2019 – Page 26 – Linux Blimp

March 29, 2019

How to Install Lighttpd with PHP, PHP-FPM and MariaDB on CentOS 7

Lighttpd is an open source, secure, fast, flexible and more optimized web server designed for speed-critical environments with less memory utilization as compared to other web servers.

It can handle up-to 10,000 connections parallel in one server with effective cpu-load management and comes with advanced feature set such as FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more.

Lighttpd is the excellent solution for every Linux server, due to its high speed io-infrastructure that allows us to scale several times better performance with the same hardware than with other alternative web-servers.

In this tutorial, we will explain how to install Lighttpd with PHP-FPM and MariaDB on CentOS/RHEL 7distributions with hostname tecmint.example.com and IP address 192.168.0.103.

Step 1: Install Lighttpd on CentOS 7

1. To install Lighttpd, first you need to update your system software packages and available repositories using following command.

# yum -y update

2. Next, you need to enable EPEL repository on your system and update software packages using following commands.

# yum -y install epel-release
# yum -y update

3. Once you’ve enabled EPEL repository, you can now install Lighttpd by running the following command.

# yum install lighttpd

4. Once the Lighttpd packages are installed, you can start and enable the service to automatically start at boot time and make sure to verify the status using the following commands.

# systemctl start lighttpd
# systemctl enable lighttpd
# systemctl status lighttpd

If you see any error message similar to below in the status, you need to fix few things to get it start properly without displaying any error messages.

Dec 10 02:14:26 tecmint.com lighttpd[1463]: 2018-12-10 02:14:26: (network.c.167) warning: please use server.use-ipv6 only for hostnames, not without server.bind / empty address...ONLY changes
Dec 10 02:14:26 tecmint.com lighttpd[1463]: 2018-12-10 02:14:26: (server.c.1352) can't have more connections than fds/2:  1024 1024
Hint: Some lines were ellipsized, use -l to show in full.

Open the file called /etc/lighttpd/lighttpd.conf with any editor.

# vi /etc/lighttpd/lighttpd.conf

Change the line that says server.use-ipv6 from enable to disable. It will fix error messages shown above.

##
## Use IPv6?
##
server.use-ipv6 = "disable"

Now try again to start Lighttpd, it should work 100% without any error messages.

# systemctl restart lighttpd
# systemctl status lighttpd

5. Now verify the version of Lighttpd installed on your system using the following command.

# lighttpd -v

lighttpd/1.4.51 (ssl) - a light and fast webserver

6. Now you need to allow HTTP and HTTPS traffic on your firewall.

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# firewall-cmd --reload

7. Now open your browser and point to the following URL to see your Lighttpd web server working.

http://Your-Domain.com
OR
http://Your-IP-addr

Check Lighttpd Page

The default document root directory for Lighttpd is /var/www/lighttpd/ and the main configuration file is located under /etc/lighttpd/lighttpd.conf.

Step 2: Installing MariaDB as MySQL in CentOS 7

8. Next, install MySQL support for Lighttpd using following commands.

# yum -y install mariadb mariadb-server

9. Once the installation is complete, start, enable and verify the status of MariaDB using following commands.

# systemctl start mariadb.service
# systemctl enable mariadb.service
# systemctl status mariadb.service

10. Finally, you will need to secure your MariaDB installation by issuing the following command.

# mysql_secure_installation

You will be prompted a few different questions regarding your MariaDB installation and how you would like to secure it. You can change the database root user password, disable the test database, disable anonymous users, and disable root login remotely.

Sample Output

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): Enter OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!

11. Try connecting to MySQL server and review the existing databases on your database server with following commands on the terminal.

# mysql -u root -p

Sample Output

Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.60-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]>

Step 3: Installing PHP and PHP-FPM with FastCGI on CentOS 7

12. To enable PHP-FPM with FastCGI support, first you need to install PHP along with necessary extensions using following command.

# yum -y install php php-mysqlnd php-pdo php-gd php-mbstring

13. Once PHP installed, now enable PHP-FPM and FastCGI support for Lighttpd, to do this you need to install these packages too.

# yum -y install php-fpm lighttpd-fastcgi

14. Now open a file called /etc/php-fpm.d/www.conf.

# vi /etc/php-fpm.d/www.conf

Set the user and group to lighttpd.

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = lighttpd
; RPM: Keep a group allowed to write in log dir.
group = lighttpd

15. Now start PHP-FPM service and make sure to enable it to automatically start at boot time using the following commands.

# systemctl start php-fpm.service
# systemctl enable php-fpm.service

Step 4: Enabling PHP and PHP-FPM with FastCGI in Lighttpd

16. Here, we need to modify three files /etc/php.ini, /etc/lighttpd/modules.conf and /etc/lighttpd/conf.d/fastcgi.conf to enable PHP support for Lighttpd.

Open first file /etc/php.ini.

# vi /etc/php.ini

Un-comment the following line that says line cgi.fix_pathinfo=1.

; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
cgi.fix_pathinfo=1

Then open second file called /etc/lighttpd/modules.conf.

# vi /etc/lighttpd/modules.conf

Un-comment the following line that says include “conf.d/fastcgi.conf”.

##
## FastCGI (mod_fastcgi)
##
include "conf.d/fastcgi.conf"

Next, open third file called /etc/lighttpd/conf.d/fastcgi.conf.

# vi /etc/lighttpd/conf.d/fastcgi.conf

Now add the following container at the bottom of the file and save it.

fastcgi.server += ( ".php" =>
        ((
                "host" => "127.0.0.1",
                "port" => "9000",
                "broken-scriptfilename" => "enable"
        ))
)

Restart the Lighttpd service to reflect changes and enable PHP support.

# systemctl restart lighttpd

Step 5: Testing PHP and PHP-FPM with FastCGI Support in Lighttpd

17. As We said above that the default document root for Lighttpd is /var/www/lighttpd/. So, here we will create a phpinfo.php file into this directory.

# vi /var/www/lighttpd/info.php

Add the following lines to it. This small piece of code will display information about PHP installation with their versions.

<?php
phpinfo();
?>

18. Open your browser and navigate to the following links.

http://Your-Domain.com
OR
http://Your-IP-addr

Check PHP Support in CentOS 7

You will see working information of PHP, PHP-FPM and MySQL with lots of other modules that are already enabled.

Source

March 29, 2019

How to Perform Graphical Installation of “Red Hat Enterprise or CentOS 7.0” Remotely Using VNC Mode

This tutorial concentrates on how to perform a graphical installation of Red Hat Enterprise or CentOS 7.0 from a remote point in VNC Direct Mode using Anaconda included locally VNC server and how to partition a hard-disk smaller than 2TB with a GPT Partition Table Layout on non-UEFI systems.

Install RHEL/CentOS 7 Remotely Using VNC

In order to access the graphical installation, your remote system that will control the installation process, requires a VNC viewer program installed and running on your machine.

Requirements

Installation of RHEL 7.0
Installation of CentOS 7.0
An VNC client installed on a remote system

Step 1: Boot RHEL/CentOS Media Installer in VNC Mode

1. After the installer bootable media has been created, place your DVD/USB into your system appropriate drive, start the machine, select your bootable media and on the first prompt press TAB key and the boot options should appear.

In order to start b>Anaconda VNC server with a password to restrict access to installation and force your hard-disk smaller than 2TB in size to be partitioned with a GPT valid partition table, append the following options to boot menu command line.

inst.gpt inst.vnc inst.vncpassword=password resolution=1366x768

Installing CentOS in VNC Mode

As you can see I’ve added an extra option to force graphical installation resolution to a custom size – replace resolution values with your desired values.

