mongodb mongodb-server

Restart Services

service nginx restart
service php5-fpm restart

done

Thanks….

install Apache OpenOffice 4.1 on Ubuntu 14.04

Follow these steps to install OpenOffice 4.1 onto Ubuntu 14.04. Just press Ctrl+Alt+T on your keyboard to open Terminal. When it opens, run the command(s) below:

sudo apt-get remove –purge libreoffice* #if installed
sudo apt-get autoremove

Download OpenOffice

For 32 bit

wget http://sourceforge.net/projects/openofficeorg.mirror/files/4.1.0/binaries/en-US/Apache_OpenOffice_4.1.0_Linux_x86_install-deb_en-US.tar.gz

For 64 bit

wget http://sourceforge.net/projects/openofficeorg.mirror/files/4.1.0/binaries/en-US/Apache_OpenOffice_4.1.0_Linux_x86-64_install-deb_en-US.tar.gz

Extract the file

tar -xvfz Apache_OpenOffice_4.1.0_Linux_x86_install-deb_en-US.tar.gz (for 32bit)

tar -xvfz Apache_OpenOffice_4.1.0_Linux_x86-64_install-deb_en-US.tar.gz (for 64bit)

cd en-US/DEBS/

dpkg -i *.deb

cd en-US/DEBS/desktop-integration

dpkg -i *.deb

make sure that you have the space between the command dpkg and the -i

Install memcached server and PHP memcache, memcached extensions on centos

Here I summary the steps of installing memcached server and PHP memcached/memcache extension which are working on CentOS 6.2.

A. Install memcached server

A good reference is Here. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. My steps are:

$ sudo rpm -Uvh http://mirrors.kernel.org/fedora-epel/6/x86_64/epel-release-6-7.noarch.rpm
$ sudo yum install memcached
$ /etc/init.d/memcached start

3-steps to install memcached server and make it running, very simple.

B. install PHP memcache extension

The installation of PHP memcache extension is much easier than memcached extension. At this point, memcache extension is quicker solution. Just 1 step:

$ sudo pecl install memcache

C. install PHP memcached extension

It is a challenge to install PHP’s memcached extension. A good article is here for the installation. There are 2 pre-required packaged are needed:

• libevent
• libmemcached

(1) First we need to install libevent support libaray (http://libevent.org/)

$ wget https://github.com/downloads/libevent/libevent/libevent-2.0.20-stable.tar.gz
$ tar xzvf libevent-2.0.20-stable.tar.gz
$ cd libevent-2.0.20-stable
$ ./configure
$ make
$ sudo make install

(2) Second install libmemcached. I try to find the latest stable version of libmemcached which is used by PHP’s memcached.
$ wget https://launchpad.net/libmemcached/1.0/1.0.12/+download/libmemcached-1.0.12.tar.gz
$ tar xzvf libmemcached-1.0.12.tar.gz
$ cd libmemcached-1.0.12
$ ./configure && $ make && $ sudo make install
$ sudo pecl install memcached
The pecl will auto install memached latest version 2.1 into server. However it is NOT work, because libmemcached’s version(1.0.12) is not compatible with PHP memcached version(2.1)

(3) I googled and tried a lower version of libmemcached: Using 1.0.10 instead of 1.0.12

$ wget http://download.tangent.org/libmemcached-1.0.10.tar.gz
$ ./configure –with-memcached; make; sudo make install
// then:
$ sudo pecl install memcached

It works! So the key here is the version compatible of libevent, libmemcached, and PHP memcached.

C. Add in php.ini as extensions

After all the parts work fine, now adding them into php.ini to make they are the PHP extension which can be quickly shared.
$ sudo vi /etc/php.ini:

[memcached]
extension=memcached.so

[memcache]
extension=memcache.so

After the adding, restart httpd server to make it activiate:
$ sudo /etc/init.d/httpd restart
$ sudo /etc/init.d/memcached restart

By using phpinfo.php, or ‘pecl list’, we can see all memcached, memcache extensions are available.
By the way, PHP official site have complete documents for these wonderful cache systems.

1. Memcache: http://www.php.net/manual/en/book.memcache.php
2. Memcached: http://www.php.net/manual/en/book.memcached.php
3. Mongo: http://www.php.net/manual/en/book.mongo.php

 

Thanks..

Install MongoDB with Windows XAMPP

I found a useful article How to install MongoDB to use with XAMPP on Windows when I struggled with the correct version of php_mongo.dll.

Step1

Installing MongoDB

1. Download MongoDB from http://www.mongodb.org/downloads
2. Extract the archive
3. Open Command Prompt
4. Goto mongodb\bin folder
5. Type to create DB repository and start daemon:

mkdir C:\mongodb\db
mongod.exe –dbpath=C:\mongodb\db

Step2

Check your Php version by going to http://localhost/xampp/phpinfo.php
note down the following from the below image
first the php version(here 5.3) then the php extension build (here ts,vc6)

1. Download MongoDB driver from github.com/mongodb/mongo-php-driver/downloads
2. Extract driver and copy the dll that matches your php version installed on your xampp (here mongo-1.1.4-php5.3vc6ts) and put to php/ext folder
3. Open php.ini file
4. Append this extension=php_mongo.dll, save php.ini file, and then restart your web server.

if every thing went fine then

1. Point your browser at localhost and select your language, then phpinfo() from the left menu
2. Make sure there’s a Mongo section

The core is the ‘PHP Extension Build: API20090626,TS,VC6‘ option in localhost/xampp/phpinfo.php, the ‘TS,VC6‘ here is important for download correct php_mongo.dll version, others corrupt.

Step 3

Try out this example from here http://www.php.net/manual/en/mongo.tutorial.php to test mongodb is working

 

Thanks…

Add a 3rd open-source application into PHP extension on Centos

In a Linux CentOS 64-Bit server, I have 2 sets of web environment:(web-server, database-server, tools, commands etc)

• 1 is default by CentOS itself;
• 1 is from xampp (apachefriends.org) package.

Sometimes they are conflicts with each other: php commands, mysql commands, httpd, conf files, log, lock files etc.
if missing path, they will point to wrong path, so I have to use:
$ whereis, which, type
to find the right location.

This is not the worst. While I tried to add a 3rd-module as a php extension, the Ambiguous environments prevent it from working. I encountered some problems and when googled, I found the solutions are scattered and incomplete, so here I summarized what I did to make it successfully work from a very basic installed CentOS 6.2 server.

Get CentOS version

Because 3rd application needs Linux version supports, so first we need to find out CentOS server version, using the following commands:

$ cat /etc/redhat-release
$ cat /etc/issue
CentOS release 6.2 (Final)
//or:
$ rpm -q centos-release
centos-release-6-2.el6.centos.7.x86_64

Some potential issues

problems: xampp’s application are 32-bit LSB environments, which CentOS are 64-bits. It doesn’t matter 32-bit xampp can work in 64-bit CentOS. But 64-bit 3rd pacakge can not work in 32-bit xmp PHP environment.

$ file /opt/lampp/bin/php
php: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.0, stripped

$ file /usr/bin/php
php: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

So do for other commands. 32-bit and 64-bit shared dynamic objects are not Compatible, so the package runned by /opt/lampp/bin/php *CAN NOT* compatible with /usr/sbin/php environment. By default CentOS doesn’t include development tools; if need, I have to install by myself.

Since the server has very basic installation, I had to install the development tools before the php-extension.

The following development tools are needed to build the development environment:
1) g++/c++ enivronment(include autoconf, automake, m4, gnulib, libtool etc) which 3rd source codes are need to compile and build.
2) php development environment(include phpize, php-config etc) which extends 3rd library into PHP extension.

CentOS has wonderful yum for the package management, while Unbuntu has apt-get. Here we use yum to install system development environment:

$ yum grouplist
//1. for ./configure, make, automake, autoconf.
$ sudo yum groupinstall ‘Development tools’

//2. forphpize, php-chkconfig.
$ sudo yum install php-devel

Follow the prompt to install. That’s it.

General steps for 3rd open sources installation

After setup the environment, it’s time to install 3rd open-source PHP-extension. Suppose the library is called demo, Here I list the common steps to do so:

//1. download sources:
$ wget demo.tar.bz2
$ tar xvjf demo.tar.bz2
$ cd demo

//2. compile and make install
$ ./configure –prefix=…; make; sudo make install

//3. Here we generate .so, .la files. Then add the libaray as php extension:
$ cd php-extension

//4. make sure the path of phpize and php-config are correct, not confusion
$ whereis phpize; which php-config

//5. make sure ‘phpize’, ‘php-config’ are in the right path.
$ phpize
$./configure –with-demo=… –with-php-config=`which php-config`
$ make; make test; sudo make install

Configure the PHP extension

After demo module’s (demo.so) installation, the next step is to add it as a PHP extension in php.ini.

;[demo]
;extension = demo.so
;scws.default.charset = utf-8
;scws.default.fpath = /usr/local/demo/etc

Restart the http server to make it activate:
$ sudo /etc/init.d/httpd restart
Now there is a new item added into php core: the <demo> section will display correctly when view by phpinfo().

The key is to distinguish different pacakges in a single server, not to confuse with each other:
Which php, phpize, php-config are you using? You can do some extra work in $HOME/.bash_profile, .bashrc to set PATH, and also make sure what files are in what directory.

Also, the following file are common used for checking:

/etc/httpd/conf/httpd.conf
/etc/php.ini
/etc/my.cnf

Thanks..

Samba Server Installation and Configuration on CentOS

Anonymous samba sharing

First I will explain the methodology to install the samba with the anonymous sharing. To install samba run,

yum install samba samba-client samba-common -y

Now configure samba edit the file /etc/samba/smb.conf

mv /etc/samba/smb.conf /etc/samba/smb.conf.bkp

vi /etc/samba/smb.conf

and paste following line:
#========== global Definitions===============
[global]
workgroup = WORKGROUP
server string = Samba Server %v
netbios name = centos
security = user
map to guest = bad user
dns proxy = no
========== Share Definitions ================
[Anonymous]
path = /samba/anonymous
browsable =yes
writable = yes
guest ok = yes
read only = no
create mask = 0755

Save the smb.conf file and restart the service:

mkdir -p /samba/anonymous

service smd restart
service nmb restart

change permission for samba share:

chmod -R 0755 anonymous/ chown -R nobody:nobody anonymous/

Further we need to allow the selinux for the samba configuration as follows:

chcon -t samba_share_t anonymous/

Thanks……

PHPMYADMIN installation on CentOS 6.5

1. install phpmyadmin

yum -y install phpmyadmin

1. Configuring PhpMyAdmin for Apache

Edit file —> /etc/httpd/conf.d/phpMyAdmin.conf

lias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

Comment below section to allow everyone
<Directory /usr/share/phpMyAdmin/>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from All
Allow from 192.168.1.0/24 —————–> add ip mask
Allow from ::1
</IfModule>
</Directory>

1. start service

service httpd restart

1. access phpmyadmin page

http://localhostipaddress/phpMyAdmin

username: root
Password: Password —————> mysql password

Installing MariaDB with centos

For CentOS, RedHat, and Fedora, it is highly recommended to install from a repository using yum. This page walks you through the simple steps.

Adding the MariaDB YUM Repository

We currently have repositories for CentOS 5, CentOS 6, RHEL 5, RHEL 6, Fedora 16, and Fedora 17.

Once you have your MariaDB.repo entry, add it to a file under /etc/yum.repos.d/. (We suggest something like /etc/yum.repos.d/MariaDB.repo.)

An example MariaDB.repo

Create MariaDB repository

#vi /etc/yum.repos.d/mariadb

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

(save & exit)

yum -y update

Installing MariaDB

With the repo file in place you can now install MariaDB like so:

sudo yum install MariaDB-server MariaDB-client
service mysql start
chkconfig –levels 235 mysql on
/usr/bin/mysql_secure_installation

Enter current password for root (enter for none):  (Enter)
Set root password? [Y/n] y    (type password)
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

Thanks for using MariaDB!

mysql -u root -p

vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT

service iptables restart

configure database from remote access through mariadb

login in mysql e.g. # mysql -u root -p

MariaDB [(none)]> GRANT ALL PRIVILEGES ON . TO ‘root’@’192.168.1.%’ IDENTIFIED BY ‘password’ WITH GRANT OPTION;

MariaDB [(none)]> SELECT User, Host FROM mysql.user WHERE Host <> ‘localhost’;

MariaDB [(none)]> exit

veryfiy from remote connectivity

in remote machine open terminal

$ telenet <IP Address > <port i.e 3306>

output:
Trying <IP Address>…
Connected to <IP Address>.
Escape character is ‘^]’.
Y
5.5.5-10.0.14-MariaDB
l[b])TJ ?� T$SV7Oh@Co(smysql_native_passwordConnection closed by foreign host.

Thank you…

How To Install Apache Tomcat 7 on Ubuntu 14.04

About Apache Tomcat

Apache Tomcat is an application server that is used to serve Java applications to the web. Tomcat is an open source implementation of the Java Servlet and JavaServer Pages technologies, released by the Apache Software Foundation.
This tutorial covers the basic installation and some configuration of Tomcat 7.0.x, the latest stable version at the time of writing, on your Ubuntu 14.04 VPS.
There are two basic ways to install Tomcat on Ubuntu:

• Install through apt-get. This is the simplest method.
• Download the binary distribution from the Apache Tomcat site. This guide does not cover this method; refer to Apache Tomcat Documentation for instructions.

For this tutorial, we will use the simplest method: apt-get. Please note that this will install the latest release of Tomcat that is in the official Ubuntu repositories, which may or may not be the latest release of Tomcat. If you want to guarantee that you are installing the latest version of Tomcat, you can always download the latest binary distribtion.

Step One — Prerequisites

Before you begin with this guide, you should have a separate, non-root user account set up on your server. You can learn how to do this by completing steps 1-4 in the initial server setup for Ubuntu 14.04. We will be using the demo user created here for the rest of this tutorial.

Step Two – Install Tomcat

The first thing you will want to do is update your apt-get package lists:

sudo apt-get update

Now you are ready to install Tomcat. Run the following command to start the installation:

sudo apt-get install tomcat7

Answer yes at the prompt to install tomcat. This will install Tomcat and its dependencies, such as Java, and it will also create the tomcat7 user. It also starts Tomcat with its default settings.

Tomcat is not completely set up yet, but you can access the default splash page by going to your domain or IP address followed by :8080 in a web browser:

http://your_ip_address:8080

You will see a splash page that says “It works!”, in addition to other
information. Now we will go deeper into the installation of Tomcat.

Step Three – Installing Additional Packages

Note: This section is not necessary if you are already familiar with Tomcat and you do not need to use the web management interface, documentation, or examples. If you are just getting into Tomcat for the first time, please continue.
With the following command, we will install the Tomcat online documentation, the web interface (manager webapp), and a few example webapps:

sudo apt-get install tomcat7-docs tomcat7-admin tomcat7-examples

Answer yes at the prompt to install these packages. We will get into the usage and configuration of these tools in a later section. Next, we will install the Java Development Kit.

Step Four – Install Java Development Kit (Optional)

If you are planning on developing apps on this server, you will want to be sure to install the software in this section.
The Java Development Kit (JDK) enables us to develop Java applications to run in our Tomcat server. Running the following command will install openjdk-7-jdk:
sudo apt-get install default-jdk
In addition to JDK, the Tomcat documentation suggests also installing
Apache Ant, which is used to build Java applications, and a source
control system, such as git. Let’s install both of those with the
following command:
sudo apt-get install ant git
For more information about Apache Ant, refer to the official manual.
For a tutorial on using git, refer to DigitalCloud’s Git Tutorial.

Step 5 – Configure Tomcat Web Management Interface

In order to use the manager webapp installed in Step 3, we must add a login to our Tomcat server. We will do this by editing the tomcat-users.xml file:

sudo nano /etc/tomcat7/tomcat-users.xml

This file is filled with comments which describe how to configure the file. You may want to delete all the comments between the following two lines, or you may leave them if you want to reference the examples:

 <tomcat-users>
</tomcat-users> 

You will want to add a user who can access the manager-gui and admin-gui (the management interface that we installed in Step Three). You can do so by defining a user similar to the example below. Be sure to change the password and username if you wish:

 <tomcat-users>
    <user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>

Save and quit the tomcat-users.xml file. To put our changes into effect, restart the Tomcat service:

sudo service tomcat7 restart

Step 6 – Access the Web Interface

Now that we’ve configured an admin user, let’s access the web
management interface in a web browser:
http://your_ip_address:8080

You will see something like the following image:

As you can see, there are four links to packages you installed in Step Three:

• tomcat7-docs: Online documentation for Tomcat. Accessible via http://your_ip_address:8080/docs/
• tomcat7-examples: Tomcat 7 Servlet and JSP examples. You can click through the example webapps to get a basic idea of how they work (and also look at the source code to see how they were implemented). Accessible via http://your_ip_address:8080/examples/
• tomcat7-admin (manager-webapp): Tomcat Web Application Manager. This will allow you to manage and your Java applications.
• tomcat7-admin (host-manager): Tomcat Virtual Host Manager.

Let’s take a look at the Web Application Manager, accessible via the link or http://your_ip_address:8080/manager/html:

The Web Application Manager is used to manage your Java applications. You can Start, Stop, Reload, Deploy, and Undeploy here. You can also run some diagnostics on your apps (i.e. find memory leaks). Lastly, information about your server is available at the very bottom of this page.
Now let’s take a look at the Virtual Host Manager, accessible via the link or http://your_ip_address:8080/host-manager/html/:

From the Virtual Host Manager page, you can add virtual hosts to serve your applications in.

Finished!

Your installation of Tomcat is complete! Your are now free to deploy your own webapps!

How To Install Linux, nginx, MySQL, PHP, PhpMyadmin on CentOS 6

Step One—Install the Required Repositories

We will be installing all of the required software with Yum. However, because neither nginx nor php-fpm are available straight from CentOS, we need to download two extra repositories to our virtual private server first.

sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Step Two—Install MySQL

The next step is to begin installing the server software on the virtual private server, starting with MySQL and dependancies.

sudo yum install mysql mysql-server
Once the download is complete, restart MySQL:
sudo /etc/init.d/mysqld restart
You can do some configuration of MySQL with this command:
sudo /usr/bin/mysql_secure_installation

The prompt will ask you for your current root password.
Since you just installed MySQL, you most likely won’t have one,
so leave it blank by pressing enter.
Enter current password for root (enter for none): 
OK, successfully used password, moving on...
Then the prompt will ask you if you want to set a root password.
Go ahead and choose Y and follow the instructions.
CentOS automates the process of setting up MySQL,
asking you a series of yes or no questions.
It’s easiest just to say Yes to all the options. At the end,
MySQL will reload and implement the changes.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to 
have a user account created for them.  This is intended 
only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y                                            
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

 Step Three—Install nginx

As with MySQL, we will install nginx on our virtual private server using yum:
sudo yum install nginx
nginx does not start on its own. To get nginx running, type:
sudo /etc/init.d/nginx start
You can confirm that nginx has installed on your virtual private server
by directing your browser to your IP address.
You can run the following command to reveal your server’s IP address.
ifconfig eth0 | grep inet | awk ‘{ print $2 }’

 Step Four—Install PHP

The php-fpm package is located within the REMI repository, which, at this point, is disabled. The first thing we need to do is enable the REMI repository and install php and php-fpm:

sudo yum –enablerepo=remi install php-fpm php-mysql

 Step Five—Configure php

We need to make one small change in the php configuration. Open up php.ini:
sudo vi /etc/php.ini
Find the line, cgi.fix_pathinfo=1, and change the 1 to 0.
cgi.fix_pathinfo=0

If this number is kept as a 1, the php interpreter will do its best to process the file that is as near to the requested file as possible. This is a possible security risk. If this number is set to 0, conversely, the interpreter will only process the exact file path—a much safer alternative.
Save and Exit.

 Step Six—Configure nginx

Open up the default nginx config file:
sudo vi /etc/nginx/nginx.conf

Raise the number of worker processes to 4 then save and exit that file.

Now we should configure the nginx virtual hosts.

In order to make the default nginx file more concise, the virtual host details are in a different location.

sudo vi /etc/nginx/conf.d/default.conf
The configuration should include the changes below
(the details of the changes are under the config information):

 #
# The default server
#
server {
    listen       80;
    server_name example.com;

   
    location / {
        root   /usr/share/nginx/html;
        index index.php  index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        root           /usr/share/nginx/html;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

 Here are the details of the changes:

• Add index.php within the index line.

• Change the server_name to your domain name or IP address (replace the example.com in the configuration)

• Change the root to /usr/share/nginx/html;

• Uncomment the section beginning with “location ~ \.php$ {“,

• Change the root to access the actual document root, /usr/share/nginx/html;

• Change the fastcgi_param line to help the PHP interpreter find the PHP script that we stored in the document root home.

