Linux CentOs 7 - ( )

  

Comandos da instalação da versão texto do servidor Linux CentOs 7 

Debian e CentOs possuem comandos diferentes porém alguns são iguais eheheh... :))

* Página melhor visualizada no " navegador Chrome "



Download CentOs 7 Iso file

Download CentOs 7 CentOs : centos Download Iso : centOS-7-x86_64-DVD-1511.iso Tech Site - Tips : TecMint

Instalando CentOs

Virtual box - settings - Bridged Adapter - point to the iso CentOs 7 iso file… Install CentOS 7 - Right side of the screen click “on” - Minimal Installation The command ifconfig was not recognized. yum provides ifconfig yum -y install net-tools ifconfig | grep inet My ip is 192.168.2.168 ( dhcp ) Let’s update the system. yum -y update && yum -y upgrade From mac computer to the Virtual Box CentOs 7 server $ ssh -l root 192.168.2.168 -p22 The authenticity of host '192.168.2.168 (192.168.2.168)' can't be established. ECDSA key fingerprint is SHA256:NSGZ2c0ouPmyXm0m0+GDMHycLaeNI5FrJ2fui6OpChs. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.168' (ECDSA) to the list of known hosts. root@192.168.2.168's password: Last login: Thu Aug 25 09:05:54 2016 [root@localhost ~]# Let’s take a look at the ports. netstat -tlun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN udp 0 0 0.0.0.0:68 0.0.0.0:* udp 0 0 0.0.0.0:26754 0.0.0.0:* udp6 0 0 :::31983 :::* ifconfig enp0s3: flags=4163 mtu 1500 inet 192.168.2.168 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::a00:27ff:fe5c:c995 prefixlen 64 scopeid 0x20 ether 08:00:27:5c:c9:95 txqueuelen 1000 (Ethernet) RX packets 20408 bytes 26559569 (25.3 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12916 bytes 955640 (933.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 12 bytes 1152 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12 bytes 1152 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Let’s install basic text editor. yum -y install nano Add google dns in the file below. nano /etc/resolv.conf # add the line below nameserver 8.8.8.8 ctrl x y ( save - exit file ) Let’s just take a look at the interface file… cat /etc/sysconfig/network-scripts/ifcfg-enp0s3 TYPE="Ethernet" BOOTPROTO="dhcp" DEFROUTE="yes" PEERDNS="yes" PEERROUTES="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_PEERDNS="yes" IPV6_PEERROUTES="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="73b54726-0618-4ad5-a783-5f811b55262b" DEVICE="enp0s3" ONBOOT="yes" In case you need the 3 lines below :) Usually you don’t need them hahah ... who knows ... Setting up interface eth0 ifconfig eth0 up or ifconfig eth0 down Setting up ip ifconfig eth0 192.168.10.13 netmask 255.255.255.0 Setting router ip route add default gw 192.168.10.1 or route del default gw 192.168.10.1 Setting ip for my VBox CentOs server Setting up static IP address to: 192.168.2.200 Let’s change BOOTPROTO=“dhcp” to BOOTPROTO=“static” and add the 2 lines below. IPADDR=192.168.2.200 GATEWAY=192.168.2.1 nano /etc/sysconfig/network-scripts/ifcfg-enp0s3 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME="enp0s3" UUID="bb271bd4-6ccf-4979-aa00-ceec17ec0428" DEVICE="enp0s3” ONBOOT="yes" IPADDR=192.168.2.200 GATEWAY=192.168.2.1 PREFIX=24 PEERDNS=yes PEERROUTES=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes ctrl x y ( save - exit file ) systemctl restart network Let’s see if the ip address was changed. ifconfig enp0s3: flags=4163 mtu 1500 inet 192.168.2.200 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::a00:27ff:fea4:eee7 prefixlen 64 scopeid 0x20 ether 08:00:27:a4:ee:e7 txqueuelen 1000 (Ethernet) RX packets 108065 bytes 150154913 (143.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 64219 bytes 5237972 (4.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 8 bytes 688 (688.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 688 (688.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Now we need to login again with the ip .200 $ ssh -l root 192.168.2.200 -p22 The authenticity of host '192.168.2.200 (192.168.2.200)' can't be established. ECDSA key fingerprint is SHA256:NSGZ2c0ouPmyXm0m0+GDMHycLaeNI5FrJ2fui6OpChs. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.2.200' (ECDSA) to the list of known hosts. root@192.168.2.200's password: Last login: Thu Aug 25 09:16:08 2016 from 192.168.2.137 [root@localhost ~]# Let’s change interfaces from enp0s3 to eth0 At the end of the line after … quiet add net.ifnames=0 biosdevname=0 nano /etc/default/grub GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)" GRUB_DEFAULT=saved GRUB_DISABLE_SUBMENU=true GRUB_TERMINAL_OUTPUT="console" GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet net.ifnames=0 biosdevname=0" GRUB_DISABLE_RECOVERY="true" ctrl x y ( save - exit file ) grub2-mkconfig -o /boot/grub2/grub.cfg Generating grub configuration file ... Found linux image: /boot/vmlinuz-3.10.0-327.28.3.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.28.3.el7.x86_64.img Found linux image: /boot/vmlinuz-3.10.0-327.el7.x86_64 Found initrd image: /boot/initramfs-3.10.0-327.el7.x86_64.img Found linux image: /boot/vmlinuz-0-rescue-16abb0aa297e4aaf9b7c1c09a1a939a8 Found initrd image: /boot/initramfs-0-rescue-16abb0aa297e4aaf9b7c1c09a1a939a8.img Let’s make a copy of the original file in case something bad happens hehehe cp /etc/sysconfig/network-scripts/ifcfg-enp0s3 /etc/sysconfig/network-scripts/ifcfg-enp0s3-bkp Let’s copy the file ifcfg-enp0s3 to ifcfg-eth0 mv /etc/sysconfig/network-scripts/ifcfg-enp0s3 /etc/sysconfig/network-scripts/ifcfg-eth0 Now change from enp0s3 to eth0 nano /etc/sysconfig/network-scripts/ifcfg-eth0 TYPE="Ethernet" BOOTPROTO="static" DEFROUTE="yes" IPV4_FAILURE_FATAL="no" IPV6INIT="yes" IPV6_AUTOCONF="yes" IPV6_DEFROUTE="yes" IPV6_FAILURE_FATAL="no" NAME=eth0 UUID="bb271bd4-6ccf-4979-aa00-ceec17ec0428" DEVICE=eth0 ONBOOT="yes" IPADDR=192.168.2.200 PREFIX=24 GATEWAY=192.168.2.1 PEERDNS=yes PEERROUTES=yes IPV6_PEERDNS=yes IPV6_PEERROUTES=yes ctrl x y ( save - exit file ) Check if google dns i in the file below, if not, add it please. nameserver 8.8.8.8 nano /etc/resolv.conf # Generated by NetworkManager # No nameservers found; try putting DNS servers into your # ifcfg files in /etc/sysconfig/network-scripts like so: # # DNS1=xxx.xxx.xxx.xxx # DNS2=xxx.xxx.xxx.xxx # DOMAIN=lab.foo.com bar.foo.com nameserver 8.8.8.8 ctrl x y ( save - exit file ) shutdown -r now Success in changing the interface to eth0 ifconfig eth0: flags=4163 mtu 1500 inet 192.168.2.200 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::a00:27ff:fe5c:c995 prefixlen 64 scopeid 0x20 ether 08:00:27:5c:c9:95 txqueuelen 1000 (Ethernet) RX packets 285 bytes 32764 (31.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 101 bytes 14679 (14.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 20 bytes 1964 (1.9 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 20 bytes 1964 (1.9 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ip addr show eth0|grep inet|awk '{print $2}'|cut -d / -f1 192.168.2.200 fe80::a00:27ff:fea4:eee7

