How to View Colored Man Pages in Linux

In Unix-like operating systems, a man page (in full manual page) is a documentation for a terminal-based program/too/utility (commonly known as a command). It contains the name of the command, syntax for using it, a description, options available, author, copyright, related commands etc.

Read Also: ccat – Show ‘cat Command’ Output with Syntax Highlighting or Colorizing

You can read the manual page for a Linux command as follows; this will display the man page for the df command:

$ man df 
df Command Man Page

df Command Man Page

By default, the man program normally uses a terminal pager program such as more or less to format its output, and the default view is normally in white color for every kind of text (bold, underlined etc..).


You can make some tweaks to your ~/.bashrc file to get nicely colored man pages by specifying a color scheme using various LESS_TERMCAP variables.

$ vi ~/.bashrc

Add following color scheme variables.

export LESS_TERMCAP_mb=$'\e[1;32m'
export LESS_TERMCAP_md=$'\e[1;32m'
export LESS_TERMCAP_me=$'\e[0m'
export LESS_TERMCAP_se=$'\e[0m'
export LESS_TERMCAP_so=$'\e[01;33m'
export LESS_TERMCAP_ue=$'\e[0m'
export LESS_TERMCAP_us=$'\e[1;4;31m'

Following are the color codes that we used in the above configuration.

  • 31 – red
  • 32 – green
  • 33 – yellow

And here are the meanings of the escape codes used in the above configuration.

  • 0 – reset/normal
  • 1 – bold
  • 4 – underlined

You can additionally reset your terminal by typing reset or even start up another shell. Now when you try to view a man page df command, it should look like this, nicer than the default view.

Colored Man Page

Colored Man Page

Alternatively, you can use the MOST paging program, which works on Unix-like operating systems and supports multiple windows and can scroll left and right.

$ sudo apt install most #Debian/Ubuntu # yum install most #RHEL/CentOS
# dnf install most #Fedora 22+

Next, add the line below in your ~/.bashrc file, then source the file like before and possibly reset your terminal.

export PAGER="most"
Most Paging Program for Linux

Most Paging Program for Linux

Read Also: How to Customize Bash Colors and Content in Linux Terminal Prompt

In this article, we showed you how to display beautifully colored man pages in Linux. To send us any queries or share any useful Linux shell tips/tricks, use the comment section below.

ccat – Show ‘cat Command’ Output with Syntax Highlighting or Colorizing

ccat is command line similar to cat command in Linux that displays the content of a file with syntax highlighting for the following programming languages: Javascript, Java, Go, Ruby, C, Python and Json.

To install ccat utility in your Linux distribution, first assure that the wget utility is present in your system. If the wget command line is not installed in the system, issue the below command to install it:

# yum install wget [On CentOS/RHEL/Fedora]
# apt-get install wget [On Debian and Ubuntu]

In order to install the latest version of ccat command line via the latest compiled binaries, first download the compressed tarball by issuing the below command. The binary and source code releases archives can be found at the official ccat github webpage.

-------------- On 64-Bit -------------- # wget https://github.com/jingweno/ccat/releases/download/v1.1.0/linux-amd64-1.1.0.tar.gz -------------- On 32-Bit -------------- # wget https://github.com/jingweno/ccat/releases/download/v1.1.0/linux-386-1.1.0.tar.gz 

After archive download completes, list the current working directory to show the files, extract the ccat tarball (the linux-amd64-1.x.x Tarball file) and copy the ccat executable binary from the extracted tarball into a Linux executable system path, such as /usr/local/bin/ path, by issuing the below commands.

# ls
# tar xfz linux-amd64-1.1.0.tar.gz # ls linux-amd64-1.1.0
# cp linux-amd64-1.1.0/ccat /usr/local/bin/
# ls -al /usr/local/bin/
ccat Command Executable Files

ccat Command Executable Files


If for some reasons the ccat file from your executable system path has no executable bit set, issue the below command to set executable permissions for all system users.

# chmod +x /usr/local/bin/ccat

In order to test ccat utility capabilities against a system configuration file, issue the below commands. The content of the displayed files should be highlighted according to file programming language sytnax, as illustrated in the below command examples.

# ccat /etc/sysconfig/network-scripts/ifcfg-ens33 # ccat /etc/fstab 
ccat Command Usage

ccat Command Usage

In order to replace cat command with ccat command system wide, add a bash alias for ccat in system barshrc file, log out from the system and log in back again to apply the configuration.

-------------- On CentOS, RHEL & Fedora -------------- # echo "alias cat='/usr/local/bin/ccat'" >> /etc/bashrc # exit
-------------- On Debiab & Ubuntu -------------- # echo "alias cat='/usr/local/bin/ccat'" >> /etc/profile
# exit

Finally, run cat command against an arbitrary configuration file to test if ccat alias has replaced cat command, as shown in the below example. The output file syntax should be highlighted now.

# cat .bashrc
Replace cat Command with ccat

Replace cat Command with ccat

ccat utility can also be used to concatenate multiple files and display the output in HTML format, as illustrated in the below example.

# ccat --html /etc/fstab /etc/sysconfig/network-scripts/ifcfg-ens33> /var/www/html/ccat.html

However, you will need a web server installed in your system, such as Apache HTTP server or Nginx, to display the content of the HTML file, as illustrated in the below screenshot.