Save and Exit Open up the php-fpm configuration: sudo vi /etc/php-fpm.d/www.conf Replace the apache in the user and group with nginx: […] ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user’s group ; will be used. ; RPM: apache Choosed to be able to access some dir as httpd user = nginx ; RPM: Keep a group allowed to write in log dir. group = nginx […] Finish by restarting php-fpm. sudo service php-fpm restart

Step Seven—RESULTS: Create a php info page

Although LEMP is installed, we can still take a look and see the components online by creating a quick php info page To set this up, first create a new file: sudo vi /usr/share/nginx/html/info.php Add in the following line: <?php phpinfo(); ?> Then Save and Exit. Restart nginx so that all of the changes take effect: sudo service nginx restart Finish up by visiting your php info page (make sure you replace the example ip address with your correct one): http://12.34.56.789/info.php It should look similar to this.

Step Eight—Set Up Autostart

You are almost done. The last step is to set all of the newly installed programs to automatically begin when the VPS boots. sudo chkconfig –levels 235 mysqld on sudo chkconfig –levels 235 nginx on sudo chkconfig –levels 235 php-fpm on

Step Nine –– Download phpMyAdmin

We are finally ready to install and configure phpMyAdmin. This will pull in the required dependencies, including a web server to handle the administration interface. Type:
sudo yum install phpmyadmin
You may be asked to confirm once or twice,
and then the packages will be downloaded and installed.
Configure Nginx Files
sudo nano /etc/nginx/conf.d/default.conf

Add line

 location /phpmyadmin {
      alias /usr/share/phpMyAdmin/;

try making a symlink to the phpMyAdmin folder:
ln -s /usr/share/phpmyadmin /usr/share/nginx/html
Finish.
Thanku…

Hadoop 2.4.0 (Single Node Cluster)

Step 1. Install JAVA/JDK

 Java is the primary requirement for running hadoop on any system, So make sure you have java installed on your system using following command.

java -version

java version “1.8.0_05”
Java(TM) SE Runtime Environment (build 1.8.0_05-b13)
Java HotSpot(TM) Client VM (build 25.5-b02, mixed mode)

Step 2. Download Hadoop 2.4.0

Now download hadoop 2.4.0 source archive file using below command. You can also select alternate download mirror for increasing download speed.

$ cd ~
$ wget http://apache.claz.org/hadoop/common/hadoop-2.4.0/hadoop-2.4.0.tar.gz
$ tar xzf hadoop-2.4.0.tar.gz

 Step 3. Configure Hadoop 2.4.0

First we need to set environment variable uses by hadoop. Edit ~/.bashrc file and append following values at end of file.

export HADOOP_HOME=/home/hadoop/hadoop
export HADOOP_INSTALL=$HADOOP_HOME
export HADOOP_MAPRED_HOME=$HADOOP_HOME
export HADOOP_COMMON_HOME=$HADOOP_HOME
export HADOOP_HDFS_HOME=$HADOOP_HOME
export YARN_HOME=$HADOOP_HOME
export HADOOP_COMMON_LIB_NATIVE_DIR=$HADOOP_HOME/lib/native
export PATH=$PATH:$HADOOP_HOME/sbin:$HADOOP_HOME/bin

Now apply the changes in current running environment
$ source ~/.bashrc
Now edit $HADOOP_HOME/etc/hadoop/hadoop-env.sh file and set JAVA_HOME environment variable

 export JAVA_HOME=/opt/jdk1.8.0_05/

Edit Configuration Files

Hadoop has many of configuration files, which need to configure as per requirements of your hadoop infrastructure. Lets start with the configuration with basic hadoop single node cluster setup. first navigate to below location

$ cd $HADOOP_HOME/etc/hadoop

Edit core-site.xml

<configuration>
<property>
  <name>fs.default.name</name>
    <value>hdfs://localhost:9000</value>
</property>
</configuration>

Edit hdfs-site.xml

<configuration>
<property>
 <name>dfs.replication</name>
 <value>1</value>
</property>

<property>
  <name>dfs.name.dir</name>
    <value>file:///home/hadoop/hadoopdata/hdfs/namenode</value>
</property>

<property>
  <name>dfs.data.dir</name>
    <value>file:///home/hadoop/hadoopdata/hdfs/datanode</value>
</property>
</configuration>

Edit mapred-site.xml

<configuration>
 <property>
  <name>mapreduce.framework.name</name>
   <value>yarn</value>
 </property>
</configuration>

Edit yarn-site.xml

<configuration>
 <property>
  <name>yarn.nodemanager.aux-services</name>
    <value>mapreduce_shuffle</value>
 </property>
</configuration>

Format Namenod

Now format the namenode using following command, make sure that Storage directory is

$ hdfs namenode -format

 [Sample output]

14/05/04 21:30:55 INFO namenode.NameNode: STARTUP_MSG:
/************************************************************
STARTUP_MSG: Starting NameNode
STARTUP_MSG:   host = svr1.tecadmin.net/192.168.1.11
STARTUP_MSG:   args = [-format]
STARTUP_MSG:   version = 2.4.0
...
...
14/05/04 21:30:56 INFO common.Storage: Storage directory /home/hadoop/hadoopdata/hdfs/namenode has been successfully formatted.
14/05/04 21:30:56 INFO namenode.NNStorageRetentionManager: Going to retain 1 images with txid >= 0
14/05/04 21:30:56 INFO util.ExitUtil: Exiting with status 0
14/05/04 21:30:56 INFO namenode.NameNode: SHUTDOWN_MSG:
/************************************************************
SHUTDOWN_MSG: Shutting down NameNode at svr1.tecadmin.net/192.168.1.11
************************************************************/

Step 4. Setup Hadoop User

We recommend to create a normal (nor root) account for hadoop working. So create a system account using following command.

useradd hadoop # passwd hadoop

After creating account, it also required to set up key based ssh to its own account.
To do this use execute following commands.
su – hadoop
$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 0600 ~/.ssh/authorized_keys

Lets verify key based login. Below command should not ask for password but first time it will prompt for adding RSA to the list of known hosts.
$ ssh localhost
$ exit

 Step 5. Start Hadoop Cluster

Lets start your hadoop cluster using the scripts provides by hadoop. Just navigate to your hadoop sbin directory and execute scripts one by one.

$ cd $HADOOP_HOME/sbin/
Now run start-dfs.sh script.

  $ start-dfs.sh

[Sample output]
14/05/04 21:37:56 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable
Starting namenodes on [localhost]
localhost: starting namenode, logging to /home/hadoop/hadoop/logs/hadoop-hadoop-namenode-svr1.tecadmin.net.out
localhost: starting datanode, logging to /home/hadoop/hadoop/logs/hadoop-hadoop-datanode-svr1.tecadmin.net.out
Starting secondary namenodes [0.0.0.0]
0.0.0.0: starting secondarynamenode, logging to /home/hadoop/hadoop/logs/hadoop-hadoop-secondarynamenode-svr1.tecadmin.net.out
14/05/04 21:38:16 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java classes where applicable

Now run start-yarn.sh script.

  $ start-yarn.sh

[Sample output]
starting yarn daemons
starting resourcemanager, logging to /home/hadoop/hadoop/logs/yarn-hadoop-resourcemanager-svr1.tecadmin.net.out
localhost: starting nodemanager, logging to /home/hadoop/hadoop/logs/yarn-hadoop-nodemanager-svr1.tecadmin.net.out

Thanks…

How to Install Skype Using Terminal on Ubuntu

Skype is a chat software that enables people to communicate with each other through plain chatting and voice or video chat. Millions of individuals and businesses use Skype to make free video and voice calls, send instant messages and share files with other Skype users.

1.Open Terminal by pressing ^ Ctrl+⎇ Alt+T and type or copy/paste following command line: sudo apt-get install libqt4-dbus libqt4-network libqt4-xml libasound2 and hit Enter.

2.When you are done downloading the dependency packages, copy/paste the following command in the terminal:

• Skype 32-bit: wget http://www.skype.com/go/getskype-linux-beta-ubuntu-32 and hit Enter.
• Skype 64-bit: wget http://www.skype.com/go/getskype-linux-beta-ubuntu-64 and hit Enter.

3.When that’s finished downloading, copy/paste the following command to the terminal: sudo dpkg -i getskype-* and hit Enter.

4.Now copy/paste the following command to the terminal to finish installing: sudo apt-get -f install and hit Enter.

5.After Skype is installed, close your Terminal.

6.To run Skype, press your ⊞ Winwindows key (or the key beside ⎇ Alt) to open Dash and type ‘skype’ in the search bar.

7.Read the Skype “End User License Agreement”, choose your language and click on the ‘I agree’ button.

8.Now you’re ready to use Skype!

Thanks…..

MYSQL server installation on Cent OS.

MYSQL server installation on Cent OS.

1. Install mysql package on server.

yum -y install mysql mysql-server

1. MySQL starts automatically whenever the system boots.

chkconfig –levels 35 mysqld on [apply]
chkconfig –list mysqld [check]

1. start MySQL service

/etc/init.d/mysqld start

1. Set passwords for the MySQL root account:

mysql_secure_installation

[Press Enter whenever asking & configure root password]

1. Understand MySQL access
   mysql -u root -p —->ENTER MYSQL PASSWORD

mysql> SHOW VARIABLES LIKE “%version%”; —–> CHECK VERSION

mysql> SHOW DATABASES; ———–> CHECK DATABASE

mysql> CREATE DATABASE kesaridb; ————–>CREATE DATABASE

mysql> use kesaridb; ————-> USE DATABASE<NAME>

mysql> create table mysql_auth ( ———->CREATE TABLE UNDER DATABASE
-> username char(25) not null,
-> passwd char(32),
-> groups char(25),
-> primary key (username)
-> );

mysql> SHOW TABLES; ——-> CHECK TABLE CREATE OR NOT

mysql> GRANT ALL PRIVILEGES ON . TO ‘root’@’%’ IDENTIFIED BY ‘password$’ WITH GRANT OPTION; —-> GIVE PRIVALAGE FOR ROOT USER

mysql> SELECT user,host,password FROM mysql.user; ———> CHECK USER PASSWORD

1. access mysql through Telnet (e.g. RemoteIP Address)
   telnet [IP Address& port number]

Thnaks…….

How to install mysql-workbench on CentOS

required RPM
mysql-workbench-community-6.1.7-1.el6.i686.rpm
rpm -ivh libzip-0.9-3.1.el6.x86_64.rpm
yum -y install tinyxml

1. DOWNLOAD mysql-workbench from http://dev.mysql.com/downloads/file.php?id=452669

2. on this page scroll down and check No thanks, just start my download.

3. libzip depenadancy download from here

http://rpm.pbone.net/index.php3/stat/4/idpl/25009517/dir/centos_6/com/libzip-0.9-3.1.el6.x86_64.rpm.html

1. installation done.

mysql-workbench or Application—Programming—-mysql-workbench.

WordPress install on Ubuntu server

Step One — Install the Nginx Web Server
sudo apt-get update
sudo apt-get install nginx

you can find it by typing one of the following into your terminal:
ip addr show eth0 | grep inet | awk ‘{ print $2; }’ | sed ‘s/\/.*$//’

Browser web page
http://server_domain_name_or_IP

Step Two — Install MySQL to Manage Site Data

sudo apt-get install mysql-server
sudo mysql_install_db
sudo mysql_secure_installationStep Three — Install PHP for Processing
sudo apt-get install php5-fpm php5-mysqlOpen the main php5-fpm configuration file with root privileges:
sudo gedit /etc/php5/fpm/php.ini

We will change both of these conditions by uncommenting the line and setting it to “0” like this:
cgi.fix_pathinfo=0

Save & Exit

Now, we just need to restart our PHP processor by typing:
sudo service php5-fpm restart

Step Four — Configure Nginx to Use our PHP Processor
We do this on the server block level (server blocks are similar to Apache’s virtual hosts). Open the default Nginx server block configuration file by typing:
sudo gedit /etc/nginx/sites-available/default

Currently, with the comments removed, the Nginx default server block file looks like this:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;

root /usr/share/nginx/html;
index index.html index.htm;

server_name localhost;

location / {
try_files $uri $uri/ =404;
}
}

We need to make some changes to this file for our site.
The changes that you need to make are in red in the text below:

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;

root /usr/share/nginx/html;
index index.php index.html index.htm;

server_name server_domain_name_or_IP;

location / {
try_files $uri $uri/ =404;
}

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

Now, we just need to restart our PHP processor by typing:
sudo service nginx restart

Step Five — Create a PHP File to Test Configuration

sudo gedit /usr/share/nginx/html/info.php
We can type this into the new file. This is valid PHP code that will return formatted information about our server:
<?php
phpinfo();
?>

save and close the file.

Browser web page
http://server_domain_name_or_IP/info.php

For now, remove the file by typing:
sudo rm /usr/share/nginx/html/info.php

How To Install WordPress with Nginx on Ubuntu 14.04

Step One — Create a MySQL Database and User for WordPress

mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY ‘password’;
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
FLUSH PRIVILEGES;
exit

Step Two — Download WordPress to your Server

cd ~
wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
sudo apt-get update
sudo apt-get install php5-gd libssh2-php

Step Three — Configure WordPress

cd ~/wordpress
cp wp-config-sample.php wp-config.php
sudo gedit wp-config.php

We can find these parameters in this file and set them up to use the database and user details that we created. My file looks like this:

. . .
// ** MySQL settings – You can get this info from your web host ** //
/** The name of the database for WordPress */
define(‘DB_NAME’, ‘wordpress’);

/** MySQL database username */
define(‘DB_USER’, ‘wordpressuser’);

/** MySQL database password */
define(‘DB_PASSWORD’, ‘password’);
. . .

save and close the file.

Step Four — Copy the Files to the Document Root

sudo mkdir -p /var/www/html
sudo rsync -avP ~/wordpress/ /var/www/html/
cd /var/www/html/
sudo chown -R kesari:www-data /var/www/html/*
mkdir wp-content/uploads
sudo chown -R :www-data /var/www/html/wp-content/uploads

Step Five — Modify Nginx Server Blocks
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wordpress

sudo nano /etc/nginx/sites-available/wordpress
We will want to make the following changes:

server {
listen 80; ##default_server;
#listen [::]:80 default_server ipv6only=on;

root /var/www/html;
index index.php index.html index.htm;

server_name IP Address;

location / {
try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?q=$uri&$args;
}

error_page 404 /404.html;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location ~ .php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}

save and close the file.

sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart
sudo service php5-fpm restart

Step Six — Complete the Installation through the Web Interface

http://ip address/wp-admin
wordpressuser
password

Step Six (Optional) — Configure Pretty Permalinks for WordPress
http://ip address/wp-admin

Modifying Apache to Allow URL Rewrites
sudo nano /etc/apache2/sites-available/000-default.conf
This should look something like this:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName server_domain_name_or_IP
<Directory /var/www/html/>
AllowOverride All
</Directory>
. . .

save and close the file.

which allows you to modify URLs.
sudo a2enmod rewrite
sudo service nginx restart

Create an .htaccess File
Type this to create an empty file:
touch /var/www/html/.htaccess

sudo chown :www-data /var/www/html/.htaccess
chmod 664 /var/www/html/.htaccess
chmod 644 /var/www/html/.htaccess

Change the Permalink Settings in WordPress.

Copy the lines that WordPress gives you and then edit file on your server:
sudo gedit /var/www/html/.htaccess

How To Use WPScan to Test for Vulnerable Plugins and Themes in WordPress
Download and Install WPScan
sudo apt-get install git
sudo apt-get install libcurl4-gnutls-dev libopenssl-ruby libxml2 libxml2-dev libxslt1-dev ruby-dev ruby1.9.3
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
sudo gem install bundler && bundle install –without test development

Enumerating Plugins
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate p
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate vp

Enumerating Themes
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate t
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate vt
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate u
sudo ruby wpscan.rb –url http://www.yoursiteurl.com –enumerate tt

To update wpscan:
sudo ruby wpscan.rb –update

How to setup FTP server on ubuntu 14.04 ( VSFTPD )
sudo apt-get update
sudo apt-get install vsftpd

After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
write_enable=YES
local_umask=022
chroot_local_user=YES

and add the following line at the end.
allow_writeable_chroot=YES
pasv_enable=Yes
pasv_max_port=40000
pasv_min_port=40100

Save & Close

sudo service vsftpd restart

sudo useradd -m john -s /usr/sbin/nologin
sudo passwd john

Open
sudo gedit /etc/shells

copy line at the end.
/usr/sbin/nologin

Securing FTP ( SFTP ) Installation
sudo apt-get install openssh-server

open sudo gedit /etc/vsftpd.conf
add the below line to enable ssl.
ssl_enable=Yes
sudo groupadd ftpaccess

Now make changes in this /etc/ssh/sshd_config file.
Find the below line
Subsystem sftp /usr/lib/openssh/sftp-server

and replace with
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
and comment the below line ( Last line).
#UsePAM yes

sudo service vsftpd restart
sudo service ssh restart

sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin
sudo passwd john
sudo chown root /home/john
sudo mkdir /home/john/www
sudo chown john:ftpaccess /home/john/www

CASSANDRA INSTALLATION ON UBUNTU SERVER

CASSANDRA INSTALLATION ON UBUNTU SERVER
—————————————-

Required Java for cassandra

Let’s install java

— add java repository on ubuntu

$ sudo add-apt-repository ppa:webupd8team/java

$ sudo apt-get update

$ sudo apt-get install oracle-java8-installer

note: this package default install on /usr/lib/jvm folder.

now change “java” default directory.

$ sudo mkdir /usr/local/java

$ cd /usr/lib/jvm/

$ sudo mv java-8-oracle /usr/local/java

$ sudo vi /etc/profile

add this line in bottom

JAVA_HOME=/usr/local/java/java-8-oracle
PATH=$PATH:$HOME/bin:$JAVA_HOME/bin
JRE_HOME=/usr/local/java/java-8-oracle
PATH=$PATH:$HOME/bin:$JRE_HOME/bin
export JAVA_HOME
export JRE_HOME
export PATH

———– save & exit ————–

$ sudo update-alternatives –install “/usr/bin/java” “java” “/usr/local/java/java-8-oracle/bin/java” 1

$ sudo update-alternatives –install “/usr/bin/javac” “javac” “/usr/local/java/java-8-oracle/bin/javac” 1

$ sudo update-alternatives –install “/usr/bin/javaws” “javaws” “/usr/local/java/java-8-oracle/bin/javaws” 1

$ sudo update-alternatives –set java /usr/local/java/java-8-oracle/bin/java

$ sudo update-alternatives –set javac /usr/local/java/java-8-oracle/bin/javac

$ sudo update-alternatives –set javaws /usr/local/java/java-8-oracle/bin/javaws

---

REBOOT YOUR SYSTEM

---

$ java -version

RESULT: java version “1.8.0_11″

$ echo $JAVA_HOME

RESULT: /usr/local/java/java-8-oracle

NOW DOWNLOAD CRASSANDA

cd ~/temp

$ wget https://archive.apache.org/dist/cassandra/apache-cassandra-1.2.16-bin.tar.gz

$ tar -xvzf apache-cassandra-1.2.16-bin.tar.gz

$ mv apache-cassandra-1.2.16 ~/cassandra

$ sudo mkdir /var/lib/cassandra

$ sudo mkdir /var/log/cassandra

$ sudo chown -R $USER:$GROUP /var/lib/cassandra

$ sudo chown -R $USER:$GROUP /var/log/cassandra

Now set Cassandra’s variables by running: THIS COMMAND RUN ON TERMINAL

export CASSANDRA_HOME=~/cassandra

export PATH=$PATH:$CASSANDRA_HOME/bin

$ vi ~/cassandra/conf/cassandra-env.sh

search : JVM_OPTS=”$JVM_OPTS -Xss180k”

and changing it to:

JVM_OPTS=”$JVM_OPTS -Xss280k”

Running Cassandra

$ sudo sh ~/cassandra/bin/cassandra

and then run:

$ sudo sh ~/cassandra/bin/cassandra-cli

HOW TO CONNECT ” CASSANDRA ”

You can start the CLI using the bin/cassandra-cli script in your Cassandra installation

$ cd ~/ cassandra

$ sudo sh bin/cassandra-cli

after cassandra start, You see output similer like this;

—— Welcome to cassandra CLI.
—— Type ‘help;’ or ‘?’ for help. Type ‘quit;’ or ‘exit;’ to quit.

You must then specify a system to connect to:

—— connect localhost/9160;

Creating a Keyspace

—— create keyspace Kesaridb;

To Create A Column

—— create column family User with comparator = UTF8Type;

For the later examples to work you must also update the schema using the following command.

update column family User with
column_metadata =
[
{column_name: first, validation_class: UTF8Type},
{column_name: last, validation_class: UTF8Type},
{column_name: age, validation_class: UTF8Type, index_type: KEYS}
];

To Get Data

—— get User[‘jsmith’];

Thank you!!

