Techtecno2u: December 2013

Sunday, December 29, 2013

How To Configure a LAMP Server

Hello... Friends, Today I am going to Disuse about LAMP ( LINUX Apache Mysql Php ) Server Configuration. Basically we use LAMP Server to Run website in LINUX. means to say :

OS : Linux ( Here i am using CentOS )
Web server : Apache
Database : MySql
platform : PHP

So Let's Start

Here I am going to divide the tutorial into parts as :

Part 1 : Apache installation

Step 1 : install the apache as

# yum install httpd

httpd is Apache package .
Now start the httpd service
# service httpd start
now we need to set the service auto start so that it will start automatically when we restart the system for that run command
# chkconfig httpd on
Step 2 : verify our service is running or not for that open your browser & open system ip address. In my case my ip address is 192.168.56.101 so i need to open http://192.168.56.101

kk Now we can see our apache service is running properly
Apache default document root is /var/www/html
the Apache Default Configuration file is /etc/httpd/conf/httpd.conf for additional secure httpd configuration read article as Secure Apache Configuration

Now we complete our First part of LAMP Configuration.

Part 2 : MySql Database Installation

Step 1 : Install the MySql as # yum install mysql mysql-server

Now Start the service as # /etc/init.d/mysqld start else we also use command # service mysqld start
now we need to set service auto start # chkconfig mysqld on

Step 2 : Next we need to install secure mysql
# mysql_secure_installation

next we need to create password for remote user , remove test user , remove extra privileges etc.

follow the configuration as shown in images

well now we need to test we install it correctly or not as

Well we install mysql correctly.

Part 3 : php Installation

step 1 : Install the php as # yum install php

now restart Apache
# service httpd restart
so here we install php too
Step 2 : now we need to test the php installed successfully or not now as we know the root directory for web server is /var/www/html we need to create a test file in the same directory so # vi /var/www/html/info.php

& type as

<?php
phpinfo ();
?>

Step 3 : now we need to open this file in the browser as http://192.168.56.101/info.php
**Note : remove this file after testing this file contains all information of you system server

Part 4: phpMyAdmin Installation
phpMyAdmin is a web interface through which you can manage your MySql database.
To Do so we we need to enable the RPMforge repositry on our CentOS system as as phpMyAdmin is not available in the official CentOS 6.4 repositry :

Step 1: Download & enable RPMforge repositry

Now Import the RPMforge GPG key:

# rpm --import http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

ok now if you are working on x86 64 system:

# yum install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.e16.rf.i686.rpm

if you are working on i386 system:
yum install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.e16.rf.i686.rpm

Step 2: now install phpmyadmin

# yum install phpmyadmin

well now configure phpmyadmin
phpmyadmin configuration file is also in the /etc/httpd/conf.d/phpmyadmin.conf now open this with editor as # vi /etc/httpd/conf.d/phpmyadmin.conf
Comment the Directory as shown :

Step 3 : Next we change the authentication in phpMyAdmin from cookie to http
open file as # vi /usr/share/phpmyadmin/config.inc.php

Step 4 : now restart the apache service again
# service httpd restart

now open phpmyadmin in browser as :

http://192.168.56.101/phpmyadmin
well give root username & password & njoy

Wednesday, December 18, 2013

How to Configure Samba Server

Hello... Friends today we are going to discus about Samba server , Samba is an open source implementation of SMB file sharing protocol that provides file and print service to SMB/CIFS clients. Samba allows a non-windows server to communicate with the same networking protocol as the windows products.

Step 1 : First of all Install samba package as # yum install samba-* -y

Now configure samba server so that we can configure it for auto start

# chkconfig smb on
# chkconfig nmb on

if we discus about these services Demon
smbd : this service provides printer sharing services
nmbd : this service provides NetBIOS-to-IP-address name service
NetBIOS over TCP/IP requires some method for mapping NetBIOS computer named to the IP address of a TCP/IP network.

