Linux - ycTIN - Page 2

Add swap to CentOS without reboot

April 9, 2018April 9, 2018 Timmy Tin Leave a comment

Add 4G swap

dd if=/dev/zero of=/swapfile bs=1024k count=4096
chown root:root /swapfile
chmod 0600 /swapfile
mkswap /swapfile
swapon /swapfile
echo "/swapfile swap swap defaults 0 0" >> /etc/fstab

dd if=/dev/zero of=/swapfile bs=1024k count=4096

chown root:root /swapfile

chmod 0600 /swapfile

mkswap /swapfile

swapon /swapfile

echo "/swapfile swap swap defaults 0 0" >> /etc/fstab

How to encrypt and decrypt .cpt file

September 2, 2017September 2, 2017 Timmy Tin Leave a comment

What is .cpt extension?

.cpt is a encrypted file format, you can use ccrypt to create and decrypt .cpt file

How to encrypt and decrypt .cpt file

Encrypt a file

ccencrypt /tmp/demo.txt

1	ccencrypt /tmp/demo.txt

Decrypt a file.

ccdecrypt /tmp/demo.txt.cpt

1	ccdecrypt /tmp/demo.txt.cpt

How to install ccrypt

Install ccrypt on CentOS

sudo yum install ccrypt

1	sudo yum install ccrypt

Install ccrypt on Debian/Ubuntu

sudo apt-get install ccrypt

1	sudo apt-get install ccrypt

CentOS 7 unable to login, display login incorrect immediately after input login name

April 1, 2017April 1, 2017 Timmy Tin Leave a comment

Problem

Unable to login linux console, always show login incorrect for any login name

Why

Selected some security profile(e.g. PCI-DSS) during installation, but network connection is unavailable.

Installer unable to download some packages from the internet, and caused installation failure. You may feel the installation time longer than no security profile.

In my case is CentOS installer missing the web proxy settings 🙁

How to Fix

Select other security profile or setup correct network connection, and re-install the system.

Reference

CentOS-7 Installer Security Profiles

2.1. Requirements

These profiles require a connection to the internet to install. If you select a security profile that can not connect to the internet on port 80 (to mirror.centos.org), your install may fail spectacularly and not even allow access to the console locally. Please only try these profiles while connected to the internet.

Packages will be installed from the internet if you use security profiles, even if those packages also reside on the ISOs.

https://wiki.centos.org/TipsAndTricks/C7SecurityProfiles

How to Install ffmpeg on RHEL/CentOS 7

January 22, 2017January 22, 2017 Timmy Tin Leave a comment

Install ffmpeg via ATRPMS repo

#install EPEL repo
sudo yum install epel-release -y

#install ATRPMS repo
sudo rpm -ivh https://www.mirrorservice.org/sites/dl.atrpms.net/el7-x86_64/atrpms/stable/atrpms-repo-7-7.el7.x86_64.rpm

# install ffmpeg
sudo yum install ffmpeg -y

# verify ffmpeg installation
ffmpeg -version

#install EPEL repo

sudo yum install epel-release -y

#install ATRPMS repo

sudo rpm -ivh https://www.mirrorservice.org/sites/dl.atrpms.net/el7-x86_64/atrpms/stable/atrpms-repo-7-7.el7.x86_64.rpm

# install ffmpeg

sudo yum install ffmpeg -y

# verify ffmpeg installation

ffmpeg -version

Try convert WAV file to MP3 format

ffmpeg -i input.wav -f mp3 output.mp3

1	ffmpeg -i input.wav -f mp3 output.mp3

References:

http://atrpms.net/documentation/install/

Install VMware Tools on CentOS 7

January 5, 2017January 5, 2017 Timmy Tin Leave a comment

sudo yum install open-vm-tools -y

1	sudo yum install open-vm-tools -y

How to Install NGINX and PHP-FPM on RHEL/CentOS 7

January 5, 2017April 9, 2018 Timmy Tin Leave a comment

Basic Server Setup

# update system
sudo yum install epel-release -y
sudo yum update -y

# update system

sudo yum install epel-release -y

sudo yum update -y

# temporary switches off SELinux enforcing 
sudo setenforce 0

1 2	# temporary switches off SELinux enforcing sudo setenforce 0

# setup timezone
sudo rm /etc/localtime
sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime

# setup ntp service
sudo yum -y install ntp
sudo ntpdate pool.ntp.org
sudo systemctl enable ntpd
sudo systemctl start ntpd

