Personal Mind of ASEP — ASEP here to share

OpenBSD 5.2 Web Server: Apache + MySql + PHP

by asep on January 27, 2013

OpenBSD is a great OS for hosting Apache/MySQL/PHP web apps. Because OpenBSD locks down Apache by default, and the version of PHP supplied by the OpenBSD team already has several security-enhancing patches in place.

Step 1: Set up the package manager

I’m using OpenBSD mirror at kartolo.sby.datautama.net.id for best speed in Indonesia.

echo installpath=http://kartolo.sby.datautama.net.id/OpenBSD/$(uname -r)/packages/$(uname -m) | sudo tee /etc/pkg.conf

1	echo installpath=http://kartolo.sby.datautama.net.id/OpenBSD/$(uname -r)/packages/$(uname -m) \| sudo tee /etc/pkg.conf

Step 2: Installing Packages

1. Apache 2.2

# pkg_add apache-httpd
apache-httpd-2.2.22:apr-1.4.6p0: ok
apache-httpd-2.2.22:db-4.6.21v0: ok
apache-httpd-2.2.22:apr-util-1.4.1: ok
apache-httpd-2.2.22:pcre-8.30: ok
apache-httpd-2.2.22: ok
The following new rcscripts were installed: /etc/rc.d/httpd2
See rc.d(8) for details.
--- +apache-httpd-2.2.22 -------------------
This is the official httpd distributed by the Apache Server Project,
provided as a port for those who, for various reasons, need to run
version 2.

OpenBSD provides a custom Apache server, httpd(8), in the base system
which has been audited for security and may run in a chroot(2)
environment.  Users are STRONGLY encouraged to use the system httpd
rather than this port.

# pkg_add apache-httpd

apache-httpd-2.2.22:apr-1.4.6p0: ok

apache-httpd-2.2.22:db-4.6.21v0: ok

apache-httpd-2.2.22:apr-util-1.4.1: ok

apache-httpd-2.2.22:pcre-8.30: ok

apache-httpd-2.2.22: ok

The following new rcscripts were installed: /etc/rc.d/httpd2

See rc.d(8) for details.

--- +apache-httpd-2.2.22 -------------------

This is the official httpd distributed by the Apache Server Project,

provided as a port for those who, for various reasons, need to run

version 2.

OpenBSD provides a custom Apache server, httpd(8), in the base system

which has been audited for security and may run in a chroot(2)

environment. Users are STRONGLY encouraged to use the system httpd

rather than this port.

2. PHP-MySql

# pkg_add php-mysql
Ambiguous: choose package for php-mysql
 a       0: <none>
         1: php-mysql-5.2.17p6
         2: php-mysql-5.3.14p0
Your choice: 2
php-mysql-5.3.14p0:libiconv-1.14: ok
php-mysql-5.3.14p0:gettext-0.18.1p3: ok
php-mysql-5.3.14p0:libxml-2.7.8p6: ok
php-mysql-5.3.14p0:femail-0.98: ok
php-mysql-5.3.14p0:femail-chroot-0.98p1: ok
php-mysql-5.3.14p0:php-5.3.14p1: ok
php-mysql-5.3.14p0:mysql-client-5.1.63: ok
php-mysql-5.3.14p0: ok
Look in /usr/local/share/doc/pkg-readmes for extra documentation.
--- +php-5.3.14p1 -------------------
To enable the php-5.3 module please create a symbolic link from
/var/www/conf/modules.sample/php-5.3.conf to
/var/www/conf/modules/php.conf. As root:

    ln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf

The recommended php configuration has been installed to:
    /etc/php-5.3.ini.
--- +php-mysql-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/mysql.ini to
/etc/php-5.3/mysql.ini. As root:

    ln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

# pkg_add php-mysql

Ambiguous: choose package for php-mysql

a 0: <none>

1: php-mysql-5.2.17p6

2: php-mysql-5.3.14p0

Your choice: 2

php-mysql-5.3.14p0:libiconv-1.14: ok

php-mysql-5.3.14p0:gettext-0.18.1p3: ok

php-mysql-5.3.14p0:libxml-2.7.8p6: ok

php-mysql-5.3.14p0:femail-0.98: ok

php-mysql-5.3.14p0:femail-chroot-0.98p1: ok

php-mysql-5.3.14p0:php-5.3.14p1: ok

php-mysql-5.3.14p0:mysql-client-5.1.63: ok

php-mysql-5.3.14p0: ok

Look in /usr/local/share/doc/pkg-readmes for extra documentation.

