Skip to main content

Posts

How To Add Swap Space on CentOS 7?

We are using high performance SSD VPS where we don't have any SWAP Partition. This can cause you to lose unsaved data or experience downtime. To ensure reliable data access, some applications require swap to function. I have purchase a SSD VPS from Upcloud and get five months Free using Promo Code: AQX767  My VPS Details: OS: CentOS Linux release 7.7.1908 (Core) CPU Model : Intel(R) Xeon(R) Gold 6136 CPU @ 3.00GHz RAM: 1 GB Storage: SSD 25 GB Start Your Free Trial for 5 Months, Use Promo Code: AQX767 Swap space can take the form of either a dedicated swap partition or a swap file. In most cases when running CentOS on a virtual machine a swap partition is not present so the only option is to create a swap file. In this guide, we will cover how to create and enable a swap file on a CentOS 7 server. Before You Begin Display a summary of swap usage # swapon --show If nothing is returned by the command, then the summary was empty and no swap file exists. Anoth...

CWP: How to monitor CWP Server Services using Monit on CentOS 7.6

Monit is a free open source and a very helpful program that automatically monitors and manages server process, files, directories, checksums, permissions, filesystems and services like Apache, Nginx, MySQL, FTP, SSH, Postfix and so on in a UNIX/Linux based systems and provides an excellent monitoring functionality to system administrators. You can reduce the downtime using Monit because when any services goes down , Monit will check it and start the services automatically, example: if your dns service is down then monit will check, if found it's down then monit will start the dns service automatically. One interesting thing is that monit runs it own httpd server. If your apache server is down, monit will running using it's own server. In this tutorial we are going to show you, how to install Monit along with CentOS Webpanel on CentOS 7. Prerequisites: To complete this tutorial, you will need: 1. CentOS Linux release 7.6.1810 (Core) 2. CWP7.admin , CWP version: 0.9...

Cpanel and CWP Problems

 Setup Python WSGI apps on cPanel https://www.devdungeon.com/content/setup-python-wsgi-apps-cpanel-flaskdjango https://docs.cpanel.net/knowledge-base/web-services/how-to-install-a-python-wsgi-application/ https://wsgi.readthedocs.io/en/latest/frameworks.html https://docs.cpanel.net/whm/security-center/apache-mod_userdir-tweak/ https://www.a2hosting.com/kb/cpanel/cpanel-software/using-the-python-selector https://answers.uillinois.edu/illinois/page.php?id=84995 https://www.youtube.com/watch?v=aNUjy41S3kk https://www.liquidweb.com/kb/installing-python-wsgi-applications-on-cpanel/ DataBase Error: Could not increase number of max_open_files to more than 32768 (request: 33041) https://haydenjames.io/could-not-increase-number-of-max_open_files-to-more-than/ https://mariadb.com/kb/en/could-not-increase-number-of-max_open_files-to-more-than-1024-request-1835/ https://stackoverflow.com/questions/60248748/could-not-increase-number-of-max-open-files-to-more-than-4096-request-4214

CWP: How to Increase your Server Security using CSF Firewall on CentOS 7

Access CSF UI on your browser with the specified port and click on "Check Server Security" . CSF will provide you some tips to secure your server . After that now check the report below: # vi /etc/ssh/sshd_config Port 22XX UseDNS no # systemctl restart sshd # vi /etc/my.cnf [mysqld] local-infile=0 # systemctl restart mariadb You can also enable 'RESTRICT_SYSLOG option check, LF_POP3D option check, LF_IMAPD option check, SYSLOG_CHECK option check, RESTRICT_UI option check, Check SSH PasswordAuthentication'.   This option helps prevent brute force attacks on your server services RESTRICT_SYSLOG = "3" LF_POP3D = "3" LF_POP3D_PERM = "1" LF_IMAPD = "3" LF_IMAPD_PERM = "1" SYSLOG_CHECK = "300" Important setting for me : #vi /etc/csf/csf.conf TESTING = "0" Don't Block IP addresses that are in the csf.allow files. IGNORE_ALLOW = "1" ICMP_IN = "1" ICMP_OUT = ...

CWP: How to Enable GUI for CSF on CentOS 7

CSF Web UI required some of Perl modules to be installed on your system. Use the following commands to check the required modules are installed operating system. If not present please install those packages . # yum info perl-IO-Socket-SSL.noarch perl-Net-SSLeay perl-Net-LibIDN perl-IO-Socket-INET6 perl-Socket6 To enable CSF web UI edit /etc/csf/csf.conf file # vi /etc/csf/csf.conf # 0 = Unrestricted UI # 1 = Restricted UI # 2 = Disabled UI RESTRICT_UI = "0" # 1 to enable, 0 to disable UI = "1" # Do NOT enable access to this port in TCP_IN, instead only allow trusted IP's # to the port using Advanced Allow Filters (see readme.txt) UI_PORT = "1025" # Leave blank to bind to all IP addresses on the server UI_IP = "" # This should be a secure, hard to guess username # This must be changed from the default UI_USER = "admin" # This must be changed from the default UI_PASS = "adminX" edit /etc/csf/ui/ui.allow configurat...

CWP: How to Install CSF on CentOS 7 ?

CSF is an application-based firewall for iptables provided for Linux servers. CSF has many features and can support web-based management tools like CWP, cPanel/WHM, DirectAdmin and Webmin. CSF is easy to install and use on the server, it makes security management easier for sysadmins. To add more power to this, it comes with a Login Failure Daemon (LFD) script that runs all the time to scan for failed attempts to login to the server to detect bruteforce-attacks. There are an array of extensive checks that lfd can perform to help alert the server administrator of changes to the server, potential problems and possible compromises. LFD also blocks IPs if a huge number of failed logins are appearing from that IP. The block is temporary. It also allows the admin to view the blocked IP by enabling an email alert service. Some of the features include: Login Tracking Process Tracking Directory Watching Advanced Allow/Deny features Block Reporting Port Flood Protection ....etc Befo...

How to hide Nameserver software version on Centos 7 ?

Hide DNS Software Version :  Sometimes a new vulnerability is found in DNS software and script kiddies are scanning the Internet to exploit unpatched systems. It's a best practice to hide software version on your DNS servers, although this is not a real protection it just makes a little harder to find your servers via scanning. Use dig command to find which version is running on your name servers: $ dig +short @ns1.example.com version.bind txt chaos "9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1" Bind To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option. Example: // /etc/named.conf options { // Hide bind version version "unknown"; }; Restart the server (use bind9 instead of named on systems based on Debian): $ sudo service named restart Stopping named: . [ OK ] Starting named: ...