Disable IPv6 networking on CentOS

Follow these steps to disable IPv6 on CentOS. Edit the /etc/sysctl.conf file, I will use the nano editor here:

nano /etc/sysctl.conf

And add the following line at the end of the file:

net.ipv6.conf.all.disable_ipv6 = 1

Then run:

sysctl -p

to load the new settings.

The next step is to edit the network card configuration file (/etc/sysconfig/network-scripts/ifcfg-eth*) and add or edit the setting IPV6INIT so that it is set to "no".

IPV6INIT="no"

Now edit the file /etc/sysconfig/network:

nano /etc/sysconfig/network

And set the NETWORKING_IPV6 option to "no":

NETWORKING_IPV6=no

Then restart the server.

How to add PHP support for jailed SSH users in ISPConfig 3

Jailkit is an easy to use tool to create and maintain jail environments for shell users on Linux. In this guide, I will show you how to move PHP and its dependencies into the jail so that the jailed user can execute PHP scripts inside the jail.
Continue reading How to add PHP support for jailed SSH users in ISPConfig 3

How to Backup OpenVZ Containers with vzdump on CentOS 6

OpenVZ is a Linux based Kernel virtualization technology developed by SWSoft for its commercial product Virtuozzo. The modified Linux Kernel and the system utilities are released under an OpenSource license. Vzdump is a shell based backup program for OpenVZ virtual machines. It is made for containers that use the traditional "simfs" filesystem, it can not be used for containers with "ploop" filesystem.

Continue reading How to Backup OpenVZ Containers with vzdump on CentOS 6

How to use IPTables on CentOS 7

Centos 7 replaced the traditional IPTables Linux Kernel Firewall with the Firewalld service. There are still a lot of scripts available that require the use of IPTables. A common example is the software Fail2ban.

In this guide, I will explain the installation of IPTables on Centos 7.x

The first step is to stop and mask the firewalld service:

systemctl stop firewalld
systemctl mask firewalld

Then install the "iptables-services" package with the yum package installer:

yum install iptables-services

And enable the new service:

systemctl enable iptables

IPTables is now ready to be used on your server. For example you can block an external IP address now with the iptables command:

iptables -A INPUT -s 192.168.0.10 -j DROP

Rules that you set with iptables persist only until the next reboot. To save them permanently use the following command:

service iptables save

How to change the Hostname on CentOS 7

The easiest way to change the hostname on CentOS 7 is to use the hostnamectl command.

First I will check the current hostname by running "hostnamectl status" on the shell of my server:

hostnamectl status

The output on my system is:

[root@server1 ~]# hostnamectl status
   Static hostname: server1.example.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: d89865d34b5a4637a9a4ff0ce0f6da02
           Boot ID: 56d1685056d743b39e57a7b9cbfe467c
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-123.el7.x86_64
      Architecture: x86_64

Then I change the hostname with the set-hostname option of the hostnamectl command to server2.example.com

hostnamectl set-hostname server2.example.com

Afterward, I check with the command hostname and hostname -f if the hostname change has succeeded.

hostname
hostname -f

The result should be:

[root@server1 ~]# hostname
server2.example.com
[root@server1 ~]# hostname -f
server2.example.com

Instead of the hostname command you could also use the "hostnamectl status" command again to check if the new hostname has been set:

[root@server1 ~]# hostnamectl status
   Static hostname: server2.example.com
         Icon name: computer-vm
           Chassis: vm
        Machine ID: d89865d34b5a4637a9a4ff0ce0f6da02
           Boot ID: 56d1685056d743b39e57a7b9cbfe467c
    Virtualization: vmware
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-123.el7.x86_64
      Architecture: x86_64

How to Copy Files with SCP between Linux Servers

1.1 SCP Command Line-An Overview

 

The SCP command line is commonly used to copy files over SSH, and between popular Operating systems like Linux, Mac and Windows in a secure fashion. SCP is used to copy files to/from a remote server. It also allows you to copy files from one remote server to another remote server, without passing traffic through your PC.

Continue reading How to Copy Files with SCP between Linux Servers

Solution for dovecot error: /path/ is no longer mounted. If this is intentional, remove it with doveadm mount

Dovecot is watching the whole server filesystem for modifications and removed or added sub filesystems. If you get errors similar to this one on your server:

Aug 30 09:10:23 server1 dovecot: master: Warning: /var/www/clients/client1/web1/log is no longer mounted. If this is intentional, remove it with doveadm mount

 (the directory path may vary), then you can fix it by excluding the path from being watched by dovecot. In my case, dovecot shall not watch my website directories as they do not contain any mailboxes

Run the following command on the shell as root user:

doveadm mount add '/var/www/*' ignore

To exclude all files and folders in /var/www from deovecot monitoring.

 

Solution for amavisd error – TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe – on OpenVZ server

If you get error messages from amavisd similar to the one posted below on a server which is virtualized with OpenVZ:

Mar  5 09:09:02 v100 amavis[17378]: (17378-14) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 100) line 987, <GEN44> line 31.

then the issue can be caused by the NUMTCPSOCK value in the openvz limits. Even if the barrier of this limit was never met in /proc/user_beancounters, the above error occurs when more then 25% of all TCP sockets were used. The solution is to set the NUMTCPSOCK barrier and limit to a high value in the openvz container configuration file. Here a value that worked for me on a moderately used mailserver:

NUMTCPSOCK="2000:2000"

Finally restart the OpenVZ VM to apply the new limit value.