Changing ssh port - from 22 to 2223

If the Security Enhanced Linux module (SELinux) is running then update selinux with the new port number. Failure to update SELinux for the new port will result in a Permission denied showing in the SELinux log. To check that selinux is enabled run sestatus: sestatus SELinux status: enabled SELinuxfs mount: /sys/fs/selinux SELinux root directory: /etc/selinux Loaded policy name: targeted Current mode: enforcing Mode from config file: enforcing Policy MLS status: enabled Policy deny_unknown status: allowed Max kernel policy version: 28 Use semanage to add the new port number to SELinux, see the article RHEL 6: semanage SELinux Command Not Found on how to install the command if not present (e.g. if using the CentOS minimal install). For this article this command was used to check the package for semanage: yum provides /usr/sbin/semange And this command to install it: yum -y install policycoreutils-python The port numbers for SELinux can be displayed using a semanage command (pipe to less to page through the list): semanage port -l | grep ssh ssh_port_t tcp 22 In the list of ports will be found ssh_port tcp 22. Use semanage to add the new port number: semanage port -a -t ssh_port_t -p tcp 2223 If you need to remove the port 2223 semanage port -d -p tcp 2223 Checking if port was removed semanage port -l | grep ssh “If” you need to remove previous firewall rules systemctl stop firewalld systemctl mask firewalld iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Restarting CentOS As an alternative to restarting iptables and ssh restart the the CentOS server: shutdown -r now sudo semanage port -l | grep ^http_port_t http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 The command below just shows uncommented lines. sed '/^$\|^#/d' /etc/ssh/sshd_config HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key SyslogFacility AUTHPRIV AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication yes ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials no UsePAM yes X11Forwarding yes UsePrivilegeSeparation sandbox # Default for new installations. AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS Subsystem sftp /usr/libexec/openssh/sftp-server netstat -planta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 3016/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1725/master tcp 0 0 192.168.2.200:22 192.168.2.137:54232 ESTABLISHED 3021/sshd: root@pts tcp6 0 0 :::80 :::* LISTEN 2717/httpd tcp6 0 0 :::22 :::* LISTEN 3016/sshd tcp6 0 0 ::1:25 :::* LISTEN 1725/master Now let’s change ssh port from 22 to 2223 nano /etc/ssh/sshd_config Port 2223 ctrl x y ( save - exit file ) systemctl restart sshd.service netstat -planta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 2245/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1379/master tcp 0 0 192.168.10.200:22 192.168.10.105:51895 ESTABLISHED 2152/sshd: root@pts tcp6 0 0 :::2223 :::* LISTEN 2245/sshd tcp6 0 0 ::1:25 :::* LISTEN 1379/master Let’s quit ssh and login again with the new port number. exit Now let’s login with the new port 2223. ssh -l root 192.168.2.200 -p2223 root@192.168.2.200's password: Last login: Thu Aug 25 12:51:46 2016 firewall-cmd --state not running firewall-cmd --get-default-zone FirewallD is not running yum -y install epel-release yum -y install iptables-services yum install firewalld systemctl start iptables systemctl status firewalld systemctl unmask firewalld sudo systemctl restart firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2016-09-10 08:31:26 EDT; 3s ago Main PID: 2457 (firewalld) CGroup: /system.slice/firewalld.service └─2457 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Sep 10 08:31:26 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Sep 10 08:31:26 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. systemctl start iptables After that, run the commands below to allow the new port through the firewall. sudo firewall-cmd --permanent --zone=public --add-port=2223/tcp Reload the firewall configurations sudo firewall-cmd --reload Restart SSH by running the commands below. sudo systemctl restart sshd.service iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (2 references) target prot opt source destination FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (2 references) target prot opt source destination FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (2 references) target prot opt source destination IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2223 ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination systemctl disable firewalld Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service. systemctl stop firewalld systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Sep 10 07:43:50 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit fir...asked. Sep 10 08:06:25 localhost.localdomain systemd[1]: Stopped firewalld.service. Sep 10 08:07:55 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit fir...asked. Sep 10 08:15:25 localhost.localdomain systemd[1]: Stopped firewalld.service. Sep 10 08:23:47 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit fir...asked. Sep 10 08:28:02 localhost.localdomain systemd[1]: Cannot add dependency job for unit firewalld.service, ignoring: Unit fir...asked. Sep 10 08:31:26 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... Sep 10 08:31:26 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. Sep 10 09:23:33 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... Sep 10 09:23:33 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full. iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination netstat -planta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 1002/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1367/master tcp 0 0 192.168.2.200:2223 192.168.2.137:54413 ESTABLISHED 2168/sshd: root@pts tcp6 0 0 :::2223 :::* LISTEN 1002/sshd tcp6 0 0 :::80 :::* LISTEN 1000/httpd tcp6 0 0 ::1:25 :::* LISTEN 1367/master If you need to remove the port 2223 semanage port -d -p tcp 2223 Checking if port was removed semanage port -l | grep ssh In the list of ports will be found ssh_port tcp 22. Use semanage to add the new port number: semanage port -a -t ssh_port_t -p tcp 2223 If you need to remove the port or service you added. firewall-cmd --zone=public --remove-port=2223/tcp And then issue a reload to apply the changes. firewall-cmd --reload

nmap

yum -y install nmap nmap localhost Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-21 16:59 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000011s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 998 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds nmap -sS -P0 -sV localhost Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-25 10:40 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000011s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1 (protocol 2.0) 25/tcp open smtp Postfix smtpd Service Info: Host: localhost.localdomain Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