# setup timezone

sudo rm /etc/localtime

sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime

# setup ntp service

sudo yum -y install ntp

sudo ntpdate pool.ntp.org

sudo systemctl enable ntpd

sudo systemctl start ntpd

Setup NGINX and PHP-FPM

# install NGINX and PHP with PHP-FPM
sudo yum install -y vim nginx php php-fpm php-mbstring php-gd php-bcmath php-mcrypt php-tidy php-xml php-xmlrpc php-soap php-mysql php-pdo php-devel
sudo systemctl enable nginx php-fpm
sudo systemctl start nginx php-fpm

# install NGINX and PHP with PHP-FPM

sudo yum install -y vim nginx php php-fpm php-mbstring php-gd php-bcmath php-mcrypt php-tidy php-xml php-xmlrpc php-soap php-mysql php-pdo php-devel

sudo systemctl enable nginx php-fpm

sudo systemctl start nginx php-fpm

Update Configuration

# update PHP configuration
sudo vi /etc/php.ini
:%s#;date.timezone =#date.timezone = Asia/Hong_Kong#
:%s#expose_php = On#expose_php = Off#
:wq

# update PHP configuration

sudo vi /etc/php.ini

:%s#;date.timezone =#date.timezone = Asia/Hong_Kong#

:%s#expose_php = On#expose_php = Off#

:wq

# update php-fpm configuration
sed -i 's/^user =.*$/user = nginx/g' /etc/php-fpm.d/www.conf
sed -i 's/^group =.*$/group = nginx/g' /etc/php-fpm.d/www.conf
cat /etc/php-fpm.d/www.conf

# update php-fpm configuration

sed -i 's/^user =.*$/user = nginx/g' /etc/php-fpm.d/www.conf

sed -i 's/^group =.*$/group = nginx/g' /etc/php-fpm.d/www.conf

cat /etc/php-fpm.d/www.conf

# update NGINX configuration
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sudo tac /etc/nginx/nginx.conf.bak | awk '!p && /}/{print "\n}\n    include /etc/nginx/vhosts/*.conf;";p=1;next} 1' | tac \
| awk '!p && /server {/{print "    index index.php index.html index.htm;\n";p=1} 1' \
| awk '!p && /root/{print "        root         /var/www/html;";p=1;next} 1' \
| sudo tee /etc/nginx/nginx.conf

# update NGINX configuration

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak

sudo tac /etc/nginx/nginx.conf.bak | awk '!p && /}/{print "\n}\n include /etc/nginx/vhosts/*.conf;";p=1;next} 1' | tac \

| awk '!p && /server {/{print " index index.php index.html index.htm;\n";p=1} 1' \

| awk '!p && /root/{print " root /var/www/html;";p=1;next} 1' \

| sudo tee /etc/nginx/nginx.conf

# create folders and update permission
sudo mkdir -p /etc/nginx/vhosts/
sudo mkdir -p /var/www/html/
sudo mkdir -p /var/www/vhosts/
sudo chown nginx:nginx /var/www/html/ -R
sudo chown nginx:nginx /var/www/vhosts/ -R