2. Now press Enter key to start the installer and wait until it reaches the message where it shows you the VNC IP Address and Port number to enter, in order to connect, on client side.

Connect VNC Client

That’s it! Now the installation process is ready to be configured from a remote system using a VNC Client.

Step 2: Configure VNC Clients on Remote Systems

3. As a previously mentioned, in order to be able to perform a VNC installation remote systems requires a running VNC Client. The following VNC clients are available, depending on your Operating System.

For RHEL/CentOS 7.0 installed with a Graphical User Interface open Remote Desktop Viewer, hit on Connectbutton and choose VNC for Protocol and add VNC IP Address and Port presented on the system where you perform the installation.

Remote Desktop Viewer

Connect to Remote VNC

Enter VNC IP Address

4. After the VNC Client connects to installer, you will be prompted to enter the VNC installer password. Enter the password, hit Authenticate and a new window with CentOS/RHEL Anaconda graphical interface should appear.

From here, you can continue with the installation process in the same manner as you would do it from a directly connected monitor, using the same procedure as described RHEL/CentOS 7.0 Installation Guide links provide above.

Authenticate to Remote VNC

Welcome to CentOS 7 Installation

5. For Debian based distributions (Ubuntu, Linux Mint, etc) install Vinagre package for GNOME desktop environment and use the same procedure as explained above.

$ sudo apt-get install vinagre

Install Vinagre Package

Remote CentOS 7 Installation

6. For Windows based systems install the TightVNC Viewer program by downloading it using the following link.

http://www.tightvnc.com/download.php

Download TightVNC Viewer

TightVNC Connection

Remote CentOS 7 Installation Process

7. If you want to see details about your disk partition layout which now uses GPT on a disk smaller than 2TB, go to Installation Destination, select your disk and the partition table should be visible and a new biosboot partition should be automatically created.

If you opted for Automatically create partitions, in the contrary case you should create one as Standard Partition with Bios Boot as a File System and 1 MB in size on non-UEFI systems.

CentOS 7 Standard Partition Table

CentOS 7 Partition Table Changes

As a last note, if you are planning to use MBR Partition Layout on a disk smaller than 2TB on UEFI based systems, you must initially reformat your hard-disk, and, then create a Standard Partition with EFI System Partition (efi) as File System with a minimal value of 200 MB in size, regardless of your partitioning scheme.

Source

March 29, 2019

How to Install Asterisk on CentOS 7

Asterisk is an open source framework used for building communication applications. You can use it to turn a local computer or server to communication server. It is used to power IP PBX systems, VoIP gateways, conference servers and other solutions. It’s used by all kind of organizations worldwide and finally, but not last it is free and open source.

In this tutorial, we are going to show you how to install Asterisk on CentOS 7 (instructions also works on RHEL 7), but before we start, we will need to make some preparations so Asterisk can run smoothly after the installation.

Step 1: Disable SELinux on CentOS 7

To do this, first SSH to your system and using your favorite command line text editor, open /etc/selinux/configand disable SELINUX.

# vim /etc/selinux/config

SELinux line should look like this:

SELINUX=disabled

Now reboot your system. Once it comes back SSH again to that system.

Step 2: Install Required Packages

Asterisk has quite a few requirements that need to be installed. You can use the following yum command to install required packages as shown.

# yum install -y epel-release dmidecode gcc-c++ ncurses-devel libxml2-devel make wget openssl-devel newt-devel kernel-devel sqlite-devel libuuid-devel gtk2-devel jansson-devel binutils-devel

Before we continue further, create a new user through which we will use asterisk.

# adduser asterisk -c "Asterisk User"
# su asterisk

Next, install PJSIP, is a free open source multimedia communication library that implements standard based protocols such as SIP,SDP,RTP,STUN,TURN and ICE. It is the Asterisk SIP channel driver that should improve the clarity of the calls.

To get the latest version, first let’s create a temporary directory where we will build the package from source.

$ mkdir ~/build && cd ~/build

Now go the PJSIP download page and grab the package or use the following wget command to download the package directly in terminal.

Note that by the writing of this article the latest version is 2.8, this may change in future, thus make sure to use the latest version:

$ wget https://www.pjsip.org/release/2.8/pjproject-2.8.tar.bz2

Once the download is complete, extract the file and change to that directory.

$ tar xvjf pjproject-2.8.tar.bz2
$ cd pjproject-2.8

The next step is to prepare the package to be compiled. You can use the following command:

$ ./configure CFLAGS="-DNDEBUG -DPJ_HAS_IPV6=1" --prefix=/usr --libdir=/usr/lib64 --enable-shared --disable-video --disable-sound --disable-opencore-amr

You should not see any errors or warnings. Ensure that all dependencies are met:

$ make dep

And now we can complete the install and link libraries with:

$ make && sudo make install && sudo ldconfig

Finally ensure that all libraries are installed and present:

$ ldconfig -p | grep pj

You should get the following output:

        libpjsua2.so.2 (libc6,x86-64) => /lib64/libpjsua2.so.2
        libpjsua2.so (libc6,x86-64) => /lib64/libpjsua2.so
        libpjsua.so.2 (libc6,x86-64) => /lib64/libpjsua.so.2
        libpjsua.so (libc6,x86-64) => /lib64/libpjsua.so
        libpjsip.so.2 (libc6,x86-64) => /lib64/libpjsip.so.2
        libpjsip.so (libc6,x86-64) => /lib64/libpjsip.so
        libpjsip-ua.so.2 (libc6,x86-64) => /lib64/libpjsip-ua.so.2
        libpjsip-ua.so (libc6,x86-64) => /lib64/libpjsip-ua.so
        libpjsip-simple.so.2 (libc6,x86-64) => /lib64/libpjsip-simple.so.2
        libpjsip-simple.so (libc6,x86-64) => /lib64/libpjsip-simple.so
        libpjnath.so.2 (libc6,x86-64) => /lib64/libpjnath.so.2
        libpjnath.so (libc6,x86-64) => /lib64/libpjnath.so
        libpjmedia.so.2 (libc6,x86-64) => /lib64/libpjmedia.so.2
        libpjmedia.so (libc6,x86-64) => /lib64/libpjmedia.so
        libpjmedia-videodev.so.2 (libc6,x86-64) => /lib64/libpjmedia-videodev.so.2
        libpjmedia-videodev.so (libc6,x86-64) => /lib64/libpjmedia-videodev.so
        libpjmedia-codec.so.2 (libc6,x86-64) => /lib64/libpjmedia-codec.so.2
        libpjmedia-codec.so (libc6,x86-64) => /lib64/libpjmedia-codec.so
        libpjmedia-audiodev.so.2 (libc6,x86-64) => /lib64/libpjmedia-audiodev.so.2
        libpjmedia-audiodev.so (libc6,x86-64) => /lib64/libpjmedia-audiodev.so
        libpjlib-util.so.2 (libc6,x86-64) => /lib64/libpjlib-util.so.2
        libpjlib-util.so (libc6,x86-64) => /lib64/libpjlib-util.so
        libpj.so.2 (libc6,x86-64) => /lib64/libpj.so.2
        libpj.so (libc6,x86-64) => /lib64/libpj.so

Step 3: Install Asterisk in CentOS 7

We are now ready to initiate the installation of Asterisk. Navigate back to our ~/build directory:

$ cd ~/build

Go to Asterisk download page and grab the the latest version or you can use the following wget command to download the file in terminal.