How to Setup Chat Server Using Openfire 3.7.1 in Ubuntu Server 12.10

Step-by-Step to Installing and Configure Chat/IM Server using Openfire

Step 1. Login using SSH or Login Directly into ubuntu server 12.10. Before installing Openfire server, make sure your system is up to date. Enter the following commands, one by one, and install any available updates:

sudo apt-get update
sudo apt-get upgrade

Step 2.  Install latest version of Oracle JRE/JDK, use personal package

archieve (PPA) WEBUPD8 to install it.

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update

If you are using OpenJDK, remove it to minimise any Java conflicts
sudo apt-get remove –purge openjdk*
Then install Oracle Java 7 version with following command
sudo apt-get install oracle-java7-installer

Step 3. Install MySql Database server

Install latest version MySQL server using apt-get

sudo apt-get install mysql-server

Step 4. Create new MySQL database for Openfire

Log in to MySQL Server as root.
sudo mysql -u root p
Create the database “dbopenfire”, add new user “openfire” and add
new password “openfirepwd” for user “openfire”.
mysql> CREATE DATABASE dbopenfire CHARACTER SET=’utf8′;
mysql> CREATE USER ‘openfire’@’localhost’ IDENTIFIED BY ‘openfirepwd‘;
mysql> GRANT ALL PRIVILEGES ON dbopenfire.* TO openfire@localhost WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
mysql> quit

Step 5. Download and Install openfire 3.7.1

Download deb. package of Openfire 3.7.1 from ignite realtime download page
cd /tmp
sudo wget http://download.igniterealtime.org/openfire/openfire_3.7.1_all.deb
Install openfire_3.7.1_all.deb with dpkg command:
sudo dpkg -i openfire_3.7.1_all.deb
(Reading database … 85791 files and directories currently installed.)
Preparing to replace openfire 3.6.4 (using openfire_3.7.1_all.deb) …
Unpacking replacement openfire …
Setting up openfire (3.7.1) …
Installing new version of config file /etc/openfire/security/truststore …
Installing new version of config file /etc/init.d/openfire …
Processing triggers for ureadahead …
ureadahead will be reprofiled on next reboot

Ignore all installation errors regarding user and folder permissions.it
cause depending on your version of JRE/JDK, Now you need to editing
file /etc/init/d/openfire in line 27. Replace java-6-sun with java-6-oracle or java-7-oracle.
sudo apt-get install rpl
sudo rpl ‘6-sun‘ ‘7-oracle‘ /etc/init.d/openfire
sudo service openfire start

Step 6.  Allow ports for Openfire

You need to setup firewall and allow some ports for openfire on ubuntu server, use ufw command to set firewall openfire

sudo ufw allow 9090/tcp
sudo ufw allow 9091/tcp
sudo ufw allow 5222/tcp
sudo ufw allow 7777/tcp
sudo ufw allow 7443/tcp
sudo ufw allow 7070/tcp
sudo ufw allow 3478/tcp
sudo ufw allow 3479/tcp

This completes the initial installation steps for Openfire. Next, we’ll continue
with configuration through a web browser

Step 7.  Configuring Openfire Server

Configuring Openfire is very easy and can be completed in just a couple of steps. Here’s how to configure Openfire:

From computer in your network open your favorite browser  and go to :
http://mydomain:9090/setup/index.jsp
Replace mydomain above with your FQDN or IP address of your ubuntu server. The webpage shown below appears:

Thanks….

Install NetBeans IDE 8.0 on Ubuntu 13.10, 14.04

NetBeans is a free and open source IDE (Integrated Development Environment) for developers. NetBeans allows users or developers to quickly build mobile and web applications using HTML, PHP, C and C++.

The latest stable release of NetBeans – IDE 8.0, has been released with following features:

• Java 8 Code Analyzers
• Java 8 Code Editors
• Support for Java SE 8, Java SE Embedded 8 and Java ME Embedded 8
• Enhanced Maven Support
• Enhanced Java EE 7 Support with PrimeFaces
• New Tools for HTML5 and AngularJS
• Improved PHP and C/C++ Support

Step 1: Install Java SE Development Kit (JDK) 8

– NetBeans IDE requires Oracle JDK installed first. Run following commands to install JDK

sudo apt-get purge openjdk*
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

Note: you will be prompted to accept the EULA.

See my earlier post on How to install Orcale JDK for details

– Check Java version to ensure it was installed correctly
java version

Step 2: Download NetBeans Installer

– There are diferent NetBeans IDE download bundles. You can download specific bundle as desired or download for all bundles and select which to install

For HTML5 & PHP

wget http://download.netbeans.org/netbeans/8.0/final/bundles/netbeans-8.0-php-linux.sh

For Java SE

wget http://download.netbeans.org/netbeans/8.0/final/bundles/netbeans-8.0-javase-linux.sh

For Java EE

wget http://download.netbeans.org/netbeans/8.0/final/bundles/netbeans-8.0-javaee-linux.sh

For C/C++

wget http://download.netbeans.org/netbeans/8.0/final/bundles/netbeans-8.0-cpp-linux.sh

For All

wget http://download.netbeans.org/netbeans/8.0/final/bundles/netbeans-8.0-linux.sh

 – For the purpose of this post, I am downloading for ALL

Step 3: Install NetBeans

chmod +x netbeans-8.0-linux.sh

./netbeans-8.0-linux.sh

– On the Welcome screen, you can click ‘customize’ to select which package(s)
to install or simply click Next to install all packages

– Accept Licence Agreement

– Accept default install location

– Click install on Summary page

– Click Finish on completion

Now you can start using NetBeans

 

 Thanks..

Replication of the OpenLDAP server

Replicating the primary server, set up in part 1, to act as a backup

The LDAP service becomes increasingly important as more networked systems begin to depend on it. In such an environment, it is standard practice to build redundancy (high availability) into LDAP to prevent havoc should the LDAP server become unresponsive. This is done through LDAP replication.

Replication is achieved via the Syncrepl engine. This allows changes to be synchronized using a Consumer – Provider model. The specific kind of replication we will implement in this guide is a combination of the following modes: refreshAndPersist and delta-syncrepl. This has the Provider push changed entries to the Consumer as soon as they’re made but, in addition, only actual changes will be sent, not entire entries.

Provider Configuration

Begin by configuring the Provider.

1. Create an LDIF file with the following contents and name it provider_sync.ldif:

   # Add indexes to the frontend db.
   dn: olcDatabase={1}hdb,cn=config
   changetype: modify
   add: olcDbIndex
   olcDbIndex: entryCSN eq
   -
   add: olcDbIndex
   olcDbIndex: entryUUID eq
   
   #Load the syncprov and accesslog modules.
   dn: cn=module{0},cn=config
   changetype: modify
   add: olcModuleLoad
   olcModuleLoad: syncprov
   -
   add: olcModuleLoad
   olcModuleLoad: accesslog
   
   # Accesslog database definitions
   dn: olcDatabase={2}hdb,cn=config
   objectClass: olcDatabaseConfig
   objectClass: olcHdbConfig
   olcDatabase: {2}hdb
   olcDbDirectory: /var/lib/ldap/accesslog
   olcSuffix: cn=accesslog
   olcRootDN: cn=admin,dc=phys,dc=northwestern,dc=edu
   olcDbIndex: default eq
   olcDbIndex: entryCSN,objectClass,reqEnd,reqResult,reqStart
   
   # Accesslog db syncprov.
   dn: olcOverlay=syncprov,olcDatabase={2}hdb,cn=config
   changetype: add
   objectClass: olcOverlayConfig
   objectClass: olcSyncProvConfig
   olcOverlay: syncprov
   olcSpNoPresent: TRUE
   olcSpReloadHint: TRUE
   
   # syncrepl Provider for primary db
   dn: olcOverlay=syncprov,olcDatabase={1}hdb,cn=config
   changetype: add
   objectClass: olcOverlayConfig
   objectClass: olcSyncProvConfig
   olcOverlay: syncprov
   olcSpNoPresent: TRUE
   
   # accesslog overlay definitions for primary db
   dn: olcOverlay=accesslog,olcDatabase={1}hdb,cn=config
   objectClass: olcOverlayConfig
   objectClass: olcAccessLogConfig
   olcOverlay: accesslog
   olcAccessLogDB: cn=accesslog
   olcAccessLogOps: writes
   olcAccessLogSuccess: TRUE
   # scan the accesslog DB every day, and purge entries older than 7 days
   olcAccessLogPurge: 07+00:00 01+00:00
   

   Change the rootDN in the LDIF file to match the one you have for your directory.

2. The apparmor profile for slapd will need to be adjusted for the accesslog database location. Edit /etc/apparmor.d/local/usr.sbin.slapd by adding the following:

   /var/lib/ldap/accesslog/ r,
   /var/lib/ldap/accesslog/** rwk,
   

   Create a directory, set up a databse config file, and reload the apparmor profile:

   sudo -u openldap mkdir /var/lib/ldap/accesslog
   sudo -u openldap cp /var/lib/ldap/DB_CONFIG /var/lib/ldap/accesslog
   sudo service apparmor reload
   

3. Add the new content and, due to the apparmor change, restart the daemon:

   sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f provider_sync.ldif
   sudo service slapd restart
   

The Provider is now configured.

Consumer Configuration

And now configure the Consumer.

1. Install the software by going through Installation. Make sure the slapd-config databse is identical to the Provider’s. In particular, make sure schemas and the databse suffix are the same.

2. Create an LDIF file with the following contents and name it consumer_sync.ldif:

   dn: cn=module{0},cn=config
   changetype: modify
   add: olcModuleLoad
   olcModuleLoad: syncprov
   
   dn: olcDatabase={1}hdb,cn=config
   changetype: modify
   add: olcDbIndex
   olcDbIndex: entryUUID eq
   -
   add: olcSyncRepl
   olcSyncRepl: rid=0 provider=ldap://meso.phys.northwestern.edu bindmethod=simple binddn="cn=admin,dc=phys,dc=northwestern,dc=edu"
    credentials=**secret** searchbase="dc=phys,dc=northwestern,dc=edu" logbase="cn=accesslog"
    logfilter="(&(objectClass=auditWriteObject)(reqResult=0))" schemachecking=on
    type=refreshAndPersist retry="60 +" syncdata=accesslog
   -
   add: olcUpdateRef
   olcUpdateRef: ldap://meso.phys.northwestern.edu
   

   Ensure the following attributes have the correct values:

   • provider (Provider server’s hostname –meso.phys.northwestern.edu in this example — or IP address)

   • binddn (the admin DN you’re using)

   • credentials (replace **secret** with the admin DN password you’re using)

   • searchbase (the database suffix you’re using)

   • olcUpdateRef (Provider server’s hostname or IP address)

   • rid (Replica ID, an unique 3-digit that identifies the replica. Each consumer should have at least one rid)

3. Add the new content:

   sudo ldapadd -Q -Y EXTERNAL -H ldapi:/// -f consumer_sync.ldif
   

You’re done. The two databases (suffix: dc=example,dc=com) should now be synchronizing.

Testing

Once replication starts, you can monitor it by running

ldapsearch -z1 -LLLQY EXTERNAL -H ldapi:/// -s base -b dc=phys,dc=northwestern,dc=edu contextCSN
dn: dc=phys,dc=northwestern,dc=edu
contextCSN: 20140731222800.928119Z#000000#000#000000

on both the provider and the consumer. Once the output (20120201193408.178454Z#000000#000#000000 in the above example) for both machines match, you have replication. Every time a change is done in the provider, this value will change and so should the one in the consumer(s).

If your connection is slow and/or your ldap database large, it might take a while for the consumer’s contextCSN match the provider’s. But, you will know it is progressing since the consumer’s contextCSN will be steadly increasing.

If the consumer’s contextCSN is missing or does not match the provider, you should stop and figure out the issue before continuing. Try checking the slapd (syslog) and the auth log files in the provider to see if the consumer’s authentication requests were successful or its requests to retrieve data (they look like a lot of ldapsearch statements) return no errors.

If it is not working, and you have a line in syslog that looks like:

slapd[12317]: syncrepl_message_to_entry: rid=000 mods check (objectClass: value #1 invalid per syntax)

this means that the schemas in the consumer and provider do not match.  Make sure that they are the same, and try again.

To test if it worked simply query, on the Consumer, the DNs in the database:

sudo ldapsearch -Q -LLL -Y EXTERNAL -H ldapi:/// -b dc=phys,dc=northwestern,dc=edu dn

You should see the user ‘john’ and the group ‘miners’ as well as the nodes ‘People’ and ‘Groups’.

Instaling OpsCenter on Debian or Ubuntu

Instaling OpsCenter on Debian or Ubuntu

Instal the DataStax OpsCenter using APT repositories on Debian or Ubuntu distributions.

For a complete list of supported platforms, see

DataStax OpsCenter – Supported Platforms

.

Prerequisites

Note:

Use the exact version listed in Prerequisites. For example, the default OpenSSL on Ubuntu. If running openssl

version shows that 1.0.0 is instaled, you must instal OpenSSL 0.9.8:

APT Package Manager is instaled.

OpsCenter hardware requirements: computer with 2 cores and 2 GB RAM.

Your Cassandra or DataStax Enterprise cluster is properly configured and running.

IP address or hostname of the machine where you are instaling OpsCenter.

IP address or hostnames of two or three of your nodes.

Port number used by JMX (default is 7199).

The latest version of Oracle Java SE Runtime Environment (JRE) 6 or 7.

OpenSSH (sshd)

Python 2.6+

OpenSSL: 0.9.8. (SSL is enabled by default.)

Note:

If OpenSSL is version 1.0.0, you must instal OpenSSL 0.9.8:

$ sudo apt-get install libssl0.9.8

After instaling OpenSSL 0.9.8, Ubuntu 11.10 wil stil show 1.0.0.

To check for the software versions:

$ java -version

$ python -V

$ openssl version

Note:

There are diferent package repositories for the Community and Enterprise versions of OpsCenter.

The OpsCenter Debian and Ubuntu packaged releases runs as a service from root. The service initialization script is

located in /etc/init.d. If the machine reboots, OpsCenter restarts automaticaly.

Procedure

1. Ensure that a DSE or Cassandra cluster is instaled, configured, and running. You can determine this by

using the

nodetool status

command.

---

2. Open the aptitude repository source list file (/etc/apt/sources.list) for editing. For example:

# vi/etc/apt/sources.list

3. In this file, add the repository for the edition you want to instal. OpsCenter Enterprise Edition instalations

require the DataStax <username> and <password> you received in your registration confirmation email.

OpsCenter Community (free) Edition:

deb http://debian.datastax.com/community stable main

OpsCenter Enterprise (paid) Edition:

deb http://<username&gt;:<password>@debian.datastax.com/enterprise stable main

4. Add the DataStax repository key to your aptitude trusted keys:

# curl -L http://debian.datastax.com/debian/repo_key | apt-key add –

5. Instal the OpsCenter package using the APT Package Manager:

OpsCenter Community (free) Edition:

# apt-get update # apt-get install opscenter-free

OpsCenter Enterprise (paid) Edition:

# apt-get update # apt-get install opscenter

6. Set the [webserver] interface to the hostname or IP address of the OpsCenter machine in the

/etc/opscenter/opscenterd.conf file. For example:

[webserver ] port = 8888

interface = 10.183.170.161

7. Start OpsCenter:

sudo service opscenterd start

8. Connect to OpsCenter as described in

Automaticaly deploying agents ­ Packaged instalations

.

Note:

You can also

manualy deploy agents

. This is useful if an SSH connection does not exist between the

agents and the OpsCenter machine, or as part of your node deployment process.

Install and Configure Nagios On CentOS, RHEL

Nagios is an open source system, network and infrastructure monitoring software application. Nagios offers monitoring and alerting services for servers, switches, applications, and services.

Nagios gives you:

– Monitor your entire IT infrastructure.
– Identify problems before they occur.
– Know immediately when problems arise.
– Detect security breaches.
– Plan and budget for IT upgrades.
– Reduce downtime and business losses.

Infra for our scenario:
Nagios server:

Operating system : CentOS 6.6 minimal installation IP Address : 192.168.1.101/24
Nagios client:

Operating System : Ubuntu 14.04 IP Address : 192.168.1.100/24

Prerequisites

Before installing Nagios, make sure that you’ve a properly installed and configured LAMP stack in your server. To install and configure LAMP server, refer any one of the following links.

---

Require install the following prerequisites. note: All commands should be run as root user.

yum install gd gd-devel gcc glibc glibc-common

IPTABLE configuration.

vi /etc/sysconfig/iptables

Add the following line:

[…] -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT […]

Save and close the file. Restart iptables.

service iptables restart

Configure Nagios

Add the admin mail address in the nagios contact file to receive alerts from nagios server. To do that edit file /etc/nagios/objects/contacts.cfg,

vi /etc/nagios/objects/contacts.cfg

Find the following line and enter the email id:

[…]

email root@localhost ;

[…]

Save and close the file. Then Edit file /etc/httpd/conf.d/nagios.conf,

vi /etc/httpd/conf.d/nagios.conf

And edit the following lines if you want to access nagios administrative console from a particular IP series. Here i want to allow nagios administrative access from 192.168.1.0/24 series only.

[…]

## Comment Lines 15 & 16

## # Order allow,deny

# Allow from all

## Uncomment and Change lines 17,18 & 19 as shown below

## Order deny,allow

Deny from all Allow from 127.0.0.1 192.168.1.0/24

[…]

Set nagiosadmin password

htpasswd /etc/nagios/passwd nagiosadmin

New password:

Re-type new password:

Updating password for user nagiosadmin

Start nagios and httpd services and let them to start automatically on every boot.

# service nagios start
# service httpd start
# chkconfig nagios on
# chkconfig httpd on

Access Nagios admin console

Open nagios administrator console with URL http://nagios-server-ip/nagios and enter the username as nagiosadmin and its password which we created in the earlier steps.

This is how Nagios administrative console looks:

Click on the “Hosts” section in the left pane of the console. You will see the no of hosts to be monitored by Nagios server. Initially, the nagios server (localhost) itself will only be monitored.

Click on the monitoring host to display more details:

Add Monitoring targets to Nagios server

Now let us add some clients to monitor by Nagios server. To do that we have to install nrpe and nagios-plugins in our monitoring targets.

On CentOS/RHEL/Scientifc Linux clients:

Like i said before, you have to add EPEL repository in your CentOS/RHEL/Scientific Linux 6.x clients to install nrpe package.

Install “nrpe” and “nagios-plugins” packages in client systems to be monitored.

yum install nrpe nagios-plugins-all openssl

On Debian/Ubuntu clients:

$ sudo apt-get install nagios-nrpe-server nagios-plugins

Configure Monitoring targets

Edit /etc/nagios/nrpe.cfg file,

vi /etc/nagios/nrpe.cfg

Add your Nagios server ip address

[…]

## Line 81 – Add the Nagios server IP

## allowed_hosts=127.0.0.1 192.168.1.101

[…]

Start nrpe service:

service nrpe start
chkconfig nrpe on

For Debian/Ubuntu Clients, start nrpe service as shown below.

$ sudo /etc/init.d/nagios-nrpe-server restart

Now go back to your Nagios server to add the clients to be monitored through nagios server. Edit “/etc/nagios/nagios.cfg” file,

vi /etc/nagios/nagios.cfg

and uncomment the following lines.

Line 52 – Uncomment ##

cfg_dir=/etc/nagios/servers

Create a directory called “servers” under “/etc/nagios/”.

mkdir /etc/nagios/servers

Create config file to the client to be monitored:

vi /etc/nagios/servers/clients.cfg

define host{

use linux-server

host_name client

alias client

address 192.168.1.100

max_check_attempts 5

check_period 24×7

notification_interval 30

notification_period 24×7

}

Finally restart nagios service.

service nagios restart

Now open the nagios admin console in the browser and navigate to “Hosts” section in the left pane. You will see the newly added client will be visible there. Click on the host to see if there is anything wrong or alerts.

Click on the monitoring target, you’ll get the detailed output:

Nagios Core – Mozilla Firefox_006Like this way, you can define more clients by creating a separate config files “/etc/nagios/servers directory for each client.

Define services

We did define the monitoring host before. Now let us add some services of the monitoring host. For example to monitor the ssh service, add the following lines shown in red colour in the /etc/nagios/servers/clients.cfg file.

vi /etc/nagios/servers/clients.cfg

define host{

use linux-server

host_name client

alias client

address 192.168.1.100

max_check_attempts 5

check_period 24×7

notification_interval 30

notification_period 24×7

}

define service {
use generic-service
host_name client
service_description SSH
check_command check_ssh
notifications_enabled 0
}

Save and close the file. Restart Nagios.

service nagios restart

Now log in to Nagios web console and check for the added services. Navigate to Services section, you’ll see the ssh service there.

