Home » Linux (Page 2)

Category Archives: Linux

Host your website at All-inkl.com ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Which section on error-blog.com do you like most?

View Results

Loading ... Loading ...

Install and Test Confluence Wiki and MySQL on Ubuntu

women writes notes to a note book, coffee cup

Basic Information

Confluence is a Wiki system comparable with MediaWiki. In companies it is used for documentation purposes and as an information hub. It is basically a commercial software and Atlassian is the company behind it. It is possible to have a free installation with some limitations or to buy a license to have an instance with full features. Confluence is proprietary software written in Java.

The data store which holds basically the majority of the web content of Confluence is in our case MySQL. MySQL is available in the Ubuntu repositories.

Please notice that a productive installation needs to have a good planning. I provide here a good first impression on how to do a successful setup of a test instance of Confluence.


1. Install Software

On Ubuntu the prerequisite to have Confluence finally up an running is to have these packages installed by Terminal/Shell:

sudo apt-get --yes install mysql-server

2. Create a MySQL Database

After we have installed the MySQL Ubuntu package we need to create a database and an user and grant access to the user with the MySQL Command Line Interface (CLI). First log in with empty password:

sudo mysql -u root -p

Then create a database with the name “confluence”:

mysql> CREATE DATABASE confluence;

The next command creates a user called “confluence” with the password “secpasswd”. And the user gains access to the database:

mysql> GRANT ALL PRIVILEGES ON confluence.* TO confluence@localhost IDENTIFIED BY 'secpasswd';

Exit the MySQL CLI:

mysql> FLUSH PRIVILEGES; 
mysql> quit

After this stay in the Terminal/Shell and run this command:

sudo echo transaction-isolation=READ-COMMITTED >>/etc/mysql/mysql.conf.d/mysqld.cnf

This step is required. If not done the installation will fail later on.


3. Download Confluence

To download Confluence run in a Terminal/Shell:

wget https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-7.20.1-x64.bin -O /tmp/atlassian-confluence-7.20.1-x64.bin

Now is is necessary to set the right permissions to the downloaded file to make it executable:

chmod a+x /tmp/atlassian-confluence-7.20.1-x64.bin

4. Start the Installation

To start the installation procedure run in a Terminal/Shell:

sudo /tmp/atlassian-confluence-7.20.1-x64.bin

Fontconfig and Jave Runtime Environment (JRE) are configured. The next steps are summarized on a screenshot. The configurations are red marked:


We did an “Express Install” and Confluence is now accessible by an internet browser and the address “http://localhost:8090”. The installation continues now by browser.

I recommend for testing purposes to choose:

Trail Installation

A link is provided to Atlassian.com to register for a trail license. This can be done easily with a Google Account. After setting the trail license choose:

Non-clustered (single node)

Next it’s about the database settings. Use “MySQL”, open a Terminal/Shell and do the following:

wget https://cdn.mysql.com/archives/mysql-connector-java-5.1/mysql-connector-java-5.1.49.zip -O /tmp/mysql-connector-java-5.1.49.zip
unzip /tmp/mysql-connector-java-5.1.49.zip -d /tmp
sudo cp /tmp/mysql-connector-java-5.1.49/mysql-connector-java-5.1.49-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib
sudo service confluence restart

Refresh the browser and continue with “MySQL” and insert the following data into the appropriate fields:

Setup type: "simple"

Hostname: “localhost”

Port: "3306"

User: “confluence”

Database name: “confluence”

Password: “secpasswd”

Click on “Next”

On the “Load Content” Page, let’s set up an “Example Site”.

On the “Configure User Management” page I selected “Manage users and groups within Confluence. I set on the “Configure System Administrator Account” my username, email and password. Then I got “Setup Successful” and clicked to “Start”.


Conclusion

The setup can be very tricky but finally we got a good first impression and a solid test environment. Maybe several health check messages are popping up and some optimizations need to be done. Since Confluence is not completely free, MediaWiki or XWiki could be an alternative. As I wrote above a free license with several restrictions is offered by Atlassian.

Install Joomla! and MySQL on Ubuntu

mobile computer, a note book, someone is writing into the note book

This tutorial is about installing the Content Management System (CMS) Joomla! and the Database system MySQL on Ubuntu. Joomla! is one of the most popular CMS nowadays. It provides an easy way to set up web pages and to publish content in the internet. Joomla! is a typical CMS while other software like WordPress is more focused on providing blogs.

MySQL is the database system and keeps the information stored which is displayed by Joomla!. Another component which is used in out setup is the Apache2 web server. The web server handles the http requests from internet browsers and basically sends the Joomla! content to the visitors computer.

