How to install and configure Certbot in a FreeNAS Jail

بسم الله الرحمن الرحيم

Abstract

• A tutorial to install and configure certbot within a FreeNAS Jail.
• Certbot is 'Electronic Frontier Foundation's ' implementation to issue free automated SSL certificates for webservers that are recognised by popular web browsers.  

Assumptions and Prerequisites

• Domain: example.com
• Hostname: www.example.com
• OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
• Container: Warden Jail
• Jail Name: www
• Private IP: 10.0.0.56
• Subnet Mask: 255.255.255.0/24
• Certbot Version: 0.9.3
• Apache has already been installed.
• Apache Version: 2.4.23
• Apache Webroot directory: /usr/local/www/apache24/data
• SSL Certificate File: /usr/local/etc/letsencrypt/live/www.example.com/fullchain.pem
• SSL Key File: /usr/local/etc/letsencrypt/live/www.example.com/privkey.pem 
• Apache is bound to port 80 and 443.
• Port 80 and 443 forwarding is enabled on the router to allow access to Apache webserver from the Internet.
• Email: info@example.com (required to recover lost account details from certbot).

Instructions

- Install certbot
# pkg install py27-certbot

- Configure domain
# certbot certonly
Follow installer instructions
    domain: www.example.com
    webroot: /usr/local/www/apache24/data
    email: info@example.com

- Test certs renewal
# certbot renew --dry-run 

- Renew certs (Renews certs on port 80 for 90 days. Will not renew cert if expiry date of cert is less than 30 days).
# certbot renew --quiet

-  Force cert renewal with current issue date
# certbot renew --quiet --force-renewal

- Renew cert with a higher rsa-key size 4096
# certbot renew --quiet --rsa-key-size 4096 

-  Force cert renewal on https port 443 with a higher rsa-key size 4096
# certbot renew --quiet --rsa-key-size 4096 --force-renewal --tls-sni-01-port 443

- Change SSL Cert file paths in Apache to point to the new location of certbot's certificates
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf
   (144)  SSLCertificateFile "/usr/local/etc/letsencrypt/live/www.example.com/fullchain.pem"
   (154)  SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/www.example.com/privkey.pem"
   (175)  #SSLCACertificateFile "/usr/local/etc/ssl/certs/ca.pem"

- Reload Apache config after certs renewal
# apachectl -k graceful

- Setup a cron job in FreeNAS to auto renew certs and reload the new apache settings with the following command.
# jexec www certbot renew --quiet --rsa-key-size 4096 && jexec www apachectl -k graceful

- Test the new SSL certs at the SSLABS website. This should give you an A+ on the SSL report.

- Links

• https://certbot.eff.org/
• https://www.ssllabs.com/ssltest/index.html

How to install a secure Wordpress CMS in a FreeNAS Jail

بسم الله الرحمن الرحيم

Abstract 

A tutorial to install a secure Wordpress CMS on a FreeNAS 9.10.1 Jail.

Assumptions and Prerequisites

• Domain: example.com
• Hostname: www.example.com
• OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
• Container: Warden Jail
• Jail Name: www
• Private IP: 10.0.0.56
• Subnet Mask: 255.255.255.0/24
• Database Server Name: db.example.com
• Database Type and Version: MariaDB v10.1.18
• Database Server IP: 10.0.0.57
• Database Username: n7if835 (random generated)
• Database Password: TunTeR3MPzqHy1KD (should be randomly generated)
• Database Name: n7if835 (random generated)
• Database Table Prefix: 24686nj9po7_ (should be randomly generated)
• Database Server has SSL configured and enabled.
• Apache has already been installed.
• php56 and the necessary extensions are already installed.
• Apache Webroot directory: /usr/local/www/apache24/data/
• Apache 'AllowOverride' set to 'All'
• Wordpress Version: 4.6.1

Instructions

Environment Setup

- Create a database 'n7if835' with username 'n7if835' with all privileges (Data, Structure, and Administration) and password 'TunTeR3MPzqHy1KD'