To know more about object definitions such as Host definitions, service definitions, contact definitions and more please do visit here. This page will describe you the description and format of all object definitions.

Thank you for visiting…

How to install samba server on centos?

Installation of samba share on centos.

Step 1 : Install samba package from yum updater.

# yum install samba

Step 2 : Configure share path into smb.conf file. e.g. Our share directory is /var/www

Add following line in an end of configuration file.

# vi /etc/samba/smb.conf

...
[share]
comment = Share Directory
path = /var/www
public = yes
writable = yes
printable = no
create mask = 0777

(save & exit)

Step 3 : Change selinux permission. “enforcing to disabled”

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted

Step 4 : Restart samba service

# /etc/init.d/smb restart

Step 5 : Verifying samba configuration

# testparm

Step 6 : Change sharing directory permission

# chmod -R 777 /var/www

Now you are able to access sharing folder from client.

quick web server with Nginx/php/mysql on ubuntu

Hello guys,

We ready for Installation of Nginx, PHP & MySql on ubuntu

Step 1: Install Ubuntu or Zorine or any dabian OS.

Step 2: Install nginx on local machine
$ sudo apt-get update
$ sudo apt-get install nginx

nginx configuration on your localhost (change in red color)

$ sudo nano /etc/nginx/site-available/default

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /usr/share/nginx/html;
    index index.php index.html index.htm;

    server_name server_domain_name_or_IP;

    location / {
        try_files $uri $uri/ =404;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

 

Note: Default document root path is /usr/share/nginx/html

Step 3: Now install php

$ sudo apt-get install php5 php5-dev php5-mysql php5-common php5-fpm

Step 4: Require some php configuration.

Configure php processor

$ sudo nano /etc/php5/fpm/php.ini

 

Search [F6] : cgi.fix_pathinfo

remove ; and default cgi.fix_pathinfo value is 1, change it to 0.

cgi.fix_pathinfo=0

fastcgi configuration

$ sudo nano /etc/php5/fpm/php.ini

Set charset to UTF8.

default_charset = “utf-8”

Configure FastCGI

The package provides default FastCGI parameters.

sudo nano /etc/nginx/fastcgi_params

Add the script filename to end of this file.

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

Change rwx permission to html directory.

$ cd /usr/share/nginx

$ sudo chmod -R 777 html

Restart Services

sudo service nginx restart

sudo service php5-fpm start

Now Install MySql database

$ sudo apt-get install mysql-server mysql-client

At middle of installation you get password prompt for mysql database.
type password for database & again for confirmation.

Access MySql database

$ mysql -u root -p (asking for password)
passwd: (provide database password)

Give grant privileges to root user.
after mysql login
mysql> GRANT ALL PRIVILEGES ON . TO ‘root’@’192.168.1.%’ IDENTIFIED BY ‘P@ssw0rd’ WITH GRANT OPTION;

mysql> flush privileges;

note : change ip to your ip(e.g.127.0.0.1) and assign your mysql password in identified by ” ”

Now you are ready with Nginx Web Server….

Thank you !!

How to Install ElasticSearch (Multi Node) Cluster on CentOS/RHEL, Ubuntu & Debian

ElasticSearch is flexible and powerful open source, distributed real-time search and analytic engine. Using a simple set of APIs, it provides the ability for full-text search. Elastic search is freely available under the Apache 2 license, which provides most flexibility.

This article will help you for configuring ElasticSearch Multi Node Cluster on CentOS, RHEL, Ubuntu and Debian Systems. In ElasticSearch multi node cluster is just configuring multiple single node clusters with same cluster name in same network.

Network Scenerio

We have three server with following ips and host names. All server are running in same LAN and have full access to each other server using ip and hostname both.

192.168.10.101  NODE_1
192.168.10.102  NODE_2
192.168.10.103  NODE_3

Verify Java (All Nodes)

Java is the primary requirement for installing ElasticSearch. So make sure you have Java installed on all nodes.

# java -version 

java version "1.8.0_31"
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode)

If you don’t have Java installed on any node system, use one of following link to install it first.

Download ElasticSearch (All Nodes)

Now download the latest ElasticSearch archive on all node systems from its official download page. At the time of last update of this article ElasticSearch 1.4.2 version is latest version available to download. Use following command to download ElasticSearch 1.4.2.

$ wget https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.4.2.tar.gz

Now extract ElasticSearch on all node systems.

$ tar xzf elasticsearch-1.4.2.tar.gz

Configure ElasticSearch

Now we need to setup ElasticSearch on all node systems. ElasticSearch uses “elasticsearch” as default cluster name. We recommend to change it as per your naming conversation.

$ mv elasticsearch-1.4.2 /usr/share/elasticsearch
$ cd /usr/share/elasticsearch

To change cluster named edit config/elasticsearch.yml file in each node and update following values. Node names are dynamically generated, but to keep a fixed user-friendly name change it also.

On NODE_1

Edit elasticsearch cluster configuration on NODE_1 (192.168.10.101) system.

$ vim config/elasticsearch.yml

  cluster.name: TecAdminCluster
  node.name: "NODE_1"

On NODE_2

Edit elasticsearch cluster configuration on NODE_2 (192.168.10.102) system.

$ vim config/elasticsearch.yml

  cluster.name: TecAdminCluster
  node.name: "NODE_2"

On NODE_3

Edit elasticsearch cluster configuration on NODE_3 (192.168.10.103) system.

$ vim config/elasticsearch.yml

  cluster.name: TecAdminCluster
  node.name: "NODE_3"

Install ElasticSearch-Head Plugin (All Nodes)

elasticsearch-head is a web front end for browsing and interacting with an Elastic Search cluster. Use the following command to install this plugin on all node systems.

$ bin/plugin --install mobz/elasticsearch-head

Starting ElasticSearch Cluster (All Nodes)

As the ElasticSearch cluster setup has been completed. Let start ElasticSearch cluster using following command on all nodes.

$ ./bin/elasticsearch &

By default elasticserch listen on port 9200 and 9300. So connect to NODE_1 on port 9200 like following url, You will see all three nodes in your cluster.

http://NODE_1:9200/_plugin/head/

Install & Remove Mongodb on Centos

Install MongoDB on CentOS Linux

1. Configure the package management system (yum).

Create a /etc/yum.repos.d/mongodb-org-3.0.repo file so that you can install MongoDB directly, using yum.

[mongodb-org-3.0]
name=MongoDB Repository
baseurl=http://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.0/x86_64/
gpgcheck=0
enabled=1

2.Install the MongoDB packages and associated tools.

sudo yum install -y mongodb-org

3.specify each component package individually install.

sudo yum install -y mongodb-org-3.0.3 mongodb-org-server-3.0.3 mongodb-org-shell-3.0.3 mongodb-org-mongos-3.0.3 mongodb-org-tools-3.0.3

4.add the following exclude directive to your /etc/yum.conf file.

exclude=mongodb-org,mongodb-org-server,mongodb-org-shell,mongodb-org-mongos,mongodb-org-tools

5.Start MongoDB Service.

sudo service mongod start
sudo chkconfig mongod on
Remove MongoDB on CentOS Linux

1.Stop MongoDB

sudo service mongod stop

2.Remove Packages.

sudo yum erase $(rpm -qa | grep mongodb-org)

3.Remove Data Directories.

sudo rm -r /var/log/mongodb
sudo rm -r /var/lib/mongo

Thanks…

Import / Export a mysql database from command line or terminal

To export a mysql database (as a dump) from the command line run:

# mysqldump database_name > database_exportname.sql
OR
# mysqldump database_name -u root -p > database_exportname.sql

To import a mysql database dump into a database:

# mysql database_name < database_exportname.sql
OR
# mysql database_name -u root -p < database_exportname.sql

To export all databases into a dump:

# mysqldump –all-databases > all_databases_export.sql
OR
# mysqldump –all-databases -u root -p > all_databases_export.sql

To import one of these mysql databases from the dump into a database:

# mysql –one-database database_name < all_databases_export.sql
OR
# mysql –one-database database_name < all_databases_export.sql

Install MariaDB Server 10.0 on Ubuntu 14.04 LTS

Installing MariaDB server is quite easy. We are doing this practical on freshly installed Ubuntu 14.04 LTS Operating System.

Follow the given below steps to install MariaDB server version 10.0 .

Step 1 : Add apt repository

Add the MariaDB repository information in apt. For this run the below given command.

sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
sudo add-apt-repository 'deb http://download.nus.edu.sg/mirror/mariadb/repo/10.0/ubuntu trusty main'

Step 2: Update apt and install MariaDB Server

Run the below given command for installing MariaDB server.

sudo apt-get update
sudo apt-get install mariadb-server

While installation on screen you can see, it is asking for setting MariaDB root password.
Give strong password for MariaDB Server.

After installation you can directly login into MariaDB server. Because bydefault the service will be running. It is important to note that here the service name is MySQL .

To login into MariaDB server as root, use the below given command.

mysql -u root -p

See the below given screenshot from my system as reference.
In below screenshot you can see the MariaDB [(none)]> console, through which you can also easily identify it is MariaDB Server.

How to start/stop/status/restart MariaDB service

To start the MariaDB Server, run the command

sudo service mysql start

To stop the MariaDB Server, run the command

sudo service mysql stop

To restart the MariaDB Server, run the command

sudo service mysql restart

To get running status, run the below given command

 sudo service mysql status

Check which port MariaDB server is listening

In this section we will use two command ss and netstat to find the listening port by MariaDB server.

As we know, service name is mysql. We will use the ss command here, it is nice alternate of netstat command.

ByDefault MariaDB server use the port no. 3306

sudo ss -ltnp|grep mysql

See the below reference from my system

sharad@ubuntu:~$ sudo ss -ltnp|grep mysql
LISTEN     0      100               127.0.0.1:3306                     *:*      users:(("mysqld",3667,21))
sharad@ubuntu:~$

In case, you want to use netstat command to check listening port, run the below command

netstat -tanp|grep 3306

Thanks...

PostgreSQL installation on CentoOS 6.x (nginx/php)

Install PostgreSQL

Go to the PostgreSQL repository download page, and add the PostgreSQL 9.4 repository depending upon your server architecture.

http://yum.postgresql.org/repopackages.php

Download & Install Postgresql
# rpm -Uvh http://yum.postgresql.org/9.4/redhat/rhel-6-x86_64/pgdg-centos94-9.4-1.noarch.rpm

Update the repository list using command:

# yum update

Install postgresql with the following command:

#yum install postgresql94-server postgresql94-contrib

Initialize postgresql database using following command:

# service postgresql-9.4 initdb

start postgresql service and make it to start automatically on every reboot:

# service postgresql-9.4 start
# chkconfig postgresql-9.4 on

Adjust Iptables/Firewall:

iptables to access postgresql from remote systems.

# vi /etc/sysconfig/iptables

Add the following line:

-A INPUT -m state –state NEW -m tcp -p tcp –dport 5432 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT

Save and exit the file.

Restart iptables service.

# service iptables restart

Access PostgreSQL command prompt

The default database name and database user are “postgres”. Switch to postgres user to perform postgresql related operations:

# su – postgres

To login to postgresql, enter the command:

$ psql

Sample Output:

psql (9.4.1)
Type “help” for help.

postgres=#

To exit from posgresql prompt, type \q following by quit to return back to the Terminal.

Set “postgres” user password

postgres=# \password postgres
Enter new password:
Enter it again:
postgres=# \q

To install PostgreSQL Adminpack, enter the command in postgresql prompt:

postgres=# CREATE EXTENSION adminpack;
CREATE EXTENSION

Create New User and Database
For example, let us create a new user called “yogesh” with password “Yogesh@@”, and database called “yogidb”.

$ su – postgres

$ createuser yogesh

Create database:
$ createdb yogidb

Now, login to the psql prompt, and set password and Grant access to the database yogidb for yogesh:

$ psql

psql (9.4.1)
Type “help” for help.

postgres=# alter user yogesh with encrypted password ‘Yogesh@@’;
ALTER ROLE

postgres=# grant all privileges on database yogeshdb to yogesh;
GRANT
postgres=#
Configure PostgreSQL-MD5 Authentication:

MD5 authentication requires the client to supply an MD5-encrypted password for authentication.

To do that, edit /var/lib/pgsql/9.4/data/pg_hba.conf file:

# vi /var/lib/pgsql/9.4/data/pg_hba.conf

TYPE DATABASE USER ADDRESS METHOD
“local” is for Unix domain socket connections only
local     all    all    md5
IPv4 local connections:
host     all     all     127.0.0.1/32     md5
host     all     all     192.168.1.0/24     md5
IPv6 local connections:
host     all     all     ::1/128     md5

Restart postgresql service to apply the changes:

On CentOS 6.x systems:

# service postgresql-9.4 restart

Configure PostgreSQL-Configure TCP/IP:
TCP/IP connection is disabled, so that the users from another computers can’t access postgresql. To allow to connect users from another computers, Edit file /var/lib/pgsql/9.4/data/postgresql.conf:

# vi /var/lib/pgsql/9.4/data/postgresql.conf

Find the lines:

[…]
#listen_addresses = ‘localhost’
[…]
#port = 5432
[…]
Uncomment both lines, and set the IP address of your postgresql server or set ‘*’ to listen from all clients as shown below:

listen_addresses = ‘*’
port = 5432

Restart postgresql service to save changes:
On CentOS 6.x systems:

/etc/init.d/postgresql-9.4 restart

Manage PostgreSQL with phpPgAdmin

# yum install epel-release

Update the repository using command:

# yum update

Now, Install phpPgAdmin, enter the following command:

# yum install phpPgAdmin
Edit file /etc/httpd/conf.d/phpPgAdmin.conf:

# vi /etc/httpd/conf.d/phpPgAdmin.conf

Make the changes as shown below in the bold letters.

[…]
Alias /phpPgAdmin /usr/share/phpPgAdmin

<Location /phpPgAdmin>
<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
#Require host example.com
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order deny,allow
Allow from all
# Allow from .example.com
</IfModule>
</Location>

start/stop nginx service

# service nginx restart

Configure phpPgAdmin

Edit file /etc/phpPgAdmin/config.inc.php, and do the following changes. Most of these options are self-explanatory. Read them carefully to know why do you change these values.

# vi /etc/phpPgAdmin/config.inc.php

Find the following line:

$conf[‘servers’][0][‘host’] = ”;

Change it as shown below:

$conf[‘servers’][0][‘host’] = ‘localhost’;

And find the line:

$conf[‘extra_login_security’] = true;

Change the value to false:

$conf[‘extra_login_security’] = false;

Find the line:

$conf[‘owned_only’] = false;

Set the value as true.ru

$conf[‘owned_only’] = true;

Save and close the file.

Restart postgresql service and nginx services.

service postgresql-9.4 restart
service nginx restart
add follwing line in nginx file

# vi /etc/nginx/conf.d/default.conf
## Main Magento location
location @handler {
rewrite / /index.php;
}

location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}

save & exit

create link between phpPgAdmin folder to nginx web folder

# ln -s /usr/share/phpPgAdmin /usr/share/nginx/html/

Restart nginx service

# service nginx restart

Access postgresql admin:

http://ip-address/phpPgAdmin

add php pgsql connector:

# yum install php-pgsql

now check info.php from your url & search postgres

http://ip-address/info.php

 

 

Thank you…

How to Add Linux Host to Nagios Monitoring Server Using NRPE Plugin

How to Add Linux Host to Nagios Monitoring Server Using NRPE Plugin

add Remote Linux machine and it’s services to Nagios Monitoring host using NRPE agent.

What is NRPE?

The NRPE ( Nagios Remote Plugin Executor) plugin allows you to monitor any remote Linux/Unix

services or network devices. This NRPE add-on allows Nagios to monitor any local resources like

CPU load, Swap, Memory usage, Online users, etc. on remote Linux machines. After all, these local

resources are not mostly exposed to external machines, an NRPE agent must be installed and configured

on the remote machines.

Installation of NRPE Plugin

To use the NRPE, you will need to do some additional tasks on both the Nagios Monitoring Host and

Remote Linux Host that the NRPE installed on. We will be covering both the installation parts separately.

We assume that you are installing the NRPE on a host that supports TCP wrappers and Xinted daemon

installed on it. Today, most of the modern Linux distributions have these two installed by default. If not,

we will install it later during the installation when required.

On Nagios Monitoring Server

[root@nagios]# cd /tmp

[root@nagios]# wget http://liquidtelecom.dl.sourceforge.net/project/nagios/nrpe-3.x/nrpe-3.0.tar.gz

[root@nagios]# tar xzf nrpe-3.0.tar.gz

[root@nagios]#cd nrpe-3.0

[root@nagiosnrpe-3.0 ]# ./configure

[root@nagiosnrpe-3.0 ]# make

[root@nagiosnrpe-3.0 ]# make install-plugin

[root@nagiosnrpe-3.0 ]# make install-daemon

Next, open /etc/services file add the following entry for the NRPE daemon at the bottom of the file.

nrpe 5666/tcp NRPE

Step 2: Verify NRPE Daemon Locally

[root@nagiosnrpe-3.0 ]# netstat -at | grep nrpe

Step 3: Verify NRPE Daemon Remotely

[root@nagiosnrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H <remote_linux_ip_address>

RESULT GET PENDING

Step 4: Customize NRPE commands

The default NRPE configuration file that got installed has several command definitions that will be

used to monitor this machine. The sample configuration file located at.

[root@nagiosnrpe-3.0 ]# vi /usr/local/nagios/etc/nrpe.cfg

allowed_hosts=127.0.0.1,(Nagios Server IP Addres)

The following are the default command definitions that are located at the bottom of the configuration

file. For the time being, we assume you are using these commands. You can check them by using the

following commands.

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_users

USERS OK- 2 users currently logged in |users=2;5;10;0

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_load

OK- load average: 3.28, 2.95, 2.94|load1=3.280;15.000;30.000;0; load5=2.950;10.000;25.000;0;

load15=2.940;5.000;20.000;0;

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_sda1

DISK OK – free space: /boot 154 MB (84% inode=99%);| /boot=29MB;154;173;0;193

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_total_procs

PROCS OK: 137 processes | procs=137;150;200;0;

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_nrpe -H localhost -c check_zombie_procs

PROCS OK: 0 processes with STATE = Z | procs=0;5;10;0;

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_ping -H localhost -w 100.0,10% -c 200.0,20%

PING OK- Packet loss = 0%, RTA = 0.04 ms|rta=0.040000ms;100.000000;200.000000;0.000000 pl=0%;10;20;0

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_ssh -t 4 -r OpenSSH_5.3 -p 22 -H localhost

SSH OK- OpenSSH_5.3 (protocol 2.0) | time=0.010457s;;;0.000000;4.000000

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_swap -w 100% -c 90%

SWAP WARNING – 100% free (1023 MB out of 1023 MB) |swap=1023MB;1023;921;0;1023

[root@nagios nrpe-3.0 ]# /usr/local/nagios/libexec/check_procs -w 100% -c 90% -s STATE

PROCS OK: 82 processes with STATE = STATE | procs=82;100%;90%;0;

Adding Remote Linux Host to Nagios Monitoring Server

To add a remote host you need to create a two new files “hosts.cfg” and “services.cfg” under“/usr/local/nagios/etc/” location.

[root@nagios nrpe-3.0 ]# cd /usr/local/nagios/etc/

[root@nagios nrpe-3.0 ]# touch Linux-hosts.cfg

[root@nagios nrpe-3.0 ]# touch Linux-services.cfg

[root@nagios nrpe-3.0 ]# touch Windows-services.cfg

Now add these two files to main Nagios configuration file. Open nagios.cfg file with any editor.

[root@nagios nrpe-3.0 ]# vi /usr/local/nagios/etc/nagios.cfg

# You can specify individual object config files as shown below:

cfg_file=/usr/local/nagios/etc/Linux-hosts.cfg

cfg_file=/usr/local/nagios/etc/Linux-services.cfg

cfg_file=/usr/local/nagios/etc/Windows-hosts.cfg

(Linux Host)

Now open Linux-hosts.cfg file and add the default host template name and define remote hosts as shown below.

Make sure to replace host_name, alias and address with your remote host server details.

