YUM
FIREWALL iptable
NAT
DHCPD
ROUTER
SSHD
VISUDO
PHP
Apache
hosts
PhpMyAdmin
Proftpd
VsFtpd
Samba
NTP
Webmin
Upgrading to PHP5/MySQL5
Grub
Installing Linux on Software RAID 1
NFS
ChkRootKit

$ yum -y install epel-release
$ yum -y install wget ntp unzip openssh-clients rsync net-tools lsof curl
$ chkconfig ntpd on
$ ntpdate pool.ntp.org //update the time:

$ yum install -y fuse fuse-ntfs-3g # ntfs windows partition

# exfat partition
$ rpm -Uvh http://li.nux.ro/download/nux/dextop/el6/x86_64/nux-dextop-release-0-2.el6.nux.noarch.rpm
$ yum -y install exfat-utils fuse-exfat

$ yum install -y ibus-table-quick* ibus-table-cangjie ibus-table-sci
go to "System" --> "Reference" --> "Input Method" --> enable "input method" & select "Use Ibus .... " --> "input method Reference" --> select "Input Method" --> add method

$ rpm -Uvh http://mirrors.servercentral.net/fedora/epel/6/x86_64/epel-release-6-8.noarch.rpm
$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
$ rpm -ivh http://fedora.mirrors.pair.com/epel/6/x86_64/Packages/e/epel-release-6-8.noarch.rpm

$ rpm -ivh http://fedora.mirrors.pair.com/epel/6/x86_64/Packages/e/epel-release-latest-6.noarch.rpm

$ rpm -Uvh http://mirrors.servercentral.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
$ rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
$ rpm -ivh http://fedora.mirrors.pair.com/epel/6/i386/Packages/e/epel-release-6-8.noarch.rpm

****Error: Cannot retrieve metalink for repository: epel. Please verify its path.. https://blog.51cto.com/jschu/1750177
vim /etc/yum.repos.d/epel.repo , change to
baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
#mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
$ yum clean all

$ yum -y update yum
$ yum -y update; reboot

$ yum --disablerepo=\* --enablerepo=c6-media install pacakge-name

$ yum --enablerepo=epel -y install filezilla

$ yum -y install dhcp wireless-tools
$ yum -y install wpa_supplicant

$ iw dev

the output above show us a wireless network card identified as phy#0, but named wlan0

$ ip link show wlan0

$ ip link set wlan0 up

$ iwlist wlan0 scanning

$ wpa_passphrase <SSID> <password> >> /etc/wpa_supplicant/wpa_supplicant.conf

network={
ssid=”SSIDname”
scan_ssid=1
key_mgmt=WPA-PSK
psk=210981238ab34c343234ccd2342342fac34234299999934f34f34fcbba34bbaaa
}

Example:

DEVICE=wlan0
HWADDR=00:1B:EE:AC:D0:D2
TYPE=Wireless
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.0.7
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
MODE=Managed
ESSID=”yourSSIDhere”
RATE=auto
SECURITYMODE=on
RTS=auto
FRAG=auto
WPA=yes

$ wpa_supplicant -B -D wext -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

$ iw wlan0 link

authoritative;
default-lease-time 259200; #idle time
max-lease-time 518400; #max idle time
#option routers 192.168.3.1;
#option domain-name "xibase.net"; #refer resolv.conf - search name server
#option broadcast-address 192.168.3.255;
option domain-name-servers 203.83.112.1, 203.83.113.1, 203.83.111.19;
ddns-update-style none;

# eth0
subnet 202.130.101.2 netmask 255.255.255.255 {
range 202.130.101.2;
}

# eth1
#subnet 192.168.10.0 netmask 255.255.255.0 {
# authoritative;
# range 192.168.10.201 192.168.10.210;
# option routers 192.168.10.254;
# option subnet-mask 255.255.255.0;
# option broadcast-address 192.168.10.255;
# host eth1 {
# fixed-address 192.168.10.254;
# }
# }

# eth2
subnet 192.168.20.0 netmask 255.255.255.0 {
authoritative;
range 192.168.20.101 192.168.20.200;
option routers 192.168.20.254;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.20.255;
# we want the nameserver to appear at a fixed address
host eth2 {
fixed-address 192.168.20.254;
}
}