$ wget http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-16-current.tar.gz

By the writing of this tutorial, the latest Asterisk version is 16. Make sure that you are downloading the latest version of Asterisk, when you are following the steps.

Now extract the archive and navigate to the newly created directory:

$ tar -zxvf asterisk-16-current.tar.gz
$ cd asterisk-16.0.0

This is the time to mention, that if you wish to enable mp3 support to play music while client is on hold, you will need to install few more dependencies. These steps are optional:

# yum install svn
# ./contrib/scripts/get_mp3_source.sh

After the second step, you should get output similar to these:

A    addons/mp3
A    addons/mp3/MPGLIB_README
A    addons/mp3/common.c
A    addons/mp3/huffman.h
A    addons/mp3/tabinit.c
A    addons/mp3/Makefile
A    addons/mp3/README
A    addons/mp3/decode_i386.c
A    addons/mp3/dct64_i386.c
A    addons/mp3/MPGLIB_TODO
A    addons/mp3/mpg123.h
A    addons/mp3/layer3.c
A    addons/mp3/mpglib.h
A    addons/mp3/decode_ntom.c
A    addons/mp3/interface.c

Start by running the configure script to prepare the package for compiling:

$ sudo contrib/scripts/install_prereq install
$ ./configure --libdir=/usr/lib64 --with-jansson-bundled
$ make menuselect

If you get any missing dependencies install them. In my case, I got the following error:

configure: error: patch is required to configure bundled pjproject

To go around this simply run:

# yum install patch

And re-run the configure script. Now lets start the build process:

$ make menuselect

After few seconds, you should get a list of features to enable:

Asterisk Modules

If you attempt to use music on hold feature, you will need to enable the “format_mp3” feature from “Add-ons” section. Save your list and run the following command:

make && sudo make install

To install the sample configuration files, use the command below:

sudo make samples

To start Asterisk on boot, use:

sudo make config

As root user update the ownership of the following directories and files:

# chown asterisk. /var/run/asterisk
# chown asterisk. -R /etc/asterisk
# chown asterisk. -R /var/{lib,log,spool}/asterisk

Finally let’s test our installation with:

$ sudo service asterisk start
$ sudo asterisk -rvv

You should see output similar to this one:

Asterisk 16.0.0, Copyright (C) 1999 - 2018, Digium, Inc. and others.
Created by Mark Spencer <markster@digium.com>
Asterisk comes with ABSOLUTELY NO WARRANTY; type 'core show warranty' for details.
This is free software, with components licensed under the GNU General Public
License version 2 and other licenses; you are welcome to redistribute it under
certain conditions. Type 'core show license' for details.
=========================================================================
Connected to Asterisk 16.0.0 currently running on asterisk (pid = 3985)
asterisk*CLI>

If you want to see a list of available commands type:

asterisk*CLI> core show help

To exit the Asterisk prompt, simply type:

asterisk*CLI> exit

Asterisk will still be running in the background.

Conclusion

Now you have a running Asterisk server and you can start connecting phones and extensions and adjust your configuration per your needs. For more details how to achieve this, it is recommended to use the Asterisk Wiki page. If you have any questions or comments, please let us know in the comment section below.

Source

March 29, 2019

How to Install CentOS Web Panel (CWP) on CentOS 7

CentOS Web Panel (CWP) is a free web hosting control panel that offers easy managemet of multiple servers (both Dedicated and VPS) without the need to access server through SSH for every small task that you need to complete. It is a feature rich control panel, which comes with a high number of options and features for quick server management.

CentOS Web Panel Features

Here are some of the most beneficial features and services offered by CentOS Web Panel.

Apache Web Server ( Mod Security + Automatic updated rules optional).
PHP 5.6 (suPHP, SuExec + PHP version switcher).
MySQL/MariaDB + phpMyAdmin.
Email – Postfix and Dovecot, mailboxes, RoundCube web interface ((Antivirus, Spamassassin optional).
CSF (Config Server Firewall).
Backups ( this feature is optional).
Easy user management interface.
Setups Server for Web Hosting with WordPres.
FreeDNS Server.
Live Monitoring.
File System Lock (means, no more website hacking due to locking of files from changes).
Server configuration AutoFixer.
cPanel Account Migration.
TeamSpeak 3 Manager (Voice) and Shoutcast Manager (video streaming).

Thare are lots more features offered by CWP, that you can check out here.

The latest version of CWP is 0.9.8.651 and was released on 21st April 2018, which includes few bug fixes regarding loading time improvements.

CentOS Web Panel Demo

New Root Admin Panel Login:
Non SSL Login: http://demo1.centos-webpanel.com:2030
SSL Login: https://79.137.25.230:2031
Username: root
Password: admin123

New End user Panel Login:
Non SSL Login: http://demo1.centos-webpanel.com:2082
SSL Login: https://79.137.25.230:2083
Username: testacc
Password: admin123

Requirements of CentOS Web Panel Installer:

To avoid getting any problems, please make sure to read all of the following important instructions thoroughly prior to the CWP installation process.

Only install CWP on a freshly installed CentOS 7 server without any configuration changes.
Minimum RAM requirement for 32-bit 512MB and 64-bit 1GB with 10GB of free space.
Only static IP addresses are currently supported, no support for dynamic, sticky, or internal IP addresses.
There isn’t any uninstaller for removing CWP after installation, you must reload the OS to remove it.

For the better performances we suggest you to order a Linode VPS with minimal CentOS 7 install.

Install CentOS Web Panel (CWP) on CentOS 7

For the purpose of this article, I will be installing CWP (CentOS Web Panel) on a local CentOS 7 server with a static IP address 192.168.0.104 and hostname cwp.tecmint.com.

Setup Hostname

1. To start the CWP installation, login into your server as root and make sure to set the correct hostname.

Important: The hostname and domain name must be different on your server (for example, if domain.com is your domain on your server, then use hostname.domain.com as your fully qualified hostname).

# hostnamectl set-hostname cwp.tecmint.com
# hostnamectl

Set Hostname in CentOS 7

Setup Server IP Addresses

2. To setup network, we will use nmtui (NetworkManager Text User Interface) utility, which offers a graphical user interface to configure networking by controlling Network Manager.

# yum install NetworkManager-tui
# nmtui

Set Static IP Address in CentOS 7

Installing CentOS Web Panel

3. After setting hostname and static IP address, now you need update your server to the latest version and install wget utility to fetch and install the CWP installation script.

# yum -y update
# yum -y install wget
# cd /usr/local/src
# wget http://centos-webpanel.com/cwp-el7-latest
# sh cwp-el7-latest

Install CentOS Web Panel Script

Please be patient as the installation progress can take between 10 and 20 minutes to complete. Once the install has finished you should see a screen saying “CWP” installed and list of credentials required to access the panel. Make sure to copy or write down the information and keep it safe:

Once ready, press “ENTER” for server reboot. If the system does not reboot automatically simply type “reboot” to reboot the server.

# reboot

CentOS Web Panel Installation Summary

CentOS Web Panel Configuration

4. After server reboot, login into server as root, once login you will see different welcome screen with information about the logged users and the current disk space usage.

CentOS Web Panel Server Login

Now log in to your CentOS Web Panel server using the link provided by the installer on your server.

CentOS WebPanel Admin GUI: http://SERVER-IP:2030/
Username: root
Password: your root password

CentOS Web Panel Admin Login

CentOS Web Panel Dashboard

For additional configuration instruction, please check out wiki/documentation site.