apache

yum clean all yum -y update yum -y install httpd sudo yum -y remove httpd nano /etc/httpd/conf/httpd.conf Listen 192.168.2.200:80 sudo systemctl restart httpd netstat -punta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1415/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1725/master tcp 0 0 192.168.2.200:22 192.168.2.137:52330 ESTABLISHED 2558/sshd: root@pts tcp6 0 0 :::80 :::* LISTEN 2717/httpd tcp6 0 0 :::22 :::* LISTEN 1415/sshd tcp6 0 0 ::1:25 :::* LISTEN 1725/master Be sure that Apache starts at boot: sudo systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. “In case” you need it…, the command below is for manual loading. /usr/sbin/httpd -k start systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2016-08-25 10:50:48 EDT; 1min 39s ago Docs: man:httpd(8) man:apachectl(8) Main PID: 1414 (httpd) Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─1414 /usr/sbin/httpd -DFOREGROUND ├─1464 /usr/sbin/httpd -DFOREGROUND ├─1466 /usr/sbin/httpd -DFOREGROUND ├─1467 /usr/sbin/httpd -DFOREGROUND ├─1468 /usr/sbin/httpd -DFOREGROUND └─1469 /usr/sbin/httpd -DFOREGROUND Aug 25 10:50:47 localhost.localdomain systemd[1]: Starting The Apache HTTP Server... Aug 25 10:50:48 localhost.localdomain httpd[1414]: AH00558: httpd: Could not reliably determine the server's fully qualified do...essage Aug 25 10:50:48 localhost.localdomain systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full. To check the status of Apache: sudo systemctl status httpd systemctl stop httpd service httpd restart ps aux | grep httpd root 1414 0.0 0.4 221912 4984 ? Ss 10:50 0:00 /usr/sbin/httpd -DFOREGROUND apache 1464 0.0 0.2 221912 2976 ? S 10:50 0:00 /usr/sbin/httpd -DFOREGROUND apache 1466 0.0 0.2 221912 2976 ? S 10:50 0:00 /usr/sbin/httpd -DFOREGROUND apache 1467 0.0 0.2 221912 2976 ? S 10:50 0:00 /usr/sbin/httpd -DFOREGROUND apache 1468 0.0 0.2 221912 2976 ? S 10:50 0:00 /usr/sbin/httpd -DFOREGROUND apache 1469 0.0 0.2 221912 2976 ? S 10:50 0:00 /usr/sbin/httpd -DFOREGROUND root 2583 0.0 0.0 112648 972 pts/0 R+ 10:54 0:00 grep --color=auto httpd ps -ef |grep httpd root 1414 1 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 1464 1414 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 1466 1414 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 1467 1414 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 1468 1414 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND apache 1469 1414 0 10:50 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND root 2585 2564 0 10:54 pts/0 00:00:00 grep --color=auto httpd Testing apache http://192.168.2.200 if you want to … Allow Apache Through the Firewall Allow the default HTTP and HTTPS port, ports 80 and 443, through firewalld: sudo firewall-cmd --permanent --add-port=80/tcp success sudo firewall-cmd --permanent --add-port=443/tcp success sudo firewall-cmd --reload success Remove the above firewall lines systemctl stop firewalld systemctl mask firewalld iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination tail /etc/httpd/logs/access_log 192.168.2.137 - - [22/Aug/2016:09:57:14 -0400] "GET / HTTP/1.1" 403 4897 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.70 Safari/537.36" 192.168.2.137 - - [22/Aug/2016:09:57:14 -0400] "GET /noindex/css/bootstrap.min.css HTTP/1.1" 200 19341 "http://192.168.2.113/ " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.70 Safari/537.36" 192.168.2.137 - - [22/Aug/2016:09:57:14 -0400] "GET /noindex/css/open-sans.css HTTP/1.1" 200 5081 "http://192.168.2.113/ " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.70 Safari/537.36" 192.168.2.137 - - [22/Aug/2016:09:57:14 -0400] "GET /images/apache_pb.gif HTTP/1.1" 200 2326 "http://192.168.2.113/ " "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.70 Safari/537.36" tail -f /etc/httpd/logs/error_log tail -10 /etc/httpd/logs/error_log grep -i invalid /etc/httpd/logs/error_log cat /etc/httpd/logs/access_log | awk '{print $1,$7}' tail -f /etc/httpd/logs/access_log | awk '{print $1,$7}' cat /var/log/secure | grep 'sshd.*opened' Aug 21 16:46:05 localhost sshd[2912]: pam_unix(sshd:session): session opened for user root by (uid=0) Aug 22 07:45:04 localhost sshd[3277]: pam_unix(sshd:session): session opened for user root by (uid=0) cat /var/log/secure | grep invalid Aug 21 16:38:27 localhost sshd[10261]: input_userauth_request: invalid user jurandirapellin [preauth] Aug 21 16:38:30 localhost sshd[10261]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 50093 ssh2 Aug 21 16:38:35 localhost sshd[10263]: input_userauth_request: invalid user jurandirapellin [preauth] Aug 21 16:38:40 localhost sshd[10263]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 50094 ssh2 Aug 21 16:38:43 localhost sshd[10263]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 50094 ssh2 Aug 21 16:39:28 localhost sshd[10273]: input_userauth_request: invalid user jurandirapellin [preauth] Aug 21 16:39:32 localhost sshd[10273]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 50097 ssh2 Aug 21 16:39:36 localhost sshd[10273]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 50097 ssh2 Aug 21 16:40:29 localhost sshd[10288]: input_userauth_request: invalid user jurandirapellin [preauth] To browse the page in the prompt line :) yum -y install links links 127.0.0.1

apache - port 80 to 8080

nano /etc/httpd/conf/httpd.conf Listen 8080 ctrl x y ( save - exit file ) systemctl restart httpd netstat -planta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 1001/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1380/master tcp 0 0 192.168.2.200:2223 192.168.2.137:54801 ESTABLISHED 2148/sshd: root@pts tcp6 0 0 :::2223 :::* LISTEN 1001/sshd tcp6 0 0 :::8080 :::* LISTEN 2227/httpd tcp6 0 0 ::1:25 :::* LISTEN 1380/master nmap localhost Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-25 18:56 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.0000050s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 998 closed ports PORT STATE SERVICE 25/tcp open smtp 8080/tcp open http-proxy Nmap done: 1 IP address (1 host up) scanned in 0.05 seconds http://192.168.2.200:8080 apachectl configtest AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain. Set the 'ServerName' directive globally to suppress this message Syntax OK systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2016-08-25 18:54:09 EDT; 7min ago Docs: man:httpd(8) man:apachectl(8) Main PID: 1000 (httpd) Status: "Total requests: 10; Current requests/sec: 0; Current traffic: 0 B/sec" CGroup: /system.slice/httpd.service ├─1000 /usr/sbin/httpd -DFOREGROUND ├─1061 /usr/sbin/httpd -DFOREGROUND ├─1062 /usr/sbin/httpd -DFOREGROUND ├─1063 /usr/sbin/httpd -DFOREGROUND ├─1064 /usr/sbin/httpd -DFOREGROUND ├─1065 /usr/sbin/httpd -DFOREGROUND ├─2184 /usr/sbin/httpd -DFOREGROUND ├─2185 /usr/sbin/httpd -DFOREGROUND ├─2186 /usr/sbin/httpd -DFOREGROUND └─2187 /usr/sbin/httpd -DFOREGROUND Aug 25 18:54:09 localhost.localdomain systemd[1]: Starting The Apache HTTP Server... Aug 25 18:54:09 localhost.localdomain httpd[1000]: AH00558: httpd: Could not reliably determine the server's fully qualif...ssage Aug 25 18:54:09 localhost.localdomain systemd[1]: Started The Apache HTTP Server. Hint: Some lines were ellipsized, use -l to show in full. If you need to remove apache yum remove httpd sudo firewall-cmd --permanent --add-port=8080/tcp sudo firewall-cmd --reload

