Linux Interview Questions For Experienced

Why should you periodically update the kernel and package versions?
To enhance the security of system you should ensure that you are using the latest versions kernel and software packages that contain the most recent security updates.
During a recent strikes at office, several archive tapes of the system were damaged and ruined. What can you do to prevent the physical damage in future?
You should store them at offsite.
Why should you avoid the Telnet to administer a Linux system remotely?
Telnet use most insecure method for communication. It send data across the network in plain text format. Someone easily find out the password using the network tool.
A file is unable to be restored from tape due to several device and media errors. What is most likely the cause?
Media errors usually indicate that the tape media is damaged, or that the tape drive heads need cleaning.
Your FTP Server recently hacked. Due to the amount of damage, the entire server needs to be restored. How should you restore the original kernel system files?
You cannot restore the entire operating system from tap back up device. So you should reinstall the core operating system, and then restore system configuration files and user data from tape backup device.
Your company hire a contract employee for two months. What should the Linux administrator do to enhance security on the employee's account?
While creating new user account for this user, administrator should set the expiration date for his account, so that if the employee leaves or does not have their contract renewed, the account will be automatically disabled.
Which backup strategy only backs up files that have changed since the last full backup?
Differential backup will backup files that have changed since the last full backup.
Name a service which should you disable on a Linux Server which is acting as both a Web and FTP Server.
The finger service should be disabled because a remote user can get important information about the system by using that command.

Why it is recommended to store backup tapes to an offsite storage facility?
Because this will prevent the backup taps from being destroyed during a natural disaster at the server site. It also prevents the tapes from being stolen.
A newbie enabled the root session for FTP server. is it ok?
No, he has put the security of entire server on risk. You should disable to root session as soon as possible.
A user complains you that he is unable to set '123' as his password. Why would not the system allow this password?
There would be a minimum length rule for password, which is blocking user to use this password. Default minimum length rule for password is six characters. It means a user cannot have password less than six characters.
Your company is running Web Server. One dedicate account holder customer complains that his visitors are able to scan the directory tree. Which directive would you configure to stop web server from listing the directory?
You should remove / comment the "Options Indexes" directive from the main configuration file ' httpd.conf' of the web server. This is a security measure so that remote users can’t scan the directory tree of the server looking for security holes. Server won’t show directory listings if requested by a user.
What type of backup strategy can you use to fully back up a system every night?
You can use full backup strategy that will always perform a full backup of all files. This takes much more time and space than other methods, but is it the most complete method and allows for easy file restoration.
How can you enhance the security of password file?
Linux keep user account information in a text file called /etc/passwd. This file also store one way encrypted password. This file is accessed by several tools to get user information, so file need to world readable. This is a security risk. To minimize the security risk you can use shadow password format. This method save account information in regular file /etc/passwd. However, the password is stored as a single "x" character (not actually stored in this file). A second file, called "/etc/shadow", contains encrypted password as well as other information such as account or password expiration values, etc. The /etc/shadow file is readable only by the root account and is therefore less of a security risk

What command should be used to make a tar archive to a disk file system located in /mnt/backup?
The correct command is tar -cvf /mnt/backup. The /mnt/backup directory should be on another machine to be fully effective as a backup strategy.
You have just finished the installation of sever. This server is going to be use as file server. Default installation have send mail service running, while this server will never send any e-mails. How should you deal with send mail service?
You should disable the send mail service if server is not being used for mail purpose. Leaving them running can increase the chance of a security vulnerability being exploited, and unauthorized use of sendmail relay.
What command can you use to back up an entire file system most efficiently?
The easiest command to use to back up an entire file system is the dump command. Files can be restored from a dump operation by using the restore command.
Which necessary steps should you take to enhance the security of server just after the initial installation?

• Kernel and packages should be upgraded to the latest versions.
• Unnecessary services and daemons should be disable.
• Enable and configure firewall
• Set a complex password policy.

While auditing user accounts, an administrator notices that one of the users has a blank password. What should he do to the account?
To prevent further use of the account, which is an immediate security risk, disable it and set a temporary password for the user for the next time they login.
Which backup strategy backs up all files that have changed since the last backup?
An incremental backup will only back up files that have changed since the last backup.
Your company has terminated a server administrator. What is first thing as an administrator should you do to enhance the security?
Because the server administrator knows the root password for the server, it should be changed immediately to prevent them from tampering with the system.
You are setting up an FTP server. Only company employees are allowed to use the FTP services. What should you configure on the FTP server to enhance security?
You should disable the anonymous FTP account, so that only users with a username and password can access the system.
What is the location of system configuration files that should be backed up on a regular basis?
The /etc directory contains most of the Linux system configuration files.
Which permission allows a user to run an executable with the permissions of the owner of that file?
The Set-User-ID is a special permission that allows a user to run an executable with the permissions of the owner of that file.
What command can you use to make a tape archive file of a /home directory, and send it to the /dev/tape device?
The correct command is tar -cvf /dev/tape /home.
The -xvf option is used to extract files from an archive.
Employees at your company are lazy in changing the password. As a system administrator what can you do to minimize the security risk?
You can setup a password policy which enforce user to change his password after a specific time periods.
Which program should you use to connect a system remotely?
You should always use SSH to connect a system remotely. SSH is a secure method that encrypts the entire session.
To save disk space, an administrator wants to backup files, and then remove them from the server permanently. What kind of backup operation is this?
An archive operation will take the files, back them up to a device, and then remove the files from the original server.
What does firewall do?
Firewall is a device or service which can be used to protect the network or system from other outside networks.

linux interview questions FOR RHCE

Which version of RHEL officially supports LUKS encryption?

From version 6 or higher LUKS encryption is officially supported by RHEL.

What is the default virtualization technology for RHEL6 ?

Default virtualization technology is KVM.

Can you configure KVM Virtual machine on 32 bit system ?

No, KVM virtualization requires at least 64 bit system.

What is default mode of SELinux during the installation of RHEL ?

• In RHEL5 you have to choose the mode which you want.
• From RHEL6 default mode is Enforcing during the installation.

However you can change the mode of SELinux after installation, only difference between RHEL5 and RHEL6 is that in RHEL5 asks you to choose the mode while RHEL6 does not let you to choose the mode during the installation.

Which remote management service is allowed through the default firewall and by default installed in RHEL?

By default SSH is always installed in RHEL. SSH uses port 22 which is allowed through the default firewall rules.

Which standard directory is used by vsFTP server for file sharing ?

Default Standard directory for ftp is /var/ftp/pub.

Which standard directory is used by Apache web server for HTML files ?

standard directory for HTML files is /var/www/html

What is the default partition layout during the installation ?

Default partition Layout is the LVM.

Which necessary partition cannot be a part of logical volume group ?

boot partition cannot be a part of logical volume group. You must have create it as a regular partition.

Which partitions are recommended for custom layout of partition ?

• /
• /boot
• /home
• swap

What step during the installation could you take to prevent a program from creating temporary files that fill up the entire space ?

You can create a separate /tmp partition prevents a program from creating temporary files that fill up the entire filesystem.

What is the kickstart ?

kickstart is a installation method used in RHEL. A kickstart installation is started from a kickstart file, which contains the answers to all the questions in the installation program.

Name any of two third party distribution based on RHEL6 source code.

CentOS and Scientific Linux

Which Log file contains all installation message?

install.log.syslog file contains all messages that were generated during the installation.

linux interview questions 1

What is Kerberos used for?

Kerberos is used for secure network logon.
Which partition store system configuration files in Linux system?
/etc partition stores system configuration files in Linux.
What is the purpose of the MD5 option on passwords?
MD5 is an encryption method that encrypts the password before saving.
Name any four general password rules for user account.

