Author: wahab Page 1 of 7

Deploy WordPress with Docker & SSL - No Headaches!

On February 18, 2025

Setting up WordPress with SSL can be a real headache. I’ve simplified the process using Docker, making it much easier to deploy a secure and scalable WordPress site. My latest Medium article walks you through the steps, eliminating the usual frustrations. Read the full guide here: Deploy WordPress with Docker & SSL (No Headaches!)

Multiple database server versions on Plesk server using Docker

By wahab

On February 1, 2025

In Plesk

Adding Multiple Database Servers in Plesk Using Docker

By default, you can only install a single version of MySQL/MariaDB on your server. However, if some of your customer require a different MySQL version, you can use docker. Plesk allows you to add multiple database servers using its Docker extension. This is particularly useful when hosting multiple applications requiring different database versions. In this guide, we will walk through installing and configuring a MariaDB 10.11 Docker container, mapping its ports, and adding it to Plesk as an external database server.

Step 1: Prepare the Server

Log into your server via SSH.
Create a directory for the Docker container’s data storage to ensure persistence:
```
mkdir -p /var/docker/mysql/
```

Step 2: Install and Configure Docker in Plesk

Log in to Plesk.
Navigate to Extensions and ensure the Docker extension is installed. If not, install it.
Go to Docker in Plesk.
In the search box, type mariadb and press Enter.

Select the MariaDB image and choose version 10.11.
Click Next.
Configure the container:
- Check Automatic start after system reboot.
- Uncheck Automatic port mapping and manually map:
  - Internal port 3306 to external port 3307.
- Ensure firewall rules allow traffic on ports 3307 and 33070.
- Set Volume mapping:
  - Container: /var/lib/mysql
  - Host: /var/docker/mysql
  - Warning: Not mapping this can result in data loss when the container is recreated.
- Add an environment variable MYSQL_ROOT_PASSWORD and specify a secure root password.
- Click Run to start the container.

Step 3: Add the MySQL Docker Container as an External Database in Plesk

Once the container is running, we need to add it to Plesk as an external database server:

Log in to Plesk.
Navigate to Tools & Settings > Database Servers (under Applications & Databases).
Click Add Database Server.
Configure the database server:
- Database server type: Select MariaDB.
- Hostname or IP Address: Use 127.0.0.1.
- Port: Enter 3307 (as mapped earlier).
- Set as Default (Optional): Check Use this server as default for MySQL if you want clients to use this server by default.
- Credentials: Enter the root user and password specified during container setup.
- Click OK to save the configuration.

Step 4: Using the New Database Server

Now that the new database server is added, clients can choose it when creating a new database in Plesk:

Go to Databases in Plesk.
Click Add Database.
Under Database server, select the newly added MariaDB 10.11 instance.

This setup allows clients to choose different database servers for their applications while ensuring database persistence and security.

Conclusion

By leveraging Docker, you can efficiently manage multiple database versions on a Plesk server. This method ensures better isolation, easier upgrades, and avoids conflicts between database versions, providing a flexible and robust hosting environment.

How to install a SSL certificate

By wahab

On January 19, 2025

In Cpanel and WHM, Linux server, SSL

Steps to Install an SSL Certificate

Introduction to SSL Certificates

An SSL (Secure Sockets Layer) certificate is a crucial security feature for websites, ensuring encrypted communication between the browser and the server. SSL protects sensitive information like passwords, payment details, and personal data from being intercepted. Additionally, it boosts user trust by displaying a padlock icon in the browser and improves search engine rankings as search engines prioritize HTTPS-enabled websites.

Installing an SSL certificate is essential to secure your website and provide a safe experience for your users. Below are the high-level steps for installing an SSL certificate on your server.

Steps to Install an SSL Certificate

Step 1: Generate a Certificate Signing Request (CSR)

To get an SSL certificate, you first need to generate a Certificate Signing Request (CSR), which includes your website’s details:

Generate a Private Key:
Use a tool like OpenSSL to create a private key:
```
openssl genrsa -out private.key 2048
```
Store the private key securely, as it is required during SSL installation.
Important: Never share the private key.
Generate the CSR:
Use the private key to generate a CSR:
```
openssl req -new -key private.key -out csr.pem
```
Provide the requested details, including:
- Common Name (the domain name to be secured)
- Organization Name (for business validation)
- Country, State, and City

Step 2: Purchase or Obtain an SSL Certificate

Choose a Certificate Authority (CA) or hosting provider for your SSL certificate.
Submit the CSR to the CA for verification.
Validate your domain ownership through one of the following methods:
- Email Validation: Respond to an email sent to your domain’s administrative address.
- DNS Validation: Add a specific DNS record to your domain.
- HTTP Validation: Upload a verification file to your website.
For Extended Validation (EV) or Organization Validation (OV) certificates, additional steps like verifying your business details with the CA may be required.
Once validated, download the issued SSL certificate and intermediate certificate bundle (CA bundle).

