August 2025
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

August 2025
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Boot Partition Full ( CentOS 7 )

Boot Partition Full ( CentOS 7 )

root@RHEL7HARDEN:~# df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg0-root   96G   15G   77G  16% /
devtmpfs              3.8G     0  3.8G   0% /dev
tmpfs                 3.8G  152K  3.8G   1% /dev/shm
tmpfs                 3.8G  9.1M  3.8G   1% /run
tmpfs                 3.8G     0  3.8G   0% /sys/fs/cgroup
/dev/sda1             283M  270M     0 100% /boot
/dev/mapper/vg0-home  577G  124G  424G  23% /home

Limit to only 2 kernels.

root@RHEL7HARDEN:~# vim /etc/yum.conf

installonly_limit=2

Below command will remove all the old kernels keeping the recent 2 kernels.

root@RHEL7HARDEN:~# package-cleanup –oldkernels –count=2
Loaded plugins: fastestmirror, langpacks
–> Running transaction check
—> Package kernel.x86_64 0:3.10.0-123.el7 will be erased
—> Package kernel.x86_64 0:3.10.0-229.1.2.el7 will be erased
—> Package kernel.x86_64 0:3.10.0-229.4.2.el7 will be erased
—> Package kernel-devel.x86_64 0:3.10.0-229.1.2.el7 will be erased
—> Package kernel-devel.x86_64 0:3.10.0-229.4.2.el7 will be erased
–> Finished Dependency Resolution
base/7/x86_64                              | 3.6 kB  00:00:00
epel/x86_64/metalink                       | 3.2 kB  00:00:00
extras/7/x86_64                            | 3.4 kB  00:00:00
google-chrome                              | 951 B   00:00:00
nux-dextop/x86_64                          | 2.9 kB  00:00:04
updates/7/x86_64                           | 3.4 kB  00:00:00

Dependencies Resolved

=====================================================================
Package        Arch       Version          Repository      Size
=====================================================================
Removing:
kernel        x86_64   3.10.0-123.el7       @anaconda      127 M
kernel        x86_64   3.10.0-229.1.2.el7   @updates       131 M
kernel        x86_64   3.10.0-229.4.2.el7   @updates       131 M
kernel-devel  x86_64   3.10.0-229.1.2.el7   @updates       32 M
kernel-devel  x86_64   3.10.0-229.4.2.el7   @updates       32 M

Transaction Summary
=====================================================================
Remove  5 Packages

Installed size: 453 M
Is this ok [y/N]: y
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Erasing    : kernel-devel.x86_64                           1/5
Erasing    : kernel.x86_64                                 2/5
warning: file /lib/modules/3.10.0-229.1.2.el7.x86_64/weak-updates: remove failed: No such file or directory
warning: file /lib/modules/3.10.0-229.1.2.el7.x86_64/modules.softdep: remove failed: No such file or directory
warning: file /lib/modules/3.10.0-229.1.2.el7.x86_64/modules.devname: remove failed: No such file or directory
Erasing    : kernel-devel.x86_64                           3/5
Erasing    : kernel.x86_64                                 4/5
warning: file /lib/modules/3.10.0-123.el7.x86_64/modules.softdep: remove failed: No such file or directory
warning: file /lib/modules/3.10.0-123.el7.x86_64/modules.devname: remove failed: No such file or directory
Erasing    : kernel.x86_64                                 5/5
warning: file /lib/modules/3.10.0-229.4.2.el7.x86_64/weak-updates: remove failed: No such file or directory
warning: file /lib/modules/3.10.0-229.4.2.el7.x86_64/modules.softdep: remove failed: No such file or directory
warning: file /lib/modules/3.10.0-229.4.2.el7.x86_64/modules.devname: remove failed: No such file or directory
Verifying  : kernel-3.10.0-229.4.2.el7.x86_64              1/5
Verifying  : kernel-3.10.0-123.el7.x86_64                  2/5
Verifying  : kernel-devel-3.10.0-229.4.2.el7.x86_64        3/5
Verifying  : kernel-3.10.0-229.1.2.el7.x86_64              4/5
Verifying  : kernel-devel-3.10.0-229.1.2.el7.x86_64        5/5

Removed:
kernel.x86_64 0:3.10.0-123.el7
kernel.x86_64 0:3.10.0-229.1.2.el7
kernel.x86_64 0:3.10.0-229.4.2.el7
kernel-devel.x86_64 0:3.10.0-229.1.2.el7
kernel-devel.x86_64 0:3.10.0-229.4.2.el7