• Include at least eight total characters
• Use the string in an unrepeated way
• Avoid use words that can be found in the dictionary
• Avoid use dates of significance, such as a birthday or anniversary

A better method of password security is to create difficult-to-break passwords that are easy for the users to remember.
What is the alternative method to a GUI installation in Linux ?
Linux provides text base installation as the alternative method of GUI installation.
What is the purpose of the swapon command ?
swapon command is used to activate a already created swap partition. It cannot be used to create a new swap partition.

What is gzip?

gzip is a compression utility created by the GNU project.

What is tar?

tar is an archive utility that is used to create tape backups.
Which is the standard command used to uncompress gzip files?
The standard command used to uncompress gzip files is gunzip.
What is the RPM switch for only installing packages?
The command line switch for installing an RPM is -i.
What is the command used to install an RPM package named demofilename2.2-2.i386.rpm?
The most common command used to install an RPM package is rpm -ivh. Following command will install the given package
#rpm -ivh demofilename2.2-2.i386.rpm
What is the command used to remove an RPM package named demofilename2.2-2.i386.rpm?
The most common command used to remove an RPM package is rpm -evh. Following command will remove the given package
#rpm -evh demofilename2.2-2.i386.rpm
What is the command used to update an RPM package named demofilename2.2-2.i386.rpm?
The most common command used to update an RPM package is rpm -Uvh. Following command will update the given package and remove the old.
#rpm -Uvh demofilename2.2-2.i386.rpm

Which command is used to see which RPM version of gzip was installed on the system?
#rpm -q gzip
Where are the automatically mounted file systems listed?
The automatically mounted file systems are listed in the file /etc/fstab.
While installing the new RPM what common steps should take ?
You should follow these common steps

• Use RPM tools should be used to query or verify the installed packages to
• confirm the installation of any previous packages.
• Check the signature of new package
• RPM should be installed or upgraded by first using the test mode to verify that it works, and then it should be installed
• At the end query the RPM and verify the installation of RPM

Which organization controls the official releases and updates of the X Window System?
The X Consortium at www.x.org controls the official release and updating of the X Window System
PPP is most often used to create?
PPP is most often used to create serial point-to-point connections.
When attempting to connect to www.example.com you got unknown host message. Which service is most likely not functioning properly?
DNS
Samba is used to provide support for which protocol?
Samba is used to support the Microsoft SMB/CIFS systems.
What command is used to load a module into the kernel?
The insmod command is used to load a module into the kernel
Name one of the most secure method of remote access.
SSH is the most secure method of remote access
With respect to a Linux system’s RAM, how large should the swap file be?
Generally the size of the swap file should be twice the size of installed RAM.
How would you create a backup of the fstab file to the /backup folder?
Use cp command to create the backup.
#cp /etc/fstab /backup
What command is used to exit the edit mode of VI editor?
The [esc] key is used to exit from the edit mode of VI editor.
What key combination will exit from VI editor and not save the changes made?
Esc + q +! Key combination will exit VI without saving the changes.
What command would you use to create a file system on a new hard drive?
The mkfs command is used to create file systems.

What fstab file do?

The fstab file is used to automatically mount file systems.

What inittab file do?

The /etc/inittab file is used to perform the default state and terminal connections for a Linux system.
What command can you use to verify the current active shell?
The env command will display the current active shell.
Where is the file . bashrc located?
The . bashrc file is usually located in the /home/username directory.
What function does the .bash_profile file perform?
The function of the .bash_profile file is to provide login initialization commands.
What function does the .bash_logout file perform?
The function of the .bash_logout is to provide logout functions
What function does the .bashrc file perform?
The function of the .bashrc file is to provide shell configuration commands.

Install SquirrelMail to configure web-based mail

	Install SquirrelMail to configure web-based mail transfer system like yahoo mail or hotmail.   www.server.world - SquirrelMail installed Web Server   mail.server.world - SMTP/IMAP Server
[1]	Configure SMTP Server, refer to here.
[2]	Configure IMAP Server, refer to here.
[3]	Install PHP on Web Server, refer to here.
[4]	Configure SSL Settings on Web Server, refer to here.
[5]	Install SquirrelMail.

