Kernel Upgradation from 2.6.32-71.el6.x86_64 to 3.6.6X86_64 in Centos

Jai Guru Dev

****************************************************

 Kernel Upgradation  from 2.6.32-71.el6.x86_64 to 3.6.6X86_64

****************************************************

1.       cd /usr/src/

2.       wget http://www.kernel.org/pub/linux/kernel/v3.0/linux-3.6.6.tar.bz2

3.       tar xvjf linux-3.6.6.tar.bz2

4.       ln -s linux-3.6.6 linux

5.       wget http://www.kernel.org/pub/linux/kernel/v3.0/patch-3.6.6.bz2

6.       cd /usr/src/linux

7. make menuconfig
http://www.fogonacaixadagua.com.br/wp-content/gallery/cache/30__320x240_kernel-01.png

As this is a custom compilation, I suggest you to add a custom tag that will identify the new kernel, to accomplish this, do that:

Select Local version – append to kernel release

Give the string value as  x86_64

7.       make bzImage

*The compilation will start, it will take a looong time.

8.       make modules

* The compilation will start, take a loooong  break

10. make modules_install

11. make install

*make install will copy the files: System.map, vmlinuz and the initial ram disk initrd-3.6.6X86_64.img to /boot. It will also add the lines you will need on grub, now just restart your computer and choose the new kernel on the grub screen.

12.  Edit the /etc/grub.conf and change the default kernel value as 0

13. Reboot

                                                                        Have Fun !!!

linux memory usage - scripts

•                     

         Listing RAM usage per Program

• # cd /root/
  # wget http://gnutoolbox.com/download/linux/scripts/mem.py
  # chmod 755 mem.py
  # ./mem.py
•  
•                         
  

          Listing RAM usage per User

•  
• # cd /root/
  # wget http://gnutoolbox.com/download/linux/scripts/mem-per-user.sh
  # chmod 755 mem-per-user.sh
  # ./mem-per-user.sh
•  

Domain migration from cpanel to cpanel

Please find the steps to transfer the accounts from cpanel to cpanel.

To transfer account you should have root access on both servers. Because to transfer account you need every thing to backup for transfer including Cpanel User / Pass (Same), Website, Database, Emails, Users, Stats etc.

The thing i like about CPanel is it will transfer accounts 100%, you will not miss any single think related to your accounts. This method implies on VPS’s and Dedicated Server where you can access WHM (Web Host Manager) or root shell.

Lets consider we have two servers A and B. Server A is the old server with two accounts and Server B is new server to which we will transfer accounts.

Server A = 192.168.0.1

Server B = 172.20.0.1

1 Transfer using WHM

Login to Server B WHM using following url

http://172.20.0.1:2086

where 2086 is the port on which WHM is running.

In the middle page select Transfer and then on Transfer page select Copy multiple accounts/packages from another server.

It will open new page to put info of the Server through which you are going to transfer i.e Server A.

Remote server type is (WHM version will be auto detected on multi account

copies): leave as it is

Remote server address (ip address or FQDN): put server hostname or IP Remote SSH port: 22 is the default, if you have changed ssh port on old server use that one here.

Do not compress transfers (cPanel 10.8.3+ required on both ends): leave at it is Turn off SSL (cPanel 11.23.6+ required on both ends): leave at it is Allow override*: leave at it is Login as : Choose USER if you have sudo or direct root login are not allowed. Else select ROOT (recommended) Select authentication method: Choose Password here, if you are using Public Key then you have to upload Key using Security -> Manage SSH Keys to use here.

Root Password: put root password here

After putting all information above click on Fetch Account List. In few second you will see list of accounts from Server A to transfer. Select the account using check boxes to copy, if need to copy all select Select All to check all accounts. When done with select click on Copy. (Beware once you click on Copy dont close browser or click on Back button).

You will see account transfer log on your browser and when finished it will show nice summary about transfer.

