Generate ssh keys on linux and use with PuTTY on Windows

Log into the Linux server as the user you are going to use to connect with ssh. Generate the key.


ssh-keygen -t rsa -b 4096 -C "email@domain.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3/dDa9R+zzDpGNt/EU9Jusj/snbKt3+B8F+ULnxXtWk email@domain.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|               ..|
|              o *|
|           . . E+|
|        S . = =o=|
|         . + * O=|
|          . + @.*|
|            .@ %=|
|            ++@+#|
+----[SHA256]-----+

Now copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.

Next launch PuTTYgen from the Windows Programs list.

Click Conversions from the PuTTY Key Generator menu and select Import key.
Navigate to the OpenSSH private key (id_rsa)and click Open.
Under Actions / Save the generated key, select Save private key.
Choose an optional passphrase to protect the private key.
Save the private key to the desktop as id_rsa.ppk.

If the public key is already appended to the authorized_keys file on the remote SSH server, then proceed to Connect to Server with Private Key.

Otherwise, proceed to Copy Public Key to Server.
Copy Public Key to Server

The OpenSSH public key is located in the box under Key / Public key for pasting info OpenSSH authorized_keys file:. The public key begins with ssh-rsa followed by a string of characters.

Highlight entire public key within the PuTTY Key Generator and copy the text.
Launch PuTTY and log into the remote server with your existing user credentials.

Use your preferred text editor to create and/or open the authorized_keys file:


# nano ~/.ssh/authorized_keys

Paste the public key into the authorized_keys file.

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBp2eUlwvehXTD3xc7jek3y41n9fO0A+TyLqfd5ZAvuqrwNcR2K7UXPVVkFmTZBes3PNnab4UkbFCki23tP6jLzJx/MufHypXprSYF3x4RFh0ZoGtRkr/J8DBKE8UiZIPUeud0bQOXztvP+pVXT+HfSnLdN62lXTxLUp9EBZhe3Eb/5nwFaKNpFg1r5NLIpREU2H6fIepi9z28rbEjDj71Z+GOKDXqYWacpbzyIzcYVrsFq8uqOIEh7QAkR9H0k4lRhKNlIANyGADCMisGWwmIiPJUIRtWkrQjUOvQgrQjtPcofuxKaWaF5NqwKCc5FDVzsysaL5IM9/gij8837QN7z rsa-key-20141103

Save the file and close the text editor.
Adjust the permissions of the authorized_keys file so that the file does not allow group writable permissions.

# chmod 600 ~/.ssh/authorized_keys

Logout of the remote server.

Error After Upgrade from PHP 5.4 to 5.6 on CentOS

After an upgrade from PHP 5.4 to 5.6, I received an error when I run an app update:

Your requirements could not be resolved to an installable set of packages.
Problem 1 – This package requires php >=5.6 but your PHP version (5.4.45) does not satisfy that requirement.

Issue:

The shell cli is currently running on php5.4. You will need to specify what version the shell will use. This can be done by running the following command.


# echo "alias php='/opt/plesk/php/5.6/bin/php'" >> ~/.bashrc

The guide from Plesk

https://support.plesk.com/hc/en-us/articles/115003766853-How-to-specify-PHP-version-on-the-Plesk-server-for-command-line-command-php-for-user-

You can confirm here:


# php -v
PHP 5.6.35 (cli) (built: Mar 30 2018 12:52:22)
Copyright (c) 1997-2016 The PHP Group

Replace PHP 5.4 with 5.6 in CentOS 7.x

How to replace php 5.4 with php 5.6.

Before installing PHP 5.6, apply any existing updates available for your distribution:


# yum check-update
# yum update

Also, this is a good moment to get (and save somewhere) a list of our installed packages (in case we need to rollback):


# rpm -qa |grep php
php-mbstring-5.4.16-36.1.el7_2.1.x86_64
php-mysql-5.4.16-36.1.el7_2.1.x86_64
(...)
php-gd-5.4.16-36.1.el7_2.1.x86_64
php-odbc-5.4.16-36.1.el7_2.1.x86_64

Download and install the “repos” package:

# wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm


# rpm -Uhv remi-release-7.rpm

Now enable the repository in Yum by setting enable=1 for the remi-php56 repo:


# nano /etc/yum.repos.d/remi.repo
(...)

[remi-php56]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch
mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

(...)