In this article, we’ve explained how to install CentOS Web Panel on CentOS 7. If you have any questions or comments, please do not hesitate to submit them in the comment section below.

Source

March 29, 2019

How to Install or Upgrade to Kernel 5.0 in CentOS 7

Although some people use the word Linux to represent the operating system as a whole, it is important to note that, strictly speaking, Linux is only the kernel. On the other hand, a distribution is a fully-functional system built on top of the kernel with a wide variety of application tools and libraries.

During normal operations, the kernel is responsible for performing two important tasks:

Acting as an interface between the hardware and the software running on the system.
Managing system resources as efficiently as possible.

To do this, the kernel communicates with the hardware through the drivers that are built into it or those that can be later installed as a module.

For example, when an application running on your machine wants to connect to a wireless network, it submits that request to the kernel, which in turns uses the right driver to connect to the network.

Suggested Read: How to Upgrade Kernel in Ubuntu

With new devices and technology coming out periodically, it is important to keep our kernel up to date if we want to make the most of out them. Additionally, updating our kernel will help us to leverage new kernel functions and to protect ourselves from vulnerabilities that have been discovered in previous versions.

Ready to update your kernel on CentOS 7 or one of their derivatives such as RHEL 7 and Fedora? If so, keep reading!

Step 1: Checking Installed Kernel Version

When we install a distribution it includes a certain version of the Linux kernel. To show the current version installed on our system we can do:

# uname -sr

The following image shows the output of the above command in a CentOS 7 server:

Check Kernel Version in CentOS 7

If we now go to https://www.kernel.org/, we will see that the latest kernel version is 5.0 at the time of this writing (other versions are available from the same site).

This new Kernel 5.0 version is a long-term release and will be supported for 6 years, earlier all Linux Kernel versions were supported for 2 years only.

One important thing to consider is the life cycle of a kernel version – if the version you are currently using is approaching its end of life, no more bug fixes will be provided after that date. For more info, refer to the kernel Releases page.

Step 2: Upgrading Kernel in CentOS 7

Most modern distributions provide a way to upgrade the kernel using a package management system such as yum and an officially-supported repository.

Important: If you looking to run custom compiled Kernel, then you should read our article that explains How to Compile Linux Kernel on CentOS 7 from sources.

However, this will only perform the upgrade to the most recent version available from the distribution’s repositories – not the latest one available in the https://www.kernel.org/. Unfortunately, Red Hat only allows to upgrade the kernel using the former option.

As opposed to Red Hat, CentOS allows the use of ELRepo, a third-party repository that makes the upgrade to a recent version a kernel.

To enable the ELRepo repository on CentOS 7, do:

# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm

Enable ELRepo in CentOS 7

Once the repository has been enabled, you can use the following command to list the available kernel.relatedpackages:

# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available

Yum – Find Available Kernel Versions

Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * elrepo-kernel: mirror-hk.koddos.net
Available Packages
kernel-lt.x86_64                        4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-devel.x86_64                  4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-doc.noarch                    4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-headers.x86_64                4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-tools.x86_64                  4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-tools-libs.x86_64             4.4.176-1.el7.elrepo        elrepo-kernel
kernel-lt-tools-libs-devel.x86_64       4.4.176-1.el7.elrepo        elrepo-kernel
kernel-ml.x86_64                        5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-devel.x86_64                  5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-doc.noarch                    5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-headers.x86_64                5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-tools.x86_64                  5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-tools-libs.x86_64             5.0.0-1.el7.elrepo          elrepo-kernel
kernel-ml-tools-libs-devel.x86_64       5.0.0-1.el7.elrepo          elrepo-kernel
perf.x86_64                             5.0.0-1.el7.elrepo          elrepo-kernel
python-perf.x86_64                      5.0.0-1.el7.elrepo          elrepo-kernel

Next, install the latest mainline stable kernel:

# yum --enablerepo=elrepo-kernel install kernel-ml

Install Kernel 5.0 in CentOS 7

Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.mirror.net.in
 * elrepo: mirror-hk.koddos.net
 * elrepo-kernel: mirror-hk.koddos.net
 * epel: repos.del.extreme-ix.org
 * extras: centos.mirror.net.in
 * updates: centos.mirror.net.in
Resolving Dependencies
--> Running transaction check
---> Package kernel-ml.x86_64 0:5.0.0-1.el7.elrepo will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================
 Package                Arch        Version                 Repository        Size
====================================================================================
Installing:
 kernel-ml              x86_64      5.0.0-1.el7.elrepo      elrepo-kernel     47 M

Transaction Summary
====================================================================================
Install  1 Package

Total download size: 47 M
Installed size: 215 M
Is this ok [y/d/N]: y
Downloading packages:
kernel-ml-5.0.0-1.el7.elrepo.x86_64.rpm                           |  47 MB  00:01:21     
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Installing : kernel-ml-5.0.0-1.el7.elrepo.x86_64                1/1 
  Verifying  : kernel-ml-5.0.0-1.el7.elrepo.x86_64                1/1 

Installed:
  kernel-ml.x86_64 0:5.0.0-1.el7.elrepo                                                                                                                                                                            

Complete!

Finally, reboot your machine to apply the latest kernel, and then select latest kernel from the menu as shown.

Select Latest Kernel Version

# uname -sr

Verify Kernel Version

Step 3: Set Default Kernel Version in GRUB

To make the newly-installed version the default boot option, you will have to modify the GRUB configuration as follows:

Open and edit the file /etc/default/grub and set GRUB_DEFAULT=0. This means that the first kernel in the GRUB initial screen will be used as default.

GRUB_TIMEOUT=5
GRUB_DEFAULT=0
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="rd.lvm.lv=centos/root rd.lvm.lv=centos/swap crashkernel=auto rhgb quiet"
GRUB_DISABLE_RECOVERY="true"

Next, run the following command to recreate the kernel configuration.

# grub2-mkconfig -o /boot/grub2/grub.cfg

Set Default Kernel Version in Grub

Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.0.0-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-5.0.0-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-4.20.0-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.20.0-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-4.19.11-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.19.11-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-4.19.0-1.el7.elrepo.x86_64
Found initrd image: /boot/initramfs-4.19.0-1.el7.elrepo.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-957.1.3.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-957.1.3.el7.x86_64.img
Found linux image: /boot/vmlinuz-3.10.0-693.el7.x86_64
Found initrd image: /boot/initramfs-3.10.0-693.el7.x86_64.img
Found linux image: /boot/vmlinuz-0-rescue-1e2b46dbc0c04b05b592c837c366bb76
Found initrd image: /boot/initramfs-0-rescue-1e2b46dbc0c04b05b592c837c366bb76.img
done

Reboot and verify that the latest kernel is now being used by default.

Booting Default Kernel Version in CentOS 7

Congratulations! You have upgraded your kernel in CentOS 7!

Summary

In this article we have explained how to easily upgrade the Linux kernel on your system. There is yet another method which we haven’t covered as it involves compiling the kernel from source, which would deserve an entire book and is not recommended on production systems.

Although it represents one of the best learning experiences and allows for a fine-grained configuration of the kernel, you may render your system unusable and may have to reinstall it from scratch.

Source

March 29, 2019

How to Install Latest Kernel 5.0 in Ubuntu

Periodically new devices and technology coming out and it’s important to keep our Linux system kernel up-to-date if we want to get the most of out it.

Moreover, updating system kernel will ease us to take advantage of new kernel functions and also it helps us to protect ourselves from vulnerabilities that have been found in earlier versions.

