How to install PHPMyadmin at Ubuntu

sudo apt-get update
sudo apt-get install phpmyadmin
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin_your_customize_domain_name
sudo phpenmod mcrypt
sudo systemctl restart php7.0-fpm (up to your php version )

Advertisements

Configuration for SSH at a new Ubuntu Server

=========================================
Step 1 – Creating New Sudo and Root User
=========================================
// Adding new user
1) adduser TESTUSER

// Adding user to sudo group
2) usermod -aG sudo TESTUSER

// Adding user to root group
3) usermod -aG root TESTUSER

// Adding user to www-data group
4) usermod -aG www-data TESTUSER

// Checking user groups
5) id TESTUSER

// to reload your groups)
6) su – TESTUSER

// Checking user groups
7) id TESTUSER

result will show – uid=1000(TESTUSER) gid=1000(TESTUSER) groups=1000(TESTUSER),27(sudo),33(www-data)

=========================================
Step 2 – Editing SSH Configurations
=========================================

1) Allow new port to firewall and Changing SSH port

Adding and allow new port to Firewall
sudo ufw status
sudo ufw allow newport(eg_7676)

2) Disable the root user for login
** Before you disable root access, make sure to have the other root access user **

Changing SSH port
sudo nano /etc/ssh/sshd_config
change –
PermitRootLogin no
Port 7676 (AsYouWish)

3) /etc/init.d/ssh reload

=========================================
Step 3 – Upgrading SSH security
=========================================

3.1) Installing the Fail To Ban Server for SSH Security
Ref https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

3.1.1) sudo apt-get install fail2ban -y
3.1.2) sudo apt-get install sendmail
// testing sendmail can send or not
echo “hello” | sendmail -f receivermail@gmail.com sendermail@gmail.com

(sendmail or mail)

3.1.3) sudo apt install mailutils
// testing mail can send or not with mailutils
echo “testing” | mail -s “testing” receivermail@gmail.com

3.2) Copy the /etc/fail2ban/jail.cof as /etc/fail2ban/jail.local
awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local

3.3) // Change bantime at /etc/fail2ban/jail.local

// jail.local without sending alert email
—————————————————————
[DEFAULT]
bantime = 120
// bantime is with seconds
ignoreip = 127.0.0.1/8
findtime = 120
destemail = william.aceplus@gmail.com
sender = root@localhost

[sshd]
port = ssh
# logpath = %(sshd_log)s

[sshd-ddos]

port = 7878
logpath = /var/log/auth.log

[dropbear]
port = 7878
logpath = /var/log/auth.log

[selinux-ssh]
port = 7878
logpath = /var/log/auth.log
maxretry = 3

And then restart fail2ban server
/etc/init.d/fail2ban restart
—————————————————————

OR

// jail.local without sending alert email
—————————————————————
[DEFAULT]

ignoreip = –REMOVED IPS–
findtime = 600
bantime = 600
maxretry = 3

backend = polling

destemail = test@gmail.com
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest=”%(destemail)s”, protocol=”%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest=”%(destemail)s”, logpath=%(logpath)s]
action = %(action_mw)s
[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
—————————————————————

3.4) // Checking ban IPs
sudo zgrep ‘Ban’ /var/log/fail2ban.log

3.5) If you change the ssh port from ‘22’ to ‘custom_port’, you need to allow that port at ufw.

Sudo ufw status
Sudo ufw allow custom_port
Sudo ufw reload
Sudo ufw status

3.6) reload the fail2ban service
sudo /etc/init.d/fail2ban restart

3.7) check fail2ban server working or not by accessing with ssh 3 times and system will ban your ip 120 seconds

ssh ap2@128.199.101.113 -p 7878

fallocate: fallocate failed: Text file busy in ubuntu OS

fallocate: fallocate failed: Text file busy in ubuntu OS

swapoff -a turns off swap usage. You were trying to allocate 15G to /swapfile,
but you can’t do that if it’s in use.
You do a swapoff -a, fallocate (you may have to delete the current /swapfile first), mkswap /swapfile, then swapon -a.

swapoff -a
swapon -a

sudo fallocate -l 1G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

 

Cheers

 

How to install Mail Service at Ubutu Live Serer (LEMP)

How to install Mail Service at Ubutu Live Serer (LEMP)

