Category: Linux

Migrate From CentOS 8 to Rocky Linux 8

Posted on by Admin

Rocky Linux 8 is one to one RHEL binary compatible Linux OS, its latest stable release 8.4 has been released. Thus, if you want to migrate from CentOS 8 to Rocky Linux, then here is the tutorial using the official migrate2rocky script.

Steps to migrate CentOS 8 to Rocky Linux 8

Before performing the below CentOS 8 to Rocky migration commands, make sure you have a backup for your system. Because many times few applications might not work after migration, thus, it would be a wise idea to take a full system snapshot.

1. Run system update & upgrade

The first thing we have to perform is to ensure that all the packages installed on our existing CentOS 8 are up to date and have their latest version. For this run the system update and upgrade command using DNF package manager.

sudo dnf update && sudo dnf upgrade

2. Migrate CentOS to Rocky using Script

Rocky developers have created a script called  migrate2rocky available on the Github page of this Linux. Let’s download it on the existing CentOS system that we want to convert.

wget https://raw.githubusercontent.com/rocky-linux/rocky-tools/main/migrate2rocky/migrate2rocky.sh

3. Change Script Permission

Change the permission of the downloaded script, so that we can execute it on our Linux operating system.

sudo chmod +x migrate2rocky.sh

4. Execute Script

The script will automatically change the CentOS 8 Linux repositories, GPG keys, logo, and other things to Rocky Linux. It may take some time depending upon your existing system size.

sudo bash migrate2rocky.sh -r

Once the migration is completed, you will get:

Done, please reboot your system.
A log of this installation can be found at /var/log/migrate2rocky.log

Now, sync the command and then simply reboot your system.

sudo dnf distro-sync -y 
sudo reboot

5. Verify & Check OS Version

To confirm you have successfully migrated to Rocky Linux, let’s check the OS version. 

cat /etc/os-release
magento

Install Magento on Ubuntu 18.04 with Nginx & Lets Encrypt Certificate

Posted on by Admin

Magento open source is a fantastic platform. Get your stores online with Magento Setup. This tutorial you to setup Magento with high performance Web Server – Nginx and secure the same with Lets Encrypt SSL Certificate.

Pre-Requisites
  • Server with Ubuntu – 18.0.4
  • SSH – Enabled
  • HTTP & HTTPS Ports enabled and should be accessible over the Web
SSH to your instance and let’s update and install dependencies, MySQL and Nginx
sudo apt update && sudo apt upgrade
sudo apt install unzip certbot
sudo apt-get -y install nginx
sudo apt install mysql-server
Let secure the Database & Create your DB Root Password
sudo mysql_secure_installation
Login to MySQL command line and execute the following queries to create database and user for magneto database access
CREATE DATABASE magentodb;

CREATE USER 'magentoadmin'@'localhost' IDENTIFIED BY 'yourpassword';

GRANT ALL PRIVILEGES ON magentodb.* TO ‘magentoadmin’@’localhost';

FLUSH PRIVILEGES;

exit;
Next we want to create the magneto user, group, folder and give correct permissions
sudo useradd -m -U -r -d /opt/magento magento

sudo usermod -a -G magento www-data

mkdir /opt/magento/public_html

sudo chmod 750 /opt/magento
Install PHP dependencies
sudo apt install php7.2-common php7.2-cli php7.2-fpm php7.2-opcache php7.2-gd php7.2-mysql php7.2-curl php7.2-intl php7.2-xsl php7.2-mbstring php7.2-zip php7.2-bcmath php7.2-soap
Configure PHP parameters for Magento requirements
sudo sed -i 's/memory_limit = .*/memory_limit = 2048M/' /etc/php/7.2/fpm/php.ini

sudo sed -i 's/upload_max_filesize = .*/upload_max_filesize = 256M/' /etc/php/7.2/fpm/php.ini

sudo sed -i 's/zlib.output_compression = .*/zlib.output_compression = on/' /etc/php/7.2/fpm/php.ini

sudo sed -i 's/max_execution_time = .*/max_execution_time = 18000/' /etc/php/7.2/fpm/php.ini

sudo sed -i 's/;date.timezone.*/date.timezone = UTC/' /etc/php/7.2/fpm/php.ini

sudo sed -i 's/;opcache.save_comments.*/opcache.save_comments = 1/' /etc/php/7.2/fpm/php.ini
Now we will create PHP Magento Config File
vim /etc/php/7.2/fpm/pool.d/magento.conf

