How to Install and use Glances – System Monitor In Ubuntu

There are various default system monitor tools in Ubuntu that come with basic functions. However, there is recommended powerful free monitoring called Glances – An eye on your system. Glances is the monitoring tools that used to monitor GNU/Linux or BSD operating system from a command line interface and it uses the library libstatgrab to retrieve information and it is written in Python. The steps on this post was tested on Ubuntu 14.04 linux.

1. How to install glances on Ubuntu :

ehowstuff@ubuntu14:~$ sudo apt-get install glances -y

2. To start glances simply type glances from command line :

ehowstuff@ubuntu14:~$ glances

Monitor-Ubuntu-Glances-1

There are a lot of information retrieved about the resources of your system such as CPU, Load, Memory, Swap Network, Disk I/O and Processes all in one page, by default the color code means:

GREEN : the statistic is “OK”
BLUE : the statistic is “CAREFUL” (to watch)
VIOLET : the statistic is “WARNING” (alert)
RED : the statistic is “CRITICAL” (critical)

3. By default, interval time is set to ’1‘ second. You can change the interval by issue the following command :

ehowstuff@ubuntu14:~$ glances -t 2

4. Once in the glaces monitoring screen, press h to find out more hot keys to gather output information while glances is running.
Monitor-Ubuntu-Glances-2

How to Reset Forgotten Root Password in Ubuntu 14.04

ubuntu 14.04 password reset

Sometimes it is necessary to get root access into the Ubuntu system. I was facing the issue when try to reset forgotten root password in Ubuntu 14.04 using recovery mode (Drop to root shell prompt). After done a few testing and do a research, i have found the working solution for it.

Steps to Reset Forgotten Root Password in Ubuntu 14.04

Give root password for maintenance (or type Control-D to continue)

1. First, make sure to choose the regular or default boot kernel that you always use, then press ‘e’.
reset ubuntu root password
2. Hit the down arrow key over to the “linux” option.
ubuntu root password
3. Remove the “ro” part with the backspace key, and then the following onto the end:

rw init=/bin/bash

Press Ctrl-X or F10 to boot.
ubuntu reset root password
4. Your system should able to boot up very quickly to a command prompt.
Reset Forgotten Root Password in Ubuntu
5. Use the following command to reset your password:

passwd

Once password has been set successfully, run sync command to write out data to the disk before rebooting.

sync
reboot -f

Reset Forgotten Root Password in Ubuntu

Thats all. Now you should be able to login without any issues.

How to Check gcc Version on Ubuntu

Question :
How to check gcc version on my Ubuntu ?

Answer :

gcc – GNU project C and C++ compiler. There are a few options to obtain GCC version in Ubuntu.

Option 1
Issue command “gcc –version
Example :

ehowstuff@ubuntu14:~$ gcc --version
gcc (Ubuntu 4.8.2-19ubuntu1) 4.8.2
Copyright (C) 2013 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Option 2
Issue command “gcc -v
Example :

ehowstuff@ubuntu14:~$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.8.2-19ubuntu1' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-libmudflap --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1)

Option 3
Issue command “aptitude show gcc
Example :

ehowstuff@ubuntu14:~$ aptitude show gcc
Package: gcc
State: installed
Automatically installed: yes
Version: 4:4.8.2-1ubuntu6
Priority: optional
Section: devel
Maintainer: Ubuntu Developers 
Architecture: amd64
Uncompressed Size: 42.0 k
Depends: cpp (>= 4:4.8.2-1ubuntu6), gcc-4.8 (>= 4.8.2-5~)
Recommends: libc6-dev | libc-dev
Suggests: gcc-multilib, make, manpages-dev, autoconf, automake1.9, libtool, flex, bison, gdb,
          gcc-doc
Conflicts: gcc-doc (< 1:2.95.3), gcc-doc (< 1:2.95.3), gcc
Provides: c-compiler
Description: GNU C compiler
 This is the GNU C compiler, a fairly portable optimizing compiler for C.

 This is a dependency package providing the default GNU C compiler.

How to Install and Configure NTP Server on Ubuntu 14.04

The Network Time Protocol (NTP) is used to synchronize between computer systems over the network. Time synchronization is very crucial to determine when events happened to computers system or server systems. NTP will be very useful when we want to implement replication between servers. NTP uses 123/UDP protocol. Please make sure UDP port from each client to NTP has been opened. This article will describe how to install and configure NTP server on Ubuntu 14.04 server.