- Enable mod_rewrite module in apache by editing the file /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (177)   LoadModule rewrite_module libexec/apache24/mod_rewrite.so

- Install package wget to download wordpress archive
# pkg install wget

Install and Configure Wordpress

- Download wordpress from http://wordpress.org/latest.tar.gz
# cd /tmp
# wget http://wordpress.org/latest.tar.gz
- Unzip archive /tmp/latest.tar.gz
# tar xvf latest.tar.gz

- Copy /tmp/wordpress/ contents to webroot directory /usr/local/www/apache24/data/
# cp -Rfv /tmp/wordpress/* /usr/local/www/apache24/data/

- Goto https://www.example.com/ via web browser and follow the installation instructions.

- Enter the following Database details:
        Database Name: n7if835
        Username: n7if835
        Password: TunTeR3MPzqHy1KD
        Database Host: db.example.com
        Table Prefix: 24686nj9po7_

- Copy the generated code by wordpress installer into the file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php

- Click on the 'Run the Install' button and that will create the necessary database tables.

- Enter the following Site details:
        Site Title: www.exampl.com
        Username: webmin2001 (for security reasons don't use anything like 'admin')
        Password: (Enter strong password)
        Your Email: (your email address for this wordpress admin account)

- Enable Direct File System access by wordpress
# chmod -Rv 775 /usr/local/www/apache24/data/wp-content
- Edit file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (40)    /** If you don't want to use FTP to add/delete/update plugins/themes then define this option. **/
   (41)    define('FS_METHOD','direct');

- Test by deleting and adding a plugin or theme.

Securing Wordpress

- Enable DB SSL Connection by Wordpress
Edit File /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (43)    /** Force Wordpress to use SSL connection to Database **/
   (44)    define('MYSQL_CLIENT_FLAGS', MYSQL_CLIENT_SSL);

- Goto https://www.example.com/phpmyadmin via web browser and change the following details:
           Username: n7if835 SSL setting from 'REQUIRE NONE' to 'REQUIRE SSL'.
           Remove Administration Privileges for user n7if835

- Disable file editing for editing plugins and themes.
Edit file /usr/local/www/apache24/data/wp-config.php
# vi /usr/local/www/apache24/data/wp-config.php
   (46)    /** Disable File Editing **/
   (47)    define('DISALLOW_FILE_EDIT', true);

- Force SSL Logins and SSL Admin Access
# vi /usr/local/www/apache24/data/wp-config.php
   (49)    /** Force SSL Logins **/
   (50)    define('FORCE_SSL_LOGIN', true);
   (51)
   (52)    /** Force SSL Admin Access **/
   (53)    define('FORCE_SSL_ADMIN', true);

- Delete files 'license.txt' and 'readme.html' in the wordpress root directory and also 'install.php' in wp-admin directory because they are possible site security holes.
# rm -v /usr/local/www/apache24/data/license.txt 
# rm -v /usr/local/www/apache24/data/readme.html
# rm -v /usr/local/www/apache24/data/wp-admin/install.php

- Make the file /usr/local/www/apache24/data/wp-config.php only readable by user and group
# chmod 440 /usr/local/www/apache24/data/wp-config.php

- Move the file /usr/local/www/apache24/data/wp-config.php up one directory to prevent web users access.
# mv /usr/local/www/apache24/data/wp-config.php /usr/local/www/apache24/wp-config.php

- Disable php functions that are not needed (good practice if website is on a shared host).
# vi /usr/local/etc/php.ini
    (303)  disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

- Turn off expose_php in php.ini
# vi /usr/local/etc/php.ini
    (363)  expose_php = Off

- Disable opening urls as files
# vi /usr/local/etc/php.ini
    (831)  allow_url_fopen = Off