Step 2 : change SELinux configuration from enforcing to disable

# vi /etc/selinux/selinux

now save it

Step 3 : open the port in iptables rule :

Basically Samba server use these port :

137
138
139
445
here we are using only port 137,138,139 so add these ports in iptables as shown

save iptables rules & Restart the iptables service

# service iptables save
# service iptables restart

Step 4 : Next add a user to use this service i am here using user "nullsmba" who use this service

# useradd nullsmba
# smbpasswd -a nullsmb

make a directory with name share

# mkdir /share
# chown -R 0755 /share

Step 5: Next backup conf files & edit the config file

# cp /etc/samba/smb.conf /etc/samba/smb.conf.bak
# vi /etc/samba/smb.conf

Now add share portion for smb in the config file

[share]
path = /share
public = no
writable = yes
printable = no
browseable = yes
valid user = nullsmb
hosts allow = 192.168.56.0/24

save the file & start the smb & nmb services

# service smb start
# service nmb start

Step 6 : Next let's test the service is running ok or not

# testparm

yeah it Runs properly now let's connect remotely in the network share this service

Step 7 : Let's connect shared folder Remotely

for window xp :

just go to start >right click on my network place >map network Drive > assign letter then click on finish button > Give username & password

here is the drive shared by Samba server

here i am adding these two files so that we can test that we are able to share files remotely using samba server

here is both files in our server machine too

for Linux :

just in terminal type smbclient //server-ip/shared-folder -U username

Tuesday, December 17, 2013

How to Configure basic IPTABLES | Concept of iptables | Basic firewall Restrictions

Hello.... Friends, Today i am going to discus about the iptables in Centos/RedHat 6. In this post we Discus how to open & close a particular port in CentOS /RedHat . How ro create a simple firewall. How to restrict port based attacks. like Dos/DDos attack. In this post we learn how to configure a basic iptables a basic firewall.

we are here study about basic iptables filter Rules for more details see manual of iptables here

How to open necessary ports :

As we know we use servers publicly like web server , mail server, if necessary VPS using SSH. so these all services runs on particular ports like SSH running on port 22, web services running on port 80 & 443 (SSL port ). for sending email we use SMTP & Secure SMTP which are running on the port no. 25 & 465 respectively. to let user receive emails from others we use POP3 & Secure POP3 which are using port 110 & 995 respectively. so these are all the services we are using so we need to open these ports only rest we need to close

In the beginning the server will comes with empty configuration means to say all the traffic is allowed. to restrict the traffic & configure again just flush the rules or we can say erase all rules by just running a simple command

Flush iptables :

# iptables -F

First we open localhost :

# iptables -A INPUT -i lo -j ACCEPT

In above rule we told the firewall add (-A) a rule to incoming (INPUT) filter table that comes to localhost interface ( -i lo ) and accept ( -j ACCEPT ) it. so think no need to tell about localhost or loopback , it provides us facility to work us in our local network means communicate machine locally

Next open web server services :

# iptables -A INPUT -p tcp -m --dport 80 -j ACCEPT
# iptables -A INPUT -p tcp -m --dport 443 -j ACCEPT

here we add port 80 & 443 ( http 80 & https 443 ) to accept chain traffic on these ports

Next sending mail open SMTP server services :

# iptables -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT

here we add port 25 & 465 ( smtp 25 & secure smtp 465 ), i recommend to use secure ports for services first because it's more easier to have password sniffed from 25 than from 465. so here we protect out clients from password sniffing attacks. while sending mails from our server

Next for receiving mail open POP3 server service :

# iptables -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 995 -j ACCEPT

here we add port 110 & 995 ( POP3 110 & secure POP3 995 ) , again we need to use secure POP3 first for service for receive mails.

Next we need limiting access for SSH :

# iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

we know about SSH, SSH is basically use for remotely connect the VPS , VPS is working on port 22 by default, to secure the SSH i recommend you to change the SSH service on different port than 22 & open that port in iptables

Note : if you are using permanent IP address then we could only allow SSH from the source & allow the firewall to open connection from that IP address else it would not work because it is main address not LAN address. & open connection as

# iptables -A INPUT -p tcp -s PERMANENT_IP_ADDRESS -m tcp --dport 22 -j ACCEPT

PERMANENT_IP_ADDRESS = IP ADDRESS ( 117.56.118.53 )

Next open connection for ping & package updates :

# iptables -I INPUT -m state --state ESTABLISHD,RELATED -j ACCEPT

here we allow to use other outgoing connections like ping & software updates from out firewall

Next we only open connection for outgoing connections & close all other connections :

# iptables -P OUTPUT ACCEPT
# iptables -P INPUT DROP

Block most common attacks :

As we restrict from DDos attack we need to put off the usual network scanning bots so that attacker can't find our server to attack . I know we can't fully secure from DDos by just simple using iptables but we restrict unnecessary packets

So First we start with Null packets blocking :

# iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

by using above command we told the firewall that take all the incomming packets with tcp flags NONE and just DROP them :')
If we talk a little about Null packets means to say recon packets, In this attack pattern attack see how we configure the server & find the weaknesses.

