How to Remove APF firewall

First stop the apf

/etc/init.d/apf stop

Then, flush ip tables and remove all existing apf files even in cron job

iptables -F
rm -rf /etc/apf
rm -rf /usr/local/sbin/apf
rm -rf /etc/rc.d/init.d/apf
rm -rf /var/log/apf_log
rm -rf /var/log/apfados_log


/sbin/chkconfig --level 345 apf off

Now remove this cron job

vi /etc/cron.daily/fw

Find and Remove this line:
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1

How to Install APF (Advanced Policy Firewall)

APF is a policy based iptables firewall system designed for ease of use and configuration.When it comes to security, there is no such thing without firewall. when you buy a new dedicated or vps server, atleast make sure you install a firewall to protect your server from various intrusion attacks. Within minutes you can set up your firewall up and running. APF firewall is one of the popular and easy to setup IP tables based firewall for Linux servers. It also has additional features like prevention from DoS attacks.APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php
Be careful on setting up the firewall on what ports to open and what not. If youarent sure, you may lock yourself out.

Installation 

1)Login as root user

2)Download the APF Source

For downloading apf source code click here

or in command prompt type the following command,

wget http://www.r-fx.ca/downloads/apf-current.tar.gz

3)Extract the tar.gz

tar -xvf apf-current.tar.gz

4)Enter the APF directory

cd apf-current/

5)Run install code

./install.sh

After installation, you have to manually configure your firewall settings on what ports to open and what to block. You can edit the configuration file located in /etc/apf/conf.apf

Installed paths:

Configuration File: /etc/apf/conf.apf
Binary: /usr/local/sbin/apf
Start/Stop: /etc/init/d/apf (start|stop|restart)
Log: /var/log/apf_log
Antidos conf file: /etc/apf/ad/config.antidos

You can also use commands in the command line

apf -s (start)
apf -r (to restart)
apf -f (to stop)


6)Modify the APF config File

vim /etc/apf/conf.apf

First look for the line that says

Leaving this option as “1″ will disable your firewall after 5 minutes, so make sure to change it to “0″.
So replace 1 eith 0 and it look like this:-
DEVEL_MODE=”0″

Next, take a look at the allowed inbound ports. You should see something like

IG_TCP_CPORTS=”22,80,443″

Notice that port 22, the default SSH port is open. We want to change this to the port we gave SSH earlier. You can leave port 80 (HTTP) and 443 (HTTPS) open if you plan on running a website.

If you want to open any port, you have to give an entry in to the above place.

By default, APF will not filter outbound traffic but if would like to change that look for the following line

EGF=”0″

And change this value to “1″. On the line directly below it you should see the allowed outbound ports

EG_TCP_CPORTS=”21,25,80,443″

Change these if you have enabled outbound filtering and save the firewall config. Now we should add the firewall to start when we reboot our VPS and enable it

chkconfig --add apf
chkconfig --level 345 apf on
/etc/init.d/apf start

APF Firewall for VPS Servers:

If you are running apf firewall in VPS, there is a possibility that you will get "eth0: Device not found". Instead you have to make settings in the configuration file.

Find the following lines and change the values like below.

IFACE_IN = "venet0"
IFACE_OUT = "venet0"
DEVEL_MODE="1"
SET_MONOKERN="1"



SET_MONOKERN="1"
(The above line is important to have "1" if you are in VPS server as otherwise you will get unable to load ip tables module")

How to Install FFmpeg in Linux

                    FFmpeg is a very fast video and audio converter. It can also grab from a live audio/video source. FFmpeg is so important if you are planning to run a video website with streaming with conversion of video files to different video formats. This blog is intended for Centos/Redhat versions of Linux where any novice user can install ffmpeg without compiling the source which is a more traditional way of installing the FFmpeg software on linux servers. In this blog i will show you the easy way to install ffmpeg and ffmpeg-php (php extension) with just yum rather than compiling ffmpeg from source files.

Installation

First you need to add a file in yum repository directory for dag packages installation. For this edit the following file: 

Vi /etc/yum.repos.d/dag.repo 

add the following contents to the file, 

[dag] 
name=Dag RPM Repository for Red Hat Enterprise Linux 
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag 
gpgcheck=0 
enabled=1 

Then enter the command, 

yum install ffmpeg ffmpeg-devel 

To check what audi/video formats are supported 

ffmpeg -formats > ffmpeg-format.txt 

Open the ffmpeg-formats.txt to see the ooutput 

D means decode 
E means encode 
V means video 
A means audio 
T = Truncated

Installation of FFMPEG-PHP Extension

  FFmpeg-php is a very good extension and wrapper for PHP which can pull useful information about video through API interface. Inorder to install it you will need to download the source file and then compile and install extension in your server. 