- Create .htaccess file in the wordpress root directory and write the following to prevent web directory browsing, user enumeration, includes directory access, hotlinking of images, and users from reading the wp-config file.
# vi /usr/local/www/apache24/data/.htaccess
    (1)    Options -Indexes +FollowSymLinks
    (2)  
    (3)    <IfModule mod_rewrite.c>
    (4)    RewriteEngine On
    (5)    RewriteBase /
    (6)
    (7)    # Enable Permalinks to work
    (8)    RewriteRule ^index\.php$ - [L]
    (9)    RewriteCond %{REQUEST_FILENAME} !-f
    (10)   RewriteCond %{REQUEST_FILENAME} !-d
    (11)   RewriteRule . /index.php [L]
    (12)
    (14)   # Prevent user enumeration
    (15)   RewriteCond %{QUERY_STRING} ^author=([0-9]*)
    (16)   RewriteRule .* https://www.example.com/? [L,R=302]
    (17)   RewriteRule ^wp-admin/includes/ - [F,L]
    (18)
    (19)   # Prevent includes directory access
    (20)   RewriteRule !^wp-includes/ - [S=3]
    (21)   RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    (22)   RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    (23)   RewriteRule ^wp-includes/theme-compat/ - [F,L]
    (24)
    (25)   # Disable hotlinking of images with forbidden or custom image option
    (26)   RewriteCond %{HTTP_REFERER} !^$
    (27)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
    (28)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?google.com [NC]
    (29)   RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?feeds2.feedburner.com/example [NC]
    (30)   RewriteRule \.(jpg|jpeg|png|gif)$ – [NC,F,L]
    (31)
    (32)   # Disable XMLRPC
    (33)   RewriteRule ^xmlrpc.php$ "http://0.0.0.0/" [R=301,L]
    (34)
    (35)   # Restrict access to plugins and themes php files from unauthorised users
    (36)   RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php
    (37)   RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/
    (38)   RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L]
    (39)   RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php
    (40)   RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/
    (41)   RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]
    (42)
    (43)   # Prevent Script injections
    (44)   RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
    (45)   RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
    (46)   RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    (47)   RewriteRule ^(.*)$ index.php [F,L]
    (48)   </IfModule>
    (49)
    (50)   # Protect wp-config.php from user access
    (51)   <files wp-config.php>
    (52)   Require all denied
    (53)   </files>

- Prevent execution of php scripts in the uploads directory
# vi /usr/local/www/apache24/data/wp-content/uploads/.htaccess
    (1)    # Disable php file execution
    (2)    <files *.php>
    (3)    Require all denied
    (4)    </files>

How to install phpMyAdmin on a FreeNAS Jail

بسم الله الرحمن الرحيم

Abstract

A tutorial to install phpMyAdmin on a FreeNAS Jail. 

Assumptions and Prerequisites

• Domain: example.com
• Hostname: www.example.com
• OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
• Container: Warden Jail
• Jail Name: www
• Private IP: 10.0.0.56
• Subnet Mask: 255.255.255.0/24
• Apache has already been installed.
• php56 is already installed.
• Restrict Access only to local LAN (10.0.0.0/24).

Instructions

- First install php extensions required for phpMyAdmin.    

# pkg install php56-session php56-json php56-mbstring php56-zip php56-gd php56-openssl php56-curl php56-ctype php56-bz2 php56-mcrypt php56-zlib

- Install and Configure phpMyAdmin for Database Web Administration

# pkg install phpmyadmin

- Create phpMyAdmin configuration file /usr/local/etc/apache24/Includes/phpmyadmin.conf

# vi /usr/local/etc/apache24/Includes/phpmyadmin.conf

   (1)      Alias /phpmyadmin "/usr/local/www/phpMyAdmin/"

   (2)       

   (3)      <Directory "/usr/local/www/phpMyAdmin/">                  

   (4)          Options None

   (5)          AllowOverride Limit

   (6)

   (7)          Require local

   (8)          Require ip 10.0.0.0/24

   (9)      </Directory>

- Reload Apache Configurations

# service apache24 graceful

- Configure phpMyAdmin to connect with Database

Goto http://10.0.0.56/phpmyadmin/setup via web browser.

Click the button 'New server' and add a new server settings.

After configuring settings for the database server connection, click the 'Display' button.

