Log into the Linux server as the user you are going to use to connect with ssh. Generate the key.

ssh-keygen -t rsa -b 4096 -C "email@domain.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3/dDa9R+zzDpGNt/EU9Jusj/snbKt3+B8F+ULnxXtWk email@domain.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|               ..|
|              o *|
|           . . E+|
|        S . = =o=|
|         . + * O=|
|          . + @.*|
|            .@ %=|
|            ++@+#|
+----[SHA256]-----+

Now copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.

Read More

After an upgrade from PHP 5.4 to 5.6, I received an error when I run an app update:

Your requirements could not be resolved to an installable set of packages.
Problem 1 – This package requires php >=5.6 but your PHP version (5.4.45) does not satisfy that requirement.

Issue:

The shell cli is currently running on php5.4. You will need to specify what version the shell will use. This can be done by running the following command.


# echo "alias php='/opt/plesk/php/5.6/bin/php'" >> ~/.bashrc

The guide from Plesk

https://support.plesk.com/hc/en-us/articles/115003766853-How-to-specify-PHP-version-on-the-Plesk-server-for-command-line-command-php-for-user-

You can confirm here:


# php -v
PHP 5.6.35 (cli) (built: Mar 30 2018 12:52:22)
Copyright (c) 1997-2016 The PHP Group

How to replace php 5.4 with php 5.6.

Before installing PHP 5.6, apply any existing updates available for your distribution:


# yum check-update
# yum update

Also, this is a good moment to get (and save somewhere) a list of our installed packages (in case we need to rollback):


# rpm -qa |grep php
php-mbstring-5.4.16-36.1.el7_2.1.x86_64
php-mysql-5.4.16-36.1.el7_2.1.x86_64
(...)
php-gd-5.4.16-36.1.el7_2.1.x86_64
php-odbc-5.4.16-36.1.el7_2.1.x86_64

Download and install the “repos” package:

# wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm


# rpm -Uhv remi-release-7.rpm

Now enable the repository in Yum by setting enable=1 for the remi-php56 repo:


# nano /etc/yum.repos.d/remi.repo
(...)

[remi-php56]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch
mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

(...)

Replace PHP 5.4 with PHP 5.6
Install the packages not as a Software Collection but as “Replacement Packages”:

# yum update

This yum update command should upgrade all our PHP packages. If it does not upgrade them or we don’t have PHP already installed, then do:

# yum --enablerepo=remi-php56 install php-cli

Yum will remove the old packages and install the new ones.

Now, restart services:


# systemctl restart httpd
# systemctl restart nginx
# systemctl restart php-fpm

if you receive an Nginx error, then you may need to reconfigure it. See: https://geekdecoder.com/install-nginx-centos-7/

First, you need to download the file using Wget and then install it using RPM on your system to enable the EPEL repository.

RHEL/CentOS 7 64 Bit


# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm

## RHEL/CentOS 6 64-Bit ##


# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Check the installation

# yum repolist
*epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64

Now, install stress

# yum install stress

To test, first run the uptime command and note down the load average. Next, run the stress command to spawn 8 workers spinning on sqrt() with a timeout of 20 seconds. After running stress, again run the uptime command and compare the load average.

# uptime
16:39:03 up 1 day, 18:32,  1 user,  load average: 0.15, 0.24, 0.14
sudo stress --cpu  8 --timeout 20
stress: info: [65429] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: info: [65429] successful run completed in 20s

Now uptime again

# uptime
 16:40:18 up 1 day, 18:34,  1 user,  load average: 1.35, 0.59, 0.27

Spawn 8 workers spinning on sqrt() with a timeout of 30 seconds

]# uptime
16:41:52 up 1 day, 18:35, 1 user, load average: 0.28, 0.43, 0.24
[root@server rogerp]# sudo stress –cpu 8 -v –timeout 30s
stress: info: [65654] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [65654] using backoff sleep of 24000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 8 [65655] forked
stress: dbug: [65654] using backoff sleep of 21000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 7 [65656] forked
stress: dbug: [65654] using backoff sleep of 18000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 6 [65657] forked
stress: dbug: [65654] using backoff sleep of 15000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 5 [65658] forked
stress: dbug: [65654] using backoff sleep of 12000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 4 [65659] forked
stress: dbug: [65654] using backoff sleep of 9000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 3 [65660] forked
stress: dbug: [65654] using backoff sleep of 6000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 2 [65661] forked
stress: dbug: [65654] using backoff sleep of 3000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] –> hogcpu worker 1 [65662] forked
stress: dbug: [65654] <-- worker 65659 signalled normally stress: dbug: [65654] <-- worker 65658 signalled normally stress: dbug: [65654] <-- worker 65660 signalled normally stress: dbug: [65654] <-- worker 65656 signalled normally stress: dbug: [65654] <-- worker 65655 signalled normally stress: dbug: [65654] <-- worker 65657 signalled normally stress: dbug: [65654] <-- worker 65662 signalled normally stress: dbug: [65654] <-- worker 65661 signalled normally stress: info: [65654] successful run completed in 30s [root@server rogerp]# uptime 16:43:10 up 1 day, 18:37, 1 user, load average: 1.87, 1.06, 0.49 [/bash]

