If you have two hard drives you can mount second hard drive to be used for (cPanel/WHM) backups or for hosting more sites. The hard drives must not be in any kind of Raid setup. Process of partitioning, formatting and mounting is quite simple.
First check what disk drives do you have. Usually disk drives on Linux are named /dev/sda (first HDD), /dev/sdb (second HDD) or something similar.
You can get a list of disk drives in system using this command
fdisk -l | grep '^Disk'
The output should be something like this:
Disk /dev/sdb: 500.1 GB, 500107862016 bytes
Disk /dev/sda: 500.1 GB, 500107862016 bytes
So those are two 500 GB hard drives…
If you execute command like the one below you’ll get more detailed preview of your hard discs and their partitions:
fdisk -l
Output should looks like this:
Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x1c7e861c
Disk /dev/sdb doesn't contain a valid partition table
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00080071
Device Boot Start End Blocks Id System
/dev/sda1 * 1 14 104448 83 Linux
/dev/sda2 14 144 1048576 82 Linux swap / Solaris
/dev/sda3 144 60802 487232512 83 Linux
You should notice that second hard disk (/dev/sdb) has no partition and that probably means that it’s un-partitioned yet.
So let’s make the partition on /dev/sdb by executing
fdisk /dev/sdb
and then use following in the prompt
– “n” for new partion
– “p” for primary partition
– “1” for the first partition
– “Enter” / “Enter” for the first AND last cylinders (automatically use the entire disk)
– “w” to save what I have done
That has created and saved new partition and it will be called /dev/sdb1 (first partition on /dev/sdb). Next step is to format it.
mkfs.ext3 /dev/sdb1
On newer distributions (CentOS 6.3 for eg) use this command to format a new partition.
mkfs -t ext3 /dev/sdb1
If you want to use this hard disk for backup make /backup folder or if you want to use it to store more sites make new home folder called /home2
mkdir /backup
mkdir /home2
Now just mount the backup partition or the new home partition
mount /dev/sdb1 /backup
mount /dev/sdb1 /home2
Now you can use the additional hard drive for cPanel/WHM backups or storing new sites. cPanel should automatically detect /home2 and should ask you whether you like to setup new account on /home or at /home2.
If you want the partition to auto mount on server (re)boot edit fstab file located at /etc/fstab and add one of following lines at the bottom of it depending if you for /backup folder or the line below for /home2 folder:
/dev/sdb1 /backup ext3 defaults 0 0
/dev/sdb1 /home2 ext3 defaults 0 0
Note: After adding one of these lines press add one more empty line below since fstab requires the new line symbol at the end of every config line. Before you issue the following command, be aware that this re-mounts ALL Filesystems, and will more than likely disconnect most other users
To make sure this mounts automatically, issue the following command:
mount -a
If you got no errors – your mount worked, try df -h once more to see if everything is fine.
The purpose of syctl hardening is to help prevent spoofing and dos attacks. This short guide will show what I have found to be a good configuration for the sysctl.conf configuration file. The most important of the variables listed below is the enabling of syn cookie protection. Only place the bottom two if you do not want your server to respond to ICMP echo, commonly referred to as ICMP ping or just ping requests.
Open /etc/sysctl.conf for editing in your favorite text editor:
pico -w /etc/sysctl.conf
And simply copy/paste this into the file replacing any existing values:
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
After you make the changes to the file you need to run
/sbin/sysctl -p
and
sysctl -w net.ipv4.route.flush=1
to enable the changes without a reboot.
Notes
– Make sure that eth0 is your primary interface. If it is not replace eth0 with eth1 in the code below.
– Make sure you have backup of your original syctl.conf file before making any changes
– These settings might be old (outdated) or wrong for your system setup. Use them at your own risk!
Continue Reading →
Tags: sysctl conf, accept_source_route, net ipv4 conf all rp_filter, sysctl hardening, net ipv4 conf default rp_filter, Sysctl confhardening|GeekTipsnTricks, sysctl conf hardening
Today I have got a request from a client that has a server with no control panel on it to change one ftp password. Server is using proftpd as it’s ftp server. This is really easy task to do if proftp is setup by default and uses /etc/passwd for storing it’s passwords.
If you know username all you need to do is type in
passwd USERNAME
(replace USERNAME with actual username), enter new password two times and you’re done.
If you however don’t know the username (and that can happen too) you can open /etc/passwd file and try and locate it in there.
Tags: proftpd change password, proftpd change user password, change proftpd password, proftpd password change, change ftp password proftpd, change password proftpd, proftpd default password, proftpd passwd внести изменения в запись, proftpd смена пароля пользователя
Midnight Commander is an awesome little file management tool. Learn how to install Midnight Commander. Folks that remember Norton Commander from MS DOS times know what I’m talking about.
Often problem with using Midnight Commander in PuTTY is that often it’s lines are messed up and look like this:
Midnight Commander in PuTTY with lines now rendered correctly.
This happens when because of charsets mismatch that uses PuTTY uses and MC. To fix this you’ll need to fix the charset in PuTTY. This guide however works only on sessions saved in PuTTY!
Here’s how to do it:
Continue Reading →
Whats Midnight Commander?
Midnight Commander is Shell application (visual file manager) for SSH like Norton Commander, that older geeks may remember from the time of DOS, or like Total Commander, the most advanced Shell application today.
Why do I need Midnight Commander?
Midnight Commander will help you move more easily trough server files/folders, edit config files, copy/move/delete files/folders/whole directory trees, pack and unpack archives, search for files, run commands in shell… You can also use MC to connect to other server’s FTP and copy files from/to other servers. (can be useful when migrating from one server to another)
How to install Midnight Commander?
The easiest way is using yum or apt-get package menages: all you need to do is execute one command and it will install Midnight Commander and all it’s dependencies
Continue Reading →
Tags: yum install mc, install midnight commander, install mc, how to install midnight commander, midnight commander install, midnight commander linux, midnight commander fedora, yum install midnight commander, linux install mc, yum midnight commander, wget mc, wget midnight commander, how to install mc, midnight commander linux install, midnight commander, install midnight commander linux, linux mc install, midnight commander installieren, mc install, fedora install mc, linux midnight commander, install mc linux, how to install midnight commander linux, install mc on linux, fedora midnight commander, linux install midnight commander, midnight commander wget, fedora mc install, yum mc, midnight-commander update, linux midnight commander install, fedora isntall mc, fedora install midnight commander, redhat install mc, midnight commander installieren linux