Next we block the Syn-flood Attack :

# iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

Syn-flood attack means attackers open a new connection, but do not state what they want. they just want to take up our servers' resources. so we need to reject such packets.

Next block the XMAS packets :

# iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

Christmas tree packets tells attackers about every single option set for whatever protocol is in use these packets are like as null packets.

Save iptables & start service again :

now we done our almost all work next we need to save the iptables configurations before saving conform as

# iptables -L -n

this command tells us about all the list we assign to iptables means list ( -L ) only according to ipaddress ( -n ) not domains names assigned to ip address

save iptabes & restart service :

# iptables-save | sudo tee /etc/sysconfig/iptables
# service iptables restart

here in directory where the ip address file is /etc/sysconfig/iptables you can open it with vi editor or other editors too
# vi /etc/sysconfig/iptables

so njoy the Day :')

Saturday, December 7, 2013

How to configure Telnet on centos 6.5

Hello ... Friends , Today we are going to discus about the telnet. Telnet is a network protocol which is used to connect to the remote computers over TCP/IP network. we can make a connection to a remote host using telnet. when we establish a connection to the remote computer, it become a virtual terminal & we are able to communicate with remote system from other computer.

So Let's Study how to install telnet

package : telnet ,telnet-server
port : 23 Default
configuration file : /etc/xinetd.d/telnet

Step 1 : install the telnet package as # yum install telnet telnet-server -y

after installing telnet & telnet client package we need to configure it.So open the file /etc/xined.d/telnet & set desable = no

save & quite the file & now start the services by command # service xinetd start or restart the service. Now set for automatically restart. So now run the following commands as
# chkconfig telnet on
# chkconfig xinetd on

Step 2: after this allow the port 23 ( Default port for Telnet ) through firewall and router. now we need to open up the iptables file # etc/sysconfig/iptables & set as follows

-A INPUT -p udp -m state --state NEW --dport 23 -j ACCEPT
-A INPUT -p udp -m state --state NEW --dport 23 -j ACCEPT

now save the iptables & restart the service as # service iptables restart

Step 3: Now we need to create a local user to connect the client with the telnet . Here Rup is my local username & i set the password for that too

Step 4: Now we need to connect the telnet remotely here i am login as Rup from my xp machine which is at remote location so how can i connect just open up the terminal or command prompt & run command telnet 192.168.56.101 here you can see machine 192.168.56.102 is connected with the machine 192.168.56.101.
as we logged in we get the shell remotely now we can work remotely as local user.

thnx friends.... this is a short tut on telnet server configurations .

Friday, December 6, 2013

How to configure DNS server

Hello ... Friends Today we are going to discus about DNS server. DNS ( Domain Name System ) is a server, which translates hostname or URLs into IP addresses. for examples if we typing www.techtecno2u.com in browser then our this DNS server translates this domain name into its associated IP address. as we are unable to remembers various IP addresses so we convert this IP address into our hostnameso that easy to remembers as www.techtecno2u.com to 69.xxx.xx.xx

here we are going to setup both master & slave DNS server
So let's start
prerequisite :
1. Hostname
2. Static IP
3. DNS entry in resolv.conf file ( /etc/resolv.conf )
To setup hostname we have two methods :
1. temporary (by using command as hostname new_hostname )
2. permanent (by editing /etc/sysconfig/network file )

as you can see null.nullportlinux.com is my Hostname

To satisfy our second conditions i recommend you to see my post on
DHCP server configurations

To set DNS entry in resolv.conf file edit "/etc/resolv.conf"

Note: if you are facing with a problem like nameserver changes again & again at each startup of OS then this issue is due to NetworkManager auto creates resolv.conf as is in above img. so due to this issue we are facing with a problem that our DNS Server not able to resolve the nameserver bcz our nameserver is change again & again. so How to avoid this issue ...

Disable this NetworkManager behavior run these commands
# /etc/init.d/NetworkManager stop
# /sbin/chkonfig NetworkManager off
and also in /etc/sysconfig/network-script/ifcfg-eth1 adjust NM_CONTROLLED to NO

Let's now setup DNS Server
for DNS server setup we need bind package
here we can config Bind server as :

1. Master DNS server or we can say Primary bind DNS Server
2. Slave DNS server or we can say Secondry bind DNS Server

So let's we config Master DNS server first ....

here i am using :
OS : CentOS 6.5
hostname : null.nullportlinux.com
IP Address : 192.168.56.101