# install from EPEL [root@www ~]# yum --enablerepo=epel -y install squirrelmail [root@www ~]# wget http://www.squirrelmail.org/plugins/compatibility-2.0.16-1.0.tar.gz -P /usr/share/squirrelmail/plugins [root@www ~]# wget http://www.squirrelmail.org/plugins/empty_trash-2.0-1.2.2.tar.gz -P /usr/share/squirrelmail/plugins [root@www ~]# wget http://www.squirrelmail.org/plugins/secure_login-1.4-1.2.8.tar.gz -P /usr/share/squirrelmail/plugins [root@www ~]# tar zxvf /usr/share/squirrelmail/plugins/compatibility-2.0.16-1.0.tar.gz -C /usr/share/squirrelmail/plugins [root@www ~]# tar zxvf /usr/share/squirrelmail/plugins/empty_trash-2.0-1.2.2.tar.gz -C /usr/share/squirrelmail/plugins [root@www ~]# tar zxvf /usr/share/squirrelmail/plugins/secure_login-1.4-1.2.8.tar.gz -C /usr/share/squirrelmail/plugins [root@www ~]# rm -f /usr/share/squirrelmail/plugins/*.tar.gz # run setup script [root@www ~]# /usr/share/squirrelmail/config/conf.pl SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 1   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Organization Preferences 1. Organization Name : SquirrelMail 2. Organization Logo : ../images/sm_logo.png 3. Org. Logo Width/Height : (308/111) 4. Organization Title : SquirrelMail 5. Signout Page : 6. Top Frame : _top 7. Provider link : http://squirrelmail.org/ 8. Provider name : SquirrelMail R Return to Main Menu C Turn color off S Save data Q Quit Command >> 5   # change log-out page When users click the Sign Out button they will be logged out and then sent to signout_page. If signout_page is left empty, (hit space and then return) they will be taken, as normal, to the default and rather sparse SquirrelMail signout page. []: /webmail     # change log-out page SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Organization Preferences 1. Organization Name : SquirrelMail 2. Organization Logo : ../images/sm_logo.png 3. Org. Logo Width/Height : (308/111) 4. Organization Title : SquirrelMail 5. Signout Page : /webmail 6. Top Frame : _top 7. Provider link : http://squirrelmail.org/ 8. Provider name : SquirrelMail R Return to Main Menu C Turn color off S Save data Q Quit Command >> r   # back to main menu SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 2   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : localhost 2. Invert Time : false 3. Sendmail or SMTP : Sendmail A. Update IMAP Settings : localhost:143 (uw) B. Change Sendmail Config : /usr/sbin/sendmail R Return to Main Menu C Turn color off S Save data Q Quit Command >> 1   # change to your domain name The domain name is the suffix at the end of all email addresses. If for example, your email address is jdoe.com, then your domain would be example.com. [localhost]: server.world   # input your domain name SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : Sendmail A. Update IMAP Settings : localhost:143 (uw) B. Change Sendmail Config : /usr/sbin/sendmail R Return to Main Menu C Turn color off S Save data Q Quit Command >> 3   # select You now need to choose the method that you will use for sending messages in SquirrelMail. You can either connect to an SMTP server or use sendmail directly. 1. Sendmail 2. SMTP Your choice [1/2] [1]: 2   # change to SMTP SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP A. Update IMAP Settings : localhost:143 (uw) B. Change Sendmail Config : localhost:25 R Return to Main Menu C Turn color off S Save data Q Quit Command >> A   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP IMAP Settings -------------- 4. IMAP Server : localhost 5. IMAP Port : 143 6. Authentication type : login 7. Secure IMAP (TLS) : false 8. Server software : uw 9. Delimiter : / B. Update SMTP Settings : localhost:25 H. Hide IMAP Server Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> 4   # select This is the hostname where your IMAP server can be contacted. [localhost]: mail.server.world   # specify your IMAP server SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP IMAP Settings -------------- 4. IMAP Server : mail.server.world 5. IMAP Port : 143 6. Authentication type : login 7. Secure IMAP (TLS) : false 8. Server software : uw 9. Delimiter : / B. Update SMTP Settings : localhost:25 H. Hide IMAP Server Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> 8   # select Each IMAP server has its own quirks. As much as we tried to stick to standards, it doesn't help much if the IMAP server doesn't follow the same principles. We have made some work-arounds for some of these servers. If you would like to use them, please select your IMAP server. If you do not wish to use these work-arounds, you can set this to "other", and none will be used.    bincimap = Binc IMAP server    courier = Courier IMAP server    cyrus = Cyrus IMAP server    dovecot = Dovecot Secure IMAP server    exchange = Microsoft Exchange IMAP server    hmailserver = hMailServer    macosx = Mac OS X Mailserver    mercury32 = Mercury/32    uw = University of Washington's IMAP server    gmail = IMAP access to Google mail (Gmail) accounts    other = Not one of the above servers [uw]: dovecot   # select Dovecot SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP IMAP Settings -------------- 4. IMAP Server : mail.server.world 5. IMAP Port : 143 6. Authentication type : login 7. Secure IMAP (TLS) : false 8. Server software : dovecot 9. Delimiter : / B. Update SMTP Settings : localhost:25 H. Hide IMAP Server Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> 9   # select This is the delimiter that your IMAP server uses to distinguish between folders. For example, Cyrus uses '.' as the delimiter and a complete folder would look like 'INBOX.Friends.Bob', while UW uses '/' and would look like 'INBOX/Friends/Bob'. Normally this should be left at 'detect' but if you are sure you know what delimiter your server uses, you can specify it here. To have it autodetect the delimiter, set it to 'detect'. [/]: detect   # specify detect SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP IMAP Settings -------------- 4. IMAP Server : mail.server.world 5. IMAP Port : 143 6. Authentication type : login 7. Secure IMAP (TLS) : false 8. Server software : dovecot 9. Delimiter : detect B. Update SMTP Settings : localhost:25 H. Hide IMAP Server Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> B   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP SMTP Settings ------------- 4. SMTP Server : localhost 5. SMTP Port : 25 6. POP before SMTP : false 7. SMTP Authentication : none 8. Secure SMTP (TLS) : false 9. Header encryption key : A. Update IMAP Settings : mail.server.world:143 (dovecot) H. Hide SMTP Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> 4   # select This is the hostname of your SMTP server. [localhost]: mail.server.world   # specify SMTP server SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP SMTP Settings ------------- 4. SMTP Server : mail.server.world 5. SMTP Port : 25 6. POP before SMTP : false 7. SMTP Authentication : none 8. Secure SMTP (TLS) : false 9. Header encryption key : A. Update IMAP Settings : mail.server.world:143 (dovecot) H. Hide SMTP Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> 7   # select If you have already set the hostname and port number, I can try to automatically detect the mechanisms your SMTP server supports. Auto-detection is *optional* - you can safely say "n" here. Try to detect auth mechanisms? [y/N]: y   # yes (auto) Trying to detect supported methods (SMTP)... Testing none: SUPPORTED Testing login: SUPPORTED Testing CRAM-MD5: NOT SUPPORTED Testing DIGEST-MD5: NOT SUPPORTED What authentication mechanism do you want to use for SMTP connections? none - Your SMTP server does not require authorization. login - Plaintext. If you can do better, you probably should. cram-md5 - Slightly better than plaintext. digest-md5 - Privacy protection - better than cram-md5. *** YOUR SMTP SERVER MUST SUPPORT THE MECHANISM YOU CHOOSE HERE *** If you don't understand or are unsure, you probably want "none" none, login, cram-md5, or digest-md5 [none]: login   # select login SMTP authentication uses IMAP username and password by default. Would you like to use other login and password for all SquirrelMail SMTP connections? [y/N]: n SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Server Settings General ------- 1. Domain : server.world 2. Invert Time : false 3. Sendmail or SMTP : SMTP SMTP Settings ------------- 4. SMTP Server : mail.server.world 5. SMTP Port : 25 6. POP before SMTP : false 7. SMTP Authentication : login (with IMAP username and password) 8. Secure SMTP (TLS) : false 9. Header encryption key : A. Update IMAP Settings : mail.server.world:143 (dovecot) H. Hide SMTP Settings R Return to Main Menu C Turn color off S Save data Q Quit Command >> r   # back to main menu SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 10   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Language preferences 1. Default Language : en_US 2. Default Charset : iso-8859-1 3. Enable lossy encoding : falsev R Return to Main Menu C Turn color off S Save data Q Quit Command >> 1   # select SquirrelMail attempts to set the language in many ways. If it can not figure it out in another way, it will default to this language. Please use the code for the desired language. [en_US]: ja_JP   # specify your lang SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Language preferences 1. Default Language : ja_JP 2. Default Charset : iso-8859-1 3. Enable lossy encoding : false R Return to Main Menu C Turn color off S Save data Q Quit Command >> 2   # select This option controls what character set is used when sending mail and when sending HTML to the browser. This option is used only when default language is 'en_US'. [iso-8859-1]: iso-2022-jp   # specify your lang SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Language preferences 1. Default Language : ja_JP 2. Default Charset : iso-2022-jp 3. Enable lossy encoding : false R Return to Main Menu C Turn color off S Save data Q Quit Command >> r   # back to main menu SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 4   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- General Options 1. Data Directory : /var/lib/squirrelmail/prefs/ 2. Attachment Directory : /var/spool/squirrelmail/attach/ 3. Directory Hash Level : 0 4. Default Left Size : 150 5. Usernames in Lowercase : false 6. Allow use of priority : true 7. Hide SM attributions : false 8. Allow use of receipts : true 9. Allow editing of identity : true Allow editing of name : true Remove username from header : false 10. Allow server thread sort : true 11. Allow server-side sorting : true 12. Allow server charset search : true 13. Enable UID support : true 14. PHP session name : SQMSESSID 15. Location base : R Return to Main Menu C Turn color off S Save data Q Quit Command >> 7   # select Hide SM attributions (y/n) [n]: y   # Yes SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- General Options 1. Data Directory : /var/lib/squirrelmail/prefs/ 2. Attachment Directory : /var/spool/squirrelmail/attach/ 3. Directory Hash Level : 0 4. Default Left Size : 150 5. Usernames in Lowercase : false 6. Allow use of priority : true 7. Hide SM attributions : true 8. Allow use of receipts : true 9. Allow editing of identity : true Allow editing of name : true Remove username from header : false 10. Allow server thread sort : true 11. Allow server-side sorting : true 12. Allow server charset search : true 13. Enable UID support : true 14. PHP session name : SQMSESSID 15. Location base : R Return to Main Menu C Turn color off S Save data Q Quit Command >> r   # back to main menu SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Main Menu -- 1. Organization Preferences 2. Server Settings 3. Folder Defaults 4. General Options 5. Themes 6. Address Books 7. Message of the Day (MOTD) 8. Plugins 9. Database 10. Languages D. Set pre-defined settings for specific IMAP servers C Turn color off S Save data Q Quit Command >> 8   # select SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail Available Plugins: 4. listcommands 5. filters 6. fortune 7. mail_fetch 8. message_details 9. compatibility 10. calendar 11. translate 12. sent_subfolders 13. empty_trash 14. spamcop 15. bug_report 16. abook_take 17. info 18. secure_login 19. administrator R Return to Main Menu C Turn color off S Save data Q Quit Command >> 9   # add compatibility (number is different at an env) SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail 4. compatibility Available Plugins: 5. listcommands 6. filters 7. fortune 8. mail_fetch 9. message_details 10. calendar 11. translate 12. sent_subfolders 13. empty_trash 14. spamcop 15. bug_report 16. abook_take 17. info 18. secure_login 19. administrator R Return to Main Menu C Turn color off S Save data Q Quit Command >> 13   # add empty_trash (number is different at an env) SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail 4. compatibility 5. empty_trash Available Plugins: 6. listcommands 7. filters 8. fortune 9. mail_fetch 10. message_details 11. calendar 12. translate 13. sent_subfolders 14. spamcop 15. bug_report 16. abook_take 17. info 18. secure_login 19. administrator R Return to Main Menu C Turn color off S Save data Q Quit Command >> 18   # add secure_login (number is different at an env) SquirrelMail Configuration : Read: config.php (1.4.0) --------------------------------------------------------- Plugins Installed Plugins 1. delete_move_next 2. squirrelspell 3. newmail 4. compatibility 5. empty_trash 6. secure_login Available Plugins: 7. listcommands 8. filters 9. fortune 10. mail_fetch 11. message_details 12. calendar 13. translate 14. sent_subfolders 15. spamcop 16. bug_report 17. abook_take 18. info 19. administrator R Return to Main Menu C Turn color off S Save data Q Quit Command >> q   # quit You have not saved your data. Save? [Y/n]: y   # save Data saved in config.php Exiting conf.pl. You might want to test your configuration by browsing to http://your-squirrelmail-location/src/configtest.php Happy SquirrelMailing! [root@www ~]# cp /usr/share/squirrelmail/plugins/secure_login/config.sample.php /usr/share/squirrelmail/plugins/secure_login/config.php [root@www ~]# vi /usr/share/squirrelmail/plugins/secure_login/config.php # line 24: change (continue to connect with SSL after login) $change_back_to_http_after_login = 0 ; [root@www ~]# /etc/rc.d/init.d/httpd reload Reloading httpd:     [  OK  ]

