nixCraft » CentOS

nixCraft » CentOS http://www.cyberciti.biz/tips This is a Linux sys admin journal by Vivek about sys admin work, Linux tips & tricks, hacks, news and more. Wed, 24 Apr 2013 18:50:55 +0000 en-US hourly 1 http://wordpress.org/?v=3.5.1 Download CentOS 6.1 CD / DVD ISOhttp://www.cyberciti.biz/tips/centos-linux-6-1-download-cd-dvd-iso.html http://www.cyberciti.biz/tips/centos-linux-6-1-download-cd-dvd-iso.html#comments Mon, 12 Dec 2011 21:46:15 +0000 nixCraft http://www.cyberciti.biz/tips/?p=8314

CentOS Linux version 6.1 has been released and available for the download. It is a community-supported operating system based on Red Hat Enterprise Linux (RHEL) version 6.1. CentOS Linux is considered as the most popular Linux distribution for web servers and general purposes usage. ]]> http://www.cyberciti.biz/tips/centos-linux-6-1-download-cd-dvd-iso.html/feed 2 Download CentOS 6 CD / DVD ISOhttp://www.cyberciti.biz/tips/centos-linux-6-download-cd-dvd-iso.html http://www.cyberciti.biz/tips/centos-linux-6-download-cd-dvd-iso.html#comments Mon, 11 Jul 2011 13:43:38 +0000 nixCraft http://www.cyberciti.biz/tips/?p=7932

CentOS Linux version 6 has been released. It is a community-supported operating system based on Red Hat Enterprise Linux (RHEL) version 6. CentOS Linux is considered as the most popular Linux distribution for web servers with almost 30% of all Linux servers using it.

]]> http://www.cyberciti.biz/tips/centos-linux-6-download-cd-dvd-iso.html/feed 14 CentOS Linux Project In Troublehttp://www.cyberciti.biz/tips/centos-linux-project-in-trouble.html http://www.cyberciti.biz/tips/centos-linux-project-in-trouble.html#comments Thu, 30 Jul 2009 18:55:47 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5580

CentOS is a community-supported, freely-available operating system based on Red Hat Enterprise Linux. Lance Davis created CentOS and now he goes absent without leave. In an open letter from his fellow CentOS developers:

You have long promised a statement of CentOS project funds; to this date this has not appeared. You hold sole control of the centos.org domain with no deputy; this is not proper. You have, it seems, sole 'Founders' rights in the IRC channels with no deputy ; this is not proper.

]]> http://www.cyberciti.biz/tips/centos-linux-project-in-trouble.html/feed 48 BIND 9 Dynamic Update DoS Security Updatehttp://www.cyberciti.biz/tips/bind-dynamic-update-dos.html http://www.cyberciti.biz/tips/bind-dynamic-update-dos.html#comments Wed, 29 Jul 2009 15:47:12 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5570

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.]]> http://www.cyberciti.biz/tips/bind-dynamic-update-dos.html/feed 7 Top 20 OpenSSH Server Best Security Practiceshttp://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html#comments Fri, 24 Jul 2009 21:49:43 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5489

OpenSSH is the implementation of the SSH protocol. OpenSSH is recommended for remote login, making backups, remote file transfer via scp or sftp, and much more. SSH is perfect to keep confidentiality and integrity for data exchanged between two networks and systems. However, the main advantage is server authentication, through the use of public key cryptography. From time to time there are rumors about OpenSSH zero day exploit. Here are a few things you need to tweak in order to improve OpenSSH server security.]]> http://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html/feed 134 Vmware Linux Guest Add a New Hard Disk Without Rebooting Guesthttp://www.cyberciti.biz/tips/vmware-add-a-new-hard-disk-without-rebooting-guest.html http://www.cyberciti.biz/tips/vmware-add-a-new-hard-disk-without-rebooting-guest.html#comments Sat, 18 Jul 2009 06:55:53 +0000 nixCraft /sys/class/scsi_host/host#/scan]]> http://www.cyberciti.biz/tips/?p=5411

As a system admin, I need to use additional hard drives for to provide more storage space or to separate system data from user data. This procedure, adding physical block devices to virtualized guests, describes how to add a hard drive on the host to a virtualized guest using VMWare software running Linux as guest.

It is possible to add or remove a SCSI device explicitly, or to re-scan an entire SCSI bus without rebooting a running Linux VM guest. This how to is tested under Vmware Server and Vmware Workstation v6.0 (but should work with older version too). All instructions are tested on RHEL, Fedora, CentOS and Ubuntu Linux guest / hosts operating systems. ]]> http://www.cyberciti.biz/tips/vmware-add-a-new-hard-disk-without-rebooting-guest.html/feed 34 20 Linux System Monitoring Tools Every SysAdmin Should Knowhttp://www.cyberciti.biz/tips/top-linux-monitoring-tools.html http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html#comments Sat, 27 Jun 2009 02:26:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4934

Need to monitor Linux server performance? Try these built-in command and a few add-on tools. Most Linux distributions are equipped with tons of monitoring. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most basic commands when it comes to system analysis and debugging server issues such as:

Finding out bottlenecks.
Disk (storage) bottlenecks.
CPU and memory bottlenecks.
Network bottlenecks.

