How to disable LFD excessive resource usage alert?

In this tutorial, we can check different methods to disable LFD excessive resource usage alert.

Login Failure Daemon(LFD) is a daemon process which runs on VPS or Dedicated servers that uses Config Server Firewall(CSF) for server security. LFD scans the server logs and sends notifications every time when the process uses more memory or takes more time than the value assigned in your CSF configuration file. LFD considers recent failed login attempts as ‘Brute Force Attacks’ and blocks those IPs using CSF. CSF is a firewall configuration script commonly used in cPanel. It is used to provide better security and care for your server. Its advanced and easy to use interface enables server firewall management simple. You can configure your server’s firewall to block the public access to the services and only allow certain connections.

A Brute Force Attacks is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). Brute Force Attack is a common method used by hackers to crack the encrypted data. The software used by the hacker generates consecutive guesses on the desired data. CSF is capable of spotting this type of hacking attempts with the help of LFD and blocks the IPs temporarily from accessing the server. If the temporarily blocked IPs are found guilty, then you can permanently block them using CSF. All these actions are managed in CSF configuration. You can access the CSF configuration in WHM by using the following steps.

1)Login to your WHM

2) Go to Home >> select Plugins

3) Click ‘ConfigServer Security & Firewall’

4) Choose ‘Firewall Configuration’

 

LFD excessive resource usage alert

LFD service sends excessive resource usage alerts to the email address which is assigned to it, normally to root user account. This notification points out a particular process or service using excessive server resources. This helps in identifying the resource eating process/service. We can either kill/stop the process/service to free the resource or allocate more resource to it, if necessary.

 

Example email alert from LFD when memory is exceeded

—Time: Mon Nov 14 09:41:10 2016 +0530

—Account: xxxxxx

—Resource: Virtual Memory Size

—Exceeded: 205 > 200 (MB)

—Executable: /usr/bin/php

—Command Line: /usr/bin/php /home/xxxxxx/public_html/index.php

—PID: 26953 (Parent PID:24974)

—Killed: No

This alert is sent by LFD when a process uses more memory resources than defined in the CSF configuration file.

 

Example email alert from LFD when the time is exceeded

—Time: Mon Nov 14 09:41:10 2016 +0530

—Account: xxxxxx

—Resource: Virtual Memory Size

—Exceeded: 125389 > 1800 (seconds)

—Executable: /usr/bin/php

—Command Line: /usr/bin/php /home/xxxxxx/public_html/index.php

—PID: 28429 (Parent PID:26561)

—Killed: No

This alert is sent by LFD when a process takes more time to execute than defined in the CSF configuration file.

 

How to disable these alerts

Disabling these alerts is not a good method to be performed. These email alerts are very useful in monitoring the usage of server resources by the user accounts. If you find this particular process/service is necessary, you can enable them to continue using the server resources and disable the LFD notifications. You can disable LFD excessive memory usage notifications by using three methods. Each method is explained below. You can either access the CSF configuration via WHM/terminal. I have already explained how to access CSF configuration via WHM.

 

Method 1

This method will permanently disable the LFD excessive resource usage alert. Performing this method will pose a security issue.

1) Login to your WHM

2) Open the CSF Firewall configuration

3) Modify the value of directives PT_USERMEM and PT_USERTIME to 0.

 PT_USERMEM = 0

PT_USERTIME = 0

4) Save the settings.

 

Method 2

In this method, we will increase the values of both memory and time to disable the LFD alerts. This method is a temporary one. If any process/service uses more resources than defined, you will continue to receive the LFD alerts.

1) Login to your WHM

2) Open the CSF Firewall configuration

3) Modify the value of directives PT_USERMEM and PT_USERTIME to desired.

PT_USERMEM = 500

PT_USERTIME = 150000

4) Save the settings

 

Method 3

This method is a standard technique to disable the LFD alerts. In this method, we will include the particular process/service in pignore of CSF. The pignore of CSF will ignore the particular process/service included in it and hence disables the LFD alerts.

1) Login to your server as root user.