--- +php-5.3.14p1 -------------------

To enable the php-5.3 module please create a symbolic link from

/var/www/conf/modules.sample/php-5.3.conf to

/var/www/conf/modules/php.conf. As root:

ln -sf /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf

The recommended php configuration has been installed to:

/etc/php-5.3.ini.

--- +php-mysql-5.3.14p0 -------------------

You can enable this module by creating a symbolic link from

/etc/php-5.3.sample/mysql.ini to

/etc/php-5.3/mysql.ini. As root:

ln -sf /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

Running the following command:

# cp /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf
# cp /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

1 2	# cp /var/www/conf/modules.sample/php-5.3.conf /var/www/conf/modules/php.conf # cp /etc/php-5.3.sample/mysql.ini /etc/php-5.3/mysql.ini

3. MySql Server

# pkg_add mysql-server
mysql-server-5.1.63p0:p5-Net-Daemon-0.43p0: ok
mysql-server-5.1.63p0:p5-PlRPC-0.2018p1: ok
mysql-server-5.1.63p0:p5-Params-Util-1.00p2: ok
mysql-server-5.1.63p0:p5-Clone-0.31p1: ok
mysql-server-5.1.63p0:p5-SQL-Statement-1.33: ok
mysql-server-5.1.63p0:p5-FreezeThaw-0.43p2: ok
mysql-server-5.1.63p0:p5-MLDBM-2.04: ok
mysql-server-5.1.63p0:p5-DBI-1.616: ok
mysql-server-5.1.63p0:p5-DBD-mysql-4.021: ok
mysql-server-5.1.63p0: ok
The following new rcscripts were installed: /etc/rc.d/mysqld
See rc.d(8) for details.
Look in /usr/local/share/doc/pkg-readmes for extra documentation.

Then, run a few commands to initialize MySQL and set a strong password for the MySQL root user. Be sure you can remember it, though. You'll need it later.

# pkg_add mysql-server

mysql-server-5.1.63p0:p5-Net-Daemon-0.43p0: ok

mysql-server-5.1.63p0:p5-PlRPC-0.2018p1: ok

mysql-server-5.1.63p0:p5-Params-Util-1.00p2: ok

mysql-server-5.1.63p0:p5-Clone-0.31p1: ok

mysql-server-5.1.63p0:p5-SQL-Statement-1.33: ok

mysql-server-5.1.63p0:p5-FreezeThaw-0.43p2: ok

mysql-server-5.1.63p0:p5-MLDBM-2.04: ok

mysql-server-5.1.63p0:p5-DBI-1.616: ok

mysql-server-5.1.63p0:p5-DBD-mysql-4.021: ok

mysql-server-5.1.63p0: ok

The following new rcscripts were installed: /etc/rc.d/mysqld

See rc.d(8) for details.

Look in /usr/local/share/doc/pkg-readmes for extra documentation.

Then, run a few commands to initialize MySQL and set a strong password for the MySQL root user. Be sure you can remember it, though. You'll need it later.

3. Setting MySql Instalation

# /usr/local/bin/mysql_install_db
# /usr/local/share/mysql/mysql.server start
# /usr/local/bin/mysqladmin -u root password 'your-password'

# /usr/local/bin/mysql_install_db

# /usr/local/share/mysql/mysql.server start

# /usr/local/bin/mysqladmin -u root password 'your-password'

4. Secure MySql Instalation

# /usr/local/bin/mysql_secure_installation

1	# /usr/local/bin/mysql_secure_installation

5. Installing phpMyAdmin

# pkg_add phpMyAdmin
phpMyAdmin-3.4.10.2:jpeg-8c: ok
phpMyAdmin-3.4.10.2:png-1.5.10: ok
phpMyAdmin-3.4.10.2:t1lib-5.1.2: ok
phpMyAdmin-3.4.10.2:php-gd-5.3.14p0: ok
phpMyAdmin-3.4.10.2:libmcrypt-2.5.8p1: ok
phpMyAdmin-3.4.10.2:libltdl-2.4.2: ok
phpMyAdmin-3.4.10.2:php-mcrypt-5.3.14p0: ok
phpMyAdmin-3.4.10.2: ok
--- +php-gd-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/gd.ini to
/etc/php-5.3/gd.ini. As root:

    ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini
--- +php-mcrypt-5.3.14p0 -------------------
You can enable this module by creating a symbolic link from
/etc/php-5.3.sample/mcrypt.ini to
/etc/php-5.3/mcrypt.ini. As root:

    ln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini
--- +phpMyAdmin-3.4.10.2 -------------------
The phpMyAdmin has been installed into /var/www/phpMyAdmin

You should point this to the DocumentRoot of your web-server:
   # ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin
(make sure you use a relative symlink since Apache is chrooted)

You can ensure you have a working install by accessing:
http://<localhost>/phpMyAdmin/index.php

# pkg_add phpMyAdmin

phpMyAdmin-3.4.10.2:jpeg-8c: ok

phpMyAdmin-3.4.10.2:png-1.5.10: ok

phpMyAdmin-3.4.10.2:t1lib-5.1.2: ok

phpMyAdmin-3.4.10.2:php-gd-5.3.14p0: ok

phpMyAdmin-3.4.10.2:libmcrypt-2.5.8p1: ok

phpMyAdmin-3.4.10.2:libltdl-2.4.2: ok

phpMyAdmin-3.4.10.2:php-mcrypt-5.3.14p0: ok

phpMyAdmin-3.4.10.2: ok

--- +php-gd-5.3.14p0 -------------------

You can enable this module by creating a symbolic link from

/etc/php-5.3.sample/gd.ini to

/etc/php-5.3/gd.ini. As root:

ln -sf /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini

--- +php-mcrypt-5.3.14p0 -------------------

You can enable this module by creating a symbolic link from

/etc/php-5.3.sample/mcrypt.ini to

/etc/php-5.3/mcrypt.ini. As root:

ln -sf /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini

--- +phpMyAdmin-3.4.10.2 -------------------

The phpMyAdmin has been installed into /var/www/phpMyAdmin

You should point this to the DocumentRoot of your web-server:

# ln -s ../phpMyAdmin /var/www/htdocs/phpMyAdmin

(make sure you use a relative symlink since Apache is chrooted)

You can ensure you have a working install by accessing:

http://<localhost>/phpMyAdmin/index.php

Running the following command:

# cp /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini
# cp /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini

1 2	# cp /etc/php-5.3.sample/gd.ini /etc/php-5.3/gd.ini # cp /etc/php-5.3.sample/mcrypt.ini /etc/php-5.3/mcrypt.ini

Since Apache is locked away, it can’t talk to the database software, MySQL. The default install doesn’t automatically place MySQL inside Apache’s jail. Currently is impossible for the two to even communicate. You need to move the communication file: /var/run/mysql/mysql.sock

# mkdir /var/www/var/
# mkdir /var/www/var/run/
# mkdir /var/www/var/run/mysql/

# mkdir /var/www/var/

# mkdir /var/www/var/run/

# mkdir /var/www/var/run/mysql/

To make Apache happy we have to place this special file inside the jail. This can be done on startup using your handy rc.local file.