user = magento
group = www-data
listen.owner = magento
listen.group = www-data
listen = /var/run/php/php7.2-fpm-magento.sock
pm = ondemand
pm.max_children = 50
pm.process_idle_timeout = 10s
pm.max_requests = 500
chdir = /
Restart PHP FPM to reload the config
sudo systemctl restart php7.2-fpm
Now Let’s Download and Install composer
curl -sS https://getcomposer.org/installer -o composer-setup.php

php composer-setup.php --install-dir=/usr/local/bin --filename=composer
For better security, we want to generate a Diffie-Hellman parameters strong enough
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Now let us install Magento via the composer method
sudo su — magento

composer create-project — repository-url=https://repo.magento.com/ magento/project-community-edition /opt/magento/public_html

cd ~/public_html

php bin/magento setup:install --base-url=https://yourwebsite.com/ --base-url-secure=https://mywebsite.com/ --admin-firstname=FirstName --admin-lastname=LastName --admin-email="[email protected]" --admin-user=admin --admin-password="youradminpassword" --db-host=localhost --db-name=magentodb --db-user=magentoadmin --db-password=yourdbpassword --currency=USD --timezone=America/Chicago --use-rewrites=1

php ~/public_html/bin/magento cron:install
Create Config File
sudo vim /etc/nginx/sites-available/mywebsite.com
Add below mentioned configuration in above mentioned file “mywebsite.com”
upstream fastcgi_backend {
    server unix:/var/run/php/php7.2-fpm-magento.sock;
}
server {
    listen 80;
    server_name mywebsite.com;
    include snippets/letsencrypt.conf;
    return 301 https://mywebsite.com$request_uri;
}
server {
    listen 443 ssl http2;
    server_name mywebsite.com;
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/mywebsite.com/chain.pem;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
    ssl_prefer_server_ciphers on;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 30s;
    keepalive_timeout 300s;
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
	add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
    include snippets/letsencrypt.conf;
    set $MAGE_ROOT /opt/magento/public_html;
    set $MAGE_MODE developer; # or production
    access_log /var/log/nginx/mywebsite.com-access.log;
    error_log /var/log/nginx/mywebsite.com-error.log;
    include /opt/magento/public_html/nginx.conf.sample;
}
Create Link
ln -s /etc/magento/sites-available/mywebsite.com /etc/magento/sites-enabled/
Test, Reload and Restart Nginx Service
nginx -t

sudo service nginx reload

sudo service nginx restart
Now We will secure the same using Let’s Encrypt Certificate. Switch to Root user and perform below mentioned steps
sudo su
mkdir -p /var/lib/letsencrypt/.well-known
chgrp www-data /var/lib/letsencrypt
chmod g+s /var/lib/letsencrypt
Create Config for Letsencrypt
vim /etc/nginx/snippets/letsencrypt.conf

#Add below mentioned content in above conf file.

location ^~ /.well-known/acme-challenge/ {
    allow all;
    default_type “text/plain”;
    rewrite /.well-known/acme-challenge/(.*) /$1 break;
    root /var/lib/letsencrypt/;
    try_files $uri =404;
}
Generate Certificate (Make sure – your web server is reachable using host name). Certificate generated will be valid for 90 Days.
sudo certbot certonly — agree-tos — email [email protected] — webroot -w /var/lib/letsencrypt/ -d mywebsite.com
Create Cron Job to Automatically renew your Lets Encrypt Certificate
vim /etc/cron.d/certbot

0 */12 * * * root abc -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot -q renew — renew-hook “systemctl reload nginx”
Create CRON Job to Automatically renew your Lets Encrypt Certificate
sudo service nginx reload

sudo service nginx restart

Wazuh – Vulnerability Scanning on Windows & Linux

Posted on by Admin

#vulnerability #vulnerabilitydetection #wazuh

How to Setup Vulnerability Scanning – Windows & Linux. Scan for Vulnerabilities and discover the weaknesses of a given system with open source tool Wazuh.
Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Feature Like

  • Security Analytics
  • Intrusion Detection
  • Log Data Analysis
  • File Integrity Monitoring
  • Vulnerability Detection
  • Configuration Assessment
  • Incident Response
  • Regulatory Compliance
  • Cloud Security
  • Container Security

Wazuh – https://wazuh.com/
Wazuh Ova Download (Version 3.12) – https://documentation.wazuh.com/3.12/
Wazuh Agent Download – https://documentation.wazuh.com/3.12/…
Wazuh Setup Video – https://youtu.be/WqQUIz5XRpQ

UpBrightSkills Blogs – https://www.upbrightskills.com/
Go Language Programs – https://www.golangprograms.com/

