Author Archives: Leo

About Leo

Is a Tech Support Manager ,a Linux Enthusiast , Developer and a Tech Writer. He is passionate about open source technology and writes mostly about open source software like Linux. He is interested in enlightening people about Linux and opensource Technologies. You can connect with him on twitter leog_in or write to him at leo@leog.in., Github :https://github.com/Leo-g

Getting Started with Git on Linux

Git is a version control system used for the up keep of your software. It’s sort of like a back up of your software which you can revert to incase of any errors or incorrect code change

I am documenting a few Git commands that can be used with any Linux Distro.

Installing Git on CentOS Linux

Use this script to add Repository

 yum install git 

Configure your User name and email, every Git commit will include this information, this is useful when multiple users commit to the same Git reporsitory.

$ git config --global user.name "Leo G"
$ git config --global user.email leo@leog.in

Check if everything is ok

#git config -l

Initialize the Repository

#git init

This will initialize an empty repository and create a folder called .git which contains all configuration files.

Create an Empty file

touch test1

Add the file to Git

git add test1

If you would like to add multiple files including sub directory then add a ‘.’

git add .
 git status 

# On branch master
#
# Initial commit
#
# Changes to be committed:
#   (use "git rm --cached ..." to unstage)
#
#       new file:   test1

Git status will give you an idea of what changes are going to be committed.

Once your sure commit the file or remove it with

 git rm --cached  
git commit -m "Initial"

Now you can also upload your files and keep a back up of your files on GitHub.com.

First create a profile on GitHub.com and then add your ssh keys.

Create a new empty repository, do not initialize it with readme or add .gitignore file.

Once you initialize the repository you will get instructions on how to sync you files.

Else you can typoe the below command, here rails was the empty repository I created on git hub.

#git remote add origin git@github.com:Leo-g/rails.git
#git push -u origin master
The authenticity of host 'github.com (192.30.252.131)' can't be established.
RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.252.131' (RSA) to the list of known hosts.
Counting objects: 120, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (108/108), done.
Writing objects: 100% (120/120), 280.00 KiB, done.
Total 120 (delta 7), reused 0 (delta 0)
To git@github.com:Leo-g/rails.git
 * [new branch]      master -> master
Branch master set up to track remote branch master from origin.

This will add the remote github repository and when you type “git push” from now on sync changes with github.

Useful git commands.

To check a history of your commits use

git log

To delete remote origin use


git remote rm origin

Incase you delete the file by accident and have not yet committed the changes


git checkout -f

Will recover the file.

source [http://ruby.railstutorial.org/ruby-on-rails-tutorial-book#sec-1_3_1_1]

How to confiigure fail2ban to block Brute Force IP’s by scanning postfix logs

Recently, I was looking at my postfix logs and found more than 13,000 Auth fail attempts and I was shocked. We had recently changed our user password due to a security breach, so I thought that some apps might have still not implemented the change, However after doing a reverse dig on the IP I saw it did not belong to us at all.
After digging around for solutions, I came across Fail2Ban. Fail2BAN is written in python and does log scanning to BLock IP’s which match a particular IP address.

Installation is pretty easy you need to have epel repo, if you don’t please add it via my script here.

yum install fail2ban

The main configuration is stored in “/etc/fail2ban/jail.conf” and the filters use to scan logs are stored in the “/etc/fail2ban/filter.d” directory.

Open jail.conf file and add or modify the below lines.

[postfix-tcpwrapper]

enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
           sendmail[name=Postfix, dest=you@yourdomain.com]
logpath  = /var/log/postfix.log
bantime  = -1

Below are the parameters and their meaning.
Enabled : Enable the filter via boolean True or false
Action : What action is to be taken on regex match, here the IP will be blocked via tcpwrappers and an mail will be sent to me

Logpath: path to the log file
BanTime: the amount of time you want to ban the IP, the value should be in seconds like 300, negative value means permanent ban.

