Category Archives: Server project

Why PostgreSQL is not so popular? (howto part 2)

So… After the first part (Link) where we talk about the installation,
the next step would be to create root user and to change postgres and root password.

[root@XTdata init.d]# su postgres
bash-3.2$ createuser -s root
bash-3.2$ createdb root --owner=root
exit
 
[root@XTdata data]# psql
psql (9.2.4)
Type "help" for help.
 
root=# ALTER USER postgres WITH PASSWORD 'SomePAASWDe348';
ALTER ROLE
root=# ALTER USER root WITH PASSWORD 'SomePAASWDe3489898';
ALTER ROLE
root=# \q

Now, the next step would be to allow remote connections.

postgresql.conf is the main PostgreSQL config file. To be able to reach the server remotely, find the commented line

#listen_addresses = 'localhost'         # what IP address(es) to listen on;

uncomment the line and replace the localhost with the servers IP address. (or replace it with * which means – listen on all interfaces)

listen_addresses = '*'         # what IP address(es) to listen on;

PostgreSQL, by default, refuses all connections it receives from any remote host. The remote hosts can be controled via pg_hba.conf file (located in the same dir like postgresql.conf).

Add the next line

host    all             all             192.168.10.57/32         md5

where 192.168.10.57 is the remote host IP address.

Also, you can allow any host by replacing the 192.168.10.57/32 with 0.0.0.0/0.

The line syntax is

local      DATABASE  USER  METHOD  [OPTIONS]
host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]

which is documented inside the pg_hba.conf. Save the file and restart the server.

I prefer the pgAdmin III tool which can be used for remote management. Fire it up, select File, Add Server… Enter name, host, Username and password.

This should be enough for now…

Logrotate settings

As you probably know, the default logrotate period on RH based distros is 7 days. From my point of view, this number is to big for production servers (files can became extremely large so grep through them can be very slow).

To change this behavior, open /etc/logrotate.conf and replace weekly line with daily. Also, increase the number of files you would like to keep from 4 to something larger (for example 40 or 50 which means 40 or 50 days)

It should looks a like

# see "man logrotate" for details
# rotate log files weekly
#weekly
daily
 
# keep 4 weeks worth of backlogs
rotate 70

Extra Packages for Enterprise Linux – EPEL HowTo

EPEL (Extra Packages for Enterprise Linux) is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs, such as CentOS and Scientific Linux.

Adding EPEL repo is very easy:

wget http://ftp.heanet.ie/pub/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm

From unknown reason for me, CentOS 6.x goes without php-mcrypt package and it is impossible to install this rpm from base repos. Some apps will complain about this and one of the solutions is to install this rpm from EPEL repo… After you added EPEL repo, type:

yum install php-mcrypt

CentOS server – Simple quota howto

From time to time you can run into storage issues where users are uncontrolled and they decide to use your storage as their own. There are several solutions for this problem and I’ll tell you the two of them. The first solution is to delete their account and brake their arms so they won’t be able to use computer at all. This solution is now always acceptable so you should check the second one…

Continue reading CentOS server – Simple quota howto

CentOS server – Vsftpd Howto

To set up your CentOS as a secure FTP server, follow the next couple steps

Install VSFTPD with

yum install vsftpd

Turn on vsftpd auto start with

(CentOS 6.x)

chkconfig --level 235 vsftpd on

(CentOS 7.x)

systemctl vsftpd enable

Open vsftpd.conf

nano /etc/vsftpd/vsftpd.conf

and edit the next:

1. Change anonymous_enable=YES to anonymous_enable=NO

2. Uncomment chroot_local_user=YES line (In CentOS 5.x you will need to add this line)

3. Change the default port number from 21 to XXXXX (where XXXXX is above 1024) with listen_port=XXXXX

It this line doesn’t exist, paste it to the end of the file. Be sure that port XXXXX is accessible.

4. The vsftpd version that comes with Centos 7 does not permit  chrooted local users to write by default. To “fix” this, you’ll need to add the next line:

allow_writeable_chroot=YES

Restart vsftpd with service vsftpd restart. Please keep in mind that changing default port number doesn’t mean that your server is 100% secured. It will help you to avoid random dictionary attacks and your log files will be much smaller. Good password is a MUST.

CentOS server – Webmin howto

Webmin is a web-based app for system administration for Unix/Linux. With Webmin, you can setup user accounts, web server, mail server  and much more.

In this post, I’ll show how to install Webmin on RedHat based distros.

Download webmin with

wget http://www.webmin.com/download/rpm/webmin-current.rpm

Install webmin with with

rpm -Uvh webmin*

After installation, start Webmin with “service webmin start”. You can access Webmin via web browser (localhost:10000)

It is good idea to change the default port. To do this, open miniserv.conf (usually /etc/webmin/miniserv.conf) with

nano /etc/webmin/miniserv.conf

and change the default port number from 10000 to something more secure (port=23345 for example). Save the file and restart Webmin (service webmin restart).