root@server ~]# yum install ImageMagick
[root@server ~]# yum install ImageMagick-devel

PHP-imagick Installation:
[root@server ~]# yum install gcc
[root@server ~]# yum install make automake
[root@server ~]# yum install php-pear
[root@server ~]# yum install php-devel
[root@server ~]# pecl install imagick

On some servers

yum install php-pecl-imagick.x86_64

Test:

convert image.jpg -resize 64x64 resize_image.jpg

To disable firewalld, run the following command as root:


# systemctl disable firewalld

To stop firewalld, run the following command as root:


# systemctl stop firewalld

To check the status of firewalld, run the following command as root:


# systemctl status firewalld

To enable firewalld, run the following command as root:


# systemctl enable firewalld

To start firewalld, run the following command as root:


# systemctl start firewalld

Other information:

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html

Begin by opening the configuration file with your text editor as root:


# nano /etc/ssh/sshd_config

The first option that you may want to change is the port that SSH runs on. Find the line that looks like this:


#Port 22

Change this to a different port


#Port 2244

Reload ssh

# systemctl reload sshd.service

After saving, don’t exit until you’ve completed these steps.

By default, SELinux only allows port 22 for SSH. What you need to do is enable the newly created port through SELinux. To do that, run the commands below


# sudo semanage port -a -t ssh_port_t -p tcp 2244

If you run the commands above and get an error that semanage command not found, run the commands below to install it.


# sudo yum -y install policycoreutils-python

Then go and run the semange commend again to allow the new port through SELinux.

Note: CentOS8

In CentOS or RHEL Linux based distributions, install policycoreutils package and add the below rules to relax SELinux policy in order for the SSH daemon to bind on the new port.

# yum install policycoreutils
# semanage port -a -t ssh_port_t -p tcp 34627
# semanage port -m -t ssh_port_t -p tcp 34627
# systemctl restart sshd
# netstat -tlpn| grep ssh
# ss -tlpn| grep ssh

After that, run the commands below to allow the new port through the firewall.


# sudo firewall-cmd --permanent --zone=public --add-port=2244/tcp

Reload the firewall configurations


# sudo firewall-cmd --reload

Restart SSH by running the commands below.


# sudo systemctl restart sshd.service

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.


# yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from a Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

# Generate private key


#openssl genrsa -out ca.key 2048 

# Generate CSR

 
# openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key


# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations


cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

WARNING: Make sure that you copy the files and do not move them if you use SELinux. Apache will complain about missing certificate files otherwise, as it cannot read them because the certificate files do not have the right SELinux context.
If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.


restorecon -RvF /etc/pki

Then we need to update the Apache SSL configuration file


Nano /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you’ve used the method above it will be


SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:


SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache


/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate.

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this


<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443
and then a VirtualHost record something like this:


NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using


# /etc/init.d/httpd restart

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:


iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

Other resources: http://www.rackspace.com/knowledge_center/article/centos-apache-virtual-hosts#NameVirtualHosts

To Disable Recursive DNS in the Parallels Plesk Panel

  1. Log in to the Parallels Plesk Panel as administrator.
  2. Click Tools & Settings.
  3. From the General Settings area, click DNS Template Settings.
  4. Click DNS Recursion.Select Localnets, and then click Ok.

For Windows Servers:

  1. Log in to your  Server  through a Remote Desktop Connection.
  2. From the Start menu, click Control Panel, Administrative Tools, then DNS.
  3. In the console tree, right-click the appropriate DNS server, and then click Properties.
  4. Click the Advanced tab.
  5. Under Server options, check Disable recursion, and then click OK.
  6. In the console tree, right-click the appropriate DNS server, and then click Clear Cache.

CentOS


# cd /etc
# nano named.conf

Change this line

# recursion yes;

to

# recursion no;

Restart

# service named restart

Ubuntu


# nano /etc/bind/named.conf.options

Set up like this

// global options apply to external clients
options {
    recursion no;
    additional-from-auth no;
    additional-from-cache no;
};

view "local" in {
    // view options enable recursion only for local clients
    match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

    zone "." in {
            type hint;
            file "/etc/bind/db.root";
    };

    // put definitions for zones like "localhost" and "127.in-addr.arpa" here
}

// put definitions for real authoritative zones here.

