How to Change Apache Server Name to Anything in Server Headers

In one of our several articles relating to Apache server security and hardening tips, we explained how to hide Apache version number and other sensitive information.

We discussed how to keep away valuable information such as the web server version number, server operating system details, installed Apache modules and so much more, from being sent along in server-generated documents back to the client (possibly attackers).

In this article, we will show you yet another useful Apache security tip – changing HTTP web server name to anything else in server header.

What do we actually mean here? Take a look at the screen shot below, it shows a listing of directories in our web server document root, beneath that, you can see the server signature (web server name, version, operating system, ip address and port).

Apache Directory Listing

Apache Directory Listing


Most times, hackers use known vulnerabilities in web server software to attack your websites or web apps, therefore changing the name of your web server makes it difficult for them to know the type of server running on your system. The point is to change the name “Apache” to something else.

This can be achieved by installing Apache mod_security module.

-------- On Debian/Ubuntu -------- $ sudo apt install libapache2-mod-security2
$ sudo a2enmod security2
-------- On CentOS/RHEL and Fedora --------
# yum install mod_security
# dnf install mod_security

Then open the Apache configuration file.

$ sudo vi /etc/apache2/apache2.conf #Debian/Ubuntu # vi /etc/httpd/conf/httpd.conf #RHEL/CentOS/Fedora

Now change or add these lines below (make sure to change TecMint_Web to any other thing you want to appear to clients).

ServerTokens Full
SecServerSignature “Tecmint_Web”

Finally restart the web server.

$ sudo systemctl restart apache2 #Debian/Ubuntu # systemctl restart httpd #RHEL/CentOS/Fedora

Now verify the page again using curl command or accessing from the browser to see the web server name has changed from Apache to Tecmint_Web.

$ curl -I -L http://domain-or-ipaddress

Apache Listing of Directory

Apache Listing of Directory

Thats It! Do check out following articles related to Apache web server.

  1. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security
  2. How to Find MySQL, PHP and Apache Configuration Files
  3. How to Change Default Apache ‘DocumentRoot’ Directory in Linux
  4. How to Check Which Apache Modules are Enabled/Loaded in Linux
  5. 13 Apache Web Server Security and Hardening Tips

In this article, we showed how to change HTTP web server name to anything else in server header in Linux. Use the feedback form below to add you thoughts about this topic.

Manage Log Messages Under Systemd Using Journalctl [Comprehensive Guide]

Systemd is a cutting-edge system and service manager for Linux systems: an init daemon replacement intended to start processes in parallel at system boot. It is now supported in a number of current mainstream distribution including Fedora, Debian, Ubuntu, OpenSuSE, Arch, RHEL, CentOS, etc.

Earlier on, we explained the story behind ‘init’ and ‘systemd’; where we discussed what the two daemons are, why ‘init’ technically needed to be replaced with ‘systemd’ as well as the main features of systemd.

One of the main advantages of systemd over other common init systems is, support for centralized management of system and processes logging using a journal. In this article, we will learn how to manage and view log messages under systemd using journalctl command in Linux.

Important: Before moving further in this guide, you may want to learn how to manage ‘Systemd’ services and units using ‘Systemctl’ command, and also create and run new service units in systemd using shell scripts in Linux. However, if you are okay with all the above, continue reading through.

Configuring Journald for Collecting Log Messages Under Systemd


journald is a daemon which gathers and writes journal entries from the entire system; these are essentially boot messages, messages from kernel and from syslog or various applications and it stores all the messages in a central location – journal file.

You can control the behavior of journald via its default configuration file: /etc/systemd/journald.conf which is generated at compile time. This file contains options whose values you may change to suite your local environment requirements.

Below is a sample of what the file looks like, viewed using the cat command.

$ cat /etc/systemd/journald.conf 

Journald Configuration File

# See journald.conf(5) for details.
[Journal]
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitInterval=30s
#RateLimitBurst=1000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#SystemMaxFiles=100
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg

Note that various package installs and use configuration extracts in /usr/lib/systemd/*.conf.d/ and run time configurations can be found in /run/systemd/journald.conf.d/*.conf which you may not necessarily use.

Enable Journal Data Storage On Disk

A number of Linux distributions including Ubuntu and it’s derivatives like Linux Mint do not enable persistent storage of boot messages on disk by default.

It is possible to enable this by setting the “Storage” option to “persistent” as shown below. This will create the /var/log/journal directory and all journal files will be stored under it.

$ sudo vi /etc/systemd/journald.conf OR
$ sudo nano /etc/systemd/journald.conf 
[Journal]
Storage=persistent

For additional settings, find the meaning of all options which are supposed to be configured under the “[Journal]” section by typing.

$ man journald.conf

Setting Correct System Time Using Timedatectl Command

For reliable log management under systemd using journald service, ensure that the time settings including the timezone is correct on the system.

In order to view the current date and time settings on your system, type.

$ timedatectl OR
$ timedatectl status
Local time: Thu 2017-06-15 13:29:09 EAT
Universal time: Thu 2017-06-15 10:29:09 UTC
RTC time: Thu 2017-06-15 10:29:09
Time zone: Africa/Kampala (EAT, +0300)
Network time on: yes
NTP synchronized: yes
RTC in local TZ: no

To set the correct timezone and possibly system time, use the commands below.

$ sudo timedatectl set-timezone Africa/Kampala
$ sudo timedatectl set-time “13:50:00”

Viewing Log Messages Using Journalctl Command

journalctl is a utility used to view the contents of the systemd journal (which is written by journald service).

To show all collected logs without any filtering, type.

$ journalctl

View Log Messages

-- Logs begin at Wed 2017-06-14 21:56:43 EAT, end at Thu 2017-06-15 12:28:19 EAT
Jun 14 21:56:43 tecmint systemd-journald[336]: Runtime journal (/run/log/journal
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpuset
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpu
Jun 14 21:56:43 tecmint kernel: Initializing cgroup subsys cpuacct
Jun 14 21:56:43 tecmint kernel: Linux version 4.4.0-21-generic ([email protected])
Jun 14 21:56:43 tecmint kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-21-
Jun 14 21:56:43 tecmint kernel: KERNEL supported cpus:
Jun 14 21:56:43 tecmint kernel: Intel GenuineIntel
Jun 14 21:56:43 tecmint kernel: AMD AuthenticAMD
Jun 14 21:56:43 tecmint kernel: Centaur CentaurHauls
Jun 14 21:56:43 tecmint kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x01: 'x87 flo
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x02: 'SSE reg
Jun 14 21:56:43 tecmint kernel: x86/fpu: Supporting XSAVE feature 0x04: 'AVX reg
Jun 14 21:56:43 tecmint kernel: x86/fpu: Enabled xstate features 0x7, context si
Jun 14 21:56:43 tecmint kernel: x86/fpu: Using 'eager' FPU context switches.
Jun 14 21:56:43 tecmint kernel: e820: BIOS-provided physical RAM map:
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000000000-0x00000000000
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000090000-0x00000000000
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000000100000-0x000000001ff
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000020000000-0x00000000201
Jun 14 21:56:43 tecmint kernel: BIOS-e820: [mem 0x0000000020200000-0x00000000400

View Log messages Based On Boots

You can display a list of boot numbers (relative to the current boot), their IDs, and the timestamps of the first and last message corresponding to the boot with the --list-boots option.

