Wednesday, May 26, 2010

How to change the hostname in Linux

To change the host name in Ubuntu, Debian,.....

# vi /etc/hostname

new_hostname

# /etc/init.d/hostname.sh restart

To change the host name in Redhat,CentOs,fedora,......

Give the new hostname in the following files

# vi /etc/hosts
# vi /etc/sysconfig/network

OR

# sysctl kernel.hostname=new_hostname


.

Tuesday, May 18, 2010

How to configure csf on vps

Configure csf on vps

1) Configuration in node(Main Server):

Before starting the csf installation check whether the following modules are inserted in the kernel:

ipt_conntrack
ip_tables
ipt_LOG
ipt_multiport
ipt_REJECT
ipt_state
ipt_limit
ipt_recent
ipt_owner
iptable_nat

You can check it as follows

# lsmod |grep -i {modules}

If not insert these modules into the kernel

#modprobe {modules}
eg: modprobe ipt_recent

Add these modules to iptable configuration as follows

# vi /etc/sysconfig/iptables-config

Add the following in this file

IPTABLES_MODULES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Add these modules in the VPS configuration file

# vi /etc/sysconfig/vz-scripts/100.conf

IPTABLES_MODULES="iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state ipt_helper iptable_nat ip_nat_ftp ip_nat_irc"

Main server(node) configuration is over. Now restart the vps

# vzctl restart
eg: vzctl restart 100

2) VPS configurttion:

Enter in to VPS

#cd /usr/local/src/
# wget http://www.configserver.com/free/csf.tgz

# tar zxvf csf.tgz
# cd csf
# ./install.sh

To test all the iptable modules are available

# ./csftest.pl

If you are running apf_bfd firewall, it has to be removed for csf works

# ./remove_apf_bfd.sh

Now to configure csf config file to implement firewall as per our need

# vi /etc/csf/csf.conf

TESTING = “1"
(We will change it to zero “0″ when we finished and sure we have configured correctly)

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995″
TCP_OUT = “20,21,22,25,53,80,110,113,443″
UDP_IN = “20,21,53″
UDP_OUT = “20,21,53,113,123"
(Put your all ports which you want to be open on your server for incoming & outgoing traffic seperated by comma)

PORTFLOOD = “80;tcp;20;5″
(To protect your server any specific port from DOS attacks, you can define it in PORTFLOOD tag. By default its empty and i did like to limit 20 connections per 5 sec to port 80 (webserver))

After this save the file and restart the csf service

# /etc/init.d/csf start

If you completed with configuation and sure that every rules is implemented correctly then change Testing from 1 to 0 for run CSF permanently.

TESTING = “0″

and restart the service again to activate it

# /etc/init.d/csf restart



Sunday, May 2, 2010

To test whether the TUN/TAP device is available

To test whether the TUN/TAP device is working or not:

# cat /dev/net/tun

If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use.

If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created.


.

Command to check the software raid is working fine

Command to check the software raid is working fine:

Check the mdstat file:

# cat /proc/mdstat

You are looking for a line like this:

md0 : active raid1 sdb5[0] sda5[1] 32000 blocks [2/2] [UU]

If the last part ever changes you know one of the drives has failed, ie if it changes to "[2/1] [U_]" then the second drive is out.



Saturday, May 1, 2010

SSL: error:00000000:lib(0):func(0):reason(0)

SSL: error:00000000:lib(0):func(0):reason(0)

When you restart the kloxo you may got this error message.
To solve this,

# yum downgrade openssl
# yum update

This will fix the issue.


.