Sunday, 29 September 2013

Centos 6/RHEL using Ckconfig command


CentOS 6 has a simple command-line tool for managing services that are started during the various runlevels of your system.

Most applications and services will include their own initialization script and these will be installed to /etc/init.d, but over the life time of the server you may wish to use or write your own custom service that will require manual installation. You may even want to troubleshoot an existing service, but whatever the reasons, here we look at how it can be achieved.



It is assumed that you have already installed a custom service and that you know the name of this custom service.

Log in as root and page through the list of current services



# chkconfig ­--list | less



Depending on the number of services running on your server, this

command may display a long list of services. For this reason you

may want to use the grep tool



# chkconfig --list | grep[servicename]



If you know the name of the service you can use



# chkconfig --list [servicename]

Centos 6 Chkconfig command
If the application or service you are looking for is not shown, then simply add the new service to the chkconfig management tool by using the following command and replacing servicename with the name of the service in question


# chkconfig --add [servicename]



When an application or service is installed the initialization script is generated and automatically added to the /etc/init.d. If you have difficulty in identifying the name of your service, visit /etc/init.d, locate the appropriate script and obtain the service name from its contents.



The appropriate links are then created automatically, but in order to enable the service or application at startup, you will need to type the following command by replacing '[servicename]' with the service name in question and customizing the runlevels as required


# chkconfig --levels 235 [servicename] on



As an alternative, you can simply use 

# chkcongfig [servicename] on.



When complete, you can confirm if this process was successful


# chkconfig --list [servicename]

                A full list of runlevels
  
0 Halt: This is the runlevel at which the system shuts down and is unsuitable for any type of application or service.

1 Single-User mode: This runlevel does not start any networking or multiuser services, but it does boot the system into single-user mode under which only the root user can log in. This runlevel is ideal for system administrators who wish to perform system maintenance or repair activities.

2 Multi-user mode, console logins only (without networking): This runlevel does not start the network but it does boot the system into a multiuser environment with text-based console login capability.
               

3 Multi-User mode, console logins only: This runlevel gives all the features of runlevel 2, but it provides full networking services. This is the most common runlevel for server-based systems that do not require or use a graphical desktop environment.
               

4 Not used/User-definable: This runlevel is undefined and can be
               configured to provide a custom environment.


5 Multi-User mode, with display manager as well as console logins (X11): This runlevel is similar to runlevel 3, but is generally associated for systems with desktop environments.

6 Reboot: This runlevel reboots the system and is unsuitable for any type of application or service.

To initialize the Apache web service during the boot process at runlevels 2, 3 and 5 you would use the chkconfig command

# chkconfig --levels 235 httpd on


Whereas MySQL will look like this


# chkconfig --levels 235 mysqld on


The chkconfig tool will only affect the service in question at the next reboot. If you do not require a reboot and in order to start you service immediately you can use

# service [servicename] start


Basic chkconfig command syntax is as below
  
# chkconfig [--list] [--type <type>] [name]
# chkconfig --add <name>
# chkconfig --del <name>
# chkconfig --override <name>
# chkconfig [--level <levels>] [--type <type>] <name> <on|off|reset|resetpriorities>

Saturday, 21 September 2013

Centos 6/RHEL install ClamAV antivirus

Malware infections on Linux-based systems are rare, but when you are passing data from one machine to another it is possible that one of those machines may be sharing infected files. So here we take a quick look at how to install and configure ClamAV and manage on-demand virus scans to ensure that you can stop any threats before they spread. It is assumed that you have installed the Epel repo.
 

Log in as root and install ClamAV

# yum install clamd


To enable the ClamAV on boot, type the following

# chkconfig clamd on

To start the ClamAV service, type the following

# service clamd start


To update the virus database/definitions in your console, type

# freshclam


To run the first on-demand scan, type

# clamscan


ClamAV on Centos 6

 The program will scan your system for infected files and clear out any that it finds.
So, if you don't trust claims that Linux is not troubled by viruses, and there could well be some foundation in this, then give ClamAv a test drive.

 


Monday, 16 September 2013

Centos 6/RHEL install Apache Open Office 4 & Media Player Codecs

The latest incarnation of the venerable Open Office has arrived to minimal fanfair but is welcomed into the Centos 6 Minimal Fluxbox Desktop fold with a substantial degree of enthusiasm.

Open Office has moved on a little from it's LibreOffice ported roots and has started to grow its own limbs, many of which seem to work quite well on their own now. 