$ journalctl --list-boots
-1 9fb590b48e1242f58c2579defdbbddc9 Thu 2017-06-15 16:43:36 EAT—Thu 2017-06-15 1
0 464ae35c6e264a4ca087949936be434a Thu 2017-06-15 16:47:36 EAT—Thu 2017-06-15 1 

To view the journal entries from the current boot (number 0), use the -b switch like this (same as the sample output above).

$ journalctl -b

and to see a journal from the previous boot, use the -1 relative pointer with the -b option as below.

$ journalctl -b -1

Alternatively, use the boot ID like this.

$ journalctl -b 9fb590b48e1242f58c2579defdbbddc9

Filtering Log Messages Based On Time

To use time in Coordinated Universal Time (UTC) format, add the --utc options as follows.

$ journalctl --utc

To see all of the entries since a particular date and time, e.g. June 15th, 2017 at 8:15 AM, type this command.

$ journalctl --since "2017-06-15 08:15:00"
$ journalctl --since today
$ journalctl --since yesterday

Viewing Recent Log Messages

To view recent log messages (10 by default), use the -n flag as shown below.

$ journalctl -n
$ journalctl -n 20 

Viewing Log Messages Generated By Kernel

To see only kernel messages, similar to the dmesg command output, you can use the -k flag.

$ journalctl -k $ journalctl -k -b $ journalctl -k -b 9fb590b48e1242f58c2579defdbbddc9

Viewing Log Messages Generated By Units

To can view all journal entries for a particular unit, use the -u switch as follows.

$ journalctl -u apache2.service

To zero down to the current boot, type this command.

$ journalctl -b -u apache2.service

To show logs from the previous boot, use this.

$ journalctl -b -1 -u apache2.service

Below are some other useful commands:

$ journalctl -u apache2.service $ journalctl -u apache2.service --since today
$ journalctl -u apache2.service -u nagios.service --since yesterday

Viewing Log Messages Generated By Processes

To view logs generated by a specific process, specify it’s PID like this.

$ journalctl _PID=19487
$ journalctl _PID=19487 --since today
$ journalctl _PID=19487 --since yesterday

Viewing Log Messages Generated By User or Group ID

To view logs generated by a specific user or group, specify it’s user or group ID like this.

$ journalctl _UID=1000
$ journalctl _UID=1000 --since today
$ journalctl _UID=1000 -b -1 --since today

Viewing Logs Generated By a File

To show all logs generated by a file (possibly an executable), such as the D-Bus executable or bash executables, simply type.

$ journalctl /usr/bin/dbus-daemon
$ journalctl /usr/bin/bash

Viewing Log Messages By Priority

You can also filter output based on message priorities or priority ranges using the -p flag. The possible values are: 0 – emerg, 1 – alert, 2 – crit, 3 – err, 4 – warning, 5 – notice, 6 – info, 7 – debug):

$ journalctl -p err

To specify a range, use the format below (emerg to warning).

$ journalctl -p 1..4
OR
$ journalctl -p emerg..warning

View Log Messages in Real-Time

You can practically watch logs as they are being written with the -f option (similar to tail -f functionality).

$ journalctl -f

Handling Journal Display Formatting

If you want to control the output formatting of the journal entries, add the -o flag and use these options: cat, export, json, json-pretty, json-sse, short, short-iso, short-monotonic, short-precise and verbose(check meaning of options in the man page:

The cat option shows the actual message of each journal entry without any metadata (timestamp and so on).

$ journalctl -b -u apache2.service -o cat

Managing Journals On a System

To check the journal file for internal consistency, use the --verify option. If all is well, the output should indicate a PASS.

$ journalctl --verify
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/system.journal 491f68: Unused data (entry_offset==0) PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email protected]9866c3d4d.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email protected]5d8945a9e.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email protected]1becab02f.journal
PASS: /run/log/journal/2a5d5f96ef9147c0b35535562b32d0ff/[email protected]01cfcedff.journal

Deleting Old Journal Files

You can also display the current disk usage of all journal files with the --disk-usage options. It shows the sum of the disk usage of all archived and active journal files:

$ journalctl --disk-usage

To delete old (archived) journal files run the commands below:

$ sudo journalctl --vacuum-size=50M #delete files until the disk space they use falls below the specified size
$ sudo journalctl --vacuum-time=1years #delete files so that all journal files contain no data older than the specified timespan
$ sudo journalctl --vacuum-files=4 #delete files so that no more than the specified number of separate journal files remain in storage location

Rotating Journal Files

Last but not least, you can instruct journald to rotate journal files with the --rotate option. Note that this directive does not return until the rotation operation is finished:

$ sudo journalctl --rotate

For an in-depth usage guide and options, view the journalctl man page as follows.

$ man journalctl

Do check out some useful articles.

  1. Managing System Startup Process and Services (SysVinit, Systemd and Upstart)
  2. Petiti – An Open Source Log Analysis Tool for Linux SysAdmins
  3. How to Setup and Manage Log Rotation Using Logrotate in Linux
  4. lnav – Watch and Analyze Apache Logs from a Linux Terminal

That’s it for now. Use the feedback from below to ask any questions or add you thoughts on this topic.

Conference Planning and Venue Picking

Hi, I’m Ken. Many of you know me as the man in the green hat.

Earlier this year our Marketing Department was pulled away from the conference to work on other things, and I offered to take over the planning to make sure we still had a conference this year. In May I went to finalize things with the venue and took a few folks with me along with me. We had two primary goals.

  1. Have a better grasp of the Conference venue, its layout, and its potential
  2. Find places for off-site networking events (sometimes called parties ? )

The Conference Venue: The W

The venue for the 2017 cPanel Conference is the W in Fort Lauderdale. Located on the A1A scant feet from the beautiful Atlantic Ocean, the W offers a great space for the conference. All of the rooms and spaces needed for the conference are located in the same area, on the same floor. No finding yourself in a maze of twisty little passages that all look alike with this venue!

We will be using the W both for the conference itself, and to host our Wednesday night evening event: The game night.

The hotel also offers some great outdoor spaces. With the late summer date and cool ocean breezes, the outdoor spaces should provide great locations for lunches and gatherings.

After Hours: Blue Martini and Stache

Fort Lauderdale is host to lots of interesting places, and the two venues that we chose for the evening events this year are absolutely remarkable! Each of these places have such unique personalities, it was hard not to choose them.

The conference starts Monday Night with a meet & greet event at the Blue Martini. This place struck me as something straight out of the Rat-Pack era. During our visit, I couldn’t shake the feeling that Dean Martin or ‘Ol Blue Eyes was going to saunter up to the bar for a drink.

