Category Archives: RedHat / CentOS

Home »  RedHat / CentOS

PCI-DSS 3.2 has one major new requirement which is 2-factor authentication. There are many ways to get that done in an Enterprise environment. But how about a standalone webserver for E-commerce or DMZ without central auth? When a ssh-key authentication is not enough, the quickest solution for a server could be to make ssh to ask for 2-factor token when logging in. 2-factor authentication is based on one part where you need to know the password plus something you need to have additionally. You can create a separate key on an external device like a tablet or mobile phone. There are also devices like RSA token but that’s not part of this. Here I plan to use Android tools like FreeOTP, Authy or Google Authenticator for the passkey. They usually produce every 30 seconds a new key based on OATH. Let’s secure the ssh access now. Setup: Firstly we need to […]

Update 02.03.2015: added (modified) Centos / Redhat: A successor to compcache is zram which is fully integrated in the Linux kernel since 2.6.37.1 and uses lzo compression. The idea behind it is to create swap devices made of chunks of the ram and to compress those chunks on the fly to increase the available space used and ideally reduce the need of swapping to slow disks. It uses a small extra amount of the CPU, however, the reduced i/o usage should more than make up for this. This is primarily interesting for a small scaled VPS, Netbooks or low memory devices. Also virtualisation hosts should benefit of compressed memory. Unfortunatly the zram-config script is currently not part of the Debian and Centos distributions. I will run some further tests and update here. In Ubuntu, from 12.04 onwards, the install script is included and it takes only a minute to setup zram. How to […]

This is nothing really new, but definitely worth tracking because it just make sense and works fine. If you either virtualise or have otherwise many Debian / Ubuntu / Centos / Fedora based servers and workstations and want to keep them updated regularly, you do this over the internet for each and every instance. This utilises bandwidth and takes time to download particularly if you don’t have a some big internet connectivity. The principle is that you setup a proxy server for apt or yum which caches and serves on duplicate request the packages and therefore you will save time and bandwidth. The first device fetching the package will trigger the proxy to cache it and the next instance will receive the cache package from the proxy. This will reduce the used bandwidth and volume of the internet line and speed up the update due to using a local available cache. […]

This was first posted on http://linuxdistributions-lifecycle-comparison.cloud7-itconsult.com Overview of the Support Lifecycle for a few selected Enterprise Linux Distributions. Last Updated 26.11.2014 RedHat Enterprise Linux (13 year extended support) RedHat Enterprise Linux RHEL 7 RHEL 6 RHEL 5 RHEL 4 RHEL 3 Release Date 10-Jun-14 10-Nov-10 15-Mar-07 14-Feb-05 23-Oct-03 EOL End of Life 30-Jun-24 30-Nov-20 31-Mar-17 29-Feb-12 31-Oct-10 EOS Final end of Support (Extended) 30-Jun-27 30-Nov-23 31-Mar-20 31-Mar-17 30-Jan-14 Currently under support? YES YES YES YES NO Lifetime in Years 13.0 13.0 13.0 12.1 10.3 Life kernel patching available? YES kpatch Dynamic Kernel Patching NO NO NO NO CentOS Linux (10 year lifecycle) CentOS Linux CentOS 7 CentOS 6 CentOS 5 CentOS 4 CentOS 3 Release Date 7-Jul-14 10-Jul-10 12-Apr-07 9-Mar-05 19-Mar-04 EOL End of Life 30-Jun-24 30-Nov-20 31-Mar-17 29-Feb-12 31-Oct-10 EOS Final end of Support (Extended) N/A N/A N/A N/A N/A Currently under support? YES YES YES NO NO Lifetime in Years 9.9 10.3 9.9 6.9 6.6 Life kernel patching available? YES kpatch Dynamic Kernel Patching NO NO NO NO Oracle Enterprise Linux Oracle Linux OEL 7 OEL 6 OEL 5 Release Date Jul-14 Feb-11 Mar-07 EOL End of Life […]

I love Splunk for log aggregation and searching through it. It’s a great tool that comes is various versions http://www.splunk.com/view/free-vs-enterprise/SP-CAAAE8W  including a limited free cloud based version https://www.splunkstorm.com. I use the because of it ease, compression and security when sending my logs over. There is a nice guide on how to install and use the Splunkstorm forwarder.  http://docs.splunk.com/Documentation/Storm/latest/User/Setupauniversalforwarderonnix However, to make it autostart by itself rather than having to write something myself to get it running at a reboot you have to: /opt/splunkforwarder/bin/splunk enable boot-start That will create a start script in /etc/init.d. Happy Splunking Related posts: (Obsolete) CentOS 6.x / Nginx / Zpanel: Install Zpanel with Nginx on Centos 6.x server (and a few additional modules) VPS : Basic checks for performance of a VPS and or a Server NagiosXI: Install on CentOS 6.x in an OpenVZ container CentOS / RedHat: Quick Network Bonding eth0 and eth1 Import MySQL […]