Open Office 4 installation Centos 6

At 57 million downloads to date it is set to become a significant fixture
on many Linux Desktops. It is ideally suited to the Centos 6 Minimal Fluxbox
Desktop due to its flexibilty and ease of integration. OO4 is a major update
to previous versions and contains a number of improvements, taking it off at
a considerable tangent from it's LibreOffice origins.








Language support is now at 22 languages and there have been 500 bug fixes
(thats a lot of bugs), enhancements to drawing/graphics and performance along
with improved Microsoft Office interoperabilty. A new logo is incorporated
as a result of a contest among talented designers which resulted in a
shortlist of 40 logos.





Other new features include the Sidebar UI, on permanent loan from IBM's Lotus Symphony
with a few adaptations for improved performance on widescreen displays,
a media player and a gallery, new color pallete, new gradients, support for
graphic bullets for MS Word, special numbering retention for ppt files, pie chart height for Excel files, formula/name range support in chart data and numerous
other enhancements

The built in Media Player is useful if you don't have one already and could
easily be your main player if necessary. The codecs needed to run most files can
be obtained as below. You will need the RPMForge repo, first obtain openoffice-4.0 
from

http://www.openoffice.org/download/

Extract the files, then move in to the RPMS directory and install all the rpms

$ sudo rpm -Uvh *.rpm 

Then from the desktop-integration directory select the freedesktop package.


Codecs.


$ sudo rpm -Uvh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

$ sudo vi /etc/yum.repos.d/rpmforge.repo  

and disable it by default or try set priority = 10

$ sudo yum -y --enablerepo=rpmforge install compat-libstdc++-33 libdvdcss 
libdvdread libdvdplay libdvdnav lsdvd libquicktime flash-plugin mplayer 
mplayer-gui gstreamer-ffmpeg gstreamer-plugins-good gstreamer-plugins-bad 
gstreamer-plugins-ugly

W32codecs

32bit

$ sudo wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-20061022-1.i386.rpm

$ sudo wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-extra-20061022-1.i386.rpm

64bit

$ sudo wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-20061022-1.x86_64.rpm

$ sudo wget www1.mplayerhq.hu/MPlayer/releases/codecs/mplayer-codecs-extra-20061022-1.x86_64.rpm

$ sudo rpm -Uvh *.rpm                     

FFmpeg

$ sudo yum -y --enablerepo=rpmforge install ffmpeg

More repos



.















Sunday, 15 September 2013

Centos 6/RHEL install Realtek 8188CUS USB Wireless connection

I see a few posts from people searching for a suitable USB wireless device to use on the Centos 6 Minimal Fluxbox Desktop and it can be difficult to find a good one. One which I came across and now use if I want to go wireless is the Realtek 8188/ 8192 chipset. I found the device on Ebay so I can't direct you to a retail outlet for it but they are pretty common and around in numbers there. Below are the device details.

Bus 002 Device 004: ID 0bda:8176 Realtek Semiconductor Corp. RTL8188CUS 802.11n                                                                                  WLAN Adapter

See the Realtek site for more info 

Realtek 8188CUS USB Wireless Centos 6
A search around for 0dba:8176 online should land you on an outlet for these devices. The drivers are easy to build provided you have set up kernels and build tools properly, just unzip and run make && make install as root.

In case you have this USB device without the drivers, I have made
Realtek RTL 8188CUS Drivers available to download and build.

I believe they will suit 32 or 64 bit systems and these are for 300Mbps devices which should be suitable for most purposes.

Once you have built the drivers for the Realtek USB device, you can proced to set up the NetworkManager and WPA2 encryption to manage it.


Saturday, 14 September 2013

Centos 6/RHEL install and configure WPA2 wireless with NetworkManager & Fluxbox

Using your Centos 6/RHEL box with a wireless WPA2 configuration is pretty straightforward as the kernel supports a wide range of devices and the simplicity of a Fluxbox setup makes using NetworkManager to manage it a formality. So we take a look at installing and setting up a wireless connection for the Centos 6 Minimal Fluxbox Desktop using a Static IP, after setting the Router encryption to WPA2 and the passphrase of your choice, this being a commonly used configuration. It assumes you are using a Fluxbox Desktop, which does not ship with any networking tools, unlike the Gnome and KDE Desktops, however it is not really a problem at all to set up a network management interface in Fluxbox. 