[6]	Access to 'http://(your server's name or IP address/)/webmail/', then follwing sacreen is shown, authenticate your user name and password to login.

[7]	Just logined.

DNS SERVER CONFOGURATION

This article is a quick configuration manual of a Linux DNS server using bind. I believe that bind do not need much introduction, but before you proceed with the installation and configuration of bind nameserver make sure that bind DNS server is exactly what you want. Default setup and execution of bind on Debian or Ubuntu may take around 200MB of RAM with no zones added to the config file. Unless you reduce the memory usage of a bind via various bind "options" config settings, be prepared to have some spare RAM available just for this service. This fact is even more important if you pay for your own VPS server.

Another DNS nameservers available on a Linux systems are NSD ( Name Server Daemon) or djbdns ( tinydns ). Both are lightweight alternatives to bind9 DNS server and have less RAM requirements. Apparently are even faster.
In this article we will not go into details of what Domain Name Service ( DNS ) is nor how DNS works. Rather we simply concentrate in a simple configuration of a custom zone and config file for a given domain / host supporting www, mail services.
Sample scenario notes to help you ready this DNS bind howto:

• nameserver IP address 192.168.135.130
• sample domain / host: linuxconfig.org
• authoritative nameservers for a linuxconfig.org zone: ns1.linuxconfig.org ( 192.168.0.10 ) and ns2.linuxconfig.org ( 192.168.0.11 )
• www and mail services for linuxconfig.org will point to: 192.168.0.10

1. bind9 nameserver installation

Unless you prefer to install bind from a source code the installation is rather simple. On a Debian or Ubuntu Linux server you can install a bind nameserver with a following command:

apt-get install bind9 dnsutils

CentOS or Fedora alternative:

yum install bind dnsutils

dnsutils is not compulsory package to run bind webserver, but we will use a dig command which is part of this package as a testing tool of your bind configuration.

2. Creating a DNS zone file

At this stage we will need to create a new zone file for a domain linuxconfig.org. Navigate to /etc/bind/ directory execute following sequence of commands to navigate to zones/master/

cd /etc/bind
mkdir -p zones/master
cd zones/master/

/etc/bind/zones/master directory will contain a zone file for a linuxconfig.org domain. If you prefer to use another directory to hold this file you are free to do so. The following zone file db.linuxconfig.org will hold a DNS record to assist a nameserver resolve a fully qualified domain name to an IP address. Create and save db.linuxconfig.org with a following content:

;
; BIND data file for linuxconfig.org
;
$TTL    3h
@       IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1        ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
@       IN      NS      ns1.linuxconfig.org.
@       IN      NS      ns2.linuxconfig.org.


linuxconfig.org.    IN      MX      10      mail.linuxconfig.org.
linuxconfig.org.    IN      A       192.168.0.10
ns1                     IN      A       192.168.0.10
ns2                     IN      A       192.168.0.11
www                     IN      CNAME   linuxconfig.org.
mail                    IN      A       192.168.0.10
ftp                     IN      CNAME   linuxconfig.org.

Here is just a quick review of some lines from the above bind DNS zone file:

• SOA Record: nameserver authoritative for a zone linuxconfig.org is ns1.linuxconfig.org and admin.linuxconfig.org is an email address of a person responsible for this DNS zone.
• NS Records: two nameservers for a linuxconfig.org zone are ns[1,2].linuxconfig.org
• MX ( Mail Exchange): linuxconfig.org mail exachange record. Number 10 means a preference for discarting a records A : A simply means address inanother words in linuxconfig.org's zone a ns1 would ahve a A ( address ) 192.168.0.10.
• CNAME Record ( Canonical Name record ): restart the query using the canonical name instead of the original name

3. address-to-name mappings

At this stage the bind DNS server can resolve an IP address mapped to a linuxconfig.org host. What we should do now is the teach our nameserver the other way around, which is, to resolve a host from an IP address. For this we are going to need yet another file and that is db.192.168.0 with a following content:

PTR

;
; BIND reverse data file for 0.168.192.in-addr.arpa
;
$TTL    604800
0.168.192.in-addr.arpa.      IN      SOA     ns1.linuxconfig.org. admin.linuxconfig.org. (
                          1         ; Serial
                          3h       ; Refresh after 3 hours
                          1h       ; Retry after 1 hour
                          1w       ; Expire after 1 week
                          1h )     ; Negative caching TTL of 1 day
;
0.168.192.in-addr.arpa.       IN      NS      ns1.linuxconfig.org.
0.168.192.in-addr.arpa.       IN      NS      ns2.linuxconfig.org.

10.0.168.192.in-addr.arpa.   IN      PTR     linuxconfig.org.

• PTR: a NDS record used for a mapping of an IP address to a host name.

4. Updating a BIND Configuration File

At this point we should have two files ready:

• /etc/bind/zones/master/db.linuxconfig.org
• /etc/bind/zones/master/db.192.168.0

All we need to do now is to insert both zone file names into a bind's configuration file named.conf.local. To do that add following lines into this file:

zone "linuxconfig.org" {
       type master;
       file "/etc/bind/zones/master/db.linuxconfig.org";
};

zone "0.168.192.in-addr.arpa" {
       type master;
       file "/etc/bind/zones/master/db.192.168.0";
};

Last thing before we go ahead to check a configuration is to add and IP address af a stable DNS server to a named.conf.options file. This IP address is used in case that a local DNS server do not know the answer the a name resolution query. In IP address of a DNS server in many cases is provided by your Internet provider. Alternatively if you are google fan use 8.8.8.8 or 8.8.4.4.
Replace a following blog of text withing a named.conf.options file:

       // forwarders {
       //      0.0.0.0;
       // };

with new stable DNS server IP address

        forwarders {
              8.8.4.4;
         };

5. Checking bind's zone files and configuration

Before we attempt to start a bind nameserver with a new zone and configuration here are some tools to check if we have not done some typo or misconfiguration.