[root@nagios nrpe-3.0 ]# vi /usr/local/nagios/etc/Linux-hosts.cfg

## Default Linux Host Template ##

define host{

name                          generic ;             Name of this template

use                           generic-host ;         Inherit default values

check_period                  24×7

check_interval                5

retry_interval                1

max_check_attempts         10

check_command                check-host-alive

notification_period           24×7

notification_interval         30

notification_options          d,r

contact_groups                admins

register                      0                              ; DONT REGISTER THIS – ITS A TEMPLATE

}

## Default

define host{

use                           generic                  ; Inherit default values from a template

host_name                     (Client Name)        ; The name we’re giving to this server

alias                         CentOS 6               ; A longer name for the server

address                       Client APP Add     ; IP address of Remote Linux host

}

Next open Linux-service.cfg file add the following services to be monitored.

define service{

use                           generic-service

host_name                     client,

service_description          Current Load

check_command              check_nrpe!check_load

}

define service{

use                           generic-service

host_name                     client,

service_description          Current Users

check_command             check_nrpe!check_users

}

define service{

use                           generic-service

host_name                     client1, client2, client

service_description         HTTP STATUS

check_command            check_nrpe!check_http

}

define service{

use                           generic-service

host_name                     client,

service_description         PING

check_command            check_nrpe!check_ping

}

define service{

use                           generic-service

host_name                     client,

service_description         Root Partition

check_command             check_nrpe!check_disk

}

define service{

use                           generic-service

host_name                     client,

service_description         SSH

check_command            check_nrpe!check_ssh

}

define service{

use                           generic-service

host_name                     client,

service_description        Swap Usage

check_command           check_nrpe!check_swap

}

define service{

use                           generic-service

host_name                     client,

service_description        Total Processes

check_command            check_nrpe!check_procs

}

Now NRPE command definition needs to be created in commands.cfg file.

[root@nagios nrpe-3.0 ]# vi /usr/local/nagios/etc/objects/commands.cfg

################################################################################

# NOTE: The following ‘check_…’ commands are used to monitor services on

# both local and remote hosts.

################################################################################

# ‘check_ftp’ command definition

define command{

command_name check_ftp

command_line $USER1$/check_ftp -H $HOSTADDRESS$ $ARG1$

}

# ‘check_hpjd’ command definition

define command{

command_name check_hpjd

command_line $USER1$/check_hpjd -H $HOSTADDRESS$ $ARG1$

}

# ‘check_snmp’ command definition

define command{

command_name check_snmp

command_line $USER1$/check_snmp -H $HOSTADDRESS$ $ARG1$

}

# ‘check_http’ command definition

define command{

command_name check_http

command_line $USER1$/check_http -I $HOSTADDRESS$ $ARG1$

}

# ‘check_ssh’ command definition

define command{

command_name

check_ssh

command_line

$USER1$/check_ssh $ARG1$ $HOSTADDRESS$

}

# ‘check_dhcp’ command definition

define command{

command_name

check_dhcp

command_line

$USER1$/check_dhcp $ARG1$

}

# ‘check_ping’ command definition

define command{

command_name check_ping

command_line $USER1$/check_ping -H $HOSTADDRESS$ -w $ARG1$ -c $ARG2$ -p 5

}

# ‘check_pop’ command definition

define command{

command_name check_pop

command_line $USER1$/check_pop -H $HOSTADDRESS$ $ARG1$

}

# ‘check_imap’ command definition

define command{

command_name check_imap

command_line $USER1$/check_imap -H $HOSTADDRESS$ $ARG1$

}

# ‘check_smtp’ command definition

define command{

command_name check_smtp

command_line $USER1$/check_smtp -H $HOSTADDRESS$ $ARG1$

}

# ‘check_tcp’ command definition

define command{

command_name

check_tcp

command_line

$USER1$/check_tcp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$

}

# ‘check_udp’ command definition

define command{

command_name

check_udp

command_line

$USER1$/check_udp -H $HOSTADDRESS$ -p $ARG1$ $ARG2$

}

# ‘check_nt’ command definition

define command{

command_name check_nt

command_line $USER1$/check_nt -H $HOSTADDRESS$ -p 12489 -s password -v $ARG1$ $ARG2$

}

# ‘check_pm2’ command definition

define command {

command_name check_pm2

command_line $USER1$/check_pm2 –host=$HOSTADDRESS$ –name=$1

}

Finally, verify Nagios Configuration files for any errors.

[root@nagios nrpe-3.0 ]# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Restart Nagios:

[root@nagios nrpe-3.0 ]# service nagios restart

(Windows Host)

Add Windows Hosts

Open windows-hosts.cfg file for editing with Vi editor

[root@nagios]# /usr/local/nagios/etc/windows-hosts.cfg

###############################################################################

###############################################################################

#

# HOST DEFINITIONS

#

###############################################################################

###############################################################################

# Define a host for the Windows machine we’ll be monitoring

# Change the host_name, alias, and address to fit your situation

define host{

use               windows-server            ; Inherit default values from a template

host_name   [client name]             ; The name we’re giving to this host

alias             My Windows Server         ; A longer name associated with the host

address        [client IP]               ; IP address of the host

}

Following services are already added and enabled in windows.cfg file. If you wish to add some more

other service definitions that needs to be monitored, you can simple add those definitions to same

configuration file. Make sure to change the host_name for these all services with host_name defined

in the above step.

###############################################################################

###############################################################################

#

# SERVICE DEFINITIONS

#

###############################################################################

###############################################################################

# Create a service for monitoring the version of NSCLient++ that is installed

# Change the host_name to match the name of the host you defined above

define service{

           use                            generic-service

           host_name                      client name

           service_description            NSClient++ Version

          check_command                  check_nt!CLIENTVERSION

          }

# Create a service for monitoring the uptime of the server

# Change the host_name to match the name of the host you defined above

define service{

           use                            generic-service

           host_name                      client name

           service_description            Uptime

          check_command                  check_nt!UPTIME

          }

# Create a service for monitoring CPU load

# Change the host_name to match the name of the host you defined above

define service{

           use                            generic-service

           host_name                      client name

           service_description            CPU Load

           check_command                  check_nt!CPULOAD!-l 5,80,90

           }

# Create a service for monitoring memory usage

# Change the host_name to match the name of the host you defined above

define service{

           use                             generic-service

           host_name                     client name

           service_description        Memory Usage

           check_command            check_nt!MEMUSE!-w 80 -c 90

           }

# Create a service for monitoring C:\ disk usage

# Change the host_name to match the name of the host you defined above

define service{

           use                             generic-service

           host_name                      client name

           service_description         C:\ Drive Space

          check_command             check_nt!USEDDISKSPACE!-l c -w 80 -c 90

          }

# Create a service for monitoring the W3SVC service

# Change the host_name to match the name of the host you defined above

define service{

          use                              generic-service

          host_name                        client name

          service_description            W3SVC

          check_command               check_nt!SERVICESTATE!-d SHOWALL -l W3SVC

          }

Lastly, uncomment the windows.cfg file in /usr/local/nagios/etc/nagios.cfg.

# Definitions for monitoring a Windows machine

cfg_file=/usr/local/nagios/etc/Windows-host.cfg

Finally, verify the Nagios configuration files for any erros.

[root@nagios# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Total Warnings: 0

Total Errors: 0

Things look okay – No serious problems were detected during the pre-flight check

If the verification process throws any error messages, fix those errors until the

verification process completes without any error messages. Once’ you fix those

errors, restart the Nagios service.

[root@nagios]# service nagios restart

Running configuration check…done.

Stopping nagios: done.

Starting nagios: done.Check Nagios Monitoring Web interface at

“http://Your-server-IP-address/nagios”

Thanks.

NAGIOS MONITORING SERVER

NAGIOS MONITORING SERVER

Installing Nagios 4.2.0 and Nagios Plugin 2.1.2

How to Add Linux Host to Nagios Monitoring Server Using NRPE Plugin

1] Linux Host         2] Windows Host

Nagios 4.2.0 Released – Install on RHEL/CentOS 7.x/6.x/5.x

Nagios, you can monitor your remote hosts and their services remotely on a single window. It shows

warnings and indicates if something goes wrong in your servers which eventually helps us to detect

some problems before they occur. It helps us to reduce downtime and business losses.

Nagios released its latest versions Nagios 4.2.0 and its latest stable release of Nagios plugins 2.1.2

Installing Nagios 4.2.0 and Nagios Plugin 2.1.2

If you follow these instructions correctly, you will end up with following information.

1.Nagios and its plugins will be installed under /usr/local/nagios directory.

2.Nagios will be configured to monitor few services of your local machine

(Disk Usage,CPU Load,Current Users,Total Processes, etc.)

3.Nagios web interface will be available at http://localhost/nagios

Step 1: Install Required Dependencies

# yum install -y wget httpd php gcc glibc glibc-common gd gd-devel make net-snmp openssl-devel

Step 2: Create Nagios User and Group

Create a new nagios user and nagcmd group account and set a password.

[root@nagios]# useradd nagios

[root@nagios]# groupadd nagcmd

Next, add both the nagios user and the apache user to the nagcmd group.

[root@nagios]# usermod -G nagcmd nagios

[root@nagios]# usermod -G nagcmd apache

Change ownership on rw and nagios.cmd file

[root@nagios]# chown nagios:nagcmd /usr/local/nagios/var/rw

[root@nagios]# chown nagios:nagcmd /usr/local/nagios/var/rw/nagios.cmd

Selinux can also cause this problem.

You can check its status with:

[root@nagios]# sestatus

If current mode is enforcing, change it to permissive with:

[root@nagios]# setenforce 0

Then you may be able to commit your changes into nagios.cmd

Step 3: Download Nagios Core 4.2.0 and Nagios Plugin 2.1.2

Download nagios-4.2.1.tar.gz and nagios-plugins-2.1.2.tar.gz on /tmp folder

[root@nagios]# cd /tmp

[root@nagios]# wgethttp://prdownloads.sourceforge.net/sourceforge/nagios/nagios-4.2.1.tar.gz

[root@nagios]# wget https://www.nagios-plugins.org/download/nagios-plugins-2.1.2.tar.gz

Step 4: Extract Nagios Core and its Plugins

[root@nagios]# tar -xvf nagios-4.2.1.tar.gz

[root@nagios]# tar -xvf nagios-plugins-2.1.2.tar.gz

Configure Nagios Core

Now, first we will configure Nagios Core and to do so we need to go to Nagios directory and run

configure file and if everything goes fine, it will show the output in the end as sample output.

[root@nagios]# cd nagios-4.2.0

[root@nagiosnagios-4.2.0 ]# ./configure –with-command-group=nagcmd

[root@nagiosnagios-4.2.0 ]# make all

[root@nagiosnagios-4.2.0 ]# make install

[root@nagiosnagios-4.2.0 ]# make install-init

[root@nagiosnagios-4.2.0 ]# make install-commandmode

[root@nagiosnagios-4.2.0 ]# make install-config

Step 5: Customizing Nagios Configuration

[root@nagiosnagios-4.2.0 ]# vi /usr/local/nagios/etc/objects/contacts.cfg

define contact{

        contact_name                    nagiosadmin;                                  Short name of user

        use                                    generic-contact;                               Inherit default values from generic-contact

template (defined above)

         alias                                  Nagios Admin;                               Full name of user

         email                                xyz@example.com;                        <<***** CHANGE THIS TO YOUR

EMAIL ADDRESS ******

          }

Step 6: Install and Configure Web Interface for Nagios

[root@nagiosnagios-4.2.0 ]# make install-webconf

Now, we will be creating a password for “nagiosadmin”. After executing this command, please provide a

password twice and keep it remember because this password will be used when you login in the Nagios Web interface.

[root@nagiosnagios-4.2.0 ]# htpasswd -s -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

New password: admin

Re-type new password: admin

Adding password for user nagiosadmin

Change ownership

[root@nagios]# chown nagios:nagios /usr/local/nagios/var/

Restart Apache to make the new settings take effect.

[root@nagios]# service httpd restart

Step 7: Compile and Install Nagios Plugin

We have downloaded nagios plugins in /tmp, Go there and configure and install it as directed below.

[root@nagios]# cd /tmp/nagios-plugins-2.1.2/

[root@nagios-plugins-2.1.2] # ./configure –with-nagios-user=nagios –with-nagios-group=nagios

[root@nagios-plugins-2.1.2] # make

[root@nagios-plugins-2.1.2] # make install

Step 8: Verify Nagios Configuration Files

[root@nagios-plugins-2.1.2] # /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

Nagios Core 4.2.1

Copyright (c) 2009-present Nagios Core Development Team and Community Contributors

Copyright (c) 1999-2009 Ethan Galstad

Last Modified: 09-06-2016

License: GPL

Website: https://www.nagios.org

Reading configuration data…

Read main config file okay…

Read object config files okay…

Running pre-flight check on configuration data…

Checking objects…

                 Checked 144 services.

                 Checked 20 hosts.

                 Checked 2 host groups.

                 Checked 0 service groups.

                 Checked 1 contacts.

                 Checked 1 contact groups.

                 Checked 26 commands.

                 Checked 5 time periods.

                 Checked 0 host escalations.

                 Checked 0 service escalations.

Checking for circular paths…

                 Checked 20 hosts

                 Checked 0 service dependencies

                 Checked 0 host dependencies

                 Checked 5 timeperiods

Checking global event handlers…

Checking obsessive compulsive processor commands…

Checking misc settings…

Total Warnings: 0

Total Errors: 0

Things look okay – No serious problems were detected during the pre-flight check

Step 9: Add Nagios Services to System Startup

To make Nagios work across reboots, we need to add nagios and httpd with chkconfig

[root@nagios]# service nagios start

[root@nagios]# service httpd start

[root@nagios]# chkconfig –add nagios

[root@nagios]# chkconfig –level 35 nagios on

[root@nagios]# chkconfig –add httpd

[root@nagios]# chkconfig –level 35 httpd on

Step 10: Login to the Nagios Web Interface : username <nagiosadmin> & password <admin>

 

Postfix – dovecot Setup mail server on ubuntu 14.04

Postfix – dovecot Setup & Configuration mail server on ubuntu 14.04 This tutorial explains how to setup mail server on ubuntu 14.04 using postfix,dovecot and squirrelmail. » Postfix ( for sending ) » Dovecot ( for receiving ) » Squirrelmail ( for webmail access ). Here i have used mail.example.com for hostname and example.com for Domain . please replace with your domain . First we are configure DNS server How to configure DNS server in ubuntu 14.04 DNS server is used to resolve domain name into IP address. There are three common DNS server configurations can be done using BIND, caching nameserver, primary master and secondary master more info. Here in this post we can see about how to install and configure DNS server in ubuntu 14.04. DNS server installation Require set ip and dns service network-manager status && service network-manager stop sudo vim /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.1.45 netmask 255.255.255.0 gateway 192.168.1.1 dns-search example.com dns-nameservers 192.168.1.45 8.8.8.8 4.2.2.2 add dns entry in /etc/resolv.conf file nameserver 192.168.1.45 nameserver 8.8.8.8 nameserver 4.2.2.2 search example.com service network-manager start Step 1 » Update the repositories. $ sudo apt-get update Step 2 » Install bind9 using the below command. $ sudo apt-get install bind9 Now installation is over, please proceed with configuration. Caching nameserver Caching nameserver will remember all the DNS queries made and serves locally when the domain is queried second time. Default configuration will act as a caching nameserver, you just need is to add public DNS IPs in the configuration file. Step 3 » Open /etc/bind/named.conf.options file and find forwarders column , uncomment and edit like the following. forwarders { 8.8.8.8; 4.2.2.2; }; Here 8.8.8.8 and 8.8.4.4 are google public DNS servers . Step 4 » Now start/restart the service. $ sudo service bind9 restart Step 5 » Now test using dig command . open /etc/resolv.conf and edit nameserver ip to 127.0.0.1 or your serverIP. Nameserver 127.0.0.1 Now type the below command to see results. example@ns:~$ dig http://www.example.com ……………. ;; Query time: 83 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) …………….. It took 83 msec for the first time . Now try the same command again. example@ns:~$ dig http://www.example.com ……………. ;; Query time: 5 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) …………….. Now reduced to 5 msec . This time it serves from local. Primary master Primary master configuration is just like managing DNS records for particular domain locally ( Eg: example.com ). Scenario details: Domain name : example.com Server ip : 192.168.1.45 Server hostname : mail.example.com We need to create 2 zone files , Forward zone and reverse zone. Forward zone file Step 6 » Create forward zone file db.example.com by copying db.local conf file. $ sudo cp /etc/bind/db.local /etc/bind/db.example.com Step 7 » Now open /etc/bind/db.example.com and edit like below. ; ; BIND data file for local loopback interface ; $TTL 604800 @       IN           SOA                      mail.example.com. admin.example.com. ( 2                   ; Serial 604800                   ; Refresh 86400                   ; Retry 2419200                   ; Expire 604800   )               ; Negative Cache TTL ; @       IN           ns                          mail @       IN           MX                       20 mail @       IN           A                          192.168.1.45 mail    IN           A                          192.168.1.45 Step 7 » Create reverse zone file db.192 by copying db.172 conf file. sudo cp /etc/bind/db.127 /etc/bind/db.192 Step 8 » Now open /etc/bind/db.192 file and edit like below. ; ; BIND reverse data file for local loopback interface ; $TTL 604800 @       IN              SOA                     mail.example.com. admin.kesariinfotech.com. ( 1                       ; Serial 604800                       ; Refresh 86400                       ; Retry 2419200                       ; Expire 604800   )                   ; Negative Cache TTL ; @       IN              NS                     mail.example.com. 45       IN             PTR                   mail.example.com. Step 9 » Now open /etc/bind/named.conf.local configuration file and add the below lines to include forward and reverse zone files . 1.168.192 in reverse column is just first three octets of your network. // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include “/etc/bind/zones.rfc1918”; // Forward zone zone “example.com” { type master; file “/etc/bind/db.example.com”; }; //reverse zone zone “1.168.192.in-addr.arpa” { type master; file “/etc/bind/db.192”; }; Step 10 » Now restart the service. sudo service bind9 restart Now check /etc/bind/named.conf.local file configure correctly. named-checkconf -z /etc/bind/named.conf.local zone example.com/IN: loaded serial 2 zone 1.168.192.in-addr.arpa/IN: loaded serial 1 Step 11 » Now test using nslookup or dig commands. root@mail:~# nslookup example.com Server: 192.168.1.45 Address: 192.168.1.45#53 Name: example.com Address: 192.168.1.45 Now test reverse lookup root@mail:~# nslookup 192.168.1.45 Server: 192.168.1.45 Address: 192.168.1.45#53 45.1.168.192.in-addr.arpa name = mail.example.com. That’s it , Your DNS server is ready .   Setup mail server on ubuntu 14.04 Installing and configuring postfix Step 1 » Assign static IP and hostname and add a host entry for the host name . Assign hostname in /etc/hostname mail.example.com Add a hostentry in /etc/hosts 192.168.1.45 mail.example.com mail Step 2 » Update the repositories. root@mail:# apt-get update Step 3 » Install postfix and dependencies . Press enter for all prompted questions during installation. we will do that in the next step. root@mail:# apt-get install postfix root@mail:# apt-get install mailutils Step 4 » After installation issue the below command to configure postfix. Now you will be prompted for set of details . choose the following values and replace krizna.com with your domain name. Now you will be prompted for set of details . choose the following values and replace example.com with your domain name. 1. Internet Site 2. example.com 3. example 4. example.com, localhost.localdomain, localhost 5. No 6. 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/24 7. 0 8. + 9. all Step 5 » Now configure Postfix for SMTP-AUTH using Dovecot SASL by adding the below lines to postfix config file /etc/postfix/main.cf. home_mailbox = Maildir/ smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks smtp_tls_security_level = may smtpd_tls_security_level = may smtp_tls_note_starttls_offer = yes smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes Testing the SMTP Server In this step, you’ll test whether Postfix can send emails to an external email account using the mail command, which is part of the mailutils package that was installed in Step 1. To send a test email, type: kesari@mail:~$ echo “This is the body of the email” | mail -s “This is the subject line” abc@example.com Step 6 » Now generate a digital certificate for tls. Issue the commands one by one and provide details as per your domain. root@mail:# openssl genrsa -des3 -out server.key 2048 root@mail:# openssl rsa -in server.key -out server.key.insecure root@mail:# mv server.key server.key.secure root@mail:# mv server.key.insecure server.key root@mail:# openssl req -new -key server.key -out server.csr root@mail:# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt root@mail:# sudo cp server.crt /etc/ssl/certs root@mail:# sudo cp server.key /etc/ssl/private Step 7 » Now configure certificate path root@mail:# sudo postconf -e ‘smtpd_tls_key_file = /etc/ssl/private/server.key’ root@mail:# sudo postconf -e ‘smtpd_tls_cert_file = /etc/ssl/certs/server.crt’ Step 8 » Open /etc/postfix/master.cf file and uncomment below lines to enable smtps ( 465 ) and submission ( 587 ). submission inet n – – – – smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n – n – – smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING Step 9 » Now install Dovecot SASL by typing the below command. root@mail:# apt-get install dovecot-common Issue the following values for the prompts during installation. 1. yes 2. mail.example.com Step 10 » Make changes to the files as follows. Open /etc/dovecot/conf.d/10-master.conf file and find # Postfix smtp-auth line ( line no:95 ) and add the below lines. # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0660 user = postfix group = postfix } Open /etc/dovecot/conf.d/10-auth.conf file and find (line no:100) auth_mechanisms = plain and replace auth_mechanisms = plain login Step 11 » Restart postfix and dovecot services root@mail:# service postfix restart root@mail:# service dovecot restart Step 12 » Now test SMTP-AUTH and smtp/pop3 port access . Type the below command and should get below response. root@mail:~# telnet mail.example.com smtp Trying 192.168.1.45… Connected to mail.example.com. Escape character is ‘^]’. 220 mail.example.com ESMTP Postfix (Ubuntu) now type ehlo mail.krizna.com and should get below response , please make sure you get those bolded lines. ehlo mail.example.com 250-mail.example.com ——– 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN ——— 250 DSN exit press button = ctrl+] telnet> q and try the same with port 587 (telnet mail.krizna.com 587). Postfix configuration is over, continue for dovecot installation. Postfix configuration is over, continue for dovecot installation. Installing and configuring dovecot Step 12 » Install dovecot using the below command root@mail:# apt-get install dovecot-imapd dovecot-pop3d Step 13 » Now configure mailbox. Open /etc/dovecot/conf.d/10-mail.conf file and find (Line no:30 ) mail_location = mbox:~/mail:INBOX=/var/mail/%u Replace with mail_location = maildir:~/Maildir Step 14 » Now change pop3_uidl_format . Open /etc/dovecot/conf.d/20-pop3.conf file and find and uncomment the below line ( Line no : 50 ) pop3_uidl_format = %08Xu%08Xv Step 15 » Now enable SSL . Open /etc/dovecot/conf.d/10-ssl.conf file and find and uncomment the below line ( Line no : 6 ) ssl = yes Step 16 »Restart dovecot service. root@mail:# service dovecot restart Step 17 » Now test pop3 and imap port access using the telnet command. root@mail:~# telnet mail.example.com 110 Trying 192.168.1.45… Connected to mail.example.com. Escape character is ‘^]’. +OK Dovecot (Ubuntu) ready. exit press button = ctrl+] telnet> q Repeat the same for 995,993,143 ports. OR check for listening ports using netstat command . root@mail:# netstat -nl4 you should get the result like below. Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN tcp 0 0 192.168.1.45:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN udp 0 0 192.168.1.45:53 0.0.0.0:* udp 0 0 127.0.0.1:53 0.0.0.0:* Step 18 » Create some users and check using mail clients like thunderbird or outlook root@mail:# sudo useradd -m xyz -s /sbin/nologin root@mail:# sudo passwd xyz Installing and configuring squirrelmail Step 19 » Install squirrelmail using the below command. This will install apache and PHP packages. root@mail:# apt-get install squirrelmail Step 20 » Configure squirrelmail root@mail:# squirrelmail-configure Everything is pre-configured , we just need to change Organization name. » Press 1 (Organization Preferences) » again press 1 (Organization Name) » Organization Name » Press S » Press Q to quit Step 19 » Now configure apache to enable squirrelmail. root@mail:# sudo cp /etc/squirrelmail/apache.conf /etc/apache2/sites-available/squirrelmail.conf root@mail:# a2ensite squirrelmail Step 20 » Restart Apache service root@mail:#service apache2 restart Step 21 » Now open http://serverIP/squirrelmail in your browser and login using username (bobby) . you can send and receive mail using squirrelmail. Okay .. its over now .. Please note when you decide to move server to the production, it is very important to implement Spam filter and antivirus. POSTFIX AMAVIS NEW Introduction In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav. Prerequisite You should have a functional Postfix server installed. If this is not the case, follow the Postfix guide. sudo apt-get install amavisd-new spamassassin clamav-daemon Install the optional packages for better spam detection (who does not want better spam detection?): sudo apt-get install libnet-dns-perl libmail-spf-perl pyzor razor Install these optional packages to enable better scanning of attached archive files: sudo apt-get install arj bzip2 cabextract cpio file gzip lhasa nomarch pax rar unrar unzip unzoo zip zoo Configuration Clamav The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav. Add clamav user to the amavis group and vice versa in order for Clamav to have access to scan files: sudo adduser clamav amavis sudo adduser amavis clamav Spamassassin As amavis is its own spamassassin-daemon (amavis uses the spamassassin libraries), there is no need in configuring or starting spamassassin. amavis will not use any running instance of spamd! Even changes in /etc/spamassassin will have no effect on the behaviour of amavis. The use of razor and pyzormust be enabled by # su – amavis -s /bin/bash # razor-admin -create # razor-admin -register # pyzor discover There is no need of configuring razor or pyzor. Amavis First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode: use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return After configuration Amavis needs to be restarted: sudo /etc/init.d/amavis restart Postfix integration For postfix integration, you need to add the content_filter configuration variable to the Postfix configuration file /etc/postfix/main.cf. This instructs postfix to pass messages to amavis at a given IP address and port: content_filter = smtp-amavis:[127.0.0.1]:10024 The following postconf command, run as root because of the preceding sudo command, adds the content_filter specification line above to main.cf: sudo postconf -e “content_filter = smtp-amavis:[127.0.0.1]:10024” Alternatively, you can manually edit main.cf yourself to add the content_filter line. Next edit /etc/postfix/master.cf and add the following to the end of the file: smtp-amavis unix – – – – 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n – – – – smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks Also add the following two lines immediately below the “pickup” transport service: -o content_filter= -o receive_override_options=no_header_body_checks This will prevent messages that are generated to report on spam from being classified as spam. Reload postfix: sudo /etc/init.d/postfix reload Now content filtering with spam and virus detection is enabled. Test First, test that the amavis SMTP is listening: telnet localhost 10024 Trying 127.0.0.1… Connected to localhost. Escape character is ‘^]’. 220 [127.0.0.1] ESMTP amavisd-new service ready ^] Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don’t forget to lower the log level after your checks! On messages that go through the content filter you should see: X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level: Note: $sa_tag_level in /etc/amavis/conf.d/20-debian_defaults must be lower than spam hit rating for the header to appear on the message. For troubleshooting set $sa_tag_level to -999 Testing ClamAV for Virus in Emails To verify ClamAV is working properly, let’s download a test virus (which we can get from http://www.eicar.org/download/eicar.com) to the Maildir of example.com # cd /home/vmail/example.com/xyz/Maildir # wget http://www.eicar.org/download/eicar.com And then scan the /home/vmail/example.com directory recursively: # clamscan –infected –remove –recursive /home/vmail/example.com Now, feel free to set up this scan to run through a cronjob. Create a file named /etc/cron.daily/dailyclamscan, insert the following lines: #!/bin/bash SCAN_DIR=”/home/vmail/example.com” LOG_FILE=”/var/log/clamav/dailyclamscan.log” touch $LOG_FILE /usr/bin/clamscan –infected –remove –recursive $SCAN_DIR >> $LOG_FILE and grant execute permissions: # chmod +x /etc/cron.daily/dailyclamscan