# nano /etc/rc.local

1	# nano /etc/rc.local

Put the following lines:

if [ -x /usr/local/bin/mysqld_safe ]; then
    echo -n " mysqld"
    /usr/local/bin/mysqld_safe --user=_mysql --log=/var/log/mysqld
    sleep 4
    rm -f /var/www/var/run/mysql/mysql.sock
    ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock
fi

if [ -x /usr/local/bin/mysqld_safe ]; then

echo -n " mysqld"

/usr/local/bin/mysqld_safe --user=_mysql --log=/var/log/mysqld

sleep 4

rm -f /var/www/var/run/mysql/mysql.sock

ln /var/run/mysql/mysql.sock /var/www/var/run/mysql/mysql.sock

Step 3: Start OAMP services automatically

# nano /etc/rc.conf.local

1	# nano /etc/rc.conf.local

put the following lines:

mysqld_flags=""
httpd_flags=""
pkg_scripts="mysqld"

mysqld_flags=""

httpd_flags=""

pkg_scripts="mysqld"

Step 4: Reboot

Once everything is installed and configured to start automatically, reboot to make sure everything starts up as expected.

reboot

reboot

Step 5: Testing

Create phpinfo file:

echo "<?php phpinfo(); ?>" | sudo tee /var/www/htdocs/phpinfo.php

1	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/htdocs/phpinfo.php

Open phpinfo script:

http://your-OpenBSD-ip-address/phpinfo.php

1	http://your-OpenBSD-ip-address/phpinfo.php

Open phpMyadmin:

http://your-OpenBSD-ip-address/phpMyAdmin

Ref:
– http://www.h-i-r.net/p/hirs-secure-openbsd-apache-mysql-and.html
– http://www.openbsdsupport.org/e107_CMS.html

{ 7 comments }

How to Compress/Archive a Folder in Linux

by asep on January 27, 2013

To Compress a Folder in Linux you can running this command:

tar -zcvf [archive-file-name] [path-to-folder]
e.g: tar -zcvf file.tar.gz /home/file

1 2	tar -zcvf [archive-file-name] [path-to-folder] e.g: tar -zcvf file.tar.gz /home/file

note:
-z: Compress archive using gzip program
-c: Create archive
-v: Verbose i.e display progress while creating archive
-f: Archive File name

To Exract an Arhive:

tar -zcvf [archive-file-name]
e.g: tar -zxvf file.tar.gz

1 2	tar -zcvf [archive-file-name] e.g: tar -zxvf file.tar.gz

note:
-x: Extract files

{ 0 comments }

Centos 6 Remote Install Via VNC

by asep on January 20, 2013

If you have a dedicate server that have installd CentOS 5/6 and you want to reinstall/reload it but you do not have iKVM/IPMI/IP KVM, you can check it out this tutorial how to install your server with CentOS Remote Install via VNC.

step 1: Determining network settings of the server

You need to know the network information of your server, to determine the network settings, you can use the following commands:

ifconfig
ip route show
cat /etc/sysconfig/network-scripts/ifcfg-eth0
cat /etc/sysconfig/network
cat /etc/resolv.conf

ifconfig

ip route show

cat /etc/sysconfig/network-scripts/ifcfg-eth0

cat /etc/sysconfig/network

cat /etc/resolv.conf

step 2: Loading Centos 6 64BIT Image

wget -O /boot/initrd_remote.img http://kambing.ui.ac.id/centos/6.3/os/x86_64/isolinux/initrd.img
wget -O /boot/vmlinuz_remote http://kambing.ui.ac.id/centos/6.3/os/x86_64/isolinux/vmlinuz

1 2	wget -O /boot/initrd_remote.img http://kambing.ui.ac.id/centos/6.3/os/x86_64/isolinux/initrd.img wget -O /boot/vmlinuz_remote http://kambing.ui.ac.id/centos/6.3/os/x86_64/isolinux/vmlinuz

Step 3: Preparing the configuration and adding it to grub.conf

title CentOS Remote Install
root (hd0,0)
kernel /vmlinuz_remote lang=en_US keymap=us method=http://kambing.ui.ac.id/centos/6.3/os/x86_64/ vnc vncpassword=remote ip=119.235.xxx.xxx netmask=255.255.255.240 gateway=119.235.xxx.xxx dns=119.235.xxx.xxx noselinux ksdevice=00:30:48:97:49:7C headless xfs panic=120
initrd /initrd_remote.img

title CentOS Remote Install

root (hd0,0)

kernel /vmlinuz_remote lang=en_US keymap=us method=http://kambing.ui.ac.id/centos/6.3/os/x86_64/ vnc vncpassword=remote ip=119.235.xxx.xxx netmask=255.255.255.240 gateway=119.235.xxx.xxx dns=119.235.xxx.xxx noselinux ksdevice=00:30:48:97:49:7C headless xfs panic=120

initrd /initrd_remote.img

It is assumed that this configuration is the second item in the menu. You’ve specified that grub should make one attempt to load it. If something goes wrong, you’ll go back to the pre-set distribution after a restart, in 120 seconds.