Step 3: Install the SSL Certificate on the Server

If Using a Control Panel:
Log in to the hosting control panel (e.g., cPanel, Plesk).
Navigate to the SSL/TLS or security settings.
Upload the SSL certificate, CA bundle, and private key.
Follow the instructions to install the certificate.
If No Control Panel:
Log in to the server via SSH.
Configure the web server (e.g., Apache, Nginx) to include the certificate details:
- SSL certificate file (.crt or .pem)
- Private key file
- Intermediate certificate file (CA bundle)
Restart the web server to apply the changes.

Step 4: Test the SSL Installation

Use online tools like SSL Labs SSL Test to verify your SSL setup.
Confirm that the certificate is valid and properly installed.
Ensure no SSL errors or warnings are displayed.

Step 5: Update Website Links

Update all internal links and references from http:// to https:// to avoid mixed content errors. Update your CMS settings (e.g., WordPress URL settings) to use HTTPS.

Step 6: Set Up HTTPS Redirects

Redirect all HTTP traffic to HTTPS by default to ensure all users access the secure version of your site.

Step 7: Monitor and Renew the SSL Certificate

Keep track of the certificate’s expiration date and renew it on time.
For free SSL certificates like Let’s Encrypt, automate the renewal process using tools like Certbot.
Periodically test your website’s SSL configuration for potential issues or updates.

How to Migrate a WordPress Site from One Host to Another: A Step-by-Step Guide

By wahab

On January 19, 2025

In Linux server, WordPress

WordPress is one of the most popular content management systems (CMS) in the world, powering over 40% of websites globally. Its flexibility, ease of use, and vast ecosystem of plugins and themes make it a favorite among bloggers, businesses, and developers alike.

At its core, WordPress has a simple structure:

Files: These include the WordPress core, themes, plugins, and the wp-content folder where your media files are stored.
Database: This stores all the critical information such as posts, pages, user data, and site configurations.

When migrating a WordPress site, it is essential to back up both the files and the database, as they work together to run your WordPress site seamlessly. Missing either part can cause errors or data loss. In this guide, we’ll walk you through the high-level steps of migrating your WordPress site to a new hosting provider.

Step 1: Backup Your Website Files

Backing up your WordPress files ensures that your themes, plugins, and media are safe. You can do this using the following methods:

Using an FTP Client:
Connect to your existing hosting account using an FTP client like FileZilla. Download all the WordPress files, especially the wp-content folder, which contains your themes, plugins, and uploads.
Using SCP for Secure Transfers:
If you have SSH access, use the scp command to securely copy files from your server to your local machine or another server:
```
scp -r username@oldhost:/path/to/wordpress /path/to/local/backup
```
Using File manager provided by the Hosting control panel:
If your webhost provider/control panel provides a file manager, you would be able to compress the files and download the zip .

Step 2: Export the WordPress Database

The database is the heart of your WordPress site, storing all the content and settings. It’s crucial to back it up properly:

Using phpMyAdmin:
Log in to your hosting control panel and open phpMyAdmin. Select your WordPress database, click the “Export” tab, and download it as a .sql file.
Using mysqldump via SSH:
If you have SSH access, create a backup of your database using the mysqldump command:
```
mysqldump -u username -p database_name > backup.sql
```

Step 3: Set Up the New Hosting Environment

Before importing the database, create a new database and user on the new hosting account:

Log in to your new hosting control panel or use SSH to access the server.
Create a new database and database user, assigning the necessary privileges.
Take note of the database name, username, and password for the next steps.

Step 4: Upload Website Files to the New Host

Use an FTP client, SCP, or File Manager to upload your WordPress files to the new hosting environment. Double-check that all files, particularly those in the wp-content folder, are uploaded correctly.

Step 5: Import the WordPress Database

Using phpMyAdmin:
Open phpMyAdmin on the new host, select the newly created database, and import the .sql file you exported earlier.
Using mysql via SSH:
If you have SSH access, import the database using the following command:
```
mysql -u username -p database_name < backup.sql
```

Step 6: Update the `wp-config.php` File

Open the wp-config.php file in the root directory of your WordPress site on the new host. Update the database details to match the new database:


define('DB_NAME', 'your_new_database_name');
define('DB_USER', 'your_new_database_user');
define('DB_PASSWORD', 'your_new_database_password');
define('DB_HOST', 'localhost'); // Or the database host provided by your new host

Step 7: Test the Website

Update your local hosts file or use a temporary URL provided by your new host to test the site. Verify that all pages, posts, media, plugins, and themes are working correctly.

Step 8: Update DNS Records

Log in to your domain registrar and update the DNS settings to point to your new hosting server.
Typically, you will update the A record (IP address) or nameservers.
Allow up to 48 hours for DNS propagation.

Step 9: Monitor the Website Post-Migration

After the DNS propagation, thoroughly test your website again to ensure everything is functioning as expected.
Monitor for broken links, missing media, or issues with plugins or themes.

Bonus Tips for a Smooth Migration

Use plugins like All-in-One WP Migration or UpdraftPlus if you're not comfortable with manual methods.
Always check for PHP and MySQL compatibility between the old and new hosts.
Keep backups until you're certain the migration is successful.

By following these steps, you can confidently migrate your WordPress site to a new hosting provider. With proper planning and attention to detail, the transition can be smooth and hassle-free.