How To Install and Configure a Basic LDAP Server on an Ubuntu 12.04 VPS

How To Install and Configure a Basic LDAP Server on an Ubuntu 12.04 VPS

server side installation::

1. Install LDAP

required packages

$ sudo apt-get update
$ sudo apt-get install slapd ldap-utils

note: You will be asked to enter and confirm an administrator password for the administrator LDAP account.

2. Reconfigure slapd

sudo dpkg-reconfigure slapd

———– Omit OpenLDAP server configuration? No
———– DNS domain name? e.g. example.com
———– Organization name? e.g. admin
———– Administrator password? e.g. “P@ssw0rd123$”
———– Database backend to use? HDB
———– Remove the database when slapd is purged? No
———– Move old database? Yes
———– Allow LDAPv2 protocol? No

3. Install PHPldapadmin

Install it with this command:

$ sudo apt-get install phpldapadmin

— Configure PHPldapadmin

$ sudo vi /etc/phpldapadmin/config.php

change line: $servers->setValue(‘server’,’host’,’domain_nam_or_IP_address’);

note : add ldapserver ip address

change line: $servers->setValue(‘server’,’base’,array(‘dc=test,dc=com’));

note : add dc=example and dc=com

change line: $servers->setValue(‘login’,’bind_id’,’cn=admin,dc=test,dc=com’);

note : Add these after the “cn=admin” in the entry. same as above dc.

change line: $config->custom->appearance[‘hide_template_warning’] = true;

note : change default “false” to true. please uncomment this line.

—————- save and close this file —————–

Log in to web interface

url: http://domain_name_or_IP_address/phpldapadmin

1. Click on the “login” link on the left-hand side.

2. You will receive a login prompt.

Login Dn:
cn=admin,dc=example,dc=com

Password:
“P@ssw0rd123$” —- put here your password.

1. Add Organizational Units, Groups, and Users

i] Click on the “Create new entry here” link on the left-hand side.

select “Generic: Organizational Unit”

— under Organisational Unit
type: groups
click: Create Object

— commit the changes

add another “OU” called “users”

–Now you can see new entry on the left-hand side.

dc=example,dc=com (3)
cn=admin
ou=groups
ou=users
* Create new entry here

–You create more Organizational units

ii] Create groups

select: create the groups within the “groups” organizational unit.
Click : “ou=group” catagory — then click ” Create a child entry ”

— select “Generic: Posix Group”
— type : “admin” as group name. click create object

–Now you can see new entry on the left-hand side.

dc=example,dc=com (3)
cn=admin
u=groups (1)
cn=admin
ou=users
* Create new entry here

iii] Create users

select: select ou=users catagery — then click ” Create a child entry ”

—- select “Generic: User Account”

—- filled all the user related filds.
—- update

Thanks…

Setup LDAP server (389 Directory Server) in CentOS/RHEL/Scientific Linux 6.3 step by step.

389 Directory Server:

The 389 directory server is a LDAP (Lightweight directory access protocol) server developed by Red Hat. The name 389 is derived from the LDAP port number. Though 389 server is being built on top of fedora, it supports many operating system such as CentOS, Scientific Linux, Debian and solaris etc.

Features:

• Multi-Master Replication, to provide fault tolerance and high write performance
• Scalability: thousands of operations per second, tens of thousands of concurrent users, tens of millions of entries, hundreds of gigabytes of data
• The codebase has been developed and deployed continuously by the same team for more than a decade
• Extensive documentation, including helpful Installation and Deployment guides
• Active Directory user and group synchronization
• Secure authentication and transport (SSLv3, TLSv1, and SASL)
• Support for LDAPv3
• On-line, zero downtime, LDAP-based update of schema, configuration, management and in-tree Access Control Information (ACIs)
• Graphical console for all facets of user, group, and server management

Prerequistes:

1. Make sure that your server is properly configured with DNS server with proper FQDN. Navigate to this link to congure your DNS server.

2. Configure the firewall to allow LDAP ports in your server. To do that open the iptables config file and enter the lines as shown below. Changes which i have made in the config files  are shown in bold letters.

[root@server ~]# nano /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 636 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 9830 -j ACCEPT
COMMIT

1. Restart iptables to save the changes.

[root@server ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

1. Add and install the EPEL repository to install 389ds package.

[root@server ~]# wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
--2013-02-05 13:00:46--  http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Resolving dl.fedoraproject.org... 209.132.181.23, 209.132.181.24, 209.132.181.25, ...
Connecting to dl.fedoraproject.org|209.132.181.23|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14540 (14K) [application/x-rpm]
Saving to: `epel-release-6-8.noarch.rpm'
100%[======================================>] 14,540      30.9K/s   in 0.5s    
2013-02-05 13:00:48 (30.9 KB/s) - `epel-release-6-8.noarch.rpm' saved [14540/14540]
[root@server ~]# rpm -ivh epel-release-6-8.noarch.rpm 
warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]

1. Before start to install and configure 389 directory server we should adjust some performance and security settings in the server.

5.1. Open the /etc/sysctl.conf file and add the lines as shown below. Changes which i have made in the config files  are shown in bold letters.

[root@server ~]# nano /etc/sysctl.conf 
#
# Kernel sysctl configuration file for Red Hat Linux
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
# Controls the default maxmimum size of a mesage queue
kernel.msgmnb = 65536
# Controls the maximum size of a message, in bytes
kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 268435456
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000

  Check the changes you have made before.

[root@server ~]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
net.ipv4.tcp_keepalive_time = 300
net.ipv4.ip_local_port_range = 1024 65000
fs.file-max = 64000

5.2. Edit the file descriptors in /etc/security/limits.conf file and add the lines as shown below at the end. Changes which i have made in the config files  are shown in bold letters.

[root@server ~]# nano /etc/security/limits.conf 
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#
#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4
# End of file
*softnofile8192
*hardnofile8192

5.3. Open the /etc/profile file and add the line as shown below. Changes are shown in bold.

[root@server ~]# nano /etc/profile
# /etc/profile
# System wide environment and startup programs, for login setup
# Functions and aliases go in /etc/bashrc
# It's NOT a good idea to change this file unless you know what you
# are doing. It's much better to create a custom.sh shell script in
# /etc/profile.d/ to make custom changes to your environment, as this
# will prevent the need for merging in future updates.
pathmunge () {
    case ":${PATH}:" in
        *:"$1":*)
            ;;
        *)
            if [ "$2" = "after" ] ; then
                PATH=$PATH:$1
            else
                PATH=$1:$PATH
            fi
    esac
}

if [ -x /usr/bin/id ]; then
    if [ -z "$EUID" ]; then
        # ksh workaround
        EUID=`id -u`
        UID=`id -ru`
    fi
    USER="`id -un`"
    LOGNAME=$USER
    MAIL="/var/spool/mail/$USER"
fi
# Path manipulation
if [ "$EUID" = "0" ]; then
    pathmunge /sbin
    pathmunge /usr/sbin
    pathmunge /usr/local/sbin
else
    pathmunge /usr/local/sbin after
    pathmunge /usr/sbin after
    pathmunge /sbin after
fi
HOSTNAME=`/bin/hostname 2>/dev/null`
HISTSIZE=1000
if [ "$HISTCONTROL" = "ignorespace" ] ; then
    export HISTCONTROL=ignoreboth
else
    export HISTCONTROL=ignoredups
fi
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE HISTCONTROL
# By default, we want umask to get set. This sets it for login shell
# Current threshold for system reserved uid/gids is 200
# You could check uidgid reservation validity in
# /usr/share/doc/setup-*/uidgid file
if [ $UID -gt 199 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 022
fi
for i in /etc/profile.d/*.sh ; do
    if [ -r "$i" ]; then
        if [ "${-#*i}" != "$-" ]; then
            . "$i"
        else
            . "$i" >/dev/null 2>&1
        fi
    fi
done
unset i
unset pathmunge
ulimit-n8192

5.4. Add the following to the end of your /etc/pam.d/login file as shown below. Changes which i have made in the config files  are shown in bold letters.

[root@server ~]# nano /etc/pam.d/login 
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth       include      system-auth
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
-session   optional     pam_ck_connector.so
session    required     /lib/security/pam_limits.so

1. Add a user called fedora-ds.

[root@server ~]# useradd fedora-ds
[root@server ~]# passwd fedora-ds
Changing password for user fedora-ds.
New password: 
BAD PASSWORD: it is based on a dictionary word
Retype new password: 
passwd: all authentication tokens updated successfully.

Install LDAP server:

[root@server ~]# yum install 389-ds openldap-clients -y

Confiure 389 Directory server

[root@server ~]# setup-ds-admin.pl
==============================================================================
This program will set up the 389 Directory and Administration Servers.
It is recommended that you have "root" privilege to set up the software.
Tips for using this program:
  - Press "Enter" to choose the default and go to the next screen
  - Type "Control-B" then "Enter" to go back to the previous screen
  - Type "Control-C" to cancel the setup program
Would you like to continue with set up? [yes]:  ##press enter##
==============================================================================
Your system has been scanned for potential problems, missing patches,
etc.  The following output is a report of the items found that need to
be addressed before running this software in a production
environment.
389 Directory Server system tuning analysis version 10-AUGUST-2007.
NOTICE : System is i686-unknown-linux2.6.32-279.el6.i686 (1 processor).
WARNING: 622MB of physical memory is available on the system. 1024MB is recommended for best performance on large production system.
WARNING: There are only 1024 file descriptors (soft limit) available, which
limit the number of simultaneous connections.  
WARNING  : The warning messages above should be reviewed before proceeding.
Would you like to continue? [no]: yes ##type yes and press enter##
==============================================================================
Choose a setup type:
   1. Express
       Allows you to quickly set up the servers using the most
       common options and pre-defined defaults. Useful for quick
       evaluation of the products.
   2. Typical
       Allows you to specify common defaults and options.
   3. Custom
       Allows you to specify more advanced options. This is 
       recommended for experienced server administrators only.
To accept the default shown in brackets, press the Enter key.
Choose a setup type [2]: 2 ##type 2 and press enter##
==============================================================================
Enter the fully qualified domain name of the computer
on which you're setting up server software. Using the form
<hostname>.<domainname>
Example: eros.example.com.
To accept the default shown in brackets, press the Enter key.
Warning: This step may take a few minutes if your DNS servers
can not be reached or if DNS is not configured correctly.  If
you would rather not wait, hit Ctrl-C and run this program again
with the following command line option to specify the hostname:
    General.FullMachineName=your.hostname.domain.name
Computer name [server.ostechnix.com]:  ##press enter##
==============================================================================
The servers must run as a specific user in a specific group.
It is strongly recommended that this user should have no privileges
on the computer (i.e. a non-root user).  The setup procedure
will give this user/group some permissions in specific paths/files
to perform server-specific operations.
If you have not yet created a user and group for the servers,
create this user and group using your native operating
system utilities.
System User [nobody]: fedora-ds ##input your yourname which you created earlier and press enter##
System Group [nobody]: fedora-ds
==============================================================================
Server information is stored in the configuration directory server.
This information is used by the console and administration server to
configure and manage your servers.  If you have already set up a
configuration directory server, you should register any servers you
set up or create with the configuration server.  To do so, the
following information about the configuration server is required: the
fully qualified host name of the form
<hostname>.<domainname>(e.g. hostname.example.com), the port number
(default 389), the suffix, the DN and password of a user having
permission to write the configuration information, usually the
configuration directory administrator, and if you are using security
(TLS/SSL).  If you are using TLS/SSL, specify the TLS/SSL (LDAPS) port
number (default 636) instead of the regular LDAP port number, and
provide the CA certificate (in PEM/ASCII format).
If you do not yet have a configuration directory server, enter 'No' to
be prompted to set up one.
Do you want to register this software with an existing
configuration directory server? [no]:  ##press enter##
==============================================================================
Please enter the administrator ID for the configuration directory
server.  This is the ID typically used to log in to the console.  You
will also be prompted for the password.
Configuration directory server
administrator ID [admin]:  ##enter the password and press enter##
Password: 
Password (confirm): 
==============================================================================
The information stored in the configuration directory server can be
separated into different Administration Domains.  If you are managing
multiple software releases at the same time, or managing information
about multiple domains, you may use the Administration Domain to keep
them separate.
If you are not using administrative domains, press Enter to select the
default.  Otherwise, enter some descriptive, unique name for the
administration domain, such as the name of the organization
responsible for managing the domain.
Administration Domain [ostechnix.com]:  ##press enter##
==============================================================================
The standard directory server network port number is 389.  However, if
you are not logged as the superuser, or port 389 is in use, the
default value will be a random unused port number greater than 1024.
If you want to use port 389, make sure that you are logged in as the
superuser, that port 389 is not in use.
Directory server network port [389]:  ##press enter##
==============================================================================
Each instance of a directory server requires a unique identifier.
This identifier is used to name the various
instance specific files and directories in the file system,
as well as for other uses as a server instance identifier.
Directory server identifier [server]:  ##press enter##
==============================================================================
The suffix is the root of your directory tree.  The suffix must be a valid DN.
It is recommended that you use the dc=domaincomponent suffix convention.
For example, if your domain is example.com,
you should use dc=example,dc=com for your suffix.
Setup will create this initial suffix for you,
but you may have more than one suffix.
Use the directory server utilities to create additional suffixes.
Suffix [dc=ostechnix, dc=com]:  ##press enter##
==============================================================================
Certain directory server operations require an administrative user.
This user is referred to as the Directory Manager and typically has a
bind Distinguished Name (DN) of cn=Directory Manager.
You will also be prompted for the password for this user.  The password must
be at least 8 characters long, and contain no spaces.
Press Control-B or type the word "back", then Enter to back up and start over.
Directory Manager DN [cn=Directory Manager]:  ##press enter##
Password: 
Password (confirm): 
==============================================================================
The Administration Server is separate from any of your web or application
servers since it listens to a different port and access to it is
restricted.
Pick a port number between 1024 and 65535 to run your Administration
Server on. You should NOT use a port number which you plan to
run a web or application server on, rather, select a number which you
will remember and which will not be used for anything else.
Administration port [9830]:  ##press enter##
==============================================================================
The interactive phase is complete.  The script will now set up your
servers.  Enter No or go Back if you want to change something.
Are you ready to set up your servers? [yes]: 
Creating directory server . . .
Your new DS instance 'server' was successfully created.
Creating the configuration directory server . . .
Beginning Admin Server creation . . .
Creating Admin Server files and directories . . .
Updating adm.conf . . .
Updating admpw . . .
Registering admin server with the configuration directory server . . .
Updating adm.conf with information from configuration directory server . . .
Updating the configuration for the httpd engine . . .
Starting admin server . . .
output: Starting dirsrv-admin: 
output:                                                    [  OK  ]
The admin server was successfully started.
Admin server was successfully created, configured, and started.
Exiting . . .
Log file is '/tmp/setupkmf7gF.log'

Test LDAP server

[root@server ~]# ldapsearch -x -b "dc=ostechnix,dc=com"
# extended LDIF
#
# LDAPv3
# base <dc=ostechnix,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# ostechnix.com
dn: dc=ostechnix,dc=com
objectClass: top
objectClass: domain
dc: ostechnix
# Directory Administrators, ostechnix.com
dn: cn=Directory Administrators,dc=ostechnix,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: Directory Administrators
uniqueMember: cn=Directory Manager
# Groups, ostechnix.com
dn: ou=Groups,dc=ostechnix,dc=com
objectClass: top
objectClass: organizationalunit
ou: Groups
# People, ostechnix.com
dn: ou=People,dc=ostechnix,dc=com
objectClass: top
objectClass: organizationalunit
ou: People
# Special Users, ostechnix.com
dn: ou=Special Users,dc=ostechnix,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Special Users
description: Special Administrative Accounts
# Accounting Managers, Groups, ostechnix.com
dn: cn=Accounting Managers,ou=Groups,dc=ostechnix,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Accounting Managers
ou: groups
description: People who can manage accounting entries
uniqueMember: cn=Directory Manager
# HR Managers, Groups, ostechnix.com
dn: cn=HR Managers,ou=Groups,dc=ostechnix,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: HR Managers
ou: groups
description: People who can manage HR entries
uniqueMember: cn=Directory Manager
# QA Managers, Groups, ostechnix.com
dn: cn=QA Managers,ou=Groups,dc=ostechnix,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: QA Managers
ou: groups
description: People who can manage QA entries
uniqueMember: cn=Directory Manager
# PD Managers, Groups, ostechnix.com
dn: cn=PD Managers,ou=Groups,dc=ostechnix,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: PD Managers
ou: groups
description: People who can manage engineer entries
uniqueMember: cn=Directory Manager
# search result
search: 2
result: 0 Success
# numResponses: 10
# numEntries: 9

If you get search: 2 anywhere in the above result you’re done. LDAP server is working now.

