In this article, we will learn how to switch a Linux firewall from IPtables to nftables on Ubuntu. IPtables, which is based on the Linux kernel Netfilter module, is currently the default firewall for many Linux distributions. It protects against multiple threat vectors and allows your server to block unwanted traffic based on a specific ruleset.Continue reading “How To Install nftables In Ubuntu”
Reading Time: 3 minutes
What Is Jenkins?
Jenkins is an open source automation server software developed in Java. It allows developers to integrate CI/CD (Continuous Integration/Continuous Delivery) pipelines within their organization that ease and automate workflows. It has an extensive help community, supports over 1000 plugins, allows users the ability to automate almost any task and, it saves significant time that can be better utilized addressing other issues.
When automating tasks with Jenkins, users can optimize their workflow by quickly automating the jobs that servers are not able to do themselves. Jenkins has a wide array of features including building projects, executing unit tests for bug detection, analyzing static code, and deploying applications. For this article, we will learn how to install Jenkins on a Ubuntu 16.04 server using APT (Advanced Package Tool). When using APT, we can retrieve and install all of the needed dependencies as well.
Reading Time: 4 minutes
What is Webmin?
Webmin is a browser-based graphical interface to help you administrate your Linux server. Much like cPanel or Plesk, Webmin allows you to set up and manage accounts, Apache, DNS zones, users and configurations. As these configurations can get somewhat complicated Webmin works to simplify this process. The result is fewer issues during server and domain setup. Which results in a stable server and a pleasant administration experience. Unlike Plesk or cPanel, Webmin is completely free and open to the public. Unfortunately, here at Liquid Web, we do not offer managed support for Webmin, but we are always willing to assist as much as possible when issues arise. You can download Webmin from their site. Also, you can find some excellent documentation on this interface.
Before beginning “if you have not already” you will need to install Webmin on your server. For this article, we will mainly be working with Webmin installed on a Ubuntu server. However, it is very similar to CentOS, therefore, we have included instructions for both operating systems below.
- First, you will need to access your server SSH. If you are not sure how to SSH into your server, please visit our link on the subject.
- Once you are logged into your server SSH, please run the following commands in order or copy and paste the entire syntax.
sudo sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'wget -qO - http://www.webmin.com/jcameron-key.asc | sudo apt-key add -
sudo apt-get updatesudo apt-get install webmin
name=Webmin Distribution Neutral
yum -y install webmin)
Webmin is a web-based application. So once Webmin is installed, you can access Webmin by using a browser of your choice. Be sure to make sure port 10000 is open on your server as Webmin utilizes this port to function. We have included steps below to ensure the correct port is open for iptables and firewalld.
iptables-save > /tmp/tabsavYou should be able to use the command above to alter you iptables to look something like what we have included below.
iptables-restore < /tmp/tabsav
# Generated by iptables-save v1.4.7 on Thu Jan 3 00:02:49 2019
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3044:1198306]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibited
# Completed on Thu Jan 3 00:02:49 2019
firewall-cmd --zone=public --add-port=10000/tcp --permanent
Once you have made sure port 10000 is open, you should be able to access the Webmin interface by entering in your servers IP address followed by the port number “10000”
Example: https://192.168.1.100:10000 <—— 192.168.1.100 should be replaced with your server IP.
Installing PHP Versions in Webmin
There is a lot of situations where we may need to use multiple PHP versions. For example, you may have multiple domains or applications on your server that require an older version of PHP while at the same time you may have newer domains that are configured for newer versions of PHP. For this article, we will be installing PHP7 and PHP5.6 on Debian.
Step 1: First, you will want to SSH into your server and run the following command.
apt-get install php7.0-cli php7.0-fpmYou can check the installation after it has completed by running php –v in your terminal.
Step 2: Now here is where things tend to get tricky. By default, Debian only offers a single PHP version in the official repository. So, we will have to add an additional repository for Debian. While adding this repository, it is good practice to enable HTTPS for APT and register the APT key. You can accomplish this by executing the commands we have included below.
apt-get install apt-transport-https
curl https://packages.sury.org/php/apt.gpg | apt-key add -
echo 'deb https://packages.sury.org/php/ stretch main' > /etc/apt/sources.list.d/deb.sury.org.list
Once the repository is added, we can go ahead and add our second PHP version to the server.
apt-get install php5.6-cli php5.6-fpmWe can now check both PHP versions on the server by running these commands.
Now that we have confirmed both PHP versions are installed you can access their configuration files in the following directories.
Step 3: To make things easier, later on, we will want to add the location of the configuration files to Webmin. This can be done from within the Webmin interface.
- Log into Webmin
- Navigate to Others >> PHP Configuration
- Add the PHP configuration file location
- Click Save
You can use this tool to add and edit directives for different PHP versions. For example, you’ll be able to edit PHP’s memory limit, timeout length, extensions and more. This simply helps consolidate configurations within one interface. From here we can just use a .htaccess file to specify what version of PHP a site should use.
Step 4: If you do not have this file already within your document root you can add this file by navigating to /var/www/exampledomain/ and running the following command to indicate which PHP version you are going to use.
echo "AddHandler application/x-httpd-php56 .php" > .htaccess | chown exampleuser. .htaccess
echo "AddHandler application/x-httpd-php70.php" > .htaccess | chown exampleuser. .htaccess
Step 5: Once you have completed this, you can test to see if your site is running on the desired PHP version. You can accomplish this by creating a PHP information page. by making a file in your document root, usually in the path of /var/www/html/
You will want to insert the code below and save the file.
<? phpinfo(); ?> After you have created this file, you can view the page by visiting your domain followed by the name of the file you created. For example, www.example.com/phpinfo.php.
Congratulations you can now use Webmin to accomplish your daily admin tasks! Take a look at our Cloud VPS servers for 24/7 support and lightning speed servers!
Reading Time: 4 minutesHave you ever needed to copy files from your local computer over to your web server? You may have previously used File Transfer Protocol (FTP) applications for this task, but FTP is prone to being insecure and can be challenging to work with over the command line. What if there was a better way? In this tutorial, we’ll be covering two popular utilities in the Linux world to securely assist in file transfers, rsync and lsyncd. We’ll show you how to install and use both in this article. Let’s dig in!
Reading Time: 2 minutesThere is a new exploit, rated as 7.8 severity level, that affects major Linux distributions of RedHat Enterprise Linux, Debian 8 and CentOS named Mutagen Astronomy. Mutagen Astronomy exploits an integer overflow vulnerability in the Linux kernel and supplies root access (admin privileges) to unauthorized users on the intended server. This exploit affects Linux kernel version dating back from July 2007 to July 2017. Living in the kernel, the memory table can be manipulated to overflow using the create_tables_elf() function. After overwhelming the server, the hacker can then overtake the server with its malicious intents. Continue reading “Protecting against CVE-2018-14634 (Mutagen Astronomy)”
Reading Time: 2 minutes
Systemd is the System Management Daemon, which provides a standard for controlling the Linux boot process. It is named per the UNIX convention of adding ‘d’ to the end of daemon’s name. Systemd is intended as a drop-in replacement for the very common init start-up scripts for the boot process (which is also referred to as System V or SysV).
Though there is some debate regarding the benefits of systemd, the advantages do include: Service Reporting (failed? suspended? error?), Process Monitoring (kills user processes at logout), and Parallel Processes (multiple services are able to start at same time, improving boot times).