Installing Sun JDK 1.6.0 in CentOS 5.5

Installing Sun Java JDK in CentOS is not as easy as I expected
If you want to use Java Sun JDK instead of OpenJDK on CentOS, u have to install it manually.
1. Download the Java Sun JDK (.rpm.bin) at Sun Homepage
2. Login the CentOS as root and modify the privilege of the .bin to 755

3. The installed java can be found at /usr/java

4. Add this new java to the alternatives configuration

• alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_18/bin/java 2

5. Update the java alternatives and verify the java version

OR
In Short:
STEP 1: Download the Sun Java JDK from the Java SE Downloads page.
STEP 2: Using your root account, or the sudo command, run the jdk-6u11-linux-i586-rpm.bin (chmod it if necessary). This will install Java packages.
STEP 3:
For selecting the java command, we can use the alternatives program. Use:

/usr/sbin/alternatives --install /usr/bin/java java /usr/java/latest/bin/java 2

Now run

/usr/sbin/alternatives --config java

and select option 2.
Running java -version now should show Sun JVM info.

Non-Root Accounts Have UID Set To0

#6.5: Make Sure No Non-Root Accounts Have UID Set To0
Only root account have UID 0 with full permissions to access the system. Type the following command to display all accounts with UID set to 0:
# awk -F: ‘($3 == “0″) {print}’ /etc/passwd
You should only see one line as follows:
root:x:0:0:root:/root:/bin/bash
If you see other lines, delete them or make sure other accounts are authorized by you to use UID 0.

Install Mod_Security

ModSecurity is a free open source web application firewall which can help you to guard against LFI (local file inclusion attacks) and SQL injection vulnerabilities.
CPanel Installation:
Just go to Cpanel WHM > Plugins > Enable Mod_Security > Save
Source Installation:
That should install mod security in your cpanel. Under apache it should show under installed modules if you run test.php with phpinfo() in it. Try adding some mod security rules. Installing mod_security could be sometimes complicated. Dont use apxs for compiling mod_security as it causes number of problems.
Note: Mod_security needs libxml2 and http-devel libraries before it can be installed. It also requires mod_unique_id enabled in apache modules. To install mod_unique_id, you have to place
LoadModule unique_id_module modules/mod_unique_id.so
in your httpd.conf file.

yum install libxml2 libxml2-devel httpd-devel

Download the latest version of mod_security for apache2 from http://www.modsecurity.org

wget http://www.modsecurity.org/download/modsecurity-apache_2.1.7.tar.gz
tar zxf modsecurity-apache_2.5.4.tar.gz
cd modsecurity-apache_2.5.4
cd apache2

Then
If you cannot find ./configure then you will need to edit Makefile and make change to top_dir = /usr/lib/httpd (for centos)

make
make install

Next, copy the rule files depending on which you want (you can also select minimal rules file which comes with source). Make a directory named modsecurity under /etc/httpd/conf and copy all the modsecurity rules there. Finally include those files in the httpd.conf file
# /etc/httpd/conf/httpd.conf

LoadModule unique_id_module modules/mod_unique_id.so
LoadFile /usr/lib/libxml2.so
LoadModule security2_module modules/mod_security2.so
Include conf/modsecurity/*.conf

Then

/etc/init.d/httpd restart

Log Files
Watch for log files to detect any errors or intrusion activity
/var/log/httpd/modsec_audit
/var/log/httpd/error_log

Refer:http://www.mysql-apache-php.com/basic-linux-security.htm

Upgrade PHP5.1 to PHP5.2 on CentOs 5.6

PHP Upgrade

# rpm -qa |grep php

 php-common-5.1.6-15.el5.i386
 php-cli-5.1.6-15.el5.i386
 php-5.1.6-15.el5.i386
 php-pdo-5.1.6-15.el5.i386
 php-bcmath-5.1.6-15.el5.i386
 php-ldap-5.1.6-15.el5.i386
 php-devel-5.1.6-15.el5.i386
 php-gd-5.1.6-15.el5.i386
 php-xml-5.1.6-15.el5.i386
 php-mbstring-5.1.6-15.el5.i386
 php-mysql-5.1.6-15.el5.i386
 php-dba-5.1.6-15.el5.i386

As long as you're using the standard PHP packages on your CentOS server you won't need to do anything extra. If you're using extra PHP packages that aren't part of the standard CentOS repositories (like php-mcrypt) you'll have to remove them or find updated versions of them.

Add the development repositories

First thing we need to do is add the development repositories to yum. When we add the development repository we're going to configure it so it only pulls PHP packages. To start we'll need create a new yum repository configuration file (use your favorite editor):

 # /etc/yum.repos.d/CentOS-Testing.repo

Copy/paste the following into this file:

  # CentOS-Testing:
  # !!!! CAUTION !!!!
  # This repository is a proving grounds for packages on their way to CentOSPlus and CentOS Extras.
  # They may or may not replace core CentOS packages, and are not guaranteed to function properly.
  # These packages build and install, but are waiting for feedback from testers as to
  # functionality and stability. Packages in this repository will come and go during the
  # development period, so it should not be left enabled or used on production systems without due
  # consideration.
  [c5-testing]
  name=CentOS-5 Testing
  baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
  enabled=1
  gpgcheck=1
  gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing
  includepkgs=php*

Make sure to remove any spaces at the start of each line, then save and close the file and you're done.

Update PHP packages

Before updating your PHP packages you'll want to get a list of what you currently have installed. To get a list of current PHP packages run the following:

 # rpm -qa |grep php

Now you can use yum to update the PHP packages on your system:

 # yum update

You should be shown a list of packages that are going to be updated. Compare it to the list of PHP packages on your system. Note any packages that are not in the list. You'll need to remove these packages or find updates for them because they won't work after you update to PHP 5.2.x. If that is acceptable type "y" to continue and let yum update the packages.

Once yum has completed restart Apache:

 # service httpd restart

To verify the update is working create a simple testing.php in your www directory with the following source code:

<?php
  phpinfo();
?>

and open it in a web browser. The new PHP version should be reflected at the top of the page.

Conclusion

You should now have PHP 5.2.6 running on CentOS 5.3 32-bit.

 # rpm -qa |grep php

  php-cli-5.2.6-2.el5s2
  php-mbstring-5.2.6-2.el5s2
  php-devel-5.2.6-2.el5s2
  php-pdo-5.2.6-2.el5s2
  php-gd-5.2.6-2.el5s2
  php-dba-5.2.6-2.el5s2
  php-common-5.2.6-2.el5s2
  php-bcmath-5.2.6-2.el5s2
  php-xml-5.2.6-2.el5s2
  php-pear-1.5.1-2.el5s2
  php-ldap-5.2.6-2.el5s2
  php-5.2.6-2.el5s2
  php-mysql-5.2.6-2.el5s2


 # php -v

  PHP 5.2.6 (cli) (built: Sep 15 2008 20:42:05)
  Copyright (c) 1997-2008 The PHP Group
  Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

Note: If your "php -v" output returns errors about PDO or JSON click here

Extras

Updating/Installing mcrypt

If you have php-mcrypt for PHP 5.1.x installed you'll want to remove it:

Note: Your version number maybe different. Alter below command accordingly.

 rpm -e php-mcrypt-5.1.6-15.el5.centos.1

Download php-mcrypt for PHP 5.2.x and install it. You can find a 32-bit php-mcrypt package here FedoraJunkies.

Note: You'll notice the "--nodeps" flag in the example. When you try to install php-mcrypt without it you get an error that php-common-5.2.6-2.el5s2 is missing even though it is installed.

 wget -c http://sourcemirrors.org/scotth/centos/5/php/php-mcrypt-5.2.6-2.i386.rpm
 rpm -i --nodeps php-mcrypt-5.2.6-2.i386.rpm

Restart Apache and you should now see mcrypt information on your testing.php page.

JSON and PDO being loaded twice

When you run the command "php -v" you might see the following errors:

 # php -v

  PHP Warning:  Module 'json' already loaded in Unknown on line 0
  PHP Warning:  Module 'PDO' already loaded in Unknown on line 0
  PHP 5.2.6 (cli) (built: Sep 15 2008 20:42:05)
  Copyright (c) 1997-2008 The PHP Group
  Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

This is caused by the following two lines in the /etc/php.ini file:

; Extension JSON
extension=json.so

; Extension PDO
extension=pdo.so

Comment out these lines by adding a ";" in front of "extension=". These two modules are already loaded via these two files:

/etc/php.d/json.ini
/etc/php.d/pdo.ini