Monday, June 25, 2018

Compile Apache latest version 2.4.33 on Centos 7 from source code

Installing Apache on windows is an easy task like it has come with the .exe package and you just need to install it as per the instructions. But in other hands when you are going to compile it on Linux system that time you first need to understand the requirements of system and Apache web server before start installing it on Linux.
Before starting to compile Apache, we need to install some default dependencies which is required to compile apache.
The first dependency is gcc and gcc-c++, run the below yum install command to install this dependecy.
$ yum install gcc gcc-c++
Install wget package [if not present on your system] which is used to download the latest Apache and other packages on the server.
$ yum install wget
Now, download the below packages with the help of wget command in /opt/ directory [you can choose any directory as per your requirement].
cd /opt/
wget https://archive.apache.org/dist/httpd/httpd-2.4.33.tar.gz
wget https://www.openssl.org/source/openssl-1.0.2o.tar.gz
wget https://www.redrockdigimark.com/apachemirror/apr/apr-1.6.3.tar.gz
wget https://www.redrockdigimark.com/apachemirror/apr/apr-util-1.6.1.tar.gz
wget http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-8.41.tar.gz
Now extract downloaded packages one by one and install it as per the instructions are given below, 

DEPENDENCY PACKAGES :

$ tar -xvf apr-1.6.3.tar.gz

cd apr-1.6.3
./configure --prefix=/data/Apache/apr
make
make install

$ tar -xvf apr-util-1.6.1.tar.gz

cd apr-util-1.6.1/
./configure --prefix=/data/Apache/apr-util --with-apr=/data/Apache/apr
make
make install

$ tar -zxvf openssl-1.0.2o.tar.gz

cd openssl-1.0.2o/
echo "Current directory `pwd`"
./Configure
./conig -fPIC --prefix=/data/Apache/ssl
make
make install

$ tar -xvf pcre-8.41.tar.gz

cd pcre-8.41
./configure –prefix=/data/Apache/pcre 
make
make install

COMPILE APACHE :

Now we are going to compile apache with all the above installed packages,
$ tar -xvf httpd-2.4.33.tar.gz

cd httpd-2.4.33
./configure --prefix=/data/Apache --with-apr=/data/Apache/apr --with-apr-util=/data/Apache/apr-util --with-ssl=/data/Apache/ssl --enable-mods-shared=all --enable-deflate --enable-ssl --enable-so
make
make install

CHECK OPESSL VERSION :

cd /DATA/Apache2433/modules
strings mod_ssl.so | egrep ‘^mod_ssl\/|^OpenSSL ‘
Start the Apache service using below command,
cd /usr/local/Apache2433/bin
./httpd -k start

CHECK COMPILE APACHE VERSION

./httpd -v
Server version: Apache/2.4.33 (Unix)
Server built: Jun 14 2018 12:15:36

BROWSE URL

Browse : http://local-server-ip/
compile apache

Monday, June 30, 2014

Setup NFS Server in CentOS / RHEL / Scientific Linux 6.3/6.4/6.5

In this tutorial let us see how to install and configure NFS server and how to share files between NFS server and clients. Though i have tested these steps in CentOS 6.5 32 bit edition, it will work on RHEL/Scientific Linux 6.x too.

Scenario

NFS Server Operating System : CentOS 6.5 32 bit (Minimal server install)
NFS Client Operating System  : CentOS 6.5 32 bit (Minimal Desktop install)
NFS Server IP Address              : 192.168.1.200/24
NFS Client IP Address               : 192.168.1.29/24

1. Install NFS in Server

[root@server ~]# yum install nfs* -y

2. Start NFS service

[root@server ~]# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
[root@server ~]# chkconfig nfs on

3. Install NFS in Client

[root@vpn client]# yum install nfs* -y

4. Start NFS service in client

[root@vpn client]# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
[root@vpn client]# chkconfig nfs on

5. Create shared directories in server

Let us create a shared directory called ‘/home/ostechnix’ in server and let the client users to read and write files in the ‘home/ostechnix’ directory.
[root@server ~]# mkdir /home/ostechnix
[root@server ~]# chmod 755 /home/ostechnix/