Suggested Read: How to Upgrade Kernel in CentOS 7

Ready to update your kernel on Ubuntu and Debian or one of their derivatives such as Linux Mint? If so, keep reading!

Check Installed Kernel Version

To find the current version of installed kernel on our system we can do:

$ uname -sr

The following shows the output of the above command in a Ubuntu 18.04 server:

Linux 4.15.0-42-generic

Upgrading Kernel in Ubuntu Server

To upgrade the kernel in Ubuntu, go to http://kernel.ubuntu.com/~kernel-ppa/mainline/ and choose the desired version (Kernel 5.0 is the latest at the time of writing) from the list by clicking on it.

Next, download the .deb files for your system architecture using wget command.

Download Linux Kernel for 32-Bit System

$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-headers-5.0.0-050000_5.0.0-050000.201903032031_all.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-headers-5.0.0-050000-generic_5.0.0-050000.201903032031_i386.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-image-5.0.0-050000-generic_5.0.0-050000.201903032031_i386.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-modules-5.0.0-050000-generic_5.0.0-050000.201903032031_i386.deb

Download Linux Kernel for 64-Bit System

$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-headers-5.0.0-050000_5.0.0-050000.201903032031_all.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-headers-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-image-unsigned-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb
$ wget https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.0/linux-modules-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb

Once you’ve downloaded all the above kernel files, now install them as follows:

$ sudo dpkg -i *.deb

Sample Output

(Reading database ... 140176 files and directories currently installed.)
Preparing to unpack linux-headers-5.0.0-050000_5.0.0-050000.201903032031_all.deb ...
Unpacking linux-headers-5.0.0-050000 (5.0.0-050000.201903032031) over (5.0.0-050000.201903032031) ...
Preparing to unpack linux-headers-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb ...
Unpacking linux-headers-5.0.0-050000-generic (5.0.0-050000.201903032031) over (5.0.0-050000.201903032031) ...
Preparing to unpack linux-image-unsigned-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb ...
Unpacking linux-image-unsigned-5.0.0-050000-generic (5.0.0-050000.201903032031) over (5.0.0-050000.201903032031) ...
Selecting previously unselected package linux-modules-5.0.0-050000-generic.
Preparing to unpack linux-modules-5.0.0-050000-generic_5.0.0-050000.201903032031_amd64.deb ...
Unpacking linux-modules-5.0.0-050000-generic (5.0.0-050000.201903032031) ...
Setting up linux-headers-5.0.0-050000 (5.0.0-050000.201903032031) ...
Setting up linux-headers-5.0.0-050000-generic (5.0.0-050000.201903032031) ...
Setting up linux-modules-5.0.0-050000-generic (5.0.0-050000.201903032031) ...
Setting up linux-image-unsigned-5.0.0-050000-generic (5.0.0-050000.201903032031) ...
Processing triggers for linux-image-unsigned-5.0.0-050000-generic (5.0.0-050000.201903032031) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-5.0.0-050000-generic
/etc/kernel/postinst.d/x-grub-legacy-ec2:
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-4.15.0-42-generic
Found kernel: /boot/vmlinuz-4.15.0-29-generic
Found kernel: /boot/vmlinuz-5.0.0-050000-generic
Found kernel: /boot/vmlinuz-4.15.0-42-generic
Found kernel: /boot/vmlinuz-4.15.0-29-generic
Replacing config file /run/grub/menu.lst with new version
Updating /boot/grub/menu.lst ... done

/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.0.0-050000-generic
Found initrd image: /boot/initrd.img-5.0.0-050000-generic
Found linux image: /boot/vmlinuz-4.15.0-42-generic
Found initrd image: /boot/initrd.img-4.15.0-42-generic
Found linux image: /boot/vmlinuz-4.15.0-29-generic
Found initrd image: /boot/initrd.img-4.15.0-29-generic
done

Once the installation is complete, reboot your machine and verify that the new kernel version is being used:

$ uname -sr

Verify Kernel Version in Ubuntu

And that’s it. You are now using a much more recent kernel version than the one installed by default with Ubuntu.

Summary

In this article we’ve shown how to easily upgrade the Linux kernel on Ubuntu system. There is yet another procedure which we haven’t showed here as it requires compiling the kernel from source, which is not recommended on production Linux systems.

If you’re still interested in compiling the kernel as a learning experience, you will get the instructions on how to do it at the Kernel Newbies page.

As always, feel free to use the form below if you have any questions or comments about this article.

Source

March 29, 2019

How to Delete Old Unused Kernels in CentOS, RHEL and Fedora

In this article, we will show how to remove old/unused kernel images on RHEL/CentOS/Fedora systems. However, before you remove an old kernel, it is important to keep your kernel up to date; install the latest version in order to leverage new kernel functions and to protect your system from vulnerabilities that have been discovered in older versions.

To install or upgrade to latest kernel version in RHEL/CentOS/Fedora systems, read this guide:

How to Install or Upgrade to Latest Kernel Version in CentOS 7

Attention: On the contrary, is recommended to keep at least one or two old kernels to fall back to in case there is a problem with an update.

To display the current version of Linux (kernel) running on your system, run this command.

# uname -sr

Linux 3.10.0-327.10.1.el7.x86_64

List All Installed Kernels on System

You can list all kernel images installed on your system like this.

# rpm -q kernel

kernel-3.10.0-229.el7.x86_64
kernel-3.10.0-229.14.1.el7.x86_64
kernel-3.10.0-327.3.1.el7.x86_64
kernel-3.10.0-327.10.1.el7.x86_64

Removing Old/Unused Kernels on CentOS/RHEL

You need to install yum-utils, which is an assortment of utilities that integrate with yum to make it more powerful and easier to use, by extending its original features in several different ways.

# yum install yum-utils

One of these utilities is package-cleanup which you can use to delete old kernel as shown below, the count flag is used to specify the number of kernels you want to leave on the system.

# package-cleanup --oldkernels --count=2

Removing Old Kernels

Loaded plugins: fastestmirror, langpacks, product-id, versionlock
--> Running transaction check
---> Package kernel.x86_64 0:3.10.0-229.el7 will be erased
---> Package kernel.x86_64 0:3.10.0-229.14.1.el7 will be erased
---> Package kernel-devel.x86_64 0:3.10.0-229.1.2.el7 will be erased
---> Package kernel-devel.x86_64 0:3.10.0-229.14.1.el7 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

===============================================================================================================================================================================================
 Package                                       Arch                                    Version                                                Repository                                  Size
===============================================================================================================================================================================================
Removing:
 kernel                                        x86_64                                  3.10.0-229.el7                                         @anaconda                                  131 M
 kernel                                        x86_64                                  3.10.0-229.14.1.el7                                    @updates                                   131 M
 kernel-devel                                  x86_64                                  3.10.0-229.1.2.el7                                     @updates                                    32 M
 kernel-devel                                  x86_64                                  3.10.0-229.14.1.el7                                    @updates                                    32 M

Transaction Summary
===============================================================================================================================================================================================
Remove  4 Packages

Installed size: 326 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Erasing    : kernel-devel.x86_64                            1/4 
  Erasing    : kernel.x86_64                                  2/4 
  Erasing    : kernel-devel.x86_64                            3/4 
  Erasing    : kernel.x86_64                                  4/4 
Loading mirror speeds from cached hostfile
 * base: centos.mirror.snu.edu.in
 * epel: repo.ugm.ac.id
 * extras: centos.mirror.snu.edu.in
 * rpmforge: kartolo.sby.datautama.net.id
 * updates: centos.mirror.snu.edu.in
  Verifying  : kernel-3.10.0-229.el7.x86_64                   1/4 
  Verifying  : kernel-devel-3.10.0-229.14.1.el7.x86_64        2/4 
  Verifying  : kernel-3.10.0-229.14.1.el7.x86_64              3/4 
  Verifying  : kernel-devel-3.10.0-229.1.2.el7.x86_64         4/4 

Removed:
  kernel.x86_64 0:3.10.0-229.el7           kernel.x86_64 0:3.10.0-229.14.1.el7           kernel-devel.x86_64 0:3.10.0-229.1.2.el7           kernel-devel.x86_64 0:3.10.0-229.14.1.el7          

Complete!

