Camilo Lozano III

My latest task if to enhance our backup system that we currently have which all our backups are stored in the same server. Today, I managed to create an API integration to Rackspace Cloud Files and to transfer the generated backups of the web server to Cloud Files. Below is the guide for those who are having trouble using the API.

HowTo:

1. Download the Cloud Files API – https://github.com/rackspace/php-cloudfiles/tree
2. Follow the steps in extracting the API files to your server, http://cloudfiles.rackspacecloud.com/index.php/PHP_API_Installation
3. And you may start creating php script, read http://docs.rackspacecloud.com/files/api/cf-devguide-latest.pdf

Possible Problems you will encounter:

PHP Fatal error:  Uncaught exception 'BadContentTypeException' with message 'Required Content-Type not set ...

Solution:

• Install the PHP PECL FileInfo

# yum -y install php-devel php-pecl php-pear

// if "sh: make: command not found" error OR "ERROR: `make' failed" occur, groupinstall the Development Tools.
# yum -y groupinstall "Development Tools"

// install fileinfo
# pecl install fileinfo
# service httpd restart

if still occurs, last resort is upgrade your php to php 5.3

• Upgrade your PHP to 5.3

first, remove the current installed php and php-common

# yum -y erase php php-common

then install the PHP v5.3

# yum -y install php53 php53-devel php-mysql php-gd php-pecl php-pear php-common
#service httpd restart

and that’s it.. your php script should be running…

for my scenario:

[root@server backups]# ls
backup.logs                          mysql_03262011_0155.tar.gz  mysql_04042011_0155.tar.gz  mysql_04132011_0155.tar.gz  WebFiles_04-06-2011.tar.gz
backup.mail                          mysql_03272011_0155.tar.gz  mysql_04052011_0155.tar.gz  mysql_04142011_0155.tar.gz  WebFiles_04-13-2011.tar.gz
backupSQL.script                     mysql_03282011_0155.tar.gz  mysql_04062011_0155.tar.gz  mysql_04152011_0155.tar.gz  WebFiles_04-20-2011.tar.gz
backupSQL.script.11082010            mysql_03292011_0155.tar.gz  mysql_04072011_0155.tar.gz  mysql_04162011_0155.tar.gz  cronjobs.txt
backup.web                           mysql_03302011_0155.tar.gz  mysql_04082011_0155.tar.gz  mysql_04172011_0155.tar.gz  init.cdn.script
backupWEB.script                     mysql_03312011_0155.tar.gz  mysql_04092011_0155.tar.gz  mysql_04182011_0155.tar.gz  monthly.2011
cdn.backup.php                       mysql_04012011_0155.tar.gz  mysql_04102011_0155.tar.gz  mysql_04192011_0155.tar.gz  scripts
mysql_03242011_0155.tar.gz  mysql_04022011_0155.tar.gz  mysql_04112011_0155.tar.gz  mysql_04202011_0155.tar.gz
mysql_03252011_0155.tar.gz  mysql_04032011_0155.tar.gz  mysql_04122011_0155.tar.gz  WebFiles_03-30-2011.tar.gz

These files are my backup files, so I created a PHP script named cdn.backup.php, with initializer named init.cdn.script to upload the backup files to Cloud files. If I execute my script, this is the output:

[root@server backups]# ./init.cdn.script
. . . . . . . . . . . . . Uploadeding mysql_04202011_0155.tar.gz...
SQL backup completed!
. . . . . . . . . . . . . . . . . . . . Uploadeding WebFiles_04-20-2011.tar.gz...
Web files backup completed!

That’s it… My files has been uploaded to cloud files.

—

Source code:

<?php
if(function_exists("date_default_timezone_set") and function_exists("date_default_timezone_get"))
@date_default_timezone_set(@date_default_timezone_get());

require('cloudfiles.php');

date_default_timezone_set('America/New_York');
$cfgAccount = array('user'=>'demo','keys'=>'fe01ce2a7fbac8fafaed7c982a04e229');

$auth = new CF_Authentication($cfgAccount['user'], $cfgAccount['keys']);

$auth->authenticate();

if ($auth->authenticated())
{
	$conn = new CF_Connection($auth);
	//$conn->ssl_use_cabundle();

	$container_name = "backups";

