Month: June 2021

Hello,

In this week’s feature highlight, we look at How to Install PHP 7 x on Rocky Linux 8

Installing the EPEL and Remi Repository

For this we use the PHP 7.x packaged by Remi, a third-party repository which offers multiple versions of PHP 7.x and 8.x

First, lets install the EPEL repository,

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

Next, install the Remi repository with the following command,

yum install -y https://rpms.remirepo.net/enterprise/remi-release-8.rpm

List the available PHP module stream

To check/list the available PHP versions, use the following command,

yum module list php

Output:

[root@server ~]# yum module list php
Last metadata expiration check: 2:11:11 ago on Wed 12 May 2021 11:54:38 AM EDT.
Rocky Linux 8 - AppStream
Name     Stream         Profiles                       Summary
php      7.2 [d][e]     common [d], devel, minimal     PHP scripting language
php      7.3            common [d], devel, minimal     PHP scripting language
php      7.4            common [d], devel, minimal     PHP scripting language

Remi's Modular repository for Enterprise Linux 8 - x86_64
Name     Stream         Profiles                       Summary
php      remi-7.2       common [d], devel, minimal     PHP scripting language
php      remi-7.3       common [d], devel, minimal     PHP scripting language
php      remi-7.4       common [d], devel, minimal     PHP scripting language
php      remi-8.0       common [d], devel, minimal     PHP scripting language

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled

Installing PHP 7.x

First, lets disable the old version before enabling the new one,

dnf module reset php

Output:

[root@server ~]# dnf module reset php
Last metadata expiration check: 2:11:49 ago on Wed 12 May 2021 11:54:38 AM EDT.
Dependencies resolved.
================================================================================
 Package           Architecture     Version             Repository         Size
================================================================================
Resetting modules:
 php

Transaction Summary
================================================================================

Is this ok [y/N]: y
Complete!

Below are the commands to install a specific version of PHP to your requirements,

dnf module install php:remi-7.2

dnf module install php:remi-7.3

dnf module install php:remi-7.4

dnf module install php:remi-8.0

In our case, we will install PHP 7.4 via the remi repository,

dnf module install php:remi-7.4

Output:

[root@server ~]# dnf module install php:remi-7.4
Last metadata expiration check: 2:12:20 ago on Wed 12 May 2021 11:54:38 AM EDT.
Dependencies resolved.
================================================================================
 Package            Arch        Version                 Repository         Size
================================================================================
Upgrading:
 php                x86_64      7.4.19-1.el8.remi       remi-modular      3.0 M
 php-cli            x86_64      7.4.19-1.el8.remi       remi-modular      4.6 M
 php-common         x86_64      7.4.19-1.el8.remi       remi-modular      1.2 M
 php-fpm            x86_64      7.4.19-1.el8.remi       remi-modular      1.6 M
 php-gd             x86_64      7.4.19-1.el8.remi       remi-modular       93 k
 php-json           x86_64      7.4.19-1.el8.remi       remi-modular       77 k

You can update your system and installed packages at any time by running the following command,

dnf update

Check Installed PHP Version

Now that we have installed PHP 7.4 via the remi repository, we can verify the version installed by running the php -v command,

php -v

Output:

[root@server ~]# php -v
PHP 7.4.19 (cli) (built: May  4 2021 11:06:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies

Done!

Hello,

In this week’s feature highlight, we look at How to Composer on Rocky Linux 8

Composer is basically a dependency manager for the programming language, PHP. It functions as some sort of project manager that helps the programmer manage dependencies that will be used on a project to project basis.

