Reference : www.cyberciti.biz

การตรวจสอบ MySQL Password หลังจากการติดตั้ง CactiEZ .iso

[root@localhost ~]# cat /root/mysqlpass.txt

How to Install phpMyAdmin 4.6 on CentOS

Step 1: Enable Remi Repository
CentOS/RHEL 6:
[root@localhost ~]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Retrieving http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
warning: /var/tmp/rpm-tmp.L4c7BW: Header V4 DSA/SHA1 Signature, key ID 00f97f56: NOKEY
Preparing...                ########################################### [100%]
   1:remi-release           ########################################### [100%]

[root@localhost ~]# yum clean all
[root@localhost ~]# yum install epel-release
Loaded plugins: fastestmirror
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: mirrors.zju.edu.cn
 * extras: mirrors.163.com
 * updates: mirrors.aliyun.com
Resolving Dependencies
--> Running transaction check
---> Package epel-release.noarch 0:6-8 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==================================================================================================
 Package Arch Version Repository Size
==================================================================================================
Installing:
 epel-release noarch 6-8 extras 14 k

Transaction Summary
==================================================================================================
Install 1 Package(s)

Total download size: 14 k
Installed size: 22 k
Is this ok [y/N]: y
Downloading Packages:
epel-release-6-8.noarch.rpm | 14 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
 Installing : epel-release-6-8.noarch 1/1
 Verifying : epel-release-6-8.noarch 1/1

Installed:
 epel-release.noarch 0:6-8

Complete!
หากเกิด Cannot retrieve metalink for repository ให้ทำการ Update CA ก่อน
# yum --disablerepo=epel -y update ca-certificates
# yum install phpmyadmin

Configure phpMyAdmin


# vi /etc/httpd/conf.d/phpMyAdmin.conf


# Alias /phpMyAdmin /usr/share/phpMyAdmin
# Alias /phpmyadmin /usr/share/phpMyAdmin
Alias /mysql /usr/share/phpMyAdmin

AddDefaultCharset UTF-8
# Apache 2.4
Require ip 127.0.0.1
Require ip ::1
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 192.168.199.0/24
Allow from ::1
# service httpd restart

http://192.168.199.5/phpmyadmin

http://192.168.199.5/mysql

phpMyAdmin.PNG

How to Install nslookup on CentOS

[root@localhost ~]# yum install bind bind-utils -y
[root@localhost network-scripts]# yum install bind-utils
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.lzu.edu.cn
 * epel: epel.mirror.angkasa.id
 * extras: mirrors.yun-idc.com
 * remi-safe: fr2.rpmfind.net
 * updates: ftp.sjtu.edu.cn
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package bind-utils.x86_64 32:9.8.2-0.47.rc1.el6 will be installed
--> Processing Dependency: bind-libs = 32:9.8.2-0.47.rc1.el6 for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: liblwres.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: libisccfg.so.82()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: libisccc.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: libisc.so.83()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: libdns.so.81()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Processing Dependency: libbind9.so.80()(64bit) for package: 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64
--> Running transaction check
---> Package bind-libs.x86_64 32:9.8.2-0.47.rc1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package           Arch          Version                      Repository   Size
================================================================================
Installing:
 bind-utils        x86_64        32:9.8.2-0.47.rc1.el6        base        187 k
Installing for dependencies:
 bind-libs         x86_64        32:9.8.2-0.47.rc1.el6        base        889 k

Transaction Summary
================================================================================
Install       2 Package(s)

Total download size: 1.1 M
Installed size: 2.7 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): bind-libs-9.8.2-0.47.rc1.el6.x86_64.rpm           | 889 kB     00:00
(2/2): bind-utils-9.8.2-0.47.rc1.el6.x86_64.rpm          | 187 kB     00:00
--------------------------------------------------------------------------------
Total                                           428 kB/s | 1.1 MB     00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64                       1/2
  Installing : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64                      2/2
  Verifying  : 32:bind-libs-9.8.2-0.47.rc1.el6.x86_64                       1/2
  Verifying  : 32:bind-utils-9.8.2-0.47.rc1.el6.x86_64                      2/2

Installed:
  bind-utils.x86_64 32:9.8.2-0.47.rc1.el6

Dependency Installed:
  bind-libs.x86_64 32:9.8.2-0.47.rc1.el6

Complete!
[root@localhost network-scripts]# nslookup
> www.google.com
Server:         192.168.99.1
Address:        192.168.99.1#53

Non-authoritative answer:
Name:   www.google.com
Address: 74.125.68.106
Name:   www.google.com
Address: 74.125.68.104
Name:   www.google.com
Address: 74.125.68.99
Name:   www.google.com
Address: 74.125.68.105
Name:   www.google.com
Address: 74.125.68.147
Name:   www.google.com
Address: 74.125.68.103
>
[root@localhost ~]# service named start
Generating /etc/rndc.key: [ OK ]
Starting named: [ OK ]
[root@localhost ~]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6
CPUs found: 4
worker threads: 4
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 19603) is running...

CentOS Firewall SSH access Limiting

Reference : www.digitalocean.com


# iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

[root@localhost ~]# w
 13:43:57 up 12:11,  2 users,  load average: 0.25, 0.12, 0.03
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                Wed23   11:58m  0.06s  0.06s -bash
root     pts/0    192.168.99.101   13:36    0.00s  0.02s  0.00s w

IPTables Rules

Save new rules to take effect
# /sbin/service iptables save 
# iptables-save

[root@localhost sysconfig]# /sbin/service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

Restart new rules to take effect
# /sbin/service iptables restart
# service iptables restart

[root@localhost sysconfig]# /sbin/service iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: filter          [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

[root@localhost sysconfig]# ls -ll iptables*
-rw-------  1 root root 1367 Aug 21 13:59 iptables
-rw-------. 1 root root 1740 Feb 25  2012 iptables-config
-rw-------. 1 root root  873 Mar 25 18:29 iptables.old
-rw-------  1 root root 1342 Aug 21 13:59 iptables.save

# service iptables status
[root@localhost sysconfig]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A INPUT -p icmp --icmp-type timestamp-request -j DROP
-A OUTPUT -p icmp --icmp-type timestamp-reply -j DROP
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2055 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# iptables --flush
# iptables --list
[root@localhost sysconfig]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 13

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 14

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:69
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:514
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10000
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:2055
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Step 1: eth1 Interface for Multi-Interface for IP-NMS

# iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -i eth1 -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -i eth1 -p tcp --dport 443 -j ACCEPT
# iptables -A INPUT -i eth1 -p icmp -m comment --comment "Allow Ping from IP-NMS as expected" -j ACCEPT

Recomment Add GATEWAY="10.180.3.254"

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1"
BOOTPROTO="none"
BROADCAST="10.180.3.255"
DNS1=""
GATEWAY="10.180.3.254"
IPADDR="10.180.3.252"
NETMASK="255.255.255.0"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"

[root@localhost ~]# netstat -anr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
8.8.8.8         192.168.99.1    255.255.255.255 UGH       0 0          0 eth0
192.168.99.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
10.180.3.0      0.0.0.0         255.255.255.0   U         0 0          0 eth1
10.180.0.0      10.180.3.254    255.255.0.0     UG        0 0          0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth1
10.154.0.0      10.180.3.254    255.255.0.0     UG        0 0          0 eth1
10.155.0.0      10.180.3.254    255.255.0.0     UG        0 0          0 eth1
10.168.0.0      10.180.3.254    255.255.0.0     UG        0 0          0 eth1
0.0.0.0         10.180.3.254    0.0.0.0         UG        0 0          0 eth1

[root@localhost ~]# cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep

[root@localhost network-scripts]# dmesg | grep eth0
e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx

How To Install the BIND DNS Server on CentOS 6

[root@localhost network-scripts]# yum install bind bind-utils -y
[root@localhost network-scripts]# chkconfig named on
[root@localhost network-scripts]# ping www.google.com
PING www.google.com (216.58.196.164) 56(84) bytes of data.
64 bytes from sin04s05-in-f164.1e100.net (216.58.196.164): icmp_seq=1 ttl=51 time=42.4 ms
64 bytes from sin04s05-in-f164.1e100.net (216.58.196.164): icmp_seq=2 ttl=51 time=46.2 ms
64 bytes from sin04s05-in-f164.1e100.net (216.58.196.164): icmp_seq=3 ttl=51 time=42.6 ms
^C
--- www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2761ms
rtt min/avg/max/mdev = 42.454/43.780/46.259/1.754 ms
[root@localhost network-scripts]#

[root@localhost ~]# w
 00:48:44 up 23:16,  3 users,  load average: 0.13, 0.10, 0.07
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     tty1     -                Wed23   23:02m  0.06s  0.06s -bash
root     pts/0    192.168.99.101   00:42    1:06   0.02s  0.02s -bash
root     pts/1    10.11.3.38       00:48    0.00s  0.00s  0.00s w
[root@localhost ~]#

Remove Routes 169.254.0.0 / 255.255.0.0 From the System

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.99.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.180.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.180.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
10.154.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.155.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.168.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
0.0.0.0         192.168.99.1    0.0.0.0         UG    0      0        0 eth0

[root@localhost ~]# ip route
192.168.99.0/24 dev eth0  proto kernel  scope link  src 192.168.99.5
10.180.3.0/24 dev eth1  proto kernel  scope link  src 10.180.3.252
10.180.0.0/16 via 10.180.3.254 dev eth1
169.254.0.0/16 dev eth0  scope link  metric 1002
169.254.0.0/16 dev eth1  scope link  metric 1003
10.154.0.0/16 via 10.180.3.254 dev eth1
10.155.0.0/16 via 10.180.3.254 dev eth1
10.168.0.0/16 via 10.180.3.254 dev eth1
default via 192.168.99.1 dev eth0

[root@localhost ~]# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=localhost.localdomain
GATEWAY=192.168.99.1
NOZEROCONF=yes

[root@localhost ~]# /etc/init.d/network restart
Shutting down interface eth0:                              [  OK  ]
Shutting down interface eth1:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth0:                                [  OK  ]
Bringing up interface eth1:                                [  OK  ]
[root@localhost ~]#  route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.99.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.180.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.180.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.154.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.155.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.168.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
0.0.0.0         192.168.99.1    0.0.0.0         UG    0      0        0 eth0
[root@localhost ~]# ip route
192.168.99.0/24 dev eth0  proto kernel  scope link  src 192.168.99.5
10.180.3.0/24 dev eth1  proto kernel  scope link  src 10.180.3.252
10.180.0.0/16 via 10.180.3.254 dev eth1
10.154.0.0/16 via 10.180.3.254 dev eth1
10.155.0.0/16 via 10.180.3.254 dev eth1
10.168.0.0/16 via 10.180.3.254 dev eth1
default via 192.168.99.1 dev eth0

[root@localhost ~]# ip route add 192.168.99.0 via 192.168.99.1 dev eth0

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
61.19.158.173   192.168.99.1    255.255.255.255 UGH   0      0        0 eth0
192.168.99.0    192.168.99.1    255.255.255.255 UGH   0      0        0 eth0
192.168.99.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.180.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.180.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.154.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.155.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.168.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
0.0.0.0         10.180.3.254    0.0.0.0         UG    0      0        0 eth1
[root@localhost ~]# route del default gw 192.168.99.1 eth0
[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.99.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.180.3.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.168.3.0      10.180.3.254    255.255.255.0   UG    0      0        0 eth1
10.180.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.154.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.155.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1
10.168.0.0      10.180.3.254    255.255.0.0     UG    0      0        0 eth1


Advertisements