A very serious security problem has been found and patched in the GNU C Library called Glibc. It was announced on 27th January 2015.

Here are the affected Linux distros:

  • RHEL (Red Hat Enterprise Linux) version 5.x, 6.x and 7.x
  • CentOS Linux version 5.x, 6.x & 7.x
  • Ubuntu Linux version 10.04, 12.04 LTS
  • Debian Linux version 7.x
  • Linux Mint version 13.0
  • Fedora Linux version 19 or older
  • SUSE Linux Enterprise 11 and older (also OpenSuse Linux 11 or older versions).
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP2 LTSS
  • SUSE Linux Enterprise Server 11 SP1 LTSS
  • SUSE Linux Enterprise Server 10 SP4 LTSS
  • SUSE Linux Enterprise Desktop 11 SP3
  • Arch Linux glibc version <= 2.18-1

Read More to Fix the GHOST vulnerability on a CentOS/RHEL/Fedora/Ubuntu Linux

Read More

Source: http://www.krizna.com/centos/setup-network-centos-7/

When installing Centos 7, You may not able to connect network in that machine. This will happen because Ethernet interfaces are not enabled by default and need additional configuration.

Type “nmcli d” command in your terminal

# nmcli d

Recommended for beginners
Step 1 » Type this command “nmtui” to open Network manager and press enter after choosing ” Edit a connection” ( Use TAB for choosing options ) .

Command Line

Network interface config files are located in /etc/sysconfig/network-scripts/ directory. Open ifcfg-en…


nano /etc/sysconfig/network-scripts/ifcfg-en

Find


BOOTPROTO=none
ONBOOT=no 

and replace with


BOOTPROTO=static
ONBOOT=yes 


And add the below lines at the end of the file.


IPADDR=172.27.0.32
NETMASK=255.255.255.0
GATEWAY=172.27.0.1
DNS1=172.27.0.5File will look like below after changes.
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s17
UUID=f0c5b37d-299a-43cb-b74b-618bb252d129
ONBOOT=yes
HWADDR=00:0C:29:A1:B5:CC
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.5


# systemctl restart network

Additionally you can use /etc/sysconfig/network file for hostname and DNS.
[bash]

HOSTNAME=server.krizna.com
DNS1=192.168.1.5
DNS2=8.8.8.8
SEARCH=domain.com

The Plesk one-click installer is a script that downloads itself and determines the correct Plesk version for your OS. You won’t accidentally pick the wrong version for your distribution.

# wget -O - http://autoinstall.plesk.com/one-click-installer | sh

If you get an error message, wget may not be installed. Rectify this pitiful situation like this:

# yum install wget

Opening Ports for Plesk

On CentOS 6 and prior the firewall rules were set via iptables. This service is gone and has been replaced with firewalld in CentOS 7. We still need to open ports to speak to Plesk via a browser. The two important ones to open here are 8443 and 8447:

# firewall-cmd --zone=public --add-port=8443/tcp --permanent
# firewall-cmd --zone=public --add-port=8447/tcp --permanent
# firewall-cmd --reload

Add Atomic Repo Power (optional)

Now’s a good time to install the Atomic repos. These will give you access to many additional tools such as pre-compiled OSSEC HIDS and additional PHP versions:

# wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh

Other Options

Obtain the installer script. Download the installer script:


# wget https://installer.plesk.com/plesk-installer

Enable execution mode for the downloaded installer script:


# chmod +x ./plesk-installer

Make sure port 8447 is open
Port 8447 is used for accessing the installer GUI. Make sure, this port is open.

Launch the installer with GUI
Run the script with option –web-interface to launch the interactive installer with web interface for the latest stable Plesk version:


# ./plesk-installer --web-interface

From Plesk Trial Signup:
Welcome aboard!

