How to Install & Configure Vsftpd on RHEL/CentOS/Ubuntu/Fedora with Chroot users   May 13th, 2012

How to Install and Configure Vsftpd Ftp Server on RHEL 6/ CentOS 6.2/ Ubuntu 11.10/ Fedora /Debian. VSftpd (Very Secure FTP Daemon) is an FTP server for Linux distributions. Vsftpd is the default FTP server is the Fedora, RHEL, CentOS, Ubuntu, NimbleX Linux distributions. It is not just secure as the name suggests but also delivers excellent performance by consuming less memory.

In this tutorial, i will show how to install and configure Vsftpd service by adding ftp users and locking the directory to individual users on Red Hat Enterprise Linux 6 (RHEL 6), Ubuntu, CentOS and Fedora.
Default ftp port : 21
Default configuration file : /etc/vsftpd.conf

Basic Vsftpd commands on RHEL/CentOS/Fedora

1. Install the Vsftpd service.

[root@rhel6 ~]# yum install vsftpd

2. Start Vsftpd Service :

[root@rhel6 ~]# service vsftpd start Read the rest of this entry »

Tags: , , , , , , , , , , , , ,
Posted in CentOS, debian, fedora, feebsd, linux, Networking, ubuntu | No Comments »

how to Setup of VSFTPD with virtual users   October 17th, 2011

If you are hosting several web sites, for security reason, you may want the webmasters to access their own files only. One of the good way is to give them FTP access by setup of VSFTPD virtual users and directories. This article describes how you can do that easily.
(See also: Setup of VSFTPD virtual users – another approach)

1. Installation of VSFTPD

For Red Hat, CentOS and Fedora, you may install VSFTPD by the command

# yum install vsftpd

For Debian and Ubuntu,

# apt-get install vsftpd

2. Virtual users and authentication

We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db’ format – a common database format. We need `db_load’ program. For CentOS, Fedora, you may install the package `db4-utils’:

# yum install db4-utils

For Ubuntu,

# apt-get install db4.2-util

To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:

mary
123456
jack
654321

Then execute the following command to create the actual database:

# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:

auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users Read the rest of this entry »

Tags: , , , , , , , ,
Posted in CentOS, debian, fedora, feebsd, linux, Networking, ubuntu | No Comments »

How To Install and Configure Squid as Transparent Proxy Server under Linux and FreeBSD   March 29th, 2011

Squid is a proxy server and web cache daemon. It has a wide variety of uses: caching web, filtering traffic, caching DNS and other computer network lookups for a group of people sharing network resources.

Squid is primarily designed to run on Unix-like systems but it also runs on Windows-based systems. In this tutorial I’ll show you how to install and configure squid proxy server to run under Linux and FreeBSD.

A proxy server software is based on the TCP/IP protocol. It monitors a special port such as 3128 or 8080. A computer who runs a proxy server software is called a proxy server. If other computer want to connect to Internet through the proxy server, it should know the proxy server’s IP address and proxy port.

1. Squid Installation

Squid source code is available from squid-cache.org.Installation instructions are available in the ReadMe file in the source tar file. There is also binary packages for CentOS, Fedora, Red Hat Enterprise Linux, Ubuntu, Debian, FreeBSD and NetBSD.

To install Squid under CentOS/Fedora/RHEL, enter:

yum install squid

To install Squid under Debian/Ubuntu, enter: Read the rest of this entry »

Tags: , , , , , , , , , ,
Posted in CentOS, debian, fedora, feebsd, linux, Networking, ubuntu | 2 Comments »

How To Configure Dynamic DNS (Fedora Core 4 Setup)   July 1st, 2009

In this howto we will learn how to build a Dynamic DNS Server. Normally when we configure DNS, we use static entries to resolve any FQDN. If we are using DHCP in our network which gives dynamic IPs to every computer that turns on or requests one, then it is not possible to configure DNS statically. For that we should configure our DNS with DHCP in a manner that whenever a computer gets a new IP, its FQDN will be automatically updated with the new IP in DNS.