Centos 6 WPA2 in Fluxbox


This method is for WPA2 using a static IP

You will need
  • A detected wireless device
  • NetworkManager and wireless-tools installed
  • The ifcfg-wlan0 file described below
The procedure is as follows, this assumes that you actually have installed a driver for your pci/usb wireless device and that it is detected by your OS. Your system may call wlan0 something else, likewise with an eth0 device.

Get dependencies

$ sudo yum -y install wireless-tools NetworkManager NetworkManager-gnome iproute


Check your network

$ sudo ifconfig -a              



Centos 6 ifconfig -a command
If wlan0 is not showing then there is a problem with your drivers and you cannot proceed. Try  http://linuxwireless.org/en/users/Drivers/ to see if there is one for your device. 

You can also use lsmod

$ lsmod | less

Scroll down with up/down arrows to see if it shows up.

Additionally, you can use getinfo if you install it.

$ getinfo.sh network

Set up the router.

Set up your router with a WPA2 encryption key/passphrase.


You can give it a hex key or asci (string) which may be converted by the router  to hex, some routers don't give you the converted key back in which case get a calculator that will convert a string to hex if you need to, or use the online converter below, and get the value that way. Individual routers will differ as to which is accepted. Here we use a string.

Use the online converter if necessary.


Building the ifcfg-wlan0 file


We will write a configuration file called ifcfg-wlan0 in /etc/sysconfig/network-scripts/ it should look similar to below:


TYPE=Wireless
DEVICE=wlan0         
BOOTPROTO=static
DHCPCLASS=
IPADDR=192.168.0.100
BROADCAST=192.168.0.255
HWADDR=48:02:2a:91:63:90
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
ONBOOT=no
ONHOTPLUG=yes
PEERDNS=no
USERCTL=yes
IPV6INIT=no
ESSID=minimallinux
CHANNEL=6
MODE=Managed
RATE=150Mb/s


Alter yours to suit your configuration, assigning a static IP from the range your router has available. We do not need a keys file as the key is entered into the NM Applet.

Now issue the dmesg command to obtain MAC/HWADDR

$ dmesg 


Or if you already have a ifcfg-wlan0 file

$ sudo grep wlan0 /var/log/dmesg
(you'll probably have to unplug and replug your device, especially usb)

****************************************************************
Look for 'ADDRCONF(NETDEV_UP): wlan0: link is not ready' and  'MAC Address = 48:02:2a:91:63:90

OR similar to

usb 1-7: New USB device found, idVendor=0bda, idProduct=8176

then further down the output

EEPROMVID = 0x0bda
EEPROMPID = 0x8176


_ReadMACAddress MAC Address from EFUSE = 48:02:2a:91:63:90

****************************************************************

which tells you that your device is detected and has a MAC Address of 48:02:2a:91:63:90 (which you will need for your ifcfg-wlan0 file, that is the HWADDR)

Now build the ifcfg-wlan0 config file


$ sudo vi /etc/sysconfig/network-scripts/ifcfg-wlan0 and enter the above with the appropriate alterations to suit your system.


See Vim Editor for vi commands 


You should also be able to get the BROADCAST, NETMASK and HWADDR entries from the 'ifconfig -a' command


Once the config file is in place with the correct details, open up the ~/.fluxbox/startup file with vi to enter the following


$ sudo vi ~/.fluxbox/startup


Centos 6 Fluxbox startup file
Enter in to it as below, before the 'exec fluxbox' line

/usr/bin/nm-applet &

Making sure to include the final '&' sign.

This is to ensure that the NM Applet shows in the Fluxbox tray.

Save and close the file.

You will probably want to disable the network and wpa_supplicant services at boot as NetworkManager will now take care of these.

# chkconfig network off

# chkconfig wpa_supplicant off


Now issue the commands to ensure that NetworkManager is 
started automatically as a service on boot 
and also so that it can be used immediately without rebooting. 

# chkconfig NetworkManager on

# service NetworkManager start

You should see the tray appear bottom right as below.


Centos 6 start NetworkManager
We do not need to use commands like ifconfig eth0 down etc because everything is now handled by the NM Applet. Obviously you should disable the eth0 connection in the applet if you are going to run a wireless connection. Right click and edit to see the connections, left click for others.


Cento 6 NetworkManager
The request for the keyring password, when using NetworkManager, can be suppressed by using the pam_keyring package. The pam_keyring package can be obtained from the RPMForge repo

So, a straighforward set up of a network management interface in a Centos Minimal Fluxbox system.

















