If you are running a cPanel server, you are able to use EasyApache to add and remove many PHP extensions. cPanel has the ability to also install and uninstall PHP modules on the fly using the phpextensionmgr, which can be found at /scripts/phpextensionmgr. You are able to see the usage and option by using the –help flag, as shown below.

root@devbox [~]# /scripts/phpextensionmgr --help
Usage:
    phpextensionmgr [options] [action] [extension]

        Options:
          --help       Help message
          --prefix     Installation prefix for PHP (normally /usr/local or /usr/local/php4)

        Actions:
          install      Install or update the extension
          uninstall    Uninstall the extension
          status       Display the installation status of the extension
          list         Show available extensions

As you can see, you are able to install, uninstall, display whether or not the extension is installed, or list all of the available modules. Running the list command as below will show all of the modules that are available to be added on your server.

root@devbox [~]# /scripts/phpextensionmgr list
Available Extensions:
EAccelerator
IonCubeLoader
Zendopt
Xcache
SourceGuardian
PHPSuHosin

You can also find the status of a single module by using the status flag.

root@devbox [~]# /scripts/phpextensionmgr status Xcache
Updating md5sum list
Fetching http://httpupdate.cpanel.net/cpanelsync/easy/targz.yaml (connected:0).......
(request attempt 1/12)...Using dns cache file /root/.HttpRequest/httpupdate.cpanel.net
......searching for mirrors (mirror search attempt 1/3)......
mirror search success......connecting to 69.72.212.10...
@69.72.212.10......connected......receiving...100%......request success......Done
Downloading tarball for Xcache
Fetching http://httpupdate.cpanel.net/cpanelsync/easy/targz/Cpanel/Easy/Xcache.pm.tar.gz (connected:0).......
(request attempt 1/12)......connecting to 69.72.212.10...@69.72.212.10......connected......
receiving...100%......request success......Done
Determining status of Xcache
Xcache extension is NOT installed

If we wanted to install Xcache, we would use the install flag, which will take care of the entire install process.  Keep in mind that we are only using Xcache as an example and it’s usage will depend on your server configuration as well.

root@devbox [~]# /scripts/phpextensionmgr install Xcache
Installing Xcache
Determining PHP version
Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626
Will now run system( ./configure,--with-php-config=/usr/local/bin/php-config )
checking for egrep... grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ANSI C... none needed
.....
.....
(More compiling stuff)
....
....
/bin/sh /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/libtool --mode=install cp ./xcache.la /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/modules
cp ./.libs/xcache.so /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/modules/xcache.so
cp ./.libs/xcache.lai /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/modules/xcache.la
PATH="$PATH:/sbin" ldconfig -n /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/modules
----------------------------------------------------------------------
Libraries have been installed in:
   /home/cpeasyapache/phpextensions/xcache/xcache-1.3.2/modules

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `LD_LIBRARY_PATH' environment variable
     during execution
   - add LIBDIR to the `LD_RUN_PATH' environment variable
     during linking
   - use the `-Wl,--rpath -Wl,LIBDIR' linker flag
   - have your system administrator add LIBDIR to `/etc/ld.so.conf'

See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------

Build complete.
Don't forget to run 'make test'.

Got ret value 0 from system( make )
Will now run system( make,install )
Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20090626/
Got ret value 0 from system( make,install )
Will now run system( make,clean )
find . -name \*.gcno -o -name \*.gcda | xargs rm -f
find . -name \*.lo -o -name \*.o | xargs rm -f
find . -name \*.la -o -name \*.a | xargs rm -f
find . -name \*.so | xargs rm -f
find . -name .libs -a -type d|xargs rm -rf
rm -f libphp.la   modules/* libs/*
Got ret value 0 from system( make,clean )
Xcache extension activated
./cpanel-install exiting with exit code 0

If you wanted to remove that module, you could do so with the uninstall flag.

root@devbox [~]# /scripts/phpextensionmgr uninstall Xcache
Uninstalling Xcache
Removing xcache from /usr/local/lib/php.ini

Using /scripts/phpextensionmgr can help you to add, remove, find the status of particular modules and list the available modules.  In you day to day work, this can help you to save time by not needing to run EasyApache to install the PHP modules which can save time and unnecessary load on your server.

If you have recently updated to Ubuntu 12.04 with Gnome as your desktop and are using dual monitors, you have probably noticed that only one of the screens switch workspaces and the other stays fixed. Before, you were able to fix this by using the gconf-editor, however now when you make changes to that, it is no longer working and the changes are not being applied. To fix the monitors when that does not work, you need to run the following command, which will disable workspaces-only-on-primary, which is basically doing the same thing as is done in the gconf-editor.

Run this command as the user that you are logged in as (not using sudo or as root in the command line)

gsettings set org.gnome.shell.overrides workspaces-only-on-primary false

You should not receive any output when you run the command and the changes should be applied immediately without needing to log out. You will now be able to change workspaces correctly on both monitors.