1 Installation of Packages

Fedora Core 4 contains a DNS (Bind) and DHCP (dhcp) packages in its CDs. You can install it from the Fedora Core 4 CDs or download it from the internet using following command.

yum –y install bind bind-chroot bind-utils bind-libs caching-nameserver dhcp
where

bind —– DNS Server Package
bind-chroot —– DNS runs in chroot (jail) environment.
bind-libs —– Libraries needed in using bind, bind-utils
bind-utils —– Contains utilities like nslookup, host, dig etc.
caching-nameserver —– give caching capabilities to store records in cache.
dhcp —– Dynamic Host Configuration Protocol Package.

2 Configuring BIND (DNS)

You need to tell BIND that it is okay to allow other applications to update it. I added the following to my BIND configuration, everything else was left as stock Fedora Core 4. Here is my local zone details, suitably modified. Here I let BIND know which domains it can update; in my case I only have one domain to deal with. I am also loading the shared secret key at this stage. My DHCP server and DNS server are on the same box, so here I am only allowing localhost to perform the update. The file rndckey is a file containing a shared secret, so that BIND knows that it is an approved application sending instructions.

vi /etc/named.conf


controls {
inet 127.0.0.1 allow {localhost; } keys { "rndckey"; };
};
// Add local zone definitions here.
zone "example.com" {
type master;
file "example.com.zone";
allow-update { key "rndckey"; };
notify yes;
};
zone "0.168.192.in-addr.arpa" {
type master;
file "0.168.192.in-addr.arpa.zone";
allow-update { key "rndckey"; };
notify yes;
};
include "/etc/bind/rndc.key";

The secret key is created at the installation time. No need to do anything here but….
Note: If your DHCP and DNS servers are on separate machines you need to copy the file between them. Both machines should use the same file i.e. /etc/rndc.key.

2.1 Zone Files

Set up your zone databases as normal. You do not need to do anything fancy. Because our DHCP server will update zone files as the new IP allocated to our workstation.

vi /var/named/chroot/var/named/example.com.zone


$TTL 86400
@       IN      SOA     @ root (
50 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; retire (1 week)
86400 ; ttl (1 day)
)
IN      NS      server
server     IN      A       192.168.0.1

vi /var/named/chroot/var/named/0.168.192.in-addr.arpa.zone

$TTL 86400
@       IN      SOA     @ root (
50 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; retire (1 week)
86400 ; ttl (1 day)
)
IN      NS      server
1      IN   PTR    server.example.com.

Now make shortcuts of these files in the /var/named directory with the same name.

cd /var/named
ln –s /var/named/chroot/var/named/example.com.zone example.com.zone
ln –s /var/named/chroot/var/named/0.168.192.in-addr.arpa.zone 0.168.192.in-addr.arpa.zone

3 Configuring DHCP Server
By default the DHCP server shipped in Fedora Core 4 does not do dynamic DNS update. You simply need to enable it. Below are the options I selected for my system. My dhcp configuration is as follows:

vi /etc/dhcpd.conf


authoritative;
include "/etc/rndc.key";
# Server configuration:

server-identifier    server;
ddns-domainname         "example.com.";
ddns-rev-domainname     "in-addr.arpa.";
ddns-update-style       interim;
ddns-updates            on;
ignore                  client-updates;

# This is the communication zone
zone example.com. {
primary 127.0.0.1;
key rndckey;
}
default-lease-time      21600;  # 6 hours
max-lease-time          43200;  # 12 hours

# Client configuration:
option domain-name      "example.com.";
option ip-forwarding    off;
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers                  192.168.0.1;  # default gateway
option subnet-mask              255.255.255.0;
option broadcast-address        192.168.0.255;
option domain-name-servers      192.168.0.1;
zone  0.168.192.in-addr.arpa. {
primary 192.168.0.2;
key rndckey;
}
zone localdomain. {
primary 192.168.0.2;
key rndckey;
}
}

Now execute the following change permission commands to enable named user to write the zone files whenever an name with IP updating is required.

chmod 770 /var/named/chroot/var/named
chmod 770 /var/named

Now start the services of dns and dhcp with the following command:

service named start
service dhcp start

Go to your client computers and enable them to take an IP from a DHCP server. With the following command check if your client computer name is updated in DNS. It will resolve your name with the newly allocated IP.

nslookup yourcomputername.example.com

Good Luck with your newly created Dynamic DNS Server.

