This extension implements PHP bindings for Subversion (SVN), a version control system, allowing PHP scripts to communicate with SVN repositories and working copies without direct command line calls to the svn executable. In this tutorial, I will show you How to install Subversion (SVN) extension working with PHP 5.3.

The first, download & extract latest version of SVN extension, login as root and type the following command

# wget http://pecl.php.net/get/svn-1.0.2.tgz
# tar zxvf svn-1.0.2.tgz
# cd svn-1.0.2

The second, execute phpize command will generate additional configuration files

# /webserver/php/bin/phpize

Sample output

Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626

The next, type the following command to compile the svn extension source

# ./configure
# make & make install

If you get an errors like

configure: error: Cannot find php-config. Please use --with-php-config=PATH

To fix it, enter

# ./configure --with-php-config=<path to php-config file>

Or, if you get an error like

checking for svn includes... configure: error: failed to find svn_client.h

To fix it, enter

# yum install subversion subversion-devel neon-devel -y

Sample output

Dependency Installed:
  apr.x86_64 0:1.3.9-5.el6_2
  apr-devel.x86_64 0:1.3.9-5.el6_2
  apr-util.x86_64 0:1.3.9-3.el6_0.1
  apr-util-devel.x86_64 0:1.3.9-3.el6_0.1
  cyrus-sasl-devel.x86_64 0:2.1.23-13.el6_3.1
  db4-cxx.x86_64 0:4.7.25-17.el6
  db4-devel.x86_64 0:4.7.25-17.el6
  gnutls-devel.x86_64 0:2.8.5-10.el6_4.1
  libproxy.x86_64 0:0.3.0-4.el6_3
  libproxy-bin.x86_64 0:0.3.0-4.el6_3
  libproxy-python.x86_64 0:0.3.0-4.el6_3
  neon.x86_64 0:0.29.3-2.el6
  openldap-devel.x86_64 0:2.4.23-32.el6_4
  pakchois.x86_64 0:0.4-3.2.el6
  perl-URI.noarch 0:1.40-2.el6

Dependency Updated:
  gnutls.x86_64 0:2.8.5-10.el6_4.1       openldap.x86_64 0:2.4.23-32.el6_4

Finally, type the following command to enable SVN extension

# echo "extension=svn.so" >> /etc/php.ini

To check SVN extension is loaded, type the following command

# php -i | grep -i svn

Sample output

svn support => enabled
svn client version => 1.6.11
svn extension version => 1.0.2

The post How To Install Subversion (SVN) Extension Working With PHP 5.3 appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

I have setup an web server using Apache on CentOS. How do I configure firewall using iptables to allow or block access to the web server under CentOS ? In Tutorial I will show you How do I do it.

What is iptables ?

iptables is a user space application program that allows a system administrator to configure the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables for Ethernet frames.

Setting up iptables

In most Linux distros including Redhat / CentOS Linux installs iptables by default. You can use the following procedure to verify that iptables has been installed. Open terminal and type the following command:

# iptables -V

Sample outputs:

iptables v1.4.7

You can use the following command to view the status of iptables command, enter:

# yum info iptables

Sample outputs:

Installed Packages
Name        : iptables
Arch        : x86_64
Version     : 1.4.7
Release     : 5.1.el6_2
Size        : 833 k
Repo        : installed
From repo   : anaconda-CentOS-201207061011.x86_64
Summary     : Tools for managing Linux kernel packet filtering capabilities
URL         : http://www.netfilter.org/
License     : GPLv2
Description : The iptables utility controls the network packet filtering code in
            : the Linux kernel. If you need to set up firewalls and/or IP
            : masquerading, you should install this package.
...

If the above message does not appear, then type the following command to install iptables

# yum install iptables -y

Configuration iptables for a web server

The default iptables configuration on CentOS does not allow access to the HTTP (TCP PORT # 80) and HTTPS (TCP PORT # 443) ports used by the Apache web server. You can do step by step to configure
Step 1: Flush or remove all iptables rules

# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X

Step 2: Set default rules

# iptables -P INPUT DROP
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT

Step 3: Allow access to HTTP (80) and HTTPS (443)

# iptables -A INPUT -i lo -j ACCEPT 
# iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT 
# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
# iptables -A INPUT -p icmp -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
# iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Turn on and save iptables

Type the following two commands to turn on firewall:

# chkconfig iptables on
# service iptables save

Anti synflood with iptables

Edit /etc/sysctl.conf to defend against certain types of attacks and append / update as follows:

net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.netfilter.ip_conntrack_max = 1048576

And type the following command

# iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 --syn -m recent --set --name CHECK --rsource 
# iptables -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 --syn -m recent --update --seconds 5 --hitcount 15 --rttl --name CHECK --rsource -j DROP 

The post How To Setup Iptables Firewall For A Web Server On CentOS appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Today, I got following MySQL error in a PHP application: Host ‘host_name’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’. It means that mysqld has received many connection requests from the given host. Default max_connect_errors value is 10, that is remote host will be blocked if there is more than 10 connection errors.