	// execute this if no container
	//$backup_obj = $conn->create_container($container_name);
	//echo $backup_obj;

	if (function_exists('systemxx'))
	{
		system("ls -t",$lines);
		foreach($lines as &$line)
		{
			echo $line . "\n\n";
		}
	}
	else
	{
		$backupSQLSent = 0;
		$backupFILESent = 0;
		$limit = date("j") - 7;
		for ($i = date("j"); $i > $limit; $i--)
		{
			$d = dir("/backups/");
			//echo "Handle: " . $d->handle . "\n";
			//echo "Path: " . $d->path . "\n";
			while (false !== ($entry = $d->read()))
			{
				//  mysql_04122011.tar.gz
				if ((preg_match("/mysql_".date("mdY")."/", $entry)) && ($backupSQLSent == 0))
				{
					$backup_obj = $conn->get_container($container_name);

					echo 'Uploadeding '.$entry."...\n";

					$tarballs = $backup_obj->create_object("cdn_".mktime()."_".$entry);
					$filename = "/backups/".$entry;

					// upload file in a hard way
					$fsize = (float) sprintf("%u", filesize($filename));
					$fp = fopen($filename, "r");
					$tarballs->write($fp, $fsize);

					// upload file in a convenience way
					//$tarballs->load_from_filename($filename);

					echo "SQL backup completed!\n";
					$backupSQLSent = 1;
				}

				// WebFiles_04-20-2011.tar.gz
				if ((preg_match("/WebFiles_".date("m-d-Y")."/",$entry)) && ($backupFILESent == 0))
				{
					$backup_obj = $conn->get_container($container_name);

                                        echo 'Uploadeding '.$entry."...\n";

                                        $tarballs = $backup_obj->create_object("cdn_".mktime()."_".$entry);
                                        $filename = "/backups/".$entry;

                                        // upload file in a hard way
                                        $fsize = (float) sprintf("%u", filesize($filename));
                                        $fp = fopen($filename, "r");
                                        $tarballs->write($fp, $fsize);

                                        // upload file in a convenience way
                                        //$tarballs->load_from_filename($filename);

					echo "Web files backup completed!\n";
                                        $backupFILESent = 1;
				}

				if (($backupFILESent == 1) && ($backupSQLSent == 1))
				{
					break;
				}
				echo ". ";
			}
			$d->close();

			// if backup sent, end loop
			if (($backupFILESent == 1) && ($backupSQLSent == 1))
			{
				break;
			}
			echo "\n";
		}
	}

}
else
{
	echo 'Unable to connect to Cloud Files!';
}

?>

—

Downloads:

1. Cloud Files PHP API (90)
2. cdn.backup.php (81)

This is the way to reset MySQL server password in Centos Linux, steps below:

# /etc/init.d/mysql stop
# /usr/bin/mysqld_safe --skip-grant-tables --skip-networking &
# mysql -u root
mysql> use mysql;
mysql> UPDATE user SET Password = '' WHERE User = 'root';
mysql> exit

# /etc/init.d/mysql stop
# /etc/init.d/mysql start

You may also use service to start and stop the mysql.

#service mysqld start
#service mysqld stop

I’ve been managing web servers yet I haven’t tried setting up web mail server. Today, this is my experiment.. Below is the steps or guides from Vincent Avelino, a friend of mine in C21. The scenario is running under CentOS 5.3.

Part 1

1. Postfix – http://wiki.centos.org/HowTos/postfix
2. SPF – http://old.openspf.org/wizard.html
3. DKIM/DK – http://www.howtoforge.com/postfix-dkim-with-dkim-milter-centos5.1 ; http://www.ijs.si/software/amavisd/ ; http://www.howtoforge.com/how-to-implement-domainkeys-in-postfix-using-dk-milter-centos5.1
4. Clamav – http://www.linuxmail.info/how-to-install-clam-antivirus-centos-5/ || http://www.linuxmail.info/how-to-install-clam-antivirus-centos-4/
5. Spamassassin – http://spamassassin.apache.org/
6. Roundcube

Part 2

1. DNS

• http://www.dnswatch.info/dkim/create-dns-record
• http://www.simpledns.com/kb.aspx?kbid=1092
• http://palma-seo.com/setting-dkim-spf-domainkeys-dns-bind

Result and Conclusion:

Can’t proceed the experiment as of now.. too busy.. hahahaha..

I keep this guidelines because I find it very useful which I think we need it in our project development as a team in Project CollabHQ. I’m getting tired synchronizing always my files in my local PC between published files after other team members updated the files in the server.