# create folders and update permission

sudo mkdir -p /etc/nginx/vhosts/

sudo mkdir -p /var/www/html/

sudo mkdir -p /var/www/vhosts/

sudo chown nginx:nginx /var/www/html/ -R

sudo chown nginx:nginx /var/www/vhosts/ -R

Create Virtual Hosts

# create dummy virtual host
sudo cat > /etc/nginx/vhosts/example.com.conf <<- "EOF"

# redirect to www
##server {
##    listen       80;
##    server_name  example.com;
##    return       301 http://www.example.com$request_uri;
##}

server {
    listen       80;
    server_name  www.example.com;
    root         /var/www/vhosts/example.com/www;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ .php$ {
        #fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index /index.php;
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_read_timeout 300;
    }
}

EOF

# create dummy virtual host

sudo cat > /etc/nginx/vhosts/example.com.conf <<- "EOF"

# redirect to www

##server {

## listen 80;

## server_name example.com;

## return 301 http://www.example.com$request_uri;

##}

server {

listen 80;

server_name www.example.com;

root /var/www/vhosts/example.com/www;

location / {

try_files $uri $uri/ /index.php?$args;

}

location ~ .php$ {

#fastcgi_pass unix:/var/run/php-fpm.sock;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index /index.php;

include /etc/nginx/fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_read_timeout 300;

}

EOF

# create ip vhost from dummy virtual host 
cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/[www.]*example.com/10.0.6.29/" | sudo tee /etc/nginx/vhosts/10.0.6.29.conf
sudo mkdir -p /var/www/vhosts/10.0.6.29/www/
echo "<?php phpinfo();" | sudo tee /var/www/vhosts/10.0.6.29/www/index.php
sudo nginx -s reload

# create ip vhost from dummy virtual host

cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/[www.]*example.com/10.0.6.29/" | sudo tee /etc/nginx/vhosts/10.0.6.29.conf

sudo mkdir -p /var/www/vhosts/10.0.6.29/www/

echo "<?php phpinfo();" | sudo tee /var/www/vhosts/10.0.6.29/www/index.php

sudo nginx -s reload

# create www vhost from dummy virtual host 
cat /etc/nginx/vhosts/example.com.conf | sed "s/example.com/yctin.com/" | sed "s/##//" | sudo tee /etc/nginx/vhosts/yctin.com.conf
sudo mkdir -p /var/www/vhosts/yctin.com/www/
echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/www/index.php
sudo nginx -s reload

# create www vhost from dummy virtual host

cat /etc/nginx/vhosts/example.com.conf | sed "s/example.com/yctin.com/" | sed "s/##//" | sudo tee /etc/nginx/vhosts/yctin.com.conf

sudo mkdir -p /var/www/vhosts/yctin.com/www/

echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/www/index.php

sudo nginx -s reload

# create subdomain vhost from dummy virtual host 
cat /etc/nginx/vhosts/example.com.conf | sed '/^#/ d' | sed "s/example.com/yctin.com/g" | sed "s/www\./demo\./g" | sed "s/www;/demo;/g" | sudo tee /etc/nginx/vhosts/yctin.com.conf
sudo mkdir -p /var/www/vhosts/yctin.com/demo/
echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/demo/index.php
sudo nginx -s reload

# create subdomain vhost from dummy virtual host

sudo mkdir -p /var/www/vhosts/yctin.com/demo/

echo "<?php phpinfo();" | sudo tee /var/www/vhosts/yctin.com/demo/index.php

sudo nginx -s reload

Setup Firewall (Optional)

# setup firewall
sudo yum install firewalld -y
sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo systemctl restart firewalld

# setup firewall

sudo yum install firewalld -y

sudo systemctl enable firewalld

sudo systemctl start firewalld

sudo firewall-cmd --add-service=http --permanent

sudo firewall-cmd --add-service=https --permanent

sudo systemctl restart firewalld

SELinux Settings (Optional for SELinux enabled)

# update selinux policy, required for selinux enabled (p.s. not best practice)
sudo setsebool -P httpd_anon_write 1
sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/html -R
sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/vhosts/ -R

