Below are listed cPanel and other ports for server administration.
cPanel
cPanel 2082
cPanel – SSL 2083
WHM 2086
WHM – SSL 2087
Webmail 2095
Webmail – SSL 2096
Category: CentOS 7
How to Fix the Meltdown on a CentOS/RHEL/Fedora/Oracle/Scientific Linux
Always keep backups. So backup now to an offsite location.
Note the Linux kernel version running the following command:
# uname -r
Fix the Meltdown on a CentOS/RHEL/Fedora/Oracle/Scientific Linux
Type the following yum command:
# sudo yum update
You must reboot your Linux server using shutdown/reboot command:
# sudo reboot
Run the following dnf command if you are using a Fedora Linux:
# sudo dnf --refresh update kernel
OR
# sudo dnf update
Reboot the Linux box:
# sudo reboot
How to Add Proftpd in CentOS 7 for ftp access.
Step 1: Add the EPEL Repository
ProFTPD is part of Extra Packages for Enterprise Linux (EPEL), which is a community repository of non-standard packages for the RHEL distribution. First, we’ll install the EPEL repository:
# rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
Step 2: Install ProFTPD
Let’s update first:
# yum -y update
Then let’s install ProFTPD and any required packages:
# yum -y install proftpd
Step 3: Configure ProFTPD
For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor
Let’s edit the configuration file for ProFTPD:
# nano /etc/proftpd.conf
Change the ServerName to the hostname of your server. In the case below, ftp.domainname.com is an example:
ServerName “ftp.domainname.com”
Enabling TLS In ProFTPD
Add and modify the lines as below.
# nano /etc/proftpd.conf [...] DefaultRoot ~ !adm PassivePorts 60000 65535 [...] # TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log # # TLSSessionCache shm:/file=/var/run/proftpd/sesscache # # [...]
Exit and save the file with the command :wq .
Restart the ProFTPD service:
# systemctl restart proftpd
Then set the ProFTPD service to start at boot:
# systemctl enable proftpd
And verify your work by checking the status of ProFTPD:
# systemctl status proftpd
Step 4: Allow ProFTPD Through the Firewall
Allow the default FTP port, port 21, through firewalld:
# firewall-cmd --permanent --add-port=21/tcp # firewall-cmd --add-port=60000-65535/tcp --permanent
And reload the firewall:
firewall-cmd --reload
In order to use TLS, we must create an SSL certificate. Create it in /etc/pki/tls/certs, we can generate the SSL certificate as follows:
# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem
[root@webhost certs]# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem -nodes -days 365 Generating a 1024 bit RSA private key .++++++ ...........................................................++++++ writing new private key to '/etc/pki/tls/certs/proftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Texas Locality Name (eg, city) [Default City]:Austin Organization Name (eg, company) [Default Company Ltd]:TestCo Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:webhost.domainname.com Email Address []:test@gmail.com
# chmod 0440 /etc/pki/tls/certs/proftpd.pem
Restart:
# systemctl restart proftpd.service
CentOS 7 minimal systems, use the commands “ip addr” and “ip link” to find the details of a network interface card. To know the statistics use “ip -s link”.
To view the details of the network interface cards, enter the following commands:
# ip addr
To view the statistics of your network interfaces, enter the command:
# ip link
OR
# ip -s link
How do I enable and use “ifconfig” Command in CentOS 7 minimal servers?
# yum provides ifconfig
# yum install net-tools
Check services that are enabled on CentOS 7
# systemctl list-unit-files
Or for a specific service
# systemctl status mysqld
Disabling a service on boot in CentOS 7
To disable, it’s simply a matter of running systemctl disable on the desired service.
# systemctl disable mysqld
Check which services failed to start on boot on CentOS 7
As a bonus, systemctl allows you to list all services that failed to start on boot, even though they were configured to start on boot.
# systemctl --failed
Install MySQL / MariaDB
Installing MariaDB is as simple as running just one command:
# yum -y install mariadb-server mariadb
And then start MySQL, now MariaDB:
# systemctl start mariadb
Be sure that MySQL/MariaDB starts at boot:
# systemctl enable mariadb
To check the status of MySQL/MariaDB:
# systemctl status mariadb
To top MySQL/MariaDB:
# systemctl stop mariadb
Check the installation with the command client:
# mysql
To reset the root password for CentOS 6:
Boot Computer and Interrupt while booting at GRUB stage hitting ‘arrow‘ keys or “space bar“.
Type ‘a‘ to modify kernel argument. Anytime you can cancel typing ‘ESC‘ key.
Append 1 at the end of “rhgb quiet” and press “Enter” key to boot into single user mode.
Type command “runlevel” to know the the runlevel where you are standing. Here “1 S” state that your are in a single user mode.
Type ‘passwd‘ command without username and press ‘Enter‘ key in command prompt. It’ll ask to supply new root password and re-type the same password for confirmation.