To check a configuration files run a following command:

named-checkconf

With this named-checkconf command the rule is: no news are good news. If no output had been produced your config files looks OK.
To check a DNS zone files we can use named-checkzone command:

named-checkzone linuxconfig.org /etc/bind/zones/master/db.linuxconfig.org
zone linuxconfig.org/IN: loaded serial 1
OK

reverse zone file check:

named-checkzone 0.168.192.in-addr.arpa /etc/bind/zones/master/db.192.168.0
zone 0.168.192.in-addr.arpa/IN: loaded serial 2
OK

6. Start / restart bind nameserver

At this point nothing can stop us to run bind9 dns server:

 /etc/init.d/bind9 start
Starting domain name service...: bind9.

Alternatively, if your bind server is already running use a following command to to assist you with its restart:

/etc/init.d/bind9 restart
Stopping domain name service...: bind9.
Starting domain name service...: bind9.

7. Testing a bind server configuration

A dig command from dnsutils package will become handy to help us to test a new configuration of bind nameserver.
dig command can be used from any PC which has a network access the your DNS server but preferably your should start your testing from a localhost. In our this case the IP address of our name server is 192.168.135.130. First we will test host-to-IP resolution:

dig @192.168.135.130 www.linuxconfig.org

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 www.linuxconfig.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60863
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;www.linuxconfig.org.           IN      A

;; ANSWER SECTION:
www.linuxconfig.org.    10800   IN      CNAME   linuxconfig.org.
linuxconfig.org.        10800   IN      A       192.168.0.10

;; AUTHORITY SECTION:
linuxconfig.org.        10800   IN      NS      ns2.linuxconfig.org.
linuxconfig.org.        10800   IN      NS      ns1.linuxconfig.org.

;; ADDITIONAL SECTION:
ns1.linuxconfig.org.    10800   IN      A       192.168.0.10
ns2.linuxconfig.org.    10800   IN      A       192.168.0.11

;; Query time: 0 msec
;; SERVER: 192.168.135.130#53(192.168.135.130)
;; WHEN: Thu Aug  5 18:50:48 2010
;; MSG SIZE  rcvd: 135

Next we test IP-to-host resolution:

dig @192.168.135.130 -x 192.168.0.10

; <<>> DiG 9.6-ESV-R1 <<>> @192.168.135.130 -x 192.168.0.10
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10810
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;10.0.168.192.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
10.0.168.192.in-addr.arpa. 604800 IN    PTR     linuxconfig.org.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 604800  IN      NS      ns2.linuxconfig.org.
0.168.192.in-addr.arpa. 604800  IN      NS      ns1.linuxconfig.org.

;; ADDITIONAL SECTION:
ns1.linuxconfig.org.    10800   IN      A       192.168.0.10
ns2.linuxconfig.org.    10800   IN      A       192.168.0.11

;; Query time: 0 msec
;; SERVER: 192.168.135.130#53(192.168.135.130)
;; WHEN: Thu Aug  5 18:52:06 2010
;; MSG SIZE  rcvd: 140

Congratulation. You have just created and configured your own DNS zone using bind nameserver.

LAMP CONFIGURATION METERIALS

This document will walk you through the installation of what is known as a "LAMP" system: Linux, Apache, MySQL and PHP. Depending on who you talk to, the P also stands for Perl or Python, but in general, it is assumed to be PHP. I run CentOS on my servers; these directions were written for CentOS/Red Hat/Fedora. I have had requests for SuSE (another RPM-based distribution) as well as Debian-based systems, so I will work on variants of these directions for those distributions in the future (donations might help speed that process up!). The main difference between the distributions is in the paths to the startup scripts. Red Hat systems used /etc/rc.d/init.d and SuSE uses /etc/init.d.
If you need an SSL-enabled server, I have a LAMP with SSL howto as well.
I designed this document so you can just copy/paste each line or block of commands into your shell session and it will "just work" for you. This avoids tedious typing, and the inevitable typos or missed steps that result. These commands work properly via copy/paste. If you are having problems and you are not using copy/paste, please re-check your typing before sending me an email saying "It doesn't work."

Text in a "command" box like this one is a literal Linux commandline, and should be typed or pasted exactly as written.

One note: many many people have followed these directions as written, and have not had any problems.
If you are having a problem, chances are it's something you are doing (or not doing), something different
about your computer, etc.

It is probably NOT this procedure. :)

Initial Steps

PLEASE BE AWARE THAT A SOURCE-BASED INSTALLATION LIKE THIS ONE IS NOT NEEDED FOR A BASIC LAMP SERVER! You should only be doing a source-based installation if you need to alter settings in one or more components of the LAMP stack (e.g., you need a feature in PHP that isn't in the default RPM). If you are just getting started with LAMP, use the binaries provided by your distribution - it is much simpler, and a lot easier to upgrade later.

Most out-of-the-box Red Hat Linux installations will have one or more of the LAMP components installed via RPM files. I personally believe in installing things like this from source, so I get the most control over what's compiled in, what's left out, etc. But source code installs can wreak havoc if overlaid on top of RPM installs, as the two most likely won't share the same directories, etc.
If you have not yet installed your Linux OS, or just for future reference, do not choose to install Apache, PHP, or MySQL during the system installation. Then you can immediately proceed with the source-based install listed here.
Note: to install applications from source code, you will need a C++ compiler (gcc++) installed. This is generally taken care of, but I've had enough queries about it that I've added this note to avoid getting more! You can use your distribution's install CDs to get the proper version of the compiler. Or, if you are using an RPM based distro, you can use a site like http://www.rpmfind.net/ to locate the correct RPM version for your system. (You will obviously not be able to use/rebuild a source RPM to get the compiler installed, as you need the compiler to build the final binary RPM!) On a Fedora system, you can do this command:

su - root
yum install gcc gcc-c++

Log in as root

Because we will be installing software to directories that "regular" users don't have write access to, and also possibly uninstalling RPM versions of some applications, we'll log in as root. The only steps that need root access are the actual installation steps, but by doing the configure and make steps as root, the source code will also be inaccessible to "regular" users.
If you do not have direct access (via keyboard) to the server, PLEASE use Secure Shell (SSH) to access the server and not telnet!! Whenever you use telnet (or plain FTP for that matter), you are transmitting your username, password, and all session information in "plain text". This means that anyone who can access a machine someplace between your PC and your server can snoop your session and get your info. Use encryption wherever possible!

su - root

Remove RPM Versions of the Applications

Before we start with our source code install, we need to remove all the existing RPM files for these products. To find out what RPMs are already installed, use the RPM query command:

rpm -qa

in conjunction with grep to filter your results:

rpm -qa | grep -i apache
rpm -qa | grep -i httpd
rpm -qa | grep -i php
rpm -qa | grep -i mysql

The 'httpd' search is in case you have Apache2 installed via RPM.

To remove the RPMs generated by these commands, do

rpm -e filename

for each RPM you found in the query. If you have any content in your MySQL database already, the RPM removal step should not delete the database files. When you reinstall MySQL, you should be able to move all those files to your new MySQL data directory and have access to them all again.

Get the Source Code for all Applications

We want to put all our source code someplace central, so it's not getting mixed up in someone's home directory, etc.

cd /usr/local/src

One way application source code is distributed is in what are known as "tarballs." The tar command is usually associated with making tape backups - tar stands for Tape ARchive. It's also a handy way to pack up multiple files for easy distribution. Use the man tar command to learn more about how to use this very flexible tool.
At the time of updating this, the current versions of all the components we'll use are:

MySQL - 4.1.22
Apache - 1.3.37
PHP - 4.4.6

Please note: these are the only versions of these that I have set up myself, and verified these steps against. If you use another version of any component, especially a newer version, this HOWTO may not be accurate, and I won't be able to provide free support under those circumstances. Paid support and assistance is always available however.

wget http://www.php.net/distributions/php-4.4.6.tar.gz
wget http://apache.oregonstate.edu/httpd/apache_1.3.37.tar.gz

There may be an Apache mirror closer to you - check their mirror page for other sources. Then insert the URL you get in place of the above for the wget command.
For MySQL, go to http://www.mysql.com/ and choose an appropriate mirror to get the newest MySQL version (v4.1.22).

Unpack the Source Code

tar zxf php-4.4.6.tar.gz
tar zxf apache_1.3.37.tar.gz
tar zxf mysql-4.1.22.tar.gz

This should leave you with the following directories:

/usr/local/src/php-4.4.6
/usr/local/src/apache_1.3.37
/usr/local/src/mysql-4.1.22

Build and Install MySQL

First, we create the group and user that "owns" MySQL. For security purposes, we don't want MySQL running as root on the system. To be able to easily identify MySQL processes in top or a ps list, we'll make a user and group named mysql:

groupadd mysql
useradd -g mysql -c "MySQL Server" mysql

If you get any messages about the group or user already existing, that's fine. The goal is just to make sure we have them on the system.
What the useradd command is doing is creating a user mysql in the group mysql with the "name" of MySQL Server. This way when it's showed in various user and process watching apps, you'll be able to tell what it is right away.
Now we'll change to the "working" directory where the source code is, change the file 'ownership' for the source tree (this prevents build issues in reported in some cases where the packager's username was included on the source and you aren't using the exact same name to compile with!) and start building.
The configure command has many options you can specify. I have listed some fairly common ones; if you'd like to see others, do:

./configure --help | less

to see them all. Read the documentation on the MySQL website for a more detailed explanation of each option.

cd /usr/local/src/mysql-4.1.22

chown -R root.root *

make clean

./configure \
--prefix=/usr/local/mysql \
--localstatedir=/usr/local/mysql/data \
--disable-maintainer-mode \
--with-mysqld-user=mysql \
--with-unix-socket-path=/tmp/mysql.sock \
--without-comment \
--without-debug \
--without-bench

18-Jul-2005: If you are installing MySQL 4.0.x on Fedora Core 4, there is a problem with LinuxThreads that prevents MySQL from compiling properly. Installing on Fedora Core 3 works fine though. Thanks to Kevin Spencer for bringing this to my attention. There is a workaround listed at http://bugs.mysql.com/bug.php?id=9497. Thanks to Collin Campbell for that link. Another solution can be found at http://bugs.mysql.com/bug.php?id=2173. Thanks to Kaloyan Raev for that one.

Now comes the long part, where the source code is actually compiled and then installed. Plan to get some coffee or take a break while this step runs. It could be 10-15 minutes or more, depending on your system's free memory, load average, etc.

make && make install

Configure MySQL

MySQL is "installed" but we have a few more steps until it's actually "done" and ready to start. First run the script which actually sets up MySQL's internal database (named, oddly enough, mysql).

./scripts/mysql_install_db

Then we want to set the proper ownership for the MySQL directories and data files, so that only MySQL (and root) can do anything with them.

chown -R root:mysql /usr/local/mysql
chown -R mysql:mysql /usr/local/mysql/data

Copy the default configuration file for the expected size of the database (small, medium, large, huge)

cp support-files/my-medium.cnf /etc/my.cnf
chown root:sys /etc/my.cnf
chmod 644 /etc/my.cnf

If you get an error message about the data directory not existing, etc., something went wrong in the mysql_install_db step above. Go back and review that; make sure you didn't get some sort of error message when you ran it, etc.

Now we have to tell the system where to find some of the dynamic libraries that MySQL will need to run. We use dynamic libraries instead of static to keep the memory usage of the MySQL program itself to a minimum.

echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
ldconfig

Now create a startup script, which enables MySQL auto-start each time your server is restarted.

cp ./support-files/mysql.server /etc/rc.d/init.d/mysql
chmod +x /etc/rc.d/init.d/mysql
/sbin/chkconfig --level 3 mysql on

Then set up symlinks for all the MySQL binaries, so they can be run from anyplace without having to include/specify long paths, etc.

cd /usr/local/mysql/bin
for file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done

MySQL Security Issues

First, we will assume that only applications on the same server will be allowed to access the database (i.e., not a program running on a physically separate server). So we'll tell MySQL not to even listen on port 3306 for TCP connections like it does by default.
Edit /etc/my.cnf and uncomment the

skip-networking

line (delete the leading #).
For more security info, check out this MySQL security tutorial.

Start MySQL

First, test the linked copy of the startup script in the normal server runlevel start directory, to make sure the symlink was properly set up:

cd ~
/etc/rc.d/rc3.d/S90mysql start

If you ever want to manually start or stop the MySQL server, use these commands:

/etc/rc.d/init.d/mysql start
/etc/rc.d/init.d/mysql stop

Let's "test" the install to see what version of MySQL we're running now:

mysqladmin version

It should answer back with the version we've just installed...
Now we'll set a password for the MySQL root user (note that the MySQL root user is not the same as the system root user, and definitely should not have the same password as the system root user!).

mysqladmin -u root password new-password

(obviously, insert your own password in the above command instead of the "new-password" string!)

You're done! MySQL is now installed and running on your server. It is highly recommended that you read about MySQL security and lock down your server as much as possible. The MySQL site has info at http://www.mysql.com/doc/en/Privilege_system.html.

Test MySQL

To run a quick test, use the command line program mysql:

mysql -u root -p

and enter your new root user password when prompted. You will then see the MySQL prompt:

mysql>

First, while we're in here, we'll take care of another security issue and delete the sample database test and all default accounts except for the MySQL root user. Enter each of these lines at the mysql> prompt:

drop database test;
use mysql;
delete from db;
delete from user where not (host="localhost" and user="root");
flush privileges;

As another security measure, I like to change the MySQL administrator account name from root to something harder to guess. This will make it that much harder for someone who gains shell access to your server to take control of MySQL.

MAKE SURE YOU REMEMBER THIS NEW NAME, AND USE IT WHEREVER
YOU SEE "root" IN OTHER DIRECTIONS, WEBSITES, ETC.

ONCE YOU DO THIS STEP, THE USERNAME "root" WILL CEASE TO
EXIST IN YOUR MYSQL CONFIGURATION!

update user set user="sqladmin" where user="root";
flush privileges;

Now, on with the "standard" testing... First, create a new database:

create database foo;

You should see the result:

Query OK, 1 row affected (0.04 sec)

mysql>

Delete the database:

drop database foo;

You should see the result:

Query OK, 0 rows affected (0.06 sec)

mysql>

To exit from mysql enter \q:

\q

Build and Install Apache (with DSO support)

The advantage to building Apache with support for dynamically loaded modules is that in the future, you can add functionality to your webserver by just compiling and installing modules, and restarting the webserver. If the features were compiled into Apache, you would need to rebuild Apache from scratch every time you wanted to add or update a module (like PHP). Your Apache binary is also smaller, which means more efficient memory usage.
The downside to dynamic modules is a slight performance hit compared to having the modules compiled in.

cd /usr/local/src/apache_1.3.37

make clean

./configure \
--prefix=/usr/local/apache \
--enable-shared=max \
--enable-module=rewrite \
--enable-module=so

make && make install

Build and Install PHP

This section has only been tested with PHP v4.x. If you are trying to build PHP 5.x, I do not have experience with this yet, and do not provide free support for you to get it working. Please note that there are many options which can be selected when compiling PHP. Some will have library dependencies, meaning certain software may need to be already installed on your server before you start building PHP. You can use the command

./configure --help | less

once you change into the PHP source directory. This will show you a list of all possible configuration switches. For more information on what these switches are, please check the PHP website documentation.

cd /usr/local/src/php-4.4.6

./configure \
--with-apxs=/usr/local/apache/bin/apxs \
--disable-debug \
--enable-ftp \
--enable-inline-optimization \
--enable-magic-quotes \
--enable-mbstring \
--enable-mm=shared \
--enable-safe-mode \
--enable-track-vars \
--enable-trans-sid \
--enable-wddx=shared \
--enable-xml \
--with-dom \
--with-gd \
--with-gettext \
--with-mysql=/usr/local/mysql \
--with-regex=system \
--with-xml \
--with-zlib-dir=/usr/lib

make && make install

cp php.ini-dist /usr/local/lib/php.ini

I like to keep my config files all together in /etc. I set up a symbolic link like this:

ln -s /usr/local/lib/php.ini /etc/php.ini

Then I can just open /etc/php.ini in my editor to make changes.
Recommended reading on securing your PHP installation is this article at SecurityFocus.com.