Display File Content in HTML

Display File Content in HTML

For other custom configurations and command options visit ccat official github page.

How to Run Multiple Websites with Different PHP Versions in Nginx

Sometimes PHP developers want to build and run different websites/applications using different versions of PHP on the same web server. As a Linux system administrator, you are required to setup a environment where you can run multiple websites using different PHP version on a single web server i.e. Nginx.

In this tutorial, we will explain you how to install multiple versions of PHP and configure the web server Nginx to work with them via the server blocks (virtual hosts in Apache) in CentOS/RHEL 7 distributions using LEMP stack.

Nginx uses PHP-FPM (stands for FastCGI Process Manager), which is an alternative PHP FastCGI implementation with some extra, useful features for heavily loaded websites.

Testing Environment Setup

  1. A CentOS 7 or RHEL 7 server with minimal installation.
  2. Nginx HTTP Server.
  3. PHP 7.1 (to be used as default version) and 5.6.
  4. MariaDB Database Server.
  5. Server IP address: 192.168.56.10.
  6. Websites: example1.com and example2.com.

Step 1: Installing and Enabling EPEL and Remi Repository

1. First start by installing and enabling the EPEL and Remi repository, which offers the latest versions of the PHP stack on CentOS/RHEL 7 distributions.

# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm


2. Next install the yum-utils package, which extends yum’s native functionalities and provides yum-config-manager command, which is used to enable or disable Yum repositories on the system.

# yum install yum-utils

Note: On RHEL 7 you can enable the optional channel for some dependencies using the following command.

# subscription-manager repos --enable=rhel-7-server-optional-rpms

Step 2: Installing Nginx Web Server

3. To install latest version of Nginx, we need to add the official Nginx repository, create a file named /etc/yum.repos.d/nginx.repo.

# vi /etc/yum.repos.d/nginx.repo

Add the following lines to file as per your distribution.

--------------- On CentOS 7 --------------- [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1 --------------- On RHEL 7 ---------------
[nginx] name=nginx repo baseurl=http://nginx.org/packages/rhel/7.x/$basearch/ gpgcheck=0 enabled=1 

4. Once nginx repo has been added, you can install Nginx using yum package manager tool as shown.

# yum install nginx

Step 3: Installing MariaDB Database Server

5. To install latest version of MariaDB, we need to add the official MariaDB repository, create a file named /etc/yum.repos.d/mariadb.repo.

# vi /etc/yum.repos.d/mariadb.repo

Add the following lines to file as per your distribution.

--------------- On CentOS 7 --------------- [mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
--------------- On RHEL 7 ---------------
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.2/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1 

6. Once MariaDB repo has been added, you can install MariaDB using yum package manager tool as shown.

# yum install MariaDB-client MariaDB-server

7. Afterwards, secure the database server installation using the script below. Set a root password and answer y and press [Enter] for the rest of the subsequent questions to disable remote root user login, remove anonymous-user accounts and test database which by default can be accessed by all users, even anonymous users.

# mysql_secure_installation

Read Also: 12 MySQL/MariaDB Security Best Practices for Linux

Step 4: Installing Multiple Versions of PHP

8. To install different versions of PHP for your projects, use yum-config-manager command to install multiple versions of PHP along with most required modules as shown.

Install PHP 7.1 Version

# yum-config-manager --enable remi-php71 [Default]
# yum install php php-common php-fpm
# yum install php-mysql php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml php-pecl-apc php-cli php-pear php-pdo

Install PHP 5.6 Version

# yum install php56 php56-php-common php56-php-fpm
# yum install php56-php-mysql php56-php-pecl-memcache php56-php-pecl-memcached php56-php-gd php56-php-mbstring php56-php-mcrypt php56-php-xml php56-php-pecl-apc php56-php-cli php56-php-pear php56-php-pdo

9. Once installed PHP, you can use following command to check the default version of PHP used on your server.

# php -v
Check Default PHP Version

Check Default PHP Version

Step 5: Configuring PHP-FPM and PHP56-PHP-FPM

10. This is the most interesting part of this tutorial, it explains how you can actually run multiple PHP versions on your server. Here, you will configure the different versions of php-fpm that Nginx will work with. You should define the user/group of the FastCGI processes as well as the ports they will listen on.

These are the following two configuration files that you will going to edit.

  • php-fpm (default 7.1) – /etc/php-fpm.d/www.conf
  • php56-php-fpm – /opt/remi/php56/root/etc/php-fpm.d/www.conf

Open the files above, set the user/group of FastCGI processes.

# vi /etc/php-fpm.d/www.conf [PHP 7.1]
# vi /opt/remi/php56/root/etc/php-fpm.d/www.conf [PHP 5.6] 

The default values should be apache, change them to nginx as shown.

user = nginx
group = nginx

11. Next, find the listen parameters, and define the address:port on which FastCGI requests will be received.

listen = 127.0.0.1:9000 [php-fpm]
listen = 127.0.0.1:9001 [php56-php-fpm]

12. Once all the above configuration done, you need to start and enable Nginx, MariaDB and PHP-FPM to auto-start at system boot.

# systemctl enable nginx # systemctl start nginx # systemctl enable mariadb # systemctl start mariadb ---------------- PHP 7.1 ---------------- # systemctl enable php-fpm # systemctl start php-fpm ---------------- PHP 5.6 ----------------
# systemctl enable php56-fpm # systemctl start php56-php-fpm 

Attention: In case you get any errors while starting the second instance of PHP, php56-php-fpm, a SELinux policy could be blocking it from starting. If SELinux is in enforcing mode, set it to permissive mode, then try starting the service once again.

# getenforce
# setenforce 0 

Step 6: Setup Websites with Permissions

13. At this point, you can now create the necessary directories for your websites under /var/www/html/. You also need to create directories to store logs as follows:

---------------- Website 1 ----------------
# mkdir -p /var/www/html/example1.com/ # mkdir -p /var/www/html/example2.com/ ---------------- Website 2 ----------------
# mkdir -p /var/log/nginx/example1.com/ # mkdir -p /var/log/nginx/example2.com/ 

14. Set the appropriate ownership permissions on all the directories.

---------------- Website 1 ----------------
# chown -R root:nginx /var/www/html/example1.com/ # chmod -R 755 /var/www/html/example1.com/ # chown -R root:nginx /var/log/nginx/example1.com/
# chmod -R 660 /var/log/nginx/example1.com/ ---------------- Website 2 ----------------
# chown -R root:nginx /var/www/html/example2.com/ # chmod -R 755 /var/www/html/example2.com/
# chown -R root:nginx /var/log/nginx/example2.com/ # chmod -R 660 /var/log/nginx/example2.com/

Step 7: Setup Nginx Server Blocks for Websites

15. Now configure how Nginx will process requests to your websites using the server block configuration files which should be located in /etc/nginx/conf.d/.

Create the configuration files for your websites ending with .conf extension.

# vi /etc/nginx/conf.d/example1.com.conf
# vi /etc/nginx/conf.d/example2.com.conf

Then paste the following server block configurations in the respective files.

Website 1

Configuration for example1.com

server {
listen 80;
server_name example1.com www.example1.com;
root /var/www/html/example1.com/;
index index.php index.html index.htm;
#charset koi8-r;
access_log /var/log/nginx/example1.com/example1_access_log;
error_log /var/log/nginx/example1.com/example1_error_log error;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /var/www/html/example1.com/;
fastcgi_pass 127.0.0.1:9000; #set port for php-fpm to listen on
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include /etc/nginx/fastcgi_params;
}
}

Website 2

Configuration for example2.com

server {
listen 80;
server_name example2.com www.example2.com;
root /var/www/html/example2.com/;
index index.php index.html index.htm;
#charset koi8-r;
access_log /var/log/nginx/example2.com/example2_access_log;
error_log /var/log/nginx/example2.com/example2_error_log error;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$ {
root /var/www/html/example2.com/;
fastcgi_pass 127.0.0.1:9001; #set port for php56-php-fpm to listen on
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include /etc/nginx/fastcgi_params;
}
}

16. Make sure that you have the following line in the closing part of the http block in /etc/nginx/nginx.conf. It helps to include all configuration files inside the /etc/nginx/conf.d/ directory when Nginx is running.

include /etc/nginx/conf.d/*.conf;

Step 8: Testing Different PHP Versions

17. Finally, you need to test that your server is using the two versions of PHP. You can create a very basic info.php script in the document root directories of your websites as shown.

# echo "<?php phpinfo(); ?>" > /var/www/html/example1.com/info.php
# echo "<?php phpinfo(); ?>" > /var/www/html/example2.com/info.php

18. To apply all the changes you have made above, you need to restart Nginx, php-fpm and php56-php-fpm. But you can first of all check that the Nginx configuration files for any syntax errors before doing so.

# nginx -t # systemctl restart nginx php-fpm php56-php-fpm
Verify Nginx Configuration

Verify Nginx Configuration

19. There is one other last thing to do, especially if you are running your server locally, you need to setup local DNS using /etc/hosts file as shown in the screen shot below.

192.168.56.10 example1.com example1
192.168.56.10 example2.com example2
Add Websites to-Hosts File

Add Websites to-Hosts File

20. Finally, open a web browser and type the following addresses to verify the versions of PHP installed on the system.

http://example1.com/index.php
http://example2.com/index.php
Check PHP 7.1 Version

Check PHP 7.1 Version

Check PHP 5.6 Version

Check PHP 5.6 Version

That’s It! Now you can deploy files and test websites with different PHP versions. If you have any additions to make or questions to put forward, make use of the comment form below.

How to Find a Specific String or Word in Files and Directories

Do you want to find all files that contain a particular word or string of text on your entire Linux system or a given directory. This article will guide you on how to do that, you will learn how to recursively dig through directories to find and list all files that contain a given string of text.

A simple way to work this out is by using grep pattern searching tool, is a powerful, efficient, reliable and most popular command-line utility for finding patterns and words from files or directories on Unix-like systems.

Read Also: 11 Advanced Linux ‘Grep’ Commands on Character Classes and Bracket Expressions

The command below will list all files containing a line with the text “check_root”, by recursively and aggressively searching the ~/bin directory.

$ grep -Rw ~/bin/ -e 'check_root'
Find a Word in Directory

Find a Word in Directory


Where the -R option tells grep to read all files under each directory, recursively, following symbolic links only if they are on the command line and option -w instructs it to select only those lines containing matches that form whole words, and -e is used to specify the string (pattern) to be searched.

