Year: 2019

Are you a Linux system administrator and want to monitor interactive activity of all system users (Linux commands they executes) in real-time. In this brief Linux system security guide, we will explain how to view all Linux shell commands executed by system users in real-time.

Read Also: How to Monitor User Activity with psacct or acct Tools

If your system has bash, the most commonly used shell out there then all commands executed by normal system users will be stored in the .bash_history hidden file which is kept in each user’s home directory. The content of this file can be viewed by users, using the history command.

To view a user aaronkilik’s .bash_history file, type:

# cat /home/aaronkilik/.bash_history

# w

# sysdig -c spy_users

There are plenty of tools to monitor MySQL performance and troubleshoot a server, but they don’t always perfect match for a MySQL developer or administrator’s for their common needs, or may not work in some situations, such as remote or over the web monitoring.

Luckily, there are variety of open source tools created by MySQL community to fill the gaps. On the other hand, it’s very difficult to locate these tools via web searches, that’s the reason we’ve compiled 4 command line toolsto monitor MySQL database uptime, load and performance in Linux.

Uptime means how long the database has been running and up since its last shutdown or restart. Getting information about uptime is very crucial in many situations, as it helps system administrators to check the status of MySQL database about, how many queries per second that MySQL database serves, threads, slow queries and lots of interesting statistics.

1. Mytop

Mytop is one of my classic open source and free console-based (non-gui) monitoring tool for MySQL database was written by Jereme Zawodny using Perl language. Mytop runs in a terminal and displays statistics about threads, queries, slow queries, uptime, load, etc. in tabular format, much similar to the Linux top program. Which indirectly helps the administrators to optimize and improve performance of MySQl to handle large requests and decrease server load.

[root@localhost ~]# mysqladmin -u root -p version
Enter password:

mysqladmin  Ver 8.42 Distrib 5.1.61, for redhat-linux-gnu on i386
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Server version		5.1.61-log
Protocol version	10
Connection		Localhost via UNIX socket
UNIX socket		/var/lib/mysql/mysql.sock
Uptime:			20 days 54 min 30 sec

Threads: 1  Questions: 149941143  Slow queries: 21  Opens: 752  Flush tables: 1  Open tables: 745  Queries per second avg: 86.607

bmon is a simple yet powerful, text-based network monitoring and debugging tool for Unix-like systems, which captures networking related statistics and displays them visually in a human friendly format. It is a reliable and effective real-time bandwidth monitor and rate estimator.

It can read input using an assortment of input modules and presents output in various output modes, including an interactive curses user interface as well as a programmable text output for scripting purposes.

Suggested Read: 20 Command Line Tools to Monitor Linux Performance

Install bmon Bandwidth Monitoring Tool in Linux

Almost all Linux distributions has bmon package in the default repositories and can be easily install from default package manger, but the available version might be little older.

$ sudo yum install bmon      [On RHEL/CentOS/Fedora]
$ sudo dnf install bmon      [On Fedora 22+]
$ sudo apt-get install bmon  [On Debian/Ubuntu/Mint]

Alternatively, you can get .rpm and .deb packages for your Linux distribution from https://pkgs.org/download/bmon.

If you wanted to have a most recent version of bmon (i.e version 4.0), you need to build it from source using following commands.

On CentOS, RHEL and Fedora

$ git clone https://github.com/tgraf/bmon.git
$ cd bmon
$ sudo yum install make libconfuse-devel libnl3-devel libnl-route3-devel ncurses-devel
$ sudo ./autogen.sh
$ sudo./configure
$ sudo make
$ sudo make install

On Debian, Ubuntu and Linux Mint

$ git clone https://github.com/tgraf/bmon.git
$ cd bmon
$ sudo apt-get install build-essential make libconfuse-dev libnl-3-dev libnl-route-3-dev libncurses-dev pkg-config dh-autoreconf
$ sudo ./autogen.sh
$ sudo ./configure
$ sudo make
$ sudo make install

How to Use bmon Bandwidth Monitoring Tool in Linux

Run it as below (for starters: RX means received bytes per second and TX refers to transmitted bytes per second):

$ bmon

To view more detailed graphical statistics/information of bandwidth usage, press d key and refer screnshot below.

Press [Shift + ?] to view the quick reference below. To exit the interface, press [Shift + ?] again.

To view statistics of a given interface, select it using the Up and Down arrows. However, to monitor a specific interface only, specify it as an argument on the command line as follows.

