• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Create a VM ($25 Credit)
  • Buy a Domain
  • 1 Month free Back Blaze Backup
  • Other Deals
    • Domain Email
    • Nixstats Server Monitoring
    • ewww.io Auto WordPress Image Resizing and Acceleration
  • About
  • Links

IoT, Code, Security, Server Stuff etc

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

  • Cloud
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
    • Setting up a Vultr VM and configuring it
    • All Cloud Articles
  • Dev
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to setup pooled MySQL connections in Node JS that don’t disconnect
    • NodeJS code to handle App logins via API (using MySQL connection pools (1000 connections) and query parameters)
    • Infographic: So you have an idea for an app
    • All Development Articles
  • MySQL
    • Using the free Adminer GUI for MySQL on your website
    • All MySQL Articles
  • Perf
    • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Measuring VM performance (CPU, Disk, Latency, Concurrent Users etc) on Ubuntu and comparing Vultr, Digital Ocean and UpCloud – Part 1 of 4
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap
    • All Performance Articles
  • Sec
    • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
    • Using OWASP ZAP GUI to scan your Applications for security issues
    • Setting up the Debian Kali Linux distro to perform penetration testing of your systems
    • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
    • PHP implementation to check a password exposure level with Troy Hunt’s pwnedpasswords API
    • Setting strong SSL cryptographic protocols and ciphers on Ubuntu and NGINX
    • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
    • All Security Articles
  • Server
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All Server Articles
  • Ubuntu
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Useful Linux Terminal Commands
    • All Ubuntu Articles
  • VM
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All VM Articles
  • WordPress
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
    • How to backup WordPress on a host that has CPanel
    • Moving WordPress to a new self managed server away from CPanel
    • Moving a CPanel domain with email to a self managed VPS and Gmail
    • All WordPress Articles
  • All

Server

Updating PHP 7.0 to 7.1 on an Ubuntu 16.04 Vultr VM

November 21, 2017 by Simon

Here is how you can quickly update PHP 7.0 to 7.1 on a Vultr Ubuntu domain.

I have configured a number of Vultr domains with NGINX and PHP 7.1 FPM and today I realised I need to update PHP 7.0 to 7.1 to fix a  few security exploits (read more here and here on securing Ubuntu in the cloud). PHP has a good page where you can keep up to date with PHP news here https://secure.php.net/. You can also view the PHP bug tracker to view bugs here. PHP aggregation user @php_net on twitter is good to follow, the official PHP twitter account is @official_php.

I have not noticed in daily Ubuntu package updates no option to update PHP 7.0 to 7.1, I must have to update manually.

WARNING: Backup your site and test this on a non-production server before doing it on a live server.  I had an issue with PHP 7.1 breaking WordPress 3.9 (MySQL issues with some plugins) and I had to roll back to 7.0 (see rollback tips in troubleshooting below). WordPress says it is PHP 7.1 compatible but issues exist. WordPress 3.9 ditches “mysql” and used “mysqli” and when instead PHP 7.1 WordPress could not find “mysqli”?

List packages with updates

sudo /usr/lib/update-notifier/apt-check -p
linux-libc-dev
python3-apport
python3-problem-report

You can run the following to view upgradable packages (TIP: Backup NGINX and other configuration files before any upgrades).

apt list --upgradable
Listing... Done
apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
linux-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-headers-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-image-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-libc-dev/xenial-updates,xenial-security 4.4.0-101.124 amd64 [upgradable from: 4.4.0-98.121]
nginx/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-common/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-core/xenial 1.13.4-1chl1~xenial1 amd64 [upgradable from: 1.13.3-1chl1~xenial1]
procmail/xenial-updates,xenial-security 3.22-25ubuntu0.16.04.1 amd64 [upgradable from: 3.22-25]
python-cryptography/xenial 1.9-1+ubuntu16.04.1+certbot+2 amd64 [upgradable from: 1.7.1-2+certbot~xenial+1]
python-openssl/xenial,xenial 17.3.0-1~0+ubuntu16.04.1+certbot+1 all [upgradable from: 17.0.0-0+certbot~xenial+1]
python-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]
python3-apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-problem-report/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]

Update your server packages

sudo apt-get update && sudo apt-get upgrade

Reboot

sudo shutdown -r now

You should now see this on startup

0 packages can be updated.
0 updates are security updates.

You can view your installed PHP configuration file and installed version by typing to following in your servers command line.

# locate php.ini
/etc/php/7.0/apache2/php.ini
/etc/php/7.0/cli/php.ini
/etc/php/7.0/fpm/php.ini

Now let’s install a package viewer

sudo apt-get install apt-show-versions

Search installed packages (or non-installed) PHP packages.

sudo apt-show-versions | grep php | more

libapache2-mod-php7.0:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.0:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:amd64/xenial 2.5.5-3+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:i386 not installed
php7.0:all/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:i386 not installed
php7.0-common:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-common:i386 not installed
php7.0-curl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-curl:i386 not installed
php7.0-dev:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-dev:i386 not installed
php7.0-fpm:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-fpm:i386 not installed
php7.0-gd:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-gd:i386 not installed
php7.0-imap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-imap:i386 not installed
php7.0-intl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-intl:i386 not installed
php7.0-json:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-json:i386 not installed
php7.0-ldap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-ldap:i386 not installed
php7.0-mbstring:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mbstring:i386 not installed
php7.0-mysql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mysql:i386 not installed
php7.0-opcache:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-opcache:i386 not installed
php7.0-pgsql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pgsql:i386 not installed
php7.0-phpdbg:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-phpdbg:i386 not installed
php7.0-pspell:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pspell:i386 not installed
php7.0-readline:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-readline:i386 not installed
php7.0-recode:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-recode:i386 not installed
php7.0-snmp:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-snmp:i386 not installed
php7.0-tidy:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-tidy:i386 not installed
php7.0-xml:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-xml:i386 not installed
php7.0-zip:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-zip:i386 not installed

Uninstall all local PHP related packages

sudo apt-get remove php* 
...
After this operation, 35.7 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 139182 files and directories currently installed.)
Removing php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-xdebug (2.5.5-3+ubuntu16.04.1+deb.sury.org+1) ...
Removing libapache2-mod-php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-zip (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-xml (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mbstring (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-dev (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-fpm (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-curl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-gd (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-imap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-intl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-phpdbg (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-ldap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mysql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pgsql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pspell (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-recode (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-snmp (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-tidy (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-cli (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-json (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-opcache (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-readline (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-common (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-common (1:55+ubuntu16.04.1+deb.sury.org+1) ...
Processing triggers for man-db (2.7.5-1) ...

Confirm packages are uninstalled

sudo apt-show-versions | grep php
>

Install PHP 7.1 and common packages

sudo apt-get install php7.1 php7.1-cli php7.1-common libapache2-mod-php7.1 php7.1-mysql php7.1-fpm php7.1-curl php7.1-gd php7.1-bz2 php7.1-mcrypt php7.1-json php7.1-tidy php7.1-mbstring php-redis php-memcached

Verify PHP 7.1 installation

apt-show-versions | grep php
libapache2-mod-php7.1:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.1:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-igbinary:amd64/xenial 2.0.1-1+ubuntu16.04.1+deb.sury.org+2 uptodate
php-igbinary:i386 not installed
php-memcached:amd64/xenial 3.0.3+2.2.0-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-memcached:i386 not installed
php-msgpack:amd64/xenial 2.0.2+0.5.7-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-msgpack:i386 not installed
php-redis:amd64/xenial 3.1.4-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php-redis:i386 not installed
php7.1:all/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:i386 not installed
php7.1-cli:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-cli:i386 not installed
php7.1-common:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-common:i386 not installed
php7.1-curl:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-curl:i386 not installed
php7.1-fpm:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-fpm:i386 not installed
php7.1-gd:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-gd:i386 not installed
php7.1-json:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-json:i386 not installed
php7.1-mbstring:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mbstring:i386 not installed
php7.1-mcrypt:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mcrypt:i386 not installed
php7.1-mysql:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mysql:i386 not installed
php7.1-opcache:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-opcache:i386 not installed
php7.1-readline:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-readline:i386 not installed
php7.1-tidy:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-tidy:i386 not installed

Reboot

sudo shutdown -r now

See if the PHP 7.1 FPM service has started

sudo systemctl | grep php
> php7.1-fpm.service

Restart PHP 7.1 FPM Service

sudo systemctl restart php7.1-fpm.service

Edit your /etc/nginx/sites-enabled/default and change the fastcgi_pass from “7.0” to “7.1”

sudo nano /etc/nginx/sites-enabled/default

Edits:

location ~ \.php$ {
    ...
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    ...
}

Reload NGINX configuration and restart NGINX

sudo nginx -t && sudo nginx -s reload && sudo /etc/init.d/nginx restart
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ ok ] Restarting nginx (via systemctl): nginx.service.

Your website should now be back up and running PHP 7.1

PHP 7.1

Post Install Tasks

View this blog post on other useful linux commands.

Run a Lynis security scan.

Edit your PHP.ini file and add required changes (e.g upload sizes).

sudo nano /etc/php/7.1/fpm/php.ini
# upload_max_filesize = 2M
+ upload_max_filesize = 8M

Troubleshooting

View PHP configuration values (add this to a debug.php and load in in a browser)

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

I broke my WordPress 3.9 when I tried to update to PHP 7.1 so I rolled back to 7.0.

sudo apt-get remove php*
sudo apt-get -y install php7.0-fpm
sudo apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache  php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext
service php7.0-fpm reload

Google help had me stuck for a while when I had issues purging php 7.1.

Purge Error

Because my blog (with install steps) was down I used this site to help be find the commands to run.

Conclusion

Sometimes going with cutting edge tech you will go out on a limb, ensure you know and can restore a working site if need be.

Always have a backup and restore plan.

Hope this guide helps.

Donate and make this blog better


Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.35 WordPress 3.9 error with PHP 7.1

Filed Under: PHP, Server, Ubuntu, VM, Vultr Tagged With: 16.04, a, on, php, ubuntu, Updating, vm, vultr

Debug an offline Vultr Ubuntu server

October 22, 2017 by Simon

Having a self-managed Ubuntu server from Vultr for as low as $2.5 a month (or Digital Ocean for $5 a month (setup guides here or here respectively)) can certainly be cheap but you take on all the support and risk in keeping the services up.

Vultr has a good monitoring information but this does not show you services performance.

Monitor

Node JS monitoring service like http://docs.keymetrics.io/ is great at monitoring Node applications where webmin and PHPServerMonitor are good options for monitoring basic servers and services.

The more software you install the more complex the setup and find potential errors.

Service Interruption Notifications

How will you be notified when things are down?  Having automated monitoring scripts (or Self Service Status Pages) or external monitoring services is a good idea, the last thing you wants is to see your server or service is down based on a twitter reply.

Down

Much thanks goes to Michael Boelen on Twitter for reporting that my server was down:  Follow: @mboelen

Founder of @cisofy_is, author of rkhunter and Lynis, blogger at linux-audit.com, public speaker. #linux #security

Read more Linux troubleshooting tips at https://linux-audit.com/

You can have many different types of errors and it is going to be hard to suggest where your problem is going to be.

Provider/Networking Errors

Always assume provider errors are an issue, more often than not my servers have gone offline due to provider problems outside of my control.

I have had networking errors on Vultr with the default Dynamic DHCP IP’s (prompting changes to Static IP’s). I have also had issues with Static IP’s on Vultr and had to log a Support Tickets again when my server went offline, In this case, Vultr was able to restore my server but I am unsure of what happened?

Example Problem (DHCP IP): Dynamic IP, VM is totally offline (not accessible via the web or Telnet, but is accessible via Vultr Web Console).

I logged a ticket with Vultr after I rebooted the server.

DHCP

Vultr support quickly identified the problem was my server was not picking up an IP address and suggested I set static IP and reboot.

DHCP Error

Example Problem (Static IP): VM is totally offline (not accessible via the web or Telnet, but is accessible via Vultr Web Console).

Again I logged a support ticket and Vultr indicated the issues was network related.

Networking

In both cases, there was nothing I could do (a reboot did not fix each error) and a support ticket had to be logged.

Broken WordPress

Example Problem (Website Down): Error 502 bad gateway

Today I had a server stay-up buy NGINX reported error 502 bad gateway. IN this case, I rebooted the server

Know your NGINX log file location

cat /etc/nginx/nginx.conf

Show the last 22 lines of the identifies NGINX log file

tail -n 200 error_log /var/log/nginx/error.log

Error  Hints

PHP-FPM is reporting errors.

2017/10/22 19:45:02 [error] 12045#0: *100883 connect() to unix:/var/run/php/php7.0-fpm.sock failed (11: Resource temporarily unavailable) while connecting to upstream, client: 62.210.215.115, server: www.fearby.com, request: "GET /article/how-to-setup-a-twitter-feed-api-endpoint-in-nodejs-with-nginx-ruby-t-etc/feed/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "fearby.com"

WordPress too is reporting errors, I could have restarted NGINX and PHP but it was just as easy to reboot the server as I forgot the right commands to restart PHP/NGINX.

2017/10/22 10:28:40 [error] 12045#0: *98242 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Maximum execution time of 30 seconds exceeded in /www/wp-content/plugins/bj-lazy-load/inc/class-bjll.php on line 329
PHP message: PHP Stack trace:
PHP message: PHP   1. {main}() /www/index.php:0
PHP message: PHP   2. require() /www/index.php:17
PHP message: PHP   3. require_once() /www/wp-blog-header.php:19
PHP message: PHP   4. include() /www/wp-includes/template-loader.php:74
PHP message: PHP   5. genesis() /www/wp-content/themes/genesis/index.php:15
PHP message: PHP   6. do_action() /www/wp-content/themes/genesis/lib/framework.php:39
PHP message: PHP   7. WP_Hook->do_action() /www/wp-includes/plugin.php:453
PHP message: PHP   8. WP_Hook->apply_filters() /www/wp-includes/class-wp-hook.php:323
PHP message: PHP   9. genesis_do_loop() /www/wp-includes/class-wp-hook.php:298
PHP message: PHP  10. genesis_standard_loop() /www/wp-content/themes/genesis/lib/structure/loops.php:41
PHP message: PHP  11. do_action() /www/wp-content/themes/genesis/lib/structure/loops.php:92
PHP message: PHP  12. WP_Hook->do_action() /www/wp-includes/plugin.php:453
PHP message: PHP  13. WP_Hook->apply_filters() /www/wp-includes/class-wp-hook.php:323
PHP message: PHP  14. genesis_do_post_content() /www/wp-includes/class-wp-hook.php:298
PHP message: PHP  15. the_content() /www/wp-content/themes/genesis/lib/structure/post.php:367
PHP message: PHP  16. apply_filters() /www/wp-includes/post-template.php:240
PHP message: PHP  17. WP_Hook->apply_filters() /www/wp-includes/plugin.php:203
PHP message: PHP  18. BJLL::filter() /www/wp-includes/class-wp-hook.php:298
PHP message: PHP  19. apply_filters() /www/wp-content/plugins/bj-lazy-load/inc/class-bjll.php:169
PHP message: PHP  20. WP_Hook->apply_filters() /www/wp-includes/plugin.php:203
PHP message: PHP  21. BJLL::filter_iframes() /www/wp-includes/class-wp-hook.php:298
PHP message: PHP  22. BJLL::_get_content_haystack() /www/wp-content/plugins/bj-lazy-load/inc/class-bjll.php:255

I rebooted the server in 30 seconds.

Reboot

How I Rebooted in Ubuntu

sudo shutdown -r now

How to prevent this error in future?

  • Extend PHP file execution time (No)
  • Daily reboots of the server (No)?
  • Daily restarts of NGINX/PHP (Yes, Short Term)
  • Check the server for errors and automatically reboot (Yes, Long Term).

How to check system uptime (verifying the server rebooted)

uptime
20:04:02 up 14 min,  1 user,  load average: 0.13, 0.09, 0.08

I will set a cronjob entry to perform diagnostics (via a Bash Script) and restart NGINX/PHP or the server. I might set up remote monitoring of the webserver content too.

I should have checked memory/CPU usage too but forgot (sometimes it is best to do a deep investigation and get more information).

Troubleshooting Network Errors

As mentioned above the providers can have network issues (with a static or Dynamic IP) so don’t feel bad if you cannot fix every networking error.

Perform External Ping

Can you ping a remote server from your server?

ping www.google.com
PING www.google.com (172.217.25.132) 56(84) bytes of data.
64 bytes from syd15s03-in-f4.1e100.net (172.217.25.132): icmp_seq=1 ttl=57 time=0.853 ms
64 bytes from syd15s03-in-f4.1e100.net (172.217.25.132): icmp_seq=2 ttl=57 time=0.820 ms
64 bytes from syd15s03-in-f4.1e100.net (172.217.25.132): icmp_seq=3 ttl=57 time=0.776 ms
64 bytes from syd15s03-in-f4.1e100.net (172.217.25.132): icmp_seq=4 ttl=57 time=0.835 ms

Has your domain expired?

Check the expiry of your domain here

whois google.com | egrep -i 'Expiry Date'
Registry Expiry Date: 2020-09-14T04:00:00Z

Here is a nice post on setting up a bash script to check multiple domains expiry.

Common (Digital Ocean) Debugging commands

cat /etc/network/interfaces.d/50-cloud-init.cfg
cat /etc/network/interfaces
ip addr
ip route
uname -a
iptables -nvL --line-numbers
ls -l /lib/modules
cat /etc/udev/rules.d/70-persistent-net.rules

SSL Certificate

You can check the expiry of your SSL certificate by scanning our site with https://www.ssllabs.com/ssltest/

If you use a Let’s Encrypt SSL certificate you can reissue a certificate (see my guide here)

Web Server Config

It is a good idea to make a backup of your web server (NGINX) configuration and know what each configuration value does.

View NGINX Config

cat /etc/nginx/nginx.conf

Web Console (Vultr)

Server Setup Guide

Read more here on setting up Ubuntu on Vultr

Local Network Info

ifconfig

Read more here on setting up Ubuntu Networking on Vultr

Disable Firewall

sudo ufw disable

Read more on setting up firewalls on Ubuntu here.

Logs

Common Ubuntu Log paths: https://help.ubuntu.com/community/LinuxLogFiles

If in Doubt, Reboot

sudo shutdown -r now

Log a ticket

Remember you can log a ticket with Vultr when things go pear shape.

Monitoring

Don’t forget to have a self-serve status page to alert you when things go wrong.

Vultr Status Page

View the Vultr status page here.

Your Status Page

Read my service status page guide here.

Past Data

Do document past errors and try and prevent those errors from happening again and act upon reoccurring errors (using past documentation).

Donate and make this blog better




Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.2 added common digital ocean commands

etc

Filed Under: Server, Status, Ubuntu, VM, Vultr, Wordpress Tagged With: Debug, offline, server, ubuntu, vultr

Setup an Ubuntu Desktop GUI on a Vultr VM Remotely

September 26, 2017 by Simon

Lubuntu is a free Ubuntu desktop GUI that you can install on a Vultr or Digital Ocean VM in the cloud, more information on lubuntu here.

Introduction

When you set up a Vultr server (see my guide here on setting up a Vultr VM) you can also install an Ubuntu GUI Desktop if you prefer GUI access to your server (over SSH and the terminal command line).

After you have set up your server  (fyi: you can buy a server here on Vultr for as low as $2.5 a month or buy a Digital Ocean server for $5 a month) and secure it (perform an optional security audit).  Don’t forget to add a free SSL certificate.

Vultr allows you to log into an admin panel and access your servers web console (text or GUI)

Ubuntu GUI

Setup lubuntu

From the command line type

sudo apt-get update

TIP: If you receive failures about “Temporary failure resolving ‘archive.ubuntu.com’” edit the file “/etc/resolv.conf” and add “nameserver 8.8.8.8” Update will then work.

There are two versions of the Ubuntu Desktop

1) Light Desktop

A Light version of lubuntu is available for low memory VMs

To install a light version run

sudo apt-get install lubuntu-core

Note: lubuntu-core should work on a VM with as low as 128MB of RAM. Read more here.

or

2) Full Desktop

If you have more memory (> 1GB RAM)  you can run a richer environment

sudo apt-get install lubuntu-desktop

Note: lubuntu-desktop will take a lot longer to install over the core version.

Install the Firefox browser

apt-get install firefox

Reboot Your Server

sudo shutdown -r now

After your server reboots login to the Vultr admin panel and click the Web Console icon (computer screen icon, 5 in from the right).

Ubuntu GUI

Core Version

After you login to the web console, you will receive this screen (for the core version).

Ubuntu GUI Login

You can log in as any existing user instead of a guest if you wish.

Ubuntu GUI Login Other

You have a limited desktop and environment with the core version.

Ubuntu

When you log out you can choose from the options below.

Logout

Full Desktop version

As before open the Vultr web console for the server.

Ubuntu GUI

If your lubuntu desktop session does not load try running

sudo service lightdm start

You can then log into the Ubuntu desktop (same as the light version above).  You will be able to use FireFox, use a Terminal, install packages with the Lubuntu Software Center and browse files. The start menu is per packed with software too,

Ubuntu

The full desktop has loads more software pre-installed (and available to install via the software center).

I opened a few apps and my server only used 472MB ram (it was using about 420MB before I installed lubuntu), all CPU cores were mostly idle.

Common Folders:

/usr/share/lubuntu
/usr/share/lubuntu/wallpapers
/usr/share/backgrounds

etc

Lubuntu Sofware Center

Installing MySQL workbench

MySQL Workbench

I Installed MySQL Workbench

MySQL Workbench

More software is available in the lubuntu Software Center

Synaptic Package Manager

The Synaptic package manager is also available if you are familiar with that.

Synaptic

Troubleshooting

You may receive this error on startup.

Error

Review your: /root/.profile file

sudo nano /root/.profile

Erroring line

mesg n || true

It is safe to ignore this error message as the command is just trying to generate a suggests exit result. More on the mesg command here.

Check out the extensive Hardening a Linux Server guide at thecloud.org.uk: https://thecloud.org.uk/wiki/index.php?title=Hardening_a_Linux_Server

Enjoy

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.2 added link to hardening linux server.

v1.1 fixed typos (26th Sep 2017)

v1.0 Initial Post (26th Sep 2017)

etc

Filed Under: Cloud, GUI, Server, Ubuntu, VM, Vultr Tagged With: gui, Setup, ubuntu, vm, vultr

How to use Sublime Text editor locally to edit code files on a remote server via SSH

September 16, 2017 by Simon

This guide will show you how to use Sublime Text editor locally to edit code files on a remote server via SSH.

This guide assumes oy already have a working SSH connection between your Mac and your remote server (with no firewall issues) and have configured SSH keys via modifying to authorized_keys file to enable SSH access.

Need a server?

I now use UpCLoud for cloud servers as they are super fast (read the blog post here). Get $25 free credit by signing up at UpCloud using this link.

UpCloud is way faster than Vulr.

Upcloud Site Speed in GTMetrix

Setting up slower region-specific servers can be found here. Set up a Server on Vultr here for as low as $2.5 a month or set up a Server on Digital Ocean (and get the first 2 months free ($5/m server)). I have a guide on setting up a Vultr server here or Digital Ocean server here.  Don’t forget to add a free LetsEncrypt SSL Certificate and secure the server (read more here and here).

Buy a domain name from Namecheap here.

Domain names for just 88 cents!

Setting up your local machine

Open Sublime Text 3 and press COMMAND+SHIFT+P to bring up the command bar and type Install and click Package Control: Install    Package and click it.

Sublime instal package

Wait a  few seconds for the packages list to show and type “rsub”

Sublime Install RSUB

Ok let’s make an SSH alias to your server on your Mac by typing “sudo nano ~/.ssh/config”

SSH Alias

Make these changes

ssh alias

File contents:

host mysrv
HostName www.myserver.com
User thesshuser
RemoteForward 52698 localhost:52698

Now we can connect to the server via SSH by typing “ssh mysrv”

ssh connect

After typing the server’s password you will be connected to the ssh server

ssh mysrv
[email protected]'s password: 
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-87-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

0 packages can be updated.
0 updates are security updates.


You have new mail.
Last login: Sat Sep 16 12:51:35 2017 from xx.xx.xx.xx
[email protected]:~#

Now on your local Mac load the following page in a web browser (and review the code): https://raw.github.com/aurora/rmate/master/rmate  and copy the contents to the clipboard.

On the remote server (the SSH one) type:

sudo nano /usr/local/bin/rmate

Now paste the contents or this page into nano editor and save it and exit nano.

Now run this chmod command to make the rmate file executable.

sudo chmod a+x /usr/local/bin/rmate

Now on the server, we can open any text file with rmate and have it open locally in Sublime via SSH.  Yes, Open a  file on a server and have it automatically open in locally 🙂

SSH

If you have many files to open then create a bash file to open files with rmate

sudo nano openfilesonmac.sh

Contents:

#!/bin/bash

rmate index.html 
rmate index1.html 
rmate index2.html 
rmate index3.html 
rmate index4.html 
rmate index5.html 
rmate index6.html 
rmate index7.html 
rmate index8.html 
rmate index9.html 
rmate index10.html

File permissions:

chmod +x openfilesonmac.sh

Now we can open may remote files locally by running the bash script.

All saves in Sublime locally are sent to the server 🙂

e.g

rmate /www/index.html
rmate /node/api/app01/app.js
rmate /www/dashboard/index.php

Still here, read more articles here or use the form below to ask a question or recommend an article.

Port Forwarding with vSSH on OSX

If you use a third party ssh program like vSSH you will also need to setup port forwarding to avoid this error

rmate test.txt
/usr/local/bin/rmate: connect: Connection refused
/usr/local/bin/rmate: line 384: /dev/tcp/localhost/52698: Connection refused
Unable to connect to TextMate on localhost:52698

How.

port forward

Now you can open remote files locally with SSH or vSSH too.

Donate and make this blog better



Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.4 Added UpCloud Info.

v1.3 vSSH Port forwarding.

Filed Under: Advice, Development, Server, Ubuntu, VM, Web Design, Website Tagged With: chmod, forward, port, rmate, ssh, sublime, vssh

Run an Ubuntu VM system audit with Lynis

September 11, 2017 by Simon

Following on from my Securing Ubuntu in the cloud blog post I have installed Lynis open source security audit tool to check out to the security of my server in the cloud.

Lynis is an open source security auditing tool. Used by system administrators, security professionals, and auditors, to evaluate the security defences of their Linux and Unix-based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners. https://cisofy.com/lynis and https://github.com/CISOfy/lynis.

It is easy to setup a server in the cloud (create a server on Vultr or Digital Ocean here). Guides on setting up servers exist ( setup up a Vultr VM and configure it and digital ocean server) but how about securing it? You can install a LetsEncrypt SSL certificate in minutes or setup Content Security Policy and Public Key Pinning but don’t forget to get an external in-depth review of the security of your server(s).

Lynis Security Auditing Tool

Preparing install location (for Lynis)

cd /
mkdir utils
cd utils/

Install Lynis

sudo git clone https://www.github.com/CISOfy/lynis
Cloning into 'lynis'...
remote: Counting objects: 8357, done.
remote: Compressing objects: 100% (45/45), done.
remote: Total 8357 (delta 28), reused 42 (delta 17), pack-reused 8295
Receiving objects: 100% (8357/8357), 3.94 MiB | 967.00 KiB/s, done.
Resolving deltas: 100% (6121/6121), done.
Checking connectivity... done.

Running a Lynus system scan

./lynis audit system -Q

Lynis Results 1/3 Output (removed sensitive output)

[ Lynis 2.5.5 ]

################################################################################
  Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
  welcome to redistribute it under the terms of the GNU General Public License.
  See the LICENSE file for details about using this software.

  2007-2017, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)
################################################################################


[+] Initializing program
------------------------------------
- Detecting OS...  [ DONE ]
- Checking profiles... [ DONE ]

  ---------------------------------------------------
  Program version:           2.5.5
  Operating system:          Linux
  Operating system name:     Ubuntu Linux
  Operating system version:  16.04
  Kernel version:            4.4.0
  Hardware platform:         x86_64
  Hostname:                  yourservername
  ---------------------------------------------------
  Profiles:                  /linis/lynis/default.prf
  Log file:                  /var/log/lynis.log
  Report file:               /var/log/lynis-report.dat
  Report version:            1.0
  Plugin directory:          ./plugins
  ---------------------------------------------------
  Auditor:                   [Not Specified]
  Test category:             all
  Test group:                all
  ---------------------------------------------------
- Program update status...  [ NO UPDATE ]

[+] System Tools
------------------------------------
- Scanning available tools...
- Checking system binaries...

[+] Plugins (phase 1)
------------------------------------
: plugins have more extensive tests and may take several minutes to complete - Plugin pam
    [..]
- Plugin systemd
    [................]

[+] Boot and services
------------------------------------
- Service Manager [ systemd ]
- Checking UEFI boot [ DISABLED ]
- Checking presence GRUB [ OK ]
- Checking presence GRUB2 [ FOUND ]
- Checking for password protection [ OK ]
- Check running services (systemctl) [ DONE ]
: found 24 running services
- Check enabled services at boot (systemctl) [ DONE ]
: found 30 enabled services
- Check startup files (permissions) [ OK ]

[+] Kernel
------------------------------------
- Checking default run level [ RUNLEVEL 5 ]
- Checking CPU support (NX/PAE)
 support: PAE and/or NoeXecute supported [ FOUND ]
- Checking kernel version and release [ DONE ]
- Checking kernel type [ DONE ]
- Checking loaded kernel modules [ DONE ]
active modules
- Checking Linux kernel configuration file [ FOUND ]
- Checking default I/O kernel scheduler [ FOUND ]
- Checking for available kernel update [ OK ]
- Checking core dumps configuration [ DISABLED ]
- Checking setuid core dumps configuration [ PROTECTED ]
- Check if reboot is needed [ NO ]

[+] Memory and Processes
------------------------------------
- Checking /proc/meminfo [ FOUND ]
- Searching for dead/zombie processes [ OK ]
- Searching for IO waiting processes [ OK ]

[+] Users, Groups and Authentication
------------------------------------
- Administrator accounts [ OK ]
- Unique UIDs [ OK ]
- Consistency of group files (grpck) [ OK ]
- Unique group IDs [ OK ]
- Unique group names [ OK ]
- Password file consistency [ OK ]
- Query system users (non daemons) [ DONE ]
- NIS+ authentication support [ NOT ENABLED ]
- NIS authentication support [ NOT ENABLED ]
- sudoers file [ FOUND ]
- Check sudoers file permissions [ OK ]
- PAM password strength tools [ OK ]
- PAM configuration files (pam.conf) [ FOUND ]
- PAM configuration files (pam.d) [ FOUND ]
- PAM modules [ FOUND ]
- LDAP module in PAM [ NOT FOUND ]
- Accounts without expire date [ OK ]
- Accounts without password [ OK ]
- Checking user password aging (minimum) [ DISABLED ]
- User password aging (maximum) [ DISABLED ]
- Checking expired passwords [ OK ]
- Checking Linux single user mode authentication [ OK ]
- Determining default umask
- umask (/etc/profile) [ NOT FOUND ]
- umask (/etc/login.defs) [ SUGGESTION ]
- umask (/etc/init.d/rc) [ SUGGESTION ]
- LDAP authentication support [ NOT ENABLED ]
- Logging failed login attempts [ ENABLED ]

[+] Shells
------------------------------------
- Checking shells from /etc/shells
: found 6 shells (valid shells: 6).
- Session timeout settings/tools [ NONE ]
- Checking default umask values
- Checking default umask in /etc/bash.bashrc [ NONE ]
- Checking default umask in /etc/profile [ NONE ]

[+] File systems
------------------------------------
- Checking mount points
- Checking /home mount point [ SUGGESTION ]
- Checking /tmp mount point [ SUGGESTION ]
- Checking /var mount point [ SUGGESTION ]
- Query swap partitions (fstab) [ NONE ]
- Testing swap partitions [ OK ]
- Testing /proc mount (hidepid) [ SUGGESTION ]
- Checking for old files in /tmp [ OK ]
- Checking /tmp sticky bit [ OK ]
- ACL support root file system [ ENABLED ]
- Mount options of / [ NON DEFAULT ]
- Checking Locate database [ FOUND ]
- Disable kernel support of some filesystems
- Discovered kernel modules: cramfs freevxfs hfs hfsplus jffs2 udf 

[+] Storage
------------------------------------
- Checking usb-storage driver (modprobe config) [ NOT DISABLED ]
- Checking USB devices authorization [ ENABLED ]
- Checking firewire ohci driver (modprobe config) [ DISABLED ]

[+] NFS
------------------------------------
- Check running NFS daemon [ NOT FOUND ]

[+] Name services
------------------------------------
- Searching DNS domain name [ UNKNOWN ]
- Checking /etc/hosts
- Checking /etc/hosts (duplicates) [ OK ]
- Checking /etc/hosts (hostname) [ OK ]
- Checking /etc/hosts (localhost) [ SUGGESTION ]
- Checking /etc/hosts (localhost to IP) [ OK ]

[+] Ports and packages
------------------------------------
- Searching package managers
- Searching dpkg package manager [ FOUND ]
- Querying package manager
- Query unpurged packages [ NONE ]
- Checking security repository in sources.list file [ OK ]
- Checking APT package database [ OK ]
- Checking vulnerable packages [ OK ]
- Checking upgradeable packages [ SKIPPED ]
- Checking package audit tool [ INSTALLED ]

[+] Networking
------------------------------------
- Checking IPv6 configuration [ ENABLED ]
 method [ AUTO ]
 only [ NO ]
- Checking configured nameservers
- Testing nameservers
: 108.xx.xx.xx [ OK ]
: 2001:xxx:xxx:xxx::6 [ OK ]
- Minimal of 2 responsive nameservers [ OK ]
- Checking default gateway [ DONE ]
- Getting listening ports (TCP/UDP) [ DONE ]
* Found 18 ports
- Checking promiscuous interfaces [ OK ]
- Checking waiting connections [ OK ]
- Checking status DHCP client [ NOT ACTIVE ]
- Checking for ARP monitoring software [ NOT FOUND ]

[+] Printers and Spools
------------------------------------
- Checking cups daemon [ NOT FOUND ]
- Checking lp daemon [ NOT RUNNING ]

[+] Software: e-mail and messaging
------------------------------------
- Sendmail status [ RUNNING ]

[+] Software: firewalls
------------------------------------
- Checking iptables kernel module [ FOUND ]
- Checking iptables policies of chains [ FOUND ]
- Checking for empty ruleset [ OK ]
- Checking for unused rules [ FOUND ]
- Checking host based firewall [ ACTIVE ]

[+] Software: webserver
------------------------------------
- Checking Apache (binary /usr/sbin/apache2) [ FOUND ]
: No virtual hosts found
* Loadable modules [ FOUND (106) ]
- Found 106 loadable modules 
- anti-DoS/brute force [ OK ]
- web application firewall [ OK ]
- Checking nginx [ FOUND ]
- Searching nginx configuration file [ FOUND ]
- Found nginx includes [ 2 FOUND ]
- Parsing configuration options
- /etc/nginx/nginx.conf
- /etc/nginx/sites-enabled/default
- SSL configured [ YES ]
- Ciphers configured [ YES ]
- Prefer server ciphers [ YES ]
- Protocols configured [ YES ]
- Insecure protocols found [ NO ]
- Checking log file configuration
- Missing log files (access_log) [ NO ]
- Disabled access logging [ NO ]
- Missing log files (error_log) [ NO ]
- Debugging mode on error_log [ NO ]

[+] SSH Support
------------------------------------
- Checking running SSH daemon [ FOUND ]
- Searching SSH configuration [ FOUND ]
- SSH option: AllowTcpForwarding [ SUGGESTION ]
- SSH option: ClientAliveCountMax [ SUGGESTION ]
- SSH option: ClientAliveInterval [ OK ]
- SSH option: Compression [ SUGGESTION ]
- SSH option: FingerprintHash [ OK ]
- SSH option: GatewayPorts [ OK ]
- SSH option: IgnoreRhosts [ OK ]
- SSH option: LoginGraceTime [ OK ]
- SSH option: LogLevel [ SUGGESTION ]
- SSH option: MaxAuthTries [ SUGGESTION ]
- SSH option: MaxSessions [ SUGGESTION ]
- SSH option: PermitRootLogin [ SUGGESTION ]
- SSH option: PermitUserEnvironment [ OK ]
- SSH option: PermitTunnel [ OK ]
- SSH option: Port [ SUGGESTION ]
- SSH option: PrintLastLog [ OK ]
- SSH option: Protocol [ OK ]
- SSH option: StrictModes [ OK ]
- SSH option: TCPKeepAlive [ SUGGESTION ]
- SSH option: UseDNS [ OK ]
- SSH option: VerifyReverseMapping [ NOT FOUND ]
- SSH option: X11Forwarding [ SUGGESTION ]
- SSH option: AllowAgentForwarding [ SUGGESTION ]
- SSH option: AllowUsers [ NOT FOUND ]
- SSH option: AllowGroups [ NOT FOUND ]

[+] SNMP Support
------------------------------------
- Checking running SNMP daemon [ NOT FOUND ]

[+] Databases
------------------------------------
- MySQL process status [FOUND ]

[+] LDAP Services
------------------------------------
- Checking OpenLDAP instance [ NOT FOUND ]

[+] PHP
------------------------------------
- Checking PHP [ FOUND ]
- Checking PHP disabled functions [ FOUND ]
- Checking expose_php option [ OFF ]
- Checking enable_dl option [ OFF ]
- Checking allow_url_fopen option [ ON ]
- Checking allow_url_include option [ OFF ]
- Checking PHP suhosin extension status [ OK ]
- Suhosin simulation mode status [ OK ]

[+] Squid Support
------------------------------------
- Checking running Squid daemon [ NOT FOUND ]

[+] Logging and files
------------------------------------
- Checking for a running log daemon [ OK ]
- Checking Syslog-NG status [ NOT FOUND ]
- Checking systemd journal status [ FOUND ]
- Checking Metalog status [ NOT FOUND ]
- Checking RSyslog status [ FOUND ]
- Checking RFC 3195 daemon status [ NOT FOUND ]
- Checking minilogd instances [ NOT FOUND ]
- Checking logrotate presence [ OK ]
- Checking log directories (static list) [ DONE ]
- Checking open log files [ DONE ]
- Checking deleted files in use [ FILES FOUND ]

[+] Insecure services
------------------------------------
- Checking inetd status [ NOT ACTIVE ]

[+] Banners and identification
------------------------------------
- /etc/issue [ FOUND ]
- /etc/issue contents [ OK ]
- /etc/issue.net [ FOUND ]
- /etc/issue.net contents [ OK ]

[+] Scheduled tasks
------------------------------------
- Checking crontab/cronjob [ DONE ]
- Checking atd status [ RUNNING ]
- Checking at users [ DONE ]
- Checking at jobs [ NONE ]

[+] Accounting
------------------------------------
- Checking accounting information [ NOT FOUND ]
- Checking sysstat accounting data [ NOT FOUND ]
- Checking auditd [ NOT FOUND ]

[+] Time and Synchronization
------------------------------------
- NTP daemon found: ntpd [ FOUND ]
- NTP daemon found: systemd (timesyncd) [ FOUND ]
- Checking for a running NTP daemon or client [ OK ]
- Checking valid association ID's [ FOUND ]
- Checking high stratum ntp peers [ OK ]
- Checking unreliable ntp peers [ FOUND ]
- Checking selected time source [ OK ]
- Checking time source candidates [ OK ]
- Checking falsetickers [ OK ]
- Checking NTP version [ FOUND ]

[+] Cryptography
------------------------------------
- Checking for expired SSL certificates [0/1] [ NONE ]

[+] Virtualization
------------------------------------

[+] Containers
------------------------------------

[+] Security frameworks
------------------------------------
- Checking presence AppArmor [ FOUND ]
- Checking AppArmor status [ ENABLED ]
- Checking presence SELinux [ NOT FOUND ]
- Checking presence grsecurity [ NOT FOUND ]
- Checking for implemented MAC framework [ OK ]

[+] Software: file integrity
------------------------------------
- Checking file integrity tools
- Checking presence integrity tool [ NOT FOUND ]

[+] Software: System tooling
------------------------------------
- Checking automation tooling
- Automation tooling [ NOT FOUND ]
- Checking presence of Fail2ban [ FOUND ]
- Checking Fail2ban jails [ ENABLED ]
- Checking for IDS/IPS tooling [ FOUND ]

[+] Software: Malware
------------------------------------

[+] File Permissions
------------------------------------
- Starting file permissions check
/root/.ssh [ OK ]

[+] Home directories
------------------------------------
- Checking shell history files [ OK ]

[+] Kernel Hardening
------------------------------------
- Comparing sysctl key pairs with scan profile
- fs.protected_hardlinks (exp: 1) [ OK ]
- fs.protected_symlinks (exp: 1) [ OK ]
- fs.suid_dumpable (exp: 0) [ DIFFERENT ]
- kernel.core_uses_pid (exp: 1) [ DIFFERENT ]
- kernel.ctrl-alt-del (exp: 0) [ OK ]
- kernel.dmesg_restrict (exp: 1) [ DIFFERENT ]
- kernel.kptr_restrict (exp: 2) [ DIFFERENT ]
- kernel.randomize_va_space (exp: 2) [ OK ]
- kernel.sysrq (exp: 0) [ DIFFERENT ]
- net.ipv4.conf.all.accept_redirects (exp: 0) [ OK ]
- net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ]
- net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ]
- net.ipv4.conf.all.forwarding (exp: 0) [ OK ]
- net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ]
- net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ]
- net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ]
- net.ipv4.conf.all.rp_filter (exp: 1) [ OK ]
- net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ]
- net.ipv4.conf.default.accept_redirects (exp: 0) [ OK ]
- net.ipv4.conf.default.accept_source_route (exp: 0) [ OK ]
- net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ]
- net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ]
- net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ]
- net.ipv4.tcp_syncookies (exp: 1) [ DIFFERENT ]
- net.ipv4.tcp_timestamps (exp: 0) [ DIFFERENT ]
- net.ipv6.conf.all.accept_redirects (exp: 0) [ OK ]
- net.ipv6.conf.all.accept_source_route (exp: 0) [ OK ]
- net.ipv6.conf.default.accept_redirects (exp: 0) [ OK ]
- net.ipv6.conf.default.accept_source_route (exp: 0) [ OK ]

[+] Hardening
------------------------------------
- Installed compiler(s) [ FOUND ]
- Installed malware scanner [ NOT FOUND ]

[+] Custom Tests
------------------------------------
- Running custom tests...  [ NONE ]

[+] Plugins (phase 2)
------------------------------------
- Plugins (phase 2) [ DONE ]

================================================================================

...

Lynis Results 2/3 – Warnings

  Warnings (1):
  ----------------------------
  ! Found one or more vulnerable packages. [REMOVED-FIXED] 
      https://cisofy.com/controls/REMOVED-FIXED/
...

I resolved the only warning by typing

apt-get update
apt-get upgrade
shutdown -r now

After updating the Lynis system scan I re-ran the text and got

 -[ Lynis 2.5.5 Results ]-

  Great, no warnings

Lynis Results 3/3 – Suggestions

  Suggestions (44):
  ----------------------------
  * Set a password on GRUB bootloader to prevent altering boot configuration (e.g. boot in single user mode without password) [BOOT-5122] 
      https://cisofy.com/controls/BOOT-5122/

  * Configure minimum password age in /etc/login.defs [AUTH-9286] 
      https://cisofy.com/controls/AUTH-9286/

  * Configure maximum password age in /etc/login.defs [AUTH-9286] 
      https://cisofy.com/controls/AUTH-9286/

  * Default umask in /etc/login.defs could be more strict like 027 [AUTH-9328] 
      https://cisofy.com/controls/AUTH-9328/

  * Default umask in /etc/init.d/rc could be more strict like 027 [AUTH-9328] 
      https://cisofy.com/controls/AUTH-9328/

  * To decrease the impact of a full /home file system, place /home on a separated partition [FILE-6310] 
      https://cisofy.com/controls/FILE-6310/

  * To decrease the impact of a full /tmp file system, place /tmp on a separated partition [FILE-6310] 
      https://cisofy.com/controls/FILE-6310/

  * To decrease the impact of a full /var file system, place /var on a separated partition [FILE-6310] 
      https://cisofy.com/controls/FILE-6310/

  * Disable drivers like USB storage when not used, to prevent unauthorized storage or data theft [STRG-1840] 
      https://cisofy.com/controls/STRG-1840/

  * Check DNS configuration for the dns domain name [NAME-4028] 
      https://cisofy.com/controls/NAME-4028/

  * Split resolving between localhost and the hostname of the system [NAME-4406] 
      https://cisofy.com/controls/NAME-4406/

  * Install debsums utility for the verification of packages with known good database. [PKGS-7370] 
      https://cisofy.com/controls/PKGS-7370/

  * Update your system with apt-get update, apt-get upgrade, apt-get dist-upgrade and/or unattended-upgrades [PKGS-7392] 
      https://cisofy.com/controls/PKGS-7392/

  * Install package apt-show-versions for patch management purposes [PKGS-7394] 
      https://cisofy.com/controls/PKGS-7394/

  * Consider running ARP monitoring software (arpwatch,arpon) [NETW-3032] 
      https://cisofy.com/controls/NETW-3032/

  * Check iptables rules to see which rules are currently not used [FIRE-4513] 
      https://cisofy.com/controls/FIRE-4513/

  * Install Apache mod_evasive to guard webserver against DoS/brute force attempts [HTTP-6640] 
      https://cisofy.com/controls/HTTP-6640/

  * Install Apache modsecurity to guard webserver against web application attacks [HTTP-6643] 
      https://cisofy.com/controls/HTTP-6643/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : AllowTcpForwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : ClientAliveCountMax (3 --> 2)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : Compression (DELAYED --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : LogLevel (INFO --> VERBOSE)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : MaxAuthTries (2 --> 1)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : MaxSessions (10 --> 2)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : PermitRootLogin (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : Port (22 --> )
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : TCPKeepAlive (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : X11Forwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Consider hardening SSH configuration [SSH-7408] 
    - Details  : AllowAgentForwarding (YES --> NO)
      https://cisofy.com/controls/SSH-7408/

  * Change the allow_url_fopen line to: allow_url_fopen = Off, to disable downloads via PHP [PHP-2376] 
      https://cisofy.com/controls/PHP-2376

  * Check what deleted files are still in use and why. [LOGG-2190] 
      https://cisofy.com/controls/LOGG-2190/

  * Add a legal banner to /etc/issue, to warn unauthorized users [BANN-7126] 
      https://cisofy.com/controls/BANN-7126/

  * Add legal banner to /etc/issue.net, to warn unauthorized users [BANN-7130] 
      https://cisofy.com/controls/BANN-7130/

  * Enable process accounting [ACCT-9622] 
      https://cisofy.com/controls/ACCT-9622/

  * Enable sysstat to collect accounting (no results) [ACCT-9626] 
      https://cisofy.com/controls/ACCT-9626/

  * Enable auditd to collect audit information [ACCT-9628] 
      https://cisofy.com/controls/ACCT-9628/

  * Check ntpq peers output for unreliable ntp peers and correct/replace them [TIME-3120] 
      https://cisofy.com/controls/TIME-3120/

  * Install a file integrity tool to monitor changes to critical and sensitive files [FINT-4350] 
      https://cisofy.com/controls/FINT-4350/

  * Determine if automation tools are present for system management [TOOL-5002] 
      https://cisofy.com/controls/TOOL-5002/

  * One or more sysctl values differ from the scan profile and could be tweaked [KRNL-6000] 
      https://cisofy.com/controls/KRNL-6000/

  * Harden compilers like restricting access to root user only [HRDN-7222] 
      https://cisofy.com/controls/HRDN-7222/

  * Harden the system by installing at least one malware scanner, to perform periodic file system scans [HRDN-7230] 
    - Solution : Install a tool like rkhunter, chkrootkit, OSSEC
      https://cisofy.com/controls/HRDN-7230/

  Follow-up
  ----------------------------
  - Show details of a test (lynis show details TEST-ID)
  - Check the logfile for all details (less /var/log/lynis.log)
  - Read security controls texts (https://cisofy.com)
  - Use --upload to upload data to central system (Lynis Enterprise users)

================================================================================

  Lynis security scan details

  Hardening index : 64 [############        ]
  Tests performed : 255
  Plugins enabled : 2

  Components
  - Firewall               [V]
  - Malware scanner        [X]

  Lynis Modules
  - Compliance Status      [?]
  - Security Audit         [V]
  - Vulnerability Scan     [V]

  Files
  - Test and debug information      : /var/log/lynis.log
  - Report data                     : /var/log/lynis-report.dat

================================================================================

  Lynis 2.5.5

  Auditing, system hardening, and compliance for UNIX-based systems
  (Linux, macOS, BSD, and others)

  2007-2017, CISOfy - https://cisofy.com/lynis/
  Enterprise support available (compliance, plugins, interface and tools)

================================================================================

  [TIP] Enhance Lynis audits by adding your settings to custom.prf (see /linis/lynis/default.prf for all settings)

Installing a Malware Scanner

Install ClamAV

sudo apt-get install clamav

Download virus and malware definitions (this takes about 30 min)

sudo freshclam

Output:

sudo freshclam
> ClamAV Update process started at Wed Nov 15th 20:44:55 2017
> Downloading main.cvd [10%]

I had an issue on some boxes with clamav reporting I could not run freshclam

sudo freshclam
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

This was fixed by typing

rm -rf /var/log/clamav/freshclam.log
sudo freshclam

Troubleshooting clamav

Clam AV does not like low ram boxes and may produce this error

Downloading main.cvd [100%]
ERROR: Database load killed by signal 9
ERROR: Failed to load new database

It looks like the solution is to increase your total ram.

fyi: Scan with ClamAV

sudo clamscan --max-filesize=3999M --max-scansize=3999M --exclude-dir=/www/* -i -r /

Re-running Lynis gave me the following malware status

- Malware scanner        [V]

Lynis Security rating

Hardening index : 69 [##############      ]

Installed

sudo apt-get install apt-show-versions
sudo apt-get install arpwatch
sudo apt-get install arpon

After re-running the test I got this Lynis security rating score (an improvement of 1)

Hardening index : 70 [#############       ]

Installed and configured debsums and auditd

sudo apt-get install debsums
sudo apt-get install audit

Now I get the following Lynis security rating score.

Hardening index : 71 [##############      ]

Conclusion

Lynis is great at performing an audit and recommending areas of work to allow you to harden your system (brute force protection, firewall, etc)

Security Don’ts

  • Never think you are done securing a system.

Security Do’s

  • Update Software (and remove software you do not use.)
  • Check Lynis Suggestions and try and resolve.
  • Security is an ongoing process, Do install a firewall, do ban bad IP’s, Do whitelist good IP’s, Do review Logs,
  • Do limit port access, make backups and keep on securing.

I will keep on securing and try and get remove all issues.

Read my past post on Securing Ubuntu in the cloud.

Scheduling an auto system updates is not enough in Ubuntu (as it is not recommended as the administrator should make decisions, not a scheduled job).

apt-get update
apt-get upgrade

fyi: CISOFY/Lynis do have paid subscriptions to have external scans of your servers: https://cisofy.com/pricing. (why upgrade?)

Lynis Plans

I will look into this feature soon.

Updating Lynis

I checked the official documentation and ran an update check

./lynis --check-update
This option is deprecated
Use: lynis update info

./lynis update info

 == Lynis ==

  Version            : 2.5.5
  Status             : Outdated
  Installed version  : 255
  Latest version     : 257
  Release date       : 2017-09-07
  Update location    : https://cisofy.com/lynis/


2007-2017, CISOfy - https://cisofy.com/lynis/

Not sure how to update?

./lynis update
Error: Need a target for update

Examples:
lynis update check
lynis update info

./lynis update check
status=outdated

I opened an issue about updating v2.5.5 here. I asked Twiter for help.

Twitter

Official Response: https://packages.cisofy.com/community/#debian-ubuntu

Git Response

Waiting..

I ended up deleting Lynis 2.5.5

ls -al
rm -R *
rm -rf *
rm -rf .git
rm -rf .gitignore
rm -rf .travis.yml
cd ..
rm -R lynis/
ls -al

Updated

./lynis update check
status=up-to-date

And reinstalled to v2.5.8

sudo git clone https://www.github.com/CISOfy/lynis

Output:

sudo git clone https://www.github.com/CISOfy/lynis
Cloning into 'lynis'...
remote: Counting objects: 8538, done.
remote: Compressing objects: 100% (4/4), done.
remote: Total 8538 (delta 0), reused 0 (delta 0), pack-reused 8534
Receiving objects: 100% (8538/8538), 3.96 MiB | 2.01 MiB/s, done.
Resolving deltas: 100% (6265/6265), done.
Checking connectivity... done.

More actions post upgrade to 2.5.8

  • Added a legal notice to “/etc/issues”, “/etc/issues.net” file’s.

Installing Lynis via apt-get instead of git clone

The official steps can be located here: https://packages.cisofy.com/community/#debian-ubuntu

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
apt install apt-transport-https
echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations
echo "deb https://packages.cisofy.com/community/lynis/deb/xenial main" > /etc/apt/sources.list.d/cisofy-lynis.list
apt update
apt install lynis
lynis show version

Unfortunately, I had an error with “apt update”

Error:

E: Malformed entry 1 in list file /etc/apt/sources.list.d/cisofy-lynis.list (Component)
E: The list of sources could not be read.

Complete install output

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F
Executing: /tmp/tmp.Dz9g9nKV6i/gpg.1.sh --keyserver
keyserver.ubuntu.com
--recv-keys
C80E383C3DE9F082E01391A0366C67DE91CA5D5F
gpg: requesting key 91CA5D5F from hkp server keyserver.ubuntu.com
gpg: key 91CA5D5F: public key "CISOfy Software (signed software packages) <[email protected]>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

# apt install apt-transport-https
Reading package lists... Done
Building dependency tree
Reading state information... Done
apt-transport-https is already the newest version (1.2.24).
The following packages were automatically installed and are no longer required:
  gamin libfile-copy-recursive-perl libgamin0 libglade2-0 libpango1.0-0 libpangox-1.0-0 openbsd-inetd pure-ftpd-common update-inetd
Use 'apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded.

# echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations

# echo "deb https://packages.cisofy.com/community/lynis/deb/ xenial main" > /etc/apt/sources.list.d/cisofy-lynis.list

# apt update
E: Malformed entry 1 in list file /etc/apt/sources.list.d/cisofy-lynis.list (Component)
E: The list of sources could not be read.

I reopened Github issue 491. A quick reply revealed that I did not put a space before “xenial” (oops)

fyi: I removed the dead keystore from apt by typing…

apt-key list
apt-key del 91CA5D5F
rm -rf /etc/apt/sources.list.d/cisofy-lynis.list

I can now install and update other packages with apt and not have the following error

E: Malformed entry 1 in list file /etc/apt/sources.list.d/cisofy-lynis.list (Component)
E: The list of sources could not be read.
E: Malformed entry 1 in list file /etc/apt/sources.list.d/cisofy-lynis.list (Component)
E: The list of sources could not be read.

I will remove the git clone and re-run the apt version later and put in more steps to get to a High 90’s Lynis score.

More

Read the official documentation https://cisofy.com/documentation/lynis/

Next: This guide will investigate the enterprise version of https://cisofy.com/pricing/ soon.

Hope this helps. If I have missed something please let me know on Twitter at @FearbySoftware

Donate and make this blog better



Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.46 Git hub response.

Filed Under: Advice, Cloud, Computer, Firewall, OS, Security, Server, Software, ssl, Ubuntu, VM, Vultr Tagged With: Audit, Lynis, secure, security, ubuntu

Installing Redis 3.x onto Ubuntu 16.04

September 7, 2017 by Simon

This post will show you how to install Redis 3.x onto Ubuntu 16.04

Redis is a server-side (Lua based) schema-free open source (in Memory) NoSQL Key/Value store database that supports replication between servers. Redis has an Eventual Consistency replication between servers (over Immediate Consistency) between servers. Eventual consistency is evil in some peoples minds, eventual consistency does require different coding considerations (to guaranteed valid data but does offer speed benefits).

Redis is the worlds 9th most popular database behind Oracle, MySQL, Microsoft SQL Server, PostgreSQL, MongoDB, DB2, Microsoft Access, Cassandra. Redis is the most popular key-value store database. View the database trend chart here.

When to use Redis over MySQL or MongoDB

Here is a great guide on when to use Redis over MongoDB. Read my previous guide on building a scalable and secure MySQL Cluster.

Redis has a place where a relational database or NoSQL document stores do not (but it is more work). Read more here.

Redis is great in situations where caching or where memory is available on the server.

grep MemTotal /proc/meminfo
MemTotal:        4046404 kB

grep MemFree /proc/meminfo
MemFree:         3559244 kB

Free Memory

free -m
              total        used        free      shared  buff/cache   available
Mem:           3951         241        3213           9         496        3474

Installing Redis on Ubuntu

sudo apt-get update
sudo apt-get upgrade
sudo apt-get install redis-server

Backup the conf file

cp /etc/redis/redis.conf /etc/redis/redis.conf.bak

Open the redis cli (and test it).

redis-cli
127.0.0.1:6379> ping
PONG

Show Redis info (from the redis-cli)

redis-cli
127.0.0.1:6379> info
# Server
redis_version:3.0.6
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:687a2a319020fa42
redis_mode:standalone
os:Linux 4.4.0-116-generic x86_64
arch_bits:64
multiplexing_api:epoll
gcc_version:5.3.1
process_id:17920
run_id:6b657bf624b1a91f7ba40c4c8a693024ca88d887
tcp_port:6379
uptime_in_seconds:34
uptime_in_days:0
hz:10
lru_clock:11819524
config_file:/etc/redis/redis.conf

# Clients
connected_clients:1
client_longest_output_list:0
client_biggest_input_buf:0
blocked_clients:0

# Memory
used_memory:508784
used_memory_human:496.86K
used_memory_rss:6905856
used_memory_peak:508784
used_memory_peak_human:496.86K
used_memory_lua:36864
mem_fragmentation_ratio:13.57
mem_allocator:jemalloc-3.6.0

# Persistence
loading:0
rdb_changes_since_last_save:0
rdb_bgsave_in_progress:0
rdb_last_save_time:1521768930
rdb_last_bgsave_status:ok
rdb_last_bgsave_time_sec:-1
rdb_current_bgsave_time_sec:-1
aof_enabled:0
aof_rewrite_in_progress:0
aof_rewrite_scheduled:0
aof_last_rewrite_time_sec:-1
aof_current_rewrite_time_sec:-1
aof_last_bgrewrite_status:ok
aof_last_write_status:ok

# Stats
total_connections_received:2
total_commands_processed:1
instantaneous_ops_per_sec:0
total_net_input_bytes:28
total_net_output_bytes:7
instantaneous_input_kbps:0.00
instantaneous_output_kbps:0.00
rejected_connections:0
sync_full:0
sync_partial_ok:0
sync_partial_err:0
expired_keys:0
evicted_keys:0
keyspace_hits:0
keyspace_misses:0
pubsub_channels:0
pubsub_patterns:0
latest_fork_usec:0
migrate_cached_sockets:0

# Replication
role:master
connected_slaves:0
master_repl_offset:0
repl_backlog_active:0
repl_backlog_size:1048576
repl_backlog_first_byte_offset:0
repl_backlog_histlen:0

# CPU
used_cpu_sys:0.04
used_cpu_user:0.02
used_cpu_sys_children:0.00
used_cpu_user_children:0.00

# Cluster
cluster_enabled:0

# Keyspace

Benchmarking your Redis (quick)

redis-benchmark -h 127.0.0.1 -p 6379 -t set,lpush -n 100000 -q
SET: 90252.70 requests per second
LPUSH: 130548.30 requests per second

Benchmarking your Redis (slow)

redis-benchmark -n 100000
====== PING_INLINE ======
  100000 requests completed in 1.34 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

97.65% <= 1 milliseconds
99.96% <= 4 milliseconds
100.00% <= 4 milliseconds
74794.31 requests per second

====== PING_BULK ======
  100000 requests completed in 1.02 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.74% <= 1 milliseconds
100.00% <= 1 milliseconds
98231.83 requests per second

====== SET ======
  100000 requests completed in 0.93 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.99% <= 1 milliseconds
100.00% <= 1 milliseconds
107066.38 requests per second

====== GET ======
  100000 requests completed in 1.03 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.76% <= 1 milliseconds
99.95% <= 3 milliseconds
100.00% <= 4 milliseconds
96618.36 requests per second

====== INCR ======
  100000 requests completed in 0.87 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.85% <= 1 milliseconds
100.00% <= 1 milliseconds
115340.26 requests per second

====== LPUSH ======
  100000 requests completed in 0.78 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.89% <= 1 milliseconds
100.00% <= 1 milliseconds
128205.13 requests per second

====== LPOP ======
  100000 requests completed in 0.81 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

99.61% <= 1 milliseconds
100.00% <= 1 milliseconds
124069.48 requests per second

====== SADD ======
  100000 requests completed in 1.38 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

97.02% <= 1 milliseconds
99.97% <= 2 milliseconds
99.97% <= 3 milliseconds
100.00% <= 3 milliseconds
72516.32 requests per second

====== SPOP ======
  100000 requests completed in 1.40 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

98.36% <= 1 milliseconds
99.85% <= 4 milliseconds
99.85% <= 5 milliseconds
99.92% <= 6 milliseconds
99.95% <= 10 milliseconds
100.00% <= 10 milliseconds
71326.68 requests per second

====== LPUSH (needed to benchmark LRANGE) ======
  100000 requests completed in 1.27 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

95.40% <= 1 milliseconds
99.84% <= 2 milliseconds
99.85% <= 4 milliseconds
99.92% <= 5 milliseconds
99.98% <= 6 milliseconds
100.00% <= 6 milliseconds
78492.93 requests per second

====== LRANGE_100 (first 100 elements) ======
  100000 requests completed in 2.16 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

95.95% <= 1 milliseconds
99.81% <= 2 milliseconds
99.82% <= 3 milliseconds
99.84% <= 4 milliseconds
99.90% <= 5 milliseconds
99.93% <= 7 milliseconds
99.94% <= 8 milliseconds
99.98% <= 10 milliseconds
100.00% <= 10 milliseconds
46382.19 requests per second

====== LRANGE_300 (first 300 elements) ======
  100000 requests completed in 5.49 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

1.99% <= 1 milliseconds
91.78% <= 2 milliseconds
98.61% <= 3 milliseconds
99.65% <= 4 milliseconds
99.81% <= 5 milliseconds
99.90% <= 6 milliseconds
99.96% <= 9 milliseconds
99.96% <= 10 milliseconds
99.98% <= 11 milliseconds
100.00% <= 11 milliseconds
18221.57 requests per second

====== LRANGE_500 (first 450 elements) ======
  100000 requests completed in 8.79 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

0.04% <= 1 milliseconds
60.33% <= 2 milliseconds
86.38% <= 3 milliseconds
97.11% <= 4 milliseconds
99.24% <= 5 milliseconds
99.54% <= 6 milliseconds
99.69% <= 7 milliseconds
99.80% <= 8 milliseconds
99.87% <= 9 milliseconds
99.90% <= 10 milliseconds
99.91% <= 11 milliseconds
99.92% <= 12 milliseconds
99.93% <= 13 milliseconds
99.98% <= 14 milliseconds
99.99% <= 15 milliseconds
100.00% <= 16 milliseconds
100.00% <= 16 milliseconds
11381.74 requests per second

====== LRANGE_600 (first 600 elements) ======
  100000 requests completed in 9.66 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

0.01% <= 1 milliseconds
3.03% <= 2 milliseconds
94.78% <= 3 milliseconds
98.32% <= 4 milliseconds
98.90% <= 5 milliseconds
99.32% <= 6 milliseconds
99.60% <= 7 milliseconds
99.82% <= 8 milliseconds
99.92% <= 9 milliseconds
99.93% <= 10 milliseconds
99.94% <= 11 milliseconds
99.94% <= 12 milliseconds
99.95% <= 15 milliseconds
99.95% <= 16 milliseconds
99.95% <= 18 milliseconds
99.98% <= 19 milliseconds
99.99% <= 20 milliseconds
100.00% <= 20 milliseconds
10350.90 requests per second

====== MSET (10 keys) ======
  100000 requests completed in 1.22 seconds
  50 parallel clients
  3 bytes payload
  keep alive: 1

97.69% <= 1 milliseconds
99.95% <= 5 milliseconds
100.00% <= 6 milliseconds
82101.80 requests per second

How to save and query a simple key/value integer

127.0.0.1:6379> set testvalue 123
OK
127.0.0.1:6379> get testvalue
"123"

How to save and query a simple key/value string

127.0.0.1:6379> set testvalue "Hello World"
OK
127.0.0.1:6379> get testvalue
"Hello World"

Saving and querying multiple values

127.0.0.1:6379> mset testvalue1 "a" testvalue2 "b"
OK
127.0.0.1:6379> mget testvalue1 testvalue2
1) "a"
2) "b"

Clear all

127.0.0.1:6379> flushall
OK

Add to list (new items at the top)

127.0.0.1:6379> lpush testlist "a"
(integer) 1
127.0.0.1:6379> lpush testlist "b"
(integer) 2
127.0.0.1:6379> lpush testlist "c"
(integer) 3
127.0.0.1:6379> lrange testlist 0 -1
1) "c"
2) "b"
3) "a"

Add to list (new items at the bottom)

127.0.0.1:6379> rpush testlist "a"
(integer) 1
127.0.0.1:6379> rpush testlist "b"
(integer) 2
127.0.0.1:6379> rpush testlist "c"
(integer) 3
127.0.0.1:6379> lrange testlist 0 -1
1) "a"
2) "b"
3) "c"

Redis Documentation

redis.io

redis.io/­documentation

https://redis.io/commands/

Redis Crash Course Tutorial

More

5 uses of redis as a database.

Using Redis at scale at Twitter

Digital Ocean guide on Redis

Coming soon PHP access to Redis.

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.2 Removed reference to Redis 4 in the blurb.

v1.1 Oops, this was Redis 3 and not 4 (thanks, Patrik)

v1.0 Initial version

Filed Under: DB, MongoDB, NoSQL, Redis, Server, Ubuntu Tagged With: dv, nosql, redis, ubuntu

How to be alerted after system boot on Ubuntu 16.04 with an email via Gmail

September 5, 2017 by Simon

This will allow you to sent an email at startup on Ubuntu boot. You will need to ensure sendmail is setup and working (read my guide on How to send email via G Suite from Ubuntu in the cloud, setup an Ubuntu server in the cloud here (guide here)).

Create a  scripts folder

mkdir /scripts/

Create a file called /scripts/emailstartup.sh and add..

#!/bin/bash

echo "Dumping startup log";
journalctl -b0 --system _COMM=systemd --no-pager >/scripts/boot.log

#echo "Deleting old log file";
#rm -R /scripts/boot.zip

#echo "Zipping up Startup Log File.";
#zip -r -9 /scripts/boot.zip /scripts/boot.log

echo "Sending Email With Attachment";
# Ensure you have gmail or gsuite setup on your domain, guide here https://fearby.com/article/moving-a-cpanel-domain-with-email-to-a-self-managed-vps-and-gmail/
sendemail -f [email protected] -t [email protected] -u "Startup: $HOSTNAME server" -m "Attached are the startup logs for $HOSTNAME server" -s smtp.gmail.com:587 -o tls=yes -xu [email protected] -xp password -a /scripts/boot.log

optional: Uncomment lines above to attach a zip file instead of a log file (don’t forget to attach the zip instead of the log file in sendmail.)

Make the script file executable

sudo chmod +X /scripts/emailstartup.sh

Test the script

sudo /bin/bash /scripts/emailstartup.sh
Dumping startup log
Deleting old log file
Zipping up Startup Log File.
  adding: scripts/boot.log (deflated 91%)
Sending Email With Attachment
Sep 05 18:49:27 yourservernamehere sendemail[2606]: Email was sent successfully!

Add the following to crontab -e to ensure the script is executed 5 minutes after startup.

@reboot sleep 300 && /bin/bash /scripts/emailstartup.sh >> /dev/null 2>&1

On reboot, you will be emailed desired start-up information.

email capture

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.0 initial post

Filed Under: Email, OS, Server Tagged With: email, startup, ubuntu

How to send email via G Suite from Ubuntu in the cloud

August 20, 2017 by Zach Meissner

Here is how I send emails from the command line in Ubuntu servers in the cloud via G SUote connect emails

Jan 2018 Update

Post on adding a second domain to G Suite

Post on adding email aliases to G Suite

Main

If you use ufw for your Ubuntu firewall then allow port 587 out traffic (read more in securing Ubuntu in the cloud here).

sudo ufw allow out 587

Ensure your port is open on IPV4 and IPV6.

sudo ufw status

If you have a GUI managed firewall with your server host then configure it to allow port 587 (out).

Read more on useful terminal commands here or setting up a Digital Ocean Ubuntu server here for as low as $5 a month here, Vultr server for as low as $2.5 here ($10 free credit). Read more about setting up an AWS Ubuntu server here.

Install sendmail and other pre requisites

apt-get install libio-socket-ssl-perl libnet-ssleay-perl sendemail

Now you are ready to send an email with 1 line in the terminal (use your Gmail email unless you have diverted your email to G Suite (then use that email, guide here). Create a G Suite account here.

FYI: I have setup my email for my domain to redirect via G Suite (see my guide here and older guide here)

Send an email from the command line

sendemail -f [email protected] -t [email protected] -u "test email" -m "test message" -s smtp.gmail.com:587 -o tls=yes -xu [email protected] -xp [email protected][email protected]

This is not a drop-in replacement for Outlook or Thunderbird email clients but it is perfect for command-line alerts to con-jobs or start-up notifications.

Sending an email with an attachment

sendemail -f [email protected] -t [email protected] -u "test email" -m "test message" -s smtp.gmail.com:587 -o tls=yes -xu [email protected] -xp [email protected]&[email protected] -a /folder/file.zip

Coming soon: A guide on backing up Ubuntu with Rsync etc.

More

Post on adding a second domain to G Suite

Post on adding email aliases to G Suite

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.2 added other links

v1.1 added links to two G Suite guides.

Filed Under: AWS, Cloud, Digital Ocean, Server, Terminal, Ubuntu, VM, Vultr Tagged With: command line, email, senemail, sent

Deploying WordPress to a Vultr VM via command line

August 20, 2017 by Simon

Here is my guide on setting up WordPress on an Ubuntu server via the command line. Here is my recent guide on the wp-cli tool.

Read my guide on setting up a Vultr VM and installing NGINX web server and MySQL database. Use this link to create a Vultr account.  This guide assumes you have a working Ubuntu VM with NGINX web server, MySQL, and SSL.

Consider setting up an SSL certificate (read my guide here on setting up a  free SL certificate with Let’s Encrypt). Once again read my guide on Setting up a Vultr server. Also moving WordPress from CPanel to a self-managed server and securing Ubuntu in the cloud. Ensure you are backing up your server (read my guide on How to backup an Ubuntu VM in the cloud via crontab entries that trigger Bash Scripts, SSH, Rsync and email backup alerts).

Ensure MySQL is setup.

mysql --version
mysql  Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using  EditLine wrapper

Ensure your server is setup, firewall enabled (port 80 and 443 enabled), NGINX is installed and working.

Check NGINX version

sudo nginx -v
nginx version: nginx/1.13.3

Check NGINX Status

service nginx status
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2017-08-18 00:35:13 AEST; 3 days ago
 Main PID: 1276 (nginx)
    Tasks: 3
   Memory: 6.4M
      CPU: 3.218s
   CGroup: /system.slice/nginx.service
           ├─1276 nginx: master process /usr/sbin/nginx -g daemon on; master_process on
           ├─1277 nginx: worker process
           └─1278 nginx: cache manager process

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

Check your PHP install status to confirm your setup, put this in a new PHP file (e.g /p.php) and load it to view PHP configuration and to verify PHP setup.

<?php
phpinfo()
?>

Loading PHP Configuration

First I edited NGINX configuration to allow WordPress to work.

location / {
        try_files $uri $uri/ /index.php?q=$uri&$args;
        index index.php index.html index.htm;
        proxy_set_header Proxy "";
}

Mostly I added this line.

try_files $uri $uri/ /index.php?q=$uri&$args;

I restated NGINX and PHP

nginx -t
nginx -s reload
sudo /etc/init.d/nginx restart
sudo service php7.0-fpm restart

If this config change is not made WordPress will not install or run.

Database

In order to setup WordPress, we need to create a MySQL database/database user before downloading WordPress from the command line.

From an ssh terminal type (and log in with your MySQL root password)

mysql -p
password:

Create a database (choose a database name, add random text).

mysql> create database databasemena123;
Query OK, 1 row affected (0.00 sec)

Create a user and assign them to the blog (choose a username, add random text)

grant all privileges on databasname123.* to 'blogusername123'@'localhost' identified by "siple-password";
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

If your password is simple you will get this warning.

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

A 50+ char password with 10 digits and 10 numbers should be ok

mysql> grant all privileges on databasname123.* to 'blogusername123'@'localhost' identified by "xxxxxxxxxxxxxxxxxxxxxxxxremovedxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
Query OK, 0 rows affected, 1 warning (0.00 sec)

You can now apply the permissions and clear the permissions cache.

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
exit;
Bye

Go to your /www folder on your server and run this command to download WordPress.

sudo curl -o wordpress.zip https://wordpress.org/latest.zip

% Total % Received % Xferd Average Speed Time Time Time Current
 Dload Upload Total Spent Left Speed
100 8701k 100 8701k 0 0 6710k 0 0:00:01 0:00:01 --:--:-- 6709k

You can now move any existing temporary index files in your /www folder

mv index.html oldindex.html
mv index.php oldindex.php
p.php oldp.php

ls -al
total 8724
drwxr-xr-x  2 root root    4096 Aug 21 11:17 .
drwxr-xr-x 27 root root    4096 Aug 13 22:27 ..
-rw-r--r--  1 root root      37 Jul 31 11:51 oldindex.html
-rw-r--r--  1 root root      37 Jul 31 11:51 oldindex.php
-rw-r--r--  1 root root      19 Aug 21 11:04 oldp.php
-rw-r--r--  1 root root 8910664 Aug 21 11:16 wordpress.zip

Now I can extract wordpress.zip

First, you need to install unzip

sudo apt-get install unzip

Now Unzip wordpress.zip

unzip wordpress.zip

At this point, I decided to remove all old index files on my website

rm -R /www/old*.*

The unzipped contents are in a sub folder called “wordpress”, we need to move the WordPress contents up a folder.

ls /www/ -al
total 8716
drwxr-xr-x  3 root root    4096 Aug 21 13:22 .
drwxr-xr-x 27 root root    4096 Aug 13 22:27 ..
drwxr-xr-x  5 root root    4096 Aug  2 21:02 wordpress
-rw-r--r--  1 root root 8911367 Aug 21 11:22 wordpress.zip

“wordpress” folder contents.

ls /www/wordpress -al
total 196
drwxr-xr-x  5 root root  4096 Aug  2 21:02 .
drwxr-xr-x  3 root root  4096 Aug 21 13:22 ..
-rw-r--r--  1 root root   418 Sep 25  2013 index.php
-rw-r--r--  1 root root 19935 Jan  2  2017 license.txt
-rw-r--r--  1 root root  7413 Dec 12  2016 readme.html
-rw-r--r--  1 root root  5447 Sep 27  2016 wp-activate.php
drwxr-xr-x  9 root root  4096 Aug  2 21:02 wp-admin
-rw-r--r--  1 root root   364 Dec 19  2015 wp-blog-header.php
-rw-r--r--  1 root root  1627 Aug 29  2016 wp-comments-post.php
-rw-r--r--  1 root root  2853 Dec 16  2015 wp-config-sample.php
drwxr-xr-x  4 root root  4096 Aug  2 21:02 wp-content
-rw-r--r--  1 root root  3286 May 24  2015 wp-cron.php
drwxr-xr-x 18 root root 12288 Aug  2 21:02 wp-includes
-rw-r--r--  1 root root  2422 Nov 21  2016 wp-links-opml.php
-rw-r--r--  1 root root  3301 Oct 25  2016 wp-load.php
-rw-r--r--  1 root root 34327 May 12 17:12 wp-login.php
-rw-r--r--  1 root root  8048 Jan 11  2017 wp-mail.php
-rw-r--r--  1 root root 16200 Apr  6 18:01 wp-settings.php
-rw-r--r--  1 root root 29924 Jan 24  2017 wp-signup.php
-rw-r--r--  1 root root  4513 Oct 14  2016 wp-trackback.php
-rw-r--r--  1 root root  3065 Aug 31  2016 xmlrpc.php

Remove the wordpress.zip in /www/

rm -R /www/wordpress.zip

Move all files from the /www/wordpress/ up a folder to /www/.

sudo mv /www/wordpress/* /www/

Now we can create and upload folder

mkdir /www/wp-content/content/

Apply permissions (or you can never upload to WordPress).

chmod 755 /www/wp-content/uploads/

I think I need to apply permissions here (to allow plugins to upload/update)

chmod 755 /www/wp-content/

Edit the wp-config-sample.php

sudo nano /www/wp-config-sample.php

Add your database name to the WordPress config.