For downloading the source tarball click here

or 

wget http://sourceforge.net/project/downloading.php?group_id=122353&filename=ffmpeg-php-0.6.0.tbz2&a=55737530 

Extract the souce tarball.

tar -xjf ffmpeg-php-0.6.0.tbz2 

cd ffmpeg-php-0.6.0/

 phpize 

./configure 

make 

make install

Editing PHP.INI

 Once you have done that without any problems then you will see the php extension file /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ffmpeg.so and you will need mention that extension in php.ini file 

vi /usr/local/lib/php.ini 

Put the below two lines at the end of the php.ini file 

[ffmpeg] 
extension=ffmpeg.so 

Then restart the server
 
service httpd restart 

To check whether ffmpeg enabled with php, point your browser to test.php file. It should show the confirmation of installed ffmpeg php extension 

// #test.php

phpinfo();

?>

              

If any case the ffmpeg does not show in the phpinfo() test make sure that php.ini path to ffmpeg.so is correct. Still the problem occures, the reason could be you might be using older version of ffmpeg-php which is buggy. just download the latest version of ffmpeg-php sourse then complile it.

Common Errors

1. If you get command not found error for phpize, then you will need to do yum install php-devel

2. If you get error like "ffmpeg headers not found" while configuring the source.

configure: error: ffmpeg headers not found. Make sure ffmpeg is compiled as shared libraries using the --enable-shared option

then it means you have not installed ffmpeg-devel packages.

To Fix: Just install ffmpeg-devel using

yum install ffmpeg-devel

3. If you get an error like shared libraries not found problem and the program halts in the middle, then you must specify the ffmpeg installed path explicitly to the ./configure.

configure: error: ffmpeg shared libraries not found. Make sure ffmpeg is compiled as shared libraries using the --enable-shared option

To Fix:

1. First find out the ffmpeg path with ffmpeg --help command. The prefix default path should be like /usr/local/cpffmpeg
2. Configure the FFmpeg-php with --with-ffmpeg option

./configure --with-ffmpeg=/usr/local/cpffmpeg

That should resolve the problem!

How to setup and configure nagios

Nagios

Nagios is a popular open source computer system and network monitoring software application. It watches hosts and services, alerting users when things go wrong and again when they get better.It allows you to gain insight into your network and fix problems before customers know they even exist. It's stable, scalable, supported, and extensible. Most importantly, it works.

It will do the Comprehensive Network Monitoring in the following

* Windows
* Linux/Unix
* Routers, Switches, Firewalls
* Printers
* Services
* Applications


Installation of Nagios in localhost

Before installing nagios,you have to install the following packages
* Apache
* GCC compiler
* GD development libraries

if you are using rpm based packages,

yum install httpd
yum install gcc
yum install glibc glibc-common
yum install gd gd-devel

If you are using ubuntu,

sudo apt-get install apache2
sudo apt-get install build-essential
sudo apt-get install libgd2-xpm-dev

1) Create Account Information

Create a new nagios user account and give it a password.

/usr/sbin/useradd -m nagios
passwd nagios

Create a new nagcmd group for allowing external commands to be submitted through the web interface. Add both the nagios user and the apache user to the group.

/usr/sbin/groupadd nagcmd
/usr/sbin/usermod -a -G nagcmd nagios
/usr/sbin/usermod -a -G nagcmd apache(or www-data)

2) Download Nagios and the Plugins
mkdir ~/downloads
cd ~/downloads

for downloading Nagios click here

or in terminal type the following line

wget http://osdn.dl.sourceforge.net/sourceforge/nagios/nagios-3.0.2.tar.gz

Extract the Nagios source code tarball.

tar xvzf nagios-3.0.2.tar.gz

cd nagios-3.0.2

Run the Nagios configure script, passing the name of the group you created earlier like so:

./configure --with-command-group=nagcmd

3) Compile the Nagios source code.

make all

Install binaries, init script, sample config files and set permissions on the external command directory.

make install
make install-init
make install-config
make install-commandmode

4) Configure the Web Interface

Install the Nagios web config file in the Apache conf.d directory.

make install-webconf

Create a nagiosadmin account for logging into the Nagios web interface. Remember the password you assign to this account - you’ll need it later.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
If you want to add more users then

htpasswd /usr/local/nagios/etc/htpasswd.users username

Edit the file in /usr/local/apache/conf/includes/pre_virtualhost_global.conf and append the following line in to the virtual host directories
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user

/etc/init.d/apache2 restart(or service httpd restart)

5) Download, Compile and Install the Nagios Plugins

For downloading Nagios-plugins click here

or in terminal we can download using the wget command,its shown below:

wget http://osdn.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.11.tar.gz

cd ~/downloads
tar xvzf nagios-plugins-1.4.11.tar.gz
cd nagios-plugins-1.4.11/

Compile and install the plugins.

./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

6) Start Nagios

Configure Nagios to automatically start when the system boots.

ln -s /etc/init.d/nagios /etc/rcS.d/S99nagios

Verify the sample Nagios configuration files.

/usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

If there are no errors, start Nagios.

/etc/init.d/nagios start (service nagios start)

Add Nagios to the list of system services and have it automatically start when the system boots.

chkconfig --add nagios
chkconfig nagios on

you can check the Nagios in your browser typing the following url:

http://localhost/nagios

You should now be able to access the Nagios web interface at the URL below. You'll be prompted for the username (nagiosadmin) and password you specified earlier.

Installation and configuration of of Nagios with NRPE for both remote hosts and local host will be posted on next session