Need to quickly add the Pingdom IP’s to your CSF.allow file?
wget --quiet -O- https://my.pingdom.com/probes/feed | \ grep "pingdom:ip" | \ sed -e 's|||' >> /etc/csf/csf.allow sleep 5 csf -r
Ever wanted your own Teamspeak 3 Server? I’ve built a script that will install a secure copy of Teamspeak 3 (64 bit) on CentOS 6.4.
Simply run the following set of commands on your CentOS 6.4 server to install a secure Teamspeak 3 voice server:
# Secure Iptables iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT # Teamspeak iptables -I INPUT -p udp --dport 9987 -j ACCEPT iptables -I INPUT -p udp --sport 9987 -j ACCEPT iptables -I INPUT -p tcp --dport 30033 -j ACCEPT iptables -I INPUT -p tcp --sport 30033 -j ACCEPT iptables -I INPUT -p tcp --dport 10011 -j ACCEPT iptables -I INPUT -p tcp --sport 10011 -j ACCEPT # HTTP(s) iptables -I INPUT -p tcp --dport 80 -j ACCEPT iptables -I INPUT -p tcp --sport 80 -j ACCEPT iptables -I INPUT -p tcp --dport 443 -j ACCEPT iptables -I INPUT -p tcp --sport 443 -j ACCEPT # SSH iptables -I INPUT -p tcp --dport 22 -j ACCEPT iptables -I INPUT -p tcp --sport 22 -j ACCEPT # DNS iptables -I INPUT -p udp --dport 53 -j ACCEPT iptables -I INPUT -p udp --sport 53 -j ACCEPT service iptables save && service iptables restart # Update system yum -y update # Add Teamspeak user useradd teamspeak # Download, unzip and cleanup Teamspeak cd /home/teamspeak wget http://ftp.4players.de/pub/hosted/ts3/releases/3.0.7.1/teamspeak3-server_linux-amd64-3.0.7.1.tar.gz tar xvfz teamspeak3-server_linux-amd64-3.0.7.1.tar.gz mv teamspeak3-server_linux-amd64/* `pwd` rm -rf teamspeak3-server_linux-amd64 && rm -rf teamspeak3-server_linux-amd64-3.0.7.1.tar.gz # Add chkconfig support to startup file and link to binary sed -i 's/# All rights reserved/# All rights reserved\n# chkconfig: 2345 99 00/g' ts3server_startscript.sh ln -s /home/teamspeak/ts3server_startscript.sh /etc/init.d/teamspeak # Change permissions of Teamspeak chown -R teamspeak:teamspeak /home/teamspeak chown -R teamspeak:teamspeak /etc/init.d/teamspeak # Remount shared memory - http://support.teamspeakusa.com/index.php?/Knowledgebase/Article/View/51 mount -t tmpfs tmpfs /dev/shm # Change to Teamspeak user and run server su teamspeak service teamspeak start echo "Your Teamspeak URL is: `curl ipv4.icanhazip.com`"
Notes:
Today, I downloaded Fedora 18 “Spherical Cow” and noticed that it would not boot when using VMware Fusion on Mac OSX.
It seems this issue resolves itself when disabling ’3D Acceleration’ in your VMware Guest Settings.
This issue is documented in the VMware KB, and only affects Gnome-based setups.
Once this has been done, you can now reboot your Fedora Guest VM and continue the installation process.
Yum is a powerful repository management tool available in all Red Hat / CentOS / Fedora distributions. It allows you to install common packages immediately, removing the need to manually compile from source.
Searching available packages in Yum is easy, simply issue the following to search all packages named ‘nmap’:
yum list nmap
Additionally, you can search for only installed packages by adjusting the command to:
yum list installed nmap
If you wanted to, you can also use a wildcard to broaden your search:
yum list installed nmap*
You can also list installed groups with Yum via the following command:
yum grouplist
To be more specific, you can issue:
yum grouplist Development*
Searching was easy, so is installing. Here’s an example of using Yum to install nmap:
yum install nmap
Need to remove an installed package using Apt-Get? Issue the following command to remove nmap using Yum:
yum remove nmap
Finding yourself needing to Ctrl + Alt + F1 or similar in the VMware vSphere Console?
It’s easy to do, simply hold down Ctrl, then press space, then release the spacebar while still holding Ctrl, then press the F1 (or similar) key, e.g:
Ctrl + Space + Release Space (continue to hold CTRL) + F1
Following the announcement that Red Hat will be discontinuing official support of Xen in EL6 in favour of KVM, I thought it’d be a good time to release a detailed how-to on installing the Xen Hypervisor on CentOS 6.x.
This article will guide you through the successful installation of the latest Xen on CentOS 6.x.
First things first, update your CentOS install via the following command:
yum -y update
SElinux can really interfere with Xen, so we’ll disable SElinux by performing the following:
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
To achieve network sharing and segmentation between your Xen instances, we need to install bridge-utils for CentOS 6.x.
