Enable SSH Root login in Linux

You need to edit /etc/ssh/sshd_config, and change PermitRootLogin to yes

PermitRootLogin yes

Also change StrictModes to no

StrictModes no

Then reload SSH:

service ssh reload
Posted in Linux | Leave a comment

Enable root access in Ubuntu

To enable the Ubuntu root account, first we need to set up password for the root user.

sudo passwd root

Then unlock the root account

sudo passwd -u root

Posted in Linux, Ubuntu | Leave a comment

Server Hardening Linux Applications

OS Harden
sysctl -w net.ipv4.ip_default_ttl=128 (changed it right then)

and add

net.ipv4.ip_default_ttl = 128 to /etc/sysctl.conf (so it applys at reboot)

______________________________________________________

APACHE AND PHP

ServerSignature Off
ServerTokens Prod

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

Hide Apache Information

To hide the information, add the following two apache directives in Apache configuration file /etc/apache2/apache2.conf

ServerTokens ProductOnly

ServerSignature Off

Now you need to restart your web server using the following command

#/etc/init.d/apache2 restart

Now the output for apache header looks like below

Server: Apache

Hide PHP Version Details

If you want to hide the PHP version you need to edit the /etc/php4/apache/php.ini(For php4 users) file and /etc/php5/apache/php.ini (For php5 users)

Change the following option

expose_php On

to

expose_php Off

Now you need to restart your web server using the following command

#/etc/init.d/apache2 restart

After making this change PHP will no longer add it’s signature to the web server header.

If you are running php from cli against a php file, the output is a html file (as seen by a browser). In some distributions (like Debian) the php-cli is controlled by a different php.ini file (/etc/php[4,5]/cli/php.ini).

______________________________________________________

SQUID

disable cache admin email address
change visible_hostname BlahBlahBlah!!!
change unique_hostname BlahBlahBlah!!!
To disable version info on error pages and http header
httpd_suppress_version_string on

icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all

forwarded_for off
___________________________
Webmin and Usermin

change the default ports 10000 and 20000

Change the value of server entry both in webmin and usermin miniserv.conf
/etc/webmin/miniserv.conf
/etc/usermin/miniserv.conf

server=HIDDENSERVER/999.999
realm=Hidden Server
port=1000
listen=1000

restart

service webmin restart
service usermin restart

Posted in Linux | Leave a comment

Yum and Apt-Get Command Examples

Ubuntu Update/Upgrade
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade

Redhat / CentOS / Fedora
yum clean all
yum update
yum list updates
yum update

To install soft
sudo apt-get install lxde

List all installed packages, enter:

# rpm -qa
# yum list installed

Find out if httpd package installed or not, enter:

# rpm -qa | grep httpd*
# yum list installed httpd

To check for and update httpd package, enter:

# yum update httpd

Remove package called httpd, enter:

# yum remove {package-name-1} {package-name-2}
# yum remove httpd

# yum grouplist
Install all ‘Development Tools’ group packages, enter:

# yum groupinstall “Development Tools”
# yum groupupdate “Development Tools”
# yum groupremove “Development Tools”
$ sudo yum group install “Development Tools”

Task: Display what package provides the file

You can easily find out what RPM package provides the file. For example find out what provides the /etc/passwd file:

# yum whatprovides /etc/passwd

To install GNOME desktop group, enter:

yum groups install “GNOME Desktop”
yum groupinstall “GNOME Desktop”
yum groups install “Server with GUI”
yum groupinstall “Server with GUI”

yum downgrade package1
yum downgrade package1 package2

## get list ##
yum history

## Okay undo/downgrade it ##
yum history undo {NUMBER-HERE}

yum history
yum history list
yum history info

Posted in Fedora, Linux, Redhat, Ubuntu | Leave a comment

Linux Single User Mode Reset Root Password

To do this reboot the Server as soon as you get the boot screen press ‘e’ (stands for edit) from keyboard. After you press ‘e’ from keyboard you would see a lot of text which may be clipped as per the size of your screen. Search for the text “rhgb quiet” and replace it with “init=/bin/bash” without quotes.
Once done editing press ‘ctrl+x’ and it will start booting with specified parameter. And you will get bash prompt. Now check the status of root partition by running following command on the single user mode.

# mount | grep root

You may notice that root partition is reported to be ‘ro’ (Read Only). We need to have read-write permission on root partition to change the root password.

# mount -o remount,rw /

Also cross check, if the root partition is mounted with read-write permission mode.