You should use the sudo command when searching certain directories or files that require root permissions (unless you are managing your system with the root account).

 $ sudo grep -Rw / -e 'check_root' 

To ignore case distinctions employ the -i option as shown:

$ grep -Riw ~/bin/ -e 'check_root'

If you want to know the exact line where the string of text exist, include the -n option.

$ grep -Rinw ~/bin/ -e 'check_root'
Find String with Line Number

Find String with Line Number

Assuming there are several types of files in a directory you wish to search in, you can also specify the type of files to be searched for instance, by their extension using the --include option.

This example instructs grep to only look through all .sh files.

$ grep -Rnw --include=\*.sh ~/bin/ -e 'check_root'

In addition, it is possible to search for more than one pattern, using the following command.

$ grep -Rinw ~/bin/ -e 'check_root' -e 'netstat'
Find Multiple Words in Files

Find Multiple Words in Files

That’s It! If you know any other command-line trick to find string or word in files, do share with us or ask any questions regarding this topic, use the comment form below.

Testssl.sh – Testing TLS/SSL Encryption Anywhere on Any Port

testssl.sh is a free and open source, feature-rich command line tool used for checking TLS/SSL encryption enabled services for supported ciphers, protocols and some cryptographic flaws, on Linux/BSD servers. It can be run on MacOS X and Windows using MSYS2 or Cygwin.

Features of Testssl.sh

  • Easy to install and use; produces clear output.
  • Highly flexible, it can be used to check any SSL/TLS enabled and STARTTLS services.
  • Perform a general check or single checks.
  • Comes with several command line options for various categories of single checks.
  • Supports different output types, including colored output.
  • Supports SSL Session ID check.
  • Supports checking for multiple server certificates.
  • Offers absolute privacy, it’s only you who can sees the result, not a third party.
  • Supports logging in (flat) JSON + CSV format.
  • Supports mass testing in serial (default) or parallel modes.
  • Supports presetting of command line options via environment variables, and so much more.

Important: You should be using bash (which comes preinstalled on almost Linux distributions) and a newer OpenSSL version (1.0) is recommended for effective usage.

How to Install and Use Testssl.sh in Linux

You can install testssl.sh by cloning this git repository as shown.

# git clone --depth 1 https://github.com/drwetter/testssl.sh.git
# cd testssl.sh

After cloning testssl.sh, the general use case is probably just run the following command to run a test against a website.

# ./testssl.sh https://www.google.com/
Test SSL TLS Encryption

Test SSL TLS Encryption


To run a check against STARTTLS enabled protocols: ftp, smtp, pop3, imap, xmpp, telnet, ldap, postgres, mysql, use the -t option.

# ./testssl.sh -t smtp https://www.google.com/

By default, all mass tests are done in serial mode, you can enable parallel testing using the --parallel flag.

# ./testssl.sh --parallel https://www.google.com/

If you do not want to use the default system openssl program, use the –openssl flag to specify an alternative.

# ./testssl.sh --parallel --sneaky --openssl /path/to/your/openssl https://www.google.com/

You might want to keep logs for later analysis, testssl.sh has the --log (store log file in the current directory) or --logfile (specify log file location) option for that.

# ./testssl.sh --parallel --sneaky --logging https://www.google.com/

To disable DNS lookup, which can increase test speeds, use the -n flag.

# ./testssl.sh -n --parallel --sneaky --logging https://www.google.com/

Run Single Checks Using testssl.sh

You can also run single checks for protocols, server defaults, server preferences, headers, various types of vulnerabilities plus many other tests. There are a number of options provided for this.

For example, the -e flag enables you to check each local cipher remotely. If you want to make the test much faster, use include the --fast flag; this will omit some checks, in case you are using openssl for all ciphers, it only displays the first proffered cipher.

# ./testssl.sh -e --fast --parallel https://www.google.com/

The -p option allows for testing TLS/SSL protocols (including SPDY/HTTP2).

# ./testssl.sh -p --parallel --sneaky https://www.google.com/

You can view the server’s default picks and certificate using the -S option.

# ./testssl.sh -S https://www.google.com/

Next, to see the server’s preferred protocol+cipher, use the -P flag.

# ./testssl.sh -P https://www.google.com/

The -U option will help you test all vulnerabilities (if applicable).

# ./testssl.sh -U --sneaky https://www.google.com/

Unfortunately, we can not exploit all the options here, use the the command below to see a list of all options.

# ./testssl.sh --help

Find more at testssl.sh Github repository: https://github.com/drwetter/testssl.sh

Conclusion

testssl.sh is a useful security tool that every Linux system administrator needs to have and use for testing TSL/SSL enabled services. If you have any questions or thoughts to share, use the comment form below. In addition, you can also share with us any similar tools, that you have come across out there.

How to Run Multiple Commands on Multiple Linux Servers

If you are managing multiple Linux servers, and you want to run multiple commands on all the Linux servers, but you have no idea about how to do it. There is no need to worry, in this simple server management guide, we will show you how to run multiple commands on multiple Linux servers simultaneously.

To achieve, this you can use the pssh (parallel ssh) program, a command line utility for executing ssh in parallel on a number of hosts. With it, you can send input to all of the ssh processes, from a shell script.

Requirements

  1. Install Pssh to Run Commands on Multiple Remote Linux Servers
  2. You must be using SSH passwordless authentication for all remote servers.

Create a Shell Script

Therefore, you need to start by preparing a script which contains the Linux commands you want to execute on the different servers. In this example, we will write a script that will collect the following information from multiple servers:

  • Check uptime of servers
  • Check who is logged on and what they are doing
  • List top 5 running processes according to memory usage.

First create a script called commands.sh with your favorite editor.

# vi commands.sh


Next, add the following commands to the script as shown.

#!/bin/bash ###############################################################################
#Script Name : commands.sh #Description : execute multiple commands on multiple servers #Author : Aaron Kili Kisinga #Email : [email protected] ################################################################################
echo
# show system uptime
uptime
echo
# show who is logged on and what they are doing
who
echo
# show top 5 processe by RAM usage ps -eo cmd,pid,ppid,%mem,%cpu --sort=-%mem | head -n 6
exit 0

Save the file and close it. Then make the script executable as shown.

# chmod +x commands.sh

Create PSSH Hosts File

Next, add the list of servers that you want to run the commands on, in a hosts.txt file, in the format [[email protected]]host[:port] or simply give the server IP addresses.

But we suggest you use ssh aliases which can be specified in .ssh/config file as explained in how to configure custom ssh connections to simplify remote access.

This method is more efficient and reliable, it allows you to specify configuration options (such as host name, identify file, port, username etc..) for each remote server.

Following is our sample ssh hosts aliases file a.k.a user specific ssh configuration file.

# vi ~/.ssh/config
SSH Hosts Aliases File

SSH Hosts Aliases File

Next, create a hosts.txt file, here you can simply specify the aliases (names defined using Host keyword in .ssh/config file) as shown.

# vi hosts.txt 

Add the server aliases.

server1
server2
server3

Run Commands via a Script on Multiple Linux Servers

Now run the following pssh command by specifying hosts.txt file along with the script that contains multiple commands to run on multiple remote servers.

# pssh -h hosts.txt -P -I<./commands.sh

Meaning of the flags used in the above command:

  • -h – reads the hosts file.
  • -P – tells pssh to display output as it arrives.
  • -I – reads input and sends to each ssh process.
Run Multiple Commands On Remote Servers

Run Multiple Commands On Remote Servers

That’s It! In this article, we showed how to execute multiple commands on multiple servers in Linux. You can share any thoughts relating to this topic via the comment section below.

Learn Ethical Hacking with Ultimate White Hat Hacker 2018 Bundle

‘,
enableHover: false,
enableTracking: true,
buttons: { twitter: {via: ‘tecmint’}},
click: function(api, options){
api.simulateClick();
api.openPopup(‘twitter’);
}
});
jQuery(‘#facebook’).sharrre({
share: {
facebook: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
click: function(api, options){
api.simulateClick();
api.openPopup(‘facebook’);
}
});
jQuery(‘#googleplus’).sharrre({
share: {
googlePlus: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
urlCurl: ‘https://www.tecmint.com/wp-content/themes/tecmint/js/sharrre.php’,
click: function(api, options){
api.simulateClick();
api.openPopup(‘googlePlus’);
}
});
jQuery(‘#linkedin’).sharrre({
share: {
linkedin: true
},
template: ‘{total}’,
enableHover: false,
enableTracking: true,
buttons: {
linkedin: {
description: ‘Learn Ethical Hacking with Ultimate White Hat Hacker 2018 Bundle’,media: ‘https://www.tecmint.com/wp-content/uploads/2017/12/Learn-White-Hat-Hacking.png’ }
},
click: function(api, options){
api.simulateClick();
api.openPopup(‘linkedin’);
}
});
// Scrollable sharrre bar, contributed by Erik Frye. Awesome!
var shareContainer = jQuery(“.sharrre-container”),
header = jQuery(‘#header’),
postEntry = jQuery(‘.entry’),
$window = jQuery(window),
distanceFromTop = 20,
startSharePosition = shareContainer.offset(),
contentBottom = postEntry.offset().top + postEntry.outerHeight(),
topOfTemplate = header.offset().top;
getTopSpacing();
shareScroll = function(){
if($window.width() > 719){ var scrollTop = $window.scrollTop() + topOfTemplate,
stopLocation = contentBottom – (shareContainer.outerHeight() + topSpacing);
if(scrollTop > stopLocation){
shareContainer.offset({top: contentBottom – shareContainer.outerHeight(),left: startSharePosition.left});
}
else if(scrollTop >= postEntry.offset().top-topSpacing){
shareContainer.offset({top: scrollTop + topSpacing, left: startSharePosition.left});
}else if(scrollTop 1024)
topSpacing = distanceFromTop + jQuery(‘.nav-wrap’).outerHeight();
else
topSpacing = distanceFromTop;
}
});
]]>

How to Install X-Cart Shopping Cart in Linux

X-Cart is a commercial open source e-commerce CMS platform written in PHP used for creating online stores for businesses and sell products.

In this topic we’ll learn how to install X-Cart e-commerce platform in Debian 9, Ubuntu 16.04 or CentOS 7, in order to create a business online shopping store.