php

yum -y install php php-mysql yum -y install php-fpm To see the available options for PHP modules and libraries yum search php- Create file below. nano /var/www/html/info.php systemctl restart httpd.service http://192.168.2.200:8080/info.php php --version PHP 5.4.16 (cli) (built: Aug 11 2016 21:24:59) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies yum info php Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.xpg.com.br * extras: centos.xpg.com.br * updates: centos.xpg.com.br Installed Packages Name : php Arch : x86_64 Version : 5.4.16 Release : 36.3.el7_2 Size : 4.4 M Repo : installed From repo : updates Summary : PHP scripting language for creating dynamic web sites URL : http://www.php.net/ License : PHP and Zend and BSD Description : PHP is an HTML-embedded scripting language. PHP attempts to make it : easy for developers to write dynamically generated web pages. PHP also : offers built-in database integration for several commercial and : non-commercial database management systems, so writing a : database-enabled webpage with PHP is fairly simple. The most common : use of PHP coding is probably as a replacement for CGI scripts. : : The php package contains the module (often referred to as mod_php) : which adds support for the PHP language to Apache HTTP Server. If you want to erase the file above… sudo rm /var/www/html/info.php If you are running a firewall, run the following commands to allow HTTP and HTTPS traffic: sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd --reload After you started MariaDB (do this only once), execute the following command: /usr/bin/mysql_secure_installation This command will ask you some inputs to set root password, remove anonymous users, disallow root login remotely, remove test database and reload privilege tables.

mysql

On CentOS 7, the official Oracle MySQL server is not available by default through the package manager. This is because Redhat decided to go with MariaDB as the official MySQL fork for CentOS 7. If you would prefer to use MariaDB, you can find the procedure here. If you prefer to proceed with Oracle’s official packages, please keep reading. Getting Started 1 Node (Cloud Server or Dedicated Servers) with CentOS 7 installed Install MySQL First, we will need to add the Oracle MySQL repository to yum. You can do that by acquiring the rpm for the repository and installing it on the server. For the MySQL 5.7 repository, you can issue the following command: yum -y install wget wget https://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm yum -y localinstall mysql57-community-release-el7-7.noarch.rpm Once that’s done, installing MySQL is only a matter of running the yum command with the package name: yum -y install mysql-community-server You will then want to start the service: systemctl start mysqld To enable the service on-boot: systemctl enable mysqld This version of Oracle MySQL sets a root password by default. We need to retrieve it from the mysql logs. cat /var/log/mysqld.log | grep password 2016-08-29T00:35:06.994579Z 1 [Note] A temporary password is generated for root@localhost: bsp(p3aPt?a1 With that password retrieved, we can now login. First though, let’s run the mysql_secure_installation script. mysql_secure_installation Here, you will want to set a new root password. It is then recommended to remove anonymous users, disallow remote root login, remove the test database and reload the privileges table. Once this is done, you can now access MySQL using the usual command line interface. systemctl start mysqld ps aux | grep mysqld mysql 1754 0.0 17.7 1119204 180760 ? Sl 07:08 0:01 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid root 3114 0.0 0.0 112648 972 pts/0 R+ 07:58 0:00 grep --color=auto mysqld ======== Jura test block below Another way to install mysql To install MariaDB Server you have to execute the following command: yum install mariadb mariadb-server To start MariaDB on Fedora 20, execute the following command: systemctl start mariadb.service To autostart MariaDB on Fedora 20, execute the following command: systemctl enable mariadb.service mysql –u root -p ======== php -v PHP 5.4.16 (cli) (built: Aug 11 2016 21:24:59) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies mysql -V mysql Ver 14.14 Distrib 5.7.14, for Linux (x86_64) using EditLine wrapper nmap -sF -P0 192.168.2.200 Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-29 07:27 EDT Nmap scan report for 192.168.2.200 Host is up (0.0000050s latency). Not shown: 998 closed ports PORT STATE SERVICE 3306/tcp open|filtered mysql 8080/tcp open|filtered http-proxy Nmap done: 1 IP address (1 host up) scanned in 1.27 seconds mysql> show databases; mysql> create database banco_dados; mysql> use banco_dados; mysql> create table amigos( id INT NOT NULL PRIMARY KEY AUTO_INCREMENT, nome varchar(50) not null, ender varchar(60), cidade varchar(40)); describe amigos; +--------+-------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +--------+-------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | nome | varchar(50) | NO | | NULL | | | ender | varchar(60) | YES | | NULL | | | cidade | varchar(40) | YES | | NULL | | +--------+-------------+------+-----+---------+----------------+ 4 rows in set (0.00 sec) insert into amigos values(null,'Jura','Rua 10','London'); insert into amigos values(null,'Mike','Rua 11','Timbo'); insert into amigos values(null,'Eric','Rua 12','Timbo'); insert into amigos values(null,'Luisa','Rua 13','Blumenau'); insert into amigos values(null,'Isa','Rua 14','Blumenau'); SELECT * FROM amigos; +----+-------+--------+----------+ | id | nome | ender | cidade | +----+-------+--------+----------+ | 6 | Jura | Rua 10 | London | | 7 | Mike | Rua 11 | Timbo | | 8 | Eric | Rua 12 | Timbo | | 9 | Luisa | Rua 13 | Blumenau | | 10 | Isa | Rua 14 | Blumenau | +----+-------+--------+----------+ 5 rows in set (0.00 sec) SELECT * FROM amigos WHERE nome LIKE "mi%"; +----+------+--------+--------+ | id | nome | ender | cidade | +----+------+--------+--------+ | 7 | Mike | Rua 11 | Timbo | +----+------+--------+--------+ 1 row in set (0.00 sec) SELECT * FROM amigos WHERE cidade = "Blumenau"; +----+-------+--------+----------+ | id | nome | ender | cidade | +----+-------+--------+----------+ | 9 | Luisa | Rua 13 | Blumenau | | 10 | Isa | Rua 14 | Blumenau | +----+-------+--------+----------+ 2 rows in set (0.00 sec) SELECT * FROM amigos WHERE codigo BETWEEN 7 and 9; +----+-------+--------+----------+ | id | nome | ender | cidade | +----+-------+--------+----------+ | 7 | Mike | Rua 11 | Timbo | | 8 | Eric | Rua 12 | Timbo | | 9 | Luisa | Rua 13 | Blumenau | +----+-------+--------+----------+ 3 rows in set (0.01 sec) mysql> quit Erase database. drop database banco_dados; Erase table. drop table amigos; Erase all records. delete from amigos; No prompt do mysql (mysql> ) quit netstat -tap | grep mysql tcp6 0 0 [::]:mysql [::]:* LISTEN 1889/mysqld ps aux | grep mysql mysql 1889 0.0 19.0 1119456 193828 ? Sl 08:23 0:05 /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid root 2841 0.0 0.0 112648 976 pts/0 R+ 12:04 0:00 grep --color=auto mysql nano /var/www/html/friends.php MySQL Table Viewer Table: {$table}"; echo ""; // printing table headers for($i=0; $i<$fields_num; $i++) { $field = mysql_fetch_field($result); echo ""; } echo "\n"; // printing table rows while($row = mysql_fetch_row($result)) { echo ""; // $row is array... foreach( .. ) puts every element // of $row to $cell variable foreach($row as $cell) echo ""; echo "\n"; } mysql_free_result($result); ?> Testing... http://192.168.2.200:8080/friends.php nano /var/www/html/lista1.php "; while($row = mysqli_fetch_array($result)) { echo ""; echo ""; echo ""; echo ""; echo ""; } echo "
{$field->name}
$cell
ID Nome Cidade
" . $row['id'] . "" . $row['nome'] . "" . $row['cidade'] . "
"; mysqli_close($con); ?> http://192.168.2.200:8080/lista1.php mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15 Server version: 5.5.50-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.00 sec) MariaDB [(none)]> MariaDB [(none)]> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [mysql]> MariaDB [mysql]> show tables; +---------------------------+ | Tables_in_mysql | +---------------------------+ | columns_priv | | db | | event | | func | | general_log | | help_category | | help_keyword | | help_relation | | help_topic | | host | | ndb_binlog_index | | plugin | | proc | | procs_priv | | proxies_priv | | servers | | slow_log | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | | user | +---------------------------+ 24 rows in set (0.00 sec) MariaDB [mysql]> MariaDB [mysql]> quit Bye netstat -an | grep LISTEN | grep -v ^un tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN nmap localhost Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-22 10:43 EDT Nmap scan report for localhost (127.0.0.1) Host is up (0.000011s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 3306/tcp open mysql Use Tab to find more files … nano /etc/sysconfig/network-scripts/ifcfg- ifcfg-enp0s3 ifcfg-lo service network restart systemctl restart httpd.service netstat -an | grep LISTEN | grep -v ^un tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 192.168.2.200:8080 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN

netstat

netstat -tulpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 1002/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1611/master tcp6 0 0 :::3306 :::* LISTEN 1809/mysqld tcp6 0 0 :::2223 :::* LISTEN 1002/sshd tcp6 0 0 :::8080 :::* LISTEN 1004/httpd tcp6 0 0 ::1:25 :::* LISTEN 1611/master netstat -lntpe Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 0 16643 1002/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 17562 1611/master tcp6 0 0 :::3306 :::* LISTEN 27 18196 1809/mysqld tcp6 0 0 :::2223 :::* LISTEN 0 16645 1002/sshd tcp6 0 0 :::8080 :::* LISTEN 0 16817 1004/httpd tcp6 0 0 ::1:25 :::* LISTEN 0 17563 1611/master netstat -an | grep LISTEN | grep -v ^un tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::3306 :::* LISTEN tcp6 0 0 :::2223 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN netstat -nalp |grep -v DGRAM |grep -v STREAM |grep -v LISTEN Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.2.200:2223 192.168.2.137:52947 ESTABLISHED 2230/sshd: root@pts raw6 768 0 :::58 :::* 7 713/NetworkManager netstat -ltun Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp6 0 0 :::3306 :::* LISTEN tcp6 0 0 :::2223 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 ::1:25 :::* LISTEN netstat -tulapn -A inet,inet6 | grep -vE '^Active|Proto' | grep 'LISTEN' | awk '{ print $4}' | cut -d: -f2,4 | cut -d: -f2 | sed '/^$/d' | sort -u 2223 25 3306 8080 netstat -pant Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2223 0.0.0.0:* LISTEN 1002/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1611/master tcp 0 0 192.168.2.200:2223 192.168.2.137:52947 ESTABLISHED 2230/sshd: root@pts tcp6 0 0 :::3306 :::* LISTEN 1809/mysqld tcp6 0 0 :::2223 :::* LISTEN 1002/sshd tcp6 0 0 :::8080 :::* LISTEN 1004/httpd tcp6 0 0 ::1:25 :::* LISTEN 1611/master iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination

logwatch

yum -y install logwatch nano /usr/share/logwatch/default.conf/logwatch.conf #----------------------------------------------------------- # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday #----------------------------------------------------------- # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Low #----------------------------------------------------------- Command lines: logwatch --detail High --service http --mailto way@tpa.com.br --range all logwatch --detail 10 ################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Aug 21 17:25:58 2016 Date Range Processed: yesterday ( 2016-Aug-20 ) Period is day. Detail Level of Output: 10 Type of Output/Format: stdout / text Logfiles for Host: localhost.localdomain ################################################################## --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 6.7G 1.4G 5.3G 21% / devtmpfs 487M 0 487M 0% /dev /dev/sda1 497M 168M 330M 34% /boot ---------------------- Disk Space End ------------------------- ###################### Logwatch End ######################### logwatch --service sshd --range=Today ################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Sun Aug 21 17:46:28 2016 Date Range Processed: today ( 2016-Aug-21 ) Period is day. Detail Level of Output: 0 Type of Output/Format: stdout / text Logfiles for Host: localhost.localdomain ################################################################## --------------------- SSHD Begin ------------------------ SSHD Killed: 1 Time(s) SSHD Started: 8 Time(s) Illegal users from: undef: 1 time 192.168.10.105: 23 times Users logging in through sshd: root: 192.168.10.105: 1 time ---------------------- SSHD End ------------------------- ###################### Logwatch End ######################### logwatch --service sshd --range=Today ################### Logwatch 7.4.0 (03/01/11) #################### Processing Initiated: Wed Aug 31 08:06:09 2016 Date Range Processed: today ( 2016-Aug-31 ) Period is day. Detail Level of Output: 0 Type of Output/Format: stdout / text Logfiles for Host: localhost.localdomain ################################################################## --------------------- SSHD Begin ------------------------ SSHD Started: 2 Time(s) Users logging in through sshd: root: 192.168.2.137: 1 time ---------------------- SSHD End ------------------------- ###################### Logwatch End ######################### logwatch --service sshd --range=Today --detail=Medium logwatch --service sshd --range=Today --detail=High logwatch cron job every business day at 12:15 pm crontab -e 15 12 * * 1,2,3,4,5 /sbin/logwatch # Log iptables denied calls -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5 23 192.168.10.105

logwatch

yum -y install epel-release yum -y install fail2ban systemctl enable fail2ban sudo service fail2ban start Redirecting to /bin/systemctl start fail2ban.service ps aux | grep fail2ban root 3078 0.0 0.8 213848 8948 ? S 07:38 0:00 /usr/bin/python2 -s /usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ba/fail2ban.pid -x -b root 3088 0.0 0.0 112648 976 pts/0 R+ 07:55 0:00 grep --color=auto fail2ban sudo service fail2ban stop If you need to erase fail2ban sudo rm -rf /etc/fail2ban
sudo rm /etc/init.d/fail2ban
sudo rm /var/log/fail2ban* cat /var/log/secure | grep 'Failed password' Aug 28 11:34:00 localhost sshd[2179]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 51004 ssh2 Aug 28 11:34:05 localhost sshd[2179]: Failed password for invalid user jurandirapellin from 192.168.10.105 port 51004 ssh2 Aug 30 19:21:52 localhost sshd[2228]: Failed password for invalid user jurandirapellin from 192.168.2.137 port 52946 ssh2 iptables -L -n fail2ban-client status Status |- Number of jail: 0 `- Jail list: awk 'gsub(".*sshd.*Failed password for (invalid user )?", "") {print $3}' /var/log/secure* | sort | uniq -c | sort -rn | head -5 23 192.168.10.105 2 192.168.2.137 fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/sshd.conf Running tests ============= Use failregex filter file : sshd, basedir: /etc/fail2ban Use maxlines : 10 Use log file : /var/log/secure Use encoding : UTF-8 Results ======= Failregex: 44 total |- #) [# of hits] regular expression | 3) [25] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*Failed \S+ for .*? from (?: port \d*)?(?: ssh\d*)?(: (ruser .*|(\S+ ID \S+ \(serial \d+\) CA )?\S+ (?:[\da-f]{2}:){15}[\da-f]{2}(, client user ".*", client host ".*")?))?\s*$ | 5) [9] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*[iI](?:llegal|nvalid) user .* from \s*$ | 16) [10] ^\s*(<[^.]+\.[^.]+>)?\s*(?:\S+ )?(?:kernel: \[ *\d+\.\d+\] )?(?:@vserver_\S+ )?(?:(?:\[\d+\])?:\s+[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?|[\[\(]?sshd(?:\(\S+\))?[\]\)]?:?(?:\[\d+\])?:?)?\s(?:\[ID \d+ \S+\])?\s*pam_unix\(sshd:auth\):\s+authentication failure;\s*logname=\S*\s*uid=\d*\s*euid=\d*\s*tty=\S*\s*ruser=\S*\s*rhost=\s.*$ `- Ignoreregex: 0 total Date template hits: |- [# of hits] date format | [199] (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? `- Lines: 199 lines, 0 ignored, 44 matched, 155 missed [processed in 0.20 sec] Missed line(s): too many to print. Use --print-all-missed to print all 155 lines