Blue Martini Orlando Florida

Stache has a completely different, equally enjoyable atmosphere. Its multiple floors are built with plenty of nooks and crannies, and it seemed like there was always something to discover. This bar is more like a speakeasy, allowing for tons of exploration.

The 2017 cPanel Conference Will be Great

There will be a bunch of other blog posts from other folks who will be presenting at the conference as we get closer, so make sure you keep your eyes here. For now, here is what you need to know about the 2017 cPanel conference:

  1. This is the only conference where you get direct access to members of the cPanel Product Development team.
  2. The conference dates are Sep 25-28
  3. The host city is Fort Lauderdale, Florida, USA
  4. Conference registration is 50% off until June 30th

I have spent many, many years at cPanel, and I am very excited to be leading the charge for this year’s cPanel Conference in Florida. Please join us!

How to Install Samba on Ubuntu for File Sharing on Windows

Samba is a free/open source and popularly used software for sharing files and print services between Unix-like systems including Linux and Windows hosts on the same network.

In this guide, we will show how to setup Samba4 for basic file sharing between a Ubuntu systems and Windows machines. We will cover two possible scenarios: anonymous (unsecure) as well as secure file sharing.

Suggested Read: How to Install Samba4 on CentOS/RHEL 7 for File Sharing on Windows

Note that starting from version 4.0, Samba can be used as an Active Directory (AD) domain controller (DC). We have organized a special series for setting up Samba4 Active Directory Domain Controller, which comprises of key topics under Ubuntu, CentOS, and Windows.

  1. Setting Up Samba4 Active Directory Domain Controller

Install and Configure Samba in Ubuntu

Samba server is available to install from the default Ubuntu repositories using the apt package manager tool as shown.

$ sudo apt install samba samba-common python-dnspython


Once samba server installed, now its time to configure samba server as: unsecure anonymous and secure file sharing.

For this, we need to edit the main Samba configuration file /etc/samba/smb.conf (which explain various configuration directives).

First backup the original samba configuration file as follows.

$ sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.orig

Afterwards, we’ll proceed to configure samba for anonymous and secure file sharing services as explained below.

Important: Before moving any further, ensure that the Windows machine is in the same workgroup which will be configured on the Ubuntu server.

Check Windows Machine WorkGroup Settings

Login into your Windows machine, right click on “This PC” or “My Computer? Properties ? Advanced System Settings ? Computer Name to verify the workgroup.

Check Windows WorkGroup

Check Windows WorkGroup

Alternatively, open the command prompt and view it by running the command below and look for “workstation domain”.

>net config workstation

Verify Windows WorkGroup

Verify Windows WorkGroup

Once you know your Windows workgroup its time to move ahead and configure samba server for file sharing.

Anonymous Samba File Sharing

First start by creating a shared samba directory where the files will be stored.

$ sudo mkdir -p /srv/samba/anonymous_shares

Then set the appropriate permissions on the directory.

$ sudo chmod -R 0775 /srv/samba/anonymous_shares
$ sudo chown -R nobody:nogroup /srv/samba/anonymous_shares

Now open the configuration file.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Next edit or modify the directive settings as described below.

global]
workgroup = WORKGROUP
netbios name = ubuntu
security = user
[Anonymous]
comment = Anonymous File Server Share
path = /srv/samba/anonymous_shares
browsable =yes
writable = yes
guest ok = yes
read only = no
force user = nobody

Now verify current samba settings by running the command below.

$ testparm

Samba Current Configuration Settings

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
netbios name = UBUNTU
server string = %h server (Samba, Ubuntu)
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = No
[Anonymous]
comment = Anonymous File Server Share
path = /srv/samba/anonymous_shares
force user = nobody
read only = No
guest ok = Yes

Then restart Samba services to effect the above changes.

$ sudo systemctl restart smbd [Systemd]
$ sudo service smbd restart [Sys V]

Testing Anonymous Samba File Sharing

Go to the Windows machine, and open “Network” from a Windows Explorer window. Click on the Ubuntu host (TECMINT for our case), or else try to access the samba server using its IP address.

\\192.168.43.168

Note: Use the ifconfig command to get your Ubuntu server IP address.

Connect to Samba Share

Connect to Samba Share

Then open the Anonymous directory and try to add files in there to share with other users.

Add Files to Samba Share

Add Files to Samba Share

Secure Samba File Sharing

To password-protect a samba share, you need to create a group “smbgrp” and set a password for each user. In this example I use aaronkilik as user and password as “tecmint“.

$ sudo addgroup smbgrp
$ sudo usermod aaronkilik -aG smbgrp
$ sudo smbpasswd -a aaronkilik

Note: The samba security mode: security = user requires clients to enter a username and password to connect to shares.

Samba user accounts are separate from system accounts, however, you can optionally install the libpam-winbind package which is used to sync system users and passwords with the samba user database.

$ sudo apt install libpam-winbind

Then create the secure directory where the shared files will be kept.

$ sudo mkdir -p /srv/samba/secure_shares

Next, set the appropriate permissions on the directory.

$ sudo chmod -R 0770 /srv/samba/secure_shares
$ sudo chown -R root:smbgrp /srv/samba/secure_shares

Now open the configuration file.

$ sudo vi /etc/samba/smb.conf
OR
$ sudo nano /etc/samba/smb.conf

Next edit or modify the directive settings as described below.

[Secure]
comment = Secure File Server Share
path = /srv/samba/secure_shares
valid users = @smbgrp
guest ok = no
writable = yes
browsable = yes

Just like before, run this command to see your current samba settings.

$ testparm

Samba Current Configuration Settings

Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
WARNING: The "syslog" option is deprecated
Processing section "[printers]"
Processing section "[print$]"
Processing section "[Shares]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
# Global parameters
[global]
netbios name = UBUNTU
server string = %h server (Samba, Ubuntu)
server role = standalone server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = No
[Anonymous]
comment = Anonymous File Server Share
path = /srv/samba/anonymous_shares
force user = nobody
read only = No
guest ok = Yes
[Secure]
comment = Secure File Server Share
path = /srv/samba/secure_shares
valid users = @smbgrp
read only = No

Once you done with the above configurations, restart Samba services to apply the changes.

$ sudo systemctl restart smbd [Systemd]
$ sudo service smbd restart [Sys V]

Testing Secure Samba File Sharing

As before, in the Windows machine, and open “Network” from a Windows Explorer window. Click on the Ubuntu host (TECMINT for our case). You may get the error below, if not proceed to the next step.

Connect to Secure Samba Share

Connect to Secure Samba Share

Try to access the server using its IP address, e.g. \\192.168.43.168 like this. Then enter the credentials (username and password) for user aaronkilik and click OK.

Samba Share User Login

Samba Share User Login

You’ll now view all the shared directories, click on Secure to open it.

Samba Secure Share

Samba Secure Share

You can securely share some files with other permitted users on the network by dropping them in this directory.

