Category Archives: Linux

google pagespeed – centos installation

 

Let’s edit/create google-mod-pagespeed.repo

vi /etc/yum.repos.d/google-mod-pagespeed.repo

and add

[googlemodpagespeed]
name=googlemodpagespeed
baseurl=http://dl.google.com/linux/mod-pagespeed/rpm/stable/$basearch
enabled=1
gpgcheck=0
Let’s install it with yum!
yum install mod-pagespeed
Then we need to restart apache!
service httpd restart

 

This is how we test it…

curl -D- http://localhost/ | head -10

 

[[email protected] webroot]# curl -D- http://localhost/ | head -10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4328 100 4328 0 0 27929 0 –:–:– –:–:– –:–:– 28103
HTTP/1.1 200 OK
Date: Wed, 12 Sep 2018 15:52:41 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.6.38
X-Powered-By: PHP/5.6.38
X-Mod-Pagespeed: 1.13.35.2-0
Vary: Accept-Encoding
Cache-Control: max-age=0, no-cache, s-maxage=10
Content-Length: 4328
Content-Type: text/html; charset=iso-8859-1

 

 

fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned

Meanwhile in a new VPS…

2018-04-18 19:56:42,211 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:43,213 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:44,214 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:45,215 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:46,217 fail2ban.actions [14644]: NOTICE [sshd] 113.131.58.142 already banned
2018-04-18 19:56:47,218 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned
2018-04-18 19:56:48,219 fail2ban.actions [14644]: NOTICE [sshd] 195.72.223.106 already banned

YAH!
Take a look at /etc/fail2ban/jail.local or /etc/fail2ban/jail.d/00-firewalld.conf
banaction = firewallcmd-ipset
or
banaction = iptables-multiport

 

Meltdown & Spectre – CentOS

This is, for what I’v read about, the two main things that we need to have updated…

kernel-3.10.0-693.11.6.el7.x86_64
microcode_ctl-2.1-22.2.el7.x86_64

Check them trought uname -r and dmesg | grep microcode

 

[[email protected] www]# systemctl status microcode -l
● microcode.service - Load CPU microcode update
 Loaded: loaded (/usr/lib/systemd/system/microcode.service; enabled; vendor preset: enabled)
 Active: inactive (dead) since Fri 2018-01-05 17:43:08 CET; 1 weeks 6 days ago
 Process: 692 ExecStart=/usr/bin/bash -c grep -l GenuineIntel /proc/cpuinfo | xargs grep -l -E "model[[:space:]]*: 79$" > /dev/null || echo 1 > /sys/devices/system/cpu/microcode/reload (code=exited, status=0/SUCCESS)
 Main PID: 692 (code=exited, status=0/SUCCESS)

Jan 05 17:43:08 sd-56969 systemd[1]: Starting Load CPU microcode update...
Jan 05 17:43:08 sd-56969 systemd[1]: Started Load CPU microcode update.

 

 

 

SFTP allow user to login via SFTP

If we are just allowing both on AllowUsers in file /etc/ssh/sshd_config, new users won’t be allowed to access the server.

So!, lets edit it a add the new user. Find AllowUser line and add it there.

sudo nano /etc/ssh/sshd_config

This should look something like

#PermitRootLogin without-password
PermitRootLogin no
StrictModes yes
AllowUsers bofh newuser

Save and Exit!
Restart SSH

service ssh restart

Now the user!

addgroup --system filetransf

usermod -G filetransf username
chown root:root /home/username
chmod 755 /home/username

cd /home/username
chown username:filetransf *

 

Hooray!

 

dashboard for VMware, SNMP, REST API and more

Simple dashboard system for sysadmins with modules for VMware, SNMP, REST API and more

SysAdminBoard is a simple dashboard system written in Python, HTML and Javascript and served on a simple CherryPy Webserver (included). It was originally written to reformat snmp data for the Panic Statusboard iPad App, but has since become a fully stand-alone project that can grab data from a variety of sources and render charts and graphs in a web browser.