Protecting Critical Packages in YUM to Prevent Unintended Removal

By wahab

On December 16, 2024

In Cpanel and WHM, Linux server

Managing RPM-based systems with tools like YUM (Yellowdog Updater Modified) is an integral part of provisioning and maintaining Linux servers. While YUM simplifies the process of managing package dependencies, it can sometimes lead to unintended consequences, especially when developers remove a package that has critical dependencies. In this blog, we’ll explore a common use case and demonstrate how to safeguard important packages using YUM’s package protection features.

The Problem: Accidental Removal of Critical Packages
Let’s consider a scenario:
You have a custom package called dep-web that automates server provisioning by installing essential components like httpd, mod_ssl, and ingest, along with scripts and cron jobs critical to your environment. When a developer installs dep-web, everything works seamlessly. However, issues arise when they attempt to test a specific version of ingest.

A typical action might be:

yum remove ingest
This operation not only removes ingest but also uninstalls dep-web, since dep-web depends on ingest. Consequently, all the additional configurations, scripts, and cron jobs set up by dep-web are also removed. Even if the developer reinstalls ingest, dep-web and its functionality are not restored, leading to potential operational disruptions.

Developers may not always notice these cascading effects, causing long-term inconsistencies and errors in the environment. Clearly, there is a need to prevent the accidental removal of critical packages like dep-web.

The Solution: Protecting Packages in YUM
YUM includes functionality to prevent the removal of certain packages using the /etc/yum/protected.d directory and the yum-plugin-protect-packages. By default, YUM protects itself and its dependencies (e.g., rpm, python, glibc) from being uninstalled. However, administrators can extend this protection to other packages.

Steps to Protect Critical Packages
Install the YUM Plugin
Ensure the yum-plugin-protect-packages is installed on your system:

yum install yum-plugin-protect-packages
Create a Configuration File
Add your critical package to the protected list by creating a .conf file under /etc/yum/protected.d/. For example, to protect the dep-web package:

vi /etc/yum/protected.d/dep-web.conf
Add the following content:

dep-web
Save and close the file.

Verify the Protection
Attempt to remove the protected package to test the configuration:

yum remove dep-web
YUM will block the operation and display an error message, ensuring the package remains intact:

Error: Trying to remove "dep-web", which is protected
Add Additional Packages (Optional)
If there are other critical packages that need protection, create or edit their respective .conf files under the same directory.

Benefits of Package Protection
By implementing package protection, you can:

Prevent the accidental removal of critical packages and their dependencies.
Ensure that operational scripts, configurations, and cron jobs tied to these packages are preserved.
Enhance the reliability of your environment, especially in shared development and production systems.

Conclusion
Managing dependencies with YUM requires careful oversight, particularly in environments where multiple developers and administrators interact with the system. Protecting critical packages using YUM’s protected.d directory and plugins like yum-plugin-protect-packages provides a robust safeguard against unintended package removal.

In the example of dep-web, protecting the package ensures that its functionality, including the custom scripts and cron jobs, remains intact. This small configuration step can save countless hours of troubleshooting and recovery in large-scale deployments.

Proactively implementing such measures demonstrates a commitment to best practices in system administration, reducing downtime and fostering a more stable infrastructure.

Automating Email Cleanup with doveadm expunge

By wahab

On November 16, 2024

In Cpanel and WHM, iRedmail Mailserver, Linux server, Plesk, Postfix

Managing email storage is a crucial part of maintaining efficient mail servers, especially for administrators using Dovecot. Over time, mailboxes can accumulate a massive number of emails, leading to performance issues and potential storage costs. One effective way to manage this is by automatically deleting emails older than a specific period. In this blog, we’ll discuss how to use doveadm expunge to delete old emails.

Understanding the Basics
Dovecot’s doveadm expunge command is a powerful utility for deleting emails based on specified criteria. Here’s a quick overview of the command syntax:

doveadm expunge -u mailbox '' -u: Specifies the user mailbox. mailbox '': Specifies the folder, such as INBOX, INBOX.Spam, etc. : Defines the filter for emails to be deleted, e.g., before 1w (one week) or before 2w (two weeks).

Use Cases
1. List Existing Mailboxes
Before deleting emails, identify the folders within a specific mailbox. Use the following command:

doveadm mailbox list -u user@example.com
Sample output:

INBOX INBOX.Spam INBOX.Drafts INBOX.Trash INBOX.Sent
2. Delete Emails Older Than 2 Weeks in All Folders
To remove all emails older than two weeks in all folders for a specific mailbox:

doveadm expunge -u user@example.com mailbox '*' before 2w
3. Exclude INBOX Folder While Deleting
If you want to delete old emails from all folders except INBOX, use:

doveadm expunge -u user@example.com mailbox INBOX.'*' before 2w
4. Delete All Emails in a Mailbox
To delete all emails from all folders within a specific mailbox:

doveadm expunge -u user@example.com mailbox '*' all
Bulk Removal of Old Emails
When managing multiple accounts, you may need to automate the process for all mailboxes on a server. Here’s how to approach this on Plesk and cPanel.