This step can be skipped unless you have a minimal install of CentOS 6.x:
yum -y install bridge-utils
Next, we can configure the network bridge. To get started, copy the contents of your current active interface (typically eth0 / eth1 or wlan1 / wlan2) to another file called ifcfg-br0:
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br0
Now, modify the contents of our new file (ifcfg-br0) to resemble the following configuration:
The important settings here are ‘Device’, and ‘Type’.
/etc/sysconfig/network-scripts/ifcfg-br0:
DEVICE="br0" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Bridge" BOOTPROTO="none" IPADDR="192.168.0.50" # Inherited from your current active interface. PREFIX="24" GATEWAY="192.168.0.1" # Inherited from your current active interface. DNS1="8.8.8.8" DNS2="8.8.4.4" DEFROUTE="yes" NAME="Bridge Network br0"
Next, we will make a few adjustments to the previous interface to ensure the new network bridge configuration is used here-out.
The most important setting here is ‘Bridge’.
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE="eth0" NM_CONTROLLED="yes" ONBOOT=yes TYPE="Ethernet" #BOOTPROTO=none #IPADDR=192.168.0.100 #PREFIX=24 #GATEWAY=192.168.0.1 #DNS1=8.8.8.8 #DNS2=8.8.4.4 #DEFROUTE=yes NAME="Ethernet Network eth0" BRIDGE="br0"
To ensure that your new network bridge will take effect, simply restart your network interface:
service network restart
To check if your new network bridge is being utilised, run the following command:
ifconfig br0
If you see br0 show up, you’re good to go.
To get started, install Xen and lib-virt on your CentOS 6.3 box:
cd /etc/yum.repos.d/ wget http://drewsymo.com/files/xen-centos6.repo yum groupinstall -y "Development Tools" yum install -y transfig texi2html libaio-devel dev86 glibc-devel e2fsprogs-devel gitk mkinitrd iasl xz-devel bzip2-devel pciutils-libs pciutils-devel SDL-devel libX11-devel gtk2-devel PyXML qemu-img mercurial texinfo libidn-devel yajl yajl-devel ocaml ocaml-findlib ocaml-findlib-devel python-devel uuid-devel libuuid-devel openssl-devel libcgroup gnutls-utils radvd ebtables cyrus-sasl-md5 augeas nfs-utils libnetcf python-lxml nc lzop libnl-devel xhtml1-dtds libudev-devel libpciaccess-devel libpcap-devel avahi-devel parted-devel device-mapper-devel numactl-devel netcf-devel bridge-utils iscsi-initiator-utils qemu-kvm numad virt-install yum --disablerepo "*" --enablerepo "xen-stable" -y install xen* kernel-xen libvirt*
To boot into the Xen kernel, you will need to update a few lines in your GRUB menu configuration.
As an added convenience, by installing the Xen package via Yum earlier, your GRUB menu has already been preloaded with the new Xen kernel, however, a few adjustments will need to be made in order to ensure successful boot of Xen.
At the moment, you will see something like this in your GRUB configuration.
/boot/grub/menu.lst:
title CentOS (3.4.36-6.el6.centos.alt.x86_64) root (hd0,0) kernel /vmlinuz-3.4.36-6.el6.centos.alt.x86_64 ro root=UUID=7f49f046-616b-445d-8744-78761ad09dd8 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet initrd /initramfs-3.4.36-6.el6.centos.alt.x86_64.img
You will need to modify these lines to resemble the following configuration.
/boot/grub/menu.lst:
title CentOS (3.4.36-6.el6.centos.alt.x86_64) root (hd0,0) kernel /xen.gz dom0_mem=1024M cpufreq=xen dom0_max_vcpus=1 dom0_vcpus_pin module /vmlinuz-3.4.36-6.el6.centos.alt.x86_64 ro root=UUID=7f49f046-616b-445d-8744-78761ad09dd8 rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet module /initramfs-3.4.36-6.el6.centos.alt.x86_64.img
You will notice that we have added a new line for the Xen kernel, and prepended the existing lines with module.
Now this is starting to get a little exciting. Reboot your CentOS box to boot into your new Xen Kernel:
reboot
Assuming everything has gone to plan, you will now be in your new Xen Kernel. If you’re getting errors, it might be a good idea to adjust dom0_mem - or – dom0_max_vcpus to a different value. Alternatively, enable Kernel Debugging or check /var/dmesg for errors.
