Install and configure cockpit with SSL (debian)

1. Edit /etc/apt/sources.list file or create new file /etc/apt/sources.list.d/Backports.list and add below lines

        #deb stretch-backports main contrib non-free
        #deb stretch main
        #deb debian-stretch main

2.  Install cockpit package
        #sudo apt-get update
        #sudo apt-get install cockpit

3. Manage SSL certificate for cockpit (by using existing SSL certifcates) 
        #cat /etc/cockpit/ws-certs.d/cockpit.base.cert > /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #cat /etc/ssl/certs/web/ >> /etc/cockpit/ws-certs.d/0-self-signed.cert 
        #systemctl reload cockpit

4.  Configure apache2 for SSL certificate and redirection
        Create a file /etc/apache2/sites-available/cockpit.conf and and put the entries given below

           <VirtualHost *:80>
           Redirect permanent /

          <IfModule mod_ssl.c>
          <VirtualHost *:443>
           SSLCertificateFile /etc/ssl/certs/web/
           SSLCertificateKeyFile /etc/ssl/certs/web/
           Include /etc/letsencrypt/options-ssl-apache.conf
           ProxyPreserveHost On
           ProxyRequests Off

          # allow for upgrading to websockets
           RewriteEngine On
           RewriteCond %{HTTP:Upgrade} =websocket [NC]
           RewriteRule /(.*) ws://$1 [P,L]
           RewriteCond %{HTTP:Upgrade} !=websocket [NC]
           RewriteRule /(.*)$1 [P,L]

           # Proxy to your local cockpit instance
           ProxyPass /
           ProxyPassReverse /



5. Configure IPTables to drop requests on 9090 from world
        #iptables -A INPUT -p tcp -s --dport 9090 -j ACCEPT
        #iptables -A INPUT -p tcp --dport 9090 -j DROP

 6. Enable Apache Configuration 
        #ln -s /etc/apache2/sites-available/cockpit.conf /etc/apache2/sites-enabled/cockpit.conf
        #systemctl reload apache2


After this setup web terminal cockpit will be available only on and will not work                          

create swap partition using swapfile

  1. On the server there is 4GB memory and 4GB swap file on TEST server which is not enough.
  2. Now the existing swap partition is created in lvm and there is no scope to increase the size
  3. To overcome this problem create a swapfile using dd command with permission 0600
  4. Change the file permission to 0600
  5. Set the file as swap area
  6. Test by enabling the swap on swapfile
  7. Make this boot persistent by adding the entry in fstab
  8. Always run mount -a command to check if any error in fstab file
  9. Now disable swap on /swapfile which we have enabled manually and check swap partitions
  10. Now check boot persistence by swapon command 

ssh jailing with all commands

Steps for ssh jailing

  1. Create a user for jailing environment and set password if user doesn't exist.
    #useradd -m testuser
    #passwd testuser 
  2. Create a Directory Structure for Secure environment.
    ( In our case we are creating secure environment in /home directory. You can change it according to requirement)
    #cd /home
    #mkdir -p secure/home
    #cd /home/secure/home
    #mkdir testuser
    #chown testuser:testuser testuser
  3. Enable commands for the user in chrooted environment.
    #cp -pr /bin /home/secure/
    #cp -fr /lib /home/secure/
    #cp -fr /lib64 /home/secure/
    #mkdir /home/secure/usr
    #cp -pr /usr/lib /home/secure/usr/
    #cp -pr /usr/bin /home/secure/usr/
    #mkdir -p /home/secure/etc/
    #cp -p /etc/environment /home/secure/etc/ 
  4. Configuration for jailing.
    Edit the file sshd_config
    #vi /etc/ssh/sshd_config
      #SSH JAILING                     
      Match User testuser
      chrootdirectory /home/secure
      #ForceCommand internal-sftp   (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed )
  5. # service sshd reload 
  6. After logging in from another server /home/secure will become your / partition over ssh connection.
           #ssh testuser@<ip>
Chroot Configuration for Group:
  1. Suppose there are multiple users which needs to be restricted using chroot. 
    Then create a group chroot and add users to the group
     #groupadd chroot
     #usermod -aG chroot testuser
  2. change sshd config like given below
     #SSH JAILING                     
     Match Group chroot 
     chrootdirectory /home/secure 
       #ForceCommand internal-sftp (If you uncomment this line it will restrict ssh connection and  only sftp connections will be allowed ) # service sshd reload 
  3. # service sshd reload 

Things to remember:
  1. The chroot directory should alway have root ownership and permission 755 
    otherwise you will get below error
    packet_write_wait: Connection to x.x.x.x port 22: Broken pipe
  2. Don't forget to copy /etc/environment
    otherwise you will get below error while changing shell to bash
    bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)


Configure WIFI Without GUI in Linux

1) Find out the wireless device name.

#iw dev

2) check wireless device status up or down

#ip link show wlan0

3) scan wireless networks

#iw wlan0 scan

Now to configure and connect wireless without GUI we will require package wpa_supplicant-0.7.3-9.el6.i686

4) Create a configuration file

#wpa_passphrase >> /etc/wpa_supplicant/wpa_supplicant.conf

5) To start the device through command line

#wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

where -B means run wpa_supplicant in the background.
-D specifies the wireless driver. wext is the generic driver.
-c specifies the path for the configuration file.

put above command in /etc/rc.local so that after booting it will automatically connect to wireless device.

Enabling usb wifi on CentOS 7

Enabling usb wifi  on Centos is really a difficult job. most of the times it requires drivers compilation and adding /removing modules which may be time consuming.

Its better to upgrade kernel to the latest release

To upgrade the kernel without kernel compilation follow below steps

Step 1: Install elrepo to your CentOS 7 system

# rpm –import

# rpm -ivh

# yum –enablerepo=elrepo-kernel list available |grep kernel

# yum –enablerepo=elrepo-kernel install kernel-ml*  (select kernel-ml as they are the stable release kernels)

# grub2-set-default “CentOS Linux (4.18.1-1.el7.elrepo.x86_64) 7 (Core)”

reboot your system and configure network to the wireless usb card.


Mount Google Drive on Linux (Debian) Server

For mounting Google Drive on your server. you will require two things.
  1. A project created and configured with OAuth client id and scecret on Google
  2. google-drive-ocamlfuse installed and configured
Create Project

1. go  to

and create new project

Click on create credentials

Select OAuth Client ID

Click on configure Consent Screen

Provide email address and product name

To Create Client ID select others and provide Name and click on create

It will give you OAuth Client ID and Secret. Please note it down and keep safe.

Installation of google-drive-ocamlfuse On debian 9
1. First install the required packages
apt-get install libcurl4-gnutls-dev libfuse-dev libgmp-dev libsqlite3-dev camlp4-extra debianutils libcurl4-gnutls-dev perl  m4 pkg-config zlib1g-dev

2. adduser <user> fuse ( adding user to group fuse usrmod also works)

3. Set the Permissions

#sudo chown root.fuse /dev/fuse
#sudo chmod 660 /dev/fuse

4. Install Google Drive Ocamlfuse

# su <user>
# opam init
# opam update
# opam install depext
# eval `opam config env`
# opam depext google-drive-ocamlfuse
# opam install google-drive-ocamlfuse
# . /home/<user>/.opam/opam-init/ > /dev/null 2> /dev/null || true

#/home/<user>/.opam/system/bin/google-drive-ocamlfuse -headless -label googledrive -id <OAuth Client ID> -secret <OAuth Client Secret>

It will give you one url ask you to visit that url and get the code from the webpage and provide it

Open that url in browser and copy paste  the verification code to termianl

create mount point

# mkdir /mnt/Google-drive

#  /home/<user>/.opam/system/bin/google-drive-ocamlfuse -label googledrive /mnt/Google-drive/

Above command will enable that mount only for the user and not others not even root

To enable mount point for user root

edit file /etc/fuse.conf and uncomment below line


Then run below command ( In case of ubuntu  exclude sudo -u <user> and run command directly as root.)

#sudo -u <user> /home/<user>/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/ > /var/log/gdrive_mount.log 2>&1 &

Add below line (/etc/rc.local)

sudo -u  <user> /home/<user>/.opam/system/bin/google-drive-ocamlfuse -o allow_root -label googledrive /Google-drive/  2>$1  & 

Thus only user and root will be able to use mounted drive.


Country settings in AWStats

By implementing this setting in AWStats you can track the Geo location of visitor of your website.