To fix, type the following command

# mysqladmin flush-hosts

To avoid this happening again, edit my.cnf

# vi /etc/my.cnf

Add the following line

max_connect_errors=10000

The value of the max_connect_errors system variable determines how many successive interrupted connection requests are permitted. Restart MySQL to reload configuration file

# service mysqld restart

Or, the value ‘max_connect_errors’ can also be set at runtime, type the following commands

# mysql -uroot -p
# mysql> SET GLOBAL max_connect_errors=10000;

The post How Do I Fix “Host is blocked because of many connection error” In MySQL appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

The virsh command is an alternative command to manage a Red Hat Enterprise Linux 5 KVM environment using a Command Line Interface(CLI). The virsh command is provided as part of the libvirt API which provides a common API to applications requiring standardized access to interact with KVM using a stable interface.

The following are basic and commonly used virsh commands:

help	 print help
list	 list domains
create	 create a domain from an XML file
start	 start a previously created inactive domain
destroy	 destroy a domain
define	 define (but do not start) a domain from an XML file
domid	 convert a domain name or UUID to domain id
domuuid	 convert a domain name or id to domain UUID
dominfo	 domain information
domname	 convert a domain id or UUID to domain name
domstate domain state
quit	 quit this interactive terminal
reboot	 reboot a domain
restore	 restore a domain from a saved state in a file
resume	 resume a domain
save	 save a domain state to a file
shutdown gracefully shutdown a domain
suspend	 suspend a domain
undefine undefine an inactive domain

List running guest VMs

Type the following command:

# virsh list

Sample outputs:

Id  Name                 State
----------------------------------
1   VM01                 running
2   VM02	         running

Staring a guest VM

Type the following command:

# virsh start VM01

Shutddowwn a guest VM

Type the following command:

# virsh shutdown VM01

Or, you can forcefully stop a guest VM with following command:

# virsh destroy VM01

Rebooting a guest VM

Type the following command:

# virsh reboot VM01

The post How To Start / Shutdown / Reboot Guest Operating Systems With virsh Command On KVM appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Protect the server from Flood attacks , Using the property Port Flood Protection In firewall CSF . After doing the necessary settings will be able to determine the number of allowed connections Same time for each IP tries to connect to the server.

So How to Make a flood attack ?
Logically flood attacks are two ways :
first through a specific communication
the second through multiple connections each connection of these connections connect with the provider
Requirements

1. Installing firewall CSF last version
2. Enabled IPT and works well
3. Model IPT_Recent special for IPT

Application

Through edited the configuration file special for CSF it is located in the following path:

root@server:$ nano /etc/csf/csf.conf

We pressing CTRL + W and look for PORTFLOOD we will find the line as follows default :

PORTFLOOD = " "

put inside ” ” Settings that we want ,as in the following example:

PORTFLOOD = "80;tcp;20;10"

80 is the port , TCP is the protocol , 20 is the number of connections allowed at the same time , 10 is time of pause temporarily after the 10 seconds is allowed IP make new contacts

Important note: ipt_recent can count 20 Packets for each Title , So you can change the number of connections from 1 to 20 only

Is there a possibility of adding more than one port ?yes be as follows (Just an example) :

PORTFLOOD = "22;tcp;10;200,21;tcp;15;100,80;tcp;20;5"

Note that when we add a new port we put a comma (,)

In the previous example you choose more than one port are 22, 21 and 80 And you can add more and you can change the number of connections and also change the protocol type, for example, from TCP to UDP after the completion of the edited we save the file : CTRL + X, Y, and then Enter button.

Finally, do not forget to restart CSF with the following command:

root@server:$ csf -r

Thank You ,,

The post Repel port flood by CSF and IPT_Recent appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

There are a lot of people do not know what these variables and how they can be used , this Variables exist in php.ini file , the php.ini file is contains settings PHP on server , and for each variable in the php.ini file have a special role and can be disabled and activated with ON and Off

Disable = Off

Activate = On

So now I will explain to you the benefit of each function and put you a choice in the activation and disable

expose_php

Is a a property from which to see PHP version on the server so disabling means not making available to the hacker to know the version of PHP

allow_url_fopen

When you disable this function no one will be able to contain another link in a specific page , but some scripts like AM4SS – Vbulletin need this function for the arrival of notifications within the Admin Control Panel

register_globals

When you Desable this function become possible to control the content of php files difficult and does not allow the Edited only by the owner
So now we come to the disabled and activation of these properties

Enter in the shell and modify the php.ini file with the following command

nano /usr/local/lib/php.ini

By pressing Ctrl + W will open new box writes what you want to search for inside file

Looking for the variable you want edited for example

allow_url_fopen

You’ll find as follows :

allow_url_fopen = On

Mark value after the mark (=) On for activate Off  for disabled , Apply it with the rest of the properties , After completion of the amendment to click on the keys CTRL + X + Y then Enter button

You will see a new command line in the main interface in shell
Observation : you must restart Apache after any amendment to this file for edited is defined in the php and Apache
To restart apache :

service httpd restart

Or you can restart apache using server Control Panel WHM In a private box to restart services From there you can restart any service you want to.