# eth1
subnet 192.168.1.0 netmask 255.255.255.0 {
authoritative;
range 192.168.1.101 192.168.1.150;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.1.255;
# we want the nameserver to appear at a fixed address
host eth1 {
fixed-address 192.168.1.1;
}
}

echo "1" > /proc/sys/net/ipv4/ip_forward
modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.2.0/24 -d 0/0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.3.0/24 -d 0/0 -j MASQUERADE

/etc/sysconfig/iptables (firewall setting)
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 520 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 999 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 520 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 999 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT

###comment the below line###
#-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited

Upgrade PHP 5 to 7
/* verify the current PHP version installed: */
$ php -v
PHP 5.5.38 (cli) (built: Jul 21 2016 12:51:12) .....

$ yum list installed php* // display packages installed:
$ yum list available php* | grep php70 //Display available PHP 7 packages:

$ yum remove php* // remove all PHP 5.5 packages:

/*you need to add EPEL and Remi repository to your CentOS 6 system */
$ yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
or
$ yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm

/*Display error and log , find "Error handling and loggin" */
error_reporting = E_All & ~E_NOTICE
display_errors = On

/* <?php to <? */
short_open_tag = On

#File Upload setting : should be : memory_limit > post_max_size > upload_max_filesize
file_uploads =On
upload_max_filesize = 128M
post_max_size = 128M
safe_mode off
mysql_sale_mode off
mysql_mas_perimit = 10

;;;;; Resource Limits ;;;;
max_execution_time = 300 ; Maximum execution time of each script, in seconds
max_input_time = 600 ; Maximum amount of time each script may spend parsing request data
memory_limit = 128M ; Maximum amount of memory a script may consume

;;;;; Date TimeZone;;;;
date.timezone = "Asia/Hong_Kong"


#****Also, if possible tell him to configure MySQL to the following: ****#
mysql.connect_timeout = 240

ServerName www.xibase.net:80
ServerAdmin webmaster@xibase.net
ServerTokens PROD
KeepAliveTimeout 45

AddDefaultCharset auto
chkconfig --leve 345 httpd on

/*server-status setting */
LoadModule status_module modules/mod_status.so /* default setting*/
ExtendedStatus On /* default setting*/
<Location /server-status> # 確定底下這幾行是存在的，約在 924 行左右！
SetHandler server-status
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
Allow from 127.0.0.1
</Location>
/* http://hostname/server-status */

htaccess and htpasswd
# 確定底下這幾行是存在的，約在 400 行左右！
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

# 在某個不受影響的地方加入這一段：
<Directory "/var/www/html/protect">
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>

cd /var/www/html/protect
root@www protect]#
vim .htaccess # 只要加入底下這幾行即可
AuthName "Protect test by .htaccess"
Authtype Basic
AuthUserFile /var/www/apache.passwd
require user test

這些參數的意義是這樣的：

• AuthName：在要你輸入帳號與密碼的對話視窗中，出現的『提示字元』
• AuthType：認證的類型，我們這裡僅列出 Apache 預設的類型，亦即是『basic』的啦
• AuthUserFile：這個保護目錄所使用的帳號密碼設定檔。 也就是說，這個檔案是隨便你設定的，當然啦，所以使用者當然可以自行設定帳號與密碼囉。 檔案內的帳號不限在 /etc/passwd 出現的使用者！另外，這個檔案不要放置在 Apache 可以瀏覽的目錄內，所以我將他放置在首頁之外！避免被不小心竊取。
• require：後面接可以使用的帳號。假如 /var/www/apache.passwd 內有三個帳號， 分別是 test, test1, test2 ，那我這裡只寫了 test ，因此 test1, test2 將無法登入此目錄。 如果要讓該密碼檔內的使用者都能夠登入，就改成『require valid-user』即可啊！

<VirtualHost *:80>
ServerName nanjing.org.hk
ServerAlias www.nanjing.org.hk
DocumentRoot /var/www/html/nanjing/nanjing.istarnet.com.hk
ServerAdmin interwebmaster@istarnet.com.hk
ErrorLog logs/error_log-nanjing.istarnet.com.hk-log
CustomLog logs/access_log-nanjing.istarnet.com.hk-log common
HostNameLookups on
LogLevel emerg
AddDefaultCharset auto
LanguagePriority
Options -Indexes
</VirtualHost>

