So… After the first part (Link) where we talk about the installation,
the next step would be to create root user and to change postgres and root password.
[root@XTdata init.d]# su postgres
bash-3.2$ createuser -s root
bash-3.2$ createdb root --owner=root
[root@XTdata data]# psql
Type "help" for help.
root=# ALTER USER postgres WITH PASSWORD 'SomePAASWDe348';
root=# ALTER USER root WITH PASSWORD 'SomePAASWDe3489898';
Now, the next step would be to allow remote connections.
postgresql.conf is the main PostgreSQL config file. To be able to reach the server remotely, find the commented line
#listen_addresses = 'localhost' # what IP address(es) to listen on;
uncomment the line and replace the localhost with the servers IP address. (or replace it with * which means – listen on all interfaces)
listen_addresses = '*' # what IP address(es) to listen on;
PostgreSQL, by default, refuses all connections it receives from any remote host. The remote hosts can be controled via pg_hba.conf file (located in the same dir like postgresql.conf).
Add the next line
host all all 192.168.10.57/32 md5
where 192.168.10.57 is the remote host IP address.
Also, you can allow any host by replacing the 192.168.10.57/32 with 0.0.0.0/0.
The line syntax is
local DATABASE USER METHOD [OPTIONS]
host DATABASE USER ADDRESS METHOD [OPTIONS]
hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
which is documented inside the pg_hba.conf. Save the file and restart the server.
I prefer the pgAdmin III tool which can be used for remote management. Fire it up, select File, Add Server… Enter name, host, Username and password.
This should be enough for now…
As you probably know, the default logrotate period on RH based distros is 7 days. From my point of view, this number is to big for production servers (files can became extremely large so grep through them can be very slow).
To change this behavior, open /etc/logrotate.conf and replace weekly line with daily. Also, increase the number of files you would like to keep from 4 to something larger (for example 40 or 50 which means 40 or 50 days)
It should looks a like
# see "man logrotate" for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS and Scientific Linux.
Adding EPEL repo is very easy:
rpm -Uvh epel-release-6-8.noarch.rpm
From unknown reason for me, CentOS 6.x goes without php-mcrypt package and it is impossible to install this rpm from base repos. Some apps will complain about this and one of the solutions is to install this rpm from EPEL repo… After you added EPEL repo, type:
From time to time you can run into storage issues where users are uncontrolled and they decide to use your storage as their own. There are several solutions for this problem and I’ll tell you the two of them. The first solution is to delete their account and brake their arms so they won’t be able to use computer at all. This solution is now always acceptable so you should check the second one…
Continue reading CentOS server – Simple quota howto
To set up your CentOS as a secure FTP server, follow the next couple steps
Install VSFTPD with
Turn on vsftpd auto start with
chkconfig --level 235 vsftpd on
and edit the next:
1. Change anonymous_enable=YES to anonymous_enable=NO
2. Uncomment chroot_local_user=YES line (In CentOS 5.x you will need to add this line)
3. Change the default port number from 21 to XXXXX (where XXXXX is above 1024) with listen_port=XXXXX
It this line doesn’t exist, paste it to the end of the file. Be sure that port XXXXX is accessible.
4. The vsftpd version that comes with Centos 7 does not permit chrooted local users to write by default. To “fix” this, you’ll need to add the next line:
Restart vsftpd with service vsftpd restart. Please keep in mind that changing default port number doesn’t mean that your server is 100% secured. It will help you to avoid random dictionary attacks and your log files will be much smaller. Good password is a MUST.
Webmin is a web-based app for system administration for Unix/Linux. With Webmin, you can setup user accounts, web server, mail server and much more.
In this post, I’ll show how to install Webmin on RedHat based distros.
Download webmin with
Install webmin with with
After installation, start Webmin with “service webmin start”. You can access Webmin via web browser (localhost:10000)
It is good idea to change the default port. To do this, open miniserv.conf (usually /etc/webmin/miniserv.conf) with
and change the default port number from 10000 to something more secure (port=23345 for example). Save the file and restart Webmin (service webmin restart).