How to format and mount second hard drive on Linux

If you have two hard drives you can mount second hard drive to be used for (cPanel/WHM) backups or for hosting more sites. The hard drives must not be in any kind of Raid setup. Process of partitioning, formatting and mounting is quite simple.

First check what disk drives do you have. Usually disk drives on Linux are named /dev/sda (first HDD), /dev/sdb (second HDD) or something similar.
You can get a list of disk drives in system using this command

fdisk -l | grep '^Disk'

The output should be something like this:

Disk /dev/sdb: 500.1 GB, 500107862016 bytes
Disk /dev/sda: 500.1 GB, 500107862016 bytes

So those are two 500 GB hard drives…

If you execute command like the one below you’ll get more detailed preview of your hard discs and their partitions:

fdisk -l

Output should looks like this:

Disk /dev/sdb: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x1c7e861c

Disk /dev/sdb doesn't contain a valid partition table

Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00080071

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          14      104448   83  Linux
/dev/sda2              14         144     1048576   82  Linux swap / Solaris
/dev/sda3             144       60802   487232512   83  Linux

You should notice that second hard disk (/dev/sdb) has no partition and that probably means that it’s un-partitioned yet.

So let’s make the partition on /dev/sdb by executing

fdisk /dev/sdb

and then use following in the prompt
– “n” for new partion
– “p” for primary partition
– “1” for the first partition
– “Enter” / “Enter” for the first AND last cylinders (automatically use the entire disk)
– “w” to save what I have done

That has created and saved new partition and it will be called /dev/sdb1 (first partition on /dev/sdb). Next step is to format it.

mkfs.ext3 /dev/sdb1

On newer distributions (CentOS 6.3 for eg) use this command to format a new partition.

mkfs -t ext3 /dev/sdb1

If you want to use this hard disk for backup make /backup folder or if you want to use it to store more sites make new home folder called /home2

mkdir /backup
mkdir /home2

Now just mount the backup partition or the new home partition

mount /dev/sdb1 /backup
mount /dev/sdb1 /home2

Now you can use the additional hard drive for cPanel/WHM backups or storing new sites. cPanel should automatically detect /home2 and should ask you whether you like to setup new account on /home or at /home2.

If you want the partition to auto mount on server (re)boot edit fstab file located at /etc/fstab and add one of following lines at the bottom of it depending if you for /backup folder or the line below for /home2 folder:

/dev/sdb1   /backup   ext3   defaults   0   0
/dev/sdb1   /home2    ext3   defaults   0   0

Note: After adding one of these lines press add one more empty line below since fstab requires the new line symbol at the end of every config line. Before you issue the following command, be aware that this re-mounts ALL Filesystems, and will more than likely disconnect most other users

To make sure this mounts automatically, issue the following command:

mount -a

If you got no errors – your mount worked, try df -h once more to see if everything is fine.

Sysctl.conf hardening

The purpose of syctl hardening is to help prevent spoofing and dos attacks. This short guide will show what I have found to be a good configuration for the sysctl.conf configuration file. The most important of the variables listed below is the enabling of syn cookie protection. Only place the bottom two if you do not want your server to respond to ICMP echo, commonly referred to as ICMP ping or just ping requests.

Open /etc/sysctl.conf for editing in your favorite text editor:

pico -w /etc/sysctl.conf

And simply copy/paste this into the file replacing any existing values:

#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

After you make the changes to the file you need to run

/sbin/sysctl -p 

and

sysctl -w net.ipv4.route.flush=1

to enable the changes without a reboot.

Notes
– Make sure that eth0 is your primary interface. If it is not replace eth0 with eth1 in the code below.
– Make sure you have backup of your original syctl.conf file before making any changes
– These settings might be old (outdated) or wrong for your system setup. Use them at your own risk!

Continue Reading

Tags: sysctl conf, accept_source_route, net ipv4 conf all rp_filter, sysctl hardening, net ipv4 conf default rp_filter, Sysctl confhardening|GeekTipsnTricks, sysctl conf hardening

How to change proftp FTP password from SSH shell

Today I have got a request from a client that has a server with no control panel on it to change one ftp password. Server is using proftpd as it’s ftp server. This is really easy task to do if proftp is setup by default and uses /etc/passwd for storing it’s passwords.

If you know username all you need to do is type in

passwd USERNAME

(replace USERNAME with actual username), enter new password two times and you’re done.

If you however don’t know the username (and that can happen too) you can open /etc/passwd file and try and locate it in there.

Tags: proftpd change password, proftpd change user password, change proftpd password, proftpd password change, change ftp password proftpd, change password proftpd, proftpd default password

How to fix Midnight Commander line drawing in PuTTY

Midnight Commander is an awesome little file management tool. Learn how to install Midnight Commander. Folks that remember Norton Commander from MS DOS times know what I’m talking about.

Often problem with using Midnight Commander in PuTTY is that often it’s lines are messed up and look like this:

Midnight Commander in PuTTY with lines now rendered correctly.

This happens when because of charsets mismatch that uses PuTTY uses and MC. To fix this you’ll need to fix the charset in PuTTY. This guide however works only on sessions saved in PuTTY!

Here’s how to do it:

Continue Reading

Tags: putty line drawing problems

How to install Midnight Commander?

Whats Midnight Commander?

Midnight Commander is Shell application (visual file manager) for SSH like Norton Commander, that older geeks may remember from the time of DOS, or like Total Commander, the most advanced Shell application today.

 

Why do I need Midnight Commander?

Midnight Commander will help you move more easily trough server files/folders, edit config files, copy/move/delete files/folders/whole directory trees, pack and unpack archives, search for files, run commands in shell… You can also use MC to connect to other server’s FTP and copy files from/to other servers. (can be useful when migrating from one server to another)

 

How to install Midnight Commander?

The easiest way is using yum or apt-get package menages: all you need to do is execute one command and it will install Midnight Commander and all it’s dependencies

Continue Reading

Tags: yum install mc, install midnight commander, install mc, how to install midnight commander, midnight commander install, midnight commander linux, midnight commander fedora, yum install midnight commander, linux install mc, yum midnight commander, wget mc, wget midnight commander, how to install mc, midnight commander linux install, midnight commander, install midnight commander linux, linux mc install, midnight commander installieren, mc install, fedora install mc, linux midnight commander, install mc linux, how to install midnight commander linux, install mc on linux, fedora midnight commander, linux install midnight commander, midnight commander wget, fedora mc install, yum mc, midnight-commander update, linux midnight commander install, fedora isntall mc, fedora install midnight commander, redhat install mc, midnight commander installieren linux