Step 1: First we need to install bind package by yum installation # yum install bind* -y

now # chkconfig named on

Step 2: Next we need to configure Master DNS Server or primary DNS Server open up named.conf file in your vi editor or as you wish use can use nano or other editor too
# vi /etc/named.conf

make change in named.conf file as :

listen-on port 53 { 192.168.56.101; }; ## Master DNS IP Replace it with your IP address ##
listen-on-v6 port 53 { ::1; }; ##comment this line ##
allow-query { any; }; ## IP Range ##

Step:3 add forward zone & reverse zone at the end of the config file as

forward zone :

zone "nullportlinux.com" IN {   ##your domain ##
  type master;
file "forward.zone";   ## forward zone file ##
allow-update { none; };
};

Reverse Zone :

zone "101.56.168.192.in-addr.arpa" IN { ## edit as reverse of your IP ##
type master;
file "reverse.zone"; ## reverse zone file ##
allow-update { none; };
};

Save & close the named.conf file

or

we can edit in /etc/named.rfc1912.zones file too

forward zone :

zone "nullportlinux.com" IN { ##your domain ##
type master;
file "forward.zone"; ## forward zone file ##
allow-update { none; };
};

zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};

Reverse Zone :

zone "101.56.168.192.in-addr.arpa" IN { ## edit as reverse of your IP ##
type master;
file "reverse.zone"; ## reverse zone file ##
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "named.loopback" };
allow-update { none; };
};

as from above we can see that our forward.zone is similar to file named.localhost
and reverse.zone is similar to file named.looback

So now Let's create these file according to our upper observation

Step 4: Create zone file
A ] Creating forward.zone

to create "forward.zone" file in the "/var/named" directory just cp named.localhost file & edit it as our requirements by command # cp /var/named/named.localhost /var/named/forward.zone

& edit it as
as you know null.nullportlinux.com is our hostname

B ] Creating reverse.zone

to create "reverse.zone" file in the "/var/named" directory just cp named.localhost file & edit it as our requirements by command # cp /var/named/named.loopback /var/named/reverse.zone

& edit it as

Step 5: next we need to set group permissions for the files as

# chgrp named /var/named/forward.zone
# chgrp named /var/named/reverse.zone

Now start the named service
# service named start# chkconfig --levels 235 named on or chkconfig named on

Note: if there are any issue here too then check your firewall Rules in iptable open file /etc/sysconfig/iptables edit these lines & save iptables

iptables -I INPUT -p tcp -m start --state NEW --dport 53 -j ACCEPT
iptables -I INPUT -p udp -m start --state NEW --dport 53 -j ACCEPT

Step 6: Reboot your Machine & test for proper working by dig command

ok you can see our server is running on 192.168.56.101

Step 7: you can check it by running nslookup commands as

thnx friends njoy

Wednesday, December 4, 2013

How to configure DHCP Server

Hello... Friends , Today we are going to Configure a DHCP server ( Dynamic Host Configuration Protocol ) is used to assign IP address and other staff like gateways and DNS details automatically to the clients. we need a DHCP server configured for offering ipaddress to the clients when it is required.

type :SysteV-managed service
package:dhcp
Daemon: /user/sbin/dhcp
script : /etc/init.d/dhcpd
ports : 67 (bootps),68 (bootpc)
conf. file : /etc/dhcpd.conf, /var/lib/dhcpd/dhcpd.leases
related: dhclient,dhcpv6-client,dhcpv6

So let's start
Step 1: install the dhcp package by command # yum install dhcp-* -y

Step 2: After installing dhcp server pagkage along with dependencies. Assign a static ip as 192.168.56.101 in the same DHCP range for the listening interface as mine is "eth1" this dhcp server package create network scripts for the interface. have a look in /etc/sysconfig/network-scripts here we have a script file ifcfg-eth1 this file contains all the information to make the ip static open the file with text editor # vi /etc/sysconfig/network-scripts/ifcfg-eth1 ( your may be eth0 ) depend on the network interface edit this interface file here we can define our static IP , mask ,gateway etc.