Suggested Read: 13 Tools to Monitor Linux Performance

The flag -p sets a policy defining which network interfaces to display, in the example below, we will be monitoring the enp1s0 network interface:

$ bmon -p enp1s0

To use bit per second instead of bytes per second, use the -b flag like so:

$ bmon -bp enp1s0

We can also define the intervals per second with the -r flag as follows:

$ bmon -r 5 -p enp1s0

How to Use bmon Input Modules

bmon has a number of input modules that offer statistical data about interfaces, which includes:

1. netlink – employs the Netlink protocol to collect interface and traffic control statistics from the kernel. This is the default input module.
2. proc — reads interface statistics from the /proc/net/dev file. It is considered a legacy interface and offered for backwards compatibly. It is a fallback module in case the Netlink interface is not available.
3. dummy – this is a programmable input module for debugging and testing purposes.
4. null – disables data collection.

To find additional info about a module, invoke the it with the “help” option set as follows:

$ bmon -i netlink:help

The next command will invoke bmon with the proc input module enabled:

$ bmon -i proc -p enp1s0

How to Use bmon Output Modules

bmon also uses output modules to display or export the statistical data collected by the input modules above, which includes:

1. curses – this is an interactive curses based text user interface, it offers real time rate estimations and a graphical representation of each attribute. It is the default output mode.
2. ascii – is a straightforward programmable text output meant for human consumption. It can display list of interfaces, detailed counters and graphs to the console. It is the default fallback output mode when curses is not available.
3. format – is a fully scriptable output mode, it’s meant for consumption by other programs-meaning we can use its output values at a later time in scripts or programs for analysis and more.
4. null – this disables output.

To get more info concerning a module, run the it with the “help” flag set like so:

$ bmon -o curses:help

The command that follows will invoke bmon in ascii output mode:

$ bmon -p enp1s0 -o ascii  

We can run the format output module as well, then use the values obtained for scripting or in another program:

$ bmon -p enp1s0 -o format

For additional usage info, options and examples, read the bmon man page:

$ man bmon 

Visit the bmon Github repository: https://github.com/tgraf/bmon.

That’s all for now, test the various features of bmon in different scenarios and share your thoughts about it with us via the comment section below.

Source

netdata is a extremely optimized Linux utility that provides real-time (per second) performance monitoring for Linux systems, applications, SNMP devices, etc. and shows full interactive charts that absolutely render all collected values over the web browser to analyze them.

Don’t Miss: 20 Useful Command-line Tools to Monitor Linux Performance

It has been developed to be installed on each Linux system, without interrupting the current running applications on it. You can use this tool to monitor and get overview of what is happening in real-time and what just happened, on your Linux systems and applications.

This is what it monitors:

1. Total and Per Core CPU usage, interrupts, softirqs and frequency.
2. Total Memory, RAM, Swap and Kernel usage.
3. Disk I/O (per disk: bandwidth, operations, backlog, utilization, etc).
4. Monitors Network interfaces including: bandwidth, packets, errors, drops, etc).
5. Monitors Netfilter / iptables Linux firewall connections, events, errors, etc.
6. Processes (running, blocked, forks, active, etc).
7. System Applications with the process tree (CPU, memory, swap, disk reads/writes, threads, etc).
8. Apache and Nginx Status monitoring with mod_status.
9. MySQL database monitoring: queries, updates, locks, issues, threads, etc.
10. Postfix email server message queue.
11. Squid proxy server bandwidth and requests monitoring.
12. Hardware sensors (temperature, voltage, fans, power, humidity, etc).
13. SNMP devices.

netdata Installation on Linux Systems

The latest release of netdata can be easily installed on Arch Linux, Gentoo Linux, Solus Linux and Alpine Linuxusing your package manager as shown.

$ sudo pacman -S netdata         [Install Netdata on Arch Linux]
$ sudo emerge --ask netdata      [Install Netdata on Gentoo Linux]
$ sudo eopkg install netdata     [Install Netdata on Solus Linux]
$ sudo apk add netdata           [Install Netdata on Alpine Linux]

On Debian/Ubuntu and RHEL/CentOS/Fedora, there is one line installation script that will install latest netdataand also keep it up to date automatically.

$ bash <(curl -Ss https://my-netdata.io/kickstart.sh            [On 32-bit]
$ bash <(curl -Ss https://my-netdata.io/kickstart-static64.sh)  [On 64-bit]

The above script will:

• discover the distribution and installs the needed software packages for building netdata (will ask for confirmation).
• downloads the latest netdata source tree to /usr/src/netdata.git.
• installs netdata by executing ./netdata-installer.sh from the source tree.
• installs netdata-updater.sh to cron.daily, so your netdata will be updated daily (you will receive a alert from cron only if the update fails).