2) Using your favorite editor open pignore of CSF. The common location of pignore is /etc/csf/csf.pignore.

3) Add the command line path specified in the alert to the pignore of CSF.

4) Save changes.

How to Install WonderCMS on Ubuntu 18.04 LTS

WonderCMS is a free and open source flat file CMS, aimed to be extremely small, light and simple. It’s built with PHP, jQuery, HTML/CSS and developed since 2008. No initial configuration required. The installation process is pretty straightforward – unzip and upload 5 files. All files can be easily moved, backed up and restored by copy/pasting all files to another location. Moving them to another host does not require any re-configuration. WonderCMS also doesn’t require a traditional/relational database like MySQL. The flat file technology enables WonderCMS to save all data to a text file (flat file) called database.js which is structured in JSON format. In this tutorial, we will go through the WonderCMS installation and setup on Ubuntu 18.04 LTS system by using Nginx as a web server, and optionally you can secure transport layer by using Acme.sh client and Let’s Encrypt certificate authority to add SSL support.

Requirements

Requirements for installing and running WonderCMS are:

  • PHP version 7.1 or greater with the curl, mbstring and zip extensions.
  • Web server (Apache with mod_rewrite module enabled, Nginx, IIS).

Prerequisites

  • An Ubuntu 18.04 LTS operating system.
  • A non-root user with sudo privileges.

Initial steps

Check your Ubuntu version:

lsb_release -ds
# Ubuntu 18.04.2 LTS

Set up the timezone:

sudo dpkg-reconfigure tzdata

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo apt update  sudo apt upgrade -y

Install some essential packages that are necessary for basic administration of Ubuntu operating system:

sudo apt install -y curl wget vim git unzip socat bash-completion apt-transport-https

Step 1 – Install PHP and necessary PHP extensions

Install PHP, as well as the necessary PHP extensions:

sudo apt install -y php7.2 php7.2-cli php7.2-fpm php7.2-common php7.2-curl php7.2-zip php7.2-mbstring

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .

Check the PHP version:

php --version

# PHP 7.2.17-0ubuntu0.18.04.1 (cli) (built: Apr 18 2019 14:12:38) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
# with Zend OPcache v7.2.10-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

PHP-FPM service is automatically started and enabled on reboot on Ubuntu 18.04 system, so there is no need to start and enable it manually. We can move on to the next step, which is the SSL setup.

Step 2 – Install acme.sh client and obtain Let’s Encrypt certificate ( optional )

Securing your forum with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use acme.sh client. Acme.sh is a pure UNIX shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.

Download and install acme.sh:

sudo su - root
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
./acme.sh --install --accountemail [email protected]
source ~/.bashrc
cd ~

Check acme.sh version:

acme.sh --version
# v2.8.0

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
acme.sh --issue --standalone -d example.com --keylength 2048
# ECDSA
acme.sh --issue --standalone -d example.com --keylength ec-256

If you want fake certificates for testing you can add --staging flag to the above commands.

After running the above commands, your certificates and keys will be in:

  • For RSA: /home/username/example.com directory.
  • For ECC/ECDSA: /home/username/example.com_ecc directory.

To list your issued certs you can run:

acme.sh --list

Create a directory to store your certs. We will use /etc/letsencrypt directory.

mkdir -p /etc/letsecnrypt/example.com sudo mkdir -p /etc/letsencrypt/example.com_ecc

Install/copy certificates to /etc/letsencrypt directory.

# RSA
acme.sh --install-cert -d example.com --cert-file /etc/letsencrypt/example.com/cert.pem --key-file /etc/letsencrypt/example.com/private.key --fullchain-file /etc/letsencrypt/example.com/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"
# ECC/ECDSA
acme.sh --install-cert -d example.com --ecc --cert-file /etc/letsencrypt/example.com_ecc/cert.pem --key-file /etc/letsencrypt/example.com_ecc/private.key --fullchain-file /etc/letsencrypt/example.com_ecc/fullchain.pem --reloadcmd "sudo systemctl reload nginx.service"

All the certificates will be automatically renewed every 60 days.