iptables

sudo firewall-cmd --zone=public --add-port=80/tcp --permanent sudo firewall-cmd --reload firewall-cmd --list-all sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT sudo service iptables save sudo system-config-firewall-tui Opening Ports To open port 80 (http) in your firewall, you can utilize the following command: firewall-cmd --permanent --zone=public --add-port=80/tcp Reload the firewall to apply changes: firewall-cmd --reload Verifying Rules The following command can be used to verify that the port is open, it will return a simple yes or no: firewall-cmd --zone=public --query-port=80/tcp Creating Rules by Using Service Names Alternatively you can create the rule using a service name: firewall-cmd --permanent --zone=public --add-service=http And now reload the firewall to apply changes: firewall-cmd --reload Verify the service port has been opened: firewall-cmd --zone=public --query-service=http ======== Real World Example These steps will create a permanent entry in your firewall configuration to allow incoming TCP connections to TCP port 80 from the internet. You can use "firewall-cmd --list-all" to get a view of your current firewall configuration. Example: firewall-cmd --list-all public (default, active) interfaces: eth0 eth1 sources: services: ssh ports: 80/tcp masquerade: no forward-ports: icmp-blocks: rich rules: To remove the port or service you added. firewall-cmd --zone=public --remove-port=80/tcp OR firewall-cmd --zone=public --remove-service=http And then issue a reload to apply the changes. firewall-cmd --reload

ftp

yum -y install vsftpd nano /etc/vsftpd/vsftpd.conf # Uncomment line: chroot_local_user=YES firewall-cmd --permanent --add-service=ftp firewall-cmd --reload Allow ftp access to the users home directories . setsebool -P ftp_home_dir on Now create an User for ftp access. Here /sbin/nologin shell is used to prevent shell access to the server . useradd -m jura -s /sbin/nologin passwd jura ===== Using FileZilla =============== Host : 192.168.2.182 Protocol : FTP - Protocolo de Transferência de Arquivos Ecnryption : Somente use FTP padrão ( inseguro ) Logon Type : Conta User : jura Password : senha Account : jura ===== You may also change the port number and open vsftpd port through the firewall.
firewall-cmd --add-port=21/tcp firewall-cmd --reload Next restart vsftpd and enable to start at boot time. systemctl restart vsftpd systemctl enable vsftpd netstat -planta Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1189/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1978/master tcp 0 52 192.168.2.182:22 192.168.2.128:50143 ESTABLISHED 10284/sshd: root@pt tcp6 0 0 :::3306 :::* LISTEN 1689/mysqld tcp6 0 0 :::80 :::* LISTEN 1191/httpd tcp6 0 0 :::21 :::* LISTEN 10342/vsftpd tcp6 0 0 :::22 :::* LISTEN 1189/sshd tcp6 0 0 ::1:25 :::* LISTEN 1978/master netstat -planta | grep :21 tcp6 0 0 :::21 :::* LISTEN 10342/vsftpd ps aux | grep vsftpd root 10342 0.0 0.0 52804 560 ? Ss 19:50 0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf root 10371 0.0 0.0 112648 972 pts/0 R+ 19:52 0:00 grep --color=auto vsftpd Let´s find out our server ip address. ifconfig | grep inet inet 192.168.2.182 netmask 255.255.255.0 broadcast 192.168.2.255 inet6 fe80::a00:27ff:fe0f:a47e prefixlen 64 scopeid 0x20 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 yum -y install ftp Let´s make a test... ftp 192.168.2.182 Connected to 192.168.2.182 (192.168.2.182). 220 Welcome to FTP service. Name (192.168.2.182:root): jura <=== 331 Please specify the password. Password: 123 <=== 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ftp> ls -l <=== 227 Entering Passive Mode (192,168,2,182,195,164). 150 Here comes the directory listing. drwxr-xr-x 2 1000 1000 6 Sep 13 20:04 test1 226 Directory send OK. ftp> ftp> pwd <=== 257 "/" ftp> ftp> quit <=== 221 Goodbye. ftp://192.168.2.182 yum -y install telnet telnet localhost 21 Trying ::1... Connected to localhost. Escape character is '^]'. 220 Welcome to FTP service. user jura <=== 331 Please specify the password. pass 123= <=== 230 Login successful. ---------------------------------------------------------------------------------------
"Wisdom is like a river, the deeper it is the less noise it makes"

Afim de aprender mais? Fale comigo: linux1.noip@gmail.com