Reboot
# shutdown -r now
CentOS 7
At the boot menu, press e to edit the existing kernel (Core)
Next, scroll down to the list until you see the line underlined below ( ro ) . What we need to do is change that ro to rw and start into a bash shell. It should look like this rw init=/sysroot/bin/sh.
Change the ro line to rw and add init=/sysroot/bin/sh
After changing that, press Control + X or Ctrl + X on your keyboard to start into single user mode using the bash shell specified above. In this mode, we’re going to change the root password.
In the single user mode, run the command as shown below
# chroot /sysroot
Finally, run the commands below to change the root password.
# passwd root
You’ll be prompted to create and confirm a new password. After creating the password, run the commands below to update SELinux parameters
touch /.autorelabel
Reboot
Install ClamAV and set up scheduled scans.
Install Epel:
# yum install epel-release
Install ClmAV
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirror.lax.hugeserver.com * epel: dl.fedoraproject.org * extras: dallas.tx.mirror.xygenhosting.com * updates: linux.mirrors.es.net Package clamav-data-0.98.7-1.el7.noarch already installed and latest version Package clamav-filesystem-0.98.7-1.el7.noarch already installed and latest version Package clamav-lib-0.98.7-1.el7.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package clamav.x86_64 0:0.98.7-1.el7 will be installed ---> Package clamav-devel.x86_64 0:0.98.7-1.el7 will be installed ---> Package clamav-scanner-systemd.noarch 0:0.98.7-1.el7 will be installed --> Processing Dependency: clamav-scanner = 0.98.7-1.el7 for package: clamav-scanner-systemd-0.98.7-1.el7.noarch ---> Package clamav-server.x86_64 0:0.98.7-1.el7 will be installed --> Processing Dependency: nc for package: clamav-server-0.98.7-1.el7.x86_64 ---> Package clamav-server-systemd.noarch 0:0.98.7-1.el7 will be installed ---> Package clamav-update.x86_64 0:0.98.7-1.el7 will be installed --> Running transaction check ---> Package clamav-scanner.noarch 0:0.98.7-1.el7 will be installed ---> Package nmap-ncat.x86_64 2:6.40-7.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved =================================================================================================================================================================================================== Package Arch Version Repository Size =================================================================================================================================================================================================== Installing: clamav x86_64 0.98.7-1.el7 epel 806 k clamav-devel x86_64 0.98.7-1.el7 epel 37 k clamav-scanner-systemd noarch 0.98.7-1.el7 epel 19 k clamav-server x86_64 0.98.7-1.el7 epel 93 k clamav-server-systemd noarch 0.98.7-1.el7 epel 19 k clamav-update x86_64 0.98.7-1.el7 epel 89 k Installing for dependencies: clamav-scanner noarch 0.98.7-1.el7 epel 26 k nmap-ncat x86_64 2:6.40-7.el7 base 201 k Transaction Summary =================================================================================================================================================================================================== Install 6 Packages (+2 Dependent packages) Total download size: 1.3 M Installed size: 3.0 M Is this ok [y/d/N]: y Downloading packages: (1/8): clamav-0.98.7-1.el7.x86_64.rpm | 806 kB 00:00:00 (2/8): clamav-devel-0.98.7-1.el7.x86_64.rpm | 37 kB 00:00:00 (3/8): clamav-scanner-0.98.7-1.el7.noarch.rpm | 26 kB 00:00:00 (4/8): clamav-scanner-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00 (5/8): clamav-server-0.98.7-1.el7.x86_64.rpm | 93 kB 00:00:00 (6/8): clamav-server-systemd-0.98.7-1.el7.noarch.rpm | 19 kB 00:00:00 (7/8): clamav-update-0.98.7-1.el7.x86_64.rpm | 89 kB 00:00:00 (8/8): nmap-ncat-6.40-7.el7.x86_64.rpm | 201 kB 00:00:00 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 1.3 MB/s | 1.3 MB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : 2:nmap-ncat-6.40-7.el7.x86_64 1/8 Installing : clamav-server-0.98.7-1.el7.x86_64 2/8 Installing : clamav-server-systemd-0.98.7-1.el7.noarch 3/8 Installing : clamav-scanner-0.98.7-1.el7.noarch 4/8 Installing : clamav-scanner-systemd-0.98.7-1.el7.noarch 5/8 Installing : clamav-0.98.7-1.el7.x86_64 6/8 Installing : clamav-update-0.98.7-1.el7.x86_64 7/8 Installing : clamav-devel-0.98.7-1.el7.x86_64 8/8 Verifying : clamav-scanner-systemd-0.98.7-1.el7.noarch 1/8 Verifying : clamav-server-0.98.7-1.el7.x86_64 2/8 Verifying : clamav-scanner-0.98.7-1.el7.noarch 3/8 Verifying : clamav-devel-0.98.7-1.el7.x86_64 4/8 Verifying : clamav-server-systemd-0.98.7-1.el7.noarch 5/8 Verifying : clamav-update-0.98.7-1.el7.x86_64 6/8 Verifying : 2:nmap-ncat-6.40-7.el7.x86_64 7/8 Verifying : clamav-0.98.7-1.el7.x86_64 8/8 Installed: clamav.x86_64 0:0.98.7-1.el7 clamav-devel.x86_64 0:0.98.7-1.el7 clamav-scanner-systemd.noarch 0:0.98.7-1.el7 clamav-server.x86_64 0:0.98.7-1.el7 clamav-server-systemd.noarch 0:0.98.7-1.el7 clamav-update.x86_64 0:0.98.7-1.el7 Dependency Installed: clamav-scanner.noarch 0:0.98.7-1.el7 nmap-ncat.x86_64 2:6.40-7.el7 Complete!