Step 3: Now open /etc/sysconfig/dhcpd file and add the preferred interface name to DHCPDARGS variable as below add the value as eth0 or eth1 according to your interface

Step 4: Now open the /etc/dhcp/dhcpd.conf file and edit it as per requirement for more or if you are configuring this file first time the i am suggesting you to open up the manual file as mention in the file that see sample file "/usr/share/doc/dhcp*/dhcpd.conf.sample" i want to clear here in this file we can define server static ip address , DNS ,Domain name , DNS IP , lease time ,log method , subnet & iprange, broadcast-address,Mac ip etc.

ok i am configuring this file according to my need you can configure it according to yours but the point to be noted here is open the sample file & see the configuration. i am defining here my ip address,gateways ,hardware address etc. to find this info ifconfig in new tab :)

so now just # cp /usr/share/doc/dhcp-4.1.1/dhcpd.conf.sample /etc/dhcp/dhcpd.conf
copy the sample conf file into main dhcpd.conf file it ask for overwrite then yes it

edit dhcp.conf file as
I just make change in two portions of the file
here
# A slightly different configuration for an internal subnet.
host server portion :)

Now Restart the service # service dhcpd start

So here is our sort Description on DHCP server .

Monday, December 2, 2013

How to Install & Configure VNC Server

Hello ... Friends Today we are going to install & Configure a VNC Server. So we need to know what is VNC, VNC is Virtual Networking Computing it is a remote sharing system Graphically. if we talk more clearly then we can say by using VNC server we can resolve any problem in our system via Internet while not presenting there physically, we can see remote machine we can use remote keyboard & mouse.
We have more advantages of VNC server like we can use our Linux Machine by window machine.I think it will more clear when we work practically on it so let's start

Step 1: we need to install Desktop screen first of all if you are using your server in CLI mode then we need to install GUI mode & to do so we just need to use the command as # yum groupinstall "X Window System" "Desktop" in my system i am using GUI already so i have no need to install it

Step 2: now we need to install TightVNC package , This is a package which provides us remote Desktop connection so logged in as root user & type the following commands

# yum -y install tigervnc-server xorg-x11-fonts-Type1

Step 3: after installing vnc completely next we need to create a user for vnc logged in here i am creating user Govind . & set password for this normal user if you want to set already user as a vncuser then we just need to logged in as user & set the vnc password for that user by command vncpasswd. let's see how to do that

So here we have a Que that we create password twice for a user, why ? the password we create first will be used for logged in via ssh while this password by command vncpasswd will be used for vnc screen logged in password. so it will create a .vnc directory in the home/Govind/.vnc , Let's test it now in my machine i have 2 local user with name nullport & Govind & we can see the directory for both user as

here we can see clearly that .vnc directory does't exist here for nullport user
Step 4: Now we need to stop the vnc service by just # /etc/init.d/vncserver stop command
Now Let's set resolutions for view & for that we need to open file # vi /etc/sysconfig/vncservers
& now we need to edit some commands in this config file

## Single User ##
VNCSERVERS="1:Govind"
VNCSERVERARGS[1]="-geometry 1280x1024"

this is only for single user as you know we create a user Govind for vnc server but as we want multiple users to access this vnc server we need to change as

## Multiple Users ##
VNCSERVERS="2:nullport 3:yash 4:Amit 5:Jitender 6:manish
VNCSERVERARGS[2]="-geometry 1280x1024"
VNCSERVERARGS[3]="-geometry 1280x1024"
VNCSERVERARGS[4]="-geometry 1280x1024"
VNCSERVERARGS[5]="-geometry 1280x1024"
VNCSERVERARGS[6]="-geometry 1280x1024"

as you know from this config file here this 1,2,3,4,5,6... etc all are the user IDs & next user names so,if we talk about general commands so VNCSERVERARGS[x]="-geometry 1280x1024" here x is ID of the user

now start the vncserver again # /etc/init.d/vncserver start as we run this command then it create file with name xstartup in the /home/user/.vnc directory as here we can start this service again then it create some files

Step 5: Next we need to clear the path so that we can access it remotely so we need to open up the port which is used by the vnc server, hmm here i want to share about port vnc use port no.5901 for ID 1 & 5900 for ID 0 ( root user ID ) & for multiple vnc users as port no. increase with 5902,5903,5904,5905 etc. So now we need to open up port by simple commands

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT

the upper commands open up port 5901 from the iptables, & bellow command is just only if we are using multiple users for vncservers.

# iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp -m --multiport --dports 5902:5904 -j ACCEPT

Now save iptables by # service iptables save command as iptables saved then restart iptable services by command # service iptable restart

Step 6: Next we need to logged in via vnc viewer from the remote machine so here i am using windows xp as my remote machine to connect with this vncserver So we need a vnc viewer for it

Download from here

according to your machine

now logged in with address:1 & press connect button, Now it ask for password give the vncpasswd as we define during installation shown bellow

wow we get the remote machine using vnc server, as you get this then it again ask for password & this time it is the user password as i logged in as Govind then here i need to give password of Govind

so here is a short description about vnc server ...