1. Install ntp service :

ehowstuff@ubuntu14:~$ sudo apt-get install ntp -y

2. Configure NTP service :

ehowstuff@ubuntu14:~$ sudo vi /etc/ntp.conf

For Malaysia, add the following NTP servers :

server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org

3. Once configuration file updated, restart ntp to take affect :

ehowstuff@ubuntu14:~$ sudo service ntp restart
 * Stopping NTP server ntpd                                                                  [ OK ]
 * Starting NTP server ntpd                                                                  [ OK ]

4. Verify that NTP service is synchronizing to remote NTP servers :

ehowstuff@ubuntu14:~$ sudo ntpq -p

Example :

ehowstuff@ubuntu14:~$ sudo ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 balthasar.gimas 65.32.162.194    3 u    1   64    1  146.094  -10.741   0.000
 chobi.paina.jp  .INIT.          16 u    -   64    0    0.000    0.000   0.000
 194.27.44.55    .INIT.          16 u    -   64    0    0.000    0.000   0.000
 202-65-114-202. .INIT.          16 u    -   64    0    0.000    0.000   0.000
 europium.canoni .INIT.          16 u    -   64    0    0.000    0.000   0.000

5. Configure NTP for Client :
ubuntu14-ntp1

How to Setup Squid Proxy in Ubuntu Server 14.04

How to Setup Squid Proxy in UbuntuSquid is a proxy server that provide cache services to the clients. It redirects client requests from web browsers to the proxy server and delivers the client’s requests and keeps a copy of them in the proxy hard disk cache. This will speeding up internet access especially for frequently-used files and reduces internet bandwidth. Squid program does not requires intensive CPU usage. To increase efficiency, i would recommend to buy faster disks or add more memory into the squid proxy server. This post describes basic steps on how to Setup Squid Proxy in Ubuntu Server 14.04.

How to Setup Squid Proxy in Ubuntu

 

 

How to Setup Squid Proxy in Ubuntu

1. Install Squid 3 :

ehowstuff@ubuntu14:~$ sudo apt-get install squid3 -y

2. Configure common setting :

ehowstuff@ubuntu14:~$ sudo vi /etc/squid3/squid.conf

Around line 919, define allowed LAN segment :

..
acl lan_ehowstuff src 192.168.0.0/24
..

Around line 1058, allow defined LAN :

..
http_access allow lan_ehowstuff
..

Listen on port 3128 :

# Squid normally listens to port 3128
http_port 3128

Save the configuration

3. Configure Squid Proxy Authentication using digest authentication scheme :

a. Install the program ‘htdigest’ :

ehowstuff@ubuntu14:~$ sudo apt-get install apache2-utils -y

b. Setting up user :

sudo htdigest -c /etc/squid3/passwords realm_name user_name

Example :

ehowstuff@ubuntu14:~$ sudo htdigest -c /etc/squid3/passwords proxy proxyuser1
Adding password for proxyuser1 in realm proxy.
New password:
Re-type new password:

c. At line 335-337, add digest squid authentication configuration. Please note that the file digest_pw_auth has been renamed to digest_file_auth in ubuntu 14.04. By default, the digest authentication scheme is not used unless the program is specified.

auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/passwords
auth_param digest realm proxy
acl authenticated_ehowstuff proxy_auth REQUIRED
http_access allow authenticated_ehowstuff

4. Restart the Squid to take affect the new configuration :

ehowstuff@ubuntu14:~$ sudo initctl restart squid3
squid3 start/running, process 2185

or

ehowstuff@ubuntu14:~$ sudo service squid3 restart

5. Verify port 3128 are listening :

ehowstuff@ubuntu14:~$ sudo netstat -plunt | grep 3128
tcp6       0      0 :::3128                 :::*                    LISTEN      2185/squid3