The post What is the role of this variables in php.ini file (expose_php – allow_url_fopen – register_globals) ? appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

I run CentOS on my server, and I often find that my server is being attacked by other computers. Brute force SSH attacks, port scanning, viruses scanning for the ability to spread, things like that. In this article, I’ll show you how to block an IP address on Linux server using IPTables.

The First, I’ll assume you are already using iptables. If you need help setting that up, read this article.

How do I block an IP address ?

Example I want to block incoming request from IP 1.2.3.4, login as root and type the following command

# iptables -I INPUT -s 1.2.3.4 -j DROP

Where,
– I: Inserts the chain at the top of the rules.
– s: Match source IP address.
– j: Jump to the specified target chain when the packet matches the current rule.

To drop packets coming in on interface eth0 from 1.2.3.4, type the following command

# iptables -I INPUT -i eth0 -s 1.2.3.4 -j DROP

How do I block a subnet ?

Use the following syntax to block 10.0.0.0/8

# iptables -I INPUT -s 10.0.0.0/8 -j DROP

How do I save blocked IP address ?

To save blocked IP address to iptables config file, type the following command

# service iptables save

Or

# /etc/init.d/iptables save

How Do I Unblock An IP Address?

First, you need to display blocked IP address along with line number and other information, type the following command

# iptables -L INPUT -n --line-numbers
# iptables -L INPUT -n --line-numbers | grep 1.2.3.4

Sample outputs:

Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    DROP       all  --  1.2.3.4              0.0.0.0/0
2    LOCALINPUT  all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     udp  --  203.162.4.1          0.0.0.0/0           udp spts:1024:65535 dpt:53

To unblock 1.2.3.4 you must delete line number 1, enter:

# iptables -D INPUT 1

The post How Do I Block An IP Address On Linux Server ? appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

If you use Memcached server to store application data, you may want to invalidate it once you deploy a new version to avoid corruption or weird results… In this article, I’ll show you How do I flush the entire contents of a Memcached server ?

Using telnet command

I often use telnet to flush the entire contents of Memcached server, type the following command

# telnet localhost 11211

Output

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
flush_all
OK
quit
Connection to localhost closed by foreign host.

Where
– localhost: Memcached server instance
– 11211: Memcached server port

Using netcat command

# echo "flush_all" | nc localhost 11211

By default, nc (or netcat) creates a TCP socket either in listening mode (server socket) or a socket that is used in order to connect to a server (client mode). Actually, netcat does not care whether the socket is meant to be a server or a client. All it does is to take the data from stdin and transfer it to the other end across the network.

Restart Memcached Server

Login as root and type the following command

# /etc/init.d/memcached restart

Restarting your application is not ideal however, you will lose anything cached in memory, cause delays to users trying to access your site, that sort of thing.

Using PHP script

Create php file with the following content

# vi flush_memcached.php
$memcache = new Memcache;
$memcache->connect('localhost', 11211);
$memcache->flush();

To execute this script, type the following command

# php flush_memcached.php

The post How To Flush The Entire Contents Of Memcache Server appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

LAMP is essentially a server that runs Linux, Apache, MySQL and Php/Perl and is more commonly known as a LAMP server. This guide provides step-by-step instructions for installing a full-featured LAMP server on a CentOS 6 .0

1. Update system

Before proceeding to install, update the system with the following command

# yum update

2. Install and Configure the Apache Web Server

The Apache web server is the most popular server online, used on more than 70% of all servers connected to the World Wide Web. And there are good reasons for it: it’s free, it’s very stable, it delivers a great performance, it’s very customizable. To install the current version of the Apache web server use the following command

# yum install httpd

If you want to run Apache by default when the system boots, type the following command

# chkconfig httpd --level 2345 on

To start Apache for the first time, type the following command

# /etc/init.d/httpd start

3. Apache Web Server Security and Optimization

1. Disable any unnecessary apache modules, type the following command

# vi /etc/httpd/conf/httpd.conf

My example configuration is here

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule env_module modules/mod_env.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so

2. Optimize Timeout & KeepAlive
You need to control Timeouts & KeepAlive to improve server performance. Type the following command

# vi /etc/httpd/conf/httpd.conf

Find & Edit it as follows

Timeout 10
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 5

3. Optimize MPM (Multi-Processing Module)
Apache’s default installation of MPM Prefork. To optimize MPM Prefork, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<IfModule prefork.c>