---

To install subversion on CentOS you need to have the RMForge custom repository enabled (read my “Add the RPMForge custom repository to CentOS” post about how to do this), and then issue the following command:

sudo yum install subversion
This will check for any dependencies and then prompt you to install  those and subversion itself. Type in "y" and <enter> to install  these.

Unfortunately it doesn’t set up anything else after installing the necessary files, so you need to add a subversion user and set up the repositories etc yourself. If we decide to call the subversion user “svn” then you add them like so:

sudo /usr/sbin/useradd svn
sudo passwd svn
And then change to the subversion user like so:

su svn
Change to the svn user's directory and then create a "repositories" directory like so:

cd
mkdir repositories
And now create your project's repository. For example, if we had a project called "myproject" you would do this:

cd repositories
svnadmin create myproject

There will now be a “myproject” directory containing the following:

-rw-rw-r-- 1 svn svn  229 Nov 21 16:58 README.txt
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 conf
drwxrwsr-x 6 svn svn 1024 Nov 21 16:58 db
-r--r--r-- 1 svn svn    2 Nov 21 16:58 format
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 hooks
drwxrwxr-x 2 svn svn 1024 Nov 21 16:58 locks

You need to edit “myproject/conf/svnserve.conf” and uncomment the following lines:

auth-access = write
password-db = passwd

and edit the password file “myproject/conf/passwd” adding a new user and password. Note that the password is stored in plain text. In the following example we have a user called “john” whose password is “foobar123″:

[users]
john = foobar123

And finally, as the svn user, start the subversion daemon like so:

svnserve -d -r /home/svn/repositories

You can now connect to the subversion repository at e.g. svn://svn@hostname/myproject

You can add additional repositories under this user using the “svnadmin create” command and then access them at svn://[userame]@[hostname]/[project name]

Other reference at http://wiki.centos.org/HowTos/Subversion

Article by: http://www.electrictoolbox.com/install-subversion-centos/

Variable Length Subnet Mask Table

Prefix	Add-on	Octet	Hosts	Subnet
/30	+4	4th byte	2	255.255.255.252
/29	+8	4th byte	6	255.255.255.248
/28	+16	4th byte	14	255.255.255.240
/27	+32	4th byte	30	255.255.255.224
/26	+64	4th byte	62	255.255.255.192
/25	+128	4th byte	126	255.255.255.128
/24	+1	3rd byte	254	255.255.255.0
/23	+2	3rd byte	510	255.255.254.0
/22	+4	3rd byte	1022	255.255.252.0
/21	+8	3rd byte	2046	255.255.248.0
/20	+16	3rd byte	4094	255.255.240.0
/19	+32	3rd byte	8190	255.255.224.0
/18	+64	3rd byte	16382	255.255.192.0
/17	+128	3rd byte	32766	255.255.128.0
/16	+1	2nd byte	65534	255.255.0.0
…	…	…	…	…

Download PDF file: Variable Length Subnet Mask Table (153)

Based on Centos Wiki on HowTo SSL – http://wiki.centos.org/HowTos/Https

I simplified the procedure to create a bash script. Here’s the code;

#!/bin/bash
umask 077

echo ""
if [ $# -eq 0 ] ; then
 echo $"Usage: `basename $0` <DOMAIN_NAME> [...]"
 echo ""
 exit 0
fi

for target in $@ ; do

 keyFile=${target}.key
 crtFile=${target}.crt
 csrFile=${target}.csr

 echo $keyFile
 echo $crtFile
 echo $csrFile

 # Generate private key
 openssl genrsa -out $keyFile 1024 

 # Generate CSR
 openssl req -new -key $keyFile -out $csrFile

 echo ""
 echo "Please enter the number of days which SSL Certificate will be valid:"
 read DAYS
 echo ""

 # Generate Self Signed Key
 openssl x509 -req -days $DAYS -in $csrFile -signkey $keyFile -out $crtFile
done

Or download the script below…

Download: gencert (70) bash script

How to add gencert command to your system:

1. Download the gencert bash script
2. Extract the file
3. chmod u+x gencert
4. then copy the gencert file to /bin/
5. Wallaah! You’re done!

SECURING FTP

Use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So… you said chroot ALL users but ftpuser.

Notice the commented out lines.
In /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

edited /etc/vsftpd.chroot_list:
add users only that DO NOT NOT NOT NOT get chrooted.

use /sbin/nologin
edited /etc/passwd entry for ftpuser:

ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin

————

chroot_local_user=YES
chroot_list_enable=YES

means that by default ALL users get chrooted except users in the file

chroot_local_user=NO
chroot_list_enable=YES

means that by default ONLY users in the file get chrooted.