6. Configure at client browser :
How to Setup Squid Proxy in Ubuntu

7. Everytime you open the browser, proxy authentication box will be prompted :
How to Setup Squid Proxy in Ubuntu

8. Monitor the access log from proxy server. You can see proxyuser1 as authenticated user :

ehowstuff@ubuntu14:~$ sudo tail -f /var/log/squid3/access.log
RECT/173.194.126.55 text/html
1409354804.372   1073 192.168.0.1 TCP_MISS/200 776 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml
1409354842.754    963 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354843.234   1489 192.168.0.1 TCP_MISS/200 915 POST http://ocsp.digicert.com/ proxyuser1 HIER_DIRECT/117.18.237.29 application/ocsp-response
1409354843.454   1549 192.168.0.1 TCP_MISS/200 2285 POST http://sd.symcd.com/ proxyuser1 HIER_DIRECT/23.51.43.27 application/ocsp-response
1409354848.074   3249 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_NONE/- -
1409354848.877   3248 192.168.0.1 TCP_MISS_ABORTED/000 0 POST http://ocsp.thawte.com/ proxyuser1 HIER_DIRECT/199.7.71.72 -
1409354853.997   1120 192.168.0.1 TCP_MISS/200 794 GET http://hsrd.yahoo.com/_ylt=A86.IsJVDAFUTGsAVsJUqcB_;_ylu=X3oDMTQ0aHJqM2NuBGNjb2RlA2hvbWVydW4yBGNwb3MDMARnAzAyMTMtMGExNGQ5Zjc1NWZkZGUyYTY5M2E0ZmViNzE0MDUwOTctMDAxNARpbnRsA215BHBrZ3QDNARwb3MDMgRzZWMDdGQtb2ZsLWIEc2xrA3RpdGxlBHRlc3QDNjg0BHdvZQM5MTc5OTMzMg--/RV=1/RE=1410564437/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly9teS5zcG9ydHMueWFob28uY29tL2ZhbnRhc3kvc29jY2VyL3ByZW1pZXItbGVhZ3Vl/RS=%5EADA7H0JFo.Ud2RQRqK4zKbm5QoTGVg- proxyuser1 HIER_DIRECT/206.190.39.139 text/html
1409354854.482    280 192.168.0.1 TCP_MISS/200 446 GET http://toolbarqueries.google.com/tbr? proxyuser1 HIER_DIRECT/58.27.61.123 text/html
1409354854.750    549 192.168.0.1 TCP_MISS/200 4214 GET http://xml.alexa.com/data? proxyuser1 HIER_DIRECT/23.21.109.107 text/xml

I hope that above guidelines on how to Setup Squid Proxy in Ubuntu Server will help system administrator to start installing their own proxy server.

How to Install and Configure ProFTPD FTP Server on Ubuntu 14.04

ProFTPD (short for Pro FTP daemon) is a popular open-source FTP server. It’s an alternative to vsftpd. For those who run virtual private server (VPS) or dedicated server to host your blog or website, I would recommend you to install FTP service, it will be easy for you to upload and retrieved any files to the server. This post describes the steps to install and configure ProFTPD FTP Server on Ubuntu 14.04.

1. Install ProFTPD :

ehowstuff@ubuntu14:~$ sudo apt-get install proftpd -y

2. Open proftpd configuration file and make a few changes :

ehowstuff@ubuntu14:~$ sudo vi /etc/proftpd/proftpd.conf

a. Turn off if not needed

UseIPv6                         off

b. Change the hostname

ServerName                      "Ubuntu14.ehowstuff.local"

c. Specify root directory for chroot by uncomment this line. This will limit users to their home directory only :

DefaultRoot                     ~

Full example :

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off
# If set on you can experience a longer connection delay in many cases.
IdentLookups                    off

ServerName                      "Ubuntu14.ehowstuff.local"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-l"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
DefaultRoot                     ~

..

3. Add any users that you disallowed to use FTP connection. Remove root if you want to allow root :

ehowstuff@ubuntu14:~$ sudo vi /etc/ftpusers

By default below users are disallowed FTP access :

# /etc/ftpusers: list of users disallowed FTP access. See ftpusers(5).

daemon
bin
sys
sync
games
man
lp
mail
news
uucp
nobody

4. Restart ProFTPD :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/proftpd restart
 * Stopping ftp server proftpd                                                               [ OK ]
 * Starting ftp server proftpd                                                               [ OK ]

5. Test FTP connection using FTP client.
ubuntu-proftpd-2

or you can access FTP server via command line :

D:\>ftp 192.168.0.114
Connected to 192.168.0.114.
220 ProFTPD 1.3.5rc3 Server (Ubuntu14.ehowstuff.local) [192.168.0.114]
User (192.168.0.114:(none)): ehowstuff
331 Password required for ehowstuff
Password:
230 User ehowstuff logged in
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
v3.1.12.zip
ehowstuff.local.conf
common.conf
default-edited
jcameron-key.asc
index.html
wordpress.conf
public_html
default
226 Transfer complete
ftp: 132 bytes received in 0.02Seconds 8.25Kbytes/sec.
ftp>

Thats all.

