Install Oracle VirtualBox And Manage It Using phpVirtualBox On A CentOS Headless Server

We, all, know how to install Oracle VirtualBox on CentOS 6.x GUI based systems. But, what about on CentOS minimal server which is not having any GUI desktop environment? No worries, VirtualBox has a tool called “VBoxHeadless”. The VBoxHeadless can help you to create and manage Virtual machines without the need of VirtualBox GUI.

In this tutorial, let us see how to install and configure Oracle VirtualBox on CentOS 6.5 minimal server. Here is my test box details:

OS : CentOS 6.5 Server Minimal Installation (No GUI)
IP Address : 192.168.1.200/24

Preparing CentOS server

Before installing VirtualBox, we have to do a couple of tasks. First of all, update your server.

yum update -y

Create a separate normal user (Ex. sk_vuser) for installing oracle virtualbox.

useradd sk_vuser
passwd sk_vuser

Log out, and log in back to that user.

Change to root user privileges, by using the following command:

su

Now, install the following prerequisites which will need by oracle VirtualBox.

yum groupinstall 'Development Tools' SDL kernel-devel kernel-headers dkms -y

Reboot your server once to take effect all the changes.

Installing VirtualBox

Go to the /etc/yum.repos.d/ directory:

cd /etc/yum.repos.d/

Add the latest oracle virtualbox repository to your CentOS server. You can download the oracle virtualbox latest repository from here.

wget http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo

Add the virtualbox public key:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc
rpm --import oracle_vbox.asc

Now, update the repository and install latest oracle virtualbox version.

yum update
yum install VirtualBox-4.3 -y

After installing virtualbox, add the virtualbox user sk_vuser to the vboxusers group.

usermod -G vboxusers sk_vuser

Now, run the following command to check if virtualbox kernel modules are loaded or not.

/etc/init.d/vboxdrv status

Sample output:

VirtualBox kernel modules (vboxdrv, vboxnetflt, vboxnetadp, vboxpci) are loaded.

If it, not loaded, run the following command to load them:

/etc/init.d/vboxdrv setup

Install Oracle VirtualBox Extension pack

Starting with VirtualBox 4.0, we should install Extension pack that will help us to manage and connect our remote guest consoles via web interface. This Extension pack provides the following functionalities to the VirtualBox guests.

• The virtual USB 2.0 (EHCI) device
• VirtualBox Remote Desktop Protocol (VRDP) support
• Host webcam passthrough
• Intel PXE boot ROM
• Experimental support for PCI passthrough on Linux hosts

VirtualBox extension pack should be same version as VirtualBox base package. Download Extension pack for VirtualBox 4.3 from here.

wget http://download.virtualbox.org/virtualbox/4.3.12/Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack

Then, Install Extension pack as shown below.

VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.12-93733.vbox-extpack

That’s it Oracle VirtualBox and Extension pack have been installed successfully on our CentOS 6.5 server. Start using Oracle VirtualBox on your CentOS headless server. For creating and managing virtual machines from the command line, refer the official manual.

Instead, you can use Oracle VirtualBox GUI client called “phpvirtualbox”. to easily create and manage virtual machines via web browser of any remote desktop system.

What is phpVirtualBox?

phpVirtualBox is an open source, web-based client written using PHP. It can be used to manage and administer Oracle VirtualBox headless instances.

Install phpVirtualBox

Before installing phpVirtualBox, we have to install Apache web server and PHP. To install Apache, PHP refer the following link.

• Install LAMP Server On CentOS 6.5

Additionally, install php-soap extension which is required by phpVirtualBox to work well.

yum install php-soap

Restart the web server to take effect the changes.

service httpd restart

Now, Download the latest version from the phpVirtualBox official site.

wget http://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-4.3-1.zip

Extract the zip file using the following command:

unzip phpvirtualbox-4.3-1.zip

Move the extracted folder to your apache root folder.

mv phpvirtualbox-4.3-1 /var/www/html/phpvirtualbox

Configure phpVirtualBox

Edit phpVirtualBox config.php file:

cp /var/www/html/phpvirtualbox/config.php-example /var/www/html/phpvirtualbox/config.php
nano /var/www/html/phpvirtualbox/config.php

Change the username/password for system user that runs VirtualBox. In our case, the username/password is sk_vuser/centos.