# Allow PHP connect network
setsebool -P httpd_can_network_connect 1

# Allow PHP connect remote database
setsebool -P httpd_can_network_connect_db 1

# update selinux policy, required for selinux enabled (p.s. not best practice)

sudo setsebool -P httpd_anon_write 1

sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/html -R

sudo chcon -u system_u -t httpd_sys_rw_content_t /var/www/vhosts/ -R

# Allow PHP connect network

setsebool -P httpd_can_network_connect 1

# Allow PHP connect remote database

setsebool -P httpd_can_network_connect_db 1

Reboot after Setup

sudo reboot

1	sudo reboot

Mounting a Cloud Storage Buckets as a File System on CentOS 7 Compute Engine Instances

November 20, 2016November 20, 2016 Timmy Tin Leave a comment

Problem:

I need to mount a Google Cloud Storage Buckets to file system, and grant access to the web server.

Solution:

Use the Google Cloud Storage FUSE (gcsfuse) tool to mount a Cloud Storage bucket to your Compute Engine instance.

Steps:

Assumption:

I have a bucket named yctin-bucket
I want to mount this bucket to /cloud/yctin-bucket/
I was generated the Google Service Key, and stored into /src/gcloud_service_account.json

Mounting a bucket

# create the directory
mkdir -p /cloud/yctin-bucket/

# mount the bucket with 777 permission
gcsfuse --key-file=/src/gcloud_service_account.json -o allow_other --dir-mode 777 --file-mode 777  yctin-bucket  /cloud/yctin-bucket/

# create the directory

mkdir -p /cloud/yctin-bucket/

# mount the bucket with 777 permission

gcsfuse --key-file=/src/gcloud_service_account.json -o allow_other --dir-mode 777 --file-mode 777 yctin-bucket /cloud/yctin-bucket/

To unmount the bucket

umount /cloud/yctin-bucket/

1	umount /cloud/yctin-bucket/

References:

https://cloud.google.com/compute/docs/disks/gcs-buckets
http://stackoverflow.com/questions/34779921/gcsfuse-gives-a-input-output-error-when-reading-or-writing-to-mounted-directory

Install & Setup Google Cloud SDK (gcloud command) on RHEL / CentOS 7

November 20, 2016November 20, 2016 Timmy Tin Leave a comment

Problem:

bash: gcloud: command not found

Solution:

Install & Setup Google Cloud SDK

Steps:

1. Installing SDK

sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM
[google-cloud-sdk]
name=Google Cloud SDK
baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg
       https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
EOM
yum install google-cloud-sdk -y

sudo tee -a /etc/yum.repos.d/google-cloud-sdk.repo << EOM

[google-cloud-sdk]

name=Google Cloud SDK

baseurl=https://packages.cloud.google.com/yum/repos/cloud-sdk-el7-x86_64

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg

https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg

EOM

yum install google-cloud-sdk -y

Reference: https://cloud.google.com/sdk/downloads

2. Initializing Cloud SDK

gcloud init --console-only

1	gcloud init --console-only

Reference: https://cloud.google.com/sdk/docs/initializing

3. Authorizing Cloud SDK Tools

gcloud auth activate-service-account --key-file [KEY_FILE]

1	gcloud auth activate-service-account --key-file [KEY_FILE]