Make the LDAP server to start automatically on every reboot.

[root@server ~]# chkconfig dirsrv on

DNS Server Installation Step by Step Using CentOS

Scenario

Primary(Master) DNS Server Details:

Operating System     : CentOS 6.5 server
Hostname             : masterdns.unixmen.local
IP Address           : 192.168.1.100/24

Secondary(Slave) DNS Server Details:

Operating System     : CentOS 6.5 server
Hostname             : secondarydns.unixmen.local
IP Address           : 192.168.1.101/24

Client Details:

Operating System     : CentOS 6.5 Desktop  
Hostname             : Client.unixmen.local
IP Address           : 192.168.1.102/24

Setup Primary(Master) DNS Server

[root@masterdns ~]# yum install bind* -y

1. Configure DNS Server

Add the lines as shown below in ‘/etc/named.conf’ file

[root@masterdns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.100; }; ### Master DNS IP ###
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; }; ### IP Range ### 
allow-transfer{ localhost; 192.168.1.101; };   ### Slave DNS IP ###
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone

Create forward.unixmen file in the ‘/var/named’ directory.

[root@masterdns ~]# vi /var/named/forward.unixmen
$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  A           192.168.1.100
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
masterdns       IN  A   192.168.1.100
secondarydns    IN  A   192.168.1.101
client          IN  A   192.168.1.102

2.2 Create Reverse Zone

Create reverse.unixmen file in the ‘/var/named’ directory.

[root@masterdns ~]# vi /var/named/reverse.unixmen 
$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  PTR         unixmen.local.
masterdns       IN  A   192.168.1.100
secondarydns    IN  A   192.168.1.101
client          IN  A   192.168.1.102
100     IN  PTR         masterdns.unixmen.local.
101     IN  PTR         secondarydns.unixmen.local.
102     IN  PTR         client.unixmen.local.

3. Start the DNS service

[root@masterdns ~]# service named start
Starting named:                                            [  OK  ]
[root@masterdns ~]# chkconfig named on

4. Adjust iptables to allow DNS server from outside of the network

Add the lines as shown below in ‘/etc/sysconfig/iptables’ file.

[root@masterdns ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p udp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

5. Restart iptables

[root@masterdns ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

6. Test DNS configuration and zone files for any syntax errors

[root@masterdns ~]# named-checkconf /etc/named.conf 
[root@masterdns ~]# named-checkzone unixmen.local /var/named/forward.unixmen 
zone unixmen.local/IN: loaded serial 2011071001
OK
[root@masterdns ~]# named-checkzone unixmen.local /var/named/reverse.unixmen 
zone unixmen.local/IN: loaded serial 2011071001
OK

7. Test DNS Server

[root@masterdns ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSsecondarydns.unixmen.local.
unixmen.local.86400INNSmasterdns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 6 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:07:56 2013
;; MSG SIZE  rcvd: 114

[root@masterdns ~]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100
Name:unixmen.local
Address: 192.168.1.101

Now the Primary DNS server is ready to use.

Setup Secondary(Slave) DNS Server

[root@secondarydns ~]# yum install bind* -y

1. Configure Slave DNS Server

Open the main configuration file ‘/etc/named.conf’ and add the lines as shown below.

[root@secondarydns ~]# vi /etc/named.conf 
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
type hint;
file "named.ca";
};
zone"unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.100; };
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.100; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

[root@secondarydns ~]# service named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                            [  OK  ]
[root@secondarydns ~]# chkconfig named on

Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.

[root@secondarydns ~]# ls /var/named/slaves/
unixmen.fwd  unixmen.rev

[root@secondarydns ~]# cat /var/named/slaves/unixmen.fwd 
$ORIGIN .
$TTL 86400; 1 day
unixmen.localIN SOAmasterdns.unixmen.local. root.unixmen.local. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
A192.168.1.100
A192.168.1.101
A192.168.1.102
$ORIGIN unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
secondarydnsA192.168.1.101

[root@secondarydns ~]# cat /var/named/slaves/unixmen.rev 
$ORIGIN .
$TTL 86400; 1 day
1.168.192.in-addr.arpaIN SOAmasterdns.unixmen.local. root.unixmen.local. (
2011071001 ; serial
3600       ; refresh (1 hour)
1800       ; retry (30 minutes)
604800     ; expire (1 week)
86400      ; minimum (1 day)
)
NS masterdns.unixmen.local.
NS secondarydns.unixmen.local.
PTRunixmen.local.
$ORIGIN 1.168.192.in-addr.arpa.
100PTRmasterdns.unixmen.local.
101PTRsecondarydns.unixmen.local.
102PTRclient.unixmen.local.
clientA192.168.1.102
masterdnsA192.168.1.100
secondarydnsA192.168.1.101

3. Add the DNS Server details to all systems

[root@secondarydns ~]# vi /etc/resolv.conf
# Generated by NetworkManager
search ostechnix.com
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

4. Test DNS Server

[root@secondarydns ~]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21487
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 15 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:27:57 2013
;; MSG SIZE  rcvd: 114

[root@secondarydns ~]# dig secondarydns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20958
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.unixmen.local.INA
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; Query time: 4 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:31:53 2013
;; MSG SIZE  rcvd: 114

[root@secondarydns ~]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.101
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100

Client Side Configuration

Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems

[root@client unixmen]# vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.100
nameserver 192.168.1.101
nameserver 8.8.8.8

Test DNS Server

[root@client unixmen]# dig masterdns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19496
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;masterdns.unixmen.local.INA
;; ANSWER SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 30 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:47:55 2013
;; MSG SIZE  rcvd: 114

[root@client unixmen]# dig secondarydns.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14852
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;secondarydns.unixmen.local.INA
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.86400INNSsecondarydns.unixmen.local.
unixmen.local.86400INNSmasterdns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
;; Query time: 8 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:48:38 2013
;; MSG SIZE  rcvd: 114

[root@client unixmen]# dig client.unixmen.local
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> client.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14604
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;client.unixmen.local.INA
;; ANSWER SECTION:
client.unixmen.local.86400INA192.168.1.102
;; AUTHORITY SECTION:
unixmen.local.86400INNSmasterdns.unixmen.local.
unixmen.local.86400INNSsecondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400INA192.168.1.100
secondarydns.unixmen.local. 86400 INA192.168.1.101
;; Query time: 5 msec
;; SERVER: 192.168.1.100#53(192.168.1.100)
;; WHEN: Thu Mar  7 13:49:11 2013
;; MSG SIZE  rcvd: 137

[root@client unixmen]# nslookup unixmen.local
Server:192.168.1.100
Address:192.168.1.100#53
Name:unixmen.local
Address: 192.168.1.102
Name:unixmen.local
Address: 192.168.1.100
Name:unixmen.local
Address: 192.168.1.101

Now the primary and secondary DNS servers are ready.

Install OpenFire 3.9.3 on CentOS 6.6 x86_64

Hi, Now we are looking for chatserver. OpenFire is best solution in open source.

Let’s see installation of openfire on centos 6.6 x86_64

First you require java installed on server

1. How to check java instelled or not.

[root@localhost ~]# java -version
java version “1.7.0_71″
OpenJDK Runtime Environment (rhel-2.5.3.1.el6-x86_64 u71-b14)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

Install glibc package

yum -y install glibc.i686

Change to the /tmp directory

[root@localhost ~]# cd /tmp

[root@localhost tmp]#

Download the RPM from this direct link.

[root@localhost tmp]# wget http://download.igniterealtime.org/openfire/openfire-3.9.3-1.i386.rpm

After downloading successfully, you are ready for installation 🙂

[root@localhost tmp]# rpm -Uvh openfire-3.9.3-1.i386.rpm

Once the RPM has been installed, start the openfire service

[root@localhost tmp]# service openfire start

Ensure that openfire will boot with your server

[root@localhost tmp]# chkconfig –level 235 openfire on

iptable stop for testing purpose late you can add port in iptable

[root@localhost tmp]# service iptables stop

You may require mysql database for chat server

[root@localhost ~ ]# yum -y install mysql-server

Start mysql server

[root@localhost ~ ]# /etc/init.d/mysqld start

Ensure mysql starts when the server boot

[root@localhost ~ ]# chkconfig –level 235 mysqld on

Basic MySql database configuration

/usr/bin/mysql_secure_installation

Note: hit “enter” to give no password generate and save a new root password hit “enter” aka “Y” on the rest of the questions Restart mysql server

[root@localhost ~ ]# /etc/init.d/mysqld restart

Login to mysql as root (use the new root password you just entered)

[root@localhost ~ ]# mysql -u root -p

Create database for Openfire

mysql> CREATE DATABASE openfire;

Give the user access to the database

mysql> GRANT ALL PRIVILEGES ON openfire.* to openfire@127.0.0.1;

Save your changes

mysql> FLUSH PRIVILEGES;

Now exit from mysql

mysql> exit;

Open your browser and access your openfire

http://yourdomain.com:9090

Thank you again!!

Hi, Now we are looking for chatserver. OpenFire is best solution in open source.

Let’s see installation of openfire on centos 6.6 x86_64

First you require java installed on server

1. How to check java instelled or not.

[root@localhost ~]# java -version
java version “1.7.0_71″
OpenJDK Runtime Environment (rhel-2.5.3.1.el6-x86_64 u71-b14)
OpenJDK 64-Bit Server VM (build 24.65-b04, mixed mode)

Install glibc package

yum -y install glibc.i686

Change to the /tmp directory

[root@localhost ~]# cd /tmp

[root@localhost tmp]#

Download the RPM from this direct link.

[root@localhost tmp]# wget http://download.igniterealtime.org/openfire/openfire-3.9.3-1.i386.rpm

After downloading successfully, you are ready for installation 🙂

[root@localhost tmp]# rpm -Uvh openfire-3.9.3-1.i386.rpm

Once the RPM has been installed, start the openfire service

[root@localhost tmp]# service openfire start

Ensure that openfire will boot with your server

[root@localhost tmp]# chkconfig –level 235 openfire on

iptable stop for testing purpose late you can add port in iptable

[root@localhost tmp]# service iptables stop

You may require mysql database for chat server

[root@localhost ~ ]# yum -y install mysql-server

Start mysql server

[root@localhost ~ ]# /etc/init.d/mysqld start

Ensure mysql starts when the server boot

[root@localhost ~ ]# chkconfig –level 235 mysqld on

Basic MySql database configuration

/usr/bin/mysql_secure_installation

Note: hit “enter” to give no password generate and save a new root password hit “enter” aka “Y” on the rest of the questions Restart mysql server

[root@localhost ~ ]# /etc/init.d/mysqld restart

Login to mysql as root (use the new root password you just entered)

[root@localhost ~ ]# mysql -u root -p

Create database for Openfire

mysql> CREATE DATABASE openfire;

Give the user access to the database

mysql> GRANT ALL PRIVILEGES ON openfire.* to openfire@127.0.0.1;

Save your changes

mysql> FLUSH PRIVILEGES;

Now exit from mysql

mysql> exit;

Open your browser and access your openfire

http://yourdomain.com:9090

Thank you again!!

How To Enable SPF Checking for Incoming Connection

Usually, i am configure spf to my server for outgoing purpose. The spf records are defined in public dns use txt records. But, how to enable spf checking if there connection to my server?

The following is step by step how to enable spf checking for incoming connection.

You need to enable cbpolicyd as in the following guides : https://pratapsatve.wordpress.com/2016/03/17/how-to-install-policyd-on-zimbra/. After enable policyd, please open policyd webui (http://IPZIMBRA:7780/webui/index.php) and create some groups, policy and spf.

# Create Groups

Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups

Create Policy

Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query

select new policy has been made and select members on action. Add member and fill on source/destination with group that has been made. See the following example

Above configuration only check spf if email connection come from external domain (Gmail, Yahoo and etc) to my internal domain. If email connection come from internal domain to internal domain, or internal domain to external domain, spf checking will be ignore/skip. make sure disabled status is no

# Create SPF Check

Select SPF Checks | Configure. Select Add on Action and configure like follow. Then Submit

Make sure disabled status is no. Enable policyd checkspf and restart policyd service

su - zimbra

zmprov ms `zmhostname` zimbraCBPolicydCheckSPFEnabled TRUE

zmcbpolicydctl restart

SPF checking for incoming connection has been enabled and configured. Please see zimbra.log if getting spf fail.

The following is example when getting spf fail

Mar 10 18:45:43 smtp postfix/smtpd[28068]: NOQUEUE: reject: RCPT 
from c117-167.nanaonet.jp[119.18.167.117]: 554 5.7.1 <shaftssg@onet.pl>: 
Sender address rejected: Failed SPF check; 
Please see http://www.openspf.org/Why?s=mfrom;id=shaftssg%40onet.pl;
ip=119.18.167.117;r=smtp.imanudin.net; onet.pl, 
Sender is not authorized by default to 
use 'shaftssg@onet.pl' in 'mfrom' identity (mechanism '-all' matched); 
from=<shaftssg@onet.pl> to=<xxxx@imanudin.net> proto=ESMTP helo=<[119.18.167.117]>

Good luck and hopefully useful

 

Improving Anti Spam : Reject Unlisted Domain On Zimbra

Reject unlisted domain is one of many method to improve anti spam on email server, especially Zimbra mail server. On Zimbra, we can setup any IP address to listed as trusted network. IP address listed on trusted network, can sending email without authentication or prompt asking. In other words, listed ip address on trusted network can sending email with any domain, although is not listed on Zimbra.

If you have email server with domain example.com, email server should be sending email to outside with example.com domain, if not, then it should be rejected. This article, will describe step by step how to reject unlisted domain on Zimbra with Policyd. Assuming you have install and enable Policyd. If not, you can following this article to enable it : https://pratapsatve.wordpress.com/2016/03/17/how-to-install-policyd-on-zimbra/

Access Policyd WebUI via browser http://zimbraserver:7780/webui/index.php. Make sure your Zimbra service apache have been running

Select Policies | Groups. Select action and add groups. given name list_domain. On comment, you can empty or filled with comment. Select a group that has been made. On action, select members and fill with your domain. See the following example. make sure disabled status is no at groups or members groups

Select Policies | Main. Add new policy and give name or information like the following picture. Then submit query

select new policy have been made and select members on action. Add member and fill on source/destination with group that has previously been made. See the following picture

above configuration is explain source and destination is not from members listed on group. Select Access Control | Configure. Add new ACL and give name or information like this :

Name : Reject Unlisted Domain
Link to policy : Reject Unlisted Domain (New policy has previously been made)
Verdict : Reject
Data : Sorry, you are not authorized to sending email

See the following picture. Then submit query

Make sure disabled status is no of all configuration has been made. Enable policyd accesscontrol and restart policyd service

su – zimbra
zmprov ms zmhostname zimbraCBPolicydAccessControlEnabled TRUE
zmcbpolicydctl restart

mail:~ # telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mail.xxxxxxx.xxx ESMTP Postfix
ehlo mail
250-mail.xxxxxxx.xxx
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:ahmad@gmail.com
250 2.1.0 Ok
rcpt to:ahmad@yahoo.com
554 5.7.1 : Sender address rejected: Sorry, you are not authorized to sending email

Good luck and hopefully useful

How To Restore Zimbra Mailbox

After success backup mailbox as described from previous article on this section : Zimbra Tips : How To Backup Mailbox Daily, Weekly and Monthly, you could restore the backup mailboxes with zmmailbox command who has been provided by Zimbra. The example command is like below :

su – zimbra -c “zmmailbox -z -m username postRestURL ‘//?fmt=tgz&resolve=reset’ folder/file-location.tgz”;

Note :

resolve = reset. This parameters will delete mailboxes existing on user and will be changed with mailbox backup. The reset parameter could be changed with skip, replace, modify.

folder/file-location.tgz is folder/file location backup mailboxes.

Example

su – zimbra -c “zmmailbox -z -m admin@example.com postRestURL ‘//?fmt=tgz&resolve=reset’ /srv/backup/20150128/admin@example.com.tgz”;

The above command will be restore backup mailboxes admin@example.com user with reset resolver and the backup file is located in /srv/backup/20150128/admin@example.com.tgz

For restore backup all user, you could make a script as below :

#!/bin/bash

BACKUPDIR=”/srv/backup/20150128″;

clear

echo “Retrieve all zimbra user name…”

USERS=su - zimbra -c 'zmprov -l gaa | sort';

for ACCOUNT in $USERS; do
NAME=echo $ACCOUNT;
echo “Restoring $NAME mailbox…”
su – zimbra -c “zmmailbox -z -m $NAME postRestURL ‘//?fmt=tgz&resolve=reset’ $BACKUPDIR/$NAME.tgz”;
done
echo “All mailbox has been restored sucessfully”

Good luck and hopefully useful

Zimbra Tips : How To Backup Mailbox Daily, Weekly and Monthly

For backup mailbox, i am usually using zmmailbox command who has been provided by Zimbra. The command usually will backup all mailbox on the users. But in this case, i want to backup mailbox daily, weekly, monthly or by certain time/date. For to do that, i could using the simple script and execute every night by crontab.

Make file backup-mailbox.sh in /srv directory

vi /srv/backup-mailbox.sh

Fill with the following line

##!/bin/bash
clear

Backup Format

FORMAT=tgz

Backup location

ZBACKUP=/srv/backup/

Folder name for backup and using date

DATE=date +"%d%m%y"

Backup location separate by date

ZDUMPDIR=$ZBACKUP/$DATE

zmmailbox location

ZMBOX=/opt/zimbra/bin/zmmailbox

Backup Option

Based on few day ago until today, example 7 days ago

#HARI=date --date='7 days ago' +"%m/%d/%Y"
#query=”&query=after:$HARI”

Based on certain date , example 21 Jan 2015.