Step 1: Generate a List of Mailboxes
For Plesk:
Run the following command to get a list of all active mailboxes:

plesk db -Ne "select concat(m.mail_name,'@',d.name) as mailbox, m.postbox from domains d, mail m, accounts a where m.dom_id=d.id and m.account_id=a.id and m.postbox='true'" | awk '{print $1}' >mbox.txt
For cPanel:
Generate a list of all mailboxes with:

for i in $(awk '{print $2}' /etc/trueuserdomains); do uapi --user=$i Email list_pops | egrep "\s+email:" ; done | awk '{print $2}' >mbox.txt
Step 2: Automate Deletion with a Script
Create a shell script (mailbox-doveadm-expunge.sh) to process the mailboxes:

#!/bin/bash
# Script to delete emails older than 2 weeks from all mailboxes

MAILBOX_FILE="mbox.txt"

if [ ! -f "$MAILBOX_FILE" ]; then
    echo "Mailbox list file $MAILBOX_FILE not found!"
    exit 1
fi

for mailbox in $(cat $MAILBOX_FILE); do
    echo "Processing mailbox: $mailbox"
    doveadm expunge -u $mailbox mailbox 'INBOX' before 2w
    doveadm expunge -u $mailbox mailbox 'INBOX.*' before 2w
    doveadm expunge -u $mailbox mailbox 'Sent' before 2w
    doveadm expunge -u $mailbox mailbox 'Trash' before 2w
    doveadm expunge -u $mailbox mailbox 'Drafts' before 2w
    doveadm expunge -u $mailbox mailbox 'Spam' before 2w
done

Save the script and ensure it has executable permissions:

chmod +x mailbox-doveadm-expunge.sh
Run the script:

./mailbox-doveadm-expunge.sh

Best Practices
1. Backup Emails: Before performing a mass deletion, create a backup of your mail directories.
2. Test on a Single Mailbox: Verify your deletion criteria by testing on a single mailbox before applying changes in bulk.
3. Monitor Logs: After running doveadm expunge, check Dovecot logs for errors or warnings.

Conclusion
Using doveadm expunge simplifies email management and helps prevent mail server overload by automatically removing old emails. Whether you’re working with individual accounts or hundreds of mailboxes, this approach can save significant time and effort. Integrate this cleanup process into your routine server maintenance to keep your mail system optimized.

Configuring Multiple IP Addresses with Netplan on Ubuntu 24.04

By wahab

On August 23, 2024

In Cloud, Linux server

Managing Network Configurations in Ubuntu with Netplan

Netplan has simplified network configuration management in Ubuntu. This tutorial will guide you through setting up multiple IP addresses on a single network interface using Netplan.

Prerequisites

An Ubuntu 24.04 system with Netplan installed (default in Ubuntu installations).
Administrative (root) privileges or sudo access.
A network interface name (e.g., ens192).

Step-by-Step Configuration

1. Edit the Netplan Configuration File

Create or modify a Netplan configuration file, typically located in `/etc/netplan/`. Here, we’ll use `00-Public_network.yaml`.

Run:


  sudo nano /etc/netplan/00-Public_network.yaml

Add the following configuration:


  network:
    version: 2
    renderer: networkd
    ethernets:
      ens192:
        addresses:
          - 77.68.48.229/32
          - 77.68.13.96/32
          - 77.68.115.25/32
        nameservers:
          addresses: [212.227.123.16, 212.227.123.17]
        routes:
          - to: default
            via: 10.255.255.1
            on-link: true

2. Apply the Configuration

After saving the file, apply the changes using the following command:


  sudo netplan --debug apply

The `–debug` flag provides detailed logs for troubleshooting.

3. Verify the Configuration

Check the IP addresses and routing table to ensure the configuration is applied correctly.

Verify IP addresses:


  ip a

Expected output:


  inet 77.68.48.229/32 scope global ens192
  inet 77.68.13.96/32 scope global ens192
  inet 77.68.115.25/32 scope global ens192

Verify routing table:


  ip route show

Expected output:


  default via 10.255.255.1 dev ens192 proto static onlink

Understanding Key Network Configuration Components

Nameservers

These are DNS (Domain Name System) servers responsible for translating domain names (e.g., example.com) into IP addresses.

In the configuration:


  nameservers:
    addresses: [212.227.123.16, 212.227.123.17]

These are the DNS servers provided by your hosting provider.

If the provider does not specify DNS servers, you can use public options such as:

Google: 8.8.8.8, 8.8.4.4
Cloudflare: 1.1.1.1, 1.0.0.1
OpenDNS: 208.67.222.222, 208.67.220.220

Default Gateway

The default gateway routes traffic from your system to other networks, such as the internet.

In the configuration:


  routes:
    - to: default
      via: 10.255.255.1
      on-link: true

`via 10.255.255.1`: The gateway IP provided by the server/hosting provider.

`on-link: true`: Indicates the gateway is directly reachable on the local link.

Always use the gateway provided by your hosting provider.

Troubleshooting

If changes are not applied, check the configuration syntax:


  sudo netplan generate

Look for error messages in `/var/log/syslog` for additional details.