Install mailutils by the following command
apt-get install mailutils
apt-get install ssmtp

edit ssmtp.conf under /etc/ssmtp/ssmtp.conf
Remove “#” from “#FromLineOverride=YES” and add the following lines to ssmtp.conf

FromLineOverride=YES
AuthUser=youremail@gmail.com
AuthPass=yourpassword
mailhub=smtp.gmail.com:587
UseSTARTTLS=YES

After that, test email can send it or not with the following command
echo “tesitng” | mail -s “testing” william.aceplus@gmail.com

============================
Checking Error about mail
/var/log/mail.err
============================

if some setting are not and you want to re-configure the setting

Reconfigure / Resetting setting
sudo dpkg-reconfigure postfix
sudo dpkg-reconfigure mailutils
============================

 

Cheers

Example syntax for Secure Copy (scp)

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.

Examples

Copy the file “foobar.txt” from a remote host to the local host

$ scp your_username@remotehost.edu:foobar.txt /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

$ scp foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy the directory “foo” from the local host to a remote host’s directory “bar”

$ scp -r foo your_username@remotehost.edu:/some/remote/directory/bar

Copy the file “foobar.txt” from remote host “rh1.edu” to remote host “rh2.edu”

$ scp your_username@rh1.edu:/some/remote/directory/foobar.txt \
your_username@rh2.edu:/some/remote/directory/

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

$ scp foo.txt bar.txt your_username@remotehost.edu:~

Copy the file “foobar.txt” from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt your_username@remotehost.edu:/some/remote/directory

Copy multiple files from the remote host to your current directory on the local host

$ scp your_username@remotehost.edu:/some/remote/directory/\{a,b,c\} .
$ scp your_username@remotehost.edu:~/\{foo.txt,bar.txt\} .

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish some_file your_username@remotehost.edu:~

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

$ scp -c blowfish -C local_file your_username@remotehost.edu:~

Contributions

Thanks Stewart Macleod for port example.

Ref : http://www.hypexr.org/linux_scp_help.php

How to Use SSL Certificate in LEMP Digital Droplet

(1) We need to create two Certificate to give to SSL Certificate Vendor ( Z.com / GMO-ACE )
———————————-
examplesite.csr
examplesite.key
———————————-

=================================
How do I generate a CSR Code
=================================

———————————————————

OS – Ubuntu 14.04
Digital Ocean Droplet with LEMP
———————————————————

cd /etc/ssl
mkdir /etc/ssl/websitessl
openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr

rsa:2048
“`means you create a 2048bits csr. I recommend for more security to use “`rsa:4069“`
You also need to change “`domainname.key“`and “`domainname.csr“` into your own domain name
so you can verify the CSR file. After you filled in all the legit information ,
you can open the new file using a client for example WinSCP, copy it, and use it for your SSL.


 

(2) And then, we have to buy/generate our SSL certificate at SSL Vendor Site and we will get / SSL vendor will generate the certificate files .
———————————–
samplesite.PEM
samplesite.ICA
samplesite.PKCS7
———————————–

We have to copy generated .PEM files from SSL Certifiate Provider to our host ( Digital Ocean LEMP )
http://www.examplesite.com.PEM.
And then, we have to edit the virtual host setting file at
/etc/nginx/site-available/samplesite

===================================================
Using SSL Certificate at Nginx Virtual Host Setting
===================================================
you have to create tow server blocks for both HTTP and HTTPS request.
And then, redirect to every request to HTTPS.

server {
listen 80;
server_name example.com.mm http://www.example.com.mm;
return 301 https://www.example.com.mm$request_uri;
}

server {
listen 443 ssl;
ssl on;

root /var/www/registrations/public;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
server_name example.com.mm http://www.example.com.mm;
# server_name localhost;

access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;

ssl_certificate /etc/ssl/websitessl/www.example.com.mm.PEM;
ssl_certificate_key /etc/ssl/websitessl/examplesite.key;
ssl_trusted_certificate /etc/ssl/websitessl/www.example.com.mm.ICA;

ssl_ciphers “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:3DES”;
ssl_prefer_server_ciphers on;

# to disable SSL3 service – to prevent the POODLE Vulnerablitiy attack
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}

# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass http://127.0.0.1:8080;
#}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}

# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
#
location ~ /\.ht {
deny all;
}

client_max_body_size 10M;
}

—————————————————————————————