# mount | grep root

Now you can change the root password by typing the passwd command. But that is not done. We need to relabel SELinux context.  If we skip relabeling the whole SELinux context we would be able to login using using password.

# passwd root
# touch /.autorelabel

Reboot and login again to root account and see if everything works ok or not?
# exec /sbin/init

Or

To enter into single user mode; Go to second last line (Starts with linux 16 or linuxefi) using up and down arrow then  modify the ro argument.
Modify it to “rw init=/sysroot/bin/sh”. Once done, press “Ctrl+x”

# chroot your system
# chroot /sysroot

reset the root password.
# passwd

Update SELinux information.
# touch /.autorelabel

Exit chroot
# exit

Reboot your system.
# reboot

Login with new password.

Posted in Fedora, Linux, Redhat | Leave a comment

Ubuntu Firewall Command Line Examples

How do I see the current status of my firewall?
sudo ufw status verbose

How do I open tcp port # 22?
To allow incoming tcp packets on port 22, enter:
sudo ufw allow 22/tcp

Verify it:
sudo ufw status verbose

How do I open tcp port # 80 and 443?
The service specific syntax is as follows to open http and https service ports:

sudo ufw allow http
sudo ufw allow https

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

How do I open tcp and udp port # 53?
To allow incoming tcp and udp packet on port 53, enter:
sudo ufw allow 53

Verify it:
sudo ufw status verbose

To allow IP address 192.168.1.10 access to port 22 for all protocols
sudo ufw allow from 192.168.1.10 to any port 22

To allows subnet 192.168.1.0/24 to Samba services, enter:
ufw allow from 192.168.1.0/24 to any app Samba

You can find service info as follows:
sudo ufw app list

To get information on Squid profile/app, run:
ufw app info Squid

Posted in Linux, Ubuntu | Leave a comment

Linux Find and Copy Command Examples

find files less 46 bytes and delete
/usr/bin/find /share/team/ -maxdepth 5 -type f -size -46 -print | xargs rm -f

Recursively remove all empty directories
find . -type d -empty -delete

/usr/bin/find /share/teamleads/ -type d -empty -delete
/usr/bin/find /home/ -type d -empty -delete

find files more than 3 weeks old and delete
/usr/bin/find /share/teamleads/ -maxdepth 4 -type f -mtime +21 -print | xargs rm -f
recursively copy folders with timestamps
cp -vr –preserve=timestamps  2015-11-03 Archive/2015

 Get yesterday date
date –date=”yesterday” ‘+%Y-%m-%d’

yestdate=`date –date=”yesterday” ‘+%Y-%m-%d’`;
cp -vr –preserve=timestamps  $yestdate Archive/2015

yes | cp -vr –preserve=timestamps  $yestdate Archive/2015

cp -vr –preserve=timestamps  /home/marskarthik/$yestdate /home/Archive
cp -vr –preserve=timestamps  /home/2015-11-15 /home/Archive

Posted in Linux | Leave a comment

Zimbra distribution list how to add, remove, get list

How to get list of distribution list in zimbra email server

zmprov gadl

How to get distribution list attributes

zmprov gdl dlname@knowledgelinux.com

How to add distribution list in zimbra email server

zmprov cdl newdlist@marskarthik.com

How to remove distribution list from zimbra email server

zmprov rdl mydllist@marskarthik.com

How to add a member into a distribution list

zmprov adlm mydllist@marskarthik.com myname@marskarthik.com

How to remove a member from distribution list

zmprov rdlm mydllist@marskarthik.com myname@marskarthik.com

How to get only members addresses of a distribution list

zmprov gdl mydllist@marskarthik.com

Posted in Zimbra | Leave a comment

Setting Up NTP (Network Time Protocol) Server in RHEL/CentOS 7

Step 1: Install ntp server package

#yum install ntp -y

Step 2: Get official NTP servers located near to your location. I am using Asia servers for this setup

server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org

Step 3: Open /etc/ntp.conf file

Add the servers replacing existing lines

server 0.asia.pool.ntp.org iburst
server 1.asia.pool.ntp.org iburst
server 2.asia.pool.ntp.org iburst
server 3.asia.pool.ntp.org iburst