Replace PHP 5.4 with PHP 5.6
Install the packages not as a Software Collection but as “Replacement Packages”:

# yum update

This yum update command should upgrade all our PHP packages. If it does not upgrade them or we don’t have PHP already installed, then do:

# yum --enablerepo=remi-php56 install php-cli

Yum will remove the old packages and install the new ones.

Now, restart services:


# systemctl restart httpd
# systemctl restart nginx
# systemctl restart php-fpm

if you receive an Nginx error, then you may need to reconfigure it. See: https://geekdecoder.com/install-nginx-centos-7/

Stress Test CentOS with Stress

First, you need to download the file using Wget and then install it using RPM on your system to enable the EPEL repository.

RHEL/CentOS 7 64 Bit


# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm

## RHEL/CentOS 6 64-Bit ##


# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Check the installation

# yum repolist
*epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64

Now, install stress

# yum install stress

To test, first run the uptime command and note down the load average. Next, run the stress command to spawn 8 workers spinning on sqrt() with a timeout of 20 seconds. After running stress, again run the uptime command and compare the load average.

# uptime
16:39:03 up 1 day, 18:32,  1 user,  load average: 0.15, 0.24, 0.14
sudo stress --cpu  8 --timeout 20
stress: info: [65429] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: info: [65429] successful run completed in 20s

Now uptime again

# uptime
 16:40:18 up 1 day, 18:34,  1 user,  load average: 1.35, 0.59, 0.27

Spawn 8 workers spinning on sqrt() with a timeout of 30 seconds

]# uptime
 16:41:52 up 1 day, 18:35,  1 user,  load average: 0.28, 0.43, 0.24
[root@server rogerp]# sudo stress --cpu 8 -v --timeout 30s
stress: info: [65654] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [65654] using backoff sleep of 24000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 8 [65655] forked
stress: dbug: [65654] using backoff sleep of 21000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 7 [65656] forked
stress: dbug: [65654] using backoff sleep of 18000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 6 [65657] forked
stress: dbug: [65654] using backoff sleep of 15000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 5 [65658] forked
stress: dbug: [65654] using backoff sleep of 12000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 4 [65659] forked
stress: dbug: [65654] using backoff sleep of 9000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 3 [65660] forked
stress: dbug: [65654] using backoff sleep of 6000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 2 [65661] forked
stress: dbug: [65654] using backoff sleep of 3000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 1 [65662] forked
stress: dbug: [65654] <-- worker 65659 signalled normally
stress: dbug: [65654] <-- worker 65658 signalled normally
stress: dbug: [65654] <-- worker 65660 signalled normally
stress: dbug: [65654] <-- worker 65656 signalled normally
stress: dbug: [65654] <-- worker 65655 signalled normally
stress: dbug: [65654] <-- worker 65657 signalled normally
stress: dbug: [65654] <-- worker 65662 signalled normally
stress: dbug: [65654] <-- worker 65661 signalled normally
stress: info: [65654] successful run completed in 30s
[root@server rogerp]# uptime
 16:43:10 up 1 day, 18:37,  1 user,  load average: 1.87, 1.06, 0.49

Check if a Package is Installed

One of the most common requests and inquirys is “Do I have the …xyz package or program installed?” Here is how to check.

Ubuntu/Debian

List all packages

# dpkg -l | less

# dpkg -s apache-perl

To check whether a package is installed or not:


dpkg -l | grep vlc

Use file /var/lib/dpkg/available to find out all package names available to you. Or use following command (list all packages in /var/lib/dpkg/status):


# dpkg-query -l

You can also try to match package name using wild cards:


# dpkg-query -l 'libc6*'

Use the following command to get exact status (whether it is installed or not):

# dpkg-query -W -f='${Status} ${Version}\n' apache-perl

CentOS and RPM based Distros

Under Red Hat/Fedora/CentOS/Suse Linux use the rpm command:

# rpm -qa | grep {package-name}

For example find out package mutt installed or not:

# rpm -qa | grep mutt

On a CentOS/RHEL use the following yum command to tell whether a package named htop is installed:


# yum list installed {PACKAGE_NAME_HERE}

# yum list installed htop

			

See IP’s Accessing Website

Here is a way to see what IP’s are accessing the website domain.com. Find the location of the access logs.

