Skip to Content

category

Category: Linux Tutorial

post

CentOS – Check Startup Services

To see which services are started up on boot, run the following:

chkconfig --list
systemctl list-unit-files
post

OpenVPN Listen on Port 443 (HTTPS)

The default port and protocol for OpenVPN is UDP/1194.
Some server admins may block port 1194 so to get around this we can set OpenVPN to listen on port 443 instead. Port 443 is the default for HTTPS traffic so there is little chance it will be blocked.

To install OpenVPN on CentOS I recommend using this guide: https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7

If you are running a web server, the chances are nginx/apache is already listening on port 443 and we can’t have more than one application binding to the same port. Once solution is to get nginx/apache to listen for HTTPS traffic on another port (e.g 22443) and get OpenVPN to listen on port 443 (forwarding all traffic to the port 22443).

First change the listen port for your web server (apache):

sudo vi /etc/httpd/conf/httpd.conf

Modify mod_ssl (you can choose any un-used port number):

</IfModule mod_ssl.c>
Listen 22443
</IfModule>

Check if port 443 is used in other config files and replace accordingly:

sudo grep '443' -r /etc/httpd/*

Modify OpenVPN server.conf:

sudo vi /etc/openvpn/server.conf

Change protocol to tcp, port 1194 to 443 and add a port-share for 22443 (your new web server port for HTTPS)

proto tcp
port 443
port-share 127.0.0.1 10443

You will also have to change your ovpn config file to use the new settings:

client
dev tun
proto tcp
remote your_server_ip 443
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca /path/to/ca.crt
cert /path/to/client.crt
key /path/to/client.key

Finally restart your web server and OpenVPN services:

sudo systemctl restart openvpn@server.service
sudo systemctl restart httpd
post

How to Un-ban an IP Blocked by Fail2Ban

When an IP is banned by Fail2Ban and you want to un-ban that IP, the command you need to run is:

sudo fail2ban-client set <jailname> unbanip ipaddress

You can get the jailname by running:

sudo fail2ban-client status

If you want to find what IPs are banned by Fail2Ban, you can check the IPTABLES by running:

sudo iptables -L -n

An example output would be:

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  188.29.164.197       0.0.0.0/0            reject-with icmp-p  ort-unreachable(1 references

To unban IP 188.29.164.197 from the sshd jail, the command would be:

sudo fail2ban-client set sshd unbanip 188.29.164.197
post

Manually Updating Roundcube Webmail on cPanel Installation

cd <where-you-want-tarball-saved>
wget <download-latest-version-here-http://roundcube.net/download/>
tar xf roundcubemail-*.tar.gz
cd <the-unpacked-roundcube-directory>
bin/installto.sh /usr/local/cpanel/base/3rdparty/roundcube/config 
post

MySQL 5 Commands

shell> sudo /Library/StartupItems/MySQLCOM/MySQLCOM start
(Enter your password, if necessary)
(Press Control-D or enter "exit" to exit the shell)

You might want to add aliases to your shell’s resource file to make it easier to access commonly used programs such as mysql and mysqladmin from the command line. The syntax for bash is:

alias mysql=/usr/local/mysql/bin/mysql
alias mysqladmin=/usr/local/mysql/bin/mysqladmin
post

Backup Script

** UNTESTED **

#!/bin/sh

# Remove previous backups to conserve on disk space
rm -f /backups/*

# Apt package list backup
dpkg --get-selections > /backups/dpkg_list_`date +%Y-%m-%d`.txt

# SQL dump
mysqldump -u root -pMYPASSWORD --all-databases > /tmp/mysqlbak
gzip /tmp/mysqlbak
mv /tmp/mysqlbak.gz /backups/dbbackup_`date +%Y-%m-%d`.sql.gz

# Filesystem backup
tar cfj /backups/fsbackup_`date +%Y-%m-%d`.tar.bz2 /etc /var /home
post

vnStat and vnstat PHP Frontend Installation – CentOS

Yum installation

yum install vnstat

Edit configuration

vim /etc/sysconfig/vnstat

I only have one interface (eth0), you may have more (eth1 etc…)

# see also: vnstat(1)
#
# starting with vnstat-1.6 vnstat can also be
# configured via /etc/vnstat.conf
#
# the following sets vnstat up to monitor eth0
VNSTAT_OPTIONS="-u -i eth0"

Edit configuration

vim /etc/vnstat.conf

Set your default interface

# default interface
Interface "eth0"

Setup your database

vnstat -u -i eth0

Start vnStat service

chkconfig vnstat on

Other commands for vnStat

service vnstat start
service vnstat stop
service vnstat restart
service vnstat status

Check if installation has been successful

vnstat
vnstat -i eth0

Run –help for more commands

vnstat --help

Now install php front end.
Install these if not already installed

yum install httpd php php-gd

Go to the directory you want to install the frontend. i.e. www.domain.com/vnstat/

# make directory
mkdir /home/domain/public_html/vnstat
# change to directory
cd /home/domain/public_html/vnstat
# download frontend files
wget http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz
# untar file
tar xvf vnstat_php_frontend-1.5.1.tar.gz
# delete tar file
rm -f vnstat_php_frontend-1.5.1.tar.gz

Configure vnStat php frontend

vim /home/domain/public_html/vnstat/config.php

Look for the following Strings and edit them

$language = 'en';
$iface_list = array('eth0');
$iface_title['eth0'] = 'Internal';

Check if frontend has been installed correctly
www.domain.com/vnstat/

If you get the following error:

This page contains the following errors:

error on line 10 at column 10: error parsing attribute name
Below is a rendering of the page up to the first error.

Edit your config.php file

vim /home/domain/public_html/vnstat/config.php

Look for

// graphics format to use: svg or png
$graph_format='svg';

Replace svg with png

// graphics format to use: svg or png
$graph_format='png';
post

CSF Firewall Blocking VPN Internet Access

My CSF firewall seemed to be blocking internet access using my VPN. I could connect to it but could not use the internet connection. Here is a solution to the problem:

Create File

vim /etc/csf/csfpre.sh 

Insert This

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT 
iptables -A INPUT -i eth0 -p gre -j ACCEPT 
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT 
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT 

Save File and Give Executable Permissions

chmod +x /etc/csf/csfpre.sh 

Create File

vi /etc/csf/csfpost.sh 

Input Text down

service pptpd stop 
service pptpd start 

Save File and Give Executable Permissions

chmod +x /etc/csf/csfpost.sh 

Restart CSF

csf -r