Complete!

root@RHEL7HARDEN:~# df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg0-root   96G   15G   77G  16% /
devtmpfs              3.8G     0  3.8G   0% /dev
tmpfs                 3.8G  152K  3.8G   1% /dev/shm
tmpfs                 3.8G  9.1M  3.8G   1% /run
tmpfs                 3.8G     0  3.8G   0% /sys/fs/cgroup/dev/sda1             283M  142M  123M  54% /boot
/dev/mapper/vg0-home  577G  124G  424G  23% /home

December 21st, 2015 | Category: Linux, Linux Commands | Leave a comment

Verify Package Integrity Using RPM

Verify Package Integrity Using RPM

The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database.

Although an attacker could corrupt the RPM database (analogous to attacking the AIDE database as described above), this check can still reveal modification of important files. To determine which files on the system differ from what is expected by the RPM database:

# rpm -qVa

A “c” in the second column indicates that a file is a configuration file (and may be expected to change). In order to exclude configuration files from this list, run:

# rpm -qVa | awk ‘$2!=”c” {print $0}’
December 21st, 2015 | Category: Linux, Linux Commands | Leave a comment

Remount the /dev/shm Partition in Fedora/CentOS

Remount the /dev/shm Partition in Fedora/CentOS

This is to assist with a CSF warning you may receive about /dev/shm being incorrectly mounted, simply run the following:

nano /etc/fstab

Replace this line:

tmpfs /dev/shm tmpfs defaults 0 0

With this one:

tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0

Save & Exit nano, then remount using the following command:

mount -o remount /dev/shm
December 21st, 2015 | Category: Linux, Linux Commands | Leave a comment

Bloging on Open Source,Linux,BSD and Internet World What is /dev/shm and how to mount /dev/shm

What is /dev/shm and how to mount /dev/shm

Introduction:
/dev/shm is nothing but implementation of traditional shared memory concept. It is an efficient means of passing data between programs. One program will create a memory portion, which other processes (if permitted) can access. This will result into speeding up things on Linux. shm / shmfs is also known as tmpfs, which is a common name for a temporary file storage facility on many Unix-like operating systems. It is intended to appear as a mounted file system, but one which uses virtual memory instead of a persistent storage device. If you type mount command you will see /dev/shm as a tempfs file system. Therefore, it is a file system, which keeps all files in virtual memory. Everything in tmpfs is temporary in the sense that no files will be created on your hard drive. If you unmount a tmpfs instance, everything stored therein is lost. By default almost all Linux distros configured to use /dev/shm.

Useage:
/dev/shm is used to improve the performance of application software for eg. Oracle.
Generally speaking, IO intensive tasks that benefit from fast, No-HDD-read/write-space, such as video encoding, gaming, etc. can make extensive use out of shm.

Commands:

For temporary mounting-
mount -o remount,size=5G /dev/shm

For permanent mounting,paste the below given bolded line in /etc/fstab:

#vi /etc/fstab

none /dev/shm tmpfs defaults,size=5G 0 0

save and close the /etc/fstab file.

# mount -o remount /dev/shm

& Verify the mounting.
# df -Th

December 21st, 2015 | Category: Linux, Linux Commands | Leave a comment

mount s3 bucket in linux EC2 instance

if you have not created a s3 bucket kindly go through with EC2 documentation.The documentation is very clear and easy to understand .This is the link how to create S3bucket

After creating a new bucket follow the given below steps.

Step 1: Download the latest s3fs package from S3fs link

http://s3fs.googlecode.com/files/s3fs-1.63.tar.gz

Step 2: Untar the package in EC2 instance.

tar -xvzf s3fs-1.63.tar.gz

Step 3: If it is new centos or ubuntu instance. Update the system .

For CentOS or Red Hat

yum update all

For Ubuntu

sudo apt-get update

Step 4: Now install the dependencies.

