Tech ramblings and other nonsense
Download the latest beta release from the Downloads page.
wget http://sphinxsearch.com/files/sphinx-2.0.2-1.el5.x86_64.rpmInstall from the RPM (if updating use ‘rpm -Uvh’ instead):
rpm -ivh sphinx-2.0.2-1.el5.x86_64.rpmEnable auto-lauching of the search daemon on boot:
chkconfig --level 345 searchd onStart the search daemon:
/etc/init.d/searchd startHaving mysql/php/apache already setup I decided to install phpMyAdmin, however because the mysql is Percona there were some dependency checks that failed.
After a lot of trial and error the following did the trick:
#stop the services
/etc/init.d/httpd stop
/etc/init.d/mysql stop
#remove mysql
yum --enablerepo=remi remove Percona* mysql*
#install everything in one shot
yum --enablerepo=remi install Percona-Server-server-55 Percona-Server-client-55 phpMyAdmin
#start the services
/etc/init.d/httpd start
/etc/init.d/mysql start
#rerun the secure installation script
/usr/bin/mysql_secure_installationOnce that has finished you’ll need to edit the apache config to allow you remote access to the phpMyAdmin site:
nano /etc/httpd/conf.d/phpMyAdmin.conf
#add allow from your ip address
allow from 123.456.789.101You should now be able to access it at http://example.com/phpMyAdmin/
To change the default scheduler from cfq to deadline simply edit /etc/grub.conf and add elevator=deadline to the kernel that is being used:
$ nano -w /etc/grub.conf
title CentOS (2.6.18-274.3.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-274.3.1.el5 ro root=LABEL=/ elevator=deadline
initrd /initrd-2.6.18-274.3.1.el5.imgThis entry tells the 2.6.18-274.3.1.el5 kernel to use the Deadline scheduler. Make sure to reboot the system to activate the new scheduler.
A handy tip I saw on IRC today. If you’ve ever wanted to see which packages were installed from where then the ‘keychecker’ program is for you.
Make sure you have the EPEL repository setup first, then install via yum:
yum install keycheckerOnce installed simply run the ‘keychecker’ command and it will output all your installed packages sorted by reposity.
MediaInfo supplies technical and tag information about a video or audio file.
First lets grab the rpms. From the download page download the rpms that are appropriate for your platform. My system is CentOS 5 x_64 in the following example:
mkdir /usr/local/src/mediainfo
cd /usr/local/src/mediainfo
#libzen0
wget http://downloads.sourceforge.net/zenlib/libzen0-0.4.22-1.x86_64.CentOS_5.rpm
#libmediainfo0
wget http://downloads.sourceforge.net/mediainfo/libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm
#CLI
wget http://downloads.sourceforge.net/mediainfo/mediainfo-0.7.50-1.x86_64.CentOS_5.rpmOnce downloaded, install them via the following commands:
rpm -i libzen0-0.4.22-1.x86_64.CentOS_5.rpm
rpm -i libmediainfo0-0.7.50-1.x86_64.CentOS_5.rpm
rpm -i mediainfo-0.7.50-1.x86_64.CentOS_5.rpmThat’s it! You can test it by running the ‘mediainfo’ command.
Using the following resources helped setup my second hard drive:
Install the YUM priorities and denyhosts:
yum install yum-priorities denyhostsAdd denyhosts to startup and then start it up:
# chkconfig denyhosts on
# service denyhosts startAny further configuration can be done by editing the configuration file /etc/denyhosts.conf
Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of todays Internet deployed servers and the unique needs of custom deployed Linux installations.
Make sure iptables is installed:
yum install iptables*Download, unpack, and install APF from source:
cd /usr/local/src
wget http://www.rfxn.com/downloads/apf-current.tar.gz
tar -zxf apf-current.tar.gz
cd apf-9*
./install.shBackup the original APF config file:
cp /etc/apf/conf.apf /etc/apf/conf.apf.bak
Now edit the current APF config file:
nano -w /etc/apf/conf.apf
Change the following values:
* RAB="0" to RAB="1"
* RAB_PSCAN_LEVEL="2" to RAB_PSCAN_LEVEL="3"
* TCR_PASS="1" to TCR_PASS="0"
* DLIST_PHP="0" to DLIST_PHP="1"
* DLIST_SPAMHAUS="0" to DLIST_SPAMHAUS="1"
* DLIST_DSHIELD="0" to DLIST_DSHIELD="1"
* DLIST_RESERVED="0" to DLIST_RESERVED="1"Find IFACE_IN= and IFACE_OUT= in /etc/apf/conf.apf and verify that they match your network interface.
Locate HELPER_SSH_PORT=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Locate IG_TCP_CPORTS=”22″ and change it to your SSH port IF you changed it in your sshd_config.
Now restart the APF:
/usr/local/sbin/apf -rNow relogin though ssh again, to verify that you still can login into your server.
When your happy with your firewall and everything works fine, Edit /apf.conf find DEVEL_MODE=”1″ and change it to DEVEL_MODE=”0″.
Restart the APF again:
/usr/local/sbin/apf -rMake sure APF starts automatic after restart:
chkconfig --add apf
chkconfig --level 345 apf onThe firewall should now be active!
Here are some common ports used by cpanel:
Cpanel:
IG_TCP_CPORTS=”20,21,22,25,26,53,80,110,143,443,465,993,995,2082,2083,2086,2087,2095,2096″
IG_UDP_CPORTS=”21,53,873″
EGF=”1″
EG_TCP_CPORTS=”21,22,25,26,27,37,43,53,80,110,113,443,465,873,2089″
EG_UDP_CPORTS=”20,21,37,53,873″First of all we need to make a regular user, since we are disabling direct root login:
adduser admin && passwd adminBackup the current sshd_config:
mv /etc/ssh/sshd_config /etc/ssh/sshd_config.bakCreate a new sshd_config file:
nano -w /etc/ssh/sshd_configPaste the following config into the new file but be sure to change the Port to something different:
## Change to other port is recommended, etc 2488
Port 22
## Sets listening address on server. default=0.0.0.0
#ListenAddress 192.168.0.1
## Enforcing SSH Protocol 2 only
Protocol 2
## Disable direct root login, with no you need to login with admin user, then "su -" you into root
PermitRootLogin no
##
UsePrivilegeSeparation yes
##
AllowTcpForwarding no
## Disables X11Forwarding
X11Forwarding no
## Checks users on their home directority and rhosts, that they arent world-writable
StrictModes yes
## The option IgnoreRhosts specifies whether rhosts or shosts files should not be used in authentication
IgnoreRhosts yes
##
HostbasedAuthentication no
## RhostsAuthentication specifies whether sshd can try to use rhosts based authentication.
RhostsRSAAuthentication no
## Adds a login banner that the user can see
#Banner /etc/motd
## Enable / Disable sftp server
Subsystem sftp /usr/libexec/openssh/sftp-server
## Add users that are allowed to log in
AllowUsers adminRestart the SSHD daemon:
service sshd restartStart a NEW ssh session to ensure you can connect on the new port. Do not close your current session until you are sure the new config is working.