Add Files on Samba Share

Add Files on Samba Share

Enable Samba in UFW Firewall in Ubuntu

If you have UFW firewall enabled/active on your system, you must add the rules to allow Samba to pass through your firewall.

To test this, we’ve used the 192.168.43.0 network scheme. Run the commands below specifying your network address.

$ sudo ufw allow proto udp to any port 137 from 192.168.43.0/24
$ sudo ufw allow proto udp to any port 138 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 139 from 192.168.43.0/24
$ sudo ufw allow proto tcp to any port 445 from 192.168.43.0/24

You can also check out these useful articles concerning Samba file sharing on a network.

  1. Setting Up Samba4 Active Directory Domain Controller- Part 1 to 14
  2. How to Mount/Unmount Local and Network (Samba & NFS) Filesystems in Linux
  3. Using ACLs (Access Control Lists) and Mounting Samba / NFS Shares
  4. How to Fix SambaCry Vulnerability (CVE-2017-7494) in Linux Systems

That’s all! In this guide, we showed you how to setup Samba4 for anonymous and secure file sharing between Ubuntu and Windows machines. Use the feedback form below to share any thoughts with us.

CloudLayar – A Free DNS Protection for Your Website

CloudLayar is a website security tool that allows you to protect any domain from DNS-related attacks completely Free. CloudLayar was built with simplicity in mind so that every user could use the powerful protection without the need to learn too many technical things.

Use CloudLayar to protect your website from most of existing online threats. Hackers, DDoS, Malware, Bots – all those things can be harmful for your website and may result in website unavailability or data loss. In order to prevent this from happening activate CloudLayar for your website and start feeling safe!

How to Setup CloudLayar for Your Website

It is easy to setup Cloudlayar protection and protect yourself from DNS DDoS attacks. Follow easy steps below:

1. First go to Cloudlayar.com sign-up page and create a new account.

Create CloudLayar New Account

Create CloudLayar New Account


2. Then you will be redirected to the page where you can add your first website.

Add Your Website

Add Your Website

3. After that, you need to change Nameservers on your domain provider page to ours, as instructed, in order for protection to start working.

Change Website Nameservers

Change Website Nameservers

Depending on your provider the settings and time to change Nameservers may differ. This is an example on how it should look at your domain provider page.

Domain NameServers

Domain NameServers

4. After everything is set, you will be redirected to the DNS management page, where you can setup and manage your websites and get all the information and reports.

Website DNS Manager

Website DNS Manager

5. You can choose which website you want to manage and then you will see all the settings and logs.

Website CloudLayar Dashboard

Website CloudLayar Dashboard

6. Cloudlayar has Layer 7 Robot Protection and Image Protection. You can also add IPs you don’t want our system to block to the IP Whitelist. You can customize these settings on “Protection Settings” page.

Website Protection Settings

Website Protection Settings

7. On the “Domain Attacks” page you can see daily, weekly or monthly reports and the number of Blocked Attacks.

Domain Attack Statistics

Domain Attack Statistics

CloudLayar supports your favourite website and hosting platform out of the box. We are compatible with WordPress, Joomla, Drupal, WooCommerce and more.

You can use CloudLayar with any web hosting provider and get the best DNS protection! CloudLayar support is available 24/7 to provide you with the help you need.

Install LAMP (Linux, Apache, MariaDB or MySQL and PHP) Stack on Debian 9

Early this week (June 17, 2017), the Debian project announced the availability of the new stable version (Debian 9) codenamed Stretch.

With this release, the well-known and widely-used Debian 8 Jessie gained old-stable status, which designates the previous stable repository. As it always happens with the release of a new stable version, Stretch includes hundreds of new packages, and updates to thousands of others.

Since Debian powers a large percentage of web servers all over the world, in this article we will explain how to install the LAMP stack in Debian 9 Stretch.

This will allow system administrators to set up brand new web servers on top of Stretch using the recent updates to the distribution’s official repositories. It is assumed that you have installed Debian 9 on a bare metal, virtual machine, or VPS, or have upgraded from Jessie.

Installing LAMP in Debian 9 Stretch


The “M” in LAMP stands for MariaDB or MySQL, the database server for the stack. Depending on your choice, you can install the database server and the other components (the Apache web server and PHP) as follows.

Install LAMP with MariaDB on Debian 9

# aptitude update && aptitude install apache2 mariadb-server mariadb-client mariadb-common php php-mysqli

Install LAMP with MySQL on Debian 9

# aptitude update && aptitude install apache2 mysql-server mysql-client mysql-common php php-mysqli

As a personal preference, I will use MariaDB in the rest of this article.

Once the installation is complete, let us make sure all the services are running. If so, the following commands.

# systemctl is-active apache2
# systemctl is-active mariadb

should return active for both. Otherwise, start both services manually:

# systemctl start {apache2,mariadb}

Finally, before proceeding let’s use mysql_secure_installation to set up the password for the database root account. If you don’t know how to do this, you can refer to step #4 in How to Install MariaDB 10 on Debian and Ubuntu.

Testing LAMP on Debian 9 Stretch

To begin, we are going to create and populate a sample database. Next, we will use a basic PHP script to retrieve a set of records from the database in JSON format.

Finally, we will use Firefox’s developer tools to verify the version of Apache being used. Although we could find out this same information with.

# apache2 -v

the reason why we’re using a script is to make sure all the components of the stack are working properly when bundled together.

Creating and Populating a Database

Let’s enter the MariaDB prompt with the following command.

# mysql -u root -p

and entering the password that was chosen in the previous section.

Now we will create a database named LibraryDB as follows:

MariaDB [(none)]> CREATE DATABASE LibraryDB;

and add two tables named AuthorsTBL and BooksTBL:

MariaDB [(none)]> USE LibraryDB;
CREATE TABLE AuthorsTBL (
AuthorID INT NOT NULL AUTO_INCREMENT,
FullName VARCHAR(100) NOT NULL,
PRIMARY KEY(AuthorID)
);
MariaDB [(none)]> CREATE TABLE BooksTBL (
BookID INT NOT NULL AUTO_INCREMENT,
AuthorID INT NOT NULL,
ISBN VARCHAR(100) NOT NULL,
Title VARCHAR(100) NOT NULL,
Year VARCHAR(4),
PRIMARY KEY(BookID),
FOREIGN KEY(AuthorID) REFERENCES AuthorsTBL(AuthorID)
);

For security reasons, we will create a special account to access our database:

MariaDB [(none)]> CREATE USER 'librarian'@'localhost' IDENTIFIED BY 'Today123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON LibraryDB.* TO 'librarian'@'localhost';

The last step now consists of populating the tables with Authors and Books:

MariaDB [(none)]> INSERT INTO AuthorsTBL (FullName) VALUES ('Paulo Coelho'), ('Isabel Allende'), ('Jorge Luis Borges');
MariaDB [(none)]> INSERT INTO BooksTBL (AuthorID, ISBN, Title, Year) VALUES
(1, '9788576653721', 'El alquimista', '1988'),
(1, '9780061194740', 'El peregrino', '1987'),
(2, '9789500720380', 'La casa de los espiritus', '1982'),
(3, '9789875666481', 'El Aleph', '1945');

Testing Database Connection with PHP Script

The following PHP script will first connect to the database and retrieve the records that match the query. If an error occurs, a descriptive message will be displayed so as to give us a hint on what’s wrong.