One of the most common requests and inquirys is “Do I have the …xyz package or program installed?” Here is how to check.

Ubuntu/Debian

List all packages

# dpkg -l | less

# dpkg -s apache-perl

To check whether a package is installed or not:


dpkg -l | grep vlc

Use file /var/lib/dpkg/available to find out all package names available to you. Or use following command (list all packages in /var/lib/dpkg/status):


# dpkg-query -l

You can also try to match package name using wild cards:


# dpkg-query -l 'libc6*'

Use the following command to get exact status (whether it is installed or not):

# dpkg-query -W -f='${Status} ${Version}\n' apache-perl

CentOS and RPM based Distros

Under Red Hat/Fedora/CentOS/Suse Linux use the rpm command:

# rpm -qa | grep {package-name}

For example find out package mutt installed or not:

# rpm -qa | grep mutt

On a CentOS/RHEL use the following yum command to tell whether a package named htop is installed:


# yum list installed {PACKAGE_NAME_HERE}

[/bash]

# yum list installed htop

Here is a way to see what IP’s are accessing the website domain.com. Find the location of the access logs.

In a cpanel account:


# cd /home/domain.com/access-logs

Now run the following on the access logs…

# cat domain.com | awk '{print $1}' | sort | uniq -c | sort -rn | head

Here is the readout:

 24 72.178.xxx.xx
 18 216.xx.xxx.161
 1 216.55.xxx.xx

If you do see excessive bots, try adding in a crawl rate/delay for the site with Bing Webmaster tools, Google Webmaster tools as well as setting that up in robots.txt ). Webcrawlers can carelessly crawl the site and hit it hard, just to index pages.

A good way to check the connectons to mail ports is to use netstat:

# netstat -anp | grep :25
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::25                   :::*                    LISTEN      2170/master
# netstat -anp | grep :465
tcp        0      0 0.0.0.0:465             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::465                  :::*                    LISTEN      2170/master
# netstat -anp | grep :587
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      2170/master
tcp6       0      0 :::587                  :::*                    LISTEN      2170/master

Knowing how to Whitelist and Blacklist IPs in your firewall can be very important when you want to allow or deny connection to your server, based on an IP address. Below we will cover how to allow and deny connections from IPs in IP Tables, Firewalld, and UFW.

IPTables:
Allowing or Denying connections from IPs in IP Tables is quite simple. To accept the connection, or whitelist the IP, you would use the following command (where 1.1.1.1 is the IP you want to allow through the Firewall):

# sudo iptables -A INPUT -s 1.1.1.1 -j ACCEPT

Denying the IP is very similar, just changing ACCEPT to DROP:

# sudo iptables -A INPUT -s 1.1.1.1 -j DROP

You can also change DROP or REJECT if you want your server to respond back to the request with a Rejection instead of just dropping the traffic all together.

Firewalld:
To whitelist IPs on Firewall-CMD, we’ll want to use the –add-source flag. We can whitelist an IP or an IP Subnets via the following commands:

# firewall-cmd --permanent --zone=public --add-source=1.1.1.1

Range:

# firewall-cmd --permanent --zone=public --add-source=1.1.0.0/16

Blocking an IP is a bit difficult, as it requires a more complex command. The command that you would want to use to block traffic from an IP would be:

# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.1.1 reject"

Range:

# firewall-cmd --permanent --add-rich-rule="rule family=ipv4 source address=1.1.0.0/16 reject"

We can also view all of the whitelisted IPs in our zone via:

# firewall-cmd --permanent --zone=public --list-sources

UFW:
Allowing and blocking IPs in UFW is very simple and straight forward. We can allow connections from a specific IP via the following command:

# sudo ufw allow from 22.33.44.55

Blocking and IP is just as simple, with the following command:

# sudo ufw deny from 22.33.44.55