You also need to change the below values in the jail.conf file

ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 5

Ignoreip: space separated list of ip’s to ignore, ensure you add your own :)
FindTime: The amount of time in which the connections are made post which the IP gets blocked.
Maxretry: Once 5 failed attempts are made the connection is blocked

Now add the below filter in /etc/fail2ban/filter.d/postfix.conf below any current filters

failregex = warning: (.*)\[\]: SASL LOGIN authentication failed:

This tells fail2ban to check this particular line and ban the host IP.

that’s it

chkconfig on
 servive fail2ban start

Here is How I Built my First RPM

I was building a rpmpackage for Tengine the Dynamic Module loading Nginx fork. As usual since there was a no decent tutorial I decided to write my own.

rpmbuild
Warning: DO NOT try as root for obvious Reasons

First Install the necessary packages.

sudo yum install rpm-build

sudo yum install redhat-rpm-config

Create the rpmbuild directories

[userid@hostname ~]$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
 Beware: this next command will overwrite an existing .rpmmacros file if it exists, so check that you don't already have one before continuing.

[userid@hostname ~]$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

Explanation of these directories as per rpm.org is as follows.

/usr/src/redhat/SOURCES — Contains the original sources, patches, and icon files.

/usr/src/redhat/SPECS — Contains the spec files used to control the build process.

/usr/src/redhat/BUILD — The directory in which the sources are unpacked, and the software is built.

/usr/src/redhat/RPMS — Contains the binary package files created by the build process.

/usr/src/redhat/SRPMS — Contains the source package files created by the build process.

Add the source or TAR file in the SOURCES directory.

Goto the SPEC directory to create your spec file.

The spec file is where you will need to add all the details of the package that needs to be installed.
From the files that need to be installed to the version of your package.
When you are creating a SPEC file for the first time, vim or emacs will automatically create a template for you:

vim tengine.spec

Below is the template

Name: Tengine
Version:  1.5.1
Release:        1%{?dist}
Summary:       Tengine web server forked out of Nginx

Group:          Applications/Internet
License:        open BSD license
URL:            http://tengine.taobao.org/download.html
Source0:        tengine-1.5.1.tar.gz

#BuildRequires:
#Requires:

%description
Tengine by taboa which enables dso support for nginx

%prep
%setup -n tengine-1.5.1

%build
%_configure
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%doc LICENSE
%doc README

%config(noreplace) /usr/local/nginx/conf/*
/usr/local/nginx/html/
/usr/local/nginx/sbin/nginx
/usr/local/nginx/sbin/dso_tool

%changelog

The First part which is your name version etc is pretty much self explanatory I am not going to go into it

Anything with % before is a a Macros. Macros can be used to set a variable, and there are a few that are already set. To see these macros look in /usr/lib/rpm/macros or /usr/share/doc/rpm-[version]/macros, where [version] is the version of rpm. The value of the macro is returned by putting the name of the macro in curly braces: %{ }.

%description : Add a short description of your package.

%prep : Here is where you file will be untared Just use %setup -q here and it will untar it.

%build : This is where you file is build, %_configure will run ./configure in tengine directory and you need to add “make %{?_smp_mflags} ” to create a make file.

%install : Where your software is installed with make install

%files : The list of files that will be installed.

Once you have your spec file is ready run the below command

rpmbuild -ba tengine.spec

This will generate the rpm file in the RPMS directory

I have added my rpm on GitHUB. Feel free to fork and would love here inputs from others on this.

If you have a small shell script that you would like to manage via rpm then you can check out rpmwand. Just remember that this is for those packages which do not have a compile process.

Update : The Good Folks at Reddit suggested fpm you may want to check that out as well.

Images are not mine and are found on the internet.

Source

http://rpmbuildtut.wordpress.com/getting-started/

http://fedoraproject.org/wiki/How_to_create_an_RPM_package

How to migrate your Database from badsource MySQL to OpenSource MariaDB

mariadb

Ever since Oracle took over MySQL it has stopped it’s Contribution to the opensource community in favour of Oracle DB.

So the Lead Developer from MySQL started MariaDB.