In CentOS or Red Hat

yum install gcc libstdc++-devel gcc-c++ fuse fuse-devel curl-devel libxml2-devel openssl-devel mailcap

In Ubuntu or Debian

apt-get install build-essential gcc libfuse-dev fuse-utils libcurl4-openssl-dev libxml2-dev mime-support build-essential libcurl4-openssl-dev

Step 5: Now change to extracted directory

cd s3fs-1.63

Step 6: Now compiling

./configure  –prefix=/usr

make

make install

Step 7: To check where s3fs command is placed in O.S. It will also tell you the installation is ok.

which s3fs

Step 8: Now getting the access key and secret key.
Click on AWS Menu -> Your AWS Account Name -> Security Credentials

Note: The option is at top Right corner of the aws console page

Here you can see access key and secret key (secret key is visible when you click on show tab)

Copy these both keys seperately

Step 9 : Create a new file in /etc with the name passwd-s3fs

Paste the access key and secret key in this manner .

accesskey:secretkey

Note: colon (:) is require in between of both keys.

for eg.

Access key: bwbshjklwmsysiene7hh

Secret key: jdjbeeosakw3389

vi /etc/passwd-s3fs

bwbshjklwmsysiene7hh:jdjbeeosakw3389

save and exit from file.

Note: I just gave an eg. of keys by randomely typing the letters. But you have to only paste the keys which you have obtained from “Security Credential” tab -see step 8

Step 10: change the permission of file

chmod 640 /etc/passwd-s3fs

Step 11 : now create a directory to mount S3bucket

mkdir /mys3bucket

Step 12: Now mount the s3 bucket

s3fs bucketname /mys3bucket

Note: you can get bucket name from S3 management console.

Step 13: To check mounted s3 bucket

df -Th /mys3bucket

Step 14 : If you already had some data in s3bucket and it is not visible then you have to set permission in ACL at S3 AWS management console for related s3 bucket.

December 21st, 2015 | Category: Amazon, Centos RHEL 7, Linux, Linux Commands | Leave a comment

Increasing Linux server security with nodev, nosuid and no exec options

Expertise level: Advanced
Hackers can use temporary storage directories such as /tmp to store and execute unwanted programs and hack into a server. Other temporary storage directories that can be used for malicious activities are /var/tmp and /dev/shm. Follow these steps to secure your Linux server against this vulnerability:
Add nodev, nosuid, and noexec options to /tmp:

1. Edit the file /etc/fstab, enter:
vi /etc/fstab
2. Locate the /tmp line:

UUID=0aef28b9-3d11-4ab4-a0d4-d53d7b4d3aa4 /tmp                    ext4    defaults        1 2

3. Append the text ,nodev,nosuid,noexec to the list of mount options in column

4. The entry should look like  this:

UUID=0aef28b9-3d11-4ab4-a0d4-d53d7b4d3aa4 /tmp                    ext4    defaults,nodev,nosuid,noexec        1 2

5. Save and close the file.

 

Add nodev, nosuid, and noexec options to /dev/shm

1. Edit the file /etc/fstab, enter:
vi /etc/fstab
2. Locate the /dev/shm line:

tmpfs                   /dev/shm                tmpfs   defaults        0 0

3. Append the text ,nodev,nosuid,noexec to the list of mount options in column

4. The entry should look like this:

tmpfs                   /dev/shm                tmpfs   defaults,nodev,nosuid,noexec        0 0

5. Save and close the file.

 

About /var/tmp

Make sure you bind /var/tmp to /tmp:

1. Edit the file /etc/fstab, enter:
vi /etc/fstab
2. Append the following line:

/tmp /var/tmp none rw,noexec,nosuid,nodev,bind 0 0

3. Save and close the file.

 

Set nodev, nosuid, and noexec options without rebooting the Linux server

1. Type the following command as root user:

 # Bind /var/tmp to /tmp
 mount -o rw,noexec,nosuid,nodev,bind /tmp/ /var/tmp/
 # Remount /tmp
 mount -o remount,noexec,nosuid,nodev /tmp
 # Remount /dev/shm
 mount -o remount,noexec,nosuid,nodev /dev/shm

2. Verify new settings:


mount | egrep --color -w '^(tmpfs|/tmp)|/tmp'

December 21st, 2015 | Category: Centos, Centos RHEL 7, Linux, Linux Commands | Leave a comment

Remove The GNOME GUI on RHEL 7 Centos 7 Fedora and Oracle Linux Server

[root@RHEL7HARDEN ~]# rpm -qa yum
yum-3.4.3-132.el7.centos.0.1.noarch
[root@RHEL7HARDEN ~]#

 

I captured the list of ‘Warning: group <groupname> does not exitst.’ (see previous post) from a ‘yum update’ run which I CTRL+c out of once the warnings ended.
I removed the ‘Warning: group ‘ from the front and the ‘ does not exitst.’ from the back and then put the result into a variable.