6. Export shared directory on server

Open /etc/exports file and add the entry as shown below
[root@server ~]# vi /etc/exports
/home/ostechnix 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)
where,
 /home/ostechnix  - shared directory
192.168.1.0/24      - IP address range of clients to access the shared folder
rw                          – Make the shared folder to be writable
sync                       - Synchronize shared directory whenever create new files/folders
no_root_squash   – Enable root privilege  (Users can read, write and delete the files in the shared directory)
no_all_squash     - Enable user’s authority
Now restart the NFS service.
[root@server ~]# /etc/init.d/nfs restart
Shutting down NFS daemon:                                  [  OK  ]
Shutting down NFS mountd:                                  [  OK  ]
Shutting down NFS services:                                [  OK  ]
Starting NFS services:                                     [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]       -

7. Mount shared directories in client

Create a mount point to mount the shared directories of server.
To do that create a directory called ‘/nfs/shared’ (You can create your own mount point)
[root@vpn client]# mkdir -p /nfs/shared
Now mount the shared directories from server as shown below
[root@vpn client]# mount -t nfs 192.168.1.200:/home/ostechnix/ /nfs/shared/
This will take a while and shows a connection timed out error for me. Well, don’t panic, firwall might be restricting  the clients to mount shares from server. Simply stop the iptables to rectify the problem or you can allow the NFS service ports through iptables.
To do that open the /etc/sysconfig/nfs file and uncomment the lines which are marked in bold.
[root@server ~]# vi /etc/sysconfig/nfs
#
# Define which protocol versions mountd 
# will advertise. The values are "no" or "yes"
# with yes being the default
#MOUNTD_NFS_V2="no"
#MOUNTD_NFS_V3="no"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
RQUOTAD_PORT=875
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
#
# Optional arguments passed to in-kernel lockd
#LOCKDARG=
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8. 
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
#NFSD_MODULE="noload"
# Set V4 grace period in seconds
#NFSD_V4_GRACE=90
#
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=2020
# Specify callout program 
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts. 
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS=""
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS=""
#
# To enable RDMA support on the server by setting this to
# the port the server should listen on
#RDMA_PORT=20049
Now restart the NFS service
[root@server ~]# /etc/init.d/nfs restart
Shutting down NFS daemon:                                  [  OK  ]
Shutting down NFS mountd:                                  [  OK  ]
Shutting down NFS services:                                [  OK  ]
Starting NFS services:                                     [  OK  ]
Starting NFS mountd:                                       [  OK  ]
Stopping RPC idmapd:                                       [  OK  ]
Starting RPC idmapd:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Add the lines shown in bold in  ‘/etc/sysconfig/iptables’ file.
[root@server ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
-A INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 32769 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 32803 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 892 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 875 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 662 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 662 -j ACCEPT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
Now restart the iptables service
[root@server ~]# service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
Again mount the share from client
[root@vpn client]# mount -t nfs 192.168.1.200:/home/ostechnix/ /nfs/shared/
Finally the NFS share is mounted without any connection timed out error.
To verify whether the shared directory is mounted, enter the mount command in client system.
[root@vpn client]# mount
/dev/mapper/vg_vpn-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
192.168.1.200:/home/ostechnix/ on /nfs/shared type nfs (rw,vers=4,addr=192.168.1.200,clientaddr=192.168.1.29)

8. Testing NFS

Now create some files or folders in the ‘/nfs/shared’ directory which we mounted in the previous step.
[root@vpn shared]# mkdir test
[root@vpn shared]# touch file1 file2 file3
Now go to the server and change to the ‘/home/ostechnix’ directory.
[root@server ~]# cd /home/ostechnix/
[root@server ostechnix]# ls
file1  file2  file3  test
[root@server ostechnix]#
Now the files and directories are listed which are created from the client. Also you can share the files from server to client and vice versa.