- Copy the php code generated into the file /usr/local/www/phpMyAdmin/config.inc.php

# vi /usr/local/www/phpMyAdmin/config.inc.php

- Goto http://10.0.0.56/phpmyadmin via web browser and Login to phpmyadmin with your database username and password.

How to Install Apache webserver in a FreeNAS Jail

بسم الله الرحمن الرحيم

Abstract

• A tutorial to install the Apache webserver in FreeNAS 9.10 Jail.
• Configure and enable SSL on Apache.
• Enable Virtual Hosts.
• Enable and configure Apache Server Pool Management.
• Configure Apache to run CGI and Perl scripts. 
• Install and configure php56. 

Assumptions and Prerequisites

• Domain: example.com
• Hostname: www.example.com
• System Notification Email: info@example.com 
• OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
• Container: Warden Jail
• Jail Name: www
• Private IP: 10.0.0.56
• Subnet Mask: 255.255.255.0/24
• Server Location: Melbourne, Australia
• Webserver and Version: Apache v2.4.23_1
• Apache Document Root Directory: /usr/local/www/apache24/data
• Apache MPM: Prefork Module
• Disable Directory Browsing.
• Allow Over Ride All to .htaccess files.
• CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
• SSL Certificate File: /usr/local/etc/ssl/certs/www.example.com.crt
• SSL Key File: /usr/local/etc/ssl/private/www.example.com.key

Instructions

- Install Apache2.4
# pkg install apache24

- Configure Apache settings
Edit file /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (214) ServerAdmin info@example.com
   (222) ServerName www.example.com
   (260) Options -Indexes +FollowSymLinks
   (267) AllowOverride All

- Set Server Defaults for Production Server
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (505) Include etc/apache24/extra/httpd-default.conf
Edit /usr/local/etc/apache24/extra/httpd-default.conf
# vi /usr/local/etc/apache24/extra/httpd-default.conf
   (55)  ServerTokens Prod

Enable apache to run and start on boot.
# sysrc apache24_enable="yes"
Start Apache Server
# service apache24 start

- Generate Self-Signed Certificate Authority, Server Certificate and Key.

Enable SSL 

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (89)   LoadModule socache_shmcb_module libexec/apache24/mod_socache_shmcb.so
   (144)  LoadModule ssl_module libexec/apache24/mod_ssl.so
   (513)  Include etc/apache24/extra/httpd-ssl.conf
Edit /usr/local/etc/apache24/extra/httpd-ssl.conf
# vi /usr/local/etc/apache24/extra/httpd-ssl.conf
   (52)   #SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (53)   #SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
   (65)   SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (66)   SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
   (124)  DocumentRoot "/usr/local/www/apache24/data"
   (125)  ServerName www.example.com:443
   (126)  ServerAdmin info@example.com
   (127)  ErrorLog "/var/log/httpd-error.log"
   (128)  TransferLog "/var/log/httpd-access.log"
   (144)  SSLCertificateFile "/ust/local/etc/ssl/certs/www.example.com.crt"
   (154)  SSLCertificateKeyFile "/usr/local/etc/ssl/certs/www.example.com.key"
   (175)  SSLCACertificateFile "/usr/local/etc/ssl/certs/ca.pem"
Reload new settings for Apache
# service apache24 graceful

Enable Virtual Hosts

- Enable Virtualhosts to redirect traffic from unecrypted port (80) to encrypted port (443).
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (496)  Include etc/apache24/extra/httpd-vhosts.conf
Edit /usr/local/etc/apache24/extra/httpd-vhosts.conf
# vi /usr/local/etc/apache24/extra/httpd-vhosts.conf
   (23)  
   (24)       ServerAdmin info@example.com
   (25)       DocumentRoot "/usr/local/www/apache24/data"
   (26)       ServerName www.example.com
   (27)       ServerAlias www.example.com
   (28)       ErrorLog "/var/log/www.example.com-error_log"
   (29)       CustomLog "/var/log/www.example.com-access_log" common
   (30)       Redirect "/" "https://www.example.com"
   (31)  
Reload new settings for Apache
# service apache24 graceful

Enable Server Pool Management

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (478)  Include etc/apache24/extra/httpd-mpm.conf
Change the number of concurrent connections for the server from 250 to 50 by editing the /usr/local/etc/apache24/extra/httpd-mpm.conf file
# vi /usr/local/etc/apache24/extra/httpd-mpm.conf
   (32)    MaxRequestWorkers      50
Reload new settings for Apache
# service apache24 graceful

Enable CGI and Perl Scripts

Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (162)   LoadModule cgid_module libexec/apache24/mod_cgid.so
   (165)   LoadModule cgi_module libexec/apache24/mod_cgi.so
   (260)   Options -Indexes +FollowSymLinks +ExecCGI
   (418)   AddHandler cgi-script .cgi .pl
Reload new settings for Apache
# service apache24 graceful

- Create CGI Script to test on Server
Create file /usr/local/www/apache24/data/index.cgi
#vi /usr/local/www/apache24/data/index.cgi
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "CGI Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.cgi
- Test Script in Browser

- Create Perl Script to test on Server
Create file /usr/local/www/apache24/data/index.pl
#vi /usr/local/www/apache24/data/index.pl
   (1)     #!/usr/local/bin/perl
   (2)     print "Content-type: text/html\n\n";
   (3)     print "<html>\n<body>\n";
   (4)     print "<div style=\"width: 100%; font-size: 40px; font-weight: bold; text-align: center;\">\n";
   (5)     print "Perl Test Page";
   (6)     print "\n</div>\n";
   (7)     print "</body>\n</html>\n";
- Change Permissions of file
# chmod 705 /usr/local/www/apache24/data/index.pl
- Test Script in Browser

Install and Enable  php56

# pkg install -y php56 mod_php56 php56-mysql php56-mysqli php56-extensions
Create file php56 configuration file /usr/local/etc/apache24/includes/php56.conf
# vi /usr/local/etc/apache24/includes/php56.conf
   (1)     <FilesMatch "\.php$">
   (2)         SetHandler application/x-httpd-php
   (3)     </FilesMatch>
   (4)     <FilesMatch "\.phps$">
   (5)         SetHandler application/x-httpd-php-source
   (6)     </FilesMatch>
Reload new settings for Apache
# service apache24 graceful

- Change script preference to execute index.php over index.html
Edit /usr/local/etc/apache24/httpd.conf
# vi /usr/local/etc/apache24/httpd.conf
   (281)  DirectoryIndex index.php index.html
- Copy php.ini-production to php.ini
# cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
- Edit file /usr/local/etc/php.ini
# vi /usr/local/etc/php.ini
   (936)   date.timezone = "Australia\Melbourne"
Reload new settings for Apache
# service apache24 graceful

- Create php Script to test on Server
Create file /usr/local/www/apache24/data/index.php
# vi /usr/local/www/apache24/data/index.php
   (1)       <html>
   (2)       <body>
   (3)       <div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
   (4)       <?php
   (5)            print Date("Y/m/d");
   (6)       ?>
   (7)       </div>
   (8)       </body>
   (9)       </html>
- Test Script in Browser

- Links

• http://howtounix.info/howto/self-signed-SSL-Certificate

How to install MariaDB Server in a FreeNAS Jail

بسم الله الرحمن الرحيم

Description

A tutorial to install MariaDB Server v10.1.18 on a FreeNAS 9.10.1 Jail.