Note: The kickstart.sh script progress all its parameters to netdata-installer.sh, so you can define more parameters to modify the installation source, enable/disable plugins, etc.

Alternatively, you can also install latest netdata manually by cloning its repository, but before you start installing netdata, make sure you have these basic build environment packages installed on the system, if not install it using your respective distribution package manager as shown:

On Debian / Ubuntu

# apt-get install zlib1g-dev gcc make git autoconf autogen automake pkg-config

On Centos / Redhat / Fedora

# yum install zlib-devel gcc make git autoconf autogen automake pkgconfig

Next, clone the netdata repository from git and run netdata installer script to build it.

# git clone https://github.com/firehol/netdata.git --depth=1
# cd netdata
# ./netdata-installer.sh

Note: The netdata-installer.sh script will build netdata and install it on your Linux system.

Once the netdata installer finishes, the file /etc/netdata/netdata.conf will be created in your system.

Now it’s time to start netdata by executing the following command from the terminal.

# /usr/sbin/netdata

You can also stop netdata by terminating it’s process with killall command as shown.

# killall netdata

Note: Netdata saves on exit its round robbin database information under /var/cache/netdata file, so that when you start again netdata, it will continue from where it was stopped last time.

Starting and Testing netdata

Now open your browser and navigate to the following address to access the web site for all graphs:

# http://127.0.0.1:19999/

Check out the video that shows how Real-time Linux performance monitoring done here: https://www.youtube.com/watch?v=QIZXS8A4BvI

You can also view the running configuration of netdata at any time, by going to:

http://127.0.0.1:19999/netdata.conf

Updating netdata

You can update netdata daemon to the most recent version by going into netdata.git directory you downloaded before and running:

# cd /path/to/netdata.git
# git pull
# ./netdata-installer.sh

The above netdata installer script will build new version and restart netdata.

Reference: https://github.com/firehol/netdata/

Source

Darkstat is a cross-platform, lightweight, simple, real-time network statistics tool that captures network traffic, computes statistics concerning usage, and serves the reports over HTTP.

Darkstat Features:

• An integrated web-server with deflate compression functionality.
• Portable, single-threaded and efficient Web based network traffic analyzer.
• The Web interface shows traffic graphs, reports per host and ports for each host.
• Supports asynchronous reverse DNS resolution using a child process.
• Support for IPv6 protocol.

Requirements:

• libpcap – a portable C/C++ library for network traffic capture.

Being small in size, it uses very low system memory resources and it is easy to install, configure and use in Linux as explained below.

How to Install Darkstat Network Traffic Analyzer in Linux

1. Luckily, darkstat is available in the software repositories of mainstream Linux distributions such as RHEL/CentOS and Debian/Ubuntu.

$ sudo apt-get install darkstat		# Debian/Ubuntu
$ sudo yum install darkstat		# RHEL/CentOS
$ sudo dnf install darkstat		# Fedora 22+

2. After installing darkstat, you need to configure it in the main configuration file /etc/darkstat/init.cfg.

$ sudo vi /etc/darkstat/init.cfg

And also uncoment DIR=”/var/lib/darkstat” and DAYLOG=”–daylog darkstat.log” options to specify its directory and log file respectively.

START_DARKSTAT=yes
INTERFACE="-i ppp0"
DIR="/var/lib/darkstat"
# File will be relative to $DIR:
DAYLOG="--daylog darkstat.log"

3. Start the darkstat daemon for now and enable it to start at system boot as follows.

------------ On SystemD ------------ 
$ sudo systemctl start darkstat
$ sudo /lib/systemd/systemd-sysv-install enable darkstat
$ sudo systemctl status darkstat

------------ On SysV Init ------------
$ sudo /etc/init.d/darkstat start
$ sudo chkconfig darkstat on
$ sudo /etc/init.d/darkstat status

4. By default, darkstat listens on port 667, so open the port on firewall to allow access.

------------ On FirewallD ------------
$ sudo firewall-cmd --zone=public --permanent --add-port=667/tcp
$ sudo firewall-cmd --reload

------------ On IPtables ------------
$ sudo iptables -A INPUT -p udp -m state --state NEW --dport 667 -j ACCEPT
$ sudoiptables -A INPUT -p tcp -m state --state NEW --dport 667 -j ACCEPT
$ sudo service iptables save

------------ On UFW Firewall ------------
$ sudo ufw allow 667/tcp
$ sudo ufw reload

5. Finally access the darkstat web interface by going to URL http://Server-IP:667.

You can reload graphs automatically by clicking on and off buttons.

Manage Darkstat From Command Line in Linux

Here, we will explain a few important examples of how you can operate darkstat from the command line.

6. To collect network statistics on the eth0 interface, you can use the -i flag as below.

$ darkstat -i eth0

7. To serve web pages on a specific port, include the -p flag like this.

$ darkstat -i eth0 -p 8080

8. To keep an eye on network statistics for a given service, use the -f or filter flag. The specified filter expression in the example below will capture traffic concerned with SSH service.

$ darkstat -i eth0 -f "port 22"

Last but not least, if you want to shut darkstat down in a clean way; it is recommended to send SIGTERM or SIGINT signal to the darkstat parent process.

First get the darkstat parent process ID (PPID) using the pidof command:

$ pidof darkstat

Then kill the process like so:

$ sudo kill -SIGTERM 4790
OR
$ sudo kill -15 4790

For additional usage options, read through the darkstat manpage:

$ man darkstat

Reference Link: Darkstat Homepage

You may also like to read following related articles on Linux network monitoring.

1. 20 Command Line Tools to Monitor Linux Performance
2. 13 Linux Performance Monitoring Tools
3. Netdata – A Real-Time Linux Performance Monitoring Tools
4. BCC – Dynamic Tools for Linux Performance and Network Monitoring

That’s It! In this article, we have explained how to install and use darkstat in Linux to capture network traffic, calculates usage, and analyze reports over HTTP.

Do you have any questions to ask or thoughts to share, use the comment form below.

Source

The wc (word count) command in Unix/Linux operating systems is used to find out number of newline count, word count, byte and characters count in a files specified by the file arguments. The syntax of wc command as shown below.

# wc [options] filenames

The following are the options and usage provided by the command.

wc -l : Prints the number of lines in a file.
wc -w : prints the number of words in a file.
wc -c : Displays the count of bytes in a file.
wc -m : prints the count of characters from a file.
wc -L : prints only the length of the longest line in a file.

So, let’s see how we can use the ‘wc‘ command with their few available arguments and examples in this article. We have used the ‘tecmint.txt‘ file for testing the commands. Let’s find out the output of the file using cat command as shown below.

[root@tecmint ~]# cat tecmint.txt

Red Hat
CentOS
Fedora
Debian
Scientific Linux
OpenSuse
Ubuntu
Xubuntu
Linux Mint
Pearl Linux
Slackware
Mandriva

1. A Basic Example of WC Command

The ‘wc‘ command without passing any parameter will display a basic result of ”tecmint.txt‘ file. The three numbers shown below are 12 (number of lines), 16 (number of words) and 112 (number of bytes) of the file.

[root@tecmint ~]# wc tecmint.txt

12  16 112 tecmint.txt

2. Count Number of Lines

To count number of newlines in a file use the option ‘-l‘, which prints the number of lines from a given file. Say, the following command will display the count of newlines in a file. In the output the first filed assigned as count and second field is the name of file.

[root@tecmint ~]# wc -l tecmint.txt

12 tecmint.txt

3. Display Number of Words

Using ‘-w‘ argument with ‘wc‘ command prints the number of words in a file. Type the following command to count the words in a file.

[root@tecmint ~]# wc -w tecmint.txt

16 tecmint.txt

4. Count Number of Bytes and Characters

When using options ‘-c‘ and ‘-m‘ with ‘wc‘ command will print the total number of bytes and charactersrespectively in a file.

[root@tecmint ~]# wc -c tecmint.txt

112 tecmint.txt

[root@tecmint ~]# wc -m tecmint.txt

112 tecmint.txt

5. Display Length of Longest Line

The ‘wc‘ command allow an argument ‘-L‘, it can be used to print out the length of longest (number of characters) line in a file. So, we have the longest character line (‘Scientific Linux‘) in a file.

[root@tecmint ~]# wc -L tecmint.txt

16 tecmint.txt

6. Check More WC Options

For more information and help on the wc command, simple run the ‘wc –help‘ or ‘man wc‘ from the command line.

[root@tecmint ~]# wc --help

Usage: wc [OPTION]... [FILE]...
  or:  wc [OPTION]... --files0-from=F
Print newline, word, and byte counts for each FILE, and a total line if
more than one FILE is specified.  With no FILE, or when FILE is -,
read standard input.
  -c, --bytes            print the byte counts
  -m, --chars            print the character counts
  -l, --lines            print the newline counts
  -L, --max-line-length  print the length of the longest line
  -w, --words            print the word counts
      --help			display this help and exit
      --version			output version information and exit

Report wc bugs to bug-coreutils@gnu.org
GNU coreutils home page: <http://www.gnu.org/software/coreutils/>
General help using GNU software: <http://www.gnu.org/gethelp/>
For complete documentation, run: info coreutils 'wc invocation'

Source

DHCP (short for Dynamic Host Configuration Protocol) is a client/server protocol that enables a server to automatically assign an IP address and other related configuration parameters (such as the subnet mask and default gateway) to a client on a network.