Edit it as follows

<IfModule prefork.c>
    StartServers          5
    MinSpareServers      10
    MaxSpareServers      15
    ServerLimit         450
    MaxClients          450
    MaxRequestsPerChild   0
</IfModule>

Which,

# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare
# ServerLimit: maximum value for MaxClients for the lifetime of the server
# MaxClients: maximum number of server processes allowed to start
# MaxRequestsPerChild: maximum number of requests a server process serves

4. Enable Mod_rewite
To enable mod_rewirte, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<Directory "/var/www/html">

Edit it as follows

<Directory "/var/www/html">
    AllowOverride All
    Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
<Limit GET POST OPTIONS PROPFIND>
    Order allow,deny
    Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
    Order deny,allow
    Deny from all
</LimitExcept>
</Directory>

5. Enable File Caching
Enabling file caching can greatly improve your site’s performance and speed. If you want to enable file caching, type the following command

# vi /etc/httpd/conf/httpd.conf

Find

<Directory "/var/www/html">

Edit it as follows

<Directory "/var/www/html">
    AllowOverride All
    Options -MultiViews -Indexes FollowSymlinks IncludesNoExec +Includes
<Limit GET POST OPTIONS PROPFIND>
    Order allow,deny
    Allow from all
</Limit>
<LimitExcept GET POST OPTIONS PROPFIND>
    Order deny,allow
    Deny from all
</LimitExcept>
<FilesMatch "\.(flv|swf|ico|gif|jpg|jpeg|png|html|css)$">  
	Header set Cache-Control "max-age=604800, public"  
</FilesMatch>
</Directory>

4. Install and Configure MySQL Database Server

MySQL Server is one of the most popular database servers in the world, especially for use with dynamic, content rich websites. To install MySQL database server use the following command

# yum install mysql mysql-server

After installing MySQL, I highly recommend to run mysql_secure_installation, a program that helps secure MySQL. Important points to note are:
1. Be sure that the root account has a secure password set.
2. Do not create an anonymous account, and if it exists, say “yes” to remove it.
3. If your web server and MySQL server are on the same machine, you should disable the network access.

If you want to run MySQL by default when the system boots, type the following command

# chkconfig mysqld--level 2345 on

To start MySQL for the first time, type the following command

# /etc/init.d/mysqld start

5. Installing and Configuring PHP

PHP is a general-purpose scripting language originally designed for web development to produce dynamic web pages. Many popular web applications like WordPress, Joomla, Drupal, OScommerce, Magento are written in PHP. To install PHP on CentOS use the following command

# yum install php53 php53-mysql

To create secure PHP configuration settings, type the following command

# vi /etc/php.ini

Find & Edit it as follows

allow_url_fopen = Off 
display_errors = Off 
display_startup_errors = Off 
log_errors = On 
error_reporting = E_ALL 
expose_php = Off 
magic_quotes_gpc = On 
magic_quotes_sybase = Off 
register_globals = Off
max_execution_time = 60
memory_limit = 64M

To prevent run PHP scripts with a different file extension, type the following command

# vi /etc/httpd/conf.d/php.conf

Find

AddHandler php5-script .php
AddType text/html .php

Replace it as follows

<FilesMatch \.php$>
	AddHandler php5-script .php
	AddType text/html .php
</FilesMatch>

Restart Apache to reload new configurations. Type the following command

# /etc/init.d/httpd restart

The post How To Setup A LAMP Server On Centos 6.0 appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

shutdown command brings the system down in a secure way. All logged-in users are notified that the system is going down, and login is blocked. It is possible to shut the system down immediately or after a specified delay. All processes are first notified that the system is going down by the signal SIGTERM. This gives programs like vi the time to save the file being edited, mail and news processing programs a chance to exit cleanly, etc. shutdown does its job by signalling the init process, asking it to change the runlevel. Runlevel 0 is used to halt the system, runlevel 6 is used to reboot the system, and runlevel 1 is used to put to system into a state where administrative tasks can be performed; this is the default if neither the -h or -r flag is given to shutdown. To see which actions are taken on halt or reboot see the appropriate entries for these runlevels in the file /etc/inittab.(http://linux.about.com/od/commands/l/blcmdl8_shutdow.htm)

Shutdown the machine immediately

Type the following command as root

# shutdown -h now

Shutdown the machine with user defined message

# shutdown -h now 'Server is going down for replace old hardware'

Scheduling the shutdown

Example, schedule shutdown for 3 AM.

# shutdown -h 03:00

Schedule shutdown the system in 5 minutes

# shutdown -h +5

Reboot the machine immediately

# shutdowm -r now

Cancel a running shutdown

# shutdown -c

The post Linux Shutdown Command appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.