Save the following script as booksandauthors.php under /var/www/html:

<?php
// Show PHP version
echo "Current PHP version: " . phpversion() . "\r\n";
// Connect to database
$connection = mysqli_connect("localhost","librarian","Today123","LibraryDB") or die("Error " . mysqli_error($connection));
// SQL query
$sql = "SELECT A.ISBN, A.Title,
A.Year, B.FullName
FROM BooksTBL A JOIN AuthorsTBL B
ON A.AuthorID = B.AuthorID;";
$result = mysqli_query($connection, $sql) or die("Error " . mysqli_error($connection));
// Populate an array with the query results
$libraryarray = array();
while($row = mysqli_fetch_assoc($result))
{
$libraryarray[] = $row;
}
// Convert to JSON
echo json_encode($libraryarray);
?>

Change the ownership to www-data and add the appropriate permissions:

# chown www-data:www-data /var/www/html/booksandauthors.php
# chmod 600 /var/www/html/booksandauthors.php

Finally, open a web browser and point it to the URL where the script resides.

http://192.168.0.35/booksandauthors.php

Verify LAMP on Debian 9

Verify LAMP on Debian 9

That’s it! In this article we have explained how to install and test the LAMP stack on Debian 9. If you have questions or comments about this article, don’t hesitate to let us know by using the form below.

Limit CPU Usage of a Process in Linux with CPULimit Tool

In an earlier post, we’ve explained CPUTool for limiting and controlling CPU utilization of any process in Linux. It allows a system administrator to interrupt execution of a process (or process group) if the CPU/system load goes beyond a defined threshold. Here, we will learn how to use a similar tool called cpulimit.

Cpulimit is used to restrict the CPU usage of a process in the same way as CPUTool, however, it offers more usage options compared to its counterpart. One important difference is that cpulimit doesn’t manage system load unlike cputool.

Suggested Read: 9 Useful Commands to Get CPU Information on Linux

Install CPULimit to Limit CPU Usage Of a Process in Linux

CPULimit is available to install from default software repositories of Debian/Ubuntu and its derivatives using a package management tool.

$ sudo apt install cpulimit

In RHEL/CentOS and Fedora, you need to first enable EPEL repository and then install cpulimit as shown.


# yum install epel-release
# yum install cpulimit

Limiting Process CPU Usage With CUPLimit

In this sub section, we’ll explain how cpulimit works. First, let’s run a command (same dd command we looked at while covering cputool) which should result into a high CPU percentage, in the background (note that the process PID is printed out after running the command).

$ dd if=/dev/zero of=/dev/null &
[1] 17918

Next, we can use the top or glances tools which output the actual frequently updated state of a running Linux system, to watch the CPU usage of the command above.

$ top

Monitor CPU Usage in Linux

Monitor CPU Usage in Linux

Looking at the output above, we can see that the dd process is utilizing the highest percentage of CPU time 100.0%.

But we can limit this using cputlimit as follows. The --pid or -p option is used to specify the PID and --limit or -l is used to set a usage percentage for a process.

The command below will limit the dd command (PID 17918) to 50% use of one CPU core.

$ sudo cpulimit --pid 17918 --limit 50 Process 17918 detected

Once we run cpulimit, we can view the current CPU usage for the dd command with top or glances. From the output, the value ranges from (51.5%-55.0% or slightly beyond).

Limit CPU Usage of Process in Linux

Limit CPU Usage of Process in Linux

We can throttle its CPU usage for a second time as follows, this time lowering the percentage further as follows:

$ sudo cpulimit --pid 17918 --limit 20 Process 17918 detected

As we did before, we can run top or glances to view the new CPU usage for the process, which will range from 20%-25.0% or slightly beyond this.

$ top

Throttle CPU Usage in Linux

Throttle CPU Usage in Linux

Note: The shell becomes un-interactive – doesn’t expect any user input when cpulimit is running. To kill it (which should stop the CPU usage limitation operation), press [Ctrl + C].

To run cpulimit as a background process, use the --background or -b switch, freeing up the terminal.

$ sudo cpulimit --pid 17918 --limit 20 --background

To specify the number of CPU cores present on the system, use the --cpu or -c flag (this is normally detected automatically).

$ sudo cpulimit --pid 17918 --limit 20 --cpu 4

Rather than limit a process’s CPU usage, we can kill it with the --kill or -k option. The default is signal sent to the process is SIGCONT, but to send a different signal, use the --signal or -s flag.

$ sudo cpulimit --pid 17918 --limit 20 --kill 

To exit if there is no suitable target process, or in case it dies, include the -z or --lazy like this.

$ sudo cpulimit --pid 17918 --limit 20 --kill --lazy

For additional information and usage options, view the cpulimit man page.

$ man cpulimit

Do check out the following useful guides for finding CPU info and CPU/system performance monitoring.

  1. Find Top Running Processes by Highest Memory and CPU Usage in Linux
  2. Cpustat – Monitors CPU Utilization by Running Processes in Linux
  3. CoreFreq – A Powerful CPU Monitoring Tool for Linux Systems
  4. Find Top Running Processes by Highest Memory and CPU Usage in Linux
  5. 20 Command Line Tools to Monitor Linux Performance
  6. 13 Linux Performance Monitoring Tools – Part 2

In comparison, after testing CPUTool and CPULimit, we noticed that the former offers a more effective and reliable “process CPU usage limitation” functionality.

This is according to the percentage range of CPU usage observed after running both tools against a given process. Try out both tools and add your thoughts to this article using the feedback form below.

Vifm – A Commandline Based File Manager with ‘Vi Keybindings’ for Linux

In our last article, we have put together a list of 13 best file managers for Linux systems, most of which where graphical user interface (GUI) based. But if you have a Linux distribution that only uses the command line interface (CLI), then you need a text based file manager. In this article, we bring you one such file manager called Vifm.

Vifm is a powerful CLI and ncurses based cross-platform file manager for Unix-like, Cygwin and Window systems. It is feature-rich and comes with Vi like key bindings. It also uses a number of useful features from Mutt.

There is no need to learn a new set of usage commands, it provides you with absolute keyboard control over your files using generic Vi options/commands.

Useful Vifm Features:

  • Provides a facility to edit several kinds of files.
  • Comes with two panes by default.
  • Supports Vi modes, options, registers, commands and so much more.
  • Supports auto-completion of commands.
  • Support for trash directory.
  • Offers various views (such as custom, column, compare and ls-like).
  • Supports remote execution of commands.
  • Also supports remote changing of directories.
  • Supports various color schemes.
  • Built-in support of automated FUSE file system mounts.
  • Supports use of functions.
  • Supports plugin for using vifm in vim as a file selector and so much more.