Monday, 9 September 2013

Centos 6/RHEL install and configure VSFTPD with SSL/TLS using OpenSSL

Where security is concerned, the Very Secure FTP Daemon is a pretty tight application but there may come a time when you need more security for your data transfers. 

You may have considered the need for SFTP, being concerned about the risk of packet sniffing, malicious activity or the use of clear text credentials, so we take a look at encrypting all traffic in a secure connection to VSFTP with SSL/TLS.

You should be using a static IP address and have VSFTP and OpenSSL installed. Clients attempting to use the FTP service will connect via SFTP and accept the server certificate.

VSFTP will use OpenSSL encryption so that user credentials and data files remain encrypted during transfer.
First, log in as root and move to the VSFTPD install directory.

# cd /etc/vsftpd/

# Create a server certificate that will last for 365 days by typing the following

# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
A series of questions will follow to which you should respond with the values needed for your setup.

When the certificate has been created, change the file permissions so that it remains accessible to the root user only.
# chmod 600 vsftpd.pem
Now make reference to the certificate in the VSFTP configuration.
 
# vi /etc/vsftpd/vsftpd.conf

We are going to Enable SSL, reference the certificate and activate TLS due to its improved security as opposed to using SSL V2 and SSL V3.

Scroll down to the bottom of this file and add the following

ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Save and close the file and restart the VSFTP service.

# service vsftpd restart
The standard FTP service is inherently insecure as it uses plain
text usernames, passwords, and unencrypted data transfer. Using OpenSSL encryption provides a secure connection to VSFTP.

In the above example we requested a 1024-bit RSA private key that remains valid for a period of 356 days.

So a years worth of encryption in a few simple steps.


Friday, 6 September 2013

Centos 6/RHEL install and configure VSFTPD server

The Very Secure FTP Daemon (VSFTP) is a well known FTP server solution that supports a wide range of features and enables you to upload and distribute large files across a local network
and the internet.


It is the preferred solution for the security concious and we look at why VSFTP represents the first choice for administrators
running a CentOS server.

You should be using a static IP address with one or more system
user accounts.


It is tested here using the Centos Live CD as my usual minimal Fluxbox version is still out of action. 




If you are running a firewall, you will need to confirm that the firewall has been disabled, removed, or the appropriate ports are open. If you are running SELinux, then you should confirm that it has been disabled or it is now running in permissive mode.

First we need to install the relevant dependencies in order to set up VSFTPD

# yum -y install vsftpd ftp

Open the main configuration file in your favourite text editor

# vi /etc/vsftpd/vsftpd.conf

First disable anonymous users, by scrolling down and finding the following line

anonymous_enable=YES

Change it to read

anonymous_enable=NO

Now find the following line

xferlog_std_format=YES

To enable an independent log file change this line to read

xferlog_std_format=NO

Now scroll down to locate the following

#ascii_upload_enable=YES
#ascii_download_enable=YES

Enable ASCII mode, which is useful when transferring single-byte
character based text files. Uncomment the lines as follows

ascii_upload_enable=YES
ascii_download_enable=YES

Now scroll down to find the following for chroot

#chroot_local_user=YES
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd/chroot_list

Uncomment these lines to enable the chroot environment

chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

Finally, scroll down to the bottom of the file and add the following line

use_localtime=YES

Save and exit the configuration file and then create a new file to manage the chroot settings and restrict user access to their home directories.

# vi /etc/vsftpd/chroot_list

Now add your local user(s) in the following way

username1
username2
username3
username4

Save and exit the chroot_list file, and enable VSFTPD at boot.

# chkconfig vsftpd on

Finally type the following command to start the FTP service

# service vsftpd start

At this point VSFTP will now be functional and it can be tested with any FTP-based desktop software. Log in using a valid system username and password by connecting to your server's name, domain, or IP address.

Check the status of your FTP service by typing

# service vsftpd status

So VSFTP is not a difficult package to install and
configure but you can expand upon the above by a few extra tasks.

After installing and configuring a basic FTP service you may wonder how to direct users to a specific folder.

First ensure it exists or create a new directory with

# mkdir ftpdir

Open up the config file again

vi /etc/vsftpd/vsftpd.conf

Scroll down to the bottom of the file and add the following line
substitututing <users_local_folder_name> with something more suited to your own needs.

local_root=<users_local_folder_name>

local_root=/home/centoslive/ftpdir

Save and exit the configuration file and restart the server.