To verify that you’re in the new Xen Kernel, run the following command:
uname -r && xl info
This should output the name of your kernel, the list of VM’s currently running and information about your new Xen hypervisor:
3.7.10-1.el6xen.x86_64 Name ID Mem VCPUs State Time(s) Domain-0 0 1024 1 r----- 64.7
To get started, we’ll create a 20GB LVM where our VM’s will be stored. In this example, we’ll be creating the LVM and Volume Group (vg0/debian6) on an existing physical volume (dev/sdb). To ascertain which physical volume to use, simply use the fdisk -l command.
pvcreate -ff /dev/sdb vgcreate vg0 /dev/sdb lvcreate -L 20G -n debian6 vg0
Next, we’ll scan the system for available LVM’s to verify succesfull creation:
lvscan
This should output:
ACTIVE '/dev/vg0/debian6' [20.00 GiB] inherit
For this option, we’ll be using the XL toolstack to create the VM, along with a prebuilt Debian image from the OrionVM mirror.
Next, we can obtain the necessary configuration files and format the VM image for provisioning:
wget http://mirror.orionvm.com.au/pub/debian/6/debian6.img.bz2 bzcat debian6.img.bz2 | dd bs=1M of=/dev// cd /etc/xen && wget http://mirror.orionvm.com.au/pub/debian/6/debian6.cfg
Now, you will need to configure the debian6.cfg file to suit your requirements. Adjust the necessary parameters such as ‘memory’ and ‘vcpus’ to suit your requirements. By default, this premade debian6 config file will allocate 4096MB of memory and 8 vcpus.
Once this has been done, you can proceed with the provisioning of the Debian VM:
xl create -c debian6.cfg
If succesfull, you should now be connected to the Virtual Machine console. To exit the console, simply press:
Ctrl + ]
To view a list of Virtual Machines running, you can type:
xl list
Simply run the following commands to get started with your own Fedora VM via Libvirt:
Note: We’ll use the debian6 example LVM we created earlier for brevity.
virt-install --virt-type xen -n fedora-vm-1 -r 512 --vcpus=2 -f /dev/vg0/debian6 --location http://mirror.internode.on.net/pub/fedora/linux/releases/18/Fedora/x86_64/os/ --os-type linux --accelerate --nographics --network=bridge:br0
This method will pull all the necessary files for the Fedora installation via the Internode Mirror (as such, this can take some time)
You will now need to connect to the VM’s console and finish the installation of Fedora. This can be done by issuing:
virsh console fedora-vm-1
To view a list of Virtual Machines running, you can type:
virsh list
To see your currently available memory, execute the following command in your terminal:
free -m
When reading the output of this command, always read the buffers / cache +- section for a true indication of available memory.
This is because Linux employs disk caching, for example, when an application is launched (cPanel, Apache etc) this is what happens:
When the application is run a second or third time, the CPU will always check to see if it has a copy of the instructions from its l1 or l2 cache.
So, as you can see, the ‘free memory’ on the top line of free -m is not a good indication of available memory, because this is the memory that is not currently utilised by the cache.
Good question, this cached memory can be evicted at any time for latter applications to run.
The L1 cache is the fastest CPU cache and it usually comes within the processor chip itself (therefore closer than normal system memory)
The L1 cache typically ranges in size (anywhere from 8KB to 64KB) and uses high-speed SRAM (static RAM) instead of DRAM (dynamic RAM) which is slower and typically used for the main system memory.
The L2 cache comes between L1 and system memory and is larger than the primary cache (level 1) and is typically 64KB to 4MB in size. As the L2 cache is larger and not usually stored within the CPU chip itself, the latency is far greater and the search for the cached instructions takes longer because its bigger in size.
Foundation, for WordPress 4.0 has just been released, with a slew of new features including a range of neat shortcodes, child theme support, custom headers and backgrounds, and the new ZURB Foundation 4 CSS framework.
You can check out a demo of Foundation, for WordPress at the link below:
http://fwp.drewsymo.com
Incredible Photos from Google Maps:
http://9-eyes.com/
This article will show you how to block all IP addresses to a specific folder (wp-admin) and only allow access to your IP address. Additionally, the blocked IP’s will be redirected to a location that you choose. This is a fantastic way to lock down your WordPress installation with minimal effort and maximum results.
To get started, open up your Nginx site configuration file and add the following lines of code:
location ~ ^(wp-admin|wp-login\.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow x.x.x.x;
deny all;
error_page 403 = @wp_admin_ban;
}
location @wp_admin_ban {
rewrite ^(.*) http://mywebsite.com permanent;
}
This will only allow access to the IP you specify (i.e. x.x.x.x) and redirect all other IP’s to mywebsite.com.
If you would like to allow access for multiple IP addresses to your wp-admin folder, this can be done by adding a another allow x.x.x.x; directive in your Nginx site configuration file:
location ~ ^(wp-admin|wp-login\.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow x.x.x.x; # First IP to allow access
allow x.x.x.x; # Second IP to allow access
allow x.x.x.x; # Third IP to allow access
deny all;
error_page 403 = @wp_admin_ban;
}
location @wp_admin_ban {
rewrite ^(.*) http://mywebsite.com permanent;
}