Suggested Read: Cloud Commander – Web File Manager to Control Linux File/Programs via Browser

How to Install Vifm Command-line File Manager in Linux

Vifm is available in the official software repositories of Debian/Ubuntu and Fedora Linux distributions. To install it, use the respective package manager to install it like this.

$ sudo apt install vifm [On Debian/Ubuntu]
$ dnf install vifm [On Fedora 22+]


Once installed, you can start it by typing.

$ vifm

Supports Two Panes By Default

Use the space bar to shift from one pane to the other. To enter a directory, simply hit the [Enter] button.

Vifm Commandline File Manager

Vifm Commandline File Manager

Open A File in Vi/m Editor

To open a file such as the findhost.sh script in the right pane above, just highlight the file and press [Enter]:

Vifm - Open File for Editing in Vi

Vifm – Open File for Editing in Vi

Colored Visual Highlighter

To enable the visual highlighter, press V and scroll to see how it works.

Vifm Color Visual Highlighter

Vifm Color Visual Highlighter

Main Pane Manipulation Options

To view pane manipulation options/keybindings, press Ctrl-W.

Vifm View Pane Manipulation Options

Vifm View Pane Manipulation Options

To split the window horizontally press Ctrl-W then s.

Vifm Split Horizontally

Vifm Split Horizontally

To split the window vertically press Ctrl-W then v.

Vifm Split Vertically

Vifm Split Vertically

Use Tab To Auto-Complete Commands

First type a few letters in the command name (possibly two), then press Tab. To select the next option, press Tab again then hit [Enter].

Vifm Auto Complete Commands

Vifm Auto Complete Commands

Highlight Files in One Pane and View It On Another

You can list files in one pane and view content in another as you scroll over files, simply run the view command like this.

:view

Vifm View File Content

Vifm View File Content

Delete A File in Vifm

You can delete a highlighted file by pressing dd. To delete it, press Y or N otherwise.

Vifm Delete a File

Vifm Delete a File

Vifm Command Line Trash

If you delete a file in Vifm, it is stored in the trash. To view the trash directory, type this command.

:trashes

To view files in trash, run the lstrash command (press q to return).

:lstrash

Vifm Trash Window

Vifm Trash Window

To restore files from the trash directory, first move into it by using the cd command like this.

:cd /home/aaronkilik/.local/share/vifm/Trash

Then select the file to restore, and type:

:restore

Vifm Restore a File

Vifm Restore a File

For a comprehensive usage information and options, commands, tips check out the Vifm man page:

$ man vifm

Vifm Homepage: https://vifm.info/

Do check out following articles.

  1. GNOME Commander: A ‘Two pane’ Graphical File Browser and Manager for Linux
  2. Peazip – A Portable File Manager and Archive Tool for Linux

In this article, we covered installation and basic features of Vifm a powerful CLI based file manager for Linux systems. Use the feedback form below to share your thoughts about it.

How to Determine and Fix Boot Issues in Linux

The Linux system boots so fast that most of the output scrolls by too quickly to read the text (showing services being started) sent to the console. Therefore observing boot issues/errors becomes a little of a challenge for us.

In this article, we will briefly explain the different stages in a Linux system boot process, then learn how to establish and get to the bottom of boot issues: in terms files to look into or commands to view system boot messages.

Summary Of Linux Boot Process

In summary, once we press the Power On button, the BIOS (Basic Input Output System) a program integrated in a motherboard performs a POST (Power on Self Test) – where hardware such as disks, RAM (Random Access Memory), keyboard, etc are scanned. In case of an error (missing/malfunctioning hardware), it is reported on the screen.

During POST, the BIOS also looks for the boot device, the disk to stat up from (usually the first hard disk, however we may configure it to be a DVD, USB, Network Card etc instead).


Then the system will connect to the disk and search for the Master Boot Record (512 bytes in size) which stores the boot loader (446 bytes in size) and the rest of the space stores info about disk partitions (four maximum) and the MBR itself.

Suggested Read: 4 Best Linux Boot Loaders

The boot loader will identify and point to, as well as load the Kernel and the initrd file (initialization ram disk – provides the kernel access to the mounted root filesystem and modules/drivers stored in /lib directory), which are generally stored in the /boot directory of the filesystem.

After the kernel is loaded, it executes init (or systemd on newer Linux distros), the first process with PID 1, which in turn starts all other processes on the system. It is also the last process to be executed on system shutdown.

How to Find Out Linux Boot Issues or Error Messages

As we mentioned before, the Linux boot processes happens rapidly that we can’t even clearly read most of the output sent to the console.

So taking note of boot issues/errors calls for a system administrator to look into certain important files in conjunction with particular commands. And these include:

/var/log/boot.log – Logs System Boot Messages

This is probably the first file you want to look into, to view all that unfolded during the system boot.

Rather than trying so hard to follow the output on the screen during boot, we can view this file after the boot process has completed to assist us in determining and resolving boot issues/errors.

We use the cat command for that purpose as follows (below is a sample of this file):

# cat /var/log/boot.log

View Linux Boot Logs

[ OK ] Started Load/Save RF Kill Switch Status.
[ TIME ] Timed out waiting for device dev-disk-by\x2duuid-53e41ce9\x2ddc18\x2d458c\x2dbc08\x2d584c208ed615.device.
[DEPEND] Dependency failed for /dev/disk/by-uuid/53e41ce9-dc18-458c-bc08-584c208ed615.
[DEPEND] Dependency failed for Swap.
[ OK ] Reached target System Initialization.
[ OK ] Listening on UUID daemon activation socket.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Listening on CUPS Scheduler.
[ OK ] Started Daily apt activities.
[ OK ] Reached target Timers.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Started ACPI Events Check.
[ OK ] Started Trigger resolvconf update for networkd DNS.
[ OK ] Started CUPS Scheduler.
[ OK ] Reached target Paths.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on ACPID Listen Socket.
Starting Console System Startup Logging...
[ OK ] Listening on Cockpit Web Service Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting LSB: Set the CPU Frequency Scaling governor to "ondemand"...
[ OK ] Started ACPI event daemon.
[ OK ] Started mintsystem.service.
Starting Detect the available GPUs and deal with any system changes...
Starting LSB: daemon to balance interrupts for SMP systems...
Starting Bluetooth service...
[ OK ] Started ClamAV virus database updater.
Starting LSB: Starts syslogd...
[ OK ] Started Regular background program processing daemon.
Starting Modem Manager...
Starting Accounts Service...
......

From the output above, we can see that there is a boot issues indicated by the lines below.

[DEPEND] Dependency failed for /dev/disk/by-uuid/53e41ce9-dc18-458c-bc08-584c208ed615.
[DEPEND] Dependency failed for Swap.

Issue: Problem with the swap partition; the system either failed to read the swap file/device/partition or it’s not present.

Let’s check if the system is using swap space with free command.