[root@RHEL7HARDEN ~]#  yum groupremove ‘X Window System’ ‘GNOME’
Loaded plugins: fastestmirror, langpacks
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
base                                                                                                                                                                                | 3.6 kB  00:00:00
extras                                                                                                                                                                              | 3.4 kB  00:00:00
updates                                                                                                                                                                             | 3.4 kB  00:00:00
(1/4): extras/7/x86_64/primary_db                                                                                                                                                   |  90 kB  00:00:03
(2/4): base/7/x86_64/group_gz                                                                                                                                                       | 155 kB  00:00:09
(3/4): updates/7/x86_64/primary_db                                                                                                                                                  | 953 kB  00:00:09
(4/4): base/7/x86_64/primary_db                                                                                                                                                     | 5.3 MB  00:00:10
Determining fastest mirrors
* base: mirror.vastspace.net
* extras: mirror.upsi.edu.my
* updates: mirror.upsi.edu.my
No environment named X Window System exists
No environment named GNOME exists
Maybe run: yum groups mark remove (see man yum)
No packages to remove from groups
[root@RHEL7HARDEN ~]#

I had gone for the ‘yum groups mark remove’ way some days ago when I was hit by that issue…

It looks like setting upgrade_group_objects_upgrade=0 or group_command=simple in /etc/yum.conf resolves this issue.

 

main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
group_command=simple

#  This is the default, if you make this bigger yum won’t see if the metadata
# is newer on the remote and so you’ll “gain” the bandwidth of not having to
# download the new metadata and “pay” for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don’t keep old packages around. If you don’t like this checking
# interupting your command line usage, it’s much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

 

[root@RHEL7HARDEN ~]#  yum groupremove ‘X Window System’ ‘GNOME’
Loaded plugins: fastestmirror, langpacks
base                                                                                                                                                                                | 3.6 kB  00:00:00
extras                                                                                                                                                                              | 3.4 kB  00:00:00
updates                                                                                                                                                                             | 3.4 kB  00:00:00
Loading mirror speeds from cached hostfile
* base: mirror.vastspace.net
* extras: mirror.upsi.edu.my
* updates: mirror.upsi.edu.my
No environment named X Window System exists
No environment named GNOME exists
Resolving Dependencies
–> Running transaction check
—> Package PackageKit-command-not-found.x86_64 0:1.0.7-5.el7.centos will be erased
—> Package PackageKit-gtk3-module.x86_64 0:1.0.7-5.el7.centos will be erased
—> Package abrt-desktop.x86_64 0:2.1.11-36.el7.centos will be erased
—> Package at-spi2-atk.x86_64 0:2.8.1-4.el7 will be erased
–> Processing Dependency: libatk-bridge-2.0.so.0()(64bit) for package: gtk3-3.14.13-16.el7.x86_64
—> Package at-spi2-core.x86_64 0:2.8.0-6.el7 will be erased
–> Processing Dependency: at-spi2-core for package: pyatspi-2.8.0-3.el7.noarch

org-x11-drv-ati                                                    x86_64                           7.5.0-3.el7                                                @base                               444 k
xorg-x11-drv-dummy                                                  x86_64                           0.3.6-21.el7                                               @base                                20 k
xorg-x11-drv-evdev                                                  x86_64                           2.9.2-2.el7                                                @base                                69 k
xorg-x11-drv-fbdev                                                  x86_64                           0.4.3-20.el7                                               @base                                25 k
xorg-x11-drv-intel                                                  x86_64                           2.99.917-8.20150615.el7                                    @base                               1.9 M
xorg-x11-drv-nouveau                                                x86_64                           1:1.0.11-2.el7                                             @base                               217 k
xorg-x11-drv-qxl                                                    x86_64                           0.1.1-18.el7                                               @base                               179 k
xorg-x11-drv-synaptics                                              x86_64                           1.8.2-1.el7                                                @base                               131 k
xorg-x11-drv-v4l                                                    x86_64                           0.2.0-42.el7                                               @base                                24 k
xorg-x11-drv-vesa                                                   x86_64                           2.3.2-20.el7                                               @base                                29 k
xorg-x11-drv-vmmouse                                                x86_64                           13.0.0-11.el7                                              @base                                29 k
xorg-x11-drv-vmware                                                 x86_64                           13.0.2-7.20150211git8f0cf7c.el7                            @base                               164 k
xorg-x11-drv-void                                                   x86_64                           1.4.1-1.el7                                                @base                                15 k
xorg-x11-drv-wacom                                                  x86_64                           0.29.0-1.el7                                               @base                               957 k
yelp-libs                                                           x86_64                           1:3.14.2-1.el7                                             @base                               243 k
zenity                                                              x86_64                           3.8.0-5.el7                                                @base                               5.3 M