An other compounded which needs to be installed is PHP. Joomla is mainly written in PHP and therefor a bunch of Linux packages related to PHP need to be installed as well.


1. Install Software

As a first step we need to install some Ubuntu packages like MySQL, Apache2 and PHP . They are all in the standard repositories and the installation should not cause problems. Execute this commands in a Terminal or Shell:

sudo apt-get --yes install mysql-server apache2 
sudo apt-get --yes install libapache2-mod-php php-mbstring 
sudo apt-get --yes php-xml php-intl php-mysql
sudo a2enmod php7.4

2. Create the MySQL Database

Since MySQL is installed already we can just enter the MySQL Command Line Interface (CLI) with the following command:

sudo mysql -u root -p

Now we are in the MySQL CLI and we need to create the database for Joomla!

mysql> CREATE DATABASE joomla;

As the next step, we need to create a user, grant the necessary permissions to the user and at the same time we are setting a password:

mysql> GRANT ALL PRIVILEGES ON joomla.* TO joomla@localhost IDENTIFIED BY 'secpasswd';

…and quit then:

mysql> FLUSH PRIVILEGES;
mysql> quit

3. Download Joomla! to the right Directory

Now we need to download and extract Joomla! in a terminal/shell with these commands:

sudo mkdir /var/www/html/joomla
cd /var/www/html/joomla
sudo wget https://downloads.joomla.org/cms/joomla4/4-2-4/Joomla_4-2-4-Stable-Full_Package.zip
sudo unzip Joomla_4-2-4-Stable-Full_Package.zip 

The “unzip” command extracts the compressed ZIP file. Notice that the version 4.2.4 is the newest as I am writing this blog post. In a few weeks a new version will be released.


5. Modifications in the File System

To not run into an error during the next steps, the ownership for the Joomla! directory has to be set. On my Ubuntu system the “www-data” user and the “www-data” group have to be the owner of the directory structure. Run the following command:

chown -R  www-data:www-data /var/www/html/joomla

6. Install and Configure Joomla!

Next, open an internet browser and connect to “http://localhost/joomla”. So far so good!.

The rest is a quite simple process:

Enter a site name and click on “Setup Login Data”. Then set a Super User name and a password. Provide an email address. Click on “Setup Database Connection”. On the page “Database Configuration” the data from the step above is needed:

Choose: “MySQLi”

User: “joomla”

Database: “joomla”

Password: “secpasswd”

The host should stay “localhost”.

Then click on “Install Joomla” and wait a few moments.

Then you see “Open Site” and “Open Administrator”.


Conclusion

The most critical step is probably the 5. step “Modifications in the File System”. It took me a few minutes to resolve some permission and server errors. If you follow my instructions it will work.

But now you can log in with the user “user” and the “secpasswd” which you set during the installation procedure.

Other web apps like WordPress and MediaWiki are installed in the same way. You find my MediaWiki blog post here.

Feel free to comment this blog post!

Install MediaWiki and MySQL on Ubuntu

screen displays a web page

Basic Information

The aim of this tutorial is to have MediaWiki running on a Ubuntu PC. MediaWiki is basically a web based system which provides information to visitors. This information can be modified by multiple users. In companies it is used to documentation and collaboration purposes. The famous website “Wikipedia” has as its base system a MediaWiki.

To have MediaWiki running and online other components are required as well. A web server and a database server are needed. The web server handles the http requests from the web browsers and the database contains basically the information which is stored by MedaiWiki.

MediaWiki is written in the programming language PHP. PHP components need to be installed as well.

I use “Apache2” as web server and I use “MySQL” as database server in this tutorial. Both is open source software and available in the Ubuntu repositories.


1. Install Software

As a first step it is necessary to open a terminal with a bash and install the Apache2 web server, PHP and the MySQL database server and client:

sudo apt-get --yes install mysql-server apache2 
sudo apt-get --yes install libapache2-mod-php php-mbstring 
sudo apt-get --yes php-xml php-intl php-mysql
sudo a2enmod php7.4

2. Create a MySQL Database

As I wrote before the database keeps basically the information of the MediaWiki installation.
Run these commands to enter MySQL and to create a database:

sudo mysql -u root -p

Enter the Mysql Root password – in my case the password is blank.

mysql> CREATE DATABASE wiki;

The command above creates the database.

mysql> GRANT ALL PRIVILEGES ON wiki.* TO wikiuser@localhost IDENTIFIED BY 'secpasswd';

The command above creates a user called “wikiuser” with the password “secpasswd”. Then do this:

mysql> FLUSH PRIVILEGES;
mysql> quit

3. Download MediaWiki to the right Directory

Now we need to download the latest stable version of MediaWiki. At the date of writing this blog post the following commands did the job:

sudo cd /var/www/html/
sudo wget https://releases.wikimedia.org/mediawiki/1.38/mediawiki-1.38.4.zip
sudo unzip mediawiki-1.38.4.zip 

The last command extracts the compressed zip file.