DHCP is important because it prevents a system or network administrator from manually configuring IP addresses for new computers added to the network or computers that are moved from one subnet to another.

The IP address assigned by a DHCP server to a DHCP client is on a “lease”, the lease time normally varies depending on how long a client computer is likely to require the connection or the DHCP configuration.

In this article, we will explain how to configure a DHCP server in CentOS and Ubuntu Linux distributions to assign IP address automatically to a client machine.

Installing DHCP Server in CentOS and Ubuntu

The DCHP server package is available in the official repositories of mainstream Linux distributions, installing is quite easy, simply run the following command.

# yum install dhcp		        #CentOS
$ sudo apt install isc-dhcp-server	#Ubuntu

Once the installation is complete, configure the interface on which you want the DHCP daemon to serve requests in the configuration file /etc/default/isc-dhcp-server or /etc/sysconfig/dhcpd.

# vim /etc/sysconfig/dhcpd		 #CentOS
$ sudo vim /etc/default/isc-dhcp-server	 #Ubuntu

For example, if you want the DHCPD daemon to listen on eth0, set it using the following directive.

DHCPDARGS=”eth0”

Save the file and exit.

Configuring DHCP Server in CentOS and Ubuntu

The main DHCP configuration file is located at /etc/dhcp/dhcpd.conf, which should contain settings of what to do, where to do something and all network parameters to provide to the clients.

This file basically consists of a list of statements grouped into two broad categories:

• Global parameters: specify how to carry out a task, whether to carry out a task, or what network configuration parameters to provide to the DHCP client.
• Declarations: define the network topology, state a clients is in, offer addresses for the clients, or apply a group of parameters to a group of declarations.

Now, open and edit the configuration file to configure your DHCP server.

------------ On CentOS ------------ 
# cp /usr/share/doc/dhcp-4.2.5/dhcpd.conf.example /etc/dhcp/dhcpd.conf	
# vi /etc/dhcp/dhcpd.conf	

------------ On Ubuntu ------------
$ sudo vim /etc/dhcp/dhcpd.conf				

Start by defining the global parameters which are common to all supported networks, at the top of the file. They will apply to all the declarations:

option domain-name "tecmint.lan";
option domain-name-servers ns1.tecmint.lan, ns2.tecmint.lan;
default-lease-time 3600; 
max-lease-time 7200;
authoritative;

Next, you need to define a sub-network for an internal subnet i.e 192.168.1.0/24 as shown.

subnet 192.168.1.0 netmask 255.255.255.0 {
        option routers                  192.168.1.1;
        option subnet-mask              255.255.255.0;
        option domain-search            "tecmint.lan";
        option domain-name-servers      192.168.1.1;
        range   192.168.10.10   192.168.10.100;
        range   192.168.10.110   192.168.10.200;
}

Note that hosts which require special configuration options can be listed in host statements (see the dhcpd.conf man page).

Now that you have configured your DHCP server daemon, you need to start the service for the mean time and enable it to start automatically from the next system boot, and check if its up and running using following commands.

------------ On CentOS ------------ 
# systemctl start dhcpd
# systemctl enable dhcpd
# systemctl enable dhcpd

------------ On Ubuntu ------------
$ sudo systemctl start isc-dhcp-server
$ sudo systemctl enable isc-dhcp-server
$ sudo systemctl enable isc-dhcp-server

Next, permit requests to the DHCP daemon on Firewall, which listens on port 67/UDP, by running.

------------ On CentOS ------------ 
# firewall-cmd --zone=public --permanent --add-service=dhcp
# firewall-cmd --reload 

#------------ On Ubuntu ------------
$ sudo ufw allow 67/udp
$ sudo ufw reload

Configuring DHCP Clients

Finally, you need to test if the DHCP server is working fine. Logon to a few client machines on the network and configure them to automatically receive IP addresses from the server.

Modify the appropriate configuration file for the interface on which the clients will auto-receive IP addresses.

DHCP Client Setup on CentOS

On CentOS, the interface config files ate located at /etc/sysconfig/network-scripts/.

# vim /etc/sysconfig/network-scripts/ifcfg-eth0

Add the options below:

DEVICE=eth0
BOOTPROTO=dhcp
TYPE=Ethernet
ONBOOT=yes

Save the file and restart network service (or reboot the system).

# systemctl restart network

DHCP Client Setup on Ubuntu

On Ubuntu 16.04, you can configure all interface in the config file /etc/network/interfaces.

   
$ sudo vi /etc/network/interfaces

Add these lines in it:

auto  eth0
iface eth0 inet dhcp

Save the file and restart network services (or reboot the system).

$ sudo systemctl restart networking

On Ubuntu 18.04, networking is controlled by the Netplan program. You need to edit the appropriate file under the directory /etc/netplan/, for example.

$ sudo vim /etc/netplan/01-netcfg.yaml 

Then enable dhcp4 under a specific interface for example under ethernets, ens0, and comment out static IP related configs:

network:
  version: 2
  renderer: networkd
  ethernets:
    ens0:
      dhcp4: yes

Save the changes and run the following command to effect the changes.

$ sudo netplan apply 

For more information, see the dhcpd and dhcpd.conf man pages.

$ man dhcpd
$ man dhcpd.conf

In this article, we have explained how to configure a DHCP server in CentOS and Ubuntu Linux distributions. If you need more clarification on any point, you can ask a question via the feedback form below, or simply share your comments with us.

Source

ProFTPD is an Open Source FTP Server and one of the most used, secure and reliable file transfer daemons on Unix environments, due to its file configurations simplicity speed and easy setup.

Requirements

1. CentOS 7 Minimal Installation
2. Red Hat Enterprise Linux 7 Installation
3. Configure Static IP Address on System

This tutorial will guide you on how you can install and use ProFTPD Server on CentOS/RHEL 7 Linux distributions for a simple file transfer from your local system accounts to remote systems.

Step 1: Install Proftpd Server

1. Official RHEL/CentOS 7 repositories doesn’t provide any binary package for ProFTPD Server, so you need to add extra package repositories on your system provided by EPEL 7 Repo, using the following command.

# rpm -Uvh http://ftp.astral.ro/mirrors/fedora/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm

2. Before you start installing ProFTPD Server, edit your machine hosts file, change it accordingly to your system FQDN and test the configurations to reflect your system domain naming.

# nano /etc/hosts

Here add your system FQDN on 127.0.0.1 localhost line like in the following example.

127.0.0.1 server.centos.lan localhost localhost.localdomain

Then edit /etc/hostname file to match the same system FQDN entry like in the screenshots below.

# nano /etc/hostname

3. After you have edited the host files, test your local DNS resolution using the following commands.

# hostname
# hostname -f    	## For FQDN
# hostname -s    	## For short name

4. Now it’s time to install ProFTPD Server on your system and some required ftp utilities that we will be using later by issuing following command.

# yum install proftpd proftpd-utils

5. After the server is installed, start and manage Proftpd daemon by issuing the following commands.

# systemctl start proftpd
# systemctl status proftpd
# systemctl stop proftpd
# systemctl restart proftpd

Step 2: Add Firewall Rules and Access Files

6. Now, your ProDTPD Server runs and listen for connections, but it’s not available for outside connections due to Firewall policy. To enable outside connections make sure you add a rule which opens port 21, using firewall-cmd system utility.

# firewall-cmd –add-service=ftp   ## On fly rule
# firewall-cmd –add-service=ftp   --permanent   ## Permanent rule
# systemctl restart firewalld.service 

7. The most simple way to access your FTP server from remote machines is by using a browser, redirecting to your server IP Address or domain name using ftp protocol on URL.

ftp://domain.tld

OR 

ftp://ipaddress 

8. The default configuration on Proftpd Server uses valid system local accounts credentials to login and access your account files which is your $HOME system path account, defined in /etc/passwd file.

9. To make ProFTPD Server automatically run after system reboot, aka enable it system-wide, issue the following command.

# systemctl enable proftpd

That’s it! Now you can access and manage your account files and folders using FTP protocol using whether a browser or other more advanced programs, such as FileZilla, which is available on almost any platforms, or WinSCP, an excellent File Transfer program that runs on Windows based systems.

Suggested Read: How to Install, Configure and Secure FTP Server in CentOS 7

On the next series of tutorials concerning ProFTPD Server on RHEL/CentOS 7, I shall discuss more advanced features like enabling Anonymous account, use TLS encrypted file transfers and adding Virtual Users.