Conclusion

Using Netplan, you can easily assign multiple IP addresses to a single network interface in Ubuntu 24.04. This setup is ideal for scenarios like hosting multiple websites or services requiring distinct public IPs. Ensure you use the nameservers and default gateway provided by your hosting provider for proper network connectivity. Public DNS servers can be used as an alternative if needed.

How to verify if a public and private SSH key match?

By wahab

On June 24, 2024

In Linux server

SSH (Secure Shell) relies on public-key cryptography for secure logins. But how can you be sure your public and private key pair are actually linked? This blog post will guide you through a simple method to verify their authenticity in Linux and macOS.

Understanding the Key Pair:

Imagine a lock and key. Your public key acts like the widely distributed lock – anyone can see it. The private key is the unique counterpart, kept secret, that unlocks the metaphorical door (your server) for SSH access.

Using ssh-keygen

This method leverages the ssh-keygen tool, already available on most Linux and macOS systems.

1. Locate the keys :Open a terminal and use cd to navigate to the directory where your private key resides (e.g., cd ~/.ssh).
2. Use the command ‘ls -al’ to list all files in the directory, and locate your private/public keypair you wish to check.

Example:

ababwaha@ababwaha-mac .ssh % ls -al
total 32
drwx------   6 ababwaha  staff   192 Jun 24 16:04 .
drwxr-x---+ 68 ababwaha  staff  2176 Jun 24 16:04 ..
-rw-------   1 ababwaha  staff   411 Jun 24 16:04 id_ed25519 
-rw-r--r--   1 ababwaha  staff   103 Jun 24 16:04 id_ed25519.pub    
-rw-------   1 ababwaha  staff  3389 Jun 24 16:04 id_rsa            
-rw-r--r--   1 ababwaha  staff   747 Jun 24 16:04 id_rsa.pub

3. Verify the Key Pair: Run the following command, replacing with the actual path to your private key file (e.g., ssh-keygen -lf ~/.ssh/id_rsa):

ssh-keygen -lf ssh-keygen -lf

This command displays fingerprint information about your key pair.

ababwaha@ababwaha-mac .ssh % ssh-keygen -l -f id_rsa
4096 SHA256:7qXL09ejiSkrKs8HfhEo8EXkUVFOsoPfv52QY/l/kzg ababwaha@ababwaha-mac (RSA)
ababwaha@ababwaha-mac .ssh % ssh-keygen -l -f id_rsa.pub 
4096 SHA256:7qXL09ejiSkrKs8HfhEo8EXkUVFOsoPfv52QY/l/kzg ababwaha@ababwaha-mac (RSA)
ababwaha@ababwaha-mac .ssh % 
ababwaha@ababwaha-mac .ssh % 
ababwaha@ababwaha-mac .ssh % 
ababwaha@ababwaha-mac .ssh % ssh-keygen -l -f id_ed25519
256 SHA256:4pWu5rdA1IvbbjD7/k4/k/7A4X6kft28MpKL1HMqmgQ ababwaha@ababwaha-mac (ED25519)
ababwaha@ababwaha-mac .ssh % ssh-keygen -l -f id_ed25519.pub 
256 SHA256:4pWu5rdA1IvbbjD7/k4/k/7A4X6kft28MpKL1HMqmgQ ababwaha@ababwaha-mac (ED25519)
ababwaha@ababwaha-mac .ssh %

4. Match the Fingerprints: Compare the fingerprint displayed by ssh-keygen with the beginning of the text in your public key file. If they match, congratulations! Your public and private keys are a verified pair.

Remember:

Security: Always keep your private key secure. Avoid storing it on publicly accessible locations.

Permissions: Ensure your private key file has appropriate permissions (usually 600) to prevent unauthorized access.

By following this method, you can easily verify the authenticity of your public and private SSH key pair, ensuring a secure connection to your server.

Tracking File Activity(deletion) with auditd and Process Accounting in Linux

By wahab

On February 24, 2024

In Devops, Linux server

Maintaining a secure system involves monitoring file system activity, especially tracking file deletions, creations, and other modifications. This blog post explores how to leverage two powerful tools, auditd and process accounting with /usr/sbin/accton (provided by the psacct package), to gain a more comprehensive understanding of these events in Linux.

Introduction

Tracking file deletions in a Linux environment can be challenging. Traditional file monitoring tools often lack the capability to provide detailed information about who performed the deletion, when it occurred, and which process was responsible. This gap in visibility can be problematic for system administrators and security professionals who need to maintain a secure and compliant system.

To address this challenge, we can combine auditd, which provides detailed auditing capabilities, with process accounting (psacct), which tracks process activity. By integrating these tools, we can gain a more comprehensive view of file deletions and the processes that cause them.

What We’ll Cover:

1. Understanding auditd and Process Accounting
2. Installing and Configuring psacct
3. Enabling Audit Tracking and Process Accounting
4. Setting Up Audit Rules with auditctl
5. Simulating File Deletion
6. Analyzing Audit Logs with ausearch
7. Linking Process ID to Process Name using psacct
8. Understanding Limitations and Best Practices

Prerequisites:

1. Basic understanding of Linux commands
2. Root or sudo privileges
3. Auditd package installed (installed by default on most of the distros)

1. Understanding the Tools

auditd: The Linux audit daemon logs security-relevant events, including file system modifications. It allows you to track who is accessing the system, what they are doing, and the outcome of their actions.