Important: After running the above command, it will remove all old/unused kernels and keep the current running and old latest kernel as backup.

Removing Old/Unused Kernels on Fedora

Fedora now uses dnf package manager, a new version of yum package manager, so you need to use this command below to remove old kernels on Fedora.

# dnf remove $(dnf repoquery --installonly --latest-limit 2 -q)

Another alternative way to remove old kernels automatically is setting the kernel limit in yum.conf file as shown.

installonly_limit=2		#set kernel count

Save and close the file. The next time you run an update, only two kernels will be left on the system.

You may also like to read these following related articles on Linux kernel.

In this article, we described how to remove old/unused kernel images on RHEL/CentOS/Fedora systems. You can share any thoughts via the feedback from below.

Source

March 29, 2019

How to Delete Old Unused Kernels in Debian and Ubuntu

In this article, we will explain how to delete old unused kernels in Debian and Ubuntu systems, but before moving further, you may want to install the latest version in order to take advantage of: security fixes, new kernel functions, updated drivers and so much more.

To upgrade your kernel to latest version in Ubuntu and Debian, follow this guide:

How to Upgrade Kernel to Latest Version in Ubuntu

Important: It is advisable to keep at least one or two old kernels to fall back to in case there is a problem with an update.

To find out the current version of Linux kernel running on your system, use the following command.

$ uname -sr

Linux 4.12.0-041200-generic

To list all installed kernels on your system, issue this command.

$ dpkg -l | grep linux-image | awk '{print$2}'

linux-image-4.12.0-041200-generic
linux-image-4.8.0-22-generic
linux-image-extra-4.8.0-22-generic
linux-image-generic

Remove Old Unused Kernels on Debian and Ubuntu

Run the commands below to remove a particular linux-image along with its configuration files, then update grub2 configuration, and lastly reboot the system.

$ sudo apt remove --purge linux-image-4.4.0-21-generic
$ sudo update-grub2
$ sudo reboot

Removing Old Kernel in Ubuntu

[sudo] password for tecmint: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  linux-generic linux-headers-4.8.0-59 linux-headers-4.8.0-59-generic linux-headers-generic linux-image-4.8.0-59-generic linux-image-extra-4.8.0-59-generic linux-image-generic
Suggested packages:
  fdutils linux-doc-4.8.0 | linux-source-4.8.0 linux-tools
Recommended packages:
  thermald
The following packages will be REMOVED:
  linux-image-4.8.0-22-generic* linux-image-extra-4.8.0-22-generic*
The following NEW packages will be installed:
  linux-headers-4.8.0-59 linux-headers-4.8.0-59-generic linux-image-4.8.0-59-generic linux-image-extra-4.8.0-59-generic
The following packages will be upgraded:
  linux-generic linux-headers-generic linux-image-generic
3 upgraded, 4 newly installed, 2 to remove and 182 not upgraded.
Need to get 72.0 MB of archives.
After this operation, 81.7 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-headers-4.8.0-59 all 4.8.0-59.64 [10.2 MB]
Get:2 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-headers-4.8.0-59-generic amd64 4.8.0-59.64 [811 kB]                                                               
Get:3 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-generic amd64 4.8.0.59.72 [1,782 B]                                                                               
Get:4 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-headers-generic amd64 4.8.0.59.72 [2,320 B]                                                                       
Get:5 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-image-4.8.0-59-generic amd64 4.8.0-59.64 [23.6 MB]                                                                
Get:6 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-image-extra-4.8.0-59-generic amd64 4.8.0-59.64 [37.4 MB]                                                          
Get:7 http://us.archive.ubuntu.com/ubuntu yakkety-updates/main amd64 linux-image-generic amd64 4.8.0.59.72 [2,348 B]                                                                         
Fetched 72.0 MB in 7min 12s (167 kB/s)                                                                                                                                                       
Selecting previously unselected package linux-headers-4.8.0-59.
(Reading database ... 104895 files and directories currently installed.)
Preparing to unpack .../0-linux-headers-4.8.0-59_4.8.0-59.64_all.deb ...
Unpacking linux-headers-4.8.0-59 (4.8.0-59.64) ...
Selecting previously unselected package linux-headers-4.8.0-59-generic.
Preparing to unpack .../1-linux-headers-4.8.0-59-generic_4.8.0-59.64_amd64.deb ...
Unpacking linux-headers-4.8.0-59-generic (4.8.0-59.64) ...
Preparing to unpack .../2-linux-generic_4.8.0.59.72_amd64.deb ...
Unpacking linux-generic (4.8.0.59.72) over (4.8.0.22.31) ...
Preparing to unpack .../3-linux-headers-generic_4.8.0.59.72_amd64.deb ...
Unpacking linux-headers-generic (4.8.0.59.72) over (4.8.0.22.31) ...
Selecting previously unselected package linux-image-4.8.0-59-generic.
Preparing to unpack .../4-linux-image-4.8.0-59-generic_4.8.0-59.64_amd64.deb ...
Done.
Removing linux-image-4.8.0-22-generic (4.8.0-22.24) ...
Examining /etc/kernel/postrm.d .
run-parts: executing /etc/kernel/postrm.d/initramfs-tools 4.8.0-22-generic /boot/vmlinuz-4.8.0-22-generic
update-initramfs: Deleting /boot/initrd.img-4.8.0-22-generic
run-parts: executing /etc/kernel/postrm.d/zz-update-grub 4.8.0-22-generic /boot/vmlinuz-4.8.0-22-generic
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.12.0-041200-generic
Found initrd image: /boot/initrd.img-4.12.0-041200-generic
Found linux image: /boot/vmlinuz-4.8.0-59-generic
done
...

Although this method works just fine, it is more reliable and efficient to use a handy script called “byobu” that combines all the commands above into a single program with useful options such as specifying number of kernels to keep on the system.

Install byobu script package which provides a program called purge-old-kernels used for removing old kernels and header packages from the system.

$ sudo apt install byobu

Then remove old kernels like so (the command below allows 2 kernels to be kept on the system).

$ sudo purge-old-kernels --keep 2

You may also like to read these following related articles on Linux kernel.

In this article, we have described how to remove old unused kernel images on Ubuntu and Debian systems. You can share any thoughts via the feedback from below.

Source

March 29, 2019

Managing Users & Groups, File Permissions & Attributes and Enabling sudo Access on Accounts

Last August, the Linux Foundation started the LFCS certification (Linux Foundation Certified Sysadmin), a brand new program whose purpose is to allow individuals everywhere and anywhere take an exam in order to get certified in basic to intermediate operational support for Linux systems, which includes supporting running systems and services, along with overall monitoring and analysis, plus intelligent decision-making to be able to decide when it’s necessary to escalate issues to higher level support teams.

Linux Foundation Certified Sysadmin – Part 8

Please have a quick look at the following video that describes an introduction to the Linux Foundation Certification Program.