So what is the difference  between MySQl and MariaDB?

Well besides  the fact that it is completely opensourced, It also supports a number of Storage Engines including Percona’s famous Xtradb.

How do I migrate from MySQL to MariaDB?

It is not that difficult to migrate since mariadb uses almost the same source code.

The below steps are for Red Hat, Centos and Fedora for Ubuntu or Debian please use apt-get.

First we need to take a backup of our MySQL Database with the following command

mysqldump -u root -p --all-databases > mysqlbackup.sql

Then backup our my.cnf file

cp -a /etc/my.cnf my.bak

Now stop mysql server and remove mysql install

service mysqld stop

yum remove mysql mysql-server mysql-libs

Now you need atomic repo or mariadb repo 

I prefer atomic so as it has the latest php software as well

wget -q -O - http://www.atomicorp.com/installers/atomic | sh


yum install mariadb-server

This will install the client and libraries with the one command.

Copy the my.bak to mariadb conf file.

cp my.bak /etc/my.cnf

service mysqld start
mysql -u root -p -Be 'show databases'
enter password

Should show you all the databases. I also had my Replication up an running which was great.

Update: Incase you get a mysql-libs error as follows

Error: mariadb-libs conflicts with mysql-libs

Then uninstall mysql-libs with the yum command below and then try installing again.

yum remove mysql-lib

Please ensure you be careful while doing this and this post assumes you know what you are doing and take full responsibility for the same

How to speed up PHP with Opcode cache like APC

What is  a Cache?

A cache is a temporary storage area  where data can be stored for rapid access.

Why Cache PHP?

Compiling PHP every time a request comes in is a very resource intensive process and it is better to cache code rather than compile it every time. This not only reduces your  ram memory usage but also increases the speed of loading your php pages.

What are the Types of Cache available for PHP?

There are many but some of the prominent one’s are Memcache, APC ( alternative PHP cache) , Zend cache.

Why APC?

Well cause it’s an opcode cache that means it caches the compiled code, It is going to be included in PHP 6 and it is easy to configure.

How can I install?

Before you do add the below code to your php script to measure page load time

<?php echo get_num_queries(); ?> queries in <?php timer_stop(1); ?> seconds

You can add it to footer.php if you are using wordpress

You have to have PHP up and running if not then refer to my tutorial here and then install via yum package manager

$ yum install php-apc

How to configure?

There are two primary decisions to be made configuring APC. First, how much memory is going to be allocated to APC; and second, whether APC will check if a file has been modified on every request. The two ini directives that control these settings are apc.shm_size and apc.stat. You should also set apc.ttl low as that is time to live for the cache entries. The lower the better as when you cache is full the older entries will be flushed to make space for new, i f you have a higher ttl or a 0 ttl and you cache is full then the entire cache is flushed.

Open up the apc.ini config file and make the following changes

vim /etc/php/apc.ini

apc.ttl=3600

apc.stat=0

apc.shm_size=64M

cp /usr/share/doc/php-pecl-apc-3.1.15/apc.php  /var/www/html/

How can I clear the cache?

Add a file called apc_clear.php in your web root directory with the below code

               
 if (function_exists('apc_clear_cache') && $_GET['pass'] == 'secret') {
        if (apc_clear_cache() && apc_clear_cache('user'))
                print 'All Clear!';
        else
                print 'Clearing Failed!';

        print_r(apc_cache_info());

} else {
        print 'Authenticate, please!';
}

What is the meaning of hits and misses?
PHP cache APC
Hits means the request was served from the cache and misses means it was not. You need to increase your cache memory incase if it get’s  full often.

 

Source

http://css.dzone.com/articles/using-apc-correctly

http://ckon.wordpress.com/2012/01/02/speedup-php-opcode-cache-apc-xcache-eaccelerator/

http://linuxaria.com/howto/everything-you-need-to-know-about-apc-alternate-php-cache?lang=en

http://rtcamp.com/wordpress-nginx/tutorials/php/apc-cache-with-web-interface/