≡ Menu

centos linux

Delete all root mail / inbox from a shell prompt

Q. I've CentOS Linux acting as router for our small community based college. I see logwatch and other cron job generating emails for root account. How do I delete those emails? I don't want to disable email facility but just wanted to get rid of all root emails.

A. The easilst way is to empty root / users email message file i.e. /var/spool/mail/root or /var/spool/mail/username. Simply type the following command at shell:
> /var/spool/mail/root

How to: Allow telnet and ssh through iptables under Linux

Q. I run both RHEL / CentOS Linux server and by default firewall blocked out everything including telnet / ssh access. How do I allow telnet - port 23 and ssh port 22 thought Linux iptables firewall ?

A.By default firewall rules stored at /etc/sysconfig/iptables location / file under CentOS / RHEL. All you have to do is modify this file to add rules to open port 22 or 23.

Login as the root user.

Open /etc/sysconfig/iptables file, enter:
# vi /etc/sysconfig/iptables
Find line that read as follows:
To open port 22 (ssh), enter (before COMMIT line):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

To open port 23 (telnet), enter (before COMMIT line):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23 -j ACCEPT

Save and close the file. Restart the firewall:
# /etc/init.d/iptables restart

Squid Proxy Server Mac Address based filtering

Q. I'm using squid proxy server under CentOS Linux version 5. How to filter a particular MAC address under squid?

A. Not all operating system supports Mac address based filtering. For some operating systems. Squid calls these "ARP ACLs" and they are supported on Linux, Solaris, and BSD variants.

How do I set up ACL's based on MAC address?

Open squid.conf:
# vi /etc/squid/squid.conf
Local acl, section and append ACL as follows:
acl macf1 arp mac-address
acl macf2 arp 00:11:22:33:44:55
http_access allow macf1
http_access allow macf2
http_access deny all

Save and close the file. Restart squid server:
# /etc/init.d/squid restart

Linux Download and Install Marvell SATA driver for Sun X4500 Sever

Q. I'm using CentOS Linux on the Sun X4500 Sever. How do I install Marvell SATA driver on this system?

A. The driver for this controller is located on Sun's own web site. All you have to do is download and install the same. It offers the latest firmware and software supporting Sun Fire X4500 server. This release includes support for Solaris 10 11/06, RedHat 4 U4 64bit, and Windows Server 2003 operating systems. Also included is support for the following modules:

* BIOS version 18
* ILOM version 1.1.1 (Service Processor firmware)
* Marvell SATA disk driver
* Disk Control and Monitor Utility (DCMU)
* Hard Drive Monitor Utility (HD Utility)

=> Download Marvell SATA

How to: Find Out Whether a UNIX / Linux Process Is Running or Not

Q. I'd like to find out if httpd / mysqld or sshd process is running or not under CentOS Linux server. How do I determine whether a process is running or not?

A. You need to use following commands:

[a] ps - It report a snapshot of the current processes

[b] grep - Filter out process names

Find out if sshd is Process is Running or Not

Type the following command at shell prompt:
$ ps -ewwo pid,args | grep [s]sh

5341 /usr/sbin/sshd
 5864 /usr/bin/ssh-agent x-session-manager
 6289 ssh oldbox
 7126 ssh admin@core.r1.vsnl.router


  • ps : Command name
  • -ewwo pid,args : -e option force to select all running processes. -o option is used to specify user-defined format. In our case we are forcing to display only program pid and its arguments. Finally -w option specifies wide output. Use this option twice for unlimited width.
  • grep [s]sh : We are just filtering out sshd string

Linux / UNIX: Clear bash history

Q. I'm using CentOS Linux server and how do I clear bash history in UNIX / Linux / BSD operating systems?

A. Type the following command to clear your bash history:


Another option is link ~/.bash_history to /dev/null:
ln -sf /dev/null ~/.bash_history

How to: Turning off SFTP server under Linux / UNIX cpanel server

Q. I've CentOS Linux cpanel server. I'd like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

Block ip address of spammers with iptables under Linux

Q. How do I block ip address of spammers with iptables based firewall under CentOS Linux 5?

A. You can simply block IP address of spammers by editing /etc/sysconfig/iptables file under:

a) CentOS Linux
b) Fedora Linux
c) RHEL 4.x/5.x etc

Open file /etc/sysconfig/iptables:
# vi /etc/sysconfig/iptables
Append ip address of spammers as follows:
-A RH-Firewall-1-INPUT -s SPAMMER-IP -j DROP

Save and close the file. Just restart the firewall:
# /etc/init.d/iptables restart

You can also create a small shell script to block lots of IP address at a time.

Hide the Apache Web Server Version number with ServerSignature and ServerTokens directives

Q. How do I hide the Apache version number under CentOS Linux 5 server?

A. You can easily hide Apche (httpd) version number and other information. There are two config directives that controls Apache version. The ServerSignature directive adds a line containing the Apache HTTP Server server version and the ServerName to any server-generated documents, such as error messages sent back to clients. ServerSignature is set to on by default. The ServerTokens directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules. By setting this to Prod you only displays back Apache as server name and no version number displayed back.

Open your httpd.conf file using text editor such as vi:
vi httpd.conf

Append/modify config directive as follows:
ServerSignature Off
ServerTokens Prod

Save and close the file. Restart Apache web server:
# /etc/init.d/httpd restart

Disable SELinux for only Apache / httpd in Linux

Q. How do I disable SELinux protection for only Apache web server in Linux? I'm using CentOS Linux server.
[click to continue…]