Automate – Docker Installation

Posted on by Admin 
#!/bin/bash

# Note : For Docker Setup

#OS Update:	
sudo apt-get update -y;
sudo apt-get install gdebi -y;
sudo apt-get install vim -y;
sudo apt-get install nano -y;
sudo apt-get install htop -y;

#Install SSH:
sudo apt-get install openssh-server -y;

#Remove Libre Office:
sudo apt-get remove --purge libreoffice* -y;
sudo apt-get clean;
sudo apt-get autoremove;

#Git
sudo add-apt-repository ppa:git-core/ppa;
sudo apt-get update -y;
sudo apt-get install git -y; 

#sudo add-apt-repository ppa:n-muench/programs-ppa2;
sudo add-apt-repository ppa:n-muench/programs-ppa;
sudo apt-get update -y;
sudo apt-get install -y filezilla;	
sudo apt-get install -y sublime-text;
sudo apt-get install -y chromium-browser;

#Essential Pack	
sudo apt-get install -y synaptic vlc gimp gimp-data gimp-plugin-registry gimp-data-extras bleachbit unrar zip unzip;	

#Samba
sudo apt-get install -y samba system-config-samba cifs-utils;

#Docker Installation
sudo curl -fsSL get.docker.com -o get-docker.sh >/tmp/docker
chmod +x /tmp/docker/get-docker.sh
sudo /tmp/docker/get-docker.sh

#Install Docker Machine
sudo curl -L https://github.com/docker/machine/releases/download/v0.14.0/docker-machine-`uname -s`-`uname -m` >/tmp/docker-machine && \
sudo install /tmp/docker-machine /usr/local/bin/docker-machine

#Install Docker Compose
sudo curl -L https://github.com/docker/compose/releases/download/1.20.1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

For More videos go to – https://www.youtube.com/channel/UCIUmpO3KBHPMtgzMA6p0IhA

Automate Installation – CentOS with Lamp Stack

Posted on by Admin

One Click Installation

This will configure WebServer with up httpd, mysql, ftp, php, samba.

#!/bin/bash

#IPTables
service iptables stop
chkconfig iptables off

#SELinux Disable - Completely
setenforce 0
SELINUX=disabled
sed -i 's/SELINUX= .*/SELINUX= '${SELINUX}'/' /etc/selinux/config

#Update
yum insall -y update
yum install -y upgrade

#Install httpd
yum install -y httpd
service httpd start
chkconfig httpd on

#Install MySQL Server 5.7
wget https://dev.mysql.com/get/mysql57-community-release-el6-11.noarch.rpm
rpm -ivh mysql57-community-release-el6-11.noarch.rpm
yum clean all
yum install -y mysql mysql-server php-mysql
service mysqld start
chkconfig mysqld on

#Add EPEL Repository
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm

#Install PHP
yum install -y php php-gd php-mysql php-mcrypt

#Create info.php
cat << EOF > /var/www/html/info.php;

EOF

#HTTPD php.ini - /etc/php.ini
max_execution_time=18000
memory_limit=2048M
upload_max_filesize=32M
sed -i.orignal 's/memory_limit = .*/memory_limit = '${memory_limit}'/' /etc/php.ini
sed -i 's/max_execution_time = .*/max_execution_time = '${max_execution_time}'/' /etc/php.ini
sed -i 's/upload_max_filesize = .*/upload_max_filesize = '${upload_max_filesize}'/' /etc/php.ini

#Install and Configure FTP
yum install -y vsftpd
service	vsftpd start
chkconfig vsftpd on

#Change Owner of HTML Folder (This is for the permission to FTP and Samba)
chown -R ftp_user:ftp_users /var/www/html

#FTP Config vsftpd.conf - /etc/vsftpd/vsftpd.conf (Change configuration file directly with SED Command)
sed -i.orignal 's/anonymous_enable=YES/anonymous_enable=NO /etc/vsftpd/vsftpd.conf
sed -i 's/local_enable=YES/local_enable=NO/' /etc/vsftpd/vsftpd.conf

#FTP User
useradd -s /sbin/nologin -d /var/www/html ftp_user
groupadd ftp_users
usermod -aG ftp_users ftp_user
chown -R root:ftp_users /var/www/html
passwd ftp_user

#Samba configuration (Optional - If required can be installed)
yum install -y samba samba-client samba-common
service smb start
mv /etc/samba/smb.cnf /etc/samba/smb.cnf.bak
chkconfig smb on
echo -e "path= /var/www/html/ \npublic=no \nbrowsable = no \nwritable = yes \nprintable = no \write list = @ftp_users" >> /etc/samba/smb.conf
service smb restart
smbpasswd -a ftp_user