Transaction Summary
===========================================================================================================================================================================================================
Remove  98 Packages (+133 Dependent packages)

Installed size: 634 M
Is this ok [y/N]:

 

 

 

yum groupremove “multimedia” “internet-browser” “guest-agents” “guest-desktop-agents” “x11” “print-client” “dial-up”

December 21st, 2015 | Category: Linux, Linux Commands | Leave a comment

Remove Old Kernels on RHEL, CentOS, Fedora

Remove Old Kernels on RHEL, CentOS, Fedora
This is quick guide howto delete/remove/clean old kernels on Fedora, CentOS, Red Hat (RHEL). I use here two kernel as example, if you want to keep other more or less, then adjust amount of installed kernels as you wish. Normally reason why you maybe want remove kernels is limited disk space, example on VPS servers and laptop. This is very easy task, you need yum-utils package.
1. Check Installed Kernels
Shell

rpm -q kernel
kernel-2.6.32-279.el6.x86_64
kernel-2.6.32-279.2.1.el6.x86_64
kernel-2.6.32-279.5.2.el6.x86_64
kernel-2.6.32-279.9.1.el6.x86_64

rpm -q kernel
kernel-2.6.32-279.el6.x86_64
kernel-2.6.32-279.2.1.el6.x86_64
kernel-2.6.32-279.5.2.el6.x86_64
kernel-2.6.32-279.9.1.el6.x86_64

2. Delete / Remove Old Kernels
Shell

## Install yum utils ##
yum install yum-utils

## Package-cleanup set count as how many old kernels you want left ##
package-cleanup –oldkernels –count=2

## Install yum utils ##
yum install yum-utils

## Package-cleanup set count as how many old kernels you want left ##
package-cleanup –oldkernels –count=2

3. Make Amount of Installed Kernels Permanent
Edit /etc/yum.conf and set installonly_limit:
Shell

installonly_limit=2

installonly_limit=2

December 20th, 2015 | Category: Centos, Centos RHEL 7, Linux, Linux Commands | Leave a comment

xmlrpc.php attack on WordPress – High CPU usage

xmlrpc.php attack on WordPress – High CPU usage

Just noticed that incoming emails were being delayed by about 30 minutes, we host our emails on Google Apps, so that couldn’t have been the issue. Next step was to investigate the server where the DNS of our domain was being hosted. Turns out the server was under constant load (load average ~4) for the past couple of days.

Upon investigating what was causing the load I saw multiple threads using the xmlrpc.php file. There were about 20 odd threads consuming between 20% – 90% cpu. Searching online revealed that this was a distributed botnet attack trying to compromise the wordpress installation by exploiting that file.

To fix this I add the following to the global apache configuration via a pre include
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
For now the server load has gone down but upon manually hitting the file it turns out that the wordpress installation throws a 404 page.

This may still be a problem because the botnets would still be hitting that URL which in turn would still cause high cpu load.

I haven’t tested the following myself but this would be my next logical move. The following command redirects any hit to to the xmlrpc.php file to an invalid IP address thus taking the load off of our server.

RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]
One problem with the above solution is that you’ll have to add this to every properties .htaccess file individually, which is going to take time if you have 100+ wordpress installations on your server like I do.

December 19th, 2015 | Category: Linux, Linux Commands | Leave a comment

Disable / Hide PHP Notices & Warnings – Server wide

Disable / Hide PHP Notices & Warnings – Server wide

A client’s website was continuously getting PHP Notices regarding PHP session clean up issues. The solution turned out to be more complicated than initially thought, sessions need to be moved into RAM.

A quick solution for this is to disable PHP from displaying Notices

error_reporting = E_ALL & ~E_DEPRECATED & ~E_NOTICE & ~E_WARNING

Put the above in your php.ini at /etc/php.ini.

The above will disable deprecation messages, notices and warning messages.

December 19th, 2015 | Category: Linux, Linux Commands | Leave a comment
« Newer Entries  
  Older Entries »