Requirements

  1. LAMP stack installed in CentOS 7
  2. LAMP stack installed in Ubuntu
  3. LAMP stack installed in Debian

Step 1: Initial Configurations for X-Cart Installation

1. On the first step, install unzip utility in your system by issuing the following command.

# yum install unzip zip [On CentOS/RHEL]
# apt install zip unzip [On Debian/Ubuntu]

2. X-Cart is a web based e-commerce platform which is deployed on top of LAMP stack in Linux. In order to install X-Cart in your system, first install all required application’s PHP modules in your LAMP stack by issuing the following command.

------------------ On CentOS/RHEL ------------------ # yum install epel-release
# yum install php-mbstring php-curl php-gd php-xml
------------------ On Debian/Ubuntu ------------------
# apt install php7.0-mbstring php7.0-curl php7.0-gd php7.0-xm


3. Next, update the following PHP variables from default configuration file and setup the PHP timezone to match your system geographical location. The list of time zones provided by PHP can be found at official PHP timezones page.

Edit PHP configuration file by issuing the below commands according to your own distribution.

# vi /etc/php.ini [On CentOS/RHEL]
# nano /etc/php/7.0/apache2/php.ini [On Debian/Ubuntu]

Update the following variables in php.ini configuration file.

file_uploads = On
allow_url_fopen = On
memory_limit = 128 M
upload_max_file_size = 64M
date.timezone = Europe/Bucharest

4. Save and close PHP configuration file and restart Apache daemon to reflect changes by issuing the following command.

# systemctl restart httpd [On CentOS/RHEL]
# systemctl restart apache2 [On Debian/Ubuntu]

5. Next, log in to MariaDB/MySQL database console and create X-Cart application database with the proper credentials, by issuing the following commands.

Replace the database name, user and password with your own values.

# mysql -u root -p
MariaDB [(none)]> create database xcart;
MariaDB [(none)]> grant all privileges on xcart.* to 'xcartuser'@'localhost' identified by 'your_password';
MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit

Step 2: Install X-Cart in CentOS, Debian and Ubuntu

6. To install X-Cart, first go to X-Cart download page from a Desktop machine download the latest zip package by filling the required web form from their website.

Then, copy the downloaded zip file to the server /tmp directory via scp command or sftp protocols, as illustrated in the below examples.

# scp x-cart-5.3.3.4-gb.zip [email protected]_server_IP:/tmp [Using SCP]
# sftp://[email protected]_server_IP:/tmp [Using sFTP] 

7. After you’ve copied the X-Cart zip archive to server /tmp directory, go back to server terminal and extract the archive by issuing the below command.

# cd /tmp
# unzip x-cart-5.3.3.4-gb.zip

8. Then, create a directory named shop in /vaw/www/html/ path and copy the content of xcart directory to web server document root path to shop directory, by issuing the following command. Also, copy the hidden file .htaccess to webroot /shop directory path.

# mkdir /vaw/www/html/shop
# cp -rf xcart/* /var/www/html/shop/
# cp xcart/.htaccess /var/www/html/shop/

9. Next, make sure all files from webroot path /shop directory are owned by Apache user. Issue ls command to list /var/www/html/shop/ directory permissions.

# chown -R apache:apache /var/www/html/shop [On CentOS/RHEL]
# chown -R www-data:www-data /var/www/html/shop [On Debian/Ubuntu]
# ls -al /var/www/html/shop

10. Next, go to your server IP address via HTTP protocol to /shop URL and hit on Click here link in order to start the installation process.

http://your_domain.tld/shop/
Install X-Cart Shopping Store

Install X-Cart Shopping Store

11. Next, check I accept the License Agreement and the Privacy policy and hit on Next button to accept the license and move to the next installation screen.

Accept X-Cart License Agreement

Accept X-Cart License Agreement

12. On the next screen add your email address and setup a password for admin account and hit the Next button to continue the installation process.

Create X-Cart Admin Account

Create X-Cart Admin Account

13. Next, add X-Cart MySQL database name and credentials created earlier, check Install a sample catalog and hit on Next button to continue.

Configure X-Cart Database Settings

Configure X-Cart Database Settings

14. Wait for the installation process to complete and you will see two links for accessing X-Cart Administration zone (backoffice) panel and X-cart frontend (Customer zone) of your store, as illustrated in the below image.

X-Cart Installation Completed

X-Cart Installation Completed

15. Visit your X-cart store frontend, by hitting on Customer zone link. You can also visit the store frontend by navigating to your server IP address or domain name to /shop URL as shown in the below example.

http://yourdomain.tld/shop
X-Cart Shopping Store

X-Cart Shopping Store

16. Next, go back to server console and secure your X-Cart backed admin panel, by issuing the below commands:

# chown -R root /var/www/html/shop/etc/
# chown root /var/www/html/shop/config.php

17. Finally, access X-Cart backed panel by hitting on Administrator zone (Backoffice) link or by navigating to your server IP address or domain name via HTTP protocol to /shop/admin.php URL, as shown in the below example.

http://your_domain.tld/stop/admin.php
X-Cart Admin Login

X-Cart Admin Login

18. After logging in to X-Cart backed admin panel with the credentials configured during the installation process you should activate your X-Cart edition and start managing your online store.

X-Cart Admin Dashboard

X-Cart Admin Dashboard

Congratulations! You have successfully installed and configured X-Cart e-commerce platform in your server.