9. Automount the Shares

If you want to mount the shares automatically instead mounting them manually at every reboot, add the following lines shown in bold in the ‘/etc/fstab’ file of client system.
[root@vpn client]# vi /etc/fstab 
#
# /etc/fstab
# Created by anaconda on Wed Feb 27 15:35:14 2013
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/vg_vpn-lv_root /                       ext4    defaults        1 1
UUID=59411b1a-d116-4e52-9382-51ff6e252cfb /boot                   ext4    defaults        1 2
/dev/mapper/vg_vpn-lv_swap swap                    swap    defaults        0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
192.168.1.200:/home/ostechnix/nfs/sharednfsrw,sync,hard,intr0 0

10. Verify the Shares

Reboot your client system and verify whether the share is mounted automatically or not.
[root@vpn client]# mount
/dev/mapper/vg_vpn-lv_root on / type ext4 (rw)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw,rootcontext="system_u:object_r:tmpfs_t:s0")
/dev/sda1 on /boot type ext4 (rw)
none on /proc/sys/fs/binfmt_misc type binfmt_misc (rw)
sunrpc on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
192.168.1.200:/home/ostechnix on /nfs/shared type nfs (rw,sync,hard,intr,vers=4,addr=192.168.1.200,clientaddr=192.168.1.29)
nfsd on /proc/fs/nfsd type nfsd (rw)

Monday, March 24, 2014

Upgrade to CentOS 6.5 from CentOS 6.4/6.3/6.2/6.1/6.0


1)  yum clean all

2) yum update glibc* yum* rpm* python* 3) yum update
4) init 6
5) cat /etc/redhat-release

Tuesday, March 11, 2014

How To Disconnect Non-Mapped UNC Path “Drives” in Windows

Have you ever browsed over to another PC on your network using “network neighborhood”, and then connected to one of the file shares? Without a drive letter, how do you disconnect yourself once you’ve done so?
Really confused as to what I’m talking about? Let’s walk through the process. First, imagine that you browse through and connect to a share, entering your username and password to gain access.
image

The problem is that you stay connected, and there’s no visible way to disconnect yourself. If you try and shut down the other PC, you’ll receive a message that users are still connected. So let’s disconnect!
Open up a command prompt, and then type in the following:
net use


This will give you a list of the connected drives, including the ones that aren’t actually mapped to a drive letter. To disconnect one of the connections, you can use the following command:
net use /delete \\server\sharename
For example, in this instance we’d disconnect like so:
net use /delete \\192.168.1.205\root$


Now when you run the “net use” command again, you’ll see that you’ve been properly disconnected.


If you wanted to actually connect to a share without mapping a drive letter, you can do the following:
net use /user:Username \\server\sharename Password 

Monday, September 30, 2013

Enabling Desktop Alerts in Outlook when using IMAP

Microsoft Outlook does not support desktop alerts as standard when using the IMAP protocol for email.  To enable desktop alerts a rule needs to be set in Outlook.  Please follow the instructions below to enable in Outlook.
Outlook 2003
  1. Start Outlook
  2. Go to Tools -> Rules and Alerts
  3. Select New Rule
  4. Select Start from a blank rule
  5. Select Check Messages when they arrive
  6. Click Next
  7. Click Next
  8. Select Yes to apply the rule to every message
  9. Select the checkbox for "display a Desktop Alert"
  10. Select Finish
  11. Select OK
Outlook 2007
  1. Start Outlook
  2. Go to Tools -> Rules and Alerts
  3. Select New Rule
  4. Select Check Messages when they arrive
  5. Click Next
  6. Click Next
  7. Select Yes to apply the rule to every message
  8. Select the checkbox for "display a Desktop Alert"
  9. Select Finish
  10. Select OK

Friday, August 30, 2013

Samba Restrict File Sharing To Particular Users or Network Addresses

hosts allow: Samba Configuration
Open your smb.conf file and add the following line to [share]
[share]
  hosts allow = 192.168.2. 127.0.0.1
valid users: Samba Configuration
Open your smb.conf file and add the following line to [share]
[share]
  valid users = user1 user2 @group1 @group2
read only & write only: Samba Configuration
You can also set read and write access to set of users with the read list and write list directives.
[share]
     read only = yes
     write list = user1 user2 @group1 @group2
Examples
Make [sales] share read only but allow user tom and jerry to write it:
[sales]
     comment = All Printers
     path = /nas/fs/sales
     read only = yes
     write list = tom jerry
You can also configure iptables to allow access to the Samba server

Thursday, August 15, 2013

Lightsquid : Monitoring SQUID users


Install LightSquid to generate Squid Log Report.