After obtaining certs exit from root user and return back to normal sudo user:

exit

Step 3 – Install and configure NGINX

WonderCMS can work fine with many popular web server software. In this tutorial, we selected NGINX.

Install NGINX:

sudo apt install -y nginx

Check the NGINX version:

sudo nginx -v
# nginx version: nginx/1.14.0 (Ubuntu)

Next, configure NGINX for WonderCMS. Run sudo vim /etc/nginx/sites-available/wondercms.conf and add the following configuration:

server {
  
  listen 80;

  server_name example.com;
  root /var/www/wondercms;

  index index.php;


  location / {
    if (!-e $request_filename) {
      rewrite ^/(.+)$ /index.php?page=$1 last;
    }
  }
  location ~ database.js {
    return 403;
  }

  location ~ .php(/|$) {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
  }

}

Activate the new wondercms.conf configuration by linking the file to the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/wondercms.conf /etc/nginx/sites-enabled/

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 4 – Install WonderCMS

Create a document root directory for WonderCMS.

sudo mkdir -p /var/www/wondercms

Change ownership of the /var/www/wondercms directory to [jour_username]:

sudo chown -R [your_username]:[your_username] /var/www/wondercms

Navigate to the document root directory:

cd /var/www/wondercms

Download and unzip WonderCMS source:

wget https://github.com/robiso/wondercms/releases/download/2.7.0/WonderCMS-2.7.0.zip
unzip WonderCMS-2.7.0.zip
rm WonderCMS-2.7.0.zip

Move WonderCMS files to document root directory.

mv wondercms/* .  mv wondercms/.*.
rmdir wondercms

Change ownership of the /var/www/wondercms directory to www-data:

sudo chown -R www-data:www-data /var/www/wondercms

Open your site in a web browser and log in with default password admin and change the default password afterward.

Links

Popular Linux Distributions for Security Testing

In this article, we will show you some special purpose Linux distributions for performing security-related tasks. They will all have a Linux base of Debian or Ubuntu along with some built-in custom tools. Linux is the go-to choice for security testing dues to the advantages it offers. This popularity is the prime reason for having many distributions built on it. Here are some of the tasks that you can perform with the help of Linux distros:

  • System and network security
  • Security analysis
  • Ethical hacking
  • Penetration testing
  • Digital forensic
  • Security audits

This article will discuss some of the popular Linux distros which can help you get started. You can try all of these and choose the one that works best for you:

Kali Linux

Kali was first introduced in 2012 as a Debian-based distribution, released with over 300 specialized tools for penetration testing and digital forensics. It uses the rolling release model that makes sure that any tool you use for security testing will always be up to date. It is a rewrite of BackTrackand maintained and funded by Offensive Security Ltd.

Kali is free to use and can run natively as a virtual machine or even as a live boot. The live boot is an exceptional advantage when using Kali for penetration testing and digital forensics. Kali supports a plethora of devices and hardware platforms, including VMware and ARM. It is rightly considered as one of the best and sophisticated penetration testing platforms available today, with a large and active community helping to make it better and more advanced.

Backbox

BackBox Linux is one of the most popular distros for security and penetration testing. It is an Ubuntu-based operating system with a plethora of security analysis tools that can be used for network and system analysis, exploitations and vulnerability analysis, forensics, and much more. Its main advantage is that it is light-weight, swift, simplified, and comes with a complete XFCE desktop environment.

Backbox is also compatible with older hardware, highly customizable, and has its own software repository with applications updated regularly with the most stable versions. Lastly, Backboxenjoys the support of a vast community, which has also made it one of the most effective distros to work on. 

Parrot Security

Parrot Security is a Debian-based distro developed by the frozen box team, which uses Kali repositories for updating the tool. Designed for cryptography, penetration testing, vulnerability testing, and digital forensics, Parrot Security is a lightweight system that is cloud-friendly, effective, highly customizable, and enjoys robust community support.

Parrot Security can be used from a rookie developer to the most pro developer for security testing. It uses MATE as its desktop environment; works on a minimum of 256MB RAM, and is available with both 32 and 64bitprocessors.

BlackArch

BlackArchis one of the most sophisticated Linux distribution for security testing and ethical hacking. Derived from Arch Linux, BlackArch has a huge tool repository with 2000+ tools. It is lightweight and compatible with Arch install existing currently. However, this distro is suitable only for a pro developer and not for a newbie. 

Samurai Web Testing Framework

Samurai Web Testing framework is an Ubuntu-based framework created with keeping web penetration testing in mind. It is a live Linux environment which comes with pre-installed to work as a platform for penetration testing and free open source tools. It can be used as a virtual machine along with the support of Virtualbox and VMWare.

Pentoo Linux

Pentoo Linux, which can be based an overlay on Gentoo Linux, is developed with a focus on penetration testing. It offers support to 32 and 64-bit processors and is available for alive boot session via a CD or a USB player. Pentoo comes with a lot of tools for security testing ranging from scanners, web application testing, analyzing, exploitation, and much more. It is an XFCE-based distribution with lots of of kernel features and is continuously updated by various developers.

DEFT

DEFT, which stands for Digital Evidence and Forensic Toolkit, is a specialized Linux distro for digital forensics. This open source distribution is Ubuntu based and paired with DART. DEFT is based on GNU Linux and its tools are focused around forensics. It uses anLXDE desktop environment and WINEfor executing Windows. DEFT can be run live or via a virtual machine and is made for running a live system without damaging the devices connected to the PC where the booting takes place via any tampering or corrupting.

You now have a fair idea about some of the most popular Linux distros for security testing. While this is by no means a comprehensive list, there are various other distros that you can work with and are equally good to work with. Some of them include:

  • Caine
  • Fedora Security Spin
  • Bugtraq
  • Network Security Toolkit
  • ArchStrike
  • Cyborg Linux
  • Matriux
  • Weakerth4n
  • NodeZero Linux
  • Santoku

These are also some of the favorites among developers. In the end, the choice depends on the requirement of the developer or the security professional.

This article was written to give you a brief idea about some of the best distros available today. If you choose to work with Kali Linux among them, we have just the right book to help you get started. Kali Linux – An Ethical Hacker’s Cookbook – Second Edition will help you discover end-to-end penetration testing solutions for enhancing your ethical hacking skills. It is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities.

About the Author :

Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, ATT, Avira, and many more with hall of fame listings. He has helped celebrities such as Harbhajan Singh in recovering their hacked accounts, and also assisted an international singer in recovering his hacked accounts. He was a speaker at the international conference Botconf ’13, CONFidence 2018 and RSA Singapore 2018. He also spoke at the IEEE Conference as well as for TedX. Currently, he is the co-founder of BugsBounty, a crowd-sourced security platform.

How to Install PowerDNS and Poweradmin on CentOS 7

PowerDNS (pdns) is an open source DNS server written in C++ and released under GPL License. It has become a good alternative for the traditional DNS server Bind, designed with better performance and low memory requirements. PowerDNS provides two products, the Authoritative server, and the Recursor. The PowerDNS Authoritative server can be configured through the different backend, including the plain Bind zone files, RDBMS such as MySQL, PostgreSQL, SQLite3 or LDAP.

In this tutorial, I will show you how to install and configure a PowerDNS Authoritative server with MariaDB database server as a Backend and using Poweradmin for easy DNS management.

Prerequisites

  • CentOS 7 server
  • Root privileges

What we will do:

  1. Install EPEL and Remi Repositories
  2. Install and Configure MariaDB
  3. Install PowerDNS
  4. Install Poweradmin
  5. Poweradmin Post-Installation
  6. Create Sample Zone

Step 1 – Install EPEL and Remi Repositories

First of all, we need to install dependencies for the PowerDNS installation. We’re going to install the EPEL repository and the REMI for PHP 7.2 installation.

Install EPEL and PHP Remi repository using the following commands.

yum -y install epel-release
 yum -y install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Once these repositories are added to the system, install the ‘yum-utils’ package.

yum -y install yum-utils

And enable the PHP 7.2 Remi repository using the following command.

yum-config-manager --enable remi-php72

Step 2 – Install and Configure MariaDB

The PowerDNS Authoritative server has support for a different backend, including the MySQL/MariaDB database server. The terms of ‘backend’ is a datastore that the server will consult that contains DNS records (and some meta-data). And for this guide, we will be using the MariaDB as a backend.

Install MariaDB using the following yum command.

yum -y install mariadb mariadb-server

Once the installation is complete, start the MariaDB service and add it to the startup boot time.

systemctl start mariadb
 systemctl enable mariadb

Next, we’re going to configure the root password for the MariaDB using the interactive tool called ‘mysql_secure_installation’.

Run the command below.

mysql_secure_installation

And you will be prompted for configuring the root password of the database server. Type ‘Y’ to set up the root password and type a strong password.

Set root password? [Y/n] Y
New password: 
Re-enter new password: 

For the others, just type ‘Y’ to yes.

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

As a result, you’ve been installed the MariaDB database server and set up the root password for authentication.

Next, we will create a new database and user for the PowerDNS installation. Login to the MySQL shell with the user root and your password.

Run MySQL command below.

mysql -u root -p
 PASSWORD

Now create a new database called ‘powerdns’ and grant all the database privileges to a new user named ‘pdns’ with password ‘pdnspassword2018’.

create database powerdns;
 grant all privileges on powerdns.* to [email protected] identified by 'pdnspassword2018';
 flush privileges;

Install PowerDNS database

After that, create the tables structures for the PowerDNS database by running following MySQL queries below.

use powerdns;

CREATE TABLE domains (
id                    INT AUTO_INCREMENT,
name                  VARCHAR(255) NOT NULL,
master                VARCHAR(128) DEFAULT NULL,
last_check            INT DEFAULT NULL,
type                  VARCHAR(6) NOT NULL,
notified_serial       INT DEFAULT NULL,
account               VARCHAR(40) DEFAULT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX name_index ON domains(name);

CREATE TABLE records (
id                    BIGINT AUTO_INCREMENT,
domain_id             INT DEFAULT NULL,
name                  VARCHAR(255) DEFAULT NULL,
type                  VARCHAR(10) DEFAULT NULL,
content               VARCHAR(64000) DEFAULT NULL,
ttl                   INT DEFAULT NULL,
prio                  INT DEFAULT NULL,
change_date           INT DEFAULT NULL,
disabled              TINYINT(1) DEFAULT 0,
ordername             VARCHAR(255) BINARY DEFAULT NULL,
auth                  TINYINT(1) DEFAULT 1,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX nametype_index ON records(name,type);
CREATE INDEX domain_id ON records(domain_id);
CREATE INDEX recordorder ON records (domain_id, ordername);

CREATE TABLE supermasters (
ip                    VARCHAR(64) NOT NULL,
nameserver            VARCHAR(255) NOT NULL,
account               VARCHAR(40) NOT NULL,
PRIMARY KEY (ip, nameserver)
) Engine=InnoDB;

CREATE TABLE comments (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
name                  VARCHAR(255) NOT NULL,
type                  VARCHAR(10) NOT NULL,
modified_at           INT NOT NULL,
account               VARCHAR(40) NOT NULL,
comment               VARCHAR(64000) NOT NULL,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX comments_domain_id_idx ON comments (domain_id);
CREATE INDEX comments_name_type_idx ON comments (name, type);
CREATE INDEX comments_order_idx ON comments (domain_id, modified_at);

CREATE TABLE domainmetadata (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
kind                  VARCHAR(32),
content               TEXT,
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind);

CREATE TABLE cryptokeys (
id                    INT AUTO_INCREMENT,
domain_id             INT NOT NULL,
flags                 INT NOT NULL,
active                BOOL,
content               TEXT,
PRIMARY KEY(id)
) Engine=InnoDB;

CREATE INDEX domainidindex ON cryptokeys(domain_id);

CREATE TABLE tsigkeys (
id                    INT AUTO_INCREMENT,
name                  VARCHAR(255),
algorithm             VARCHAR(50),
secret                VARCHAR(255),
PRIMARY KEY (id)
) Engine=InnoDB;

CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm);

quit;

As a result, the MySQL/MariaDB database and a user for PowerDNS installation has been created.

Step 3 – Install PowerDNS

Install PowerDNS and all packages needed using the following command.

yum -y install pdns pdns-backend-mysql bind-utils

After installing PowerDNS packages, go to the ‘/etc/pdns/’ directory and edit the configuration file ‘pdns.conf’ using vim editor.

cd /etc/pdns/
 vim pdns.conf

By default, PowerDNS is using ‘bind’ as the backend. So, type comment ‘#’ in the front of ‘launch=bind’ configuration and paste the MySQL backend configuration as below.

#launch=bind

launch=gmysql
gmysql-host=localhost
gmysql-user=pdns
gmysql-password=pdnspassword2018
gmysql-dbname=powerdns

Save and close.

Install PowerDNS

Now start the pdns service and add it to the startup boot time.

systemctl start pdns
 systemctl enable pdns

After that, add the DNS service to the firewall.

firewall-cmd --add-service=dns --permanent
 firewall-cmd --reload

Configure the Firewall

And the PowerDNS service is up and running, check using the following command.

netstat -tap | grep pdns
 netstat -tulpn | grep 53
 dig @10.9.9.10

As a result, you will get the pdns service is up and running on port 53 and get the response from the PowerDNS server.

Check PowerDNS status

Step 4 – Install Poweradmin

In this step, we’re going to install the DNS management for PowerDNS called ‘Poweradmin’. It’s a web application based on PHP, so we need to install PHP and web server in order to run the application.

Install an httpd web server and PHP packages using the following command.

yum -y install httpd php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear php-xml php-xmlrpc php-mbstring php-mcrypt php-mhash gettext

After the installation, we need to install additional PHP Pear packages. Run the following command.

yum -y install php-pear-DB php-pear-MDB2-Driver-mysqli

Once the httpd and PHP installation is complete, start the httpd service and add it to the startup boot time.

systemctl start httpd
 systemctl enable httpd

Next, go to the ‘/var/www/html’ directory and download the poweradmin source code.

cd /var/www/html/
 wget http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz

Extract the poweradmin compressed file and rename it.

tar xvf poweradmin-2.1.7.tgz
 mv poweradmin-2.1.7/ poweradmin/

After that, add the HTTP and HTTPS protocols to the firewall.

firewall-cmd --add-service={http,https} --permanent
 firewall-cmd --reload

And we’re ready for the poweradmin post-installation.

Step 5 – Poweradmin Post-Installation

Open your web browser and type the server IP address plus the /poweradmin/install/ path URL for the installation. Mine is:

http://10.9.9.10/poweradmin/install/

Choose your preferred language and click the ‘Go to Step 2’ button.

PowerAdmin setup 1

Now just click the ‘Go to Step 3’ button.

PowerAdmin setup 2

And you will be displayed for the database configuration. Type the PowerDNS database details that we’ve created and the admin password for PowerDNS.

PowerAdmin database setup

Click the ‘Go to Step 4’ button.

After that, you will need to create a new user will limited right privileges. Type the details as the following and change the user, password, etc with your own.

PowerAdmin user setup

Now click ‘Go to Step 5’ button.

And you will be shown the page as below.

PowerAdmin setup finished

Open again your terminal server, log in with the root user and password. Then run the MySQL queries as on the page.

mysql -u root -p
 PASSWORD

GRANT SELECT, INSERT, UPDATE, DELETE
ON powerdns.*
TO ‘hakase’@’localhost’
IDENTIFIED BY ‘hakase-labs123’;

Mysql commands

Now back to the web browser and click the ‘Go to Step 6’ button.

And you will be shown the page as below.

Installation step 6

The installer was unable to create a new configuration ‘../inc/config.inc.php’. So, we need to create it manually.

Back to the terminal server, go to the ‘/var/www/html/poweradmin’ directory and create a new configuration file ‘inc/config.inc.php’.

cd /var/www/html/poweradmin
 vim inc/config.inc.php

Now paste the PHP script on the page into it.

?php

$db_host                = 'localhost';
$db_user                = 'hakase';
$db_pass                = 'hakase-labs123';
$db_name                = 'powerdns';
$db_type                = 'mysql';
$db_layer               = 'PDO';

$session_key            = '[email protected]=uetwJeD2#uApgO)2Ekj+S#oN1Khhoj';

$iface_lang             = 'en_EN';

$dns_hostmaster         = 'server.hakase-labs.io';
$dns_ns1                = 'ns1.hakase-labs.io';
$dns_ns2                = 'ns2.hakase-labs.io';

Save and close, then back to the browser and click the button.

Database configuration file

And the installation is complete.

Optionally:

If you want to support for the URLs used by other Dynamic providers, copy the htaccess file.

cd /var/www/html/poweradmin
 cp install/htaccess.dist .htaccess

After that, you MUST remove the ‘install’ directory.

rm -rf /var/www/html/poweradmin/install

.htaccess protection

Back again to your web browser and log in to the Poweradmin dashboard using the URL as below.

http://10.9.9.10/poweradmin/

Log in with the default user ‘admin’ and the password, click the ‘Go’ button.

PowerAdmin Login

And as a result, you will be shown the Poweradmin dashboard and the installation is finished.

PowerAdmin Dashboard

Step 6 – Create Sample Zone and DNS Records

At this stage, we’re going test the PowerDNS and Poweradmin installation by creating a new DNS zone for a domain called ’emma.io’.

On the Poweradmin dashboard, click the ‘Add master zone’ menu.

Add master zone

Set the zone name with the domain name ’emaa.io’ and click ‘Add zone’ button.

Add DNS Zone in PowerAdmin

Click the ‘List zones’ menu to get all available zone. And click the ‘edit’ button for the zone ’emma.io’.

Set Zone name

Click the ‘List zones’ menu to get all available zone. And click the ‘edit’ button for the zone ’emma.io’.

List zones

Now click the ‘Add record’ button and we successfully add the DNS zone and DNS record for the domain named ’emma.io’.

Next, we’re going to test the domain ’emma.io’ using a ‘dig’ DNS utility command.

Check the name server or ns record of the domain ’emma.io’.

dig NS emma.io @10.9.9.10

Check zone with dig command

Check the A DNS record of the domain ’emma.io’.

dig A emma.io @10.9.9.10

dig command result

And you will be displayed the domain ’emma.io’ has a nameserver from our DNS server ‘ns1.hakase-labs.io’, and the ‘A’ of that domain name is match with our configuration on the top with server IP address ‘10.9.9.11’.

Finally, the installation and configuration of PowerDNS and Poweradmin on CentOS 7 have been completed successfully.

Reference

How to Install Bludit CMS with NGINX on CentOS 7

Bludit is a simple, fast, secure, flat-file CMS that allows you to create your own website or blog in seconds. It’s completely free and open source. You can browse its source code on Github. Bludit uses files in JSON format to store the content, you don’t need to install or configure a database. You only need a web server with PHP support. Bludit incorporates all the SEO tools to improve your ranking in all the search engines and social networks. It has a rich themes and plugins system that you can use to change the look and feel of your site. In this tutorial, we will go through the Bludit CMS installation and setup on CentOS 7 system by using NGINX as a web server.

Requirements

Make sure your system meets the following requirements:

  • PHP version 5.3 or greater with the following extensions: mbstring, gd, dom and JSON.
  • A web server with PHP support like Nginx, Apache, Lighttpd, H2O. This tutorial will use NGINX.

Prerequisites

  • A system running CentOS 7.
  • A non-root user with sudo privileges.

Initial steps

Check your CentOS version:

cat /etc/centos-release
# CentOS Linux release 7.6.1810 (Core)

Set up the timezone:

timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo yum update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo yum install -y curl wget vim git unzip socat bash-completion epel-release

Step 1 – Install PHP

Setup the Webtatic YUM repo:

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Install PHP, as well as the necessary PHP extensions:

sudo yum install -y php72w php72w-cli php72w-fpm php72w-common php72w-mbstring php72w-zip php72w-pgsql php72w-sqlite3 php72w-curl php72w-gd php72w-mysql php72w-intl php72w-json php72w-opcache php72w-xml

To show PHP compiled in modules, you can run:

php -m

ctype
curl
exif
fileinfo
. . .
. . .

Check the PHP version:

php --version
# PHP 7.2.14 (cli) (built: Jan 12 2019 12:47:33) ( NTS )
# Copyright (c) 1997-2018 The PHP Group
# Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
#     with Zend OPcache v7.2.14, Copyright (c) 1999-2018, by Zend Technologies

Start and enable PHP-FPM service:

sudo systemctl start php-fpm.service
sudo systemctl enable php-fpm.service

Step 2 – Install acme.sh client and obtain Let’s Encrypt certificate (optional)

Securing your website with HTTPS is not necessary, but it is a good practice to secure your site traffic. In order to obtain a TLS certificate from Let’s Encrypt we will use Acme.sh client. Acme.sh is a pure Unix shell software for obtaining TLS certificates from Let’s Encrypt with zero dependencies.

Download and install Acme.sh:

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh 
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~

Check Acme.sh version:

/etc/letsencrypt/acme.sh --version
# v2.8.0

Obtain RSA and ECC/ECDSA certificates for your domain/hostname:

# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --keylength 2048
# ECDSA
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --keylength ec-256

After running the above commands, your certificates and keys will be in:

  • For RSA: /etc/letsencrypt/example.com directory.
  • For ECC/ECDSA: /etc/letsencrypt/example.com_ecc directory.

Step 3 – Install and configure NGINX

Download and install Nginx from the CentOS repository:

sudo yum install -y nginx

Check the Nginx version:

nginx -v
# nginx version: nginx/1.12.2

Start and enable Nginx service:

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Configure NGINX for Bludit by running:

sudo vim /etc/nginx/conf.d/bludit.conf

And populate the file with the following configuration:

server {
  listen 80;
  listen 443 ssl;

ssl_certificate /etc/letsencrypt/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com/private.key;
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/private.key;
server_name example.com; root /var/www/bludit; index index.php; location ~ .php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi.conf; } location / { try_files $uri $uri/ /index.php?$args; } location ^~ /bl-content/tmp/ { deny all; } location ^~ /bl-content/pages/ { deny all; } location ^~ /bl-content/databases/ { deny all; } }

Check NGINX configuration for syntax errors:

sudo nginx -t

Reload NGINX service:

sudo systemctl reload nginx.service

Step 4 – Install Bludit

Create a document root directory where Bludit should reside in:

sudo mkdir -p /var/www/bludit

Change ownership of the /var/www/bludit directory to [your_user]:

sudo chown -R [your_user]:[your_user] /var/www/bludit

Navigate to document root:

cd /var/www/bludit

Download the latest version from the official page and extract the zip file:

wget https://www.bludit.com/releases/bludit-3-8-1.zip
unzip bludit-3-8-1.zip
rm bludit-3-8-1.zip
mv bludit-3-8-1/* .  mv bludit-3-8-1/.* .
rmdir bludit-3-8-1

NOTE: Update download URL if there is a newer release.

Provide the appropriate ownership:

sudo chown -R nginx:nginx /var/www/bludit

Run sudo vim /etc/php-fpm.d/www.conf and set the user and group to nginx. Initially, they will be set to apache:

sudo vim /etc/php-fpm.d/www.conf
# user = nginx
# group = nginx

Restart PHP-FPM service:

sudo systemctl restart php-fpm.service

Step 5 – Complete the Bludit installation wizard

Open your site in a web browser. After opening your site in a web browser, you should be redirected to the following page, to choose your language:

Bludit Installer

Next, create a password for the user admin, and click “Install”:

Set Admin password

After creating an admin password, you will be redirected to the Bludit frontend:

Welcome to Bludit

To access Bludit admin area, append /admin to your site IP or URL. This is how Bludit admin looks like:

Bludit CMS Dashboard

Installation is complete. Happy blogging with Bludit CMS.