Reference: https://cloud.google.com/sdk/docs/authorizing

Generating an SSH Key Pair on Linux and Mac

November 2, 2016November 20, 2016 Timmy Tin Leave a comment

Short Version

ssh-keygen -t rsa

1	ssh-keygen -t rsa

Increased Security

ssh-keygen -b 4096 -t rsa

1	ssh-keygen -b 4096 -t rsa

My Favorite

ssh-keygen -b 4096 -t rsa -f <EMAIL ADDRESS> -C <EMAIL ADDRESS>

1	ssh-keygen -b 4096 -t rsa -f <EMAIL ADDRESS> -C <EMAIL ADDRESS>

How to Install MySQL 5.7 on RHEL/CentOS 7

October 22, 2016January 23, 2017 Timmy Tin Leave a comment

Basic Server Setup

# update system
sudo yum install epel-release -y
sudo yum update -y

# update system

sudo yum install epel-release -y

sudo yum update -y

# temporary switches off SELinux enforcing 
sudo setenforce 0

1 2	# temporary switches off SELinux enforcing sudo setenforce 0

# setup timezone
sudo rm /etc/localtime
sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime

# setup ntp service
sudo yum -y install ntp
sudo ntpdate pool.ntp.org
sudo systemctl enable ntpd
sudo systemctl start ntpd

# setup timezone

sudo rm /etc/localtime

sudo ln -s /usr/share/zoneinfo/Hongkong /etc/localtime

# setup ntp service

sudo yum -y install ntp

sudo ntpdate pool.ntp.org

sudo systemctl enable ntpd

sudo systemctl start ntpd

Setup MySQL 5.7

# adding the MySQL Yum Repository
sudo rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm

# setup mysql server
sudo yum install mysql-server -y
sudo systemctl enable mysqld
sudo systemctl start mysqld

# adding the MySQL Yum Repository

sudo rpm -Uvh http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm

# setup mysql server

sudo yum install mysql-server -y

sudo systemctl enable mysqld

sudo systemctl start mysqld

# get temporary root password
sudo cat /var/log/mysqld.log | grep "temporary password"
# 2016-10-22T06:14:44.222048Z 1 [Note] A temporary password is 
# generated for root@localhost: [TEMPORARY ROOT PASSWORD]

# config mysql server
mysql_secure_installation

# Securing the MySQL server deployment.
# Enter password for user root: [TEMPORARY ROOT PASSWORD]
# The existing password for the user account root has expired. Please set a new password.
# New password: [NEW PASSWORD]
# Re-enter new password: [NEW PASSWORD]
# Change the password for root ? : N
# Remove anonymous users? : Y
# Disallow root login remotely? : Y
# Remove test database and access to it? : Y
# Reload privilege tables now? : Y

# get temporary root password

sudo cat /var/log/mysqld.log | grep "temporary password"

# 2016-10-22T06:14:44.222048Z 1 [Note] A temporary password is

# generated for root@localhost: [TEMPORARY ROOT PASSWORD]

# config mysql server

mysql_secure_installation

# Securing the MySQL server deployment.

# Enter password for user root: [TEMPORARY ROOT PASSWORD]

# The existing password for the user account root has expired. Please set a new password.

# New password: [NEW PASSWORD]

# Re-enter new password: [NEW PASSWORD]

# Change the password for root ? : N

# Remove anonymous users? : Y

# Disallow root login remotely? : Y

# Remove test database and access to it? : Y

# Reload privilege tables now? : Y

Setup Firewall (Optional)

# setup firewall
sudo yum install firewalld -y
sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --add-service=mysql --permanent

# setup firewall

sudo yum install firewalld -y

sudo systemctl enable firewalld

sudo systemctl start firewalld

sudo firewall-cmd --add-service=mysql --permanent

Reboot after Setup

reboot

reboot

Optional Settings for MySQL 5.7

Disable MySQL Strict Mode

# disable MySQL strict mode
vi /etc/my.cnf
sql-mode=
sudo systemctl restart mysqld

# disable MySQL strict mode

vi /etc/my.cnf

sql-mode=

sudo systemctl restart mysqld

Reference: https://dev.mysql.com/doc/refman/5.7/en/sql-mode.html

Fix MySQL Password Expired

To establish a global policy such that passwords never expire.

Update /etc/my.cnf

[mysqld]
default_password_lifetime=0

1 2	[mysqld] default_password_lifetime=0

Reference: https://dev.mysql.com/doc/refman/5.7/en/password-expiration-policy.html