Minimal installation upgrade to GUI

Upgrading to GUI can be done with minimal installation in two different ways: the upgrade to “Server with GUI” or “Workstation”. To upgrade, you need to have at least the following system requirements. Otherwise, there may be an issue during the virtual machine installation.

Minimum System Requirements for CentOS 8

2 GB RAM

2 GHz or Higher Processor

20 GB Hard Disk

64-bit x86 System

First of all, update the minimal installation, then check the options that we have for upgrading my “dnf grouplist all”.

Then, select one of the options, either “Server with GUI” or “Workstation”.

After completing the installation, do the following changes from the multi-user.target to graphical.target and reboot the system.

Then you can see the that it will divert to graphical.target rather than multi-user.target.

Change hostname of CentOS 8

There are five different ways of changing hostname in CentOS 8 operating system.

1. GUI method
2. CLI method
3. Enterprise Manager
4. By Editing “/etc/hostname” config file.
5. Change via Cockpi

1. GUI method

Applications → System tools → Settings →Details → About

Under “Device name”, change the name to “client.example.com”. To do this, you need to have to access to either users “root” or “Sudo”.

2. CLI method

This is a very simple process – just login as root (or Sudo) and type the following command.

#hostnametl set-hostname client1.example.com

3. Network Manager

Go to the command line as root or Sudo, then type the following command.

After that, this GUI window should pop up.

Now access “set system hostname” and change the hostname as shown below. Finally, logout and log back in. The changes should now be in effect.

• By Editing “/etc/hostname” file.

This is also quite easy. We have to access the “/etc/hostname” file and then change the hostname.

5. Changing via the cockpit

Activate the cockpit, as follows:

Log in to the cockpit with root’s (or sudo’s) user name as password.

• 

Go to the Hostname link and click on it to change the hostname.

Script To Run ClamAV Anti-virus Automatically on Linux.

This isn’t a virus scanning software, but you can use this script for scanning viruses with ClamAV, an open source antivirus available on multiple platforms. After defining the path variable, the script automatically generates a report corresponding to your destination path. Not only that, but it can also be used as a cron job for scanning the system against viruses routinely. There are no background processes when running with this script for updating the virus signatures, so it does not unnecessarily consume resources. However, it updates the virus signatures with ClamAV before scanning.

Step 1

#Define the virus backup path(s)

BKP_PATH=/tmp/clamav

#Define the process report destination

REP_DEST=/var/log/clamav

#Define the scan target path(s)

SCAN_PATH=/home/john /var/pub/ftp

• It is not necessary to define the backup path destination(BKP_PATH) if you have selected option three. When it identifies the virus, it will copy or move it into the defined path destination. (Eg:-/tmp/clamav)

• The scan’s output is transferred to the report destination(REP_DEST). It explains the scanning result and updates information. If you are planning to define this path as a special path make sure that (assuming you are not root) you have necessary permission do so. (Eg:-/var/og/clamav)

• Scan path (SCAN_PATH), does not mean that it scans the whole folder path that you defined recursively, but it scans the last folder in that defined path. In my example, the John folder and FTP are scanned recursively but not the home or pub. However, if you need to scan the whole machine, define the path as root (/). You can define the number of the paths with space.

Step 2

• Option 1

The safest option as it gives us an indication of a virus and extracts it into the defined path. But, it does not remove the virus from its original location. Later, we can decide what actions are needed to mitigate the issue.

clamscan –recursive –infected –copy=$BKP_PATH –exclude-dir=$BKP_PATH $SCAN_PATH >>$REP_DEST/scan_$today1.log

• Option 2

This is a relatively safe option, even though there can be issues if the virus affects the boot or any other system files. It moves all the infected into the backup destination, but there may be issues on the next reboot.

#clamscan –recursive –infected –move=$BKP_PATH –exclude-dir=$BKP_PATH $SCAN_PATH >>$REP_DEST/scan_$today1.log

• Option 3

It is very unsafe if it identifies the infected files on boot or other systems files, which clears them all without inquiring. Think twice before selecting this option.

#clamscan –recursive –infected –remove –exclude-dir=$BKP_PATH $SCAN_PATH >>$REP_DEST/scan_$today1.log

Step 3

I have selected option 3 and I got the following report for my scan. The first part of the report indicates that the database is up to date. The second section of the report which shows that the decision that has made against found viruses. Further, it gives the summary that includes in scan base against how many viruses, number of files, directories and the files infected. Finally, the script gives us an indication of the termination of the scanning process at the end.

Step 4

We can deploy this script regularly automatically with a cron job. I deployed this script as root, but you can do it as any other user, as long as you have the correct permissions.

Step 5

You can see the script layout below.

Download this script from Github: https://github.com/ade9alwis/clamav/blob/master/myscript.sh

You can download it and amend as necessary.

Reference

• clamscan_selinux(8) – Linux man page

https://linux.die.net/man/8/clamscan_selinux

Clamav Antivirus on Linux OS

ClamAV is an open-source antivirus that is compatible with many operating systems, including CentOS 8. Linux is resistant to viruses most of the time, but it’s still susceptible to attacks. So, installing an antivirus on Linux gives it an additional layer of protection, especially on mail servers and other commercial servers.

Before installing ClamAV, make sure to download and enable the EPEL repositories on the machine. If not, use the following command below.

Then install ClamAV and its update tool, ClamAV-update.

Make sure to adjust the SELinux Booleans appropriately, as mentioned below.

• To enable the antivirus program to scan no secure content in the system, we will need to enable the “antivirus_can_scan_system” boolean as follows. However, it is disabled by default.

• In addition to that, to enable JIT (just-in-time) compile setup, it is important to enabling “antivirus_use_jit” boolean as shown in below. By default, it is also disabled.

Now Make sure the database is updating (DatabaseMirror database.clamav.net), and logs are writing (LogSyslog yes) by checking (correct configurations) the “/etc/freshclam.conf.” And then update the database as follows.

If you need to, download the virus signature from EICAR (European Institute of Computer Anti-virus Research) as I have done here for testing purposes.

Finally, scan for viruses. Once you have finished, ClamAV will notify you about the result of the scan. For further configurations, refer to the related man pages for “clamscan.”

Here, it scans infected files recursively throughout the machine (/).

Scan results show that there is one infected file on the system.

Reference

• antivirus_selinux (8) – Linux Man Pages

https://www.systutorials.com/docs/linux/man/8-antivirus_selinux/

• Refer the man pages of clamdscan(1), freshclam(1), freshclam.conf(5).

Initial Keyboard Setting in Lnux

This article will show you how to set up initial keyboard configurations that see frequent use in day-to-day life. You can set it up with a GUI, but I tend to prefer a command-line interface.

Let’s see what default configurations exist in the machine.

• Let’s explore some of the options that are in the language settings. Change the LANG=en_US.UTF-8 (language setting) to en_GB.UTF8.

The same configuration is possible by edition “/etc/locale.conf” file. In here, I have changed the language setting back to en_US.tf8

• In this section, I have changed the virtual console keymap setting from “US” to “UK”. It is also possible to make these changes via a CLI as well as by editing the configuration file. (“/etc/vconsole.conf”).

• Finally, I have changed the X11 layout from “Gb” to “us” by editing the config file (/etc/X11/xorg.conf.d/00-keyboard.conf), though it does not recommend.

(i) For changing X11 Layout from “us” to “gb” in CLI

(ii) And also, we can be changing back to X11 layout back to, from “us” to “gb.”

Reference

• Xorg/Keyboard configuration

https://wiki.archlinux.org/index.php/Xorg/Keyboard_configuration

• How to Set Up System Locale on CentOS 7

https://www.rosehosting.com/blog/how-to-set-up-system-locale-on-centos-7

Installation of OpenSSL Latest version (openssl-3.0.0-alpha2)

OpenSSL is not necessary to install in most cases as it updates alongside operating system updates. However, in some cases, the latest version (OpenSSL-3.0.0-alpha2) of the packages might not be up to date with the operating system. In this case, we’ll have to use these steps to update it to its latest version. However, it should not be used in the production environment.

• First of all, update the system before every installation.

[root@localhost ~]# dnf update

• Install the following supporting packages to install OpenSSL.

[root@localhost ~]# dnf install make gcc perl pcre-devel zlib-devel

Last metadata expiration check: 0:00:30 ago on Sun 24 May 2020 13:12:12 BST.

Package make-1:4.2.1-9.el8.x86_64 is already installed.

Package gcc-8.3.1-4.5.el8.x86_64 is already installed.

Package zlib-devel-1.2.11-10.el8.x86_64 is already installed.

Dependencies resolved.

• Then, download the OpenSSL latest version as listed on www.openssl.org/source.

• Make sure the download has not been changed during the download process through an integrity check as showed below.

• Uncompress and unarchive the package together by issuing the following command.

[root@localhost Downloads]# tar -xvzf openssl-3.0.0-alpha2.tar.gz

openssl-3.0.0-alpha2/

openssl-3.0.0-alpha2/ACKNOWLEDGEMENTS.md

openssl-3.0.0-alpha2/AUTHORS.md

openssl-3.0.0-alpha2/CHANGES.md

openssl-3.0.0-alpha2/CONTRIBUTING.md

…..etc

• Configure the packages as necessary before the compilation.

[root@localhost openssl-3.0.0-alpha2]# ./config –prefix=/usr –openssldir=/etc/ssl –libdir=lib no-shared zlib-dynamic

• Compile and test the above configured packages as mentioned below.

[root@localhost openssl-3.0.0-alpha2]# make

[root@localhost openssl-3.0.0-alpha2]# make test

01-test_abort.t ……………….. ok

01-test_sanity.t ………………. ok

01-test_symbol_presence.t ………. skipped: Only useful when building shared libraries

…..etc

99-test_ecstress.t …………….. ok

99-test_fuzz.t ………………… ok

All tests successful.

Files=197, Tests=1788, 174 wallclock secs ( 2.19 usr 0.46 sys + 164.93 cusr 19.41 csys = 186.99 CPU)

Result: PASS

• Install the compiled and tested packages.

[root@localhost openssl-3.0.0-alpha2]# make install

• Finally, setup the library path and check the version.

[root@localhost openssl-3.0.0-alpha2]# export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64

[ ..openssl-3.0.0-alpha2]# echo “export LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64” >> ~/.bashrc

Reference

• How to install the latest version of OpenSSL on CentOS 7?

https://www.osradar.com/how-to-install-the-latest-version-of-openssl-on-centos-7

• OpenSSL

https://www.openssl.org/source/

Squirrelmail Configuration on Postfix

First, install and configure the postfix server (which is in the article published on 19 May 2020). Then download SquirrelMail by going to http://rpmfind.net and search for squirrel mail rpm packages. Alternatively, go to my GitHub link and download the rpm plus the dependencies (using git).

Method 1 (for download)

[root@mailserver ~]# dnf install wget http://rpmfind.net/linux/fedora/linux/releases/32/Everything/x86_64/os/Packages/s/squirrelmail-1.4.23-3.fc32.20190710.noarch.rpm

Method 2 (for download)

You can also download squirrelmail with it’s dependencies by using following Github link:

https://github.com/ade9alwis/squirrelMail.git

• Check that the http service is enabled and running.

• Add the following configuration to end of the “/etc/httpd/conf/httpd.conf” file.

#Alias /webmail /usr/share/squirrelmail

<Directory /usr/share/squirrelmail>

Options Indexes FollowSymLinks

RewriteEngine on

AllowOverride All

DirectoryIndex index.php

Order allow,deny

Allow from all

</Directory>

• Verify the configuration as following.

• Squirrelmail configuration

Change the directory as follows and run the script “conf.pl”.

Then, you will see the configurations menu. Be sure to search through the different options and familiarise with them.

Now let’s configuration the organization name. Select Option 1 and enter the name: “example.com”.

Then press S to save and R to return to the main menu.

Let’s configure the Server Settings. Go to option 2, and then under that, option 1. Change option 1 from localhost to blank and Save(S) and return(R).

To configure the Server Settings, go to option 2 and under that, option 2 again – SMTP protocol rather than Sendmail, and then Save(s) and Quit(Q).

Restart the sever to activate the SELinux configuration and check that all of the below services are up and running.

• Postfix

• Dovecot

• Httpd

Finally, we can access webmail by entering its IP address or domain name (Adjust the host file) as below.

http://10.111.125.110/webmail or http://example.com/webmail

Now let’s send mail from Tom to Jerry.

Download RPM packages onto Machine.

Before downloading rpm onto the machine, it is necessary to install the “yumdownloader” package, which is not installed by default.

Before that, however, it is important to installed the yum-utils rpm package.

Let’s see how we download the package (eg:-nmap).

Next, download it to this specific location (without dependencies).

Download it to a specific location with it’s dependencies.

Finally, let’s download the source rpm for packages.

• 

Configure Postfix on CentOS 8

Originally developed by IBM, Postfix is a one of the popular mail servers that’s still used in the market.

Step 1

• Firstly, we’ll have to disable SELinux and adjust the firewall.

Step 2

Update the machine and install the following packages (postfix, telnet, mailx, devecot) as shown.

Step 3

Do the following configurations as I have mentioned below the hostname, domain and “/etc/hosts” files.

Configure the host file with your IP and FQDN, and make sure entry is working by pinging your FQDN.

Step 4

Configure the following config files as below.

#vi /etc/postfix/main.cf

• Uncomment lines 94, 102 and 117 respectively and make the necessary configurations.

• Check that lines 132 and 138 are unchecked. Uncheck them if this isn’t the case.

• In here, comment line 183 and uncomment line 184 as seen below.

• Now adjust the network setting according to your system (like the setup here).

• 

• Make sure to unchecked line 438 as below.

• 

Step 5

Add two users to verify the configurations and start or restart Postfix.

Step 6

Let’s send a message from “tom” to the user john via telnet as below.

Check that john has received the message by using the “cat” command as follows.

Step 7

Do the below configurations.

• Go “ /etc/dovecot/dovecot.conf “ and uncomment line number 24 as follows:

vi /etc/dovecot/dovecot.conf

• After that, configure the “/etc/dovecot/conf.d/10-mail.conf “ file line 24 as mentioned.

vi /etc/dovecot/conf.d/10-mail.conf

• 

• Next configure lines 10 and 100 of the file“/etc/dovecot/conf.d/10-auth.conf”.

• Finally, configure lines 91 and 92 of the “ /etc/dovecot/conf.d/10-master.conf” file. (uncomment both and the assigned user and group themas postfix)

Step 8

• Make sure dovecot service is running and enable. Check that the mail is being received.

In this stage, we can see clearly Tom’s message being delivered to John. The mail receiving protocols should be functioning too.

Kickstart installation from GitHub.

First of all, we have to create the necessary kickstart installation file or configuration file. I have mentioned the configuration file on GitHub as well, so you can download it there, and amend as you need. For the initial boot process, you download the minimal version (easy to download) of CentOS 8 or RHEL 8 iso image. Then, follow the steps that I have provided.

Step 1

Mount the iso file to the virtual machine as follows. If you don’t want to mount the file, you must have a bootable cd/DVD or USB, ..etc.

Step 2

Press the tab key at the boot screen and give the path as I mentioned below. (NB:-Pointing to the raw file)

NB:-https://raw.githubusercontent.com/ade9alwis/repo7/master/ks8.cfg

The Kickstart Configuration file is as follows. It is import to direct the http server to the Linux base repositories, not the iso files.

#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade

install

# Keyboard layouts

keyboard 'uk'

# Root password

rootpw --iscrypted $1$/V27Qc/N$xi6PcrfmvghGOI9/Yo70t0

# Use network installation

url --url="http://mirror.ox.ac.uk/sites/mirror.centos.org/8-stream/BaseOS/x86_64/os/"

# System language

lang en_US

# Firewall configuration

firewall --enabled

# System authorization information

authselect  --useshadow  --passalgo=sha512

# Use graphical install

graphical

firstboot --disable

# SELinux configuration

selinux --enforcing

# Reboot after installation

reboot

# System timezone

timezone Europe/London

# System bootloader configuration

bootloader --location=mbr

# Partition clearing information

clearpart --all

# Automatic partitioning

autopart --type=plain --fstype=ext4

%packages

@^minimal-environment

@core

chrony

kexec-tools

%end

%addon com_redhat_kdump --enable --reserve-mb=auto

%end

%anaconda

pwpolicy root --minlen=6 --minquality=50 --notstrict --nochanges --notempty

pwpolicy user --minlen=6 --minquality=50 --notstrict --nochanges --notempty

pwpolicy luks --minlen=6 --minquality=50 --notstrict --nochanges --notempty

%end

%post

#!/bin/bash

dnf update -y

dnf install epel-release -y

%end

Step 3

You can see the following screen during the installation process. At the end, you will have to unmount the iso image and let it to boot normally. When you’re at the login, the login screen will appear. Then, enter the username as root and password as 123456 to complete the process.