Scheduling Shutdown Automatically in centos 7

Shut down
Shut down


Shutdown automatically in a centos 7 server is a very easy task. It is possible to set shutdown operation at any time as per your need. It is very helpful task while running any installtion or other processes in the system that could be finished during night time or unavailable time for the client.This article shows you how to set shutdown automatically.

Execute shutdown command

Execute following command to shutdown the system at 15:00, never forget timing will set in 24hr format.

# shutdown 15:00

Cancel scheduled shutdown task

To cancel scheduled shutdown task, run following command

# shutdown -c 
Broadcast message from (Mon 2016-01-18 23:24:16 MSK):
The system shutdown has been cancelled at Mon 2016-01-18 23:25:16 MSK!

Using Cron job

Also by setting cronjob, it is possible to shutdown the system automatically.

# crontab -e

Add the following cron job

0 15 * * * /sbin/shutdown 

Restart crond service

# /bin/systemctl restart crond.service

Please make sure to remove the cronjob too.

How to Install Varnish on CentOS 7 or RHEL 7

Varnish cache
Varnish cache

1. Introduction

Varnish is a proxy and cache, or HTTP accelerator, designed to improve performance for busy, dynamic web sites. By redirecting traffic to static pages, varnish reduces the number of dynamic page calls, thus reducing load. Varnish is designed for content-heavy dynamic web sites as well as heavily consumed APIs. In contrast to other web accelerators, such as Squid, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator.

2. Varnish Cache Performance Parameters

Once installed, Varnish Cache allows us to use several apps to evaluate the server by means of statistics. These apps are the ones mentioned below.

  • varnishtop: grouped list with the most usual entries from different logs.
  • varnishhist: a histogram that shows the time taken for the requests processing.
  • varnishsizes: it performs the same task as “varnishhist” but showing the size of the objects.
  • varnishstat: it shows many contents on cache hits, resource consumption, etc..
  • varnishlog: it allows us to see all the requests made to the web backend server.

3. Requirements

You may need an operating system RHEL 7 or Centos 7 in your dedicated or vps server. Please make sure to set a hostname for your server and its dns is pointing to the IP address of the server.

4. Installation Steps

Before you begin please install LAMP(Linux Apache Mysql PHP) in your server. To install LAMP, Please refer the documentation from here

Update your server with latest packages.

# yum update

Now install varnish on Centos.

# yum install varnish

4.1 How to setup Varnish 4 for Apache

# vi /etc/varnish/varnish.params

Change Listen Port to 80 as we are going to run Varnish in front of Apache:


Now edit Apache configuration file:

# vi /etc/httpd/conf/httpd.conf

Then look for the line that says “Listen 80” and change it to “Listen 8080”

Now restart Apache at first so the webserver run on port 8080 leaving port 80 being usable by Varnish:

# systemctl restart httpd.service
# systemctl restart varnish.service

# systemctl enable varnish.service

You can see varnish running on port 80 using the following command:

# netstat -tunlp | grep :80
tcp        0      0  *               LISTEN      22368/httpd
tcp        0      0    *               LISTEN      22145/varnishd

5. Testing varnish

# varnishd -V

Gives you an output something like this:

varnishd (varnish-3.0.7 revision f544cd8)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2014 Varnish Software AS

You can check it like this

# curl -I 
# curl -I
HTTP/1.1 403 Forbidden
Date: Sun, 17 Jan 2016 10:42:54 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
Last-Modified: Thu, 16 Oct 2014 13:20:58 GMT
ETag: "1321-5058a1e728280"
Accept-Ranges: bytes
Content-Length: 4897
Content-Type: text/html; charset=UTF-8
X-Varnish: 13
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive

How to install Nagios and NRPE in Centos 7 or RHEL 7

1. Introduction

Nagios is a powerful monitoring system that enables organizations to identify and resolve IT infrastructure problems before they affect critical business processes.
Nagios runs periodic checks on user-specified resources and services.

Resources that can be monitored include:
Memory usage
Disk usage
Microprocessor load
The number of currently running processes
Log files.

Services that can be monitored include:
Simple Mail Transfer Protocol (SMTP)
Post Office Protocol 3 (POP3)
Hypertext Transfer Protocol (HTTP) and other common network protocols.

A user-friendly Web-based graphical user interface is provided. An authorization system allows the administrator to restrict access as necessary.

2. Features

  • Monitor your entire IT infrastructure;
  • Identify problems before they occur;
  • Know immediately when problems arise;
  • Share availability data with stakeholders.hypothetical question;
  • Detect security breaches;
  • Plan and budget for IT upgrades;
  • Reduce downtime and business losses.

3. Prerequisition

Nagios server:

Operating system : CentOS 7
IP Address :

Nagios client:

Operating System : ubuntu 15.10
IP Address :

If you have a fresh server you should configure lamp stack on the same.

Also install the following prerequisites too. All commands should be run as root user.

# yum install gd gd-devel gcc glibc glibc-common wget

Nagios user and group

 #useradd -m nagios
 #passwd nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

   # groupadd nagcmd
   #usermod -a -G nagcmd nagios
   #usermod -a -G nagcmd apache

4. Download Nagios And Plugins

By using wget utility we can retrieve files for the installation of latest version of Nagios.

For a good practise download the files in to “/usr/local/src”.

#cd /usr/local/src


Download nagios plugins too. Nagios plugins allow you to monitor hosts, devices, services, protocols, and applications with Nagios.


5. Install Nagios And Plugins

5.1 Install nagios:

Change directory to “/usr/local/src” and extract nagios.

#tar xzf nagios-4.1.1.tar.gz

change to the nagios directory then compile and install.

#cd nagios-4.1.1/
#sudo ./configure --with-command-group=nagcmd
#make all
#make install
#make install-init
#make install-config
#make install-commandmode

5.2 Install Nagios Web interface

Enter the following commands to compile and install nagios web interface.

 #make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account. You’ll need it while logging in to nagios web interface..

# sudo htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Restart Apache to make the new settings take effect.

#systemctl restart httpd

5.3 Install Nagios plugins

Go to the directory /usr/local/src where you downloaded the nagios plugins, and extract it.

#cd /usr/local/src
#tar xzf nagios-plugins-2.0.3.tar.gz

After extracting down loaded file change directory to nagios-plugins by using cd commandand compile and install plugins

#cd nagios-plugins-2.0.3
#./configure --with-nagios-user=nagios --with-nagios-group=nagios
#make install

6.Access Nagios Web Interface

Open nagios administrator console with URL http://nagios-server-ip/nagios and enter the username as “nagiosadmin” and its password which we created in the earlier steps.

Now we can see home page of Nagios, there is an option “Hosts”on the left panel ,by clicking on that we can see hosts currently monitoring by the Nagios server.

Here we can see that Host status and details of host.

In left panel there is an option “Services” which shows that the current status of all services of the localhost.

7.Add Monitoring targets to Nagios server

Now nagios server is ready to monitor so, the next step is to add Nagios clients to monitor, Here Ubuntu 15.10 server has been taken as nagios client.

nrpe and nagios-plugins are need to add in our monitoring targets.

#apt-get install nagios-nrpe-server nagios-plugins

7.1 Configure nagios Client

Then add the nagios server IP to which nagios client should be listen.

Edit /etc/nagios/nrpe.cfg file,Add your Nagios server ip address:

# vi /etc/nagios/nrpe.cfg

Start nrpe service on Ubuntu client:

/etc/init.d/nagios-nrpe-server restart

Now, go back to your Nagios server, and add the clients in the configuration file.

open “/usr/local/nagios/etc/nagios.cfg” and uncomment below line:

# vi /usr/local/nagios/etc/nagios.cfg


Create a directory called “servers” under “/usr/local/nagios/etc/”.

# mkdir /usr/local/nagios/etc/servers

Create config file to the client to be monitored and make changes as follows

$vi /usr/local/nagios/etc/servers/clients.cfg

define host{
use                             linux-server
host_name                       arunima-ubuntu15 
alias                           arunima-ubuntu15 
max_check_attempts              5
check_period                    24x7
notification_interval           30
notification_period             24x7

Here my nagios client ip is “” and hostname arunima-ubuntu15 .