12 MySQL/MariaDB Security Best Practices for Linux

MySQL is the world’s most popular open source database system and MariaDB (a fork of MySQL) is the world’s fastest growing open source database system. After installing MySQL server, it is insecure in it’s default configuration, and securing it is one of the essential tasks in general database management.

Read Also: Learn MySQL/MariaDB for Beginners – Part 1

This will contribute to hardening and boosting of overall Linux server security, as attackers always scan vulnerabilities in any part of a system, and databases have in the past been key target areas. A common example is the brute-forcing of the root password for the MySQL database.

In this guide, we will explain useful MySQL/MariaDB security best practice for Linux.

1. Secure MySQL Installation


This is the first recommended step after installing MySQL server, towards securing the database server. This script facilitates in improving the security of your MySQL server by asking you to:

  • set a password for the root account, if you didn’t set it during installation.
  • disable remote root user login by removing root accounts that are accessible from outside the local host.
  • remove anonymous-user accounts and test database which by default can be accessed by all users, even anonymous users.
# mysql_secure_installation

After running it, set the root password and answer the series of questions by entering [Yes/Y] and press [Enter].

Secure MySQL Installation

Secure MySQL Installation

2. Bind Database Server To Loopback Address

This configuration will restrict access from remote machines, it tells the MySQL server to only accept connections from within the localhost. You can set it in main configuration file.

# vi /etc/my.cnf [RHEL/CentOS] # vi /etc/mysql/my.conf [Debian/Ubuntu] OR
# vi /etc/mysql/mysql.conf.d/mysqld.cnf [Debian/Ubuntu] 

Add the following line below under [mysqld] section.

bind-address = 127.0.0.1

3. Disable LOCAL INFILE in MySQL

As part of security hardening, you need to disable local_infile to prevent access to the underlying filesystem from within MySQL using the following directive under [mysqld] section.

local-infile=0

4. Change MYSQL Default Port

The Port variable sets the MySQL port number that will be used to listen on TCP/ IP connections. The default port number is 3306 but you can change it under the [mysqld] section as shown.

Port=5000

5. Enable MySQL Logging

Logs are one of the best ways to understand what happens on a server, in case of any attacks, you can easily see any intrusion-related activities from log files. You can enable MySQL logging by adding the following variable under the [mysqld] section.

log=/var/log/mysql.log

6. Set Appropriate Permission on MySQL Files

Ensure that you have appropriate permissions set for all mysql server files and data directories. The /etc/my.conf file should only be writeable to root. This blocks other users from changing database server configurations.

# chmod 644 /etc/my.cnf

7. Delete MySQL Shell History

All commands you execute on MySQL shell are stored by the mysql client in a history file: ~/.mysql_history. This can be dangerous, because for any user accounts that you will create, all usernames and passwords typed on the shell will recorded in the history file.

# cat /dev/null > ~/.mysql_history

8. Don’t Run MySQL Commands from Commandline

As you already know, all commands you type on the terminal are stored in a history file, depending on the shell you are using (for example ~/.bash_history for bash). An attacker who manages to gain access to this history file can easily see any passwords recorded there.

It is strongly not recommended to type passwords on the command line, something like this:

# mysql -u root -ppassword_
Connect MySQL with Password

Connect MySQL with Password

When you check the last section of the command history file, you will see the password typed above.

# history 
Check Command History

Check Command History

The appropriate way to connect MySQL is.

# mysql -u root -p
Enter password:

9. Define Application-Specific Database Users

For each application running on the server, only give access to a user who is in charge of a database for a given application. For example, if you have a wordpress site, create a specific user for the wordpress site database as follows.

# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE osclass_db;
MariaDB [(none)]> CREATE USER 'osclassdmin'@'localhost' IDENTIFIED BY '[email protected]%!2';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON osclass_db.* TO 'osclassdmin'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit

and remember to always remove user accounts that are no longer managing any application database on the server.

10. Use Additional Security Plugins and Libraries

MySQL includes a number of security plugins for: authenticating attempts by clients to connect to mysql server, password-validation and securing storage for sensitive information, which are all available in the free version.

You can find more here: https://dev.mysql.com/doc/refman/5.7/en/security-plugins.html

11. Change MySQL Passwords Regularly

This is a common piece of information/application/system security advice. How often you do this will entirely depend on your internal security policy. However, it can prevent “snoopers” who might have been tracking your activity over an long period of time, from gaining access to your mysql server.

MariaDB [(none)]> USE mysql;
MariaDB [(none)]> UPDATE user SET password=PASSWORD('YourPasswordHere') WHERE User='root' AND Host = 'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;

12. Update MySQL Server Package Regularly

It is highly recommended to upgrade mysql/mariadb packages regularly to keep up with security updates and bug fixes, from the vendor’s repository. Normally packages in default operating system repositories are outdated.

# yum update
# apt update

After making any changes to the mysql/mariadb server, always restart the service.

# systemctl restart mariadb #RHEL/CentOS
# systemctl restart mysql #Debian/Ubuntu

Read Also: 15 Useful MySQL/MariaDB Performance Tuning and Optimization Tips

That’s all! We love to hear from you via the comment form below. Do share with us any MySQL/MariaDB security tips missing in the above list.