How to Install phpMyAdmin on Ubuntu 14.04

phpMyAdmin is a open source software that intended to manage and administer MySQL over the Web browsers and it was written in PHP. It is one of the most popular tools for managing the MySQL database and you’ll need to install and configure Apache, PHP, and the PHP MySQL in order to make it run perfectly. Follow the following steps to install phpMyAdmin on Ubuntu 14.04 virtual private server (VPS)and dedicated server.

1. Assumed that Apache web server and MySQL database server has been prepared.

2. Install phpmyadmin :

ehowstuff@ubuntu14:~$ sudo apt-get install phpmyadmin -y

phpmyadmin-ubuntu14-1
phpmyadmin-ubuntu14-2

3. Configure Apache :

ehowstuff@ubuntu14:~$ sudo vi /etc/phpmyadmin/apache.conf

Add IP as below :

# phpMyAdmin default Apache configuration

Alias /phpmyadmin /usr/share/phpmyadmin

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        Require ip 127.0.0.1 192.168.0.0/24
        <IfModule mod_php5.c>
                AddType application/x-httpd-php .php

                php_flag magic_quotes_gpc Off
                php_flag track_vars On
                php_flag register_globals Off
                php_admin_flag allow_url_fopen Off
                php_value include_path .
                php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
                php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/javascript/
        </IfModule>

</Directory>

4. Restart Apache :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apache2 restart
 * Restarting web server apache2                                                             [ OK ]
ehowstuff@ubuntu14:~$

5. Access to “http://IP_address/phpmyadmin/” and login to MySQL.
phpmyadmin-ubuntu14-3

How to Install and Configure vsftpd FTP Server on Ubuntu 14.04

The File Transfer Protocol (FTP) is a standard network protocol used to transfer files from one machine to another machine or server. If you plan to manage your own virtual private server (VPS) or dedicated server to host your blog or website, i would suggest you install ftp service. It will be easy for you to retrieved and upload any files to the VPS server. This post describes the steps to install and configure vsftpd FTP Server on Ubuntu 14.04.

1. Install vsftpd FTP service :

ehowstuff@ubuntu14:~$ sudo apt-get install vsftpd -y

2. Open vsftpd.conf and uncomment the following :

ehowstuff@ubuntu14:~$ sudo vi /etc/vsftpd.conf

Uncomment below and add two last line :

..
write_enable=YES
..
ascii_upload_enable=YES
ascii_download_enable=YES
..
chroot_local_user=YES
chroot_list_enable=YES
..
chroot_list_file=/etc/vsftpd.chroot_list
..
ls_recurse_enable=YES
..
local_root=public_html
seccomp_sandbox=NO

3. Allow user to access their home directory :

ehowstuff@ubuntu14:~$ sudo vi /etc/vsftpd.chroot_list

Add ehowstuff :

ehowstuff

4. Restart vsftpd to take afffect :

ehowstuff@ubuntu14:~$ sudo initctl restart vsftpd
vsftpd start/running, process 1988

5. Verify the ftp port listening or not :

ehowstuff@ubuntu14:~$ telnet localhost 21
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 (vsFTPd 3.0.2)
^]
telnet> quit

6. Test from Windows Client :

D:\>ftp 192.168.0.114
Connected to 192.168.0.114.
220 (vsFTPd 3.0.2)
User (192.168.0.114:(none)): ehowstuff
331 Please specify the password.
Password:
230 Login successful.
ftp> pwd
257 "/home/ehowstuff/public_html"
ftp>

Thats all.

 

How to Install ClamAV on Ubuntu Server 14.04

Linux system is design to makes it hard for viruses to run and that why it is more secure than windows operating system. However we still need to install Clam AntiVirus (ClamAV) on linux server to protect it from virus. This because the linux malware and viruses are increasing everyday. ClamAV is free antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats and one of the main uses is on main servers as server-side email virus scanner. ClamAV can be integrate with mail servers to scan the attachment and files. This article will describe on how to install ClamAV on Ubuntu Server 14.04 virtual private server (VPS) or dedicated server.

install clamav ubuntu server

How to Install ClamAV on Ubuntu Server 14.04

1. Install clamav and clamav-daemon. Clamav daemon is for automated use.

ehowstuff@ubuntu14:~$ sudo apt-get install clamav clamav-daemon -y

2. Update the clamav pattern file :

ehowstuff@ubuntu14:~$ sudo freshclam

3. Check files in the all users home directories:

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
[sudo] password for ehowstuff:
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.139 sec (0 m 20 s)
ehowstuff@ubuntu14:~$

4. Download test virus :

ehowstuff@ubuntu14:~$ wget http://www.eicar.org/download/eicar.com
--2014-05-24 15:05:13--  http://www.eicar.org/download/eicar.com
Resolving www.eicar.org (www.eicar.org)... 188.40.238.250
Connecting to www.eicar.org (www.eicar.org)|188.40.238.250|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 68 [application/octet-stream]
Saving to: âeicar.comâ

100%[==========================================================>] 68          --.-K/s   in 0s

2014-05-24 15:05:13 (8.12 MB/s) - âeicar.comâ saved [68/68]

5. Check again the directory should contain the downloaded test virus :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 19.874 sec (0 m 19 s)

6. Scan and remove virus files :

ehowstuff@ubuntu14:~$ sudo clamscan --infected --remove --recursive /home
/home/ehowstuff/eicar.com: Eicar-Test-Signature FOUND
/home/ehowstuff/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 12
Infected files: 1
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.930 sec (0 m 20 s)

7. Scan again home directory. The downloaded virus file should be remove now :

ehowstuff@ubuntu14:~$ sudo clamscan -r /home
/home/ehowstuff/v3.1.12.zip: OK
/home/ehowstuff/.mysql_history: OK
/home/ehowstuff/.bash_logout: OK
/home/ehowstuff/.bash_history: OK
/home/ehowstuff/.profile: OK
/home/ehowstuff/.bashrc: OK
/home/ehowstuff/.cache/motd.legal-displayed: Empty file
/home/ehowstuff/.viminfo: OK
/home/ehowstuff/jcameron-key.asc: OK
/home/ehowstuff/.rnd: OK
/home/ehowstuff/index.html: OK
/home/ehowstuff/.ssh/known_hosts: OK

----------- SCAN SUMMARY -----------
Known viruses: 3383485
Engine version: 0.98.1
Scanned directories: 4
Scanned files: 11
Infected files: 0
Data scanned: 4.66 MB
Data read: 1.04 MB (ratio 4.47:1)
Time: 20.151 sec (0 m 20 s)

8. Start clamav-daemon (clamd):

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon start
 * Starting ClamAV daemon clamd                                                              [ OK ]

9. Check clamd status :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-daemon status
 * clamd is running

10. Start and check the status of clamav-freshclam :

ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam start
 * Starting ClamAV virus database updater freshclam                                          [ OK ]
ehowstuff@ubuntu14:~$ sudo /etc/init.d/clamav-freshclam status
 * freshclam is running

11. Verify ClamAV version number :

ehowstuff@ubuntu14:~$ sudo clamdscan -V
ClamAV 0.98.1/19025/Sat May 24 10:04:32 2014

12. See more option for clamscan by issue “sudo clamscan –help” command:

ehowstuff@ubuntu14:~$ sudo clamscan --help

                       Clam AntiVirus Scanner 0.98.1
           By The ClamAV Team: http://www.clamav.net/team
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.

I hope this article gives you some ideas and essential guidance on how to install clamav ubuntu server 14.04 virtual private server (VPS) or dedicated server.

 

How to Hide Apache Information on Ubuntu VPS/Dedicated Web server

By default the sensitive server information such as of Apache version, modules, operating System was not hide from the HTTP Header. This information will be display when there is a request to it. Attackers can use those information when they performing attacks to your VPS webserver. This post will show you how to hide apache details on Ubuntu 14.04 VPS or dedicated server.

1. Modify security.conf :

ehowstuff@ubuntu14:~$ sudo vi /etc/apache2/conf-enabled/security.conf

Change “ServerTokens OS” to “ServerTokens Prod” then
Change “ServerSignature On” to “ServerSignature Off”

..
..
ServerTokens Prod
..
..

..
ServerSignature Off
..
..

2. After done the changes, restart the apache2 :

ehowstuff@ubuntu14:~$ sudo service apache2 restart
 * Restarting web server apache2                                                             [ OK ]

3. Perform the following command before change and after change the configuration :

ehowstuff@ubuntu14:~$ sudo curl -I http://192.168.0.114

The result should be as below :

Before :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:25:52 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

After hide should be like this :

HTTP/1.1 200 OK
Date: Sun, 11 May 2014 01:29:50 GMT
Server: Apache
Last-Modified: Thu, 08 May 2014 16:39:14 GMT
ETag: "2cf6-4f8e61f1300ba"
Accept-Ranges: bytes
Content-Length: 11510
Vary: Accept-Encoding
Content-Type: text/html

Done!!

How to Disable and Remove AppArmor on Ubuntu 14.04

remove AppArmor on UbuntuAppArmor is a Mandatory Access Control (MAC) and security extension that provides a variety of security policies for Linux kernel. It is an alternative application to SELinux and included with Ubuntu. Most of the time you don’t need it to configure a secure system, and it usually causes more problems because some service wasn’t working as expected. Below steps will show you how to disable and remove AppArmor on Ubuntu 14.04.

Steps to Disable and Remove AppArmor on Ubuntu

1. How to check AppArmor status :

ehowstuff@ubuntu14:~$ sudo apparmor_status
apparmor module is loaded.
4 profiles are loaded.
4 profiles are in enforce mode.
   /sbin/dhclient
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/sbin/tcpdump
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode.
   /sbin/dhclient (669)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.

2. Disable AppArmor and unload the kernel module by entering the following:

ehowstuff@ubuntu14:~$ sudo /etc/init.d/apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

or

ehowstuff@ubuntu14:~$ sudo service apparmor stop
ehowstuff@ubuntu14:~$ sudo update-rc.d -f apparmor remove

3. Remove AppArmor software :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y

Example :

ehowstuff@ubuntu14:~$ sudo apt-get remove apparmor apparmor-utils -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  apparmor apparmor-utils
0 upgraded, 0 newly installed, 2 to remove and 119 not upgraded.
After this operation, 1,467 kB disk space will be freed.
(Reading database ... 93228 files and directories currently installed.)
Removing apparmor-utils (2.8.95~2430-0ubuntu5) ...
Removing apparmor (2.8.95~2430-0ubuntu5) ...
 * Clearing AppArmor profiles cache                                                          [ OK ]
All profile caches have been cleared, but no profiles have been unloaded.
Unloading profiles will leave already running processes permanently
unconfined, which can lead to unexpected situations.

To set a process to complain mode, use the command line tool
'aa-complain'. To really tear down all profiles, run the init script
with the 'teardown' option."
Processing triggers for man-db (2.6.7.1-1) ...

Note : this steps works on ubuntu 14.04 minimal installation without GUI.

How to Allow root to use SSH on Ubuntu 14.04

Ubuntu is Debian-based distributions that don’t allow logins by the root user by default, either locally or remotely via SSH. Previous post, i have discussed how to enable root login on Ubuntu 14.04 by issue the following command :

sudo passwd root

Above command not allow the root user to remotely use SSH connection by default. There are a few more steps need to perform in order to allow root to use SSH on Ubuntu 14.04. Kindly follow below steps :

1. Login using normal user and su to root. Edit /etc/ssh/sshd_config :

ehowstuff@ubuntu14:~$ su - root
Password:
root@ubuntu14:~# vi /etc/ssh/sshd_config

2. Comment out #PermitRootLogin without-password, add PermitRootLogin yes into the line :

# Authentication:
LoginGraceTime 120
#PermitRootLogin without-password
PermitRootLogin yes
StrictModes yes

3. Restart ssh service to take affect the changes :

root@ubuntu14:~# service sshd restart
ssh stop/waiting
ssh start/running, process 1499
root@ubuntu14:~#

4. That’s all.