To find the version of the Gnome desktop, you simply have to run the following command:

gnome-shell --version

You should get some output that looks like this:

randomlinux@Desktop:~$ gnome-shell --version
GNOME Shell 3.4.1

This article is aimed at providing the basics to using iptables as a fire wall for your personal home or production server, we won’t be covering every thing here but what we will be covering will give you enough information to demystify their man pages and get you going.

Firstly, the firewall and how it behaves is base events depending on if packet traffic is incoming, out bounding, or passing through. Basically, any time some one is sending a packet to your server it is incoming, any time your server sends a packet to another computer it is out bounding and in the case where you server is acting as a gateway or proxy to another machine on your network it is forwarding. These events that are triggered in this process are INPUT, OUTPUT, and FORWARD respectively.

Now for each of these chains you may have rules that determine how this traffic will be handled and every time a packet is sent or received it checks the corresponding chain for what is called a rule.  A rule can be comprise of many different flag being triggered based on a number of criteria such as the ip the traffic is coming from or going to, the port the connection is coming from/going to, you can even filter traffic based on any text that the packet may contain, known as string blocking.All rules are read by iptables top to bottom, so any rule that is matched will be how the traffic is handled, if no rule is triggered then the handling based on the over all chain will determine how the traffic is handled. Based on any of that criteria you are going to tell iptables what to do with the traffic, this is signified by telling it one of the following modes.

ACCEPT – Accepts the packet and sends it to its destination.

DENY/REJECT -  Will stop the packet and send a response back to the machine that initiated contact telling it that it is not accepting connections from them.

DROP – Will drop the packet altogether and send no response to the machine that initiated contact.

RETURN – Accepts the packet and and sends it to the target where there the packet is handled how ever it decides to. Use of this function will not be discussed in this article.

QUEUE – Sends the packet into the system queue in user space where it will be processed, queuing will ultimately be determined by the kernel you are running and what it’s method of queuing is, this is beyond the scope of this article.

Let’s say we just want to block one ip from accessing the server, this can be done simply with the following.

iptables -A INPUT -s 111.222.333.444 -j DROP

In this example the we are telling iptables to append our rule to the INPUT chain, -s is the source address we are wanting to block and DROP is how we would like the packet to be handled. -j is how we pass the action that we would like to taken.

There might be times you only want to block access to a specific port or service on the server, in cases like this you can use the –destination-port flag, you can either use the service name or the port when using destination port, for example FTP or 21. In the following example we will also be providing the protocol that is being used to send the packets. At the base level of communication you will have TCP and UDP, ICMP, etc , since FTP establishes it’s primary connection with TCP we will use -p to set the protocol to TCP, you can leave that portion out which should block all protocol connections on port 21.

iptables -A INPUT -s 111.222.333.444 -p tcp –destination-port 21 -j DROP

If you would like to prevent all access to FTP except for specific IPs you can use the same command with out a source address to block all traffic.

iptables -A INPUT -p tcp –destination-port 21 -j DROP

now to let IPs you want to access FTP you would use the following.

iptables -I INPUT -s 222.333.444.555 -p tcp –destination-port 21 -j ACCEPT

and if you wanted all of your internal network to still be able to reach FTP you would use.

iptables -I INPUT -s 192.168.0.0/24 -p tcp –destination-port 21 -j ACCEPT

Now I know what your thinking to your self, “Whoa, hold on here a minute. Just a second ago we were using -A to append the rules to the end of the chain, where did this -i jazz come from and why are we using it.”. I suppose I should have covered that earlier on, as said earlier -A will append your rules to the end of your chain, -I is used to insert rules into a specific location into your chain. In the last examples we used -I with out any thing which will default to adding the rule to the top of the chain. In this case ipchains needs to know what traffic we will accept to the port first any traffic not matching that will be blocked, you can put the rule some where else by providing w rule number.  Such as

iptables -I 3 INPUT -s 111.222.333.444 -j DROP

In addition to appending and inserting you can also replace, delete, and flush rules. Replace and Delete are used in same fashion that insert is, by providing the rule number you would like to replace, delete. Flush will flush all of the rules from a specified chain, if no chain is provided it will effectively flush the rules from all of your chains. Their usage is as follows.

iptables -R 3 INPUT -s 222.333.444 -j REJECT

With the delete flag you can simply provide the rule number you want to delete or you can write out the rule in full. *Note tracking down the rule number and removing it that way is easier then writing out the full rule because it will have to match exactly what is in the fire wall. To determine what rule number you are wanting to remove you can use -L to list all rules in the chain, you will follow it with either INPUT, OUTPUT, FORWARD.

iptable -L INPUT -v –line-numbers

Then use iptables to remove the  rule.

iptables -D 4

Maybe for security reasons you would like your server to not communicate with other servers on common ports, one which can be commonly abused the SMTP.

iptables -A OUTPUT –dport 25 -j DROP

You can also keep your server from trying to communicate to a specific address using -d, or –destination

iptables -A OUTPUT -d 111.222.333.444 -j DROP

The following is a recap of the flags that we used and their usage.