]]> http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html/feed 316 Lighttpd Traffic Shaping: Throttle Connections Per Single IP (Rate Limit)http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html#comments Sun, 21 Jun 2009 00:02:13 +0000 nixCraft http://www.cyberciti.biz/tips/?p=5148

If you do not control or throttle end users, your server may run out of resources. Spammers, abuser and badly written bots can eat up all your bandwidth. A webserver must keep an eye on connections and limit connections per second. This is serving 101. The default is no limit. Lighttpd can limit the throughput for each single connection (per IP) or for all connections. You also need to a use firewall to limit connections per second. In this article I will cover firewall and lighttpd web server settings to throttle end users. The firewall settings can be applied to other web servers such as Apache / Nginx and IIS server behind PF / netfilter based firewall.]]> http://www.cyberciti.biz/tips/lighttpd-set-throughput-connections-per-ip.html/feed 15 Linux Find Out If PCI Hardware Supported or Not In The Current Running Kernelhttp://www.cyberciti.biz/tips/linux-find-supported-pci-hardware-drivers.html http://www.cyberciti.biz/tips/linux-find-supported-pci-hardware-drivers.html#comments Wed, 03 Jun 2009 15:05:04 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4971

From my mailbag:

How do I find out if a given PCI hardware is supported of by the current CentOS / Debian / RHEL / Fedora Linux kernel?

You can easily find out find out if a given piece of PCI hardware such as RAID, network, sound, graphics card is supported or not by the current Linux kernel using the following utilities under any Linux distributions.]]> http://www.cyberciti.biz/tips/linux-find-supported-pci-hardware-drivers.html/feed 10 Linux x86_64: Detecting Hardware Errorshttp://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html http://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html#comments Tue, 02 Jun 2009 21:54:58 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4951

The Blue Screen of Death (BSoD) is used for the error screen displayed by Microsoft Windows, after encountering a critical system. Linux / UNIX like operating system may get a kernel panic. It is just like BSoD. The BSoD and a kernel panic generated using a Machine Check Exception (MCE). MCE is nothing but feature of AMD / Intel 64 bit systems which is used to detect an unrecoverable hardware problem.

Program such mcelog decodes machine check events (hardware errors) on x86-64 machines running a 64-bit Linux kernel. It should be run regularly as a cron job on any x86-64 Linux system. This is useful for predicting server hardware failure before actual server crash.]]> http://www.cyberciti.biz/tips/linux-server-predicting-hardware-failure.html/feed 7 Linux Kernel Security (SELinux vs AppArmor vs Grsecurity)http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html#comments Wed, 27 May 2009 22:29:17 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4903

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience. ]]> http://www.cyberciti.biz/tips/selinux-vs-apparmor-vs-grsecurity.html/feed 18 Lighttpd mod_rrdtool: Monitor The Load, Requests Per Seconds and Traffichttp://www.cyberciti.biz/tips/rhel-fedora-centos-debian-ubuntu-lighttpd-mod_rrdtool.html http://www.cyberciti.biz/tips/rhel-fedora-centos-debian-ubuntu-lighttpd-mod_rrdtool.html#comments Sat, 23 May 2009 09:53:22 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4878

The round-robin database tool aims to handle time-series data like network bandwidth, temperatures, CPU load etc. The data gets stored in round-robin database so that system storage footprint remains constant over time. Lighttpd comes with mod_rrdtool to monitor the server load and other details. This is useful for debugging and tuning lighttpd / fastcgi server performance. ]]> http://www.cyberciti.biz/tips/rhel-fedora-centos-debian-ubuntu-lighttpd-mod_rrdtool.html/feed 10 Red Hat / CentOS VSFTPD FTP Server Configurationhttp://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html#comments Thu, 21 May 2009 18:06:12 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4788

vsftpd (Very Secure FTP Daemon) is an FTP server for UNIX-like systems, including CentOS / RHEL / Fedora and other Linux distributions. It supports IPv6, SSL, locking users to their home directories and many other advanced features.

In this guide you will learn:

Setup vsftpd to Provide FTP Service.
Configure vsftpd.
Configure Firewalls to Protect the FTP Server.
Configure vsftpd with SSL/TLS.
Setup vsftpd as Download Only Anonymous Internet Server.
Setup vsftpd With Virtual Users and Much More.

Read CentOS / RHEL FTP Server Series:

]]> http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html/feed 42 Linux HugeTLBfs: Improve MySQL Database Application Performancehttp://www.cyberciti.biz/tips/linux-hugetlbfs-and-mysql-performance.html http://www.cyberciti.biz/tips/linux-hugetlbfs-and-mysql-performance.html#comments Wed, 20 May 2009 07:59:39 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4773

Applications that perform a lot of memory accesses (several GBs) may obtain performance improvements by using large pages due to reduced Translation Lookaside Buffer (TLB) misses. HugeTLBfs is memory management feature offered in Linux kernel, which is valuable for applications that use a large virtual address space. It is especially useful for database applications such as MySQL, Oracle and others. Other server software(s) that uses the prefork or similar (e.g. Apache web server) model will also benefit.