Thanks to – Sohail Riaz (sohail [at] gmail [dot] com )

source  http://fastcreators.com/article/2007/01/16/

how-to-configure-dynamic-dns-fedora-core-4-setup/

Tags: ,
Posted in debian, fedora, Networking, ubuntu | No Comments »

How-To: Monitor your servers with SNMP and Cacti   July 1st, 2009

SNMP (Simple Network Management Protocol) is a protocol for managing networks. Each managed entity in the network will run an snmp server (snmpd) which is going to collect datas from the server such as networking, load, cpu …

Cacti on the other hand is a frontend to the RRDTool with SNMP support. It collects and keep data in a MySQL database and display them through a PHP web frontend.

This tutorial will show how to configure the network manager to use Cacti and how to set up snmp on the managed host.

In this how-to, we are going to run the SNMP server and cacti on the same host and bind the service to localhost. This way, SNMP service won’t be accessible from the outside. This is a good configuration when all you want to do is monitoring your home network router for instance.
If you intend to deploy this on a network, just keep in mind that SNMP server as to accept connection from the manager network wise (The remote IP need to be able to connect to the server) and within SNMPD configuration (The service as to return collected datas to the manager).

In the first part of this article, we are going to install and configure the SNMP server.
A second part will present how to install and configure Cacti on the manager.
Finally, we are going to configure Cacti to collect and display CPU, Load, Memory and Network statistic of the SNMP server.

This article was made using Debian Etch and Ubuntu Feisty but should also work out of the box for previous version of those distributions.

1. SNMPD

SNMPD is the service running SNMP on a managed entity. SNMP comes in 3 versions. Version 1, the one we are going to use here is not secured, therefore we are going to make sure that only localhost is going to be able to access it.
People opening the service to the outside should make sure that trusted hosts can access the service either though the use of iptables or through the use of /etc/hosts.allow.

1.1. Installing the SNMP server

The only package which is required on the server site is snmpd, the SNMP daemon.

To install it type:

$ sudo apt-get install snmpd

snmpd is now installed but we still have to tweak it a little bit to make it work as we want.

1.2. Configuring SNMPD

The first thing we want to make sure is that snmpd is only going to wait for connections on localhost. To do this, edit file /etc/default/snmpd and make sure those values are set:

SNMPDRUN=yes
SNMPDOPTS=’-Lsd -Lf /dev/null -u snmp -I -smux -p /var/run/snmpd.pid 127.0.0.1′

If you want your server to listen on all interfaces, remove the 127.0.0.1 bit.

This setting will make sure that the service will be started and that the service is going to bind to localhost.

Finally, we are going to configure snmpd in such a way that it will only return datas to trusted host for a specific community.

Edit /etc/snmp/snmpd.conf and make sure that com2sec it only set to:

com2sec readonly localhost mycommunity

If you want a remote machine to be able to gather information for the community mycommunity, make sure you replace localhost by mynetwork, where mynetwork can be of the form: 1.1.1.1 or 1.1.0.0/16.

1.3. Checking SNMP configuration:

We are going to use the snmpwalk utility to verify that the server is working as wanted.

Here we want snmp to reply only to localhost for the community mycommunity.

From localhost

$ snmpwalk -Os -c mycommunity -v 1 localhost system

Should return a lot of output and:

snmpwalk -Os -c public -v 1 localhost system
Timeout: No Response from localhost

If the second command returns result, it might be because you did not comment the line starting with com2sec.

Now that we have our snmp server up and running, we are going to install cacti to manage the snmp server in our network.

2. Installing Cacti

Cacti displays system statistics through a PHP/MySQL web interface.

To gather informations, it runs a script which is going to poll the servers you registered in cacti: /usr/share/cacti/site/poller.php.

So, let’s get started an install cacti.

2.1. Installing Cacti packages and dependencies

# apt-get install mysql-server apache2 libapache2-mod-php5 php5-mysql php5-cli php5-snmp
# apt-get install cacti

Note: because I am using php5, I had to install all the required php5-xx packages before I installed cacti. If you don’t install those first, cacti will fall back to apache2 with php4.