[...]
var $username = 'sk_vuser';
var $password = 'centos';
[...]

Save and close the file.

Create a file called /etc/default/virtualbox:

nano /etc/default/virtualbox

Append the following line:

VBOXWEB_USER=sk_vuser

Now, start vboxweb-service, and make it to start automatically on every reboot.

/etc/init.d/vboxweb-service start
chkconfig vboxweb-service on

I don’t want to messing around with iptables and SElinux. So, I simply disabled them both.

service iptables stop
chkconfig iptables off

Disable SELinux:

vi /etc/sysconfig/selinux

Set SELINUX=disabled.

[...]
SELINUX=disabled
[...]

Reboot your system once to take effect all the changes.

Access phpVirtualBox Web console

Now, go to any client systems that has installed with GUI desktop environements, and try to access the URL http://ip-address-of-virtualbox-headless-server/phpvirtualbox from the web browser.

Now, try again the same URL mentioned above. The following screen should appear. Enter the username/password.

The default username/password is admin/admin.

Now, you’ll be redirected to the phpVirtualBox main dashboard.

From here, you can create, modify, delete, and manage virtual machines.

Creating sample Virtual Machine

Let us create a sample virtual machine to install Ubuntu 14.04.

Click on the New button on the top left corner. Enter the Virtual machine name.

Set the Memory size for the virtual machine.

Select “Create a virtual hard drive now” option.

Select hard drive file type.

Choose whether the new virtual hard drive file should grow as it is used (dynamically allocated) or if it should be created at its maximum size (fixed size).

Enter the size of the virtual hdd.

That’s it. The virtual machine has been created. Start installing the OS, and use the virtual machine.

phpVirtualBox tool will definitely help the system administrators who have only headless CentOS server, and also the installation is not that difficult. So, You can easily run virtual machines as many as your hardware supports from your headless CentOS server.

References:

• Oracle VirtualBox
• Howtoforge
• phpVirtualBox

Cheers!

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

KeyBox: A Web-based SSH Console To Manage Multiple SSH Sessions Simultaneously

KeyBox is a free, web-based open source application that can be used to manage multiple SSH sessions on multiple systems. It allows you to execute commands on multiple shells, manage keys, share terminal commands, and upload files to multiple systems simultaneously. It will generate a private/public key pair on initial startup, also you can define your own custom key if you like. Moreover, you can add additional system admins, and audit terminal history of them. KeyBox allows you to control the users, so that you can define which users can access which systems. After starting the SSH session, you’ll be able to manage single or multiple systems via a web browser of your choice more easily and effectively.

This tutorial describes how to install KeyBox on your Linux systems, and how to manage multiple remote servers through KeyBox web console.

Installation

KeyBox is written using Java, so you have to install Java on your system.

To install Java on Ubuntu like systems, run the following command:

sudo apt-get install openjdk-7-jdk

To install Java on RPM based systems, refer the following link.

• Install Java On RHEL/CentOS/Scientific Linux 6

After installing Java, download KeyBox latest version from the official download page.

Go to the download location, and extract the downloaded tar file. Then, navigate to KeyBox extracted folder, and execute it as shown below.

cd Downloads/KeyBox-jetty/
./startKeyBox.sh

Accessing KeyBox Web console

Now, open up your web browser, and point it to https://IP-Address:8443/. You’ll be pleased with the following screen. Enter the username and password. The default user name is admin, and password is changeme.

At first login, you’ll prompted to change the default password. Enter password of your choice, and hit Change password button.

Now, you’ll be able to access the administrative console. This is how my administrative dashboard looked.

Usage

For the purpose of this tutorial, I will be using a system running with CentOS 6.5. First of all, you have to add the systems to KeyBox.

1. Creating Systems

Click on the link that says: Systems on the home page. Click on the Add System button. Next, enter the display name, user name, ip address, and click Submit.

Enter the CentOS 6.5 root user password.

Now, the new system has been added.

Like this way, you can add as many as systems you want to manage.

2. Creating profiles, and Assign Systems to them

Now, head back to the Home screen, and click on the Profiles link to create new profile. Click Add profile, and then enter the profile name.

The new profile has been created.

Now, add the systems to the profile. To do that, click on the Assign Systems link. Select the systems you want to add to the profile.

Like this way, you can add as many as systems you want.

3. Creating Users, and Assign Profiles to them

Click on the Users button on the main screen. Click Add user button to create new users.

Enter the required details such as user name, first name, last name, Email address etc. Also select the user type whether you want to give him full access or administrative rights only. As I already have a full access user, here I selected Administrative user type for my new user.

Now, click on the User Profiles button to assign profiles to the newly created user ‘sk’.

Click Add Profile button, and select the profile from the drop down box, and finally click Submit.

4. Adding Public SSH Keys to Systems or profiles

Now, you need to generate a new public SSH key in your KeyBox system. Here, I will show how to create a ssh key in Ubuntu like systems.

Open Terminal, and run the following command:

cd .ssh/
ssh-keygen

Enter your passphrase name twice. If you already have SSH keys, skip this step.

Sample output:

 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/sk/.ssh/id_rsa):
 /home/sk/.ssh/id_rsa already exists.
 Overwrite (y/n)? y
 Enter passphrase (empty for no passphrase):
 Enter same passphrase again:
 Your identification has been saved in /home/sk/.ssh/id_rsa.
 Your public key has been saved in /home/sk/.ssh/id_rsa.pub.
 The key fingerprint is:
 57:ae:0d:3b:d2:04:4c:59:88:fc:f1:1d:7c:54:2c:e3 sk@sk
 The key's randomart image is:
 +--[ RSA 2048]----+
 |     . ..+.. ..o.|
 |      oo+   o + .|
 |       .oo ..+ o |
 |        ...o. E  |
 |        S + .    |
 |         + =     |
 |        . = .    |
 |         . .     |
 |                 |
 +-----------------+

Copy the public SSH key:

cat id_rsa.pub

Sample output:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6MdXJzO2hK/gG7WoJlMzzUNrbi/BtTBgCCNbErw/z3T+2BBcytLmA3h4xeTBQpa0BYhSsNL4XA4dAUC3yuA14M4eApJ0csf64r9z2dyQGeK6kkeWoXjyWbX10vcnChxdMHZEY0fY6EEUx/hyJ5sdiJOW+gaXD2MQ2I/RAKzYjb6u6J6GNh4DYr8bZQ8IfWd0SbUjfl2jZ353maUVsZ32SjunwYO8qQtIZdxi8azidU03qRHoZNkl+GAtr5qT5gVXqAJ3JtpwC48ma0X1iiF59qWkA49PZG9jHb+WckFGyA+x/EG6e57xCg5X7x57YRTVEQABeWWCvKAVWh8JG2t5R sk@sk

Copy the above output, and head back to the KeyBox home screen.

Click on the Public SSH Keys from the home page. Then, click Add Public Key button, select the systems or profiles from the drop-down box, and paste the SSH public key in Public Key column box.

You can assign the public key to single systems if you want. in my case, I assigned the key to my profile.

5. Distribute SSH Keys to Remote Systems or Profiles

From the KeyBox home page, click on the link that says: Distribute SSH keys. You’ll be redirected new page. You can either distribute the SSH keys to a single or all systems, or a particular profile.

That’s it. We have completed all necessary tasks. Now, let us see how to manage remote systems via keybox web console.

6. Composite SSH Terminals

Click on the Composite SSH Terminals from the KeyBox home page. Select the system to create SSH Terminals. In my case, I have added only one system (CentOS 6.5).

Once you clicked the Create SSH Terminals button, you will pleased with your remote system Terminal right at the KeyBox web console.

From here, you can run commands, and manage the systems as the way you do in local systems.

Also, you can upload or push files from your local system(keybox system) to remote system. To do that, click on the Upload & Push link on the top menu bar. Select the file you want to upload, and click Upload.

That’s it. The file has been uploaded successfully.

Verify it using “ls” command:

Do you want multiple Terminals of the same host to perform different commands at once? Well, that’s possible too. Just add the system again from the Systems menu, assign users and profiles, and distribute public SSH keys. Then, go to the Composite SSH Terms link from the KeyBox home screen, select all systems, and click Create SSH Terminals button. As you in the below screenshot, I have created two same systems with different names.

Now, click on the button Create SSH Terminals. You’ll see the two terminals of same system as shown below.

Like this way, you can create multiple Terminals of the same system, and/or add multiple different systems to manage them effectively from a center place.

For example, I have again added a remote system running with Ubuntu 14.04 LTS to the KeyBox system. Now, I can manage three SSH sessions simultaneously.

As you see above, I have executed the command “ls -al” in three sessions simultaneously.  If you want to run command on any single session, just select the particular session, and run the commands you want. The command will not be executed in the remaining sessions. Refer the following screenshot.

As you see above, I have executed the command “hostname” in the first session.

That’s all for now. Hope this tool is useful for you.

Cheers!

Reference:

• KeyBox Website

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

‘Ifconfig’ Command Not Found In CentOS 7 Minimal Installation – A Quick Tip To Fix It

As we all know, “ifconfig” command is used to configure a network interfaces in GNU/Linux systems. It displays the details of a network interface card like IP address, MAC Address, and the status of a network interface card etc. But, this command is obsolete, and is not found in the minimal versions of RHEL 7 and its clones like CentOS 7, Oracle Linux 7, and Scientific Linux 7.

How do I find IP and other details of a network interface In CentOS Minimal server?

CentOS 7 minimal systems, use the commands “ip addr” and “ip link” to find the details of a network interface card. To know the statistics use “ip -s link”.

To view the details of the network interface cards, enter the following commands:

ip addr

Sample output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/void 
    inet 127.0.0.1/32 scope host venet0
    inet 192.168.1.101/32 brd 192.168.1.101 scope global venet0:0

To view the statistics of your network interfaces, enter the command:

ip link

Sample output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/void

OR

ip -s link

Sample output:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    RX: bytes  packets  errors  dropped overrun mcast   
    0          0        0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    0          0        0       0       0       0      
2: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT 
    link/void 
    RX: bytes  packets  errors  dropped overrun mcast   
    8515667    6667     0       0       0       0      
    TX: bytes  packets  errors  dropped carrier collsns 
    300403     4249     0       0       0       0

How do I enable and use “ifconfig” Command in CentOS 7 minimal servers?

If you don’t know where to find the ifconfig command, follow the simple steps provided below. First let us find out which packages will provide ifconfig command. To do that , enter the following command:

yum provides ifconfig

Sample Output:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: centos.aol.in
 * extras: centos.aol.in
 * updates: centos.aol.in
net-tools-2.0-0.17.20131004git.el7.x86_64 : Basic networking tools
Repo        : @base
Matched from:
Filename    : /usr/sbin/ifconfig

Or you can use the following command too.

yum whatprovides ifconfig

Here, “provides” or “whatprovides” switches are used to find out which package provides some feature or file.

As you see in the above output, the net-tools package provides the ifconfig command. So, let us install net-tools package to use ifconfig command.

yum install net-tools

Now, you’ll be able to use the command ifconfig as usual.

ifconfig -a

Sample output:

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 16436
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
        RX packets 7073  bytes 8549159 (8.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4611  bytes 359201 (350.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
        inet 192.168.1.101  netmask 255.255.255.255  broadcast 192.168.1.101  destination 192.168.1.101
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

Enjoy!

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Setting Up DNS Server On CentOS 7

DNS, stands for Domain Name System, translates hostnames or URLs into IP addresses. For example, if we type www.unixmen.com in browser, the DNS server translates the domain name into its associated ip address. Since the IP addresses are hard to remember all time, DNS servers are used to translate the hostnames like www.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names instead of its IP address.

This detailed tutorial will help you to set up a local DNS server on your CentOS 7 system. However, the steps are applicable for setting up DNS server on RHEL and Scientific Linux 7 too.

DNS Server Installation

Scenario

For the purpose of this tutorial, I will be using three nodes. One will be acting as Master DNS server, the second system will be acting as Secondary DNS, and the third will be our DNS client. Here are my three systems details.

Primary (Master) DNS Server Details:

Operating System     : CentOS 7 minimal server
Hostname             : masterdns.unixmen.local
IP Address           : 192.168.1.101/24

Secondary (Slave) DNS Server Details:

Operating System     : CentOS 7 minimal server
Hostname             : secondarydns.unixmen.local
IP Address           : 192.168.1.102/24

Client Details:

Operating System     : CentOS 6.5 Desktop  
Hostname             : client.unixmen.local
IP Address           : 192.168.1.103/24

Setup Primary (Master) DNS Server

Install bind9 packages on your server.

yum install bind bind-utils -y

1. Configure DNS Server

Edit ‘/etc/named.conf’ file.

vi /etc/named.conf

Add the lines as shown in bold:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
#    listen-on-v6 port 53 { ::1; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { localhost; 192.168.1.0/24;}; ### IP Range ###
    allow-transfer{ localhost; 192.168.1.102; };   ### Slave DNS IP ###

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Create Zone files

Create forward and reverse zone files which we mentioned in the ‘/etc/named.conf’ file.

2.1 Create Forward Zone

Create forward.unixmen file in the ‘/var/named’ directory.

vi /var/named/forward.unixmen

Add the following lines:

$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  A           192.168.1.101
@       IN  A           192.168.1.102
@       IN  A           192.168.1.103
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103

2.2 Create Reverse Zone

Create reverse.unixmen file in the ‘/var/named’ directory.

vi /var/named/reverse.unixmen

Add the following lines:

$TTL 86400
@   IN  SOA     masterdns.unixmen.local. root.unixmen.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)
@       IN  NS          masterdns.unixmen.local.
@       IN  NS          secondarydns.unixmen.local.
@       IN  PTR         unixmen.local.
masterdns       IN  A   192.168.1.101
secondarydns    IN  A   192.168.1.102
client          IN  A   192.168.1.103
101     IN  PTR         masterdns.unixmen.local.
102     IN  PTR         secondarydns.unixmen.local.
103     IN  PTR         client.unixmen.local.

3. Start the DNS service

Enable and start DNS service:

systemctl enable named
systemctl start named

4. Firewall Configuration

We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/tcp

5. Restart Firewall

firewall-cmd --reload

6. Configuring Permissions, Ownership, and SELinux

Run the following commands one by one:

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

7. Test DNS configuration and zone files for any syntax errors

Check DNS default configuration file:

named-checkconf /etc/named.conf

If it returns nothing, your configuration file is valid.

Check Forward zone:

named-checkzone unixmen.local /var/named/forward.unixmen

Sample output:

zone unixmen.local/IN: loaded serial 2011071001
OK

Check reverse zone:

named-checkzone unixmen.local /var/named/reverse.unixmen 

Sample Output:

zone unixmen.local/IN: loaded serial 2011071001
OK

Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"

Edit file /etc/resolv.conf,

vi /etc/resolv.conf

Add the name server ip address:

nameserver      192.168.1.101

Save and close the file.

Restart network service:

systemctl restart network

8. Test DNS Server

dig masterdns.unixmen.local

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25179
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.    IN    A

;; ANSWER SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.

;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102

;; Query time: 0 msec
;; SERVER: 192.168.1.101#53(192.168.1.101)
;; WHEN: Wed Aug 20 16:20:46 IST 2014
;; MSG SIZE  rcvd: 125

nslookup unixmen.local

Sample Output:

Server:        192.168.1.101
Address:    192.168.1.101#53

Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.102

Now the Primary DNS server is ready to use.

It is time to configure our Secondary DNS server.

Setup Secondary(Slave) DNS Server

Install bind packages using the following command:

yum install bind bind-utils -y

1. Configure Slave DNS Server

Edit file ‘/etc/named.conf’:

vi /etc/named.conf

Make the changes as shown in bold.

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

2. Start the DNS Service

systemctl enable named
systemctl start named

Now the forward and reverse zones are automatically replicated from Master DNS server to ‘/var/named/slaves/’ in Secondary DNS server.

ls /var/named/slaves/

Sample Output:

unixmen.fwd  unixmen.rev

3. Add the DNS Server details

Add the DNS Server details in your network interface config file.

vi /etc/sysconfig/network-scripts/ifcfg-enp0s3

TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"

Edit file /etc/resolv.conf,

vi /etc/resolv.conf

Add the name server ip address:

nameserver      192.168.1.101
nameserver      192.168.1.102

Save and close the file.

Restart network service:

systemctl restart network

4. Firewall Configuration

We must allow the DNS service default port 53 through firewall.

firewall-cmd --permanent --add-port=53/tcp

5. Restart Firewall

firewall-cmd --reload

6. Configuring Permissions, Ownership, and SELinux

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

7. Test DNS Server

dig masterdns.unixmen.local

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> masterdns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18204
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.    IN    A

;; ANSWER SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101

;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.

;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:04:30 IST 2014
;; MSG SIZE  rcvd: 125

dig secondarydns.unixmen.local

Sample Output:

; <<>> DiG 9.9.4-RedHat-9.9.4-14.el7 <<>> secondarydns.unixmen.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60819
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.unixmen.local.    IN    A

;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 IN    A    192.168.1.102

;; AUTHORITY SECTION:
unixmen.local.        86400    IN    NS    masterdns.unixmen.local.
unixmen.local.        86400    IN    NS    secondarydns.unixmen.local.

;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400    IN    A    192.168.1.101

;; Query time: 0 msec
;; SERVER: 192.168.1.102#53(192.168.1.102)
;; WHEN: Wed Aug 20 17:05:50 IST 2014
;; MSG SIZE  rcvd: 125

nslookup unixmen.local

Sample Output:

Server:        192.168.1.102
Address:    192.168.1.102#53

Name:    unixmen.local
Address: 192.168.1.101
Name:    unixmen.local
Address: 192.168.1.103
Name:    unixmen.local
Address: 192.168.1.102

Client Side Configuration

Add the DNS server details in ‘/etc/resolv.conf’ file in all client systems

vi /etc/resolv.conf

# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102

Restart network service or reboot the system.

Test DNS Server

Now, you can test the DNS server using any one of the following commands:

dig masterdns.unixmen.local

dig secondarydns.unixmen.local

dig client.unixmen.local

nslookup unixmen.local

That’s all about now. The primary and secondary DNS servers are ready to use.

Cheers!

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

How To Configure Static IP On CentOS 7

Question:

How to switch from Dynamic to static in my CentOS 7?

Answer:

Before to convert from dynmic to static, please make an copy of resolv.conf under etc folder.

cp /etc/resolv.conf /etc/resolv.conf.backup

1 – Please edit “/etc/sysconfig/network-scripts/ifcfg-enp0s3″.

TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPADDR=10.1.1.200
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s3
UUID=75a170ba-6bfa-4553-8070-e658eb8ffb1e
ONBOOT=yes

save and exit.

2 – Set gateway and networking

vi /etc/sysconfig/network
#add  

NETWORKING=yes
HOSTNAME=unixmen-centos7
GATEWAY=10.1.1.253

save and exit.

3 - Restart your network or reboot

4 – Restore the resolv.conf backup file.

Check your network again:

[root@localhost ~]# ip  a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:7a:7a:3f brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.200/8 brd 10.255.255.255 scope global enp0s3
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe7a:7a3f/64 scope link
       valid_lft forever preferred_lft forever
[root@localhost ~]#

5 – PING

[root@localhost ~]# ping  google.nl
PING google.nl (173.194.65.94) 56(84) bytes of data.
64 bytes from ee-in-f94.1e100.net (173.194.65.94): icmp_seq=1 ttl=48 time=7.20 ms
64 bytes from ee-in-f94.1e100.net (173.194.65.94): icmp_seq=2 ttl=48 time=7.61 ms
64 bytes from ee-in-f94.1e100.net (173.194.65.94): icmp_seq=3 ttl=48 time=7.22 ms
64 bytes from ee-in-f94.1e100.net (173.194.65.94): icmp_seq=4 ttl=48 time=7.87 ms
64 bytes from ee-in-f94.1e100.net (173.194.65.94): icmp_seq=5 ttl=48 time=7.49 ms

Done.

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

How To Install Subversion On CentOS 7

From Wikipedia:

Apache Subversion (often abbreviated SVN, after the command name svn) is a software versioning and revision control system distributed as free software under the Apache License.

Developers use Subversion to maintain current and historical versions of files such as source code, web pages, and documentation. Its goal is to be a mostly compatible successor to the widely used Concurrent Versions System (CVS).

The free software community has used Subversion widely: for example in projects such as Apache Software Foundation, Free Pascal, FreeBSD, GCC, Mono and SourceForge. Google Code also provides Subversion hosting for their free software projects. CodePlex offers access to Subversion as well as to other types of clients.

The corporate world has also started to adopt Subversion. A 2007 report by Forrester Research recognized Subversion as the sole leader in the Standalone Software Configuration Management (SCM) category and as a strong performer in the Software Configuration and Change Management (SCCM) category.

1 – Install Subversion

 yum install mod_dav_svn subversion

Sample Output:

================================================================================
 Package              Arch        Version                    Repository    Size
================================================================================
Installing:
 mod_dav_svn          x86_64      1.7.14-6.el7               base         101 k
 subversion           x86_64      1.7.14-6.el7               base         1.0 M
Installing for dependencies:
 apr                  x86_64      1.4.8-3.el7                base         103 k
 apr-util             x86_64      1.5.2-6.el7                base          92 k
 httpd                x86_64      2.4.6-18.el7.centos        updates      2.7 M
 httpd-tools          x86_64      2.4.6-18.el7.centos        updates       77 k
 mailcap              noarch      2.1.41-2.el7               base          31 k
 neon                 x86_64      0.30.0-3.el7               base         165 k
 pakchois             x86_64      0.4-10.el7                 base          14 k
 subversion-libs      x86_64      1.7.14-6.el7               base         921 k

Transaction Summary
================================================================================

 2 – Add this config file to apache

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
 
<Location /svn>
   DAV svn
   SVNParentPath /var/www/unixmensvn   
   AuthType Basic
   AuthName "Subversion repositories"
   AuthUserFile /etc/svn-auth-users
   Require valid-user
</Location>

3 – Create SVN users

[root@unixmen-centos7 ~]# htpasswd -cm /etc/svn-auth-users testuser1
New password:
Re-type new password:
Adding password for user testuser1
[root@unixmen-centos7 ~]#

4 – Create and configure SVN repository

mkdir /var/www/unixmensvn
cd  /var/www/unixmensvn
svnadmin create repo
chown -R apache.apache repo

# If you still have issues with SELinux Security please apply this: 
chcon -R -t httpd_sys_content_t /var/www/unixmensvn/repo
chcon -R -t httpd_sys_rw_content_t /var/www/unixmensvn/repo

5 – You can open the http and https on the file with this way

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

6 – Enable and start the http services

systemctl enable httpd.service
systemctl restart httpd.service

7 – Secure your repository with adding this to conf/svnserve.conf

 anon-access = none
 auth-access = authz

8 – Make trunk, branches and tags structure under repo

mkdir -p /tmp/svn-structure-template/{trunk,branches,tags}

svn import -m "Initial repository" /tmp/svn-structure-template   file:///var/www/unixmensvn/repo/
Adding         /tmp/svn-structure-template/branches
Adding         /tmp/svn-structure-template/tags
Adding         /tmp/svn-structure-template/trunk

Committed revision 1.

Done!!

That’s it. Cheers!

For questions please refer to our Q/A forum at : http://ask.unixmen.com/

Install And Configure FTP Server On CentOS 7

vsftpd (Very Secure File Transport Protocol Daemon) is a secure, fast FTP server for Unix/Linux systems. In this how-to article, let us see how to setup a basic FTP server on CentOS 7. However, this procedure might work well on RHEL CentOS, Scientific Linux 7 version too.

My testbox server hostname and IP Address are server.unixmen.local and 192.168.1.101/24 respectively. Change these values to match your scenario.

Install vsftpd

All commands should be run with ‘root’ user. Run the following command in terminal to install vsftpd package:

yum install vsftpd ftp -y

Configure vsftpd

Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf,

vi /etc/vsftpd/vsftpd.conf

Find the following lines and make the changes as shown below:

 [...]
## Disable anonymous login ##
anonymous_enable=NO

## Uncomment ##
ascii_upload_enable=YES
ascii_download_enable=YES

## Uncomment - Enter your Welcome message - This is optional ##
ftpd_banner=Welcome to UNIXMEN FTP service.

## Add at the end of this  file ##
use_localtime=YES

Enable and start the vsftpd service:

systemctl enable vsftpd
systemctl start vsftpd

Firewall And SELinux Configuration

Allow the default ftp port 21 via firewall.

firewall-cmd --permanent --add-port=21/tcp

Restart firewall:

firewall-cmd --reload

Then, update the SELinux boolean values for FTP service:

setsebool -P ftp_home_dir on

Create FTP users

By default, root user is not allowed to login to ftp server for security purpose. So, let us create a normal testing user called “sk” with password “centos”.

useradd sk
passwd sk

Connecting to FTP server

Now, try to connect to FTP server itself with user “sk”:

ftp 192.168.1.101

Enter the ftp user name and password.