Then restart nagios server

#systemctl restart nagios

Wait for few seconds, and refresh nagios admin console in the browser and navigate to “Hosts” section in the left pane. You will see the newly added client will be visible there. Click on the host to see if there is anything wrong or any alerts it has.


Define services

We have just defined the monitoring host. Now, let us add some services of the monitoring host. Here i have added ssh, ftp and http services to monitor.

# vi /usr/local/nagios/etc/servers/clients.cfg

define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             SSH
        check_command                   check_ssh
        notifications_enabled           0
define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             VSFTPD
        check_command                   check_ftp
        notifications_enabled           0
define service {
        use                             generic-service
        host_name                       arunima-ubuntu15
        service_description             HTTPD
        check_command                   check_http
        notifications_enabled           0

Before adding services to monitor make sure that all are currently running in nagios client.

#systemctl restart nagios

Navigate your browser to http://IP-Address/nagios and enter the Username and Password then click “Hosts”, Here you can see the new linux host and status of services which has been added.

nagios screen shorts

How to install and Configure PostgreSQL with phpPgAdmin on CentOs 7

1. Introduction

PostgreSQL is an powerful open-source relational database management system that provides an implementation of the SQL querying language. phpPgAdmin is web-based client written in php for accessing and managing PostgreSQL databases. This article will help you to install PostgreSQL with phpPgAdmin on centos 7.

2. Requirements

Before installing it make sure you have Apache installed on server.

3. Install PostgreSQL

In order to install the latest version of PostgreSQL we need to download postgresql repository in our system. So you may run the following command:

# wget

Then you have to install this rpm repository using:

# rpm -i pgdg-redhat94-9.4-1.noarch.rpm

Now install PostgreSQL using yum:

# yum install postgresql94-server postgresql94-contrib

You have to initialise the database after the installation is completed using the below command:

# /usr/pgsql-9.4/bin/postgresql94-setup initdb

Start the PostgreSQL service and make it to start automatically at every reboot.

# systemctl start postgresql-9.4
# systemctl enable postgresql-9.4

3.1 Login to postgresql

During the installation a user ‘postgres’ will be created by default. Switch to user postgres:

# su - postgres

Run the command below to login to PostgreSQL

psql (9.4.0)
Type "help" for help.

You can change the default password of postgres using following command:

postgres=# \password postgres
postgres=# \q

Create a user and database in PostgreSQL command line and itself. Also grant access to the database for the created user.

-bash-4.2$ createuser alice
-bash-4.2$ createdb db
-bash-4.2$ psql
postgres=# alter user alice with encrypted password 'alice123';
postgres=# grant all privileges on database db to alice;
postgres=# \q
-bash-4.2$ exit

4. Install phpPgAdmin

Install phpPgAdmin using the command:

# yum install phpPgAdmin

5. Configure phpPgAdmin

Edit the file /etc/httpd/conf.d/phpPgAdmin.conf and make changes accordingly.

Alias /phpPgAdmin /usr/share/phpPgAdmin

        # Apache 2.4
        Require all granted
        #Require host
        # Apache 2.2
        Order deny,allow
        Allow from all
        Allow from
        Allow from ::1
        # Allow from

# vi /etc/phpPgAdmin/

Also edit the php file as follows:

$conf['servers'][0]['host'] = 'localhost';

$conf['servers'][0]['port'] = 5432;

$conf['owned_only'] = true;

6. Configure PostgreSQL

Configure PostgreSQL-MD5 Authentication by editing the file /var/lib/pgsql/9.4/data/pg_hba.conf

# vi /var/lib/pgsql/9.4/data/pg_hba.conf

# TYPE  DATABASE        USER            ADDRESS                 METHOD

# "local" is for Unix domain socket connections only
local   all             all                                     md5
# IPv4 local connections:
host    all             all               md5
host    all             all             md5
# IPv6 local connections:
host    all             all             ::1/128                 md5

Configure TCP/IP

# vi /var/lib/pgsql/9.4/data/postgresql.conf

Edit the file and make following changes 
listen_addresses = 'localhost'
port = 5432

Save the file and restart the services:

# systemctl restart postgresql-9.4

# systemctl restart httpd

Now open your browser and navigate to http://ip-address/phpPgAdmin.

New Linux Kernel Zero day Exploit Vulnerability CVE-2016-0728

New Linux Kernel Zero day Exploit Vulnerability CVE-2016-0728

The PPR research team recently found a 0-day local privillege escalation vulnerability in the linux kernel. This vulnerability has existed since 2012. This bug is cased buy a reference leak in the keyrings facility.

We already performed mitigation procedures in our proactive clients servers. If you don’t have a proactive management plan, please contact us asap

How to test My Kernel?

You can use the following C code to test it.

/* $ gcc leak.c -o leak -lkeyutils -Wall */
/* $ ./leak */
/* $ cat /proc/keys */


int main(int argc, const char *argv[])
    int i = 0;
    key_serial_t serial;

    serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring");
    if (serial < 0) {
        return -1;

    if (keyctl(KEYCTL_SETPERM, serial, KEY_POS_ALL | KEY_USR_ALL) < 0) {
        return -1;

    for (i = 0; i < 100; i++) {
        serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, "leaked-keyring");
        if (serial < 0) {
            return -1;

    return 0;

It will a sample output like as follows,

@ohome:~$ gcc leak.c -o leak -lkeyutils -Wall
@ohome:~$ cat /proc/keys
@ohome:~$ ./leak
@ohome:~$ cat /proc/keys
3fa2af76 I--Q--- 100 perm 3f3f0000 1000 1000 keyring leaked-keyring: empty

You can download the a full exploit from here. It will take around 30 to 40 minutes to finish the forking. Well as you know time is not an issue in privillege excalation exploit.


This was affected by almost all kernel version(3.x + ) Initially disable the following in sysctl.conf


After that upgrade your kernel version. There may be already a patch for the kernel in your OS.


1. PPR Research Page

How to install Apache Thrift on Ubuntu 14.04

1. Introduction

Apache Thrift is just a software framework written in C++. It was initially developed in 2007 by Facebook but now it is an Open Source project in Apache Software Foundation (ASF). The RPC is Remote Procedure Call is a type of protocol, requesting a service from one server to another server in a network using programs. Tt does not need any kind of network details for the whole process. In this article, We are going to install Apache Thrift.

Install all the dependencies

# apt-get install libboost-dev libboost-test-dev libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libevent-dev automake libtool flex bison pkg-config g++ libssl-dev ant

2. Install Java JDK

Check whether the Java JDK package is installed or not. You may use the below command to verify :

# java --version

If the Java JDK is not installed. Please the command to install Java JDK :

# apt-get install openjdk-7-jre 
# apt-get install openjdk-7-jdk

Thus we have completed installing the dependencies.

3. Installation

Download the latest version of Apache Thrift from there official site in to your local directory :


Extract the tar file :

# tar -xvf thrift-0.9.3.tar.gz

Now install thirift folder :

# cd thrift-0.9.3/
# ./configure
thrift 0.9.3

Building C++ Library ......... : yes
Building C (GLib) Library .... : no
Building Java Library ........ : yes
Building C# Library .......... : no
Building Python Library ...... : no
Building Ruby Library ........ : no
Building Haxe Library ........ : no
Building Haskell Library ..... : no
Building Perl Library ........ : no
Building PHP Library ......... : no
Building Erlang Library ...... : no
Building Go Library .......... : no
Building D Library ........... : no
Building NodeJS Library ...... : no
Building Lua Library ......... : no

C++ Library:
   Build TZlibTransport ...... : yes
   Build TNonblockingServer .. : yes
   Build TQTcpServer (Qt4) .... : no
   Build TQTcpServer (Qt5) .... : no

Java Library:
   Using javac ............... : javac
   Using java ................ : java
   Using ant ................. : /usr/bin/ant

# make 
# make install

Thus the installation process is completed. We can verify the installation using the command below :

# thrift -version
Thrift version 0.9.3

4. Conclusion

Thus we have completed the installation of Apache Thrift.

How to install and configure Bind DNS Cluster in Linux

1. Introduction

Short for Domain Name System (or Service or Server), an internet service that converts domain names into IP addresses. Domain names are much easier to remember than IP addresses.

Information from all the domain name servers across the Internet are gathered together and housed at the Central Registry. Host companies and Internet Service Providers interact with the Central Registry on a regular schedule to get updated DNS information.

2. Requirements

For master DNS Server:

OS : Centos 7
IP Address :

For slave DNS Server:

OS : Ubuntu 14.04
IP Address :

3. Setup Master DNS Server

Install the bind packages

# yum install bind* -y

To configure the DNS server follow the below step.

# vi /etc/named.conf

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {
        listen-on port 53 {;; }; ## MASTER ##  
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost;; }; ## RANGE ##
        allow-transfer { localhost;; }; ## SLAVE ##

zone "." IN {
        type hint;
        file "";

zone "" IN {
type master;
file "";
allow-update { none; };

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

To create zone files as mentioned in /etc/named.conf, follow the steps below.

Important: Please make sure that you replace ‘@’ with ‘’ in both the zone files.

Create forward zone file.

# vi /var/named/

$TTL 86400
@   IN  SOA (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
@       IN  NS
@       IN  NS
@       IN  A 
@       IN  A 
masterdns       IN  A
secondarydns    IN  A

Create reverse zone file.

# vi /var/named/

$TTL 86400
@   IN  SOA (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
@       IN  NS
@       IN  NS
@       IN  PTR
masterdns       IN  A
secondarydns    IN  A
18     IN  PTR
19     IN  PTR

Add the following line in /etc/resolv.conf

# vi /etc/resolv.conf


Now start the named service

# systemctl named start
# chkconfig named on

Verify DNS configuration and zone files for any syntax errors

# named-checkconf /etc/named.conf 

# named-checkzone /var/named/

Output is as follows:

zone loaded serial 2011071001

Now we need to check the reverse zone.

# named-checkzone /var/named/

Output is as follows:

zone loaded serial 2011071001

Now you can test the DNS server using the following commands. Testing with any one of the command is fine.

$~ dig

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57668
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;		IN	A

;; AUTHORITY SECTION:		86400	IN	SOA 2015112001 86400 7200 3600000 86400

;; Query time: 0 msec
;; WHEN: Fri Jan 15 02:23:30 IST 2016
;; MSG SIZE  rcvd: 108

Do an nslook for the domain name

# nslookup



4. Setup slave DNS server

Install the bind packages.

# apt-get install bind9 bind9utils bind9-doc

To configure slave DNS server follow the below step.

# vi /etc/bind/named.conf

Make sure it contains the following lines. If not, add them.

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

Save and quit the file.

# vi /etc/bind/named.conf.local

Add the following lines to it

zone"" {
        type slave;
        file "/var/named/";
        masters {; };

Add the following line in /etc/resolv.conf

# vi /etc/resolv.conf


Give permissions and change ownership

# chmod -R 755 /etc/bind
# chown -R bind:bind /etc/bind

Now restart the bind service

# service bind9 restart

Add dns-nameservers in /etc/network/interfaces

# vi /etc/network/interfaces

auto venet0:0
iface venet0:0 inet static
        dns-search home

Now test the DNS server using the following commands. Testing with any one of the command is fine.

$~ dig masterdns.inhouse.local

; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> masterdns.inhouse.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21775
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;masterdns.inhouse.local.	IN	A

.			6364	IN	SOA 2016011401 1800 900 604800 86400

;; Query time: 0 msec
;; WHEN: Fri Jan 15 00:02:14 MSK 2016
;; MSG SIZE  rcvd: 127


$~ dig secondarydns.inhouse.local

; <<>> DiG 9.9.5-3ubuntu0.6-Ubuntu <<>> secondarydns.inhouse.local
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2592
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;secondarydns.inhouse.local.	IN	A

.			6600	IN	SOA 2016011401 1800 900 604800 86400

;; Query time: 0 msec
;; WHEN: Fri Jan 15 00:02:50 MSK 2016
;; MSG SIZE  rcvd: 130

# nslookup


5. Finishing point

BIND includes a utility called rndc which allows command line administration of the named daemon from the localhost or a remote host.

You can now reload rndc on both servers.

# rndc reload