########## https VirtualHost Setting ##############
<VirtualHost *:80>
ServerName sql.xibase.net
ServerAlias sql.xibase.net
Redirect / https://sql.xibase.net/
ServerAdmin interwebmaster@istarnet.com.hk
ErrorLog logs/error_log-nanjing.istarnet.com.hk-log
CustomLog logs/access_log-nanjing.istarnet.com.hk-log common
HostNameLookups on
LogLevel emerg
AddDefaultCharset auto
LanguagePriority
Options -Indexes
</VirtualHost>

<VirtualHost *:443>
ServerName sql.xibase.net
ServerAlias sql.xibase.net
DocumentRoot /var/www/html/phpsql
ErrorLog logs/error_log-sql.xibase.net
CustomLog logs/access_log-sql.xibase.net common
HostNameLookups on
ServerAdmin webmaster@xibase.net
LogLevel emerg
AddDefaultCharset auto
LanguagePriority
Options -Indexes
</VirtualHost>

<Directory /var/www/html/phpsql>
SSLRequireSSL
</Directory>
########## end of https VirtualHost Setting ##############

<Directory "/var/www/html/phpMyAdmin">
order deny,allow
deny from all
allow from 210.176.12.128/16
allow from 192.168.20.0/24
allow from 222.167.64.55
AuthType Basic
Satisfy all
</Directory>

Other Reditect setting for reference
Redirect Domain:

• Redirect / http://www.new-domain.com/
  or
  Redirect permanent / http://www.new-domain.com/
• Redirect Page:
  Redirect /web-page.html http://www.new-domain.com/destination-web-page.html

yum install mod_ssl openssl

/*Generate private key */
cd /tmp/  /* first go to tmp folder */
#openssl genrsa -out ca.key 1024

/* Generate CSR   */
#openssl req -new -key ca.key -out ca.csr   

/* Generate Self Signed Key  */
#openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt      

/* Copy the files to the correct locations   */
#cp ca.crt /etc/pki/tls/certs   
#cp ca.key /etc/pki/tls/private/ca.key   
#cp ca.csr /etc/pki/tls/private/ca.csr

              

restorecon -RvF /etc/pki

/* update ssl.conf file */
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

/*Change the paths to match where the Key file is stored. If you've used the method above it will be  */
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key


/* Edit Virtual Host file ( vhosts.conf ) */
<VirtualHost *:80>
 ServerName sql.xibase.net
 ServerAlias sql.xibase.net
 DocumentRoot /var/www/html/phpsql
 Redirect  / https://sql.xibase.net/
 ..............
</VirtualHost>

<VirtualHost *:443>           
    SSLEngine on           
    SSLCertificateFile /etc/pki/tls/certs/ca.crt           
    SSLCertificateKeyFile /etc/pki/tls/private/ca.key       
    <Directory /var/www/vhosts/yoursite.com/httpsdocs>       
      AllowOverride All      
    </Directory>      
    DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs         
    ServerName yoursite.com  
 </VirtualHost>

/etc/rc.d/init.d/./httpd start 
                

vi /etc/proftpd.conf
-------------------------------------------------------------------------------------------------------------
ServerName "Main Xibase ProFTPD Default Installation"
ServerType standalone
DefaultServer on

#Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS off

# Br use of SITE CHMOD by default
<Limit SITE_CHMOD>
AllowAll
</Limit>

DefaultRoot /var/www/html htmluser
------------------------------------------------------------------------------------------------------------

CentOS6 installation
for 64 bit
#wget http://pkgs.repoforge.org/proftpd/proftpd-1.3.4a-1.el6.rf.x86_64.rpm
for 32 bit
#wget http://pkgs.repoforge.org/proftpd/proftpd-1.3.4a-1.el6.rf.i686.rpm
# yum install libcrypto.so.6
#yum install perl-Mail-Sendmail

rpm -Uvh proftpd-1.3.4a-1.el6.rf.x86_64.rpm

/etc/proftpd.conf
------------------------------------------------------------------------------------------------------------
ServerName "Main Xibase ProFTPD Default Installation"
ServerType standalone
DefaultServer on
#Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups off
UseReverseDNS of

DefaultRoot /var/www/html htmluser

comment the following lines if use /etc/passwd
#AuthPAMConfig proftpd
#AuthOrder mod_auth_pam.c* mod_auth_unix.c

or
http://www.vixual.net/blog/archives/775
------------------------------------------------------------------------------------------------------------

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
use_localtime=YES
banner_file=/etc/vsftpd/welcome.txt
local_root=/ftp_home #chk local root
user_config_dir=/etc/vsftpd/user_config_dir #directory of each user config file

#allow users only in user_list file
userlist_deny=NO
_____________________________________________________________________________________

cd /etc/vsftpd/user_config_dir
touch user1 # create each user config file in this directory

$ service smb start
$ service nmb start

$ rpm -U web webmin-x.xxx-x..noarch.rpsm

$ service webmin restart

$ yum --enablerepo centosplus install php-xml (if necessary)
$ yum update php --enable=centosplus
or
$ yum --enablerepo centosplus install php php-pear php-mysql mysql mysql-server
$yum --enablerepo centosplus install php-gd ( install GD lib)

Then I clicked the “OK” button, it presented the previous screen. Click the “RAID” button again, selected the “sdb”, “Fixed size”, “Force to be a primary partition” and inputted “200”.

After I finished creating the software RAID partition, I clicked the “RAID” button again; it gave me a form that only the radio “Create a RAID device” was active. Click the “OK” button. In the next form, select “/boot” in “Mount Point” field, and select both “sda1”  and ”sdb1

Click the “OK” button, and then the RAID device was created.

In the same way, I created the RAID device for the “SWAP”. Then I created a RAID device for “LVM” (select LVM in File System Type).

Create LVM on RAID 1 for the root file system
After the LVM RAID had been created, I clicked the “LVM” button to create a volume group for the root system.

Enable both disks boot
After installation, I did the following to make the both disks bootable.
[joker@localhost ~]# grub
grub> root (hd0,0)
root (hd0,0)
 Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd0)
setup (hd0)
 Checking if “/boot/grub/stage1” exists… no
 Checking if “/grub/stage1” exists… yes
 Checking if “/grub/stage2” exists… yes
 Checking if “/grub/e2fs_stage1_5 “ exists… yes
 Running “embed /grub/e2fs_stage1_5 (hd0)”… 28 sectors are embedded.
succeeded
 Running “install /grub/stage1 (hd0) (hd0)1+28 p
(hd0,0)/grub/stage2 /grub/grub.
conf”… succeeded
Done.
grub> root (hd1,0)
root (hd1,0)
 Filesystem type is ext2fs, partition type 0xfd
grub> setup (hd1)
setup (hd1)
 Checking if “/boot/grub/stage1” exists… no
 Checking if “/grub/stage1” exists… yes
 Checking if “/grub/stage2” exists… yes
 Checking if “/grub/e2fs_stage1_5 “ exists… yes
 Running “embed /grub/e2fs_stage1_5 (hd1)”… 28 sectors are embedded.
succeeded
 Running “install /grub/stage1 (hd1) (hd1)1+28 p (hd1,0)/grub/stage2 /grub/grub.
conf”… succeeded
Done. 

Verify
[joker@localhost ~]# df –Th
Filesystem       Type    Size      Used    Avail    Use%   Mounted on
/dev/mapper/rootvg-root
                        ext4      6.7G    3.1G    3.3G    49%     /
/dev/md0          ext3      194M   14M     170M   8%       /boot
…  … 

[joker@localhost ~]$ cat /proc/mdstat
Personalities: [raid1]
md0 :   active raid1 sda1[0] sdb1[1]
            204736 blocks [2/2] [UU]
md1 :   active raid1 sda2[0] sdb2[1]
            1048512 blocks [2/2] [UU]
md2 :   active raid1 sda3[0] sdb3[1]
            11325376 blocks [2/2] [UU]

$ yum --enablerepo=epel -y install chkrootkit
$ yum install rkhunter
$ rkhunter --update