There is more than one way to check the performance available on a VPS Server but I go for a 1st quick shot to test if something is falling over. All I one Script: The Guys @ freevps.us offer a script that does it all or you. Host info , Download Speed Test , and disk IO. Give it a try, it does help you quick and dirty to get some results. wget freevps.us/downloads/bench.sh -O – -o /dev/null | bash VPS Upload and Download Speed: Quick check to see your up and downstream speed for the VPS. wget https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest_cli.py speedtest_cli.py –share IO (also covered by the all in one script): To get a brief feeling about IO capabilities of a VPS you could use dd if=/dev/zero of=test bs=64k count=16k conv=fdatasync;rm test 16384+0 records in 16384+0 records out 1073741824 bytes (1.1 GB) copied, 9.91105 s, 108 MB/s Some com­monly accepted aver­ages […]

Update 09.09.2014: Updated to epel release 7-2 Update 06.12.2014: Updated the Epel 7-2 location Update 31.07.2015: Updated to Epel 7-5 location CentOS 7 is out and based on CentOS 6.X: How To Install The EPEL Repository here is EPEL for Centos 7.x All commands are to be executed as root. rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm There is also an update for a repo called remi which is also providing some bleeding edge packages and updates. This is highly optional and not related to EPEL. If you like to install that one, here we go. rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm To enable certain remi repositories use vi and set enabled=1 where it applies vi /etc/yum.repos.d/remi.repo Related posts: CentOS 6.x: How to install the EPEL repository CentOS 6.x: VMware Repo for VMware tools x86_64 RedHat 6.x / CentOS 6.x: How to Install ZFS native Linux: Howto show the Servers IP address at the login console RedHat 6.x/CentOS 6.x: Rename RHN Satellite (Spacewalk) […]

Obsolete, do not use. A) Zpanel is not designed for Nginx b) Zpanel has moved on and is forked as http://sentora.io/ Full credit for the first part goes to khanhicetea http://blog.ndksolution.com/install-zpanel-nginx-with-nginx-integrated/ Installation zpanal module add-ons zppy commands Troubleshooting Step 1 : Disabled SELinux by changing /etc/sysconfig/selinux with SELINUX=disabled Step 2 : Reboot server. reboot Step 3 : Become root and download the installer script : su – root cd /tmp wget https://dl.dropboxusercontent.com/u/120005387/zpanel/installer.sh Step 4 : Run it chmod +x installer.sh ./installer.sh Step 5 : Follow instruction to install Step 6 : Reboot server again reboot Step 7 : Login in to ZPanel and set Enabled NGINX Module. Browse to http://ipadressoftheserver login with the details from the install script Step 8 : increase file limit in PHP vi /etc/php.ini upload_max_filesize = 60M #or whatever you want afterwards service php-fpm restart service nginx restart Step 9: Afterwards install additional Modules A list of Zpanel Repos could be […]

After a while of updating kernels on my box, I spotted on a reboot that I kinda have loads of kernel versions on the boot menu, cause i never cleaned up. So here we go. Remove old unused kernel versions from CentOS or RedHat 6.x Check installed kernels rpm -q kernel Delete/remove old kernels yum install yum-utils package-cleanup –oldkernels –count=2 #replace the count with the maximum of wished kernels to remain To make this count permanent: Edit /etc/yum.conf and set installonly_limit from 5 to whatever you like to: installonly_limit=2 Usefull commands: rpm -qa Display list all installed packages rpm -qa rpm -qa | less No related posts.

If you just added a new Disk to a Linux Box (for example under VMware) you may want to add that one to a LVM to a new Volume Group. Here are the steps quick and easy with a bit of commenting. You have not yet added the new disk and want to do this hot. Then I refer to this here. How to add a new disk without reboot fdisk -l #to show us the available disks We assume our new disk is /dev/sdb and we will not create a partition on it but use /dev/sdb as it is. This gives us the advantage that if we increase the disksize outside of the OS (for example a vmdk which we just increase or a SAN lun which we just increase in size) we can easily increase the volume under lvm. pvcreate /dev/sdb Writing physical volume data to disk “/dev/sdb” […]

%d bloggers like this: