Linux Training in Coimbatore & Best Linux Server Administration Training Institute

Monday, 18 June 2018

Linux Firewall Tutorial: IPTables Tables, Chains, Rules Fundamentals

iptables firewall is used to manage packet filtering and NAT rules. IPTables comes with all Linux distributions. Understanding how to setup and configure iptables will help you manage your Linux firewall effectively.

iptables tool is used to manage the Linux firewall rules. At a first look, iptables might look complex (or even confusing). But, once you understand the basics of how iptables work and how it is structured, reading and writing iptables firewall rules will be easy.

This article is part of an ongoing iptables tutorial series. This is the 1st article in that series.

This article explains how iptables is structured, and explains the fundamentals about iptables tables, chains and rules.

On a high-level iptables might contain multiple tables. Tables might contain multiple chains. Chains can be built-in or user-defined. Chains might contain multiple rules. Rules are defined for the packets.

So, the structure is: iptables -> Tables -> Chains -> Rules. This is defined in the following diagram.

Fig: IPTables Table, Chain, and Rule Structure

Just to re-iterate, tables are bunch of chains, and chains are bunch of firewall rules.

I. IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1. Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

INPUT chain – Incoming to firewall. For packets coming to the local server.
OUTPUT chain – Outgoing from firewall. For packets generated locally and going out of the local server.
FORWARD chain – Packet for another NIC on the local server. For packets routed through the local server.

2. NAT table

Iptable’s NAT table has the following built-in chains.

PREROUTING chain – Alters packets before routing. i.e Packet translation happens immediately after the packet comes to the system (and before routing). This helps to translate the destination ip address of the packets to something that matches the routing on the local server. This is used for DNAT (destination NAT).
POSTROUTING chain – Alters packets after routing. i.e Packet translation happens when the packets are leaving the system. This helps to translate the source ip address of the packets to something that might match the routing on the desintation server. This is used for SNAT (source NAT).
OUTPUT chain – NAT for locally generated packets on the firewall.

3. Mangle table

Iptables’s Mangle table is for specialized packet alteration. This alters QOS bits in the TCP header. Mangle table has the following built-in chains.

PREROUTING chain
OUTPUT chain
FORWARD chain
INPUT chain
POSTROUTING chain

4. Raw table

Iptable’s Raw table is for configuration excemptions. Raw table has the following built-in chains.

PREROUTING chain
OUTPUT chain

The following diagram shows the three important tables in iptables.

Fig: IPTables built-in tables

II. IPTABLES RULES

Following are the key points to remember for the iptables rules.

Rules contain a criteria and a target.
If the criteria is matched, it goes to the rules specified in the target (or) executes the special values mentioned in the target.
If the criteria is not matached, it moves on to the next rule.

Target Values

Following are the possible special values that you can specify in the target.

ACCEPT – Firewall will accept the packet.
DROP – Firewall will drop the packet.
QUEUE – Firewall will pass the packet to the userspace.
RETURN – Firewall will stop executing the next set of rules in the current chain for this packet. The control will be returned to the calling chain.

If you do iptables –list (or) service iptables status, you’ll see all the available firewall rules on your system. The following iptable example shows that there are no firewall rules defined on this system. As you see, it displays the default input table, with the default input chain, forward chain, and output chain.

# iptables -t filter --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Do the following to view the mangle table.

# iptables -t mangle --list

Do the following to view the nat table.

# iptables -t nat --list

Do the following to view the raw table.

# iptables -t raw --list

Note: If you don’t specify the -t option, it will display the default filter table. So, both of the following commands are the same.

# iptables -t filter --list
(or)
# iptables --list

The following iptable example shows that there are some rules defined in the input, forward, and output chain of the filter table.

# iptables --list
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
3    ACCEPT     esp  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     ah   --  0.0.0.0/0            0.0.0.0/0
5    ACCEPT     udp  --  0.0.0.0/0            224.0.0.251         udp dpt:5353
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:631
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:631
8    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

The rules in the iptables –list command output contains the following fields:

num – Rule number within the particular chain
target – Special target variable that we discussed above
prot – Protocols. tcp, udp, icmp, etc.,
opt – Special options for that specific rule.
source – Source ip-address of the packet
destination – Destination ip-address for the packet

Tuesday, 12 June 2018

install-php-7-on-centos-

1. Login via SSH and update the system software

To install PHP 7 on an CentOS VPS, you need to login to your server via SSH. Once you are logged in, update all your system software to the latest version using the command below:

yum update

2. Add the required repositories to yum

Once the update of your system is completed, you can go ahead and add the required repositories to yum.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

3. Install PHP 7

Now, install PHP 7 using the following command:

yum install php70w

4. Verify the PHP 7 installation

The installation should take a few moments. Once it is completed, you can ensure that the latest stable release of PHP 7 is installed on your system by using the command:

php -v

You should see something like this:

PHP 7.0.0 (cli) (built: Dec  2 2015 20:42:32) ( NTS )
Copyright (c) 1997-2015 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2015 Zend Technologies

5. Search all available PHP 7 modules

If you like to search all the available PHP 7 modules you can use to command:

yum search php70w

6. Install specific PHP 7 module

To install specific PHP 7 modules like the module that allows PHP applications to use MySQL databases, you can use the command below:

yum install php70w-mysql

7. Test PHP 7 functionality

To test the functionality of PHP 7 on your CentOS VPS you can create a simple PHP info file and place it in your web server’s document root. Navigate to your web server’s document root:

cd /var/www/html/

Create a PHP info file using nano:

nano info.php

Paste the following content into that file:

<?php
phpinfo();
?>

Save the file and close it. Also, change the ownership of the file and make Apache the owner of that file:

chown apache: info.php

8. Restart Apache Server

Do not forget to restart your Apache web server if you haven’t restarted it yet so the installation changes can take effect:

systemctl restart httpd

The last thing is to access the file using a web browser. Open your favorite web browser and navigate to the following address:

http://111.111.111.111/info.php

Thursday, 7 June 2018

Roundcube (Webmail) on CentOS /RHEL 7

To install roundcube on CentOS 7 followings are the prerequisite that should be installed.

PHP
Database ( MariaDB or MySQL )
Web Server ( Apache )
Any MTA – Postfix , Sendmail & Qmail

In My Case i have already installed Postfix with dovecot on CentOS 7 with

Domain name = hackthesec.co.in
Hostname = tec.hackthesec.co.in

Follow below Steps to install & configure latest versions of Roundcube :

Step:1 Install PHP , Database & Apache using below command :

[root@hackthesec ~]# yum install httpd php php-common php-json php-xml php-mbstring php-imap php-pear-DB php-mysql mysql mariadb-server

Once the above package list is installed , set the time zone value in PHP .

root@hackthesec ~]# vi /etc/php.ini
date.timezone = Asia/Delhi

Save & exit the file

Step:2 Create & Configure Roundcube Database

Let us first set the Initial settings & root password of Mariadb Server :

[root@hackthesec ~]# systemctl start mariadb
[root@hackthesec ~]# systemctl enable mariadb
ln -s '/usr/lib/systemd/system/mariadb.service' '/etc/systemd/system/multi-user.target.wants/mariadb.service'
[root@hackthesec ~]#
[root@hackthesec ~]# mysql_secure_installation

Above Command “mysql_secure_installation” will allow us to set root password , remove anonymous users , disable remote root login and will remove test database.

Now Create database for Roundube and grant all the permissions to the database

Step:3 Download tar file of Roundcube

Download latest version of Roundcube tar file either from their official site “https://roundcube.net/download/” or we can use below wget command.

[root@hackthesec ~]# wget http://nchc.dl.sourceforge.net/project/roundcubemail/roundcubemail/1.1.3/roundcubemail-1.1.3-complete.tar.gz

Untar the downloaded file in your web server document root.

[root@hackthesec ~]# tar -zxpvf roundcubemail-1.1.3-complete.tar.gz -C /var/www/html/

Rename the extracted file as Roundcube and set the required permissions

[root@hackthesec html]# mv roundcubemail-1.1.3 roundcube
[root@hackthesec html]# chown apache:apache roundcube

Start the Apache service

[root@hackthesec html]# systemctl start httpd
[root@hackthesec html]# systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service' '/etc/systemd/system/multi-user.target.wants/httpd.service'
[root@hackthesec html]#

Step:4 Start Roundcube installation using web browser installer.

To start the installation of Rouncube , access the below url in the web browser

http://tec.hackthesec.co.in/roundcube/installer

click on Next…

Define the Database, Authentication Mechanism, SMTP & IMAP setting in this step. When We click on Create Config option it will ask us to Copy or download the configuration and save it as config.inc.php within the /var/www/html/roundcube/config/ directory of your Roundcube installation.

In my case i am using http based authentication mechanism , so i create one user on my Linux box and set its password using htpasswd command .

Linux box and set its password using htpasswd command .

[root@hackthesec ~]# htpasswd -c /home/hackthsec/.htpasswd hackthsec
New password:
Re-type new password:
Adding password for user hackthsec
[root@hackthesec ~]#

Remove the installer directory from your web server document root (/var/www/html/roundcube )

[root@hackthesec ~]# cd /var/www/html/roundcube/
[root@hackthesec roundcube]# rm -rf installer
[root@hackthesec roundcube]#

Step:5 Now access your account using Roundcube

Open the url in the browser “http://tec.hackthsec.co.in/roundcube/” , use the credentials that we set using htpasswd command.

Tuesday, 29 May 2018

MANAGING DATABASE USERS

To access MySQL databases, you must first create at least one user. The following procedures describe how to manage MySQL database users using cPanel.

Creating a database user

To create a MySQL database user, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Add New User, type the MySQL username in the Username text box.
In the Password text box, type the user password.
In the Password (Again) text box, retype the user password.
You can click Password Generator and cPanel generates a random, strong password for you.
Click Create User.

Changing a user's password

You can change a database user's password. You may want to do this for security reasons (changing passwords periodically is a good security practice), or you may need to do this if you forget the password.

To change a MySQL user's password, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Current Users, locate the user for which you want to change the password, and then click Set Password.
In the Password and Password (Again) text boxes, type the new password.
You can click Password Generator and cPanel generates a random, strong password for you.
Click Change Password. The new password takes effect immediately.

Renaming a user

To rename a MySQL user, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Current Users, locate the user that you want to rename, and then click Rename.
In the text box, type the new name, and then click Proceed.

Deleting a user

When you delete a user, the user and its database permissions are deleted.

To delete a MySQL user, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Current Users, locate the user that you want to delete, and then click the red X icon.
Click Delete User to confirm the deletion.

MANAGING DATABASES

After you create a database user, you are ready to create a database and associate the user with the new database.

Creating a database

To create a MySQL database, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Create New Database, type the name of the database in the New Database text box.
Click Create Database.
When you create a database, your username is added to the database name. For example, if your username is username, and you create a database named database, the actual MySQL database name is username_database.

Adding a user to a database

To add a MySQL user to a database, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Add User to Database, select the user that you want to add in the User list box.
In the Database list box, select the database.
Click Add.
Click the check boxes to grant the user specific privileges, or click the ALL PRIVILEGES check box to grant the user all permissions to the database.
Click Make Changes.

Checking and repairing a database

You can check MySQL databases for errors or possible corruption. If a database check reveals problems, you can repair the database as well.

To check and repair a database, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
To check a database:
- Under Modify Databases, select the database in the Check DB list box.
- Click Check DB.
If a database check indicates problems with a database, you can repair it:
- Under Modify Databases, select the database in the Repair DB list box.
- Click Repair DB.

Removing a user from a database

When you remove a user from a database, the user can no longer access the database.

To remove a MySQL user from a database, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Current Databases, locate the user that you want to remove, and then click the red X icon.
Click Delete User from Database to confirm the deletion.

Deleting a database

Before you delete a database, make sure that you have a backup copy if you want to save any information that it contains.

When you delete a database, its associated users are not deleted. However, all permissions users have for that database are deleted.

To delete a MySQL database, follow these steps:

In the Databases section of the cPanel home screen, click MySQL® Databases.
Under Current Databases, locate the database that you want to delete, and then click Delete Database.
Click Delete Database to confirm the deletion.

Managing a MySQL database in PHPMyAdmin

This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen.
Now let’s learn how to manage a database with phpMyAdmin.
Click the "phpMyAdmin" icon.
This is the phpMyAdmin main page. It is from here that you can manage all MySQL databases that exist in your hosting account.
In the top left corner, you’ll see an entry with your account user name. Click the "plus sign" to its left.
You’ll now see a list of databases in your account. Click the one you want to manage.
You can now start managing your database. You can manage tables, add or delete entries, and perform queries among other things.

Creating a database in cPanel using the MySQL Database Wizard

Log into your cPanel.
Click the MySQL Database Wizard under the Databases heading.
Next to New Database enter a name for your database and click Next Step.
Next to Username enter a username.Enter a password next to Password, enter it again for Password (Again) and then click Create User.
On the next page, you'll assign privileges for the user to the database. Check the box next to All Privilegesand then click Next Step.

Congratulations, now you know how to successfully create a database!