How to Check Integrity of File and Directory Using “AIDE” in Linux

In our mega guide to hardening and securing CentOS 7, under the section “protect system internally”, one of the useful security tools we listed for internal system protection against viruses, rootkits, malware, and detection of unauthorized activities is AIDE.

AIDE (Advanced Intrusion Detection Environment) is a small yet powerful, free open source intrusion detection tool, that uses predefined rules to check file and directory integrity in Unix-like operating systems such as Linux. It is an independent static binary for simplified client/server monitoring configurations.

It is feature-rich: uses plain text configuration files and database making it easy to use; supports several message digest algorithms such as but not limited to md5, sha1, rmd160, tiger; supports common file attributes; also supports powerful regular expressions to selectively include or exclude files and directories to be scanned.

Also it can be compiled with exceptional support for Gzip compression, Posix ACL, SELinux, XAttrs and Extended file system attributes.


Aide works by creating a database (which is simply a snapshot of selected parts of the file system), from the regular expression rules defined in the configuration file(s). Once this database is initialized, you can verify the integrity of the system files against it. This guide will show how to install and use aide in Linux.

How to Install AIDE in Linux

Aide is packaged in official repositories of mainstream Linux distributions, to install it run the command for your distribution using a package manager.

# apt install aide [On Debian/Ubuntu]
# yum install aide [On RHEL/CentOS] # dnf install aide [On Fedora 22+]
# zypper install aide [On openSUSE]
# emerge aide [On Gentoo]

After installing it, the main configuration file is /etc/aide.conf. To view the installed version as well as compile time parameters, run the command below on your terminal:

# aide -v
Sample Output
Aide 0.14
Compiled with the following options:
WITH_MMAP
WITH_POSIX_ACL
WITH_SELINUX
WITH_PRELINK
WITH_XATTR
WITH_LSTAT64
WITH_READDIR64
WITH_ZLIB
WITH_GCRYPT
WITH_AUDIT
CONFIG_FILE = "/etc/aide.conf"

You can open the configuration using your favorite editor.

# vi /etc/aide.conf

It has directives that define the database location, report location, default rules, the directories/files to be included in the database.

Understanding Default Aide Rules

AIDE Default Rules

AIDE Default Rules

Using the above default rules, you can define new custom rules in the aide.conf file for example.

PERMS = p+u+g+acl+selinux+xattrs

The PERMS rule is used for access control only, it will detect any changes to file or directories based on file/directory permissions, user, group, access control permissions, SELinux context and file attributes.

This will only check file content and file type.

CONTENT = sha256+ftype

This is an extended version of the previous rule, it checks extended content, file type and access.

CONTENT_EX = sha256+ftype+p+u+g+n+acl+selinux+xattrs

The DATAONLY rule below will help detect any changes in data inside all files/directory.

DATAONLY = p+n+u+g+s+acl+selinux+xattrs+sha256
Configure Aide Rules

Configure Aide Rules

Defining Rules to Watch Files and Directories

Once you have defined rules, you can specify the file and directories to watch. Considering the PERMS rule above, this definition will check permissions for all files in root directory.

/root/\..* PERMS

This will check all files in the /root directory for any changes.

/root/ CONTENT_EX

To help you detect any changes in data inside all files/directory under /etc/, use this.

/etc/ DATAONLY 
Configure Aide Rules for Filesystem

Configure Aide Rules for Filesystem

Using AIDE to Check File and Directory Integrity in Linux

Start by constructing a database against the checks that will be performed using --init flag. This is expected to be done before your system is connected to a network.

The command below will create a database that contains all of the files that you selected in your configuration file.

# aide --init
Initialize Aide Database

Initialize Aide Database

Then rename the database to /var/lib/aide/aide.db.gz before proceeding, using this command.

# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

It is recommended to move the database to a secure location possibly in a read-only media or on another machines, but ensure that you update the configuration file to read it from there.

After the database is created, you can now check the integrity of the files and directories using the --check flag.

# aide --check

It will read the snapshot in the database and compares it to the files/directories found you system disk. If it finds changes in places that you might not expect, it generates a report which you can then review.

Run File Integrity Check

Run File Integrity Check

Since no changes have been made to the file system, you will only get an output similar to the one above. Now try to create some files in the file system, in areas defined in the configuration file.

# vi /etc/script.sh
# touch all.txt

Then run a check once more, which should report the files added above. The output of this command depends on the parts of the file system you configured for checking, it can be lengthy overtime.

# aide --check
Check File System Changes

Check File System Changes

You need to run aide checks regularly, and in case of any changes to already selected files or addition of new file definitions in the configuration file, always update the database using the --update option:

# aide --update

After running a database update, to use the new database for future scans, always rename it to /var/lib/aide/aide.db.gz:

# mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz

That’s all for now! But take note of these important points:

  • One characteristic of most intrusion detection systems AIDE inclusive, is that they will not provide solutions to most security loop holes on a system. They however, assist in easing the the intrusion response process by helping system administrators examine any changes to system files/directories. So you should always be vigilant and keep updating your current security measures.
  • It it highly recommended to keep the newly created database, the configuration file and the AIDE binary in a secure location such as read-only media (possible if you install from source).
  • For additional security, consider signing the configuration and/or database.

For additional information and configurations, see its man page or check out the AIDE Homepage: http://aide.sourceforge.net/