Build NFS Server on CentOS 7

As the first step, we will install these packages on the CentOS server with yum:

yum install nfs-utils

Now create the directory that will be shared by NFS:

mkdir /var/nfsshare

Change the permissions of the folder as follows:

chmod -R 755 /var/nfsshare
chown nfsnobody:nfsnobody /var/nfsshare

We use /var/nfsshare as shared folder, if we use another drive such as the /home directory, then the permission chnges will cause a massive permissions problem and ruin the whole hierarchy. So in case we want to share the /home directory then permissions must not be changed. Next, we need to start the services and enable them to be started at boot time.  Continue reading “Build NFS Server on CentOS 7” »

Share

Install webmin in Centos 7

Step 1 — Installing Webmin

First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding a new file called /etc/yum.repos.d/webmin.repo that contains information about the new repository.

Create and open this new file using your text editor:

sudo vi /etc/yum.repos.d/webmin.repo

Then add these lines to the file to define the new repository:

/etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Save the file and exit the editor. Next, add the Webmin author’s PGP key so that your system will trust the new repository: Continue reading “Install webmin in Centos 7” »

Share

Important Exim Commands

To get a count of messages in the queue

exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)

exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

exim -bp | exiqsumm

Print what Exim is doing right now:

exiwhat

Display the version of Exim and the location of Exim configuration file: Continue reading “Important Exim Commands” »

Share

Allow large attachment (greater than 10MB) in ISPConfig postfix MTA

Just a small hack, but worked good on my ISPConfig 3 setup. Add the following:

nano /etc/postfix/main.cf

mailbox_size_limit = 104857600

Save and restart postfix service.

According to official postfix documentation:
message_size_limit (default: 10240000) The maximal size in bytes of a message, including envelope information. Note: be careful when making changes. Excessively small values will result in the loss of non-delivery notifications, when a bounce message size exceeds the local or remote MTA’s message size limit. Continue reading “Allow large attachment (greater than 10MB) in ISPConfig postfix MTA” »

Share

Test your DNS using Dig, Nmap, Tcpdump

For DNS resolution to succeed to 192.168.0.1, the DNS server at 192.168.0.1 will need to accept TCP and UDP traffic over port 53 from our server. A port scanner such as the nmap tool can be used to confirm if the DNS server is available on port 53 as shown below.

Note: To install nmap run ‘yum install nmap -y’.

[root@centos ~]# nmap -sU -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00091s latency).
PORT STATE SERVICE
53/udp open|filtered domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

[root@centos ~]# nmap -sT -p 53 192.168.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for 192.168.0.1
Host is up (0.00099s latency).
PORT STATE SERVICE
53/tcp open domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Continue reading “Test your DNS using Dig, Nmap, Tcpdump” »

Share

Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:

/etc/letsencrypt/live/YOUR_DOMAIN/

now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »

Share

Webmin installation on Centos

Installing the RPM

If you are using the RPM version of Webmin, first download the file from the downloads page, or run the command :

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.870-1.noarch.rpm

then install optional dependencies with :

yum -y install perl perl-Net-SSLeay openssl perl-IO-Tty perl-Encode-Detect

and then run the command :

rpm -U webmin-1.870-1.noarch.rpm

Continue reading “Webmin installation on Centos” »

Share

CentOS 5 Repository fix using vault.centos.org

It’s a bit silly process, googled hours but found not solid way to update my old 32bit centos 5 linux box. So came up with a solution of my own. It might work for you, but no guarantee!

Step-1
Remove all .repo inside /etc/yum.conf.d/ directory

Step-2
Create a new repo file inside /etc/yum.conf.d/ 

nano /etc/yum.conf.d/CentOS-Vault.repo 

Update with the following section: Continue reading “CentOS 5 Repository fix using vault.centos.org” »

Share

BIND ACL to restrict zone trasfer with IP address

You need to define ACL in /etc/named.conf or /etc/bind/named.conf.local file. Let us say IP 1.2.3.4 and 1.2.3.5 are allowed to transfer your zones.

# vi named.conf or vi /etc/bind/named.conf.local

Here is sample entry for domain domain.org.bd (ns1 configuration):

acl trusted-servers {
1.2.3.4; //ns1
1.2.3.5; //ns2
};

zone "domain.org.bd" {
 type master;
 file "/var/lib/bind/domain.org.bd.hosts";
 also-notify {
1.2.3.5; 
 };
 notify yes;
 allow-transfer { trusted-servers; };
 };

Continue reading “BIND ACL to restrict zone trasfer with IP address” »

Share