#query=”&query=date:01/21/2015″

Based from/to certain date. Example Backup Mailbox before 21 Jan 2015 and after 10 Jan 2015

#query=”&query=after:01/10/2015 before:01/21/2015″

if [ ! -d $ZDUMPDIR ]; then
mkdir -p $ZDUMPDIR
fi

Looping Account Zimbra

for account in su - zimbra -c 'zmprov -l gaa | sort'
do
echo “Processing mailbox $account backup…”
$ZMBOX -z -m $account getRestURL “//?fmt=${FORMAT}$query” > $ZDUMPDIR/$account.${FORMAT}
done

echo “Zimbra Mailbox backup has been completed successfully.”

Note : The above script has 3 method backup. First backup by few days ago. Second backup by certain date and third backup based on from/to certain date. Don’t forget to remove # 1 of 3 method what do you want. Save the script and give execution access

chmod +x /srv/backup-mailbox.sh
sh /srv/backup-mailbox.sh

If you want to execute every night, you can place the script in the crontab for automatically execute

Good luck and hopefully useful.

How To Install PolicyD on Zimbra

What is Policyd?

Policyd is an anti spam plugin. Policyd have some module like quotas, access control, spf check, greylisting and others.

Zimbra Collaboration Suite is an email server who use Postfix as engine for MTA. By default, policyd have been bundled with Zimbra from Zimbra version 7.

Why we must use Policyd?

Policyd have module quotas. This module can use for limit sending/receipt email. As example just allow sending/receipt email 200 emails/hours/users. If your email server attacked by spam or compromised password some users and used by spammer, the maximum email can be sent as many as 200 emails per hour. This policy will safe your IP public from blacklist on RBL. Besides, you can check who user send email with many email

How To Install Policyd on Zimbra 8.5?

This guidance is step by step how to install policyd on Zimbra 8.5.

Activate Policyd

su – zimbra
zmprov ms zmhostname +zimbraServiceInstalled cbpolicyd +zimbraServiceEnabled cbpolicyd

Activate Policyd WebUI

Run the following command as root
cd /opt/zimbra/httpd/htdocs/ && ln -s ../../cbpolicyd/share/webui

Edit file /opt/zimbra/cbpolicyd/share/webui/includes/config.php and putting “#” on front of all the lines beginning with $DB_DSN and adding the following line just before the line beginning with $DB_USER.

$DB_DSN=”sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb”;

See the following example

#$DB_DSN=”mysql:host=localhost;dbname=cluebringer”;
$DB_DSN=”sqlite:/opt/zimbra/data/cbpolicyd/db/cbpolicyd.sqlitedb”;
$DB_USER=”root”;

Restart Zimbra service and Zimbra Apache service
su – zimbra -c “zmcontrol restart”
su – zimbra -c “zmapachectl restart”

You can now access the Policyd Webui with browser at URL http://IPZimbra:7780/webui/index.php

Good luck and hopefully useful.

How To Install Zimbra on CentOS

Usually, i am always using SUSE Linux Enterprise Server as operating system for Zimbra Mail Server. But, starting from Zimbra 9.x.x, SLES has been deprecated (end of life) and may be will not supported by Zimbra. Therefore, i attempt to using CentOS as operating system for Zimbra. For easy understanding, this is my information system

Domain : imanudin.net
Hostname : mail
IP Address : 192.168.1.50

Configure Network

First, we must configure network on CentOS. Assuming name of your network interface is eth0

vi /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.1.50
NETMASK=255.255.255.0
DNS1=192.168.1.50
GATEWAY=192.168.1.1
DNS2=4.2.2.2
USERCTL=no

Restart network service and setup for automatic boot

service network restart
chkconfig network on

Configure Disable Selinux & Firewall

Open file /etc/sysconfig/selinux and change SELINUX=enforcing become SELINUX=disabled. Also disable some service such as iptables, ip6tables and firewalld.

setenforce 0
service firewalld stop
service iptables stop
service ip6tables stop
systemctl disable firewalld
systemctl disable iptables
systemctl disable ip6tables

Configure /etc/hosts, /etc/resolv.conf and hostname

Open file /etc/hosts and configure as follows
127.0.0.1 localhost
192.168.1.50 mail.example.com mail

Open file /etc/resolv.conf and configure as follows
search imanudin.net
nameserver 192.168.1.50
nameserver 4.2.2.2
nameserver 8.8.8.8

Do the following command as root
hostname mail.example.com
echo “HOSTNAME=mail.example.com” >> /etc/sysconfig/network

Disable service sendmail or postfix

Do the following command as root
service sendmail stop
service postfix stop
systemctl disable sendmail
systemctl disable postfix

Update repo and install package dependency by Zimbra

yum update
yum -y install perl perl-core wget screen w3m elinks openssh-clients openssh-server bind bind-utils unzip nmap sed nc sysstat libaio rsync telnet aspell

Configure local DNS Server

Zimbra needed lookup to MX records on domain that used. For that purpose, we can configure dns server on machine of Zimbra mail server

Open file /etc/named.conf and add any on listen-on port 53 and allow-query as follows

listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };

Create a zone on the bottom of file named.conf as follows

zone “imanudin.net” IN {
type master;
file “db.example.com”;
allow-update { none; };
};

Create database for new zone has been created on folder /var/named/
touch /var/named/db.example.com
chgrp named /var/named/db.example.com
vi /var/named/db.example.com

fill as follows
$TTL 1D
@ IN SOA ns1.example.com. root.example.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS ns1.example.com.
@ IN MX 0 mail.example.com.
ns1 IN A 192.168.1.50
mail IN A 192.168.1.50

Restart Service & Check results configuring DNS Server

service named restart
systemctl enable named
nslookup mail.example.com
dig example.com mx

If results from above command as follows, your configuration dns has been success
[root@mail opt]# nslookup mail.example.com
Server: 192.168.1.50
Address: 192.168.1.50#53
Name: mail.example.com
Address: 192.168.1.50

Preparation for install Zimbra has been finished. Now we can install zimbra and will explained on next section

After previously preparation for install Zimbra has been finished, we can install Zimbra right now. First, we can download Zimbra Binary from this link http://www.zimbra.com/downloads/zimbra-collaboration-open-source or if you are in Indonesia region, you can download on follows link http://mirror.linux.or.id/zimbra/binary/.

cd /opt/
wget -c http://files2.zimbra.com/downloads/8.5.0_GA/zcs-8.5.0_GA_3042.RHEL7_64.20140828204420.tgz

After finished download, extract Zimbra, cd to folder result of extract and install Zimbra
tar -zxvf zcs-8.5.0_GA_3042.RHEL7_64.20140828204420.tgz
cd zcs-8.5.0_GA_3042.RHEL7_64.20140828204420
sh install.sh

type Y if asking license agreement
Do you agree with the terms of the software license agreement? [N] Y

Select the packages to install like follows
Install zimbra-ldap [Y] Y
Install zimbra-logger [Y] Y
Install zimbra-mta [Y] Y
Install zimbra-dnscache [Y] N
Install zimbra-snmp [Y] Y
Install zimbra-store [Y] Y
Install zimbra-apache [Y] Y
Install zimbra-spell [Y] Y
Install zimbra-memcached [Y] Y
Install zimbra-proxy [Y] Y

Type Y if asked The system will be modified. Continue?

if get message like follows, enter or type Yes and change domain name
DNS ERROR resolving MX for mail.example.com
It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] Yes
Create domain: [mail.example.com] example.com

if you not change domain name on above section, your domain name will become mail.example.com and email of account will become user@mail.example.com. Type 6 and then press key enter to change password of admin account and type again 4 and then press key enter. Insert your password that you want

1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-snmp: Enabled
6) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@example.com
******* +Admin Password UNSET
+Anti-virus quarantine user: virus-quarantine.dgnsq8ewc@example.com
……
……
Address unconfigured (**) items (? – help) 6
Store configuration

1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@example.com
** 4) Admin Password UNSET
5) Anti-virus quarantine user: virus-quarantine.dgnsq8ewc@example.com
……
……
Select, or ‘r’ for previous menu [r] 4

Password for admin@example.com (min 6 characters): [s8eNUeOms] Verys3cr3t

After insert password, Select, or ‘r’ for previous menu. If all has been configured, apply configuration and wait a moment until zimbra finished install

*** CONFIGURATION COMPLETE – press ‘a’ to apply
Select from menu, or press ‘a’ to apply config (? – help) a
Save configuration data to a file? [Yes] Yes
Save config in file: [/opt/zimbra/config.24648]
Saving config in /opt/zimbra/config.24648…done.
The system will be modified – continue? [No] Yes
Operations logged to /tmp/zmsetup10052014-214606.log

Type Yes if asked Notify Zimbra of your installation? and if has been appear Configuration complete – press return to exit, your zimbra installation has been finished. Check Zimbra status with this command su – zimbra -c “zmcontrol status” and make sure all service running well. You can also trying access webmail via browser on url https://ZimbraServer

Congratulations, you have been finished install Zimbra on CentOS

How To Install and Configure Slim Framework on Ubuntu 14.04

Prerequisites

This tutorial will illustrate the steps required to install and configure Slim Framework on a Digital Ocean VPS. By the end of this tutorial, you will have a well organized, working instance of Slim Framework, complete with a folder structure that you can base your project in.

This tutorial assumes that you have a LAMP (or your preferred) stack installed on Ubuntu. If you don’t, you can refer to this article that helps you install a LAMP stack on Ubuntu.

If your application won’t be using MySQL, you can skip its installation. The minimum you will need installed is an Apache web server (with Mod_Rewrite) and PHP (minimum 5.3 version).

 Quick Setup for Prerequisites

1. Install Apache

apt-get update  
apt-get install apache2

2. Install PHP

apt-get install php5 libapache2-mod-php5 php5-mcrypt

3. Enable mod_rewrite

a2enmod rewrite

4. Modify the Apache configuration file

Modify the Apache configuration file and change AllowOverride None to AllowOverride All for the document root. Depending on your server setup, this configuration file could be any one of the following:

• /etc/apache2/apache2.conf
• /etc/apache2/sites-enabled/000-default
• /etc/apache2/sites-available/default

In the configuration file, locate the section that looks like the following:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Change this to the following and save the file:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

5. Restart Apache

service apache2 restart

This tutorial also assumes familiarity with Linux basics.

What is Slim Framework?

Slim is one of the most popular, open source microframeworks available for PHP in the market. It is extremely efficient, fast, and easy to use. While it is ideal for developing small to medium sized web applications, it can also be used quite effectively to build large scalable PHP applications.

Slim is packed with the most common utilities that you would expect in a framework:

• Easy to use, powerful, and flexible router
• Custom view to render templates
• Secure cookies
• HTTP caching
• Easy to use error handling and debugging
• Simple configuration

 Installation

Installing Slim Framework consists of three steps

1. Downloading Slim Framework
2. Extracting from Zip File
3. Copying Slim Framework to a Common Location

1. Download Slim Framework

You can download the Slim Framework using the following command:

wget https://github.com/codeguy/Slim/zipball/master

This will fetch the framework as a zip file and store it in the current directory with the name master.

2. Extract from the Zip File

The contents of the zip file can be extracted using the following command:

unzip master -d ./

Note: If you get an error that unzip isn’t installed, you can install it by using the command apt-get install unzip and then execute the above command to extract all the files.

The above command will extract the files in a folder named something like codeguy-Slim-3a2ac72. This folder contains a folder named Slim which is the framework folder.

3. Copy Slim Framework to a Common Location

We will now copy the codeguy-Slim-3a2ac72/Slim folder to a common location like /usr/local/Slim from where it’ll be accessible to all projects on this server that use Slim. This will avoid duplication and prevent any maintenance issues that could arise from duplicate installations.

Let’s copy the folder using the following command:

cp -r ./codeguy-Slim-3a2ac72/Slim /usr/local/Slim

Note: The name of the extracted folder (codeguy-Slim-3a2ac72 in this case) might be slightly different if you download a different version of Slim. Make sure to modify the name of the folder in the above command accordingly

Once this is done, any of your projects that use Slim Framework can reference it from this location.

Important Note: A lot of tutorials install frameworks in the public folder/document root (like /var/www/Slim). Installing framework files outside the public folder/document root (as done above) makes the application relatively more secure as the framework files won’t be accessible in a browser.

 Organizing Your Slim Based Project

A Slim project is typically spread over three main directories:

1. Slim framework directory

This directory contains the framework files and is the directory that was copied in the previous step (/usr/local/Slim)

2. Project directory

This directory contains your project files like routers, views, models, etc. Being a microframework, Slim doesn’t enforce any particular project structure. This means that you are free to structure your project files in any manner you deem fit. This is particularly helpful in cases when developers are used to a particular folder structure.

This directory can reside anywhere on the server, but ideally it should not be in a web accessible location. You can place it in the /usr/local or in your home folder. For example, if you create in the project in a folder named HelloSlim, it could be located at /usr/local/HelloSlim or ~/HelloSlim or any other location you prefer.

Here’s one way how files in this folder could be arranged:

HelloSlim
|- Routes
|  |- route1.php
|  |- route2.php
|- Models
|  |- model1.php
|  |- model2.php
|- Views
|  |- footer.php
|  |- header.php
|  |- sidebar.php
|  |- view1.php
|  |- view2.php
|- Class
|  |- class1.php
|  |- class2.php
|- routes.php       //contains 'include' statements for all routes in the 'Routes' folder
|- includes.php     //contains 'include' statements for all models/classes in the 'Models/Class' folders

You can create this folder structure by executing the following commands:

mkdir /usr/local/HelloSlim
mkdir /usr/local/HelloSlim/Routes
mkdir /usr/local/HelloSlim/Models
mkdir /usr/local/HelloSlim/Views
mkdir /usr/local/HelloSlim/Class

Note: You can use this folder structure or change it completely to suit your preferences.

3. Document root/Public folder

This is the web accessible folder (typically located at /var/www). This folder contains only two Slim related files:

• index.php
• .htaccess

This folder will also contain all the projects script, style and image files. To keep things organized, you can divide those into the scripts, styles and images folders respectively.

Here’s a sample structure of the document root folder:

Document Root (eg. /var/www/) 
|- scripts
|  |- jquery.min.js
|  |- custom.js
|- styles
|  |- style.css
|  |- bootstrap.min.css
|- images
|  |- logo.png
|  |- banner.jpg
|- .htaccess
|- index.php

 File Contents

Assuming that your project has the structure defined above, you’ll need to fill the .htaccess and index.php files (in the document root) with the following contents respectively:

.htaccess

RewriteEngine On  
RewriteCond %{REQUEST_FILENAME} !-f  
RewriteRule ^ index.php [QSA,L]  

index.php

<?php

require '/usr/local/Slim/Slim.php';     //include the framework in the project
\Slim\Slim::registerAutoloader();       //register the autoloader

$projectDir = '/usr/local/HelloSlim';   //define the directory containing the project files

require "$projectDir/includes.php";     //include the file which contains all the project related includes

$app = new \Slim\Slim(array(
    'templates.path' => '/usr/local/HelloSlim/Views'
));      //instantiate a new Framework Object and define the path to the folder that holds the views for this project

require "$projectDir/routes.php";       //include the file which contains all the routes/route inclusions

$app->run();                            //load the application

To complete this tutorial assuming that the project has been arranged as per the folder structure defined in the previous section, the routes.php and includes.php files (in the project directory) should have the following contents:

routes.php

<?php

require '/usr/local/HelloSlim/Routes/route1.php';
require '/usr/local/HelloSlim/Routes/route2.php';

Note: You could create the routes directly in this file instead of including other files containing routes. However, defining routes in different, logically grouped files will make your project more maintainable

includes.php

<?php

require "/usr/local/HelloSlim/Class/class1.php";
require "/usr/local/HelloSlim/Class/class2.php";

require "/usr/local/HelloSlim/Models/model1.php";
require "/usr/local/HelloSlim/Models/model2.php";

 Sample Slim Application

Now that you know how to set up a Slim application, let’s create a simple application which does the following:

• Handles static Routes (GET & POST)
• Handles dynamic Routes
• Uses views

Note: This sample application will assume that Slim has been deployed as described above.

Let’s map out the requirements for this sample application:

Route	Type	Action
/hello	GET (static)	Displays a static View
/hello/NAME	GET (dynamic)	Displays a dynamic View
/greet	POST	Displays a View after a POST request

This project will require the following files to be created in the Application folder (/usr/local/HelloSlim/):

HelloSlim
|- Routes
|  |- getRoutes.php
|  |- postRoutes.php
|- Views
|  |- footer.php
|  |- header.php
|  |- hello.php
|  |- greet.php
|- routes.php       

The public folder/document root will look something like the following:

Here’s a sample structure of the document root folder:

Document Root (eg. /var/www/) 
|- .htaccess
|- index.php

Now populate these files as follows:

1. /var/www/.htaccess

RewriteEngine On  
RewriteCond %{REQUEST_FILENAME} !-f  
RewriteRule ^ index.php [QSA,L] 

2. /var/www/index.php

<?php

require '/usr/local/Slim/Slim.php';     //include the framework in the project
\Slim\Slim::registerAutoloader();       //register the autoloader

$projectDir = '/usr/local/HelloSlim';   //define the directory containing the project files

$app = new \Slim\Slim(array(
    'templates.path' => '/usr/local/HelloSlim/Views'
));      //instantiate a new Framework Object and define the path to the folder that holds the views for this project

require "$projectDir/routes.php";       //include the file which contains all the routes/route inclusions

$app->run();                            //load the application

3. /usr/local/HelloSlim/Routes/getRoutes.php

<?php

$app->get('/', function(){
    echo 'This is a simple starting page';
});

//The following handles any request to the /hello route

$app->get('/hello', function() use ($app){
    // the following statement invokes and displays the hello.php View
    $app->render('hello.php');
});


//The following handles any dynamic requests to the /hello/NAME routes (like /hello/world)

$app->get('/hello/:name', function($name) use ($app){
    // the following statement invokes and displays the hello.php View. It also passes the $name variable in an array so that the view can use it.
    $app->render('hello.php', array('name' => $name));
});

4. /usr/local/HelloSlim/Routes/postRoutes.php

<?php

 //The following handles the POST requests sent to the /greet route

$app->post('/greet', function() use ($app){
    //The following statement checks if 'name' has been POSTed. If it has, it assigns the value to the $name variable. If it hasn't been set, it assigns a blank string.
    $name = (null !== $app->request->post('name'))?$app->request->post('name'):'';

    //The following statement checks if 'greeting' has been POSTed. If it has, it assigns the value to the $greeting variable. If it hasn't been set, it assigns a blank string.
    $greeting = (null !== $app->request->post('greeting'))?$app->request->post('greeting'):'';

    // the following statement invokes and displays the 'greet.php' View. It also passes the $name & $greeting variables in an array so that the view can use them.
    $app->render('greet.php', array(
        'name' => $name,
        'greeting' => $greeting
    ));
});

5. /usr/local/HelloSlim/Views/footer.php

        <small>Copyright notice...</small>
    </body>
</html>

6. /usr/local/HelloSlim/Views/header.php

<!DOCTYPE html>
      <html>
          <head>
               <title>Sample Slim Application</title>
          </head<
          <body>

7. /usr/local/HelloSlim/Views/hello.php

***
<?php include('header.php'); ?>

***
<h1>Hello <?php echo isset($name)?$name:''; ?></h1>
<!-- The above line handles both the dynamic and the static GET routes that we implemented in the getRoutes.php file.

***

<h2>Send a greeting</h2>
<form method='POST' action='/greet'>
    <label>Name</label><br>
    <input name='name' placeholder='Who do you want to greet?'><br>
    <label>Greeting</label><br>
    <input name='greeting' placeholder='Your greeting message'><br>
    <input type='submit' value='Greet!'>
</form>

***
<?php include('footer.php'); ?>

8. /usr/local/HelloSlim/Views/greet.php

    <?php 

    include('header.php'); 

    echo "<p>$greeting, $name</p><p><a href='/hello'>First Page</a></p>";

    include('footer.php'); 

9. /usr/local/HelloSlim/routes.php

    <?php

    include 'Routes/getRoutes.php';
    include 'Routes/postRoutes.php';

Sample Application Screenshots

If you visit your newly created sample application at http://yourdomain.com/, you’ll see something like the following:

Note: If you are not using a domain name with your Digital Ocean droplet, use the IP address of the droplet instead.

If you visit http://yourdomain.com/hello, you’ll get the following:

If you visit http://yourdomain.com/hello/World, you’ll get the following:

Note: If you replace the ‘World’ in the URL with another word, the content of the page will change accordingly.

To test the POST route, enter a name and greeting in the available fields and hit the ‘Greet!’ button as follows:

After hitting the ‘Greet!’ button, you should get something like the following:

 Final Word

Now that you have a well organized working instance of the Slim framework installed, you are ready to start working on your project. If you need additional help with Slim, you can always refer to the comprehensive official documentation.