Process Accounting: Linux keeps track of resource usage for processes. By analyzing process IDs (PIDs) obtained from auditd logs and utilizing tools like /usr/sbin/accton and dump-acct (provided by psacct), we can potentially identify the process responsible for file system activity. However, it’s important to understand that process accounting data itself doesn’t directly track file deletions.

2. Installing and Configuring psacct

First, install the psacct package using your distribution’s package manager if it’s not already present:

# For Debian/Ubuntu based systems sudo apt install acct

# For Red Hat/CentOS based systems sudo yum install psacct

3. Enabling Audit Tracking and Process Accounting

Ensure auditd is running by checking its service status:

sudo systemctl status auditd

If not running, enable and start it:

sudo systemctl enable auditd sudo systemctl start auditd

Next, initiate recording process accounting data:

sudo /usr/sbin/accton /var/log/account/pacct

This will start saving the process information in the log file /var/log/account/pacct.

4. Setting Up Audit Rules with auditctl

To ensure audit rules persist across reboots, add the rule to the audit configuration file. The location of this file may vary based on the distribution:

For Debian/Ubuntu, use /etc/audit/rules.d/audit.rules
For Red Hat/CentOS, use /etc/audit/audit.rules
Open the appropriate file in a text editor with root privileges and add the following line to monitor deletions within a sample directory:

-w /var/tmp -p wa -k sample_file_deletion
Explanation:

-w: Specifies the directory to watch (/path/to/your/sample_directory: /var/tmp)
-p wa: Monitors both write (w) and attribute (a) changes (deletion modifies attributes)
-k sample_file_deletion: Assigns a unique key for easy identification in logs

After adding the rule, restart the auditd service to apply the changes:

sudo systemctl restart auditd

5. Simulating File Deletion

Create a test file in the sample directory and delete it:

touch /var/tmp/test_file rm /var/tmp/test_file

6. Analyzing Audit Logs with ausearch

Use ausearch to search audit logs for the deletion event:

sudo ausearch -k sample_file_deletion
This command will display audit records related to the deletion you simulated. Look for entries indicating a “delete” operation within your sample directory and not down the the process id for the action.

# ausearch -k sample_file_deletion
...
----
time->Sat Jun 16 04:02:25 2018
type=PROCTITLE msg=audit(1529121745.550:323): proctitle=726D002D69002F7661722F746D702F746573745F66696C65
type=PATH msg=audit(1529121745.550:323): item=1 name="/var/tmp/test_file" inode=16934921 dev=ca:01 mode=0100644 ouid=0 ogid=0 rdev=00:00 obj=unconfined_u:object_r:user_tmp_t:s0 objtype=DELETE cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=PATH msg=audit(1529121745.550:323): item=0 name="/var/tmp/" inode=16819564 dev=ca:01 mode=041777 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:tmp_t:s0 objtype=PARENT cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1529121745.550:323):  cwd="/root"
type=SYSCALL msg=audit(1529121745.550:323): arch=c000003e syscall=263 success=yes exit=0 a0=ffffffffffffff9c a1=9930c0 a2=0 a3=7ffe9f8f2b20 items=2 ppid=2358 pid=2606 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts1 ses=2 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="sample_file_deletion"

As you can see in the above log, the user root(uid=0) deleted(exe=”/usr/bin/rm”) the file /var/tmp/test_file. Note down the the ppid=2358 pid=2606 as well. If the file is deleted by a script or cron, you would need these to track the script or cron.

7. Linking Process ID to Process Name using psacct

The audit logs will contain a process ID (PID) associated with the deletion. Utilize this PID to identify the potentially responsible process:

Process Information from dump-acct

After stopping process accounting recording with sudo /usr/sbin/accton off, analyze the captured data:

sudo dump-acct /var/log/account/pacct
This output shows various process details, including PIDs, command names, and timestamps. However, due to the nature of process accounting, it might not directly pinpoint the culprit. Processes might have terminated after the deletion, making it challenging to definitively identify the responsible one. You can grep the ppid or pid we received from audit log against the output of the dump-acct command.