This article is Part 8 of a 10-tutorial long series, here in this section, we will guide you on how to manage users and groups permissions in Linux system, that are required for the LFCS certification exam.

Since Linux is a multi-user operating system (in that it allows multiple users on different computers or terminals to access a single system), you will need to know how to perform effective user management: how to add, edit, suspend, or delete user accounts, along with granting them the necessary permissions to do their assigned tasks.

Adding User Accounts

To add a new user account, you can run either of the following two commands as root.

# adduser [new_account]
# useradd [new_account]

When a new user account is added to the system, the following operations are performed.

1. His/her home directory is created (/home/username by default).

2. The following hidden files are copied into the user’s home directory, and will be used to provide environment variables for his/her user session.

.bash_logout
.bash_profile
.bashrc

3. A mail spool is created for the user at /var/spool/mail/username.

4. A group is created and given the same name as the new user account.

Understanding /etc/passwd

The full account information is stored in the /etc/passwd file. This file contains a record per system user account and has the following format (fields are delimited by a colon).

[username]:[x]:[UID]:[GID]:[Comment]:[Home directory]:[Default shell]

Fields [username] and [Comment] are self explanatory.
The x in the second field indicates that the account is protected by a shadowed password (in /etc/shadow), which is needed to logon as [username].
The [UID] and [GID] fields are integers that represent the User IDentification and the primary Group IDentification to which [username] belongs, respectively.
The [Home directory] indicates the absolute path to [username]’s home directory, and
The [Default shell] is the shell that will be made available to this user when he or she logins the system.

Understanding /etc/group

Group information is stored in the /etc/group file. Each record has the following format.

[Group name]:[Group password]:[GID]:[Group members]

[Group name] is the name of group.
An x in [Group password] indicates group passwords are not being used.
[GID]: same as in /etc/passwd.
[Group members]: a comma separated list of users who are members of [Group name].

Add User Accounts

After adding an account, you can edit the following information (to name a few fields) using the usermodcommand, whose basic syntax of usermod is as follows.

# usermod [options] [username]

Setting the expiry date for an account

Use the –expiredate flag followed by a date in YYYY-MM-DD format.

# usermod --expiredate 2014-10-30 tecmint

Adding the user to supplementary groups

Use the combined -aG, or –append –groups options, followed by a comma separated list of groups.

# usermod --append --groups root,users tecmint

Changing the default location of the user’s home directory

Use the -d, or –home options, followed by the absolute path to the new home directory.

# usermod --home /tmp tecmint

Changing the shell the user will use by default

Use –shell, followed by the path to the new shell.

# usermod --shell /bin/sh tecmint

Displaying the groups an user is a member of

# groups tecmint
# id tecmint

Now let’s execute all the above commands in one go.

# usermod --expiredate 2014-10-30 --append --groups root,users --home /tmp --shell /bin/sh tecmint

usermod Command Examples

In the example above, we will set the expiry date of the tecmint user account to October 30th, 2014. We will also add the account to the root and users group. Finally, we will set sh as its default shell and change the location of the home directory to /tmp:

Read Also:

For existing accounts, we can also do the following.

Disabling account by locking password

Use the -L (uppercase L) or the –lock option to lock a user’s password.

# usermod --lock tecmint

Unlocking user password

Use the –u or the –unlock option to unlock a user’s password that was previously blocked.

# usermod --unlock tecmint

Lock User Accounts

Creating a new group for read and write access to files that need to be accessed by several users

Run the following series of commands to achieve the goal.

# groupadd common_group # Add a new group
# chown :common_group common.txt # Change the group owner of common.txt to common_group
# usermod -aG common_group user1 # Add user1 to common_group
# usermod -aG common_group user2 # Add user2 to common_group
# usermod -aG common_group user3 # Add user3 to common_group

Deleting a group

You can delete a group with the following command.

# groupdel [group_name]

If there are files owned by group_name, they will not be deleted, but the group owner will be set to the GID of the group that was deleted.

Linux File Permissions

Besides the basic read, write, and execute permissions that we discussed in Archiving Tools and Setting File Attributes – Part 3 of this series, there are other less used (but not less important) permission settings, sometimes referred to as “special permissions”.

Like the basic permissions discussed earlier, they are set using an octal file or through a letter (symbolic notation) that indicates the type of permission.

Deleting user accounts

You can delete an account (along with its home directory, if it’s owned by the user, and all the files residing therein, and also the mail spool) using the userdel command with the –remove option.

# userdel --remove [username]

Group Management

Every time a new user account is added to the system, a group with the same name is created with the username as its only member. Other users can be added to the group later. One of the purposes of groups is to implement a simple access control to files and other system resources by setting the right permissions on those resources.

For example, suppose you have the following users.

user1 (primary group: user1)
user2 (primary group: user2)
user3 (primary group: user3)

All of them need read and write access to a file called common.txt located somewhere on your local system, or maybe on a network share that user1 has created. You may be tempted to do something like,

# chmod 660 common.txt
OR
# chmod u=rw,g=rw,o= common.txt [notice the space between the last equal sign and the file name]

However, this will only provide read and write access to the owner of the file and to those users who are members of the group owner of the file (user1 in this case). Again, you may be tempted to add user2 and user3to group user1, but that will also give them access to the rest of the files owned by user user1 and group user1.

This is where groups come in handy, and here’s what you should do in a case like this.

Understanding Setuid

When the setuid permission is applied to an executable file, an user running the program inherits the effective privileges of the program’s owner. Since this approach can reasonably raise security concerns, the number of files with setuid permission must be kept to a minimum. You will likely find programs with this permission set when a system user needs to access a file owned by root.

Summing up, it isn’t just that the user can execute the binary file, but also that he can do so with root’s privileges. For example, let’s check the permissions of /bin/passwd. This binary is used to change the password of an account, and modifies the /etc/shadow file. The superuser can change anyone’s password, but all other users should only be able to change their own.

passwd Command Examples

Thus, any user should have permission to run /bin/passwd, but only root will be able to specify an account. Other users can only change their corresponding passwords.

Change User Password

Understanding Setgid

When the setgid bit is set, the effective GID of the real user becomes that of the group owner. Thus, any user can access a file under the privileges granted to the group owner of such file. In addition, when the setgid bit is set on a directory, newly created files inherit the same group as the directory, and newly created subdirectories will also inherit the setgid bit of the parent directory. You will most likely use this approach whenever members of a certain group need access to all the files in a directory, regardless of the file owner’s primary group.

# chmod g+s [filename]

To set the setgid in octal form, prepend the number 2 to the current (or desired) basic permissions.

# chmod 2755 [directory]

Setting the SETGID in a directory

Add Setgid to Directory

Understanding Sticky Bit

When the “sticky bit” is set on files, Linux just ignores it, whereas for directories it has the effect of preventing users from deleting or even renaming the files it contains unless the user owns the directory, the file, or is root.

# chmod o+t [directory]

To set the sticky bit in octal form, prepend the number 1 to the current (or desired) basic permissions.

# chmod 1755 [directory]

Without the sticky bit, anyone able to write to the directory can delete or rename files. For that reason, the sticky bit is commonly found on directories, such as /tmp, that are world-writable.

Add Stickybit to Directory

Special Linux File Attributes

There are other attributes that enable further limits on the operations that are allowed on files. For example, prevent the file from being renamed, moved, deleted, or even modified. They are set with the chattr commandand can be viewed using the lsattr tool, as follows.

# chattr +i file1
# chattr +a file2

After executing those two commands, file1 will be immutable (which means it cannot be moved, renamed, modified or deleted) whereas file2 will enter append-only mode (can only be open in append mode for writing).