Copy a the clamd.conf template, in case you don’t have a configuration file yet:
# cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
Change the file and Comment out “Example”
# nano /etc/clamd.d/clamd.conf
Change this…
# Comment or remove the line below. Example
To this…
# Comment or remove the line below. #Example
Configure SELinux for ClamAV.
Check if selinux in on:
# getenforce Enforcing [root@database ~]# sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28
Write this command to get it working with SELinux if this is active:
# setsebool -P antivirus_can_scan_system 1
Enabling and Disabling SELinux
nano /etc/sysconfig/selinux
To enable…set this to enforcing
# SELINUX=enforcing
To disable, set to permissive
# SELINUX=permissive
Reboot after changes
Or, to make temp changes:
# setenforce permissive
Enable Freshclam
# cp /etc/freshclam.conf /etc/freshclam.conf.bak
Edit the config file to comment out example
# nano /etc/freshclam.conf
# Comment or remove the line below. #Example
Creat a file
# nano /usr/lib/systemd/system/clam-freshclam.service
Add
# Run the freshclam as daemon [Unit] Description = freshclam scanner After = network.target [Service] Type = forking ExecStart = /usr/bin/freshclam -d -c 4 Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Let’s enable and start the service
# systemctl enable clam-freshclam.service # systemctl start clam-freshclam.service
rename the /usr/lib/systemd/system/clamd@.service file
# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
change the clamd@scan service as well. Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign
# nano /usr/lib/systemd/system/clamd@scan.service
From…
# .include /lib/systemd/system/clamd@.service
to…
# .include /lib/systemd/system/clamd.service
change the clamd service file /usr/lib/systemd/system/clamd.service:
[Unit] Description = clamd scanner daemon After = syslog.target nss-lookup.target network.target [Service] Type = simple ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf --nofork=yes Restart = on-failure PrivateTmp = true [Install] WantedBy=multi-user.target
Start all services
#cd /usr/lib/systemd/system
# systemctl enable clamd.service # systemctl enable clamd@scan.service # systemctl start clamd.service # systemctl start clamd@scan.service.
Run a scan
# clamscan -i -r --log=/var/log/clamscan-date.txt /var/www/vhosts/* ----------- SCAN SUMMARY ----------- Known viruses: 4159219 Engine version: 0.98.7 Scanned directories: 3 Scanned files: 116 Infected files: 0 Data scanned: 13.64 MB Data read: 39.54 MB (ratio 0.34:1) Time: 10.738 sec (0 m 10 s)
Set up a cron to run a scan (example is for a plesk server for the virtual hosts
# nano /etc/cron.daily/clamscan
#!/bin/bash # setup the scan location and scan log CLAM_SCAN_DIR="/var/www/vhosts" CLAM_LOG_FILE="/var/log/clamav/dailyscan.log" # update the virus database /usr/bin/freshclam # run the scan /usr/bin/clamscan -i -r $CLAM_SCAN_DIR >> $CLAM_LOG_FILE MAILTO=user@domain.com
Set the cron file as an executible
# chmod 555 /etc/cron.daily/clamscan
Test your installation and cron job
# /etc/cron.daily/clamscan
Nagois error on CentOS 7
make stage…
./stdio.h:456:1: error: ‘gets’ undeclared here (not in a function)
Edit the studio.h file, and replace: #undef gets _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); with #if defined gets #undef gets _GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead"); #endif
By default the port 80 for http connection is filtered on Redhat 7 as you can only access this port from the actual localhost and not from any other public host. To open a port 80 on RHEL 7 Linux we need to add an iptables rule. For this RHEL7 uses firewall-cmd. First add your port 80 rule with a following command:
# firewall-cmd --permanent --zone=public --add-port=80/tcp --permanent
Once you add the above firewall rule reload firewall service:
# firewall-cmd --reload
# firewall-cmd --permanent --zone=<zone> --add-service=http
# firewall-cmd --permanent --zone=<zone> --add-port=80/tcp
You can check if the port has actually be opened by running:
# firewall-cmd --zone=<zone> --query-port=80/tcp
# firewall-cmd --zone=<zone> --query-service=http