Assumptions and Prerequisites 

• Domain: example.com
• Hostname: db.example.com
• OS: FreeNAS 9.10.1-U2 (FreeBSD 10.3-STABLE)
• Container: Warden Jail
• Jail Name: db
• Private IP: 10.0.0.57
• Subnet Mask: 255.255.255.0/24
• Database Version: MariaDB v10.1.18
• Database Server Type: Medium
• SSL Certificates have been generated 
• CA Certificate File: /usr/local/etc/ssl/certs/ca.pem
• SSL Certificate File: /usr/local/etc/ssl/certs/db.example.com.crt
• SSL Key File: /usr/local/etc/ssl/private/db.example.com.key

Instructions

Install MariaDB
# pkg install mariadb101-server

Configure Settings
Choose Configuration file for Database server: my-small.cnf, my-medium.cnf, my-large.cnf, or my-huge.cnf
# cp /usr/local/share/mysql/my-medium.cnf /usr/local/etc/my.cnf 

Enable MariaDB Server to run and start on boot
# sysrc mysql_enable=yes

Start MariaDB Server
# service mysql-server start

Configure secure setup for production
# mysql_secure_installation
   Set root password? [Y/n]: y
   Remove anonymous users? [Y/n]: y
   Disallow root login remotely? [Y/n]: y
   Remove test database and access to it? [Y/n]: y
   Reload privilege tables now? [Y/n]: y

Test root Login
# mysql -u root -p

Test sql queries
# select user,host,password from mysql.user;
# show databases; 
# exit;

Enable SSL on MariaDB Server

# vi /usr/local/etc/my.cnf

   (27)  # The MariaDB server

   (28)  [mysqld]

   (29)  ssl-ca=/usr/local/etc/ssl/certs/ca.pem

   (30)  ssl-cert=/usr/local/etc/ssl/certs/db.example.com.crt

   (31)  ssl-key=/usr/local/etc/ssl/private/db.example.com.key 

   (32)  bind-address    = 10.0.0.57 

   (33)  port = 3306

How to install Webmin in a FreeNAS Jail

بسم الله الرحمن الرحيم

Description

This is a tutorial on how to install Webmin 1.810 inside a FreeNAS 9.10.-U1 warden jail.

Assumptions and Prerequisites 

• OS: FreeNAS 9.10.1-U1
• Webmin Version: 1.810
• Jail Name: zen
• DNS Name: zen.houseofjaleel.com
• Domain: houseofjaleel.com
• Private IP Address: 10.0.0.10
• Jail has been updated to the latest packages with the command # pkg -y update && pkg -y upgrade

Instructions

1. Install Webmin 

# pkg install -y webmin

2. Run the Webmin setup script

# /usr/local/lib/webmin/setup.sh

Log file directory [/var/log/webmin]: press Enter to accept default
Full path to perl (default /usr/local/bin/perl): press Enter to accept default
Web server port (default 10000): press Enter to accept default
Login name (default admin): press Enter to accept default
Login password: (set your password here)
Password again: (set you password here)
Use SSL (y/n): y

3. Enable Webmin to run and also run on boot
# sysrc webmin_enable="YES"

4. Start Webmin service
# service webmin start

Conclusion

Login to webmin via the browser with the username: admin and password you set with the setup script earlier.

If DNS is configured for the jail then you can access webmin through either of the three URLs, or just the IP.

1. https://10.0.0.10:10000
2. https://zen:10000
3. https://zen.houseofjaleel.com:10000

How To Batch Convert/Transcode Videos Using VLC Media Player

بسم الله الرحمن الرحيم

In the Name of Allah. The Most gracious, The Most Merciful

Synopsis:

This is a tutorial on how to Transcode and Convert Video Files into MP4 (MPEG-4) format with 1024kbps bitrate using the H.264 Video Codec and the MP3 Audio Codec.

Assumptions and Prerequisites:

• OS: Microsoft Windows 7
• VLC Media Player (Version: 2.0.2) is already installed. 
• Type of Videos: Home Movies.
• User Level: Administrator
• Scripting Language: Visual Basic Script (VBS)
• Working Folder: D:\VLC
• Script File Path and Name: D:\VLC\vlc.batch.transcode.videos.to.mp4.vbs
• Source Folder: D:\VLC\Source
• Target Folder: D:\VLC\Target
• VLC Program Path:  C:\Program Files (x86)\VideoLAN\VLC 
• Video Bitrate: 1024kbps
• Video Container: MP4
• Video Codec: H.264
• Audio Codec: MP3
• Audio Bitrate: 128kbps
• Audio Channels: 2 (Stereo)
• Audio Sample Rate: 44100Hz (CD Quality)