Edit the Apache Configuration File (httpd.conf)

I like to keep all my configuration files together in /etc, so I set up a symbolic link from the actual location to /etc:

ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf

Now open /etc/httpd.conf in your favorite text editor, and set all the basic Apache options in accordance with the official Apache instructions (beyond the scope of this HOWTO).
Also recommended is the article on securing Apache.
To ensure your PHP files are properly interpreted, and not just downloaded as text files, remove the # at the beginning of the lines which read:

#AddType application/x-httpd-php .php
#AddType application/x-httpd-php-source .phps

If the AddType lines above don't exist, manually enter them (without the leading # of course) after the line

AddType application/x-tar .tgz

or anyplace within the <IfModule mod_mime.c> section of httpd.conf.
If you wish to use other/additional extensions/filetypes for your PHP scripts instead of just .php, add them to the AddType directive:

AddType application/x-httpd-php .php .foo
AddType application/x-httpd-php-source .phps .phtmls

An example: if you wanted every single HTML page to be parsed and processed like a PHP script, just add .htm and .html:

AddType application/x-httpd-php .php .htm .html

There will be a bit of a performance loss if every single HTML page is being checked for PHP code even if it doesn't contain any. But if you want to use PHP but be "stealthy" about it, you can use this trick.
Add index.php to the list of valid Directory Index files so that your "default page" in a directory can be named index.php.

<IfModule mod_dir.c>
    DirectoryIndex index.php index.htm index.html
</IfModule>

You can add anything else you want here too. If you want foobar.baz to be a valid directory index page, just add the .baz filetype to the AddType line, and add foobar.baz to the DirectoryIndex line.

Start Apache

We want to set Apache up with a normal start/stop script in /etc/rc.d/init.d so it can be auto-started and controlled like other system daemons. Set up a symbolic link for the apachectl utility (installed automatically as part of Apache):

ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/apache

Then set up auto-start for runlevel 3 (where the server will go by default):

ln -s /etc/rc.d/init.d/apache /etc/rc.d/rc3.d/S90apache

Then start the daemon:

/etc/rc.d/init.d/apache start

You can check that it's running properly by doing:

ps -ef

and look for the httpd processes.

system admin helping tools

We know how administrators love free tools that make their life easier. Here are 20 of the best free tools for monitoring devices, services, ports or protocols and analyzing traffic on your network. Even if you may have heard of some of these tools before, we’re sure you’ll find a gem or two amongst this list – and if you know of any others, leave us a comment below!

1. Microsoft Network Monitor

Microsoft Network Monitor is a packet analyzer that allows you to capture, view and analyze network traffic. This tool is handy for troubleshooting network problems and applications on the network. Main features include support for over 300 public and Microsoft proprietary protocols, simultaneous capture sessions, a Wireless Monitor Mode and sniffing of promiscuous mode traffic, amongst others.

When you launch Microsoft Network Monitor, choose which adapter to bind to from the main window and then click “New Capture” to initiate a new capture tab. Within the Capture tab, click “Capture Settings” to change filter options, adapter options, or global settings accordingly and then hit “Start” to initiate the packet capture process.

2. Nagios

Nagios is a powerful network monitoring tool that helps you to ensure that your critical systems, applications and services are always up and running. It provides features such as alerting, event handling and reporting. The Nagios Core is the heart of the application that contains the core monitoring engine and a basic web UI. On top of the Nagios Core, you are able to implement plugins that will allow you to monitor services, applications, and metrics, a chosen frontend as well as add-ons for data visualisation, graphs, load distribution, and MySQL database support, amongst others.
Tip: If you want to try out Nagios without needing to install and configure it from scratch, download Nagios XI from here and enable the free version. Nagios XI is the pre-configured enterprise class version built upon Nagios Core and is backed by a commercial company that offers support and additional features such as more plugins and advanced reporting.
Note: The free version of Nagios XI is ideal for smaller environments and will monitor up to seven nodes.

Once you’ve installed and configured Nagios, launch the Web UI and begin to configure host groups and service groups. Once Nagios has had some time to monitor the status of the specified hosts and services, it can start to paint a picture of what the health of your systems look like.

3. OpenNMS

OpenNMS is an open source enterprise grade network management application that offers automated discovery, event and notification management, performance measurement, and service assurance features. OpenNMS includes a client app for the iPhone, iPad or iPod Touch for on-the-go access, giving you the ability to view outages, nodes, alarms and add an interface to monitor.

Once you successfully login to the OpenNMS web UI, use the dashboard to get a quick ‘snapshot view’ of any outages, alarms or notifications. You can drill down and get more information about any of these sections from the Status drop down menu. The Reports section allows you to generate reports to send by e-mail or download as a PDF.

4. Advanced IP Scanner

Advanced IP Scanner is a fast and easy to use network scanner that detects any network devices (including wireless devices such as mobile phones, printers and WIFI routers) on your network. It allows you to connect to common services such as HTTP, FTP and shared folders if they are enabled on the remote machine. You are also able to wake up and shut down remote computers.

The installer allows you to fully install the application on your machine or run the portable version. When you launch Advanced IP Scanner, start by going to Settings > Options to select which resources to scan and how fast/accurate you want the results to be. You can then choose which subnet to scan and proceed with pressing the “Scan” button. Once the scan is complete, expand the results to see which resources you are able to connect to for each discovered device.

5. Capsa Free

Capsa Free is a network analyzer that allows you to monitor network traffic, troubleshoot network issues and analyze packets. Features include support for over 300 network protocols (including the ability to create and customize protocols), MSN and Yahoo Messenger filters, email monitor and auto-save, and customizable reports and dashboards.

When you launch Capsa, choose the adapter you want it to bind to and click “Start” to initiate the capture process. Use the tabs in the main window to view the dashboard, a summary of the traffic statistics, the TCP/UDP conversations, as well as packet analysis.

6. Fiddler

Fiddler is a web debugging tool that captures HTTP traffic between chosen computers and the Internet. It allows you to analyze incoming and outgoing data to monitor and modify requests and responses before they hit the browser. Fiddler gives you extremely detailed information about HTTP traffic and can be used for testing the performance of your websites or security testing of your web applications (e.g. Fiddler can decrypt HTTPS traffic).

When you launch Fiddler, HTTP traffic will start to be captured automatically. To toggle traffic capturing, hit F12. You can choose which processes you wish to capture HTTP traffic for by clicking on “All Processes” in the bottom status bar, or by dragging the “Any Process” icon from the top menu bar onto an open application.

7. NetworkMiner

NetworkMiner captures network packets and then parses the data to extract files and images, helping you to reconstruct events that a user has taken on the network – it can also do this by parsing a pre-captured PCAP file. You can enter keywords which will be highlighted as network packets are being captured. NetworkMiner is classed as a Network Forensic Analysis Tool (NFAT) that can obtain information such as hostname, operating system and open ports from hosts.

In the example above, I set NetworkMiner to capture packets, opened a web browser and searched for “soccer” as a keyword on Google Images. The images displayed in the Images tab are what I saw during my browser session.
When you load NetworkMiner, choose a network adapter to bind to and hit the “Start” button to initiate the packet capture process.