# service vsftpd restart
 
Changing the default time-out

When dealing with a large number of users you may want to change the values for a default time-out in order to improve efficiency. To do this, again open the main configuration file in your favorite text editor

# vi /etc/vsftpd/vsftpd.conf

Now scroll down and find the following

# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120

Uncomment the idle_session and data_connection lines and substitute the numeric values as required

# You may change the default value for timing out an idle session.
idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
data_connection_timeout=120

Remember to restart the server 

# service vsftpd restart

Banning a user from the FTP service

By enabling a chroot jail you will be restricting a user's access to the home folder, but if you wanted to ban a specific user from using the FTP service as a whole, you can add the user's name to

 /etc/vsftpd/ftpusers.

Log in as root and type the following command

# echo username >> /etc/vsftpd/ftpusers

Remember to replace username with a value more appropriate

If you ever need to re-enable the user at any time, simply reverse the previous process by removing the user concerned from

 /etc/vsftpd/ftpusers.

Customizing the banner

The default banner values will suit most purposes but sometimes you may want to consider customizing it.

To do this, open the main configuration file in your favorite text editor.

vi /etc/vsftpd/vsftpd.conf

Now scroll down and find the following line

#ftpd_banner=Welcome to blah FTP service

Uncomment this line and alter the message as required For example, you could use

ftpd_banner=Welcome to the new FTP server

Having done this, close any active connection and restart the VSFTPD service by typing

# service vsftpd restart

On the next successful login your users should see the following message

Welcome to the new FTP server

If you happen to encounter the 500 error then you must either disable SELinux or set the appropriate SELinux permissions.

Tuesday, 3 September 2013

Centos 6/RHEL install Scribus Desktop Office Application

A Desktop Office suite is probably a requirement for the majority of Linux Desktop users and there are now quite a number of applications around, including Open Office, LibreOffice, SoftMaker (proprietary) and others. Scribus is Open Source and cross platform, with versions for most of the major systems available, and is distributed free of charge.

Scribus has a multitude of features including professional grade PDF creation. Other features include layers, transparencies, frames, CMYK and spot colors, ICC profile, EPS, SVG and PDF import,and many other features which can be used to create professional  brochures, pamphlets, interactive PDFs (inc field and forms) training manuals and books.

There is good support from the Scribus team and community and you can also hire a Scribus trainer if necessary to run through the essential procedures.

For Centos 6/RHEL users it is available from the Epel repo and below it is shown tested out on the Centos 6 Live CD, as my usual minimal Fluxbox system is out of action at the moment. To use Scribus first make sure you have the Epel repo enabled, then use yum to install it.

$ sudo yum -y install scribus

Run it with

$ scribus
 























































The features are easily identified and the user interface is smooth and uncluttered. The user manual is not installed with the Epel installation but there is a comprehensive Wiki available.

Fluxbox users should see Fluxbox key bindings for more.






Monday, 2 September 2013

Centos 6/RHEL change keymap command loadkeys

You might need to change the keymap on your Centos 6/RHEL, maybe because you are using it in a Virtual device or similar setup. This can be done directly with a simple command, or by using either the console, graphical or text mode. Here I am using the Centos Live CD as because my usual minimal Fluxbox setup is unavailable at present

The straightforward way is to issue a direct command from the console, so first open up a terminal and switch to root user.

$ sudo su

Issue the loadkeys command suffixed with the keymap you wish to use. Here we try both the France and the UK maps.

# [root@livecd centoslive]# loadkeys fr
Loading /lib/kbd/keymaps/i386/azerty/fr.map.gz
assuming iso-8859-1 cedilla
assuming iso-8859-1 acute
assuming iso-8859-1 diaeresis
assuming iso-8859-1 brokenbar
assuming iso-8859-1 threequarters
assuming iso-8859-1 currency
assuming iso-8859-1 onehalf
assuming iso-8859-1 onequarter
[root@livecd centoslive]# loadkeys uk
Loading /lib/kbd/keymaps/i386/qwerty/uk.map.gz

Alternatively you can use the graphical or the text mode interfaces with the system-config-keyboard command.

# system-config-keyboard

Brings up the graphical editor


# system-config-keyboard text

Brings up the  text mode screen.


























So easy ways to change the keymap in your Centos 6/RHEL box.