Before:

define('DB_NAME', 'database_name_here');

After:

define('DB_NAME', 'databasemena123');

Add your database username and password to the WordPress config.

Before:

/** MySQL database username */
define('DB_USER', 'username_here');

/** MySQL database password */
define('DB_PASSWORD', 'password_here');

After:

/** MySQL database username */
define('DB_USER', 'blogusername123');

/** MySQL database password */
define('DB_PASSWORD', 'xxxxxxxxxxxxxxxxxxxxxxxxremovedxxxxxxxxxxxxxxxxxxxxxxxxxxxxx');

Go to https://api.wordpress.org/secret-key/1.1/salt/ and copy the salts to your clipboard and replace this in your wp-config-sample.php

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

..with paste over whatever you generated (e.g)

define('AUTH_KEY',         '/[email protected];#Tr#6Tz6z^[LUdOvpNREUYT[|SmAN%%V% cyWk]-I%}E+t$#4c5n6vvp');
define('SECURE_AUTH_KEY',  'q_z-F-V#[[Lf<%_4,w#L_nyG|[email protected], YK0GR)R<Lk!.zqH< [email protected],vXmMzG');
define('LOGGED_IN_KEY',    'o}c^Vb$ fyh,J6v9PyF)mdt4(Q_J}`FNOJ9.ag^i+UAUS?lmzwGzp<tV7W(wbb#:');
define('NONCE_KEY',        '<y3&QvdAz;48ZFJBAdsRmC~ejXWiOw{dTWF_)p?^E%D&GdtK2LHGZ|.^rvRF-l$m');
define('AUTH_SALT',        ',e{|+H`i6}[email protected]`kvkF??^?IC&?6W~9SHkqSxvX~z,fR Xn:[email protected]_X^');
define('SECURE_AUTH_SALT', '|g2(y}8olAv_b]>|^jR|-.VU_E[P~PoWprwTKu-mM9-:NEc#2HikST~84ad-Ksyx');
define('LOGGED_IN_SALT',   'sd1:-|ai{<Ferj,|$2+ <ietEFT9 xEe89$[8%{[email protected]{FC(?[pF$oJ[[email protected]]');
define('NONCE_SALT',       '0D]kv-x.?_o^pwKtZI:g}~64vDb.Gdy1cBPQA{?;g(AE|0D)g:=1BrUbKF>T1oIv');

Now save changes to wp-config-sample.php

Rename the sample config file (to make it live)

sudo mv wp-config-sample.php wp-config.php

You can now load your website ( https://www.yourserver.com ) and finish the setup in the WordPress GUI.

Wordpress Setup GUI

WordPress should now be installed and you can log in.

Don’t forget to update your options – /wp-admin/options-general.php

I would recommend you review the options to prevent comment spam – /wp-admin/options-discussion.php

Also if you are using the twentyseventeen theme consider updating your header image (remove the pot plant) 0 /wp-admin/customize.php?theme=twentyseventeen&return=%2Fwp-admin%2Fthemes.php

Signup for a Vulr server here for as low as $2.5 a month or a Digital Ocean server ($10 free credit/2 months, signup for G Suite email on google here and read my guide here.

Read this guide on using the wp-cli tool to automate post-install.

I hope this helps.

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.1 added wp-cli tool

Filed Under: Cloud, Server, Ubuntu, VM, Vultr, Wordpress Tagged With: comamnd line, instal, vm, wordpress

Installing Webmin Server Management web GUI on Ubuntu

August 10, 2017 by Simon

Setting up Ubuntu in the cloud is great if you are not afraid of using the command line but for those that need it, there are web based server management GUI’s you can install.

Once Ubuntu is installed (I have many guides at www.fearby.com) you can install http://www.webmin.com/ (web based management GUI for Ubuntu).  It is similar to https://runcloud.io but it’s free. Read the Webadmin install guide here.

Ubuntu Install Steps

Run this in your root terminal to install Webmin on Ubuntu after you install and configure a web server, MySQL and SSL.

sudo sh -c 'echo "deb http://download.webmin.com/download/repository sarge contrib" > /etc/apt/sources.list.d/webmin.list'
wget -qO - http://www.webmin.com/jcameron-key.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install webmin

Allow port 1000 on your firewall (in my case I am limiting this to my public IP).

sudo ufw allow from 555.55.555.555/24 to any port 10000

I opened port 10,000 on my Digital Ocean firewall screen too.

I installed an SSL certificate on my server (my guide here).  I am having issues with Google Chrome and my SSL certificate so I switched ot safari.

I navigated to https://mydomain.com:10000 to log in to the Webmin dashboard

I could now log in to Webmin so I reset the password???

/usr/share/webmin/changepass.pl /etc/webmin username password

Now I can login to Webmin

Webmin has a  load of options available, I zeroed in on viewing log files.

I think I need to ban a few IP’s in my firewall based on the login attempts above. View my guide on securing Ubuntu in the cloud.

Done

sudo ufw deny from 92.87.236.65
Rule added

sudo ufw deny from 106.14.3.252
Rule added

sudo ufw deny from 101.200.52.128
Rule added

sudo ufw deny from 47.94.22.157
Rule added

Webmin has a great section on Ubuntu Users

View User Details

Securing Webmin Configuration then IP Access Control and whitelist your IP address to ensure no one else can view your server (I went to http://icanhazip.com to get my IP address).

I then used the Webmin backup screen to backup my system.

This is great, it is backing up my system 🙂

pwd
/
ls -al
total 142372
drwxr-xr-x  27 root root      4096 Aug  9 23:27 .
drwxr-xr-x  27 root root      4096 Aug  9 23:27 ..
-rw-r--r--   1 root root 145670144 Aug  9 23:33 backup.tar

I used pydf to see how much storage space I have (I am only using 2.65GB but have 17GB available).

pydf
Filesystem Size  Used Avail Use%                                  Mounted on
/dev/vda1   19G 2658M   17G 13.5 [####..........................] /
/dev/vda15 104M 3425k  101M  3.2 [#.............................] /boot/efi

Gzip is taking a load of time to backup my system.

I did not need to use (htop) to monitor the CPU, Webmin has a CPU monitor built in.

Webmin also allows you to add users

Beware though you need to assign a user to modules or they won’t be able to do/see much when they login.

If you provide your MySQL root password you can create databases in Webmin under Servers then MySQL Database Server

Loads of database options that I would normally use Adminer for 🙂

File Browser

There is a file browser but (I can’t seem to drag and drop).

Official documentation is found here. I’ll add more to this post as I discover it.

Check out my other posts at www.fearby.com.

Donate and make this blog better




Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.0 Initial Post

Filed Under: Backup, Domain, GUI, LetsEncrypt, MySQL, Security, Server, Status, VM Tagged With: gui, server

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to Next Page »

Primary Sidebar

Poll

What would you like to see more posts about?
Results

Support this Blog

Create your own server today (support me by using these links

Create your own server on UpCloud here ($25 free credit).

Create your own server on Vultr here.

Create your own server on Digital Ocean here ($10 free credit).

Remember you can install the Runcloud server management dashboard here if you need DevOps help.

Advertisement:

Tags

2FA (9) Advice (17) Analytics (9) App (9) Apple (10) AWS (9) Backup (21) Business (8) CDN (8) Cloud (49) Cloudflare (8) Code (8) Development (26) Digital Ocean (13) DNS (11) Domain (27) Firewall (12) Git (7) Hosting (18) HTTPS (6) IoT (9) LetsEncrypt (7) Linux (20) Marketing (11) MySQL (24) NGINX (11) NodeJS (11) OS (10) PHP (13) Scalability (12) Scalable (14) Security (44) SEO (7) Server (26) Software (7) SSH (7) ssl (17) Tech Advice (9) Ubuntu (39) Uncategorized (23) UpCloud (12) VM (44) Vultr (24) Website (14) Wordpress (25)

Disclaimer

Terms And Conditions Of Use All content provided on this "www.fearby.com" blog is for informational purposes only. Views are his own and not his employers. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Never make changes to a live site without backing it up first.

Advertisement:

Footer

Popular

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Add Google AdWords to your WordPress blog

Security

  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • Setting up DNSSEC on a Namecheap domain hosted on UpCloud using CloudFlare
  • Set up Feature-Policy, Referrer-Policy and Content Security Policy headers in Nginx
  • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
  • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
  • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
  • Beyond SSL with Content Security Policy, Public Key Pinning etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Run an Ubuntu VM system audit with Lynis
  • Securing Ubuntu in the cloud
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider

Code

  • How to code PHP on your localhost and deploy to the cloud via SFTP with PHPStorm by Jet Brains
  • Useful Java FX Code I use in a project using IntelliJ IDEA and jdk1.8.0_161.jdk
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider
  • How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic
  • Installing Android Studio 3 and creating your first Kotlin Android App
  • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
  • How to use Sublime Text editor locally to edit code files on a remote server via SSH
  • Creating your first Java FX app and using the Gluon Scene Builder in the IntelliJ IDEA IDE
  • Deploying nodejs apps in the background and monitoring them with PM2 from keymetrics.io

Tech

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • The case of the overheating Mac Book Pro and Occam’s Razor
  • Useful Linux Terminal Commands
  • Useful OSX Terminal Commands
  • Useful Linux Terminal Commands
  • What is the difference between 2D, 3D, 360 Video, AR, AR2D, AR3D, MR, VR and HR?
  • Application scalability on a budget (my journey)
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.

Wordpress

  • Replacing Google Analytics with Piwik/Matomo for a locally hosted privacy focused open source analytics solution
  • Setting web push notifications in WordPress with OneSignal
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Wordfence Security Plugin for WordPress
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
  • Moving WordPress to a new self managed server away from CPanel
  • Moving WordPress to a new self managed server away from CPanel

General

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Using the WinSCP Client on Windows to transfer files to and from a Linux server over SFTP
  • Connecting to a server via SSH with Putty
  • Setting web push notifications in WordPress with OneSignal
  • Infographic: So you have an idea for an app
  • Restoring lost files on a Windows FAT, FAT32, NTFS or Linux EXT, Linux XFS volume with iRecover from diydatarecovery.nl
  • Building faster web apps with google tools and exceed user expectations
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..

Copyright © 2022 · News Pro on Genesis Framework · WordPress · Log in

Some ads on this site use cookies. You can opt-out if of local analytics tracking by scrolling to the bottom of the front page or any article and clicking "You are not opted out. Click here to opt out.". Accept Reject Read More
GDPR, Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT