Archive for : Maret, 2017

Masalah Permission Denied di CentOS 7 Akibat SELINUX

Postingan ini hanya mencatat solusi untuk mengatasi permasalahan gagal akses aplikasi yang ditanam di server httpd (apache) akibat security permission pada SELinux (jika diaktifkan).

1. Cek permission SELINUX:

ls -LZ

2. Lihat hasilnya:

drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 bootstrap
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 storage

3. Ubah security dari “httpd_sys_content_t” menjadi “httpd_sys_rw_content_t”

chcon -Rv -t httpd_sys_rw_content_t bootstrap/
changing security context of ‘bootstrap/app.php’
changing security context of ‘bootstrap/autoload.php’
changing security context of ‘bootstrap/cache/.gitignore’
changing security context of ‘bootstrap/cache’
changing security context of ‘bootstrap/’
changing security context of ‘storage/app/.gitignore’
changing security context of ‘storage/app/public/.gitignore’
changing security context of ‘storage/app/public’
changing security context of ‘storage/app’
changing security context of ‘storage/framework/.gitignore’
changing security context of ‘storage/framework/cache/.gitignore’
changing security context of ‘storage/framework/cache’
changing security context of ‘storage/framework/sessions/.gitignore’
changing security context of ‘storage/framework/sessions’
changing security context of ‘storage/framework/views/.gitignore’
changing security context of ‘storage/framework/views’
changing security context of ‘storage/framework’
changing security context of ‘storage/logs/.gitignore’
changing security context of ‘storage/logs’
changing security context of ‘storage/oauth-private.key’
changing security context of ‘storage/oauth-public.key’
changing security context of ‘storage/’

chcon -Rv -t httpd_sys_rw_content_t storage/
changing security context of ‘storage/app/.gitignore’
changing security context of ‘storage/app/public/.gitignore’
changing security context of ‘storage/app/public’
changing security context of ‘storage/app’
changing security context of ‘storage/framework/.gitignore’
changing security context of ‘storage/framework/cache/.gitignore’
changing security context of ‘storage/framework/cache’
changing security context of ‘storage/framework/sessions/.gitignore’
changing security context of ‘storage/framework/sessions’
changing security context of ‘storage/framework/views/.gitignore’

4. Lihat hasilnya lagi:

ls -LZ
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 bootstrap
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 storage

Seharusnya sih problem sudah solved dengan langkah-langkat di atas 🙂

Memasang MariaDB di CentOS 7

Langkah singkat instalasi mariadb di mesin CentOS 7:

  1. sudo yum install mariadb-server
  2. sudo systemctl enable mariadb
  3. sudo systemctl start mariadb

Akses mariadb:

mysql -u root -p

Secara default instalasi mariadb belum melakukan setting password, sehingga command di atas tinggal enter dan saat diminta password tinggal enter juga.

Akses root

Jika Anda lupa root password MariaDB, ia bisa reset (atau jika Anda ingin memberi password root pertama kali):

1. Stop the current MariaDB server instance, then restart it with an option to not ask for a password:

sudo systemctl stop mariadb
sudo mysqld_safe --skip-grant-tables &

2. Reconnect to the MariaDB server with the MariaDB root account:

mysql -u root

3. Use the following commands to reset root’s password. Replace password with a strong password:

use mysql;
update user SET PASSWORD=PASSWORD("password") WHERE USER='root';
flush privileges;
exit

4. Then restart MariaDB:

sudo systemctl start mariadb

Tuning

MySQL Tuning Primer can be used to optimize your MariaDB server. Ideally, the MariaDB instance should have been operating for at least 24 hours before running the tuner. The longer the instance has been running, the better advice MySQL Tuner will give.

1. The script needs the bc language installed:

sudo yum install bc

2. Download MySQL Tuner to your home directory and make it executable:

wget http://www.day32.com/MySQL/tuning-primer.sh
chmod u+x tuning-primer.sh

3. To run it:

sudo ./tuning-primer.sh

You will be asked if you would like to run the script against a different MySQL socket than/var/lib/mysql/mysql.sock. Select N. You will then be asked if you have your login. Enter y, then the credentials when asked.

Catatan

Agar mariadb/mysql dapat diakses dari komputer/IP lain dalam jaringan lokal (misal 192.168.56.0/24) maka jalan perintah berikut:

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.56.%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;

Selamat ngoprek!

Sumber: https[:]//www[.]linode.com/docs/databases/mariadb/how-to-install-mariadb-on-centos-7

Memasang Apache Web Server di CentOS 7

Langkah singkat instalasi apache web server di mesin CentOS 7:

  1. yum install httpd -y
  2. systemctl start httpd
  3. systemctl enable httpd

Silahkan test akses dari web browser ke alamat IP server.

Cara Setting Hostname di CentOS 7

Cara setting hostname berikut adalah menggunakan hostnamectl (yang direkomendasikan). Selengkapnya cara setting hostname di CentOS 7 dapat menggunakan salah satu opsi berikut:

  1. hostnamectl command : Control the system hostname. This is recommended method.
  2. nmtui command : Control the system hostname using text user interface (TUI).
  3. nmcli command : Control the system hostname using CLI part of NetworkManager.

Perlu juga diketahui tipe-tipe hostname sebagai berikut:

  1. Static host name assigned by sysadmin. For example, “server1”, “wwwbox2”, or “server42.cyberciti.biz”.
  2. Transient/dynamic host name assigned by DHCP or mDNS server at run time.
  3. Pretty host name assigned by sysadmin/end-users and it is a free-form UTF8 host name for presentation to the user. For example, “Vivek’s netbook”.

Langkah-langkah setting hostname menggunakan hostnamectl.

Melihat informasi hostname saat ini:

$ hostnamectl
## OR ##
$ hostnamectl status

Cara melakukan setting host name:

# hostnamectl set-hostname Your-New-Host-Name-Here
# hostnamectl set-hostname "Your New Host Name Here" --pretty
# hostnamectl set-hostname Your-New-Host-Name-Here --static
# hostnamectl set-hostname Your-New-Host-Name-Here --transient

Set host name ke “R2-D2” :

# hostnamectl set-hostname R2-D2

Set static host name ke “server1.cyberciti.biz” :

# hostnamectl set-hostname server1.cyberciti.biz --static

Set pretty host name to “Senator Padme Amidala’s Laptop” :

# hostnamectl set-hostname "Senator Padme Amidala's Laptop" --pretty

Verify hasil setting baru :

# hostnamectl status

Cara delete host name :

# hostnamectl set-hostname ""
# hostnamectl set-hostname "" --static
# hostnamectl set-hostname "" --pretty

Cara ubah host name remotely :

# ssh root@server-ip-here hostnamectl set-hostname server1
atau
# hostnamectl set-hostname server1 -H root@192.168.1.42

Terakhir, restart hostnamed service :

# systemctl restart systemd-hostnamed

Verifikasi perubahan :

# hostnamectl status

Semoga bermanfaat.

Sumber: www[.]cyberciti[.]biz/faq/rhel-redhat-centos-7-change-hostname-command/

Cara Membuka Port Tertentu di CentOS 7

Sebelum melakukan konfigurasi terhadap firewall, yang pertama harus dilakukan adalah menginstall paket firewalld.

# yum install firewalld
# systemctl start firewalld
# systemctl enable firewalld
atau
# sudo yum install firewalld
# sudo systemctl start firewalld
# sudo systemctl enable firewalld

Cek active zone(s):

# firewall-cmd --get-active-zones

Buka port 80:

# firewall-cmd --zone=public --add-port=80/tcp --permanent

Jangan lupa reload firewall service:

# firewall-cmd --reload

Cek apakah port 80 telah ditambahkan ke dalam iptables rules:

# iptables-save | grep 80

Untuk menambahkan source (misal 192.168.2.0/24) ke dalam zone (misal trusted) permanently, gunakan:

# firewall-cmd --permanent --zone=trusted --add-source=192.168.2.0/24
success
# firewall-cmd --reload
success

Kita juga dapat menambahkan source berdasarkan MAC address (misal 00:11:22:33:44:55) ke dalam zone (misal trusted) permanently:

firewall-cmd --permanent --zone=trusted --add-source=00:11:22:33:44:55
success
# firewall-cmd --reload
success

Kita juga dapat membuat ipset dan menambahkan source berdasarkan ipset tersebut:

# firewall-cmd –permanent –new-ipset=iplist –type=hash:ip
success
# firewall-cmd –reload
success
# firewall-cmd –ipset=iplist –add-entry=192.168.1.11
success
# firewall-cmd –ipset=iplist –add-entry=192.168.1.12
success
# firewall-cmd –permanent–zone=trusted –add-source=ipset:iplist
success
# firewall-cmd –reload
success

Untuk melihat list dari sources yang ada saat ini (misal yang zone trusted):

# firewall-cmd –permanent –zone=trusted –list-sources
192.168.2.0/24 00:11:22:33:44:55 ipset:iplist

Catatan: buang opsi –permanent jika hanya ingin menampilkan temporary settings.

Contoh kasus misal kita ingin hanya allow connections ke server kita dari specific IP address (misal 1.2.3.4/32):

# firewall-cmd --zone=internal --add-service=ssh --permanent
success
# firewall-cmd --zone=internal --add-source=1.2.3.4/32 --permanent
success
# firewall-cmd --zone=public --remove-service=ssh --permanent
success
# firewall-cmd --reload
success

Untuk menampilkan detail dari zone public:

# firewall-cmd --info-zone=public

Jika kita ingin menambahkan beberapa temporary services (misal http, https, and dns) pada satu waktu ke dalam  internal zone:

# firewall-cmd --zone=internal --add-service={http,https,dns}
success

Untuk menampilkan list dari services dalam default zone:

# firewall-cmd --list-services
dhcpv6-client ssh

Catatan: untuk mendapatkan particular zone, tambahkan opsi —zone.

Untuk mendapatkan informasi tentang service ftp :

# firewall-cmd --info-service=ftp
Untuk me-remove port atau service yang pernah ditambahkan:
# firewall-cmd --zone=public --remove-port=80/tcp 
# firewall-cmd --reload

atau

# firewall-cmd –zone=public –remove-service=http
# firewall-cmd –reload

Selamat ngoprek!

Install/Upgrade ke PHP 7 di CentOS 7

Berikut catatan langkah-langkah upgrade versi PHP ke PHP Versi 7 di mesin Linux CentOS 7:

A. Cek versi PHP saat ini:

# php –version
PHP 5.4.16 (cli) (built: Nov 6 2016 00:29:02)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

B. Download Remi and EPEL Repository packages

$ wget -q http://rpms.remirepo.net/enterprise/remi-release-7.rpm
$ wget -q https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

C. Install paket-paket yang telah di-download di atas dan set enable Remi PHP 7 repo (pastikan paket yum-utils telah terpasang) :

# rpm -Uvh remi-release-7.rpm epel-release-latest-7.noarch.rpm
FOR PHP 7.0 EXECUTE:
# yum-config-manager –enable remi-php70
FOR PHP 7.1 EXECUTE:
# yum-config-manager –enable remi-php71

D. Install or Upgrade to PHP 7

# yum install php

atau

# yum update

E. Cek versi PHP sekarang

# php –version
PHP 7.1.0 (cli) (built: Dec 1 2016 08:13:15) ( NTS )
Copyright (c) 1997-2016 The PHP Group
Zend Engine v3.1.0-dev, Copyright (c) 1998-2016 Zend Technologies

Sumber: linuxconfig[.]org/how-to-install-or-upgrade-to-php-7-on-centos-linux-server

Gagal Akses SSH dari CentOS 7

Solusi untuk mengatasi gagal koneksi ke SSH server pada mesin CentOS 7 adalah dengan memastikan bahwa konfigurasi dalam file sshd_config (di direktori /etc/ssh) telah aktif baris-baris sbb:

PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes

Semoga berhasil.

Command SEMANAGE Tidak Ada Dalam SELINUX

Dalam CentOS 7 kadang command semanage tidak bisa dijalankan meskipun selinux terpasang dan enabled. Hari ini googling nemu solusinya. Kira-kira seperti berikut inilah langkah memasang semanage di CentOS 7.

Jalankan perintah berikut:

yum provides /usr/sbin/semanage

Hasilnya kira-kira sbb:

Loaded plugins: fastestmirror
Determining fastest mirrors
* base: mirror.nbrc.ac.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
policycoreutils-python-2.2.5-11.el7.x86_64 : SELinux policy core python
: utilities
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-2.2.5-11.el7_0.1.x86_64 : SELinux policy core python
: utilities
Repo : updates
Matched from:
Filename : /usr/sbin/semanage

Atau jalankan perintah berikut:

yum whatprovides /usr/sbin/semanage

Hasilnya kira-kira sbb:

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* extras: mirror.nbrc.ac.in
* updates: mirror.nbrc.ac.in
policycoreutils-python-2.2.5-11.el7.x86_64 : SELinux policy core python
: utilities
Repo : base
Matched from:
Filename : /usr/sbin/semanage
policycoreutils-python-2.2.5-11.el7_0.1.x86_64 : SELinux policy core python
: utilities
Repo : updates
Matched from:
Filename : /usr/sbin/semanage

Dari hasil di atas terlihat bahwa diperlukan paket policycoreutils-python-2.2.5-11.el7_0.1.x86_64 agar dapat menjalankan command ‘semanage’. Oleh karena itu kita harus install paket tersebut.

Jalankan perintah berikut:

yum install policycoreutils-python

Viola, perintah semanage sudah bisa dijalankan 🙂