In a cpanel account:


# cd /home/domain.com/access-logs

Now run the following on the access logs…

# cat domain.com | awk '{print $1}' | sort | uniq -c | sort -rn | head

Here is the readout:

 24 72.178.xxx.xx
 18 216.xx.xxx.161
 1 216.55.xxx.xx

If you do see excessive bots, try adding in a crawl rate/delay for the site with Bing Webmaster tools, Google Webmaster tools as well as setting that up in robots.txt ). Webcrawlers can carelessly crawl the site and hit it hard, just to index pages.

Check Mail Port Connections with netstat

A good way to check the connectons to mail ports is to use netstat:

# netstat -anp | grep :25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::25                   :::*                    LISTEN      2170/master
# netstat -anp | grep :465
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::465                  :::*                    LISTEN      2170/master
# netstat -anp | grep :587
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::587                  :::*                    LISTEN      2170/master

How to Whitelist or Block IPs in your Firewall on Linux – iptables, firewalld, ufw

Knowing how to Whitelist and Blacklist IPs in your firewall can be very important when you want to allow or deny connection to your server, based on an IP address. Below we will cover how to allow and deny connections from IPs in IP Tables, Firewalld, and UFW.

IPTables:
Allowing or Denying connections from IPs in IP Tables is quite simple. To accept the connection, or whitelist the IP, you would use the following command (where 1.1.1.1 is the IP you want to allow through the Firewall):

# sudo iptables -A INPUT -s 1.1.1.1 -j ACCEPT

Denying the IP is very similar, just changing ACCEPT to DROP:

# sudo iptables -A INPUT -s 1.1.1.1 -j DROP

You can also change DROP or REJECT if you want your server to respond back to the request with a Rejection instead of just dropping the traffic all together.

Firewalld:
To whitelist IPs on Firewall-CMD, we’ll want to use the –add-source flag. We can whitelist an IP or an IP Subnets via the following commands:

# firewall-cmd --permanent --zone=public --add-source=1.1.1.1

Range:

# firewall-cmd --permanent --zone=public --add-source=1.1.0.0/16

Blocking an IP is a bit difficult, as it requires a more complex command. The command that you would want to use to block traffic from an IP would be:

# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.1.1 reject"

Range:

# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.0.0/16 reject"

We can also view all of the whitelisted IPs in our zone via:

# firewall-cmd --permanent --zone=public --list-sources

UFW:
Allowing and blocking IPs in UFW is very simple and straight forward. We can allow connections from a specific IP via the following command:

# sudo ufw allow from 22.33.44.55

Blocking and IP is just as simple, with the following command:

# sudo ufw deny from 22.33.44.55

Using SED in Linux to Edit Large Files

Recently I encountered a server that had an Apache configuration file that was over 500,000 lines. Changes needed to make were to comment out the CustomLog line for each domain in /etc/httpd/httpd.conf. For this command, I used SED.

NAME
sed – stream editor for filtering and transforming text

SYNOPSIS
sed [OPTION]… {script-only-if-no-other-script} [input-file]…

DESCRIPTION

Sed is a stream editor. A stream editor is used to perform basic text transformations on an input stream (a file or input from a pipeline). While in some ways similar to an editor which permits scripted edits (such as ed), sed works by making only one pass over the input(s), and is consequently more efficient. But it is sed’s ability to filter text in a pipeline which particularly distinguishes it from other types of editors.

Change directory to the log file location. Use below to see what the command will do before doing it.

# sed -n 's|CustomLog|#CustomLog|gp' /etc/apache2/conf/httpd.conf

Use this to alter the file directly.

# sed -i 's|CustomLog|#CustomLog|g' /etc/apache2/conf/httpd.conf

Linux mount CIFS Windows Share

CIFS stands for Common Internet File System. This is application-level network protocol mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes. You can access CIFS share from Linux and mount them as a regular filesystem. This is handy if there is a backup service like Infrascale where you set up a windows computer to be backed up. As there is no linux application for infrascale.

The following example values will be used in this example:

IP address for the server: 192.168.1.104
Share name on Windows Server: C:\backuptemp
User name: testuser
Domain: testdomain
Mount point on Linux Server: /mnt/winmount

The environment is a Windows Domain with Active Directory. There is a file share set up as C:\backuptemp

Make the local mount point on the linux server:

# mkdir mnt/winmount

To mount the network share, use the following command and enter the password of the user:

# mount -t cifs //192.168.1.104/backuptemp /mnt/winmount -o user=testuser