See the difference?

Article by: JordanH

Final Configuration:

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

pasv_enable=YES
port_enable=NO
pasv_min_port=60000
pasv_max_port=64000

# ftp settings
connect_from_port_20=YES

# User Settings
pasv_promiscuous=YES
dirlist_enable=YES
download_enable=YES

SECURING SSH

Edit /etc/ssh/sshd_config and at the bottom of the file, add these lines…

# Allowed users to login SSH
#AllowUsers root user002

# Disallow users in logging in at SSH
#DenyUsers user001

Today, I tried to answer the pre-test of UPC or the Ubuntu Professional Certification… and the result was…

Dear Camilo III,

Thank you very much for taking part in the pre-training assessment.

Your score is 9, which means that you are probably over-qualified for this course.

As a next step we suggest that you read through the Deploying Ubuntu Server Edition course overview found here: http://www.ubuntu.com/training/certificationcourses/server and then complete the corresponding online assessment.

Ubuntu Training courses are taught by Canonical-trained Ubuntu Certified Instructors. The Deploying Ubuntu Server Edition course is available through online training and classroom training, so you can can learn in the environment that suits you best.

Visit: www.ubuntu.com/training for more information.

Best regards and good luck
The Ubuntu Training Team

How flattering!! I admit it, I’m not that good… but anyway, the test is so easy.. hahahaha.. And one thing, I don’t have a dollars to pay the $1,600 for the Deploying Ubuntu Server Edition Certification. Its like PhP 76,800.00 in my country, that is 9 months to save my whole salary. hahahaha.. Damn! I will starved to death if I will take the exam…

These comic trips by N.C. Winters relates my work pretty much…

This is a basic installation tutorial for the CentOS operating system for dedicated server duties.
CentOS is a free white label distro of RedHat Enterprise with all the bells and whistles, and is the OS of choice for many web hosting companies

Installing the OS using ‘Text Mode’ :

1 – Insert the first Linux installation CD-ROM (disc 1) in the CD-ROM drive of your server and restart the server.
2 – At the boot: prompt, type text and press the Enter key. This starts the installation process.
3 – On the Language Selection screen, select English as the language that you want to run the installation program in, then click OK.
4 – On the Keyboard Selection screen, select the keyboard attached to your server, then click OK.
5 – On the Mouse Selection screen, select the mouse attached to your server, then click OK.
6 – On the Welcome screen, review the installation information, then click OK.
7 – On the Installation Type screen, select Custom, then click OK.
8 – On the Disk Partitioning Setup screen, select Disk Druid. Quote:
- If your disk has existing partitions, select each partition and click Delete.
9 – Create the following disk partitions:

The following partitions are recommended prior to installing cPanel:

**1 GB /
*50 MB /boot (No seperate /boot for FreeBSD)
**1 GB /tmp
*10 GB /usr
**7 GB /var
**1 GB swap (swap should be 2x RAM)
Remaining space to /home

Note: The above partitioning scheme is assuming a 40 GB hard drive. If you have a larger hard drive, you should increment /usr & /var accordingly. To create the / partition ‘root’:

* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type / .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 1024, then click OK. To create the /boot partition: Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /boot.
* For the Filesystem type select ext3.
* In the Size (MB) field, type 50, then click OK. To create the /tmp partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /tmp .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 1024, then click OK. To create the /usr partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /usr .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 10240, then click OK. To create the /var partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /var .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 7168, then click OK. To create the swap partition: Quote:
* On the Partitioning screen (see step , click New.
* For the Filesystem type field, select swap.
* In the Size (MB) field, enter a number that is twice the current RAM (1024 If you are using 512 MB Ram), then click OK. To create the /home partition: Quote:
* On the Partitioning screen (see step , click New.
* In the Mount Point field, type /home.
* For the Filesystem type select ext3.
* In the Size (MB) field, select Fill all available space, then click OK.