Linux console command:

You also can download your Plesk license for Linux directly from your console interface by running the following command:

# sh <(curl http://autoinstall.plesk.com/plesk-installer) [/bash] After install: Congratulations! The installation has been finished. Plesk is now running on your server. To complete the configuration process, browse either of URLs: * https://216.55.169.209:8443/login?secret=5bwVKsGqv7nDQS9AjQrVhWRY72yjsAthTEr5Ll4r%2Ff0%3D * https://plesk.geekdecoder.com:8443/login?secret=5bwVKsGqv7nDQS9AjQrVhWRY72yjsAthTEr5Ll4r%2Ff0%3D Use the username 'admin' to log in. To log in as 'admin', use the 'plesk login' command. You can also log in as 'root' using your 'root' password. Use the 'plesk' command to manage the server. Run 'plesk help' for more info. Use the following commands to start and stop the Plesk web interface: 'service psa start' and 'service psa stop' respectively. If you would like to migrate your subscriptions from other hosting panel or older Plesk version to this server, please check out our assistance options: https://www.plesk.com/professional-services/

Memcached (Memcache Daemon) is a caching daemon designed especially for dynamic web applications to decrease database load by storing objects in memory. It is commonly used to speed up dynamic database-driven websites by caching data and objects in server memory to reduce the number of times the data source must be read. Memcached is free and open-source software, licensed under the Revised BSD license. Also, there are PHP extensions which allow you to work with memcached. There are two PHP memcache extensions available from the PHP Extension Community Library, PHP memcached and PHP memcache.

PHP Memcache vs PHP Memcached

These two PHP extensions are not identical. PHP Memcache is older, very stable but has a few limitations. The PHP memcache module utilizes the daemon directly while the PHP memcached module uses the libMemcached client library and also contains some added features.

Installing Memcache Daemon + PHP memcache or PHP memcached

Before selecting a PHP extension be sure to install the memcache daemon.

How-To: Install Memcache on CentOS (WHM/cPanel)

    1. Login into your WHM panel and using easyapache to enable Memcache

Go to Software – Module Installers – PHP Pecl. Search for memcache and then install both memcache and memcached
Restart apache:

# service httpd restart

Check your memcached server is running successfully: ps -eaf | grep memcached

Installing Memcache Daemon + PHP memcache or PHP memcached on CentOS or Ubuntu

Before selecting a PHP extension be sure to install the memcache daemon:

Centos / Red Hat:


# yum install memcached

Ubuntu/ Debian:


# apt-get update
# apt-get install memcached

After installing Memcached, open the configuration file for Memcached and make any changes:

Centos / Red Hat:


# nano /etc/sysconfig/memcached

Ubuntu / Debian:


# nano /etc/memcached.conf

Exit and save the configuration file, and then restart Memcached


# service memcached restart

Remember to set the memcache daemon to start on server boot.
Centos / Red Hat:


# chkconfig memcached on

Ubuntu / Debian:


# update-rc.d memcached enable

Install a PHP memcache extension

PHP memcache

You can browse the version here – https://pecl.php.net/package/memcache The current version as of this writing is 3.0.8


wget https://pecl.php.net/get/memcache-3.0.8.tgz
tar xvf memcache-3.0.8.tgz
cd memcache-3.0.8
phpize
./configure
make 
make install
make test
Then add memcache.so to your php.ini file:

# nano /etc/php.ini
extension="memcache.so"

PHP memcached:

Remember to install libmemcached dependancy (Ubuntu/Debian):


yum install cyrus-sasl-devel zlib-devel gcc-c++
wget https://launchpad.net/libmemcached/1.0/1.0.16/+download/libmemcached-1.0.16.tar.gz
tar -xvf libmemcached-1.0.16.tar.gz
cd libmemcached-1.0.16
./configure --disable-memcached-sasl
make
make install

Then install PHP Memcached:

wget https://pecl.php.net/get/memcached-3.0.8.tgz
tar xf memcached-3.0.8.tgz
cd memcached-3.0.8
phpize
./configure
make 
make install
make test

Then add memcached.so to your php.ini file:


extension="memcached.so"

You will need to connect your PHP application to memcached. For example, using W3 Total Cache with WordPress, memcached module with Drupal, Magento config, etc.

Finally restart memcached, httpd (or apache, apache2 for Ubuntu/Debian)

If you would like to view stats of hit rate etc you can download memcachephp stats at GitHub – HERE. Which will look something like this: