How to install Fail2Ban on CentOS 7

Fail2ban scans log files and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc.

The commands are executed with root privilege.

Update the software packages in the system using the command

#yum update -y

Now install fail2ban in the server running the below command,

#yum install fail2ban fail2ban-systemd

Update the selinux policy by

#yum update -y selinux-policy*

After the installation,we have to configure and customize the software with a jail.local configuration file,so even though the default jail.conf modified by package upgrades our changes will be safe.All default options will be taken from the jail.conf file and all the thing which you wish to override will be taken from jail.local file.

#cp -pf /etc/fail2ban/jail.conf  /etc/fail2ban/jail.local

Open the jail.local using vim editorand you can set limit to prevent a ban on one or many IP addresses, set bantime duration, etc. Example is given below.

#vim /etc/fail2ban/jail.local
# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime  = 600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime  = 600

# "maxretry" is the number of failures before a host get banned.
Maxretry = 5

We are gonna add a jail file to protect SSH.

Create a file /etc/fail2ban/jail.d/sshd.local using vim and addthe following lines to the file.

#vim /etc/fail2ban/jail.d/sshd.local
[sshd]
enabled = true
port = ssh
#action = firewallcmd-ipset
logpath = %(sshd_log)s
maxretry = 5
bantime = 7200

Now enable and start the fail2ban by executing below commands,

#systemctl enable fail2ban
#systemctl start fail2ban 

To track the failed login attempts,use the given command,

#cat /var/log/secure | grep 'Failed password'

And we will get an output like this:

Apr 19 13:08:48 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2
Apr 19 13:08:55 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2
Apr 19 13:08:59 server sshd[21017]: Failed password for root from 10.0.0.110 port 53188 ssh2

Command to check the status of the Fail2Ban jails and th output iwill be similar as,

# fail2ban-client status
Status
|- Number of jail:	1
`- Jail list:	sshd

We can remove the ban of the ip address using the command

#fail2ban-client set sshd unbanip ‘IPADDRESS’

Install and Configure SQUID Proxy Server on CentOS

Squid Proxy is an open source caching proxy for the web. It supports many protocols such as HTTP, HTTPS, FTP and more.It can also be used for web filtering.

I am accessing the server with root privilege. Before move on to installation,we may need to update the system and packages using the following command.

# yum update -y

Now install squid using the below command. Squid packages are included in default yum repository.

# yum install squid -y

Once it’s installed, run the commands to start the program and check it’s status.

# systemctl start squid
# systemctl status squid
 squid.service - Squid caching proxy
   Loaded: loaded (/usr/lib/systemd/system/squid.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-04-15 12:40:04 IST; 1s ago
  Process: 11814 ExecStart=/usr/sbin/squid $SQUID_OPTS -f $SQUID_CONF (code=exited, status=0/SUCCESS)
  Process: 11809 ExecStartPre=/usr/libexec/squid/cache_swap.sh (code=exited, status=0/SUCCESS)
 Main PID: 11815 (squid)
    Tasks: 3
   Memory: 17.6M
   CGroup: /system.slice/squid.service
           ├─11815 /usr/sbin/squid -f /etc/squid/squid.conf
           ├─11817 (squid-1) -f /etc/squid/squid.conf
           └─11818 (logfile-daemon) /var/log/squid/access.log

Apr 15 12:40:04 server.example.com systemd[1]: Starting Squid caching proxy...
Apr 15 12:40:04 server.example.com squid[11815]: Squid Parent: will start 1 kids
Apr 15 12:40:04 server.example.com squid[11815]: Squid Parent: (squid-1) process 11817 started
Apr 15 12:40:04 server.example.com systemd[1]: Started Squid caching proxy.

By default squid runs on port 3128. You can change the port if you want to start squid on different port. Edit the configuration file of squid ( /etc/squid/squid.conf )and change http_port value.

I changed the port to 9080 and restarted the service using the commands,

# vi /etc/squid/squid.conf 
# systemctl restart squid

Now check the service is up on the given port,

# netstat -tulpn |grep 9080
tcp6       0      0 :::9080                 :::*                    LISTEN      12069/(squid-1) 

We can block single or mutiple websites according to the need. To block a specific site we need to add some rule in /etc/squid/squid.conf .

Open the squid configuration file using vim editor

# vi /etc/squid/squid.conf 

Add the following lines under acl list and http_access list.

acl block-site dstdomain domain name
http_access deny block-site

Save the changes and restart the service using

 # systemctl restart squid

If you need to block multiple websites ,create a file /etc/squid/blocksites.list and put the domains one per line.

domain1.com
domain2.com

Now edit the configuration as like before using vim editor and add the following lines under acl and http_access

acl blockwebsites  dstdomain  "/etc/squid/blocksites.list"
http_access deny  blockwebsites

Restart the service and if you try to access the sites , you will get an access denied message from Squid.

Now you have installed and configured Squid proxy server.

Installation of python from source code on centos 7

python
python

Python is an interpreted, object-oriented, high-level programming language with dynamic semantics.Python’s simple, easy to learn syntax emphasizes readability and therefore reduces the cost of program maintenance.

My intention here is to make python accessible from the command line.

Before installation,just update the software packages in the server using the below command.

#yum update

Now change the directory according to your choice inorder to download the source file.

#cd usr/local/src/

Download the source file using the following command,

#wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tar.xz

Extract the downloaded using using tar command as,

#tar -xJf Python-3.6.4.tar.xz
#cd Python-3.6.4

Now its time execute the well known command configure

#./configure 

Run the following commands to install python into the server.

#make
#make install

After the python is compiled and installed,access python from terminal and start coding.

# python3 -V
Python 3.6.4
#python3.6
Python 3.6.4 (default, Apr 12 2019, 10:16:39) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-36)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> f=5
>>> print(f)
5
>>> 

Installing Apache in Remote hosts Using Ansible Playbook.

Apache
Apache

Ansible is an open source automation tool. Which is very simple to setup and yet powerful.It can help you with task automation,configuration management,application deployment.

Ansible is available for free and runs on Linux, Mac or BSD. Aside from the free offering, Ansible also has an enterprise product called Ansible Tower.

First testing.

After installing ansible and added few hosts to the inventory file, normally /etc/ansible/hosts you can check connection between them using ping.A connection will be made with ssh keys and you can also specify a username and password.

[root@ansible playbooks]# ansible all -m ping
10.0.0.209 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
10.0.0.206 | SUCCESS => {
    "changed": false, 
    "ping": "pong"
}
[root@ansible playbooks]#

Here “all” keyword is for all of the hosts in your inventory.

Playbook.

The real strength of Ansible lies in its playbooks. Playbooks are written in YAML

ansible-playbook [options] playbook.yml [playbook2 ...]

1.Creating playbook for installing httpd.

# cat httpd.. 
---
- hosts: apache
  tasks:
      name: install httpd*
      yum: name=httpd state=latest

2. Run the newly created playbook.

#ansible-playbook httpd.yaml

Which shows,

PLAY [apache] ****************************************************************************************************************************************************************************************

TASK [Gathering Facts] *******************************************************************************************************************************************************************************
ok: [10.0.0.206]
ok: [10.0.0.209]

TASK [install httpd*] ********************************************************************************************************************************************************************************
changed: [10.0.0.206]
changed: [10.0.0.209]

PLAY RECAP *******************************************************************************************************************************************************************************************
10.0.0.206                 : ok=2    changed=1    unreachable=0    failed=0   
10.0.0.209                : ok=2    changed=1    unreachable=0    failed=0   

If you visit your secondary server’s hostname or IP address in your browser, you should now get apache default page

How To Install Jira On Centos

Centos
Centos

JIRA is a issue tracking product, It is used for bug tracking, issue tracking, and project management system. In this blog, I will explain that how to install and configure latest version of JIRA on a Centos.This blog will help you to configure a JIRA with MySQL.

Requirement

JIRA require at least 1GB of RAM. If you not use a swap file, I recommend over 2GB of RAM.root privileges

JAVA software package is require for JIRA establishment. First. You need to install the java software package “java-1.8.0-openjdk-devel “on your centos server.

# yum install -y java-1.8.0-openjdk-devel
# java -version

If installation is success, you see the following output

# java -version
openjdk version "1.8.0_201"
OpenJDK Runtime Environment (build 1.8.0_201-b09)
OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)
# 

To install Jira on CentOS, please refer the following steps:

You need to download the latest JIRA Installer (.bin) file from the JIRA official page or given link to directory /opt

# cd /opt
#wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-software-7.3.0-x64.bin

After that, give the execute permission to .bin file and install JIRA.

#chmod +a atlassian-jira-software-7.3.0-x64.bin
#./atlassian-jira-software-7.3.0-x64.bin

After you successful installation Jira, login URL is displayed and use it to login

http://server-ip:8080
or
http://server-hostname:8080

To connect JIRA with MySQL, you need to copy the MySQL JDBC driver to your Jira server. Also, Copy the MySQL JDBC driver jar file to the JIRA installation directory /opt/atlassian/jira/lib/ . Also create a database and new user for JIRA.Also, you give the full permission for JIRA mysql user.

To configure the MySQL database

To create a database user for JIRA using following command:

#mysql -u root -p

   CREATE DATABASE jiradb CHARACTER SET utf8 COLLATE utf8_bin;

   grant all privileges on jiradb.* to 'jira'@'%' identified by 'syslint123!@#';

   flush privileges;
   exit

Copy the MySQL JDBC driver to your Jira server

After you installing the JIRA, you require MySQL Connector driver. You can download either the .tar.gz or the .zip file from official site. Otherwise, you can use the following command:

# cd /opt
# wget http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.35.tar.gz

Extract the archive file

# tar -zxvf mysql-connector-java-5.1.35.tar.gz

Copy the MySQL JDBC driver jar file to the JIRA installation directory /opt/atlassian/jira/lib/

# cd /opt/mysql-connector-java-5.1.35
# cp mysql-connector-java-5.1.35-bin.jar /opt/atlassian/jira/lib/

To restart Jira Service

# cd /opt/atlassian/jira/bin/
# ./shutdown.sh
# ./startup.sh

How to Install Apache Maven on CentOS 7

Apache
Apache

Maven is a automation tool used to build and manage projects written in C, ruby language, In this blog, I will explain that how to install and configure latest version of Apache Maven on a CentOS 7.

Requirement

CentOS 7 Server
Root privileges

# steps:

Install Java OpenJDK on CentOS 7
Download Apache Maven Binary Files from source file
Configure Apache Maven Environment on centos

First. You need to install the Java on the CentOS 7 server. The apache Maven requires JDK 1.7 or above. So, please install the java software package “java-1.8.0-openjdk-devel “on this server.

# yum install -y java-1.8.0-openjdk-devel
# java -version

If installation is success, you see the following output.

# java -version
openjdk version "1.8.0_201"
OpenJDK Runtime Environment (build 1.8.0_201-b09)
OpenJDK 64-Bit Server VM (build 25.201-b09, mixed mode)

Please download Apache maven from its official website or use following link to download Maven 3.5.4. package to directory /usr/local/src

# cd /usr/local/src
# wget http://www-us.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.tar.gz

After that, extract downloaded file using following command.

# tar -xf apache-maven-3.5.4-bin.tar.gz
# mv apache-maven-3.5.4/ apache-maven/ 

To configure the environments variables to Apache Maven files, you need to create file ‘maven.sh’ in the ‘/etc/profile.d’ directory

# cd /etc/profile.d/
# vim maven.sh

Add the following configuration in maven.sh file

export M2_HOME=/usr/local/src/apache-maven
export PATH=${M2_HOME}/bin:${PATH}

To load the added configuration by using the ‘source’ command.

# chmod +x maven.sh
# source /etc/profile.d/maven.sh

After that, you need to check that Apache Maven installation is successfully or not , run the following maven command.

# mvn -version
Apache Maven 3.5.4 (1edded0938998edf8bf061f1ceb3cfdeccf443fe; 2018-06-17T18:33:14Z)
Maven home: /usr/local/src/apache-maven
Java version: 1.8.0_201, vendor: Oracle Corporation, runtime: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-2.el7_6.x86_64/jre
Default locale: en_IN, platform encoding: UTF-8
OS name: "linux", version: "4.15.0-43-generic", arch: "amd64", family: "unix"

Installing Apache CouchDB on Centos 7

Apache
Apache

CouchDB is an open-source database, and was first released in 2005 and later became an Apache Software Foundation project in 2008. Apache CouchDB™ lets you access your data where you need it.

CouchDB has a document-oriented NoSQL database architecture and is implemented in the concurrency-oriented language Erlang; it uses JSON to store data, JavaScript as its query language using MapReduce, and HTTP for an API.

1. Upgrade your system

You need to upgrade your system software to the latest version before proceeding with the installation of CouchDB.

 # yum update

Make sure the EPEL repository is present on the server, if it is not, try running this command.

# yum install epel-release

2. Add Apache repository

Before proceeding with the CouchDB installation, you may need to add the apache repository.

Create a file named apache.repo in the location /etc/yum.repos.d and edit the file and add the contents.

# vi /etc/yum.repos.d/apache.repo
[bintray--apache-couchdb-rpm]
name=bintray--apache-couchdb-rpm                          baseurl=http://apache.bintray.com/couchdb-rpm/el$releasever/$basearch/
gpgcheck=0
repo_gpgcheck=0
enabled=1

3. Install Apache CouchDB

Run the following command.

#  yum install couchdb

4. Configure Apache CouchDB

When the installation is finished, run the following commands to start and enable CouchDB.

# systemctl start couchdb
# systemctl enable couchdb

Verify the CouchDB is running or not by running the following command.

# systemctl status couchdb

You will get a output simialar as below if the installation was done properly.

 # systemctl status couchdb

● couchdb.service - Apache CouchDB
        Loaded: loaded (/usr/lib/systemd/system/couchdb.service; enabled; vendor preset: disabled)
Active: active (running) since Sun 2018-02-04 16:34:22 CST; 2min 33s ago
Main PID: 1255 (beam.smp)
CGroup: /system.slice/couchdb.service
|─1255 /opt/couchdb/bin/../erts-7.3/bin/beam.smp -K true -A 16 -Bd -- -root /opt/couchdb/bin/.. -progname couchdb -- -home /opt/couchdb -- -boot /opt/co...
├─1263 /opt/couchdb/bin/../erts-7.3/bin/epmd -daemon
├─1478 sh -s disksup
├─1480 /opt/couchdb/bin/../lib/os_mon-2.4/priv/bin/memsup
└─1481 /opt/couchdb/bin/../lib/os_mon-2.4/priv/bin/cpu_sup

6. Enable Fauxton Web GUI Administration Panel

Fauxton is a web-based interface built into CouchDB. It provides interface with the ability to manage documents, views and various configuration settings.

Modify the file:

# vi /opt/couchdb/etc/default.ini

Go to the line “[chttpd]” and edit the bind_address value with your IP address.

[chttpd]
; These settings affect the main, clustered port (5984 by default).
port = 5984
bind_address = 198.26.36.203

Restart CouchDB:

  # systemctl restart couchdb

Open the URL with your IP address in the web browser.

http://98.26.36.2103/_utils/

7. Creating an Administrator User in Fauxton

Open the URL with your IP address.

http://198.26.36.203:5984/_utils/#createAdmin

Enter your desired admin username and password.

That’s it. Now if you want to log in again the Fauxton Web GUI interface will ask you for your login credentials.