# free
total used free shared buff/cache available
Mem: 3742792 2421060 433696 287376 888036 967000
Swap: 0 0 0

Alternatively, we may run the swapon command to view the system swap space usage summary (we’ll not get any output).

# swapon -s

We can resolve this issue, by creating a swap space in Linux.

Note: The content of this file is cleared at system shutdown: new data is stored in it on a new boot.

/var/log/messages – General System Logs

This file stores general system messages, including the messages that are logged during system boot.

To view it, type:

# cat /var/log/messages

View System Log Messages

Jun 4 13:04:44 tecmint syslogd (GNU inetutils 1.9.4): restart
Jun 4 13:19:55 tecmint -- MARK --
Jun 4 13:39:55 tecmint -- MARK --
Jun 4 13:59:55 tecmint -- MARK --
Jun 4 14:19:55 tecmint -- MARK --
Jun 4 14:20:17 tecmint vmunix: [ 4945.388740] i915 0000:00:02.0: BAR 6: [??? 0x00000000 flags 0x2] has bogus alignment
Jun 4 14:20:17 tecmint vmunix: [ 4945.388837] i915 0000:00:02.0: BAR 6: [??? 0x00000000 flags 0x2] has bogus alignment
Jun 4 14:20:17 tecmint vmunix: [ 4945.388903] i915 0000:00:02.0: BAR 6: [??? 0x00000000 flags 0x2] has bogus alignment
Jun 4 14:20:17 tecmint vmunix: [ 4945.388930] i915 0000:00:02.0: BAR 6: [??? 0x00000000 flags 0x2] has bogus alignment
Jun 4 14:20:17 tecmint vmunix: [ 4945.389334] i915 0000:00:02.0: BAR 6: [??? 0x00000000 flags 0x2] has bogus alignment
Jun 4 14:20:17 tecmint vmunix: [ 4945.389402] pcieport 0000:00:1c.0: BAR 15: assigned [mem 0xdfa00000-0xdfbfffff 64bit pref]
.....

Because this file may be relatively lengthy, we can view it in pages use the more command (which even shows a percentage) like this.

# more /var/log/messages

The contents of /var/log/messages unlike the previous file is not cleared shutdown because it does not only contain boot messages but messages concerning other system activities as well. So older files are compressed and kept on the system for later inspection as shown below.

# ls -l message*
-rw-r--r-- 1 root root 1206127 Jun 10 14:20 messages
-rw-r--r-- 1 root root 1419494 Jun 4 13:00 messages.1
-rw-r--r-- 1 root root 153011 May 28 09:30 messages.2.gz

dmesg – Shows Kernel Messages

The dmesg command can show operations once the boot process has completed, such as command line options passed to the kernel; hardware components detected, events when a new USB device is added, or errors like NIC (Network Interface Card) failure and the drivers report no link activity detected on the network and so much more.

# dmesg

Show Kernel Messages

[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 4.4.0-21-generic ([email protected]) (gcc version 5.3.1 20160413 (Ubuntu 5.3.1-14ubuntu2) ) #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 (Ubuntu 4.4.0-21.37-generic 4.4.6)
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.4.0-21-generic root=UUID=57b36d48-1938-43c2-bf85-e97bc9f423ea ro quiet splash
[ 0.000000] KERNEL supported cpus:
[ 0.000000] Intel GenuineIntel
[ 0.000000] AMD AuthenticAMD
[ 0.000000] Centaur CentaurHauls
[ 0.000000] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x01: 'x87 floating point registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x02: 'SSE registers'
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x04: 'AVX registers'
[ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
[ 0.000000] x86/fpu: Using 'eager' FPU context switches.
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000008ffff] usable
[ 0.000000] BIOS-e820: [mem 0x0000000000090000-0x00000000000bffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000001fffffff] usable
[ 0.000000] BIOS-e820: [mem 0x0000000020000000-0x00000000201fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000020200000-0x0000000040003fff] usable
[ 0.000000] BIOS-e820: [mem 0x0000000040004000-0x0000000040004fff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000040005000-0x0000000080b2ffff] usable
[ 0.000000] BIOS-e820: [mem 0x0000000080b30000-0x0000000080d31fff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000080d32000-0x00000000ce3eefff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000ce3ef000-0x00000000ce5eefff] type 20
[ 0.000000] BIOS-e820: [mem 0x00000000ce5ef000-0x00000000daeeefff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000daeef000-0x00000000daf9efff] ACPI NVS
....

journalctl – Query Contents of Systemd Journal

This is useful in most current Linux distros using systemd: the newest system and service manager. Under it, system logging is done via the journal component – a centralized location for all messages logged by different components.

These messages include kernel and boot messages; messages from syslog or various services. We can use it to review boot messages and establish boot issues by reading through the output and identifying lines of interest (errors pointed out by red lines depending on terminal text color settings).

# journalctl

Show Contents of SystemD

Jun 13 16:35:32 tecmint mtp-probe[963]: checking bus 2, device 5: "/sys/devices/pci0000:00/0000:00:1d.0/u
Jun 13 16:35:32 tecmint mtp-probe[963]: bus: 2, device: 5 was not an MTP device
Jun 13 16:35:54 tecmint systemd[1]: dev-disk-by\x2duuid-53e41ce9\x2ddc18\x2d458c\x2dbc08\x2d584c208ed615.
Jun 13 16:35:54 tecmint systemd[1]: Timed out waiting for device dev-disk-by\x2duuid-53e41ce9\x2ddc18\x2d
Jun 13 16:35:54 tecmint systemd[1]: Dependency failed for /dev/disk/by-uuid/53e41ce9-dc18-458c-bc08-584c2
Jun 13 16:35:54 tecmint systemd[1]: Dependency failed for Swap.
Jun 13 16:35:54 tecmint systemd[1]: swap.target: Job swap.target/start failed with result 'dependency'.
Jun 13 16:35:54 tecmint systemd[1]: dev-disk-by\x2duuid-53e41ce9\x2ddc18\x2d458c\x2dbc08\x2d584c208ed615.
Jun 13 16:35:54 tecmint systemd[1]: dev-disk-by\x2duuid-53e41ce9\x2ddc18\x2d458c\x2dbc08\x2d584c208ed615.
Jun 13 16:35:54 tecmint systemd[1]: Reached target System Initialization.
Jun 13 16:35:54 tecmint systemd[1]: Started ACPI Events Check.
Jun 13 16:35:54 tecmint systemd[1]: Listening on CUPS Scheduler.
Jun 13 16:35:54 tecmint systemd[1]: Starting Console System Startup Logging...
Jun 13 16:35:54 tecmint systemd[1]: Started Daily Cleanup of Temporary Directories.

The above is a sample of the command output showing an error we already identified by viewing /var/log/boot.log: the swap partition error. To view more output lines, simply press [Enter] button.

Also check out these useful guides about Linux system boot and service management in relation to common system and service managers:

  1. Process Management in RHEL 7: Boot, Shutdown, and Everything in Between
  2. Managing System Startup Process and Services (SysVinit, Systemd and Upstart)
  3. The Story Behind ‘init’ and ‘systemd’: Why ‘init’ Needed to be Replaced with ‘systemd’

In this article, we explained in short the different stages in the Linux system boot process as well as learned how to establish and possibly resolve boot issues. To add any thought to this guide, use the comment form below.

June Development Update

The month of June is all about putting the finishing touches on version 66, and getting started on version 68. Version 66 hit Feature Freeze last week (take a look at this post about the cPanel Development Process if you aren’t sure what that means), so we know what features will and will not be in version 66. We went into planning for version 68 just a few weeks ago, and our teams are starting work on that as well. Two versions in development while ramping up planning the cPanel conference means we have a whole lot to talk about. Let’s start with a quick rundown of some of the things I’m most excited about that we didn’t talk about last month.

Application Manager

One of our development teams has been working on a new feature that we’re calling Application Manager. The Application Manager allows you to deploy and maintain your Ruby applications with ease. In this first iteration we’re adding support for an updated and cPanel-provided version of Ruby (version 2.4.1), and an EasyApache 4 Passenger (version 5.1.2) module. Our goal is to be able to expand the Application Manager beyond just Ruby applications to provide support for additional languages (Node.js anyone?). In this iteration there is some work that needs to be done by root in order to enable the Application Manager, but in future version we’re planning to make that a bit easier.

Application Manager

If you develop Ruby applications, this feature is built specifically with you in mind. Take a look and let me know what you think of it in a comment below, or by sending me a tweet or an email

AutoSSL Domain Management in cPanel

AutoSSL is one of the most widely adopted features we have, and we want to give more control to the cPanel user. With version 66 cPanel users can choose to exclude their domains from AutoSSL inside the SSL/TLS Status interface of cPanel.

AutoSSL Domain Exclusion

WHM users will also be able to manage those settings, either through cPanel or by using the related API calls on the command line. Another widely requested feature is the ability to prevent certain domains from being issued SSLs through AutoSSL as a root or reseller user. If you are interested in that, definitely vote and share your use-case there!

PHP-FPM enabled by default, conversion for all accounts, and config scripts

We’re continuing to improve our PHP-FPM support in 66 by adding two new options. First you will be able to set PHP-FPM as the default PHP handler, rather than having to manually enable it after account creation. This includes a dialog box in the interface that helps root users. Second, we’ve added an option in the WHM interface, an API call, and a flag to the command line php_fpm_config script for converting all of your existing accounts to PHP-FPM with Apache.

FPM by default

We’ve also added a new php_fpm_config script. After any manual edits to the PHP-FPM configuration files, run /scripts/php_fpm_config to install those configuration files. You can also use this script to troubleshoot problems in the FPM system. The obvious next step is to be able to more easily configure a wider range of PHP-FPM settings on a per-account basis. To keep tabs on when we do that, subscribe to this feature request: Enhanced PHP-FPM Configuration.

Full EasyApache 4 Profile Management

With version 66 we’re rounding out the EasyApache 4 Profile Management in WHM. You can now easily convert your existing EA4 build into a profile, upload a profile that you have, and download any EA4 build profile on your server.

EA4 profile management

WHM UI (User Interface) Improvements

Over the last couple releases we have been making significant progress in reducing WHM’s reliance on frames. In version 66 we have eliminated the last few completely, which is making WHM on mobile devices much easier to use, and significantly improving the experience in the cPanel App (now in both iOS and Android). Many plugin developers are working with our team to get things updated and working correctly in a frameless WHM UI. Our UI team is taking a little break from making changes to WHM in the 68 development cycle to let them catch up, and to address any bugs that come up as part of this big back-end change.

WHM Usability Improvements

There are a couple extra things that we were able to fit into cPanel & WHM version 66 as well, which will hopefully reduce the reliance on mouse clicks for some of our users.

First, a large portion of cPanel & WHM servers are only hosting a single cPanel account. Historically, even in those situations many of the WHM interfaces that would make you choose that account before being able to proceed with the next step. Those WHM interfaces no longer prompt for you to pick a user if you’re on a server with only one user.

The existing keyboard shortcuts in WHM are also being expanded in version 66, and will include the collapsing and expanding of the sidebar in WHM. It’s pretty slick.

Deprecations

We only have a few new deprecations in version 66, but I want to make sure we talk about them.

  • Ruby on Rails support
    With the addition of the Application Manger we’re deprecating the existing Ruby Interface and all of the things that go with it: /scripts/installruby, the Ruby cPanel interface, use of the outdated system Ruby backed by rails. This helps encourage people to start using the new feature, and a current version of Ruby. We currently haven’t defined when it will be removed, however we recommend that any existing Ruby developers start making the move to the new Application Manager. If you or  your customers hit anything that prevents the use of the Application Manager, submitting a feature request will help ensure those things get added or fixed.
  • Version 64
    As we talked about last year, with our new LTS plans version 64 will reach EOL as soon as version 66 replaces it in the STABLE tier. To be clear, EOL means it will not get any security or bug fixes. Make sure that you’re keeping your server updated!

I also want to remind you about two that are slated for version 68 (expected out in around 4 months), that we told you about in the March Development Update:

  • Both WHM API’s XML output format 
    The existing XML output format for WHMAPI0 and WHMAPI1 isn’t widely used, is poorly supported, and isn’t technically a valid XML format. If you’re using this format, we recommend moving to JSON format.
  • TLS version 1.0 
    We’re deprecating support of TLS version 1.0 in version 68, with plans to remove support in version 70. For now we will just default to version 1.2 on new installs, and upgrades to version 66 will remain untouched. However, if you still require version 1.0 for some reason, you need to start moving away from it.

One more thing to mention: In version 60 we deprecated the CGI Center in cPanel, and in 64 we removed that feature. In 66, we’re going to remove the /usr/local/cpanel/java-sys directory and the code inside it.  This was part of the CGI Center that never got removed.  This specific removal should have a very minimal impact, because most modern browsers don’t support the applet tag. The underlying API calls will be changed to return an empty span tag instead of an applet tag, to prevent any code errors on the existing websites. 

Obligatory #cPConf plug

2017 cPanel Conference

Today is the last day to take advantage of the 50% off early-bird registration rate for our 2017 cPanel Conference in Fort Lauderdale, Florida this September. (Note: There’s still time! This discounted rate has been extended to June 30th!) We’re already blown away by the number of people coming this year. We’re quickly approaching 100 registered attendees (which doesn’t even include the cPanel employees that we’re taking). The excitement is awesome, and we’re looking forward to it!

Aaaaaaaand we’re done!

That’s all I have space to share this month, but certainly not all I wanted to share. Next month we’ll catch up on how version 66 is going and start talking about what we’re planning for version 68. As always, we’re all ears! Let us know what you think of the new version of cPanel & WHM, and what you’d like to see in the future!

_______

Today’s Dev Update was composed to the soundtrack of Alexander Hamilton. For a fun twist, listen through the entire two-disc set the first time without noticing that you still have random play enabled.