For More videos go to – https://www.youtube.com/channel/UCIUmpO3KBHPMtgzMA6p0IhA

Automate Installation – Ubuntu with JDK & Tomcat

Posted on by Admin

Update OS and Install required packages


apt-get update -y;
apt-get install gdebi -y;
apt-get install vim -y;
apt-get install nano -y;
apt-get install htop -y;
apt-get install unzip -y;
apt-get install python -y;

Install JDK

apt-get install default-jdk -y;
add-apt-repository ppa:webupd8team/java -y;
apt-get update -y;

Install Mysql | Kindly update password


sudo debconf-set-selections <<< 'mysql-server-5.7 mysql-server/root_password password password' 
sudo debconf-set-selections <<< 'mysql-server-5.7 mysql-server/root_password_again password password' 
apt-get -y install mysql-server-core-5.7 mysql-server-5.7 mysql-client-5.7;
service mysql start;

Install AWS CLI on Linux


curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"
unzip awscli-bundle.zip
./awscli-bundle/install -i /usr/local/aws -b /usr/local/bin/aws

Tomcat Installation (Update the Version which is required by your application)


groupadd tomcat
useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
cd /tmp/
curl -O http://redrockdigimark.com/apachemirror/tomcat/tomcat-8/v8.5.30/bin/apache-tomcat-8.5.30.tar.gz 
mkdir /opt/tomcat
tar xzvf apache-tomcat-8.5.30.tar.gz -C /opt/tomcat --strip-components=1
cd /opt/tomcat 
chgrp -R tomcat /opt/tomcat
chmod -R g+r conf
chmod g+x conf
chown -R tomcat webapps/ work/ temp/ logs/
update-java-alternatives -l

Create Service for Tomcat


touch /etc/systemd/system/tomcat.service
cd /etc/systemd/system/

Service File Update (File – /etc/systemd/system/tomcat.service)


cat <> tomcat.service;
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target
EOF

Start Service


systemctl daemon-reload
systemctl start tomcat
systemctl enable tomcat

Add User for Tomcat Manager (Change your Username and Password as per your needs)


sed -i '22i\' /opt/tomcat/conf/tomcat-users.xml

Allow IP Address for Accessing Tomcat Manager App


cp /opt/tomcat/webapps/manager/META-INF/context.xml /opt/tomcat/webapps/manager/META-INF/context.orignal.xml
cp /opt/tomcat/webapps/host-manager/META-INF/context.xml /opt/tomcat/webapps/host-manager/META-INF/context.original.xml

Delete line number 19 to 21 (File – /opt/tomcat/webapps/manager/META-INF/context.xml)


sed -i '18,20d' /opt/tomcat/webapps/manager/META-INF/context.xml

Add below lines in between i.e 19,20 and 21 number. (File – /opt/tomcat/webapps/manager/META-INF/context.xml)


sed -i '18i\' /opt/tomcat/webapps/manager/META-INF/context.xml
sed -i '19i\'  /opt/tomcat/webapps/manager/META-INF/context.xml #kindly update IP Address

Delete line number 19 to 21 (File – /opt/tomcat/webapps/host-manager/META-INF/context.xml)


sed -i '18,20d' /opt/tomcat/webapps/host-manager/META-INF/context.xml

Add below lines in between i.e 18,19 and 20 number. (File – /opt/tomcat/webapps/host-manager/META-INF/context.xml)


sed -i '18i\' /opt/tomcat/webapps/host-manager/META-INF/context.xml
sed -i '19i\'  /opt/tomcat/webapps/host-manager/META-INF/context.xml #kindly update IP Address

Remove version string from HTTP error messages


cd /opt/tomcat/lib
jar xf catalina.jar /opt/tomcat/lib/org/apache/catalina/util/ServerInfo.properties
sed -i '16,17d' /opt/tomcat/lib/org/apache/catalina/util/ServerInfo.properties
sed -i '16i\server.info=Apache Tomcat' /opt/tomcat/lib/org/apache/catalina/util/ServerInfo.properties
jar uf catalina.jar org/apache/catalina/util/ServerInfo.properties
rm -rf /opt/tomcat/lib/org

Move unwanted Folders from WebApps Folder to Tmp


mv /opt/tomcat/webapps/examples /tmp
mv /opt/tomcat/webapps/docs /tmp

For More videos go to – https://www.youtube.com/channel/UCIUmpO3KBHPMtgzMA6p0IhA