Source

One important task in a network is control and manage staffs web surfing traffics, there are many solutions that can handles this issue, one of the best solutions is using squid cache on a Linux machine. Squid can inspect, limit and cache web traffics flow from one network to another network for example from a LAN to the Internet.

There is a few ways for redirecting client’s web requests to squid machine, in this article we will show you how to redirect web traffic from a CISCO router to a Squid Cache machine using WCCP protocol.

The picture below is an example of a basic scenario.

As you see in above picture all client’s web traffics first goes to Cisco Router (That is their default gateway), then router silently redirect packets to squid machine, now squid can play it’s roles, the main roles is caching web contents, limit access based on domains, time intervals, ip addresses, size of files, etc..

We review this scenario’s configuration in two Major steps, first we should install and configure squid and Linux, then configure router to redirecting web traffic packets into squid using WCCP protocol.

Testing Environment

In this scenario I use CENTOS 6.5 as my LINUX server and Cisco 2691 as my Router system.

Operating System: CENTOS 6.5
Application: Squid
Router: Cisco 2691

Step 1: Installing Squid Cache

Squid is available on default repository of CENTOS, we first install it using lovely yum command and then start their services and finally set automatic starting of squid service.

# yum -y install squid
# service squid start
# chkconfig squid on

Step 2: Preparing Squid Cache

Now we must change some default behaviors of centos operation system, we need to enable packet forwarding and disable reverse Path filter (RPF), we enable packet forwarding to let the centos acting as a transparent forwarder (like a router).

Let me explain in more detail, when traffics gets in centos it have their source and destination addresses, for example when a client enter www.example.com on his/her browser a http request packet generates and it have source ip address of client machine (like 192.168.1.20) and destination ip address of example.com server (like 2.2.2.2).

So, when packet received by centos it detect as an wrong packet because centos ip address is not as destination address of the packet, for security reasons centos drop the packet, but we want from squid to act in transparent mode. We tell this situation to centos by enabling packet forwarding potion.

Next we should disable Reverse path Filtering to let the centos accepting packets that not accessible by squid machine or it packets that do not have ip address in the same subnet of squid machine.

# nano /etc/sysctl.conf

net.ipv4.ip_forward = 1 #set to 1 for enable the packet forwarding feature
net.ipv4.conf.default.rp_filter = 0 # set to 0 for disable the reverse path filter behavior

Next we need to create a GRE interface on CENTOS machine, for what?? Let me explain more, the WCCPprotocol works through a GRE Tunnel, it means the language between router and Squid is GRE, so centos need to have a GRE interface for De-encapsulate GRE packets.

We should create the configuration file for GRE interface in “/etc/sysconfig/network-script/ifcfg-gre0” path.

Enter below codes in ifcfg-gre0 configuration file.

DEVICE=gre0
BOOTPROTO=static
IPADDR=10.0.0.2         #unused ip address in your network
NETMASK=255.255.255.252
ONBOOT=yes
IPV6INIT=no

After creating a GRE interface we need to restart network service.

# service network restart

Step 3: Configuring Squid Cache

We need to tell squid accepting WCCP packets from router. Enter below codes in /etc/squid/squid.conf file.

http_port 3128 intercept                 # Define SQUID listening port
wccp2_router 192.168.1.254          #ip address of the router
wccp2_forwarding_method gre
wccp2_return_method gre
wccp2_service standard 0

Save the configuration file and restart squid service.

# service squid restart

Squid listen for packets in 3128 port, but our packet’s destination port number is 80, so for changing destination port 80 to 3128, we need to create a NAT rule on CENTOS integrated firewall (that named iptable).

# iptables -t nat -A PREROUTING -i gre0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -j MASQUERADE

Step 4: Cisco Router Configurations

First we should enable WCCP on cisco router.

R1(config)# ip wccp version 2
Then we must use an ACL for introducing SQUID cache machine to router
R1(config)# ip access-list standard SQUID-MACHINE
R1(config-std-nacl)# permit host 192.168.1.10

Next we define another access list for two different purpose first we should except SQUID traffics from redirecting by WCCP protocol (if not we fall into an infinite loop!!) second we define which LAN traffics we want to passing through WCCP and SQUID.

R1(config)#ip access-list LAN-TRAFFICS
R1(config-ext-nacl)#deny ip host 192.168.1.10 any                            #Prevent SQUID to get in loop
R1(config-ext-nacl)#permit tcp 192.168.1.0 0.0.0.255 any equal www           #define LAN Traffics

After creating our access-list we must configure WCCP protocol on router.