While installing cacti, you are going to be asked a few question, answer as follow:

configuring libphp-adodb
-> press ok
configuring cacti
configure database for cacti with dbconfig-common
-> press yes
password of your database’s administrative user
-> mysql root password (empty by default, fill accordingly)
mysql application password for cacti
-> give the password you would like cacti to connect to mysql with
webserver type
-> Apache2

Now, cacti is installed, let’s configure it:

2.2. Configuring Cacti

Now, cacti is installed as well as its database. We still need through a few configuration screens before we can start adding servers to monitor.

Let’s go to http://your-manager-server.ip/cacti/

  • Click next to the first screen
  • Select new install and check that the found informations are correct
  • Check that everything is [FOUND]
  • Click Finish

Finally, you should be landing on the login page. Log in with username: admin and password: admin. The next screen will force you to change your password.

On the first login, the default account is admin with password admin

Voila, our manager is up and running, the last step is to create new Devices (adding new hosts to our manager).

3. Adding new devices to cacti

A device can be anything which is SNMP enabled. It could be a router, a switch….

In our example, we are going to add the server we configured in the first part of this tutorial. The server is on localhost, but it could be anywhere on a network, as long as our manager host is allowed to connect to its SNMP port.

3.1. Creating a new device

To create a new device, first make sure you are in the “Console”, if not, click on the “Console” tab on the top left and click on Create devices for network.
This will bring you to a new page where you are going to give details about the SNMP host.

Fill up the form and make sure you have the following value properly set:

  • Hostname to localhost or whichever url/address your SNMP server can be found at
  • Host Template to ucd/net SNMP Host
  • SNMP Community to mycommunity or whatever your community is called
  • SNMP Version to Version 1
  • SNMP Port default is 161 which should be fine for 99% settings. Change accordingly to your SNMP server settings

Then Click create and you should get to a page where you get something similar to:

MySNMPServer (snmp.server.ip)
SNMP Information
System: Linux hostname kernel-version #2 SMP Sun Apr 15 07:36:31 UTC 2007 i686
Uptime: 980871 (0 days, 2 hours, 43 minutes)
Hostname: hostname
Location: Unknown (configure /etc/snmp/snmpd.local.conf)
Contact: Root root@localhost (configure /etc/snmp/snmpd.local.conf)

and not like:

SNMP Information
SNMP error

If you get the latest output, this means that the connection between the manager and the SNMP host could not be established, either firewalled or refused by the host. Use snmpwalk -Os -c mycommunity -v 1 snmp.server.ip system to troubleshoot.

3.2. Creating a new Graph for a device

OK, sweet, we have enabled our first host to be monitored by cacti. Now, let’s add a few graphs.

Click the “Create Graphs for this Host” and check the boxes you want to monitor (CPU Usage, Load Average, Memory Usage).

Under “Data Query [SNMP - Interface Statistics]“, check the interfaces you want to monitor and finaly in “Select a graph type” choose the kind of stats you want. I chose “In/Out Bytes with Total Bandwidth”.

Validate, and that’s it, you will start monitoring some componenets of your device.
Now, lets organize our graph tree.

3.3. Creating a Graph Tree

Cacti graphs are organied in a tree. Each host could be a branch of that tree. We are now going to create a branch for our device.

Create a graph tree by going to the left menu and click on “Graph Tree” and “add” on the right side of the new page.

Enter a name to describe your device and click create.

Add a “Tree Item” and select:

Parent Item [root]
Tree Item Type Host
Host yourhost
Graph Grouping Style Graph Template

And create!

Here we are!!! Now click on the “Graph” tab and select your host from the tree.

Voila! Mind that you will need some times before you can see datas.

4. Conclusion

Once you have been able to set up a first host to work with cacti, it is fairly easy to add other host from your network. Simply cnfigure the snmp server in such a way that the machine hosting cacti will be able to contact them.

In this tutorial, the security was preserved by binding the service to localhost and changing the default community name from public to mycommunity. If you start deploying SNMP over the network, I would recommend that you only accept traffic to port 161 (default SNMP port) to trusted host. Iptbables will become of great help.

Thanks to Author, orignal link http://www.debuntu.org/how-to-monitor-your-servers-with-snmp-and-cacti

Tags: , , , ,
Posted in CentOS, debian, fedora, linux, Networking, ubuntu | No Comments »
« Older Entries