4. Install and Configure MediaWiki

Now we need to open the browser and connect to this address: “http://localhost/mediawiki-1.38.4/index.php” . Click on “set up the wiki”.

From now it is a quite intuitive process. Select the language for MediaWiki and continue.

On the page called “Connect to Database” we need to provide the setting which we set before in the step “2. Create a MySQL Database” of this tutorial.

Host: “localhost”

User: “wikiuser”

Database: “wiki”

Password: “secpasswd”

Click on “Continue”

On the page called “Name”, set the name of the Wiki installation, set a username and a password. Later you will need the username and the password to log into the MediaWiki.

In our test lab situation we can safely click on “I’m bored already, just install the wiki.”


4. Download the Configuration

Download now the “LocalSettings.php” and copy it to “/var/www/html/mediawiki-1.38.4”.

Click finally the “Enter the Wiki”.


Conclusion

The process is basically not very complicated. A lot of web applications have a similar setup procedure. I will post soon an instruction about installing WordPress. I did a Joomla” tutorial already – click here to see it. That’s basically very close to what I posted today.

Keep in mind that there could problems with the PHP version arise. Not every MediaWiki version is compatible with all the PHP version. See here the MediaWiki requirments: https://www.mediawiki.org/wiki/Manual:Installation_requirements

Another issue could be that the MediaWiki is not accessible from other computers in the network. A host firewall could cause this problem.

ata3:00: status: DRDY ERR

harddisk apart

The Problem

During the years in my career I relatively often see a specific error message on Linux production servers. The error is associated with hard drive failures. I saw the problem on systems with conventional HDD drives as well on servers which are only using NVMe drives. RAID array disks are affected as well as single drive systems.

The information in the internet is relatively rare in relation to the appearance of the problem. Sometimes the error are appearing on std out, directly in the shell and sometimes they are only visible when “dmesg” is executed.

Here is the error which is meant:

ata3:00: status: { DRDY ERR }
ata3.00: error {UNC }
ata3:00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x0
ata3:00: BMDMA stat 0x25
ata3:00: failed command: READ DMA

For sure the details like the ATA number are different depending on the configuration of the system.


The Analysis

The error basically says that somethings wrong with a specific disk drive. We need to find out which physical disk is causing the error.

This command works for me on Ubuntu 20.04:

ls /dev/disk/by-path -al

It shows the ATAx to /dev/sdX association on my system. Since I know now the /dev/sdx device I need to get the serial number of the hard drive:

smartctl -a /dev/sdX

To know the serial number of the hard disk is important because the serial number is, at least on HDDs, printed on a sticker on the disk.


infolinks ad, man says, he earns 1000$ with infolinks.com

The Fix

I had luck at least in 40 percent of the cases in which this error appeared by just shutting down the computer, opening the casing, identifying the right physical disk and changing the connecting SATA cable.

One time the error appeared on multiple disks at the same time. The fix was to order an identical mainboard and physically installing it. I connected the disks again to the new mainboard and the error never appeared again.

Another method could be just to shut down the system and unplug and reconnect the SATA cables on the same socket (loose contact). This solved the problem one time for me.

In the case of NVMe drives it could help to shut down the computer and also unplug the NVMe and reconnect it to rule out a loose contact.

But sometimes there is just a hard disk drive defect and the hard disk needs to be replaced.

Rootkit Scan with Ubuntu Live System

Black man with mobile computer

Basic Information

Sometimes it is the case that Linux, like other Operating Systems, shows odd behavior. And in some cases the cause of the odd behavior cannot be comprehended although log files are verified and the hardware is checked. I had this problem too often in the past years.

Then often I check the system for malicious software. On Linux are programs available which are scanning for a so called Rootkits. A Rootkit is a malicious software which grant administrative access to the attacker or hacker.

Well known detection software for Rootkits are programs like Rootkit Hunter, Unhide or Chkrootkit.

The difference between a Rootkit and a Virus is that the Virus doesn’t necessarily administrative access to the system.


The Problem

If the Rootkit scan is done on a System which is already infected, then the Rootkit is probably not found because the Rootkit is hidden. There are only hints which are only difficult to distinguish from false positives.