sudo dump-acct /var/log/account/pacct | tail
grotty          |v3|     0.00|     0.00|     2.00|  1000|  1000| 12000.00|     0.00|  321103|  321101|     |       0|pts/1   |Fri Aug 14 13:26:07 2020
groff           |v3|     0.00|     0.00|     2.00|  1000|  1000|  6096.00|     0.00|  321101|  321095|     |       0|pts/1   |Fri Aug 14 13:26:07 2020
nroff           |v3|     0.00|     0.00|     4.00|  1000|  1000|  2608.00|     0.00|  321095|  321087|     |       0|pts/1   |Fri Aug 14 13:26:07 2020
man             |v3|     0.00|     0.00|     4.00|  1000|  1000| 10160.00|     0.00|  321096|  321087| F   |       0|pts/1   |Fri Aug 14 13:26:07 2020
pager           |v3|     0.00|     0.00|  2018.00|  1000|  1000|  8440.00|     0.00|  321097|  321087|     |       0|pts/1   |Fri Aug 14 13:26:07 2020
man             |v3|     2.00|     0.00|  2021.00|  1000|  1000| 10160.00|     0.00|  321087|  318116|     |       0|pts/1   |Fri Aug 14 13:26:07 2020
clear           |v3|     0.00|     0.00|     0.00|  1000|  1000|  2692.00|     0.00|  321104|  318116|     |       0|pts/1   |Fri Aug 14 13:26:30 2020
dump-acct       |v3|     2.00|     0.00|     2.00|  1000|  1000|  4252.00|     0.00|  321105|  318116|     |       0|pts/1   |Fri Aug 14 13:26:35 2020
tail            |v3|     0.00|     0.00|     2.00|  1000|  1000|  8116.00|     0.00|  321106|  318116|     |       0|pts/1   |Fri Aug 14 13:26:35 2020
clear           |v3|     0.00|     0.00|     0.00|  1000|  1000|  2692.00|     0.00|  321107|  318116|     |       0|pts/1   |Fri Aug 14 13:26:45 2020

To better understand what you’re looking at, you may want to add column headings as I have done with these commands:

echo "Command vers runtime systime elapsed UID GID mem_use chars PID PPID ? retcode term date/time" " sudo dump-acct /var/log/account/pacct | tail -5

Command         vers  runtime   systime   elapsed    UID    GID   mem_use     chars      PID     PPID  ?   retcode   term     date/time
tail            |v3|     0.00|     0.00|     3.00|     0|     0|  8116.00|     0.00|  358190|  358188|     |       0|pts/1   |Sat Aug 15 11:30:05 2020
pacct           |v3|     0.00|     0.00|     3.00|     0|     0|  9624.00|     0.00|  358188|  358187|S    |       0|pts/1   |Sat Aug 15 11:30:05 2020
sudo            |v3|     0.00|     0.00|     4.00|     0|     0| 10984.00|     0.00|  358187|  354579|S    |       0|pts/1   |Sat Aug 15 11:30:05 2020
gmain           |v3|    14.00|     3.00|  1054.00|  1000|  1000|  1159680|     0.00|  358169|    3179|    X|       0|__      |Sat Aug 15 11:30:03 2020
vi              |v3|     0.00|     0.00|   456.00|  1000|  1000| 10976.00|     0.00|  358194|  354579|     |       0|pts/1   |Sat Aug 15 11:30:28 2020

Alternative: lastcomm (Limited Effectiveness)

In some cases, you can try lastcomm to potentially retrieve the command associated with the PID, even if the process has ended. However, its effectiveness depends on system configuration and might not always be reliable.

Important Note

While combining auditd with process accounting can provide insights, it’s crucial to understand the limitations. Process accounting data offers a broader picture of resource usage but doesn’t directly correlate to specific file deletions. Additionally, processes might terminate quickly, making it difficult to trace back to a specific action.

Best Practices

1. Regular Monitoring: Regularly monitor and analyze audit logs to stay ahead of potential security breaches.
2. Comprehensive Logging: Ensure comprehensive logging by setting appropriate audit rules and keeping process accounting enabled.
3. Timely Responses: Respond quickly to any suspicious activity by investigating audit logs and process accounting data promptly.

By combining the capabilities of auditd and process accounting, you can enhance your ability to track and understand file system activity, thereby strengthening your system’s security posture.

Demystifying Containers and Orchestration: A Beginner’s Guide

By wahab

On January 2, 2024

In Cloud, Devops, Uncategorized

In today’s fast-paced world of software development, speed and efficiency are crucial. Containerization and container orchestration technologies are revolutionizing how we build, deploy, and manage applications. This blog post will break down these concepts for beginners, starting with the fundamentals of containers and then exploring container orchestration with a focus on Kubernetes, the industry leader.

1. What are Containers?

Imagine a shipping container. It’s a standardized unit that can hold various cargo and be easily transported across different modes of transportation (ships, trucks, trains). Similarly, a software container is a standardized unit of software that packages code and all its dependencies (libraries, runtime environment) into a lightweight, portable package.

Benefits of Containers:

Portability: Containers run consistently across different environments (physical machines, virtual machines, cloud platforms) due to their standardized nature.

Isolation: Each container runs in isolation, sharing resources with the operating system but not with other containers, promoting security and stability.

Lightweight: Containers are much smaller than virtual machines, allowing for faster startup times and efficient resource utilization.

2. What is Docker?

Docker is a free and open-source platform that provides developers with the tools to build, ship, and run applications in standardized units called containers. Think of Docker as a giant toolbox containing everything you need to construct and manage these containers.

Here’s how Docker is involved in containerization:

Building Images: Docker allows you to create instructions (Dockerfile) defining the environment and dependencies needed for your application. These instructions are used to build lightweight, portable container images that encapsulate your code.

Running Containers: Once you have an image, Docker can run it as a container instance. This instance includes the application code, libraries, and runtime environment, all packaged together.

Sharing Images: Docker Hub, a public registry, allows you to share and discover container images built by others. This promotes code reuse and simplifies development.

Benefits of Using Docker:

Faster Development: Docker simplifies the development process by ensuring a consistent environment across development, testing, and production.

Portability: Containerized applications run consistently on any system with Docker installed, regardless of the underlying operating system.

Efficiency: Containers are lightweight and share the host operating system kernel, leading to efficient resource utilization.

3. What is Container Orchestration?
As the number of containers in an application grows, managing them individually becomes cumbersome. Container orchestration tools automate the deployment, scaling, and management of containerized applications. They act as a conductor for your containerized orchestra.

Key Features of Container Orchestration:

Scheduling: Orchestrators like Kubernetes determine where to run containers across available resources.

Scaling: They can automatically scale applications up or down based on demand.

Load Balancing: Orchestrators distribute incoming traffic across multiple container instances for an application, ensuring stability and high availability.

Health Monitoring: They monitor the health of containers and can restart them if they fail.

4. What is Kubernetes?

Kubernetes, often shortened to K8s, is an open-source system for automating container deployment, scaling, and management. It’s the most popular container orchestration platform globally due to its scalability, flexibility, and vibrant community.

Thinking of Kubernetes as a City (Continued):

Imagine Kubernetes as a city that manages tiny houses (containers) where different microservices reside. Kubernetes takes care of:

Zoning: Deciding where to place each tiny house (container) based on resource needs.

Traffic Management: Routing requests to the appropriate houses (containers).

Utilities: Providing shared resources (like storage) for the houses (containers).

Maintenance: Ensuring the houses (containers) are healthy and restarting them if needed.

Example with a Simple Web App:

Let’s say you have a simple web application with a front-end written in Node.js and a back-end written in Python (commonly used for web development). You can containerize each component (front-end and back-end) and deploy them on Kubernetes. Kubernetes will manage the deployment, scaling, and communication between these containers.

Benefits of Kubernetes:

Scalability: Easily scale applications up or down to meet changing demands.

Portability: Deploy applications across different environments (on-premise, cloud) with minimal changes.

High Availability: Kubernetes ensures your application remains available even if individual containers fail.

Rich Ecosystem: A vast ecosystem of tools and integrations exists for Kubernetes.

5. How Docker Relates to Container Orchestration and Kubernetes
Docker focuses on building, sharing, and running individual containers. While Docker can be used to manage a small number of containers, container orchestration tools like Kubernetes become essential when you have a complex application with many containers that need to be deployed, scaled, and managed efficiently.

Think of Docker as the tool that builds the tiny houses (containers), and Kubernetes as the city planner and manager that oversees their placement, operations, and overall well-being.

Getting Started with Docker and Kubernetes:
There are several resources available to get started with Docker and Kubernetes:

Docker: https://docs.docker.com/guides/getting-started/ offers tutorials and documentation for beginners.
Kubernetes: https://kubernetes.io/docs/home/ provides comprehensive documentation and getting started guides.
Online Courses: Many platforms like Udemy and Coursera offer beginner-friendly courses on Docker and Kubernetes.

Conclusion

Containers and container orchestration offer a powerful approach to building, deploying, and managing applications. By understanding Docker, containers, and orchestration tools like Kubernetes,

Author: wahab Page 1 of 7

Adding Multiple Database Servers in Plesk Using Docker

Step 1: Prepare the Server

Step 2: Install and Configure Docker in Plesk

Step 3: Add the MySQL Docker Container as an External Database in Plesk

Step 4: Using the New Database Server

Conclusion

Introduction to SSL Certificates

Steps to Install an SSL Certificate

Step 1: Generate a Certificate Signing Request (CSR)

Step 2: Purchase or Obtain an SSL Certificate

Step 3: Install the SSL Certificate on the Server

Step 4: Test the SSL Installation

Step 5: Update Website Links

Step 6: Set Up HTTPS Redirects

Step 7: Monitor and Renew the SSL Certificate

Step 1: Backup Your Website Files

Step 2: Export the WordPress Database

Step 3: Set Up the New Hosting Environment

Step 4: Upload Website Files to the New Host

Step 5: Import the WordPress Database

Step 6: Update the wp-config.php File

Step 7: Test the Website

Step 8: Update DNS Records

Step 9: Monitor the Website Post-Migration

Bonus Tips for a Smooth Migration

Managing Network Configurations in Ubuntu with Netplan

Prerequisites

Step-by-Step Configuration

1. Edit the Netplan Configuration File

2. Apply the Configuration

3. Verify the Configuration

Understanding Key Network Configuration Components

Nameservers

Default Gateway

Troubleshooting

Conclusion

Understanding the Key Pair:

Using ssh-keygen

Remember:

Introduction

What We’ll Cover:

Prerequisites:

1. Understanding the Tools

2. Installing and Configuring psacct

3. Enabling Audit Tracking and Process Accounting

4. Setting Up Audit Rules with auditctl

5. Simulating File Deletion

6. Analyzing Audit Logs with ausearch

7. Linking Process ID to Process Name using psacct

Process Information from dump-acct

Alternative: lastcomm (Limited Effectiveness)

Important Note

Best Practices

Step 6: Update the `wp-config.php` File