Sample Output:

Connected to 192.168.1.101 (192.168.1.101).
220 Welcome to UNIXMEN FTP service.
Name (192.168.1.101:root): sk
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Congratulations!! you will be able to login to FTP server without any problems.

Client side configuration

Let us try to log in to the FTP server from my Ubuntu client system.

ftp 192.168.1.101

Sample Output:

Connected to 192.168.1.101.
220 Welcome to UNIXMEN FTP service.
Name (192.168.1.101:sk): sk
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Voila!! Our FTP server is working.

Access FTP Server Via FileZilla

Working from command-line mode might be little bit difficult to newbies. So let us install a graphical FTP client called Filezilla to get things done quite easier:

Note:

As you may know already, in RHEL 7 and its derivatives the previous firewall system(iptables) has been replaced with firewalld. I find it bit difficult to configure Filezilla along with Firewalld. So I disabled it, and switched back to old firewall system called iptables. I will update this tutorial as soon as possible once I found the working solution. If you don’t want to use filezilla, skip the following steps.

First, enter the following commands one by one to disable current firewall system firewalld, and enable old firewall iptables. The following commands should be run on your FTP server, not in ftp clients.

yum install iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl enable ip6tables
systemctl stop firewalld
systemctl start iptables
systemctl start ip6tables

Allow the default ftp port “21″ through your firewall or router. In the server side, do the following.

Edit file /etc/sysconfig/iptables,

vi /etc/sysconfig/iptables

Add the following lines.

[...]
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
[...]

Save and exit the file. Restart iptables now:

systemctl restart iptables
systemctl restart ip6tables

Now, go back to your client systems, and install filezilla package.

On Debian based client systems:

sudo apt-get install filezilla

For RHEL based systems, you can install filezilla using following command:

yum install filezilla

Open Filezilla client from your client system “Dash” or “Menu”. Enter the FTP server hostname or IP Address, username, password and port number. Click “Quickconnect” to login.

Probably, you will get the following error.

Error:    The data connection could not be established: EHOSTUNREACH - No route to host
Error:    Connection timed out
Error:    Failed to retrieve directory listing

To get rid of this error, do the following steps. In most cases, Resolution 2 should work.

Resolution 1:

1. From your Filezilla client, go to Edit -> Settings -> FTP ->Active Mode.

In the Active Mode tab, make sure the option “Ask your operating system for the external ip address” is selected.

Then goto Edit -> Settings -> FTP ->Passive Mode. Select “Fall back to active mode” and click Ok.

Now the error will be gone in some cases (May be in Windows OS clients).

Resolution 2:

If the problem still persists, goto your FTP server, edit file “/etc/sysconfig/iptables-config”.

vi /etc/sysconfig/iptables-config

Find the line IPTABLES_MODULES=” “ and change this to IPTABLES_MODULES=”ip_conntrack_ftp”:

# Load additional iptables modules (nat helpers)
#   Default: -none-
# Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
# are loaded after the firewall rules are applied. Options for the helpers are
# stored in /etc/modprobe.conf.
IPTABLES_MODULES="ip_conntrack_ftp"
[...]

Save the iptables rules and restart firewall:

systemctl iptables restart

Now, try again from Filezilla.

It should work now.

Access FTP server from Browser

You can access the FTP server from your client browser also. Navigate to ftp://FTP-Server-IP-Address/. Enter the ftp username and password.

Now you can see the contents in your FTP server.

Log in as a particular user

If you want to login using a particular user, then navigate to ftp://username@FTP-Server-IP-Address/. It will ask the password of user, enter the password and you’re done.

For example, navigate to ftp://sk@192.168.1.101. Enter the password of the user sk.

That’s it.The FTP server ready now. Start using FTP!

Cheers!

For questions please refer to our Q/A forum at : http://ask.unixmen.com/