The Fix

Rootkit scans can then be done from a Linux Live system. Just follow the following steps:

1. Step

Download Ubuntu Live Iso file and install the Iso file to a USB stick.

2. Step

Boot the Ubuntu Live system and select “Try Ubuntu”.

3. Step

Install Chkrootkit:

apt-get update
apt-get install chkrootkit

4. Step

On my system the following partitions exist:

  • sda1 – swap space
  • sda2 – this is the root partition /
  • sda3 – this is my home partition /home
  • sda4 – this is the home directory of the root user /root

5. Step

mkdir /mnt/disk – creates a directory
mount /dev/sda2 /mnt/disk – provides access to the filesystem and the files on the system which I want to scan
mount /dev/sda4 /mnt/disk/root – this location will be also scanned, so it is important to grant access to it

6. Step

Do the Scan with the following command:

chkrootkit -r /mnt/disk/

Normally the output should say things like “nothing found” or “not infected”.


Conclusion

If there is a detected Rootkit do another scan with Rkhunter. It could still be a false positive.
Rkhunter needs to be installed and updated.
If there is a Rootkit installed you should reinstall the Operating System.

ZFS and ZPool – Migrate a Stripe Set to a Mirror (RAID 0 to RAID 1)

Microchip

Basic Information

ZFS is a modern file system with a lot of cool features, like encryption, handling very big volumes, providing data integrity (bit rot prevention) and high performance. Originally ZFS was developed by Sun Microsystems.



Host your website in Germany at All-inkl.com
ALL-INKL.COM - Webhosting Server Hosting Domain Provider



The Problem

Recently I had the problem to migrate a ZFS RAID 0 (Stripe Set) consisting in two disks to a ZFS RAID 1 (Mirror). The aim was to avoid data loss and downtime of my system. I was searching in the internet but no solution was found by me.

Before I tried to fix the problem on the production system, I created a lab environment with two USB sticks and tested the procedure. The following steps were done with two USB Sticks on a Ubuntu PC.

The USB sticks are show on my Ubuntu PC as the devices /dev/sdb and /dev/sdc.


Step 1 – Creating the ZFS ZPool

First I created a single disk ZPool with the following command:

zpool create tank /dev/sdc 

The name of the ZPool is “tank” and the first USB stick I added was the one which appeared as /dev/sdc.


Step 2 – Creating the ZFS Stripe Set

Then I added a second disk to the ZPool. The following command created a Stipe Set consisting in /dev/sdc and /dev/sdb:

zpool add tank /dev/sdb

Now I had the same situation on my Ubuntu PC like on my production system: Just a Strip Set.


Step 3 – Removing a Disk from the ZFS Strip Set

Now the interesting part started. Removing the device /dev/sdb from the Strip Set.

zpool remove tank /dev/sdb

The procedure took some time to complete. I just executed “zpool status” and observed the progress.

If there is enough space left on the remaining disk to keep all original data it should be just fine and the procedure should work.


Step 4 – Creating the ZFS Mirror

The goal was near – just added a disk to the single disk ZPool. With the “attach” option a mirror (RAID 1) is created out of the devices “/dev/sdb” and /dev/sdc”:

zpool attach -f tank  /dev/sdb /dev/sdc

Conclusion

Please keep in mind that this procedure works only if the Strip Set is not too full. The remaining disk in the Strip Set (Step 3) needs to have enough capacity to keep the original Strip Set data alone.

That’s it – have fun!

9 Steps for Securing a Linux Server

Sometimes it is necessary to highly secure a Linux Server which keeps sensitive data. I want to provide a list of best practice tips, which are a good starting point if you want to keep your data and Server secure.

The steps below, applied to a server which is in a secured LAN Network, will increase the systems and data security once more for the Server.


1. Operating System

CentOS Linux is a good point to start, because CentOS Linux uses a security layer which is called Security-Enhanced Linux (SELinux). This layer is very restrictive and a lot of operations, for example in the Files system, are denied by default. CentOS is maintained by Redhat and the newest variant is “CentOS Stream” which is a rolling release.

The following steps assume that CentOS is used.


2. Encryption

LUKS storage encryption of the Server is another good approach. LUKS Version 2 is the current today. I the case the Server is accessible physically by an unauthorized person, the data would be easily accessible. But if LUKS is used then the data is only accessible with the LUKS passphrase. The LUKS passphrase need to be provided when the LUKS encrypted volume is mounted.

Alternatively the ZFS and ZFS encryption could be used for storage encryption. ZFS RAIDz (RAID 5) and ZFS Mirror (RAID 1) also provide data corruption prevention and keeps the data integrity. As well it prevents data loss if a single disk fails.