10 – When finished, Click OK.
11 – On the Boot Loader Configuration screen, select LILO Boot Loader, then click OK.
12 – On each of the following three screens, click OK.
13 – On the Network Configuration screen, clear Use bootp/dhcp, enter your server network configuration, then click OK.
14 – On the Hostname Configuration screen, enter the fully qualified host name of your server, then click OK.
15 – On the Firewall Configuration screen, select No firewall, then click OK.
16 – On the Language Support screen, select English (USA), then click OK.
17 – On the Time Zone Selection screen, select the location, then click OK.
18 – On the Root Password screen, enter in the root password for your server, re-enter the password to confirm it, then click OK.
19 – If you want to create an account that you can use to remotely log on to your server using SSH or FTP, click Add.
*** Provide the login name and password, then click OK.
20 – Review the information on the User Account Setup screen, then click OK.
21 – Review the information on the Authentication Configuration screen, then click OK.
22 – On the Package Group Selection screen, verify that only the following packages are selected. Clear all other check boxes.

. Network Support
. Messaging and Web Tools
. DNS Name Server
. Network Managed Workstation
. Software Development

23 – Click OK.
24 – Review the Installation to begin screen, then click OK.
25 – Insert the second/third installation CD-ROM when notified to, then click OK.
26 – To create a boot disk, click Yes. Otherwise, click No.
27 – When done, the installation complete screen displays.
28 – Click OK, then press Enter to restart.

[2] Checking the host name and network settings :
After your first boot, you must check your system’s host name and network configuration to ensure that they are correct. To check your system’s host name and network configuration:
- Log on to the system as the root user.
- Type vi /etc/hosts to open the host file and modify the contents.
- Verify that the file is in the following format:
- Verify that the loopback entry (127.0.0.1) appears in the file. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.1.1.1 myhost.mydomain.com myhost – Modify the file as needed.
- Type :wq to close the file.
- Type vi /etc/sysconfig/network to open the network sysconfig file and modify the contents.
- Verify the host name. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.

NETWORKING=yes
HOSTNAME=myserver.mydomain.com
GATEWAY=10.100.0.1 – Modify the file as needed.
- Type :wq to close the file.
- Type vi /etc/sysconfig/network-scripts/ifcfg-eth0 to open the network scripts file and modify the contents.
- Verify that network information. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.

DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.1.1.1
IPADDR=10.1.1.1
NETMASK=255.255.0.0
NETWORK=10.1.0.0
ONBOOT=yes – Modify the file as needed.
- To make these changes active, restart the system by typing:

shutdown -r now

[3]cPanel Installation Instructions:

Important : You must have a valid cPanel license. If you do not have a valid cPanel license, please contact one of cPanel distributors listed at http://www.cpanel.net/dist.htm or buy a license directly from cPanel at http://www.cpanel.net/store/. cPanel now uses a universal install script which can be found at http://layer1.cpanel.net/. You can use the following commands in the root shell to download and start the installation script:

mkdir /home/cpins
cd /home/cpins
wget http://layer1.cpanel.net/latest
sh latest

At this point the installation has started and may take anywhere from 30 – 60 minutes to complete. At no point during the installation should you be prompted for user input. You will know the cPanel installation has been completed by the screen output coming to a stop & the statement “Done.” is printed on your screen. You should then hit “ctrl c”† to continue. Note: You must be on a stable connection to install cPanel. If your shell session disconnects during a cPanel install the cPanel installation will be aborted. You can restart the cPanel installation by completing “sh cpanel-*”† again, however it is recommended that you reformat your machine & start over to ensure a clean slate before placing the machine into production.

[4]cPanel/WHM Configuration: Following a successful install you should setup cPanel/WHM as soon as possible. In order to complete this process you will need to log into your machine using its main (eth0/fxp0) IP address; you should input something similar to this into your browser:

https://xxx.xxx.xxx.xxx:2087

Note: you should replace xxx.xxx.xxx.xxx with your actual IP address. Further to that, you will be prompted about a self signed SSL certificate; ignore this by clicking on “Yes”. A self signed certificate is generated by cPanel/WHM to ensure a secure/encrypted communication with your server. You will now be prompted with a few questions related to how you would like your installation of cPanel/WHM customized. You can walk through the wizard by clicking on “Next Step” or if you are an experienced user feel free to click on “Finish” to skip to the end. For a complete user guide on how to access cPanel/WHM and/or use any of the functions within cPanel/WHM, please visit cPanel do*****ents section at http://www.cpanel.net/docs.htm That’s all for now .. Just keep in mind, this is not the all-in-one package for server installaion, you’ll have to secure the server, update your kernel, install a firewall, configure SSH, apply patches …. etc.

 

Reference:

• www.zimbio.com
• mike.holownych.com