The CPU's Translation Lookaside Buffer (TLB) is a small cache used for storing virtual-to-physical mapping information. By using the TLB, a translation can be performed without referencing the in-memory page table entry that maps the virtual address. However, to keep translations as fast as possible, the TLB is usually small. It is not uncommon for large memory applications to exceed the mapping capacity of the TLB. Users can use the huge page support in Linux kernel by either using the mmap system call or standard SYSv shared memory system calls (shmget, shmat). ]]> http://www.cyberciti.biz/tips/linux-hugetlbfs-and-mysql-performance.html/feed 11 Lighttpd Install mod_geoip For Country / City Level Geo Targetinghttp://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html http://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html#comments Sun, 29 Mar 2009 04:35:28 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4567

Geolocation software is used to get the geographic location of visitor using IP address. You can determine country, organization and guess visitors location. This is useful for:

a] Fraud detection.

b] Geo marketing and ad serving.

c] Target content.

d] Spam fighting.

e] And much more.

mod_geoip is a Lighttpd module for fast ip/location lookups. In this tutorial you will learn about mod_geoip installation and php server side examples to determine visitors country. ]]> http://www.cyberciti.biz/tips/linux-lighttpd-install-mod_geoip-tutorial.html/feed 10 Linux Convert ext3 to ext4 File systemhttp://www.cyberciti.biz/tips/linux-convert-ext3-to-ext4-file-system.html http://www.cyberciti.biz/tips/linux-convert-ext3-to-ext4-file-system.html#comments Fri, 23 Jan 2009 15:45:57 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4348

Some time ago ext4 was released and available for Linux kernel. ext4 provides some additional benefits and perforce over ext3 file system. You can easily convert ext3 to ext4 file system. The next release of Fedora, 11, will default to the ext4 file system unless serious regressions are seen. In this quick tutorial you will learn about converting ext3 to ext4 file system.]]> http://www.cyberciti.biz/tips/linux-convert-ext3-to-ext4-file-system.html/feed 19 Vsftpd FTP Server With Virtual Users ( Berkeley DB + PAM )http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html#comments Wed, 21 Jan 2009 17:17:45 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4814

VSFTPD supports virtual users with PAM (pluggable authentication modules). A virtual user is a user login which does not exist as a real login on the system in /etc/passwd and /etc/shadow file. Virtual users can therefore be more secure than real users, because a compromised account can only use the FTP server but cannot login to system to use other services such as ssh or smtp.]]> http://www.cyberciti.biz/tips/centos-redhat-vsftpd-ftp-with-virtual-users.html/feed 48 Vsftpd Set Download Only Anonymous Internet Serverhttp://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html#comments Wed, 21 Jan 2009 14:34:11 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4804

This example shows how you might set up a large internet facing FTP site for distributing file or software updates. The emphasis will be on security and performance. VSFTPD will make sure only world-readable files and directories are served to the world via anonymous / ftp account. You force to originates FTP port connections from a secure port - so users on the FTP server cannot try and fake file content. You will hide the FTP server user IDs and just display ftp in directory listings. This is also a performance boost. Set a 40000-60000 port range for passive connections. This will help firewall setup.]]> http://www.cyberciti.biz/tips/rhel-centos-vsftpd-anonymous-internet-server.html/feed 1 Vsftpd SSL / TLS FTP Server Configurationhttp://www.cyberciti.biz/tips/configure-vsfptd-secure-connections-via-ssl-tls.html http://www.cyberciti.biz/tips/configure-vsfptd-secure-connections-via-ssl-tls.html#comments Wed, 21 Jan 2009 13:10:31 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4796

vsftpd FTP server supports secure connections via SSL / TLS, same encryption used with online banking and shopping. This applies to the control connection (including login) and also data connections. You will need a ftp client with SSL support too. ]]> http://www.cyberciti.biz/tips/configure-vsfptd-secure-connections-via-ssl-tls.html/feed 7 Important: Openssl Security Update [CVE-2008-5077]http://www.cyberciti.biz/tips/cve20085077-important-openssl-security-update.html http://www.cyberciti.biz/tips/cve20085077-important-openssl-security-update.html#comments Thu, 08 Jan 2009 21:58:45 +0000 nixCraft http://www.cyberciti.biz/tips/?p=4283

Linux / BSD and UNIX like operating systems includes software from the OpenSSL Project. The OpenSSL is commercial-grade, industry-strength, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as general purpose cryptography library.

The Google security team discovered a flaw in the way OpenSSL checked the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation.

This update has been rated as having important security impact on FreeBSD, all version of Ubuntu / Debian, Red Hat (RHEL), CentOS, Fedora and other open source operating system that depends upon OpenSSL.]]> http://www.cyberciti.biz/tips/cve20085077-important-openssl-security-update.html/feed 2