R1(config)# ip wccp web-cache redirect-list LAN-TRAFFIC group-list SQUID-MACHINE

Every things is ready for final step, we must tell the router that in which interface/interfaces it must redirect traffics using their WCCP configuration.

R1(config)#interface fastEthernet 0/0
R1((config-if)# ip wccp web-cache redirect in

Summary

It’s time to summarize all commands and texts in a few lines for better understanding, according to the scenario we redirect staffs web surfing packets (that is on TCP port 80) from the ROUTER (that is default gateway of the clients) toward the squid cache machine using WCCP protocol.

All these process happened silently and there is no additional configuration on client side. So we can control and set policies on web traffics in the LAN. For example, we can gain web surfing access just in a limited time, limit maximum download size, define our custom blacklist and whitelist, generate full reports of internet activity usage and etc.

One of the interesting facts in this scenario is when squid machine goes down router detect this issue and stop redirecting packets toward it, so you can enjoy from zero-downtime in your network.

If you have any questions regarding to this article please leave a reply through below comment box.

Source

Streaming media becomes more and more popular in recent years. Many people like to access their audio and video media from different locations and devices. With Plex Media Server you can easily achieve exactly that (and more) on practically any platform.

There are two versions of Plex – free and paid one.

Plex Free Version

Let’s have a look at what you can do with Plex Media Server (free):

• Stream your audio and video content
• Includes web app to access your content
• Organize libraries
• News and podcasts
• Mobile app (with limited access)
• Voice control
• Available anywhere
• PlexApp for remote control
• 4K support
• Media optimization for buffer free streaming

Plex Paid Version

The paid version of Plex, called Plex Pass, adds the following features:

• Live TV and DVR
• Stream trailers and extras. Also add lyrics to your songs, from LyricFind
• Have geographic and scene-based tags on your photos
• Use mobile sync for offline use
• Camera upload for wireless syncing of photos
• Sync content to multiple Cloud providers
• Setup Plex Home to share content with your family and restrict what content can be accessed from your server
• Unlock mobile features
• Photo albums and Timeline view

It depends on you if you want to spend your hard earned money on the paid version of Plex, given the fact that the free version already provides lots of cool features.

Note that in order to use Plex, you will need to have an active account, that you can create here. The process is simple and straightforward so we will not stop to review the account creation.

Installing Plex Media Server in CentOS 7

Installing Plex is relatively easy task. Before we start, make sure your system is up to date by running:

$ sudo yum update

Next, head to Plex downloads page and download the package for your Linux distro. It is much easier to do this by simply coping the download link location with right click and then you can run:

$ sudo rpm -ivh https://downloads.plex.tv/plex-media-server/1.13.8.5395-10d48da0d/plexmediaserver-1.13.8.5395-10d48da0d.x86_64.rpm

Alternatively, you can download the package on your system with wget command as shown.

$ wget https://downloads.plex.tv/plex-media-server/1.13.8.5395-10d48da0d/plexmediaserver-1.13.8.5395-10d48da0d.x86_64.rpm

Use yum command to install the Plex server.

Now ensure that Plex is automatically started after system reboot and start the service.

$ sudo systemctl enable plexmediaserver.service
$ sudo systemctl start plexmediaserver.service

Configure Plex Media Server in CentOS 7

Plex comes with a pre-install web interface, through which you can manage your server. It can be accessed at:

http://[your-server-ip-address]:32400/web/

In my case this is:

http://192.168.20.110:32400/web/

You will be asked to login with your Plex account. When you authenticate, you will see a couple of windows regarding how Plex works and the second one providing you with list of paid options.

Lets head to the next one, where we can configure our server name. You can input whatever you like here:

Next you can organize your media library. Simply click the “Add library” button and navigate to your media.

Once you have configured your media library, you are all set and can complete the setup.

If you have skipped the media library setup, you can add more media later by clicking the plus “+” sign next to library in the left side menu. When configuring your media, it might come useful to check Plex’s naming convention here.

If you have setup Plex on a public server, it is recommended to disable DLNA as it will be accessible on port 1900. If you have setup Plex on a home server, you can leave it enabled so that media from your server is shared across devices in the same network.

To enable or disable DLNA click on “Settings” in the upper left corner and then scroll down to “DLNA”. From there you can check the box to enable or uncheck to disable DLNA:

Connect to Your Plex Server

Now that your media server is up and running, only thing left to do is:

• Download the appropriate client to connect to your server. This can be done from your phone, PC, Mac etc.
• Authenticate in the app with the same credentials you have used for your Plex server.
• Start enjoying your media.

Plex is an easy to use, feature rich media server to help you enjoy your media from almost every device and place.

Source