[root@asep ~]# echo 'savedefault --default=1 --once' | grub --batch

1	[root@asep ~]# echo 'savedefault --default=1 --once' \| grub --batch

Step 4: Reboot Server

Reboot the server and wait until it begins to respond to ping. Additional packages will take some time to load, then it will be possible to connect through VNC. If the network isn’t fast enough, it may take about 20-30 minutes.

Now connect to the server and do the same as on the local console: vncviewer 119.235.xxx.xxx:1
If you’re working from Windows, you can use TightVNC.

Happy ReInstall !

Ref: http://supportex.net/2011/06/install-centos-fedora-remotely/

{ 0 comments }

How to Create 10MB File in Linux

by asep on January 7, 2013

If you want to create 10mb file in your linux box, just running this command:

dd if=/dev/zero of=10mb_file bs=10485760 count=1

1	dd if=/dev/zero of=10mb_file bs=10485760 count=1

{ 0 comments }

Reset/change solusVM Admin password via ssh

by asep on December 12, 2012

If you have lost your admin password you can reset it via an SSH session on the master. Run the following command:

php /usr/local/solusvm/scripts/pass.php --type=admin --comm=change --username=<adminusername>

1	php /usr/local/solusvm/scripts/pass.php --type=admin --comm=change --username=<adminusername>

You will get an output similar to this:

New password: Wc7Q0EbVFUasJ4j

1	New password: Wc7Q0EbVFUasJ4j

That will be your newly created Admin Password

ref: http://wiki.solusvm.com/index.php/Generate_New_Admin_Password

{ 0 comments }

List of VPS OpenVZ Commands

by asep on November 27, 2012

Here are some of OpenVZ Command at Node VPS :

[root@node1 ~]# vzctl start 101 // start the VPS 101
[root@node1 ~]# vzctl stop 101 // stop 101 VPS
[root@node1 ~]# vzctl restart 101 // restart 101 VPS
[root@node1 ~]# vzctl enter 101 // enter into 101 VPS
[root@101 ~]# exit // log out from 101 VPS
[root@node1 ~]# vzlist // display the list of active VPS's
[root@node1 ~]# vzlist -a // display the list of all VPS's
[root@node1 ~]# vzctl destroy 101 // destroy the VPS (good idea to stop it first)
[root@node1 ~]# vzcalc -v 101 // show resources usage on VPS
[root@node1 ~]# vzctl exec 101 df -m // execute commands against the VPS(in this case 'df -m')
[root@node1 ~]# vzyum 101 -y update // run yum update on VPS
[root@node1 ~]# vzyum 101 -y install package // install package using yum on VPS
[root@node1 ~]# vzrpm 101 -Uvh package // install package using rpm on VPS

[root@node1 ~]# vzctl start 101 // start the VPS 101

[root@node1 ~]# vzctl stop 101 // stop 101 VPS

[root@node1 ~]# vzctl restart 101 // restart 101 VPS

[root@node1 ~]# vzctl enter 101 // enter into 101 VPS

[root@101 ~]# exit // log out from 101 VPS

[root@node1 ~]# vzlist // display the list of active VPS's

[root@node1 ~]# vzlist -a // display the list of all VPS's

[root@node1 ~]# vzctl destroy 101 // destroy the VPS (good idea to stop it first)

[root@node1 ~]# vzcalc -v 101 // show resources usage on VPS

[root@node1 ~]# vzctl exec 101 df -m // execute commands against the VPS(in this case 'df -m')

[root@node1 ~]# vzyum 101 -y update // run yum update on VPS

[root@node1 ~]# vzyum 101 -y install package // install package using yum on VPS

[root@node1 ~]# vzrpm 101 -Uvh package // install package using rpm on VPS

{ 0 comments }

Next Posts Previous Posts