In Redhat 6.4

[1]Install LightSquid
[root@prox ~]# 
yum --enablerepo=epel -y install lightsquid lightsquid-apache 
  
# install from EPEL
[root@prox ~]# 
vi /etc/httpd/conf.d/lightsquid.conf
<Directory /usr/share/lightsquid/cgi>
     DirectoryIndex index.cgi
     Options ExecCGI
     AddHandler cgi-script .cgi
     AllowOverride None
     
# IP address you permit

     Order Deny,Allow
     Deny from all
     Allow from 127.0.0.1 10.0.0.0/24
</Directory>
[root@prox ~]# 
/etc/rc.d/init.d/httpd restart 

Stopping httpd: [ OK ]
Starting httpd: [ OK ]
# generate log report

[root@prox ~]# 
/usr/sbin/lightparser.pl
# log report is generated every day by cron
[2]Access to "http://(server's hostname or IP address)/lightsquid/" with web browser


IN Redaht 5

1. Download the lightsquid from “http://lightsquid.sourceforge.net/”
2. Install apache and start it
3. Copy the lightsquid folder to any web location like ” /var/www/html/”
4. Add an entry like as below in httpd.conf
#vi /etc/httpd/conf/httpd.conf   
 <Directory "/var/www/html/lightsquid">
   AddHandler cgi-script .cgi
   AllowOverride All
   deny from all
   allow from <my ip>
   </Directory>
Configuring lightsquid
A. Switch to lightsquid directory and check necessary perl libraries are present.
[root@rc-009 lightsquid]# perl check-setup.pl
LightSquid Config Checker, (c) 2005-9 Sergey Erokhin GNU GPL
LogPath   : /var/log/squid
reportpath: /var/www/html/lightsquid/report
Lang      : /var/www/html/lightsquid/lang/eng
Template  : /var/www/html/lightsquid/tpl/base
Ip2Name   : /var/www/html/lightsquid/ip2name/ip2name.simple
all check passed, now try ac
cess to cgi part in browser
[root@rc-009 lightsquid]#
Pls note you may need to install perl “CGI” and “GD” library. GD is an optional to enable graph support. Sometime you may get error as follows,
Can’t locate CGI.pm in @INC (@INC contains: /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl
Solution is
[root@rc-009 lightsquid]# perl -MCPAN -e shell
Terminal does not support AddHistory.
cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')
cpan> install CGI
cpan> install GD
B. Set the scheduler to parse the squid log file.
a. Open the “lighsquid.cfg ” file and verify the squid log path is correctly set. You may also change the certain values as you wish like to get best graph size change the value to “$graphmaxall=3.50*(1024*1024*1024);” etc.
  $logpath             ="/var/log/squid";
b. Set the cronjob as follows
#crontab -l
        */50 * * * * /usr/bin/perl /var/www/html/lightsquid/lightparser.pl >/dev/null 2>&<code>
<strong>C. Customize the User-IP mapping file</strong>
      You need to  add all the users entry inside the "realname.cfg" file 
       Eg: < IP>    <User name >
      <code>[root@rc-009 lightsquid]# grep "Liju"  realname.cfg
      192.168.0.14    Liju
You may also create groups by editing group.cfg. Add the entry like this
#cat  group.cfg
           Liju      01 SysAdmin
           Arun    01   SysAdmin
           Jacob  02    Support 
           Tom   02         Support
That’s it. Try to run the parser to get first report.
/usr/bin/perl /var/www/html/lightsquid/lightparser.pl
Now it’s your turn to keep eye on user’s activity. Access the lightsquid over the ip ie http://squidserver ip/lightsquid

Thanks