8. Pandora FMS

Pandora FMS is a performance monitoring, network monitoring and availability management tool that keeps an eye on servers, applications and communications. It has an advanced event correlation system that allows you to create alerts based on events from different sources and notify administrators before an issue escalates.

When you login to the Pandora FMS Web UI, start by going to the ‘Agent detail’ and ‘Services’ node from the left hand navigation pane. From here, you can configure monitoring agents and services.

9. Zenoss Core

Zenoss Core is a powerful open source IT monitoring platform that monitors applications, servers, storage, networking and virtualization to provide availability and performance statistics. It also has a high performance event handling system and an advanced notification system.

Once you login to Zenoss Core Web UI for the first time, you are presented with a two-step wizard that asks you to create user accounts and add your first few devices / hosts to monitor. You are then taken directly to the Dashboard tab. Use the Dashboard, Events, Infrastructure, Reports and Advanced tabs to configure Zenoss Core and review reports and events that need attention.

10. PRTG Network Monitor Freeware

PRTG Network Monitor monitors network availability and network usage using a variety of protocols including SNMP, Netflow and WMI. It is a powerful tool that offers an easy to use web-based interface and apps for iOS and Android. Amongst others, PRTG Network Monitor’s key features include:
(1) Comprehensive Network Monitoring which offers more than 170 sensor types for application monitoring, virtual server monitoring, SLA monitoring, QoS monitoring
(2) Flexible Alerting, including 9 different notification methods, status alerts, limit alerts, threshold alerts, conditional alerts, and alert scheduling
(3) In-Depth Reporting, including the ability to create reports in HTML/PDF format, scheduled reports, as well as pre-defined reports (e.g. Top 100 Ping Times) and report templates.
Note: The Freeware version of PRTG Network Monitor is limited to 10 sensors.

When you launch PRTG Network Monitor, head straight to the configuration wizard to get started. This wizard will run you through the main configuration settings required to get the application up and running, including the adding of servers to monitors and which sensors to use.

11. The Dude

The Dude is a network monitoring tool that monitors devices and alerts you when there is a problem. It can also automatically scan all devices on a given subnet and then draw and layout a map of your network.

When you launch The Dude, you first choose to connect to a local or remote network and specify credentials accordingly. Click ‘Settings’ to configure options for SNMP, Polling, Syslog and Reports.

12 Splunk

Splunk is a data collection and analysis platform that allows you to monitor, gather and analyze data from different sources on your network (e.g. event logs, devices, services, TCP/UDP traffic, etc). You can set up alerts to notify you when something is wrong or use Splunk’s extensive search, reporting and dashboard features to make the most of the collected data. Splunk also allows you to install ‘Apps’ to extend system functionality.
Note: When you first download and install Splunk, it automatically installs the Enterprise version for you to trial for 60 days before switching to the Free version. To switch to the Free version straight away, go to Manager > Licensing.

When you login to the Splunk web UI for the first time, add a data source and configure your indexes to get started. Once you do this you can then create reports, build dashboards, and search and analyze data.

13. Angry IP Scanner

Angry IP Scanner is standalone application that facilitates IP address and port scanning. It is used to scan a range of IP addresses to find hosts that are alive and obtain information about them (including MAC address, open ports, hostname, ping time, NetBios information, etc).

When you execute the application, go to Tools > Preferences to configure Scanning and Port options, then go to Tools > Fetchers to choose what information to gather from each scanned IP address.

14 Icinga 2

Icigna is a Linux based fully open source monitoring application which checks the availability of network resources and immediately notifies users when something goes down. Icigna provides business intelligence data for in depth analysis and a powerful command line interface.

When you first launch the Icigna web UI, you are prompted for credentials. Once you’ve authenticated, use the navigation menu on the left hand side to manage the configuration of hosts, view the dashboard, reports, see a history of events, and more.

15. Total Network Monitor

Total Network Monitor continuously monitors hosts and services on the local network, notifying you of any issues that require attention via a detailed report of the problem. The result of each probe is classified using green, red, or black colors to quickly show whether the probe was successful, had a negative result or wasn’t able to complete.

When you launch Total Network Monitor, go to Tools > Scan Wizard to have the wizard scan a specified network range automatically and assign the discovered hosts to a group. Alternatively, create a new group manually to start adding devices/hosts individually.

16. NetXMS

NetXMS is a multi-platform network management and monitoring system that offers event management, performance monitoring, alerting, reporting and graphing for the entire IT infrastructure model. NetXMS’s main features include support for multiple operating systems and database engines, distributed network monitoring, auto-discovery, and business impact analysis tools, amongst others. NetXMS gives you the option to run a web-based interface or a management console.

Once you login to NetXMS you need to first go to the “Server Configuration” window to change a few settings that are dependent on your network requirements (e.g. changing the number of data collection handlers or enabling network discovery). You can then run the Network Discovery option for NetXMS to automatically discover devices on your network, or add new nodes by right clicking on “Infrastructure Services” and selecting Tools > Create Node.

17. Xymon

Xymon is a web-based system – designed to run on Unix-based systems – that allows you to dive deep into the configuration, performance and real-time statistics of your networking environment. It offers monitoring capabilities with historical data, reporting and performance graphs.

Once you’ve installed Xymon, the first place you need to go is the hosts.cfg file to add the hosts that you are going to monitor. Here, you add information such as the host IP address, the network services to be monitored, what URLs to check, and so on.
When you launch the Xymon Web UI, the main page lists the systems and services being monitored by Xymon. Clicking on each system or service allows you to bring up status information about a particular host and then drill down to view specific information such as CPU utilization, memory consumption, RAID status, etc.

18. WirelessNetView

WirelessNetView is a lightweight utility (available as a standalone executable or installation package) that monitors the activity of reachable wireless networks and displays information related to them, such as SSID, Signal Quality, MAC Address, Channel Number, Cipher Algorithm, etc.

As soon as you execute WirelessNetView, it automatically populates a list of all reachable Wi-Fi networks in the area and displays information relevant to them (all columns are enabled by default).
Note: Wireless Network Watcher is a small utility that goes hand in hand with WirelessNetView. It scans your wireless network and displays a list of all computers and devices that are currently connected, showing information such as IP adddress, MAC address, computer name and NIC card manufacturer – all of which can be exported to a html/xml/csv/txt file.

19. Xirrus Wi-Fi Inspector

Xirrus Wi-Fi Inspector can be used to search for Wi-Fi networks, manage and troubleshoot connections, verify Wi-Fi coverage, locate Wi-Fi devices and detect rogue Access Points. Xirrus Wi-Fi Inspector comes with built-in connection, quality and speed tests.

Once you launch Wi-Fi Inspector and choose an adapter, a list of available Wi-Fi connections is displayed in the “Networks” pane. Details related to your current Wi-Fi connection are displayed in the top right hand corner. Everything pretty much happens from the top ribbon bar – you can run a test, change the layout, edit settings, refresh connections, etc.

20. WireShark

This list wouldn’t be complete without the ever popular WireShark. WireShark is an interactive network protocol analyzer and capture utility. It provides for in-depth inspection of hundreds of protocols and runs on multiple platforms.

When you launch Wireshark, choose which interface you want to bind to and click the green shark fin icon to get going. Packets will immediately start to be captured. Once you’ve collected what you need, you can export the data to a file for analysis in another application or use the in-built filter to drill down and analyze the captured packets at a deeper level from within Wireshark itself.
Are there any free tools not on this list that you’ve found useful and would like to share with the community? Then leave us a comment below and let us know!
And there’s more! If you’re a sys admin that’s been faced with malware infection, cracked passwords, defaced website, compromised DNS, licensing violations, stolen hardware and other issues which can cause cardiac arrest? We have what you need! Download this free e-book: First Aid Kit for Admins today!