Chattr Command to Protect Files

Accessing the root Account and Using sudo

One of the ways users can gain access to the root account is by typing.

$ su

and then entering root’s password.

If authentication succeeds, you will be logged on as root with the current working directory as the same as you were before. If you want to be placed in root’s home directory instead, run.

$ su -

and then enter root’s password.

Enable Sudo Access on Users

The above procedure requires that a normal user knows root’s password, which poses a serious security risk. For that reason, the sysadmin can configure the sudo command to allow an ordinary user to execute commands as a different user (usually the superuser) in a very controlled and limited way. Thus, restrictions can be set on a user so as to enable him to run one or more specific privileged commands and no others.

To authenticate using sudo, the user uses his/her own password. After entering the command, we will be prompted for our password (not the superuser’s) and if the authentication succeeds (and if the user has been granted privileges to run the command), the specified command is carried out.

To grant access to sudo, the system administrator must edit the /etc/sudoers file. It is recommended that this file is edited using the visudo command instead of opening it directly with a text editor.

# visudo

This opens the /etc/sudoers file using vim (you can follow the instructions given in Install and Use vim as Editor – Part 2 of this series to edit the file).

These are the most relevant lines.

Defaults    secure_path="/usr/sbin:/usr/bin:/sbin"
root        ALL=(ALL) ALL
tecmint     ALL=/bin/yum update
gacanepa    ALL=NOPASSWD:/bin/updatedb
%admin      ALL=(ALL) ALL

Let’s take a closer look at them.

Defaults    secure_path="/usr/sbin:/usr/bin:/sbin:/usr/local/bin"

This line lets you specify the directories that will be used for sudo, and is used to prevent using user-specific directories, which can harm the system.

The next lines are used to specify permissions.

root        ALL=(ALL) ALL

The first ALL keyword indicates that this rule applies to all hosts.
The second ALL indicates that the user in the first column can run commands with the privileges of any user.
The third ALL means any command can be run.

tecmint     ALL=/bin/yum update

If no user is specified after the = sign, sudo assumes the root user. In this case, user tecmint will be able to run yum update as root.

gacanepa    ALL=NOPASSWD:/bin/updatedb

The NOPASSWD directive allows user gacanepa to run /bin/updatedb without needing to enter his password.

%admin      ALL=(ALL) ALL

The % sign indicates that this line applies to a group called “admin”. The meaning of the rest of the line is identical to that of an regular user. This means that members of the group “admin” can run all commands as any user on all hosts.

To see what privileges are granted to you by sudo, use the “-l” option to list them.

Sudo Access Rules

PAM (Pluggable Authentication Modules)

Pluggable Authentication Modules (PAM) offer the flexibility of setting a specific authentication scheme on a per-application and / or per-service basis using modules. This tool present on all modern Linux distributions overcame the problem often faced by developers in the early days of Linux, when each program that required authentication had to be compiled specially to know how to get the necessary information.

For example, with PAM, it doesn’t matter whether your password is stored in /etc/shadow or on a separate server inside your network.

For example, when the login program needs to authenticate a user, PAM provides dynamically the library that contains the functions for the right authentication scheme. Thus, changing the authentication scheme for the login application (or any other program using PAM) is easy since it only involves editing a configuration file (most likely, a file named after the application, located inside /etc/pam.d, and less likely in /etc/pam.conf).

Files inside /etc/pam.d indicate which applications are using PAM natively. In addition, we can tell whether a certain application uses PAM by checking if it the PAM library (libpam) has been linked to it:

# ldd $(which login) | grep libpam # login uses PAM
# ldd $(which top) | grep libpam # top does not use PAM

Check Linux PAM Library

In the above image we can see that the libpam has been linked with the login application. This makes sense since this application is involved in the operation of system user authentication, whereas top does not.

Let’s examine the PAM configuration file for passwd – yes, the well-known utility to change user’s passwords. It is located at /etc/pam.d/passwd:

# cat /etc/passwd

PAM Configuration File for Linux Password

The first column indicates the type of authentication to be used with the module-path (third column). When a hyphen appears before the type, PAM will not record to the system log if the module cannot be loaded because it could not be found in the system.

The following authentication types are available:

account: this module type checks if the user or service has supplied valid credentials to authenticate.
auth: this module type verifies that the user is who he / she claims to be and grants any needed privileges.
password: this module type allows the user or service to update their password.
session: this module type indicates what should be done before and/or after the authentication succeeds.

The second column (called control) indicates what should happen if the authentication with this module fails:

requisite: if the authentication via this module fails, overall authentication will be denied immediately.
required is similar to requisite, although all other listed modules for this service will be called before denying authentication.
sufficient: if the authentication via this module fails, PAM will still grant authentication even if a previous marked as required failed.
optional: if the authentication via this module fails or succeeds, nothing happens unless this is the only module of its type defined for this service.
include means that the lines of the given type should be read from another file.
substack is similar to includes but authentication failures or successes do not cause the exit of the complete module, but only of the substack.

The fourth column, if it exists, shows the arguments to be passed to the module.

The first three lines in /etc/pam.d/passwd (shown above), load the system-auth module to check that the user has supplied valid credentials (account). If so, it allows him / her to change the authentication token (password) by giving permission to use passwd (auth).

For example, if you append

remember=2

to the following line

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

in /etc/pam.d/system-auth:

password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok remember=2

the last two hashed passwords of each user are saved in /etc/security/opasswd so that they cannot be reused:

Linux Password Fields

Summary

Effective user and file management skills are essential tools for any system administrator. In this article we have covered the basics and hope you can use it as a good starting to point to build upon. Feel free to leave your comments or questions below, and we’ll respond quickly.

Source

March 29, 2019

How to Find Files With SUID and SGID Permissions in Linux

In this tutorial, we will explain auxiliary file permissions, commonly referred to as “special permissions” in Linux, and also we will show you how to find files which have SUID (Setuid) and SGID (Setgid) set.

What is SUID and SGID?

SUID is a special file permission for executable files which enables other users to run the file with effective permissions of the file owner. Instead of the normal x which represents execute permissions, you will see an s(to indicate SUID) special permission for the user.

SGID is a special file permission that also applies to executable files and enables other users to inherit the effective GID of file group owner. Likewise, rather than the usual x which represents execute permissions, you will see an s (to indicate SGID) special permission for group user.

Let’s look at how to find files which have SUID and SGID set using the find command.

The syntax is as follows:

$ find directory -perm /permissions

Important: Certain directories (such as /etc, /bin, /sbin etc.) or files require root privileges in order to be accessed or listed, if you are managing your system as a normal user, use the sudo command to gain root privileges.

How to Find Files with SUID Set in Linux

This below example command will find all files with SUID set in the current directory using -perm (print files only with permissions set to 4000) option.

$ find . -perm /4000

Find Files with SUID Permissions

You can use the ls command with -l option (for long listing) to view the permissions on the listed files as shown in the image above.

How to Find Files with SGID Set in Linux

To find files which have SGID set, type the following command.

$ find . -perm /2000

Find Files with SGID Permissions

To find files which have both SUID and SGID set, run the command below.

$ find . -perm /6000

Find Files with SUID and SGID

You may also like to read these useful guides about file permissions in Linux:

That’s it for now! In this guide, we showed you how to find files which have SUID (Setuid) and SGID (Setgid) set in Linux. If you have any questions, use the feedback form below to share any queries or additional thoughts about this topic.

Source