3. Isolate the Server with a Firewall Appliance

Put the server behind a Firewall Appliance and isolate it from an already secured LAN Network. The Firewall Appliance could set up with OpnSense which provides a good traffic analysis feature. Only publish the SSH port to the rest of the LAN Network. Later on only tunnel all other protocols through an encrypted SSH tunnel and the SSH Port.

Firewall Rules should be applied which allow only connections from the LAN or other necessary network sources.


4. Google Authenticator or other 2FA for SSH

Nowadays 2 Factor Authentication is best practice and a sufficient good provider is Google with the “Google Authenticator“. The one who wants to connect to the server has to install the “Google Authenticator” app from Google on the mobile phone. The app is synced with the Server and provides a time based key.

After applying 2FA, Username, Password and the time based key are then necessary to connect to the SSH Port.


5. Updates and strong Passwords

Always install CentOS Updates if there are any available. It’s a must and it’s a trivial knowledge. Use super strong passwords – this is also well known in professional circles. Strong passwords can be mandatory by applying a password policy. Cracklib can be used to force strong passwords to users.

yum install cracklib 

Install “Cracklib” on CentOS and set complex and strong passwords which could mean: 16 positions, digits, numbers, symbols.


6. Harden SSH Daemon

Set SSH Daemon configuration restrictive. Directives like “PermitEmptyPasswords” (set to “no”), “AllowUsers”, “PermitRootLogin” (set to “no”),… should be evaluated and adjusted.

Also Google Authenticator, used for 2FA, needs an adjustment in the SSH Daemon Configuration file.


7. Harden Host Firewall

CentOS brings it’s own firewall package with it which is called “firewalld“. This command can be used to get a first impressions:

sudo firewall-cmd --list-all

Firewall Rules could be applied which allow only connections from the LAN or only allow specific IP addresses to connect to the server.


8. Brute Force Prevention

Password guessing is a problem for IT systems in general but it can be easily prevented on Linux and for the SSH Daemon. Just install and configure the Linux package called “fail2ban“. It can be configured to block automatically a single source IP address for a specific time period if there came too many login attempts from it.


9. Tunnel Services through SSH

Since SSH is now 2FA and fail2ban secured and hardened, we can use it to connect to other services like “https” on the server.

Simply use a command similar to this:

ssh MyUser@192.168.0.1 -L 9000:localhost:443

The Servers https port will be accessible on my Notebook with a browser on:
https://localhost:9000

Final thoughts

Sysadmins swear on SSH Public Key Authentication implemented with a strong passphrase. This is also good to implement and can be integrated in the concept.

The steps above, applied to a server which is isolated from an already secured LAN Network, will increase the systems and data security for the specific server.

Feel free to comment this Article.

Not enough free Disk Space on /boot

notebook cd roms and floppy disks

Recently I tried to install updates with “apt-get upgrade” on a Ubuntu Desktop 20.04 LTS. The installation of the updates failed because of to less free space on the boot partition.

I got the following error message:

Not enough free disk space

The upgrade has aborted. The upgrade needs a total of 25.7 M free space on disk '/boot'. Please free at least an additional 25.7 M of disk space on '/boot'. Empty your trash and remove temporary packages of former installations using 'sudo apt-get clean'.

The aim for me was just to free up some space on /boot so that I could install the newest kernel version.

So I just executed this command in the Linux terminal:

root@ubuntubox:/# dpkg -l |grep linux-image |grep -v extra

A lot of obsolete kernel versions where shown.

The next step for me was to remove one or more obsolete kernels:

root@ubuntubox:/boot# apt-get remove linux-image-4.15.0-169-generic
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  account-plugin-facebook 
Use 'apt autoremove' to remove them.
The following additional packages will be installed:
  linux-image-unsigned-4.15.0-169-generic
Suggested packages:
  fdutils linux-doc-4.15.0 | linux-source-4.15.0 linux-tools
The following packages will be REMOVED:
  linux-image-4.15.0-169-generic linux-modules-extra-4.15.0-169-generic
The following NEW packages will be installed:
  linux-image-unsigned-4.15.0-169-generic
0 upgraded, 1 newly installed, 2 to remove and 4 not upgraded.
Need to get 8.119 kB of archives.
After this operation, 181 MB disk space will be freed.
Do you want to continue? [Y/n] Y

I did this for several OLD kernels then there was enough free space on /boot again.

Host your website at All-inkl.com ALL-INKL.COM - Webhosting Server Hosting Domain Provider

Women makes 500$ with infolinks.com

consulting picture

WordPress Cookie Notice by Real Cookie Banner