Installing PHP

Install PHP by running the following command.

dnf install @php

Output:

[root@server ~]# dnf install @php
Last metadata expiration check: 0:50:18 ago on Thu 13 May 2021 01:00:13 PM EDT.
Dependencies resolved.
================================================================================
 Package          Arch   Version                                Repo       Size
================================================================================
Installing group/module packages:
 php-cli          x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream 3.1 M
 php-common       x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream 660 k
 php-fpm          x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream 1.6 M
 php-json         x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream  72 k
 php-mbstring     x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream 579 k
 php-xml          x86_64 7.2.24-1.module+el8.3.0+200+280400f1   appstream 187 k

Download Composer installer

We will install wget package so we can download files over the internet, you can skip this part if you already have it installed.

dnf -y install wget

We will now download the composer from the official website

wget https://getcomposer.org/installer -O composer-installer.php

Output:

[root@vps ~]# wget https://getcomposer.org/installer -O composer-installer.php
--2021-02-23 12:59:23--  https://getcomposer.org/installer
Resolving getcomposer.org (getcomposer.org)... 142.44.245.229, 2607:5300:201:2100::4:d105
Connecting to getcomposer.org (getcomposer.org)|142.44.245.229|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58460 (57K) [application/octet-stream]
Saving to: ‘composer-installer.php’

composer-installer. 100%[===================>]  57.09K  --.-KB/s    in 0.1s

2021-02-23 12:59:24 (420 KB/s) - ‘composer-installer.php’ saved [58460/58460]

Installing PHP Composer

Install the PHP Composer by running the following command.

php composer-installer.php --filename=composer --install-dir=/usr/local/bin 

Output:

[root@server ~]# wget https://getcomposer.org/installer -O composer-installer.php
--2021-05-13 13:52:13--  https://getcomposer.org/installer
Resolving getcomposer.org (getcomposer.org)... 142.44.245.229, 2607:5300:201:2100::4:d105
Connecting to getcomposer.org (getcomposer.org)|142.44.245.229|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58460 (57K) [application/octet-stream]
Saving to: ‘composer-installer.php’

composer-installer. 100%[===================>]  57.09K  --.-KB/s    in 0.1s

2021-05-13 13:52:14 (421 KB/s) - ‘composer-installer.php’ saved [58460/58460]

Verify the PHP Composer version once installation is done

composer --version

Output:

[root@server ~]# php composer-installer.php --filename=composer --install-dir=/usr/local/bin
All settings correct for using Composer
Downloading...

Composer (version 2.0.13) successfully installed to: /usr/local/bin/composer
Use it: php /usr/local/bin/composer

Testing Composer

To test your installation, run the following command.

composer

Output:

[root@server ~]# composer --version
Composer version 2.0.13 2021-04-27 13:11:08
[root@server ~]# composer
   ______
  / ____/___  ____ ___  ____  ____  ________  _____
 / /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
                    /_/
Composer version 2.0.13 2021-04-27 13:11:08

Usage:
  command [options] [arguments]

Done!

Hello,

In this week’s feature highlight, we look at How to Docker on Rocky Linux 8

What is Docker?

Docker is basically a container engine which uses the Linux Kernel in order to create the containers on top of an operating system. Which is use to create, deploy and run applications in a containerized environment.

First, check and install any pending system updates.

yum update 

Adding Docker repository

Enable the Docker CE repository by running the following command.

dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo

Output:

[root@vps ~]# dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
Adding repo from: https://download.docker.com/linux/centos/docker-ce.repo

Installing Docker-ce package

Install Docker-ce package on AlmaLinux 8 by running the following command.

dnf -y  install docker-ce --nobest

Output:

[root@server ~]# dnf -y  install docker-ce --nobest
Docker CE Stable - x86_64                        50 kB/s |  12 kB     00:00
Dependencies resolved.
================================================================================
 Package                      Arch   Version             Repository        Size
================================================================================
Installing:
 docker-ce                    x86_64 3:20.10.6-3.el8     docker-ce-stable  27 M
Installing dependencies:
 checkpolicy                  x86_64 2.9-1.el8           baseos           345 k
 container-selinux            noarch 2:2.155.0-1.module+el8.3.0+161+9c4b50ff
                                                         appstream         50 k
 containerd.io                x86_64 1.4.4-3.1.el8       docker-ce-stable  33 M
 docker-ce-cli                x86_64 1:20.10.6-3.el8     docker-ce-stable  33 M

Enable the Docker service.

systemctl enable --now docker

Output:

[root@vps ~]# systemctl enable --now docker
Created symlink /etc/systemd/system/multi-user.target.wants/docker.service → /usr/lib/systemd/system/docker.service.

Checking the Docker service

To verify the Docker service by running the following command.

systemctl status  docker

Output:

 [root@server ~]# systemctl status  docker
● docker.service - Docker Application Container Engine
   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor pres>
   Active: active (running) since Wed 2021-05-12 16:05:02 EDT; 11s ago
     Docs: https://docs.docker.com
 Main PID: 12504 (dockerd)
    Tasks: 8
   Memory: 44.1M
   CGroup: /system.slice/docker.service
           └─12504 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/conta>

May 12 16:04:59 server dockerd[12504]: time="2021-05-12T16:04:59.724605461-04:0>
May 12 16:04:59 server dockerd[12504]: time="2021-05-12T16:04:59.724671035-04:0>
May 12 16:04:59 server dockerd[12504]: time="2021-05-12T16:04:59.726331220-04:0>

Done!

Hello,

In this week’s feature highlight, we look at How to Fail2Ban on Rocky Linux 8

Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs, etc. And uses iptables profiles to block brute-force attempts.

To install Fail2ban, The EPEL repository needs to be installed first.

yum install epel-release

Note: It will prompt for several permission Press “y” and “Enter” to continue.

Next, install fail2ban package.

yum install fail2ban

Note: This will prompt for several permissions, Press “y” and “Enter” to continue.

Set fail2ban to start on boot automatically,

systemctl enable fail2ban

Configuring local file settings.

Jail.conf contains a section which Configuration settings can be done for the fail2ban, we are not going edit this file because package upgrade can overwrite this file.

Jail.local contains same section where jail.conf file contains and it can override this values.

/etc/fail2ban/jail.d/ can override both jails.local and jails.conf files

First we begin with the jail.local file.

Open the file for editing,

nano /etc/fail2ban/jail.local

Add the following content,

[DEFAULT]
# Ban hosts for one hour:
bantime = 3600

# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport

[sshd]
enabled = true

If server uses firewalld instead of iptables, simply comment the banaction line

Restarting the Fail2Ban service to load new settings.

systemctl restart fail2ban

To check status

fail2ban-client status

Output:

Status
|- Number of jail:      1
`- Jail list:   sshd

To view detailed information of sshd

fail2ban-client status sshd

Ouput:

[root@server ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 5
|  |- Total failed:     238
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 19
   |- Total banned:     19
   `- Banned IP list:   221.131.165.56 183.89.70.240 211.200.178.178 218.92.0.207 221.181.185.143 221.181.185.220 189.207.242.90 120.246.124.254 51.254.84.249 103.20.34.169 218.22.36.135 1.179.185.50 171.245.229.51 106.55.240.205 212.64.60.50 58.240.52.43 209.141.60.60 171.225.250.69 221.181.185.151

Modify the content of the file /etc/fail2ban/jail.local

nano /etc/fail2ban/jail.local

Setting ban time

#ban time setting to 600sec
bantime = 600 

Setting conditions to ban a client

findtime = 600 
maxretry = 3

In this example, the client is blocked if he makes 3 unsuccessful login attempts with in 10 mins.

To check the details of banned IPs and number of login attempts,

fail2ban-client status sshd

Output:

[root@server ~]# fail2ban-client status sshd
Status for the jail: sshd
|- Filter
|  |- Currently failed: 5
|  |- Total failed:     262
|  `- Journal matches:  _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
   |- Currently banned: 21
   |- Total banned:     21
   `- Banned IP list:   221.131.165.56 183.89.70.240 211.200.178.178 218.92.0.207 221.181.185.143 221.181.185.220 189.207.242.90 120.246.124.254 51.254.84.249 1        03.20.34.169 218.22.36.135 1.179.185.50 171.245.229.51 106.55.240.205 212.64.60.        50 58.240.52.43 209.141.60.60 171.225.250.69 221.181.185.151 142.93.215.8 222.18        7.238.136