-I NUM, inserts a rule into the chain at a provided rule number or at the top of the chain if no number is provided.
-A, appends a rule to the end of a given chain.
-D NUM, will deleted the rule at the given chain number.
-F CHAIN, will flush the given chain (INPUT,OUTPUT,FORWARD)
-s, is the source ip, or the ip that is trying to communicate with the server.
-d, is the destination ip address
–destination-port/–dport NUM, is the destination port which is being communicated to.

I hope this article is useful in some way to you, in the oncoming month we will be writing an article which covers more advanced usage and rules.

To zip particular files, you can use the following:

zip yourarchive.zip file1 file2 file3

To zip full directories recursively, you will add the -r flag.

zip -r nameofyourarchive.zip folder

That will zip everything everything that is in the folder that you choose, including any other folders that are inside of it.

Know of other ways to zip up files? Let us know in the comments!

Normally by default, your history will show just the number of the command that was run and the command.

root@server [~]# history | head
10 top
11 df -h
12 hostname -i

There are many times that you will want the time and date as well though, such as for server auditing and security reasons. To enable this, you will need to export HISTTIMEFORMAT.

root@server [~]# export HISTTIMEFORMAT=’%F %T ‘

This will enable the time stamps as well in your history. Now, when you run the history command, you will get something that looks like the following.

root@server [~]# history | head
10 2011-10-11 12:03:26 top
11 2011-10-11 12:03:29 df -h
12 2011-10-11 12:03:35 hostname -i

Let us know how you have your history set up in the comments!

To see the amount of memory that is free on your computer, you can use the free command. This will show you the amount of memory that you have total, as well as how much is being used. Using the free command with no flags will show you the amount in bytes.

[~]# free
total used free shared buffers cached
Mem: 2097152 473032 1624120 0 0 0
-/+ buffers/cache: 473032 1624120
Swap: 0 0 0

Using the -m flag will show you the amount in MB.

[~]# free -m
total used free shared buffers cached
Mem: 2048 463 1584 0 0 0
-/+ buffers/cache: 463 1584
Swap: 0 0 0

Know of more ways to find your memory usage or other ways to use free? Let us know in the comments!

#Apache httpd.conf tweak: prefork.c module

#Add this to httpd.conf

=====================

<IfModule prefork.c>

StartServers 15

MinSpareServers 10

MaxSpareServers 40

ServerLimit 256Max

Clients 256

MaxRequestsPerChild 1000

</IfModule>

=====================

#mysql tweak:

#add this to my.cnf

=====================

key_buffer = 48

Mmax_allowed_packet = 8M

table_cache = 128

sort_buffer_size = 48M

net_buffer_length = 8M

thread_cache_size = 4

query_cache_type = 1

query_cache_size = 4M

=====================

#Another mysql tweak:

#add to my.cnf

max_connections = 200

bind-address = 127.0.0.1

safe-show-database

skip-locking

skip-innodb

# MySQL 4.x has query caching available.

# Enable it for vast improvement and it may be all you need to tweak.

query_cache_type=1

query_cache_limit=1M

query_cache_size=32M

interactive_timeout=100

# Reduced wait_timeout to prevent idle clients holding connections.

wait_timeout=15

connect_timeout=10

# Checked opened tables and adjusted accordingly after running for a while.

table_cache=512

# Reduced it to 32 to prevent memory hogging.

thread_cache=32

# Reduced it by checking current size of *.MYI

files.key_buffer=128M

thread_concurrency=1

log_error                = /var/log/mysql/error.log

# log slow queries is a must.

log_slow_queries=/var/log/mysqld.slow.log

long_query_time=2

[mysqldump]

quick

max_allowed_packet=16M

[mysql]

no-auto-rehash

[isamchk]

key_buffer=64M

sort_buffer=64M

read_buffer=16M

write_buffer=16M

[myisamchk]

key_buffer=64M

sort_buffer=64M

read_buffer=16M

write_buffer=16M

[mysqlhotcopy]

interactive-timeout

=====================

To create an exact image of a cd or dvd, you are able to use the dd command. If your disk is mounted at /mnt/disk, you can use this command to make an image file named disk.iso.

dd if=/mnt/disk of=/home/disk.iso

In that command, dd is the program that is used, if is the input file, and of is the output file. The result of that will be an exact copy of the disk in /home named disk.iso.

If you need to disable shell access for a particular user, that can be done by editing the line for that user in the /etc/passwd file. So if we needed to change it for a user that is named user, you would open that file with a text editor, then change the line that begins with the username. So, when opening that file, you should see something like this:

user:x:526:598::/home/user:/bin/bash

To remove the ability to log in with ssh, you can change the last path to /bin/noshell

user:x:526:598::/home/user:/bin/noshell

Then save the file. Now that user will no longer be able to ssh into your box. This is useful to elevate the security of your machine if you have multiple users and only need ssh on certain ones.