Follow the procedure to implement the settings
#mkdir /usr/local/share/GeoIP
#cd /tmp wget -N
#gunzip GeoIP.dat.gz mv GeoIP.dat /usr/share/GeoIP
#wget -N

or or or

#yum install mod_geoip
#yum install geoipdate
#yum install geoip-devel

Now Edit the file configuration file for your website in /etc/awstats  and  search below lines

#LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /pathto/GeoIPCity.dat"
#LoadPlugin="geoip GEOIP_STANDARD /pathto/GeoIP.dat"

and change to

GeoIPCity.dat LoadPlugin="geoip GEOIP_STANDARD /usr/share/GeoIP/GeoIP.dat"
LoadPlugin="geoip_city_maxmind GEOIP_STANDARD /usr/share/GeoIP/"

It may give you error like below

To Fix this error run below commands
#yum install perl-CPAN
#cpan YAML
#cpan Geo::IP::PurePerl Geo::IP
#ldconfig -v


Web based terminal : shellinabox

First install epel repository  
#yum install epel-release

Install shellinabox by below command

#yum install shellinabox

The shellinabox config file is located in /etc/default/shellinabox file by default in Debian/Ubuntu systems. In RHEL/CentOS/Fedora, the default location of config file is /etc/sysconfig/shellinaboxd.

To change web terminal color scheme to white on black follow the following steps

#vim /etc/sysconfig/shellinaboxd
 comment below line
 OPTS="--disable-ssl-menu -s /:LOGIN"

uncomment below line
 OPTS="--user-css Normal:+black-on-white.css,Reverse:-white-on-black.css --disable-ssl-menu -s /:LOGIN"

This enables right change in profile on right click on browser.

restart the service

note* sometimes the white-on-black.css is not installed. then service will not restart/start and will give error

workaround :

cd /usr/share/shellinabox/

#cp black-on-white.css white-on-black.css
#sed -i s/ffffff/111111/g white-on-black.css
#sed -i s/000000/ffffff/g white-on-black.css
#sed -i s/111111/000000/g white-on-black.css

now restart the service.

(you can change colours by changing the hex colour code in css.)

now for web terminal open a link

https://ip-address:4200 (default port is 4200 you can change it to any by editing config file i.e. /etc/sysconfig/shellinaboxd)


How to setup AWStats for apache log analyzer (CentOS 6.8)

1) Installation
 #yum install epel-release
 #yum install httpd
 #chkconfig httpd on
 #service httpd start
 #yum install awstats

2) Configuration

 a) Changes in log format in httpd.conf
 check the below entry for log format. if it does not exist then add it.    
 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

 b) changes in virtualhosts 

 change your log configuration like below
 CustomLog logs/ combined
 c) configuring awstats.conf for apache 
 #vim /etc/httpd/conf.d/awstats.conf

  add below entries in <Directory "/usr/share/awstats/wwwroot">
  </Directory> container

  AuthUserFile "/path-to-file/.htpasswd"
  AuthName "Restriceted Access"
  AuthType Basic
  Require user "htuser"

 Then create password file by below command
 #htpasswd -c /path-to-file/.htpasswd htuser
 #chmod 404 /path-to-file/.htpasswd htuser

d) creating configuation file for awstat

 #cp /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/
 then edit the file /etc/awstats/

# vim /etc/awstats/ and change the below entries according to domain

( for multiple domains its better to create seperate files for each domain)

e) setting permissions 

now change permissions for the awstat folder

#find  /usr/share/awstats -type d -exec chmod 701 '{}' \;
#find /usr/share/awstats  -type f  -exec chmod 404 '{}' \;

#chmod +x  /usr/share/awstats/wwwroot/cgi-bin/
#chmod 400 /etc/awstats/*.conf

Once you make all the changes make sure to restart apache to get configuration changes into effect

#/etc/init.d/httpd stop
#/etc/init.d/httpd start

or #/etc/init.d/httpd restart

make necessary changes according to your domain in below url  to check the statistics

ssmtp program to send emails

This is the program who sends email. it takes 8,192B of disk space after installation
its quit simple to use.

for that we have to edit /etc/ssmtp/ssmtp.conf like below
#$hostname=sysadmins —-> this line doesn’t affect after commenting


The normal command to send email via command line is
Subject: Sent from a terminal!

script to send message using text file
function welcome_mail
echo enter user name
read username
echo enter full name

cat > /tmp/welcome-reciepent << welcome1
To: $USER@your_domain
From: System Administrator
Subject: Welcome! Please read the instructions

Welcome , Please go through the instructions given below

cat /file_path/instructions >> /tmp/welcome-reciepent

echo “Sending Welcome-mail”
ssmtp $ < /tmp/welcome-reciepent
echo “OK”

and the /file_path/instruction is a simple file in which instructions are written.
like this.

this is instruction1
this is instruction2
this is instruction3
this is instruction4
(Please don’t revert back. This is a system generated email)

merits: 1) simple to use and can be used to mail newly joined user.
2) the mail can be sent by using any mail account as the sender will not be shown (it will show the name we choose.)
3) user cant reply back as there is no emailid in sender

demerits : 1) we can not attach the file.(searching the solution)
2) we will have to install the software for it