Step 4: Allow your network for NTP sync in /etc/ntp.conf

restrict 192.168.0.0 mask 255.255.0.0 nomodify notrap

Step 5: Add log file entry in /etc/ntp.conf for troubleshooting purposes

logfile /var/log/ntp.log

Step 6: Save the file

Step 7: Add firewall rules for NTP service

# firewall-cmd –permanent –add-service=ntp
# firewall-cmd –reload

Step 8: Enable and Start NTP Service

# systemctl start ntpd
# systemctl enable ntpd
# systemctl status ntpd

[root@mail ~]# systemctl status ntpd
â ntpd.service – Network Time Service
Loaded: loaded (/usr/lib/systemd/system/ntpd.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2016-08-22 21:35:11 PHT; 1h 2min ago
Process: 11184 ExecStart=/usr/sbin/ntpd -u ntp:ntp $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 11185 (ntpd)
CGroup: /system.slice/ntpd.service
ââ11185 /usr/sbin/ntpd -u ntp:ntp -g

Aug 22 21:35:11 mail.marskarthik.com systemd[1]: Starting Network Time Service…
Aug 22 21:35:11 mail.marskarthik.com systemd[1]: Started Network Time Service.
Aug 22 21:35:11 mail.marskarthik.com ntpd[11185]: proto: precision = 0.062 usec
Aug 22 21:35:11 mail.marskarthik.com ntpd[11185]: 0.0.0.0 c01d 0d kern kernel time syn…ed
Hint: Some lines were ellipsized, use -l to show in full.

Step 9: Run the following commands to verify NTP peers synchronization status and your system time

# ntpq -p
# date -R

[root@mail ~]# ntpq -p
remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
-mail.funix.net  128.199.84.169   3 u   77  128  377  218.562   96.769   5.066
*103-18-128-60.i 140.112.2.189    2 u   95  128  377   50.891   43.689   4.470
+send.mx.cdnetwo 204.123.2.5      2 u   98  128  357  126.984   52.270  10.885
+x.ns.gin.ntt.ne 249.224.99.213   2 u   90  128  377   57.621   38.352   4.129
[root@mail ~]# date -R
Mon, 22 Aug 2016 22:41:38 +0800
[root@mail ~]#

Step 10: Use this server ip address as your NTP server for your internal network devices/computers.

Posted in CentOS, Linux, RHEL | Leave a comment

A2Billing Installation and configurations in CentOS 5/6/7

A2Billing is free and open source software for Asterisk, providing telecoms customer management including admin, agent, customer and online signup pages, with flexible inline rating and billing of calls and services in real-time.

Pre-requisties:

php54w php54w-bcmath php54w-cli php54w-common php54w-devel php54w-embedded php54w-fpm php54w-gd php54w-intl php54w-ldap php54w-mbstring php54w-mcrypt php54w-mysql php54w-pecl-apc php54w-snmp php54w-soap php54w-xml php54w-xmlrpc

Before start the installation, change the apache user to asterisk user in httpd configurations

vi /etc/httpd/conf/httpd.conf
replace “user apache” and “Group apache”
with “User asterisk” and Group asterisk”

Step1:

First of all download the stable release of a2billing by executing the following command in my case it’s 2.2.0

# cd /usr/src

# wget https://github.com/Star2Billing/a2billing/archive/master.tar.gz –no-check-certificate
Unzip it.

# tar -xzf master.tar.gz

# mv a2billing-master a2billing

# cd a2billing

Copy the configurations file to /etc/

# cp /usr/src/a2billing/a2billing.conf /etc/a2billing.conf

Create and Import default a2billing database
#mysql -u root -p

> create database a2billing;

> use a2billing;

> GRANT ALL PRIVILEGES ON *.* TO ‘a2billing’@’localhost’ IDENTIFIED BY ‘a2billing’ WITH GRANT OPTION;

> GRANT ALL PRIVILEGES ON a2billing.* TO a2billing@localhost IDENTIFIED BY ‘a2billing’;

> FLUSH PRIVILEGES

> exit

# cd /usr/src/a2billing/DataBase/mysql-5.x

# ./install-db.sh

Copy the AGI file

# ln -s /usr/src/a2billing/AGI/a2billing.php /var/lib/asterisk/agi-bin/

Change the ownership permission for the asterisk files

# chown asterisk:asterisk /var/lib/asterisk/agi-bin/a2billing.php

# chmod +x /var/lib/asterisk/agi-bin/a2billing.php

# chown -R asterisk:asterisk /var/lib/asterisk/

Create an asterisk manager user for accessing the cli from a2billing

# vi /etc/asterisk/manager.conf
[myasterisk]
secret = mycode
deny=0.0.0.0/0.0.0.0
permit=127.0.0.1/255.255.255.0
read = system,call,log,verbose,command,agent,user
write = system,call,log,verbose,command,agent,user

Create web directories

# mkdir /var/www/html/a2billing
# ln -s /usr/src/a2billing/common /var/www/html/a2billing/common
# ln -s /usr/src/a2billing/admin /var/www/html/a2billing/admin
# ln -s /usr/src/a2billing/agent /var/www/html/a2billing/agent
# ln -s /usr/src/a2billing/customer /var/www/html/a2billing/customer

# chown -R asterisk:asterisk /var/www/html/a2billing/
# chown -R asterisk:asterisk /var/www/html/a2billing/common
# chown -R asterisk:asterisk /var/www/html/a2billing/admin
# chown -R asterisk:asterisk /var/www/html/a2billing/customer
# chown -R asterisk:asterisk /var/www/html/a2billing/agent

Add files into crontab
# Automatically added for A2Billing
0 * * * * php /usr/src/a2billing/Cronjobs/a2billing_alarm.php
0 12 * * * php /usr/src/a2billing/Cronjobs/a2billing_archive_data_cront.php
0 10 21 * * php /usr/src/a2billing/Cronjobs/a2billing_autorefill.php
#Batch process at 00:20 each day
20 0 * * * php /usr/src/a2billing/Cronjobs/a2billing_batch_process.php
#Bill DID usage at 00:00 each day
0 0 * * * php /usr/src/a2billing/Cronjobs/a2billing_bill_diduse.php
#Remind users of low balance every day at 06:00
0 6 * * * php /usr/src/a2billing/Cronjobs/a2billing_check_account.php
#Generate Invoices at 7am everyday
0 7 * * * php /usr/src/a2billing/Cronjobs/a2billing_invoice2_cront.php
0 7 * * * php /usr/src/a2billing/Cronjobs/a2billing_invoice_cront.php
#Check if balance below preset value, and email user if so.
1 * * * * php /usr/src/a2billing/Cronjobs/a2billing_notify_account.php
#Charge subscriptions at 06:05 on the 1st of each month
0 6 1 * * php /usr/src/a2billing/Cronjobs/a2billing_subscription_fee.php
#Update currencies at 01:00 each day
0 1 * * * php /usr/src/a2billing/Cronjobs/currencies_update_yahoo.php

Create log files
# touch /var/log/asterisk/a2billing-daemon-callback.log
# touch /var/log/a2billing/a2billing-daemon-callback.log
# touch /var/log/a2billing/cront_a2b_alarm.log
# touch /var/log/a2billing/cront_a2b_autorefill.log
# touch /var/log/a2billing/cront_a2b_batch_process.log
# touch /var/log/a2billing/cront_a2b_bill_diduse.log
# touch /var/log/a2billing/cront_a2b_subscription_fee.log
# touch /var/log/a2billing/cront_a2b_currency_update.log
# touch /var/log/a2billing/cront_a2b_invoice.log
# touch /var/log/a2billing/cront_a2b_check_account.log
# touch /var/log/a2billing/a2billing_paypal.log
# touch /var/log/a2billing/a2billing_epayment.log
# touch /var/log/a2billing/api_ecommerce_request.log
# touch /var/log/a2billing/api_callback_request.log
# touch /var/log/a2billing/a2billing_agi.log

Update the following fields of /etc/a2billing.conf

[database]
hostname = localhost
port = 3306
user = a2billing
password = a2billing
dbname = a2billing
; dbtype setting can either be mysql or postgres
dbtype = mysql

Restart the mysql service

# service mysqld stop
# service mysqld start

 

Give all permissions to a2billing folder

# chmod -R 777 /usr/src/a2billing/

Add the following lines in extensions.conf

[a2billing]
exten => _X.,1,NoOp(A2Billing Start)
exten => _X.,n,DeadAgi(a2billing.php,1,predictivedialer)
exten => _X.,n,Hangup

Now you open the browser and point to http://your-server-ip-address/a2billing/admin default username/password is root/changepassword.

Steps to setup the a2billing

1) Create Call Plan
2) Create Rate Card
3) Create Rates
4) Now again click on CallPlan and add the RateCard, you just created.
5) Add the Trunk and you can put the trunk name of the FreePBX or you give the IP address of the service provider directly.
6) Now Generate Customers, but before that, you should go to system settings Modify the following settings in Global list
Change value to “Yes” for use_dnid
Change value to “No” for use_realtime
Change value to “1_8” for asterisk_version

7) After creating the customer click on VoIP-settings you will see some red panels on the top of the browser so for generating the additional_a2billing_sip.conf and additional_a2billing_iax.conf click on these panels and reload asterisk, it will add the user in that file. Now you should include these files into sip.conf
#include additional_a2billing_sip.conf

Posted in Asterisk, Telephony | Leave a comment