Instructions:

1. Download the VLC Script Directory from here and save it on your Computer.

2. Extract the "VLC.rar" file to any Directory of your choice. eg. "D:"

3. Copy the Videos you want to transcode/convert into the "D:\VLC\Source" Folder.

4. Right-Click on  "D:\VLC\vlc.batch.transcode.videos.to.mp4.vbs" file and select "Run with Command Prompt".

5. The new transcoded files will be saved in the Target Folder.

Conclusion:

When the Transcoding is in progress, the VLC Media player window will stay open but no video output will be available and then close after the video has been transcoded. And this will repeat for each video transcoding.

When the Transcoding has been completed, you should see all the video files converted in the Target Folder. Any non-video files (eg. *.JPG) available in the Source Folder will be copied to the Target Folder without any change. When you have verified the files in the Target Folder, you can then go on and delete everything underneath the Source Folder.

If you aspire for  a better video quality, then increase the Video Bitrate(strBitrate) in the D:\VLC\vlc.batch.transcode.videos.to.mp4.vbs file before Transcoding. If you increase the Video Bitrate more than 1024kbps, then you would end up with a larger file size with no significant increase in Video quality and that would defeat the purpose of Transcoding these video files. For home movies recorded with a typical Sony Cybershot or a Canon DSLR camera, the 1024kbps bitrate strikes the perfect balance between quality and smaller file size for the video.

If this Post made your life a lot easier, then please leave a small donation as a token of your appreciation. :-)

Links:

1. http://episteme.arstechnica.com/eve/forums/a/tpc/f/12009443/m/516001349831
2. http://wiki.videolan.org/How_to_Batch_Encode 
3. http://wiki.videolan.org/Transcode
4. http://taylor.veltrop.com/software/transcode%201.1%20release.vbs
5. http://www.jaleeltech.com.au/download/VLC.rar

How To Configure Network Setting on CentOS 6.3

بسم الله الرحمن الرحيم

In the Name of Allah. The Most gracious, The Most Merciful

Synopsis:

A short tutorial on how to configure network settings on CentOS 6.3 machine.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64
• Server Name: mujahid
• Subnet: 192.168.1.0/24
• Server IP: 192.168.1.20
• Subnet Mask: 255.255.255.0
• DNS IP: 192.168.1.15
• Gateway IP: 192.168.1.1
• Domain: houseofjaleel.com.au
• Network Device/Interface: eth0 
• Text Editor: vi
• Firewall (IPTables) is disabled.
• SELinux is disabled.
• '#' - Script Comment.
• This machine is a Server; therefore has a fixed IP settings. It is not assigned any network settings from any DHCP or BOOTP service.

Step-by-Step Instructions:

1. Create the network configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 with the following configurations and save it.

DEVICE="eth0"       # Device name
HWADDR="00:0C:29:7D:A0:62"    # eth0's MAC address. This may be different on your machine.  
NM_CONTROLLED="no"   # Settings are not controlled by the Network Manager service. 
BOOTPROTO="none"   # This device does not receive network settings from any dhcp service on the network.
ONBOOT="yes"            # Service starts at boot time.
TYPE="Ethernet"    # Device type is of Ethernet.
IPADDR="192.168.1.20"               # IP Address of this Network device.
NETMASK="255.255.255.0"     # Subnet Mask
GATEWAY="192.168.1.1"         # IP Address to access the Internet (usually it's a Router).
DNS1="192.168.1.15"       # IP Address of the machine hosting the DNS on the LAN.
DOMAIN="houseofjaleel.com.au"     # Name of the Domain this server belongs to. Omit if no domain configured on Network.
IPV6INIT="no"    # ipv6 is not enabled on this server machine.
USERCTL="no"   # Except for root user, users can't alter network setting for this device.


Clean (without comments) version of the file /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE="eth0"
HWADDR="00:0C:29:7D:A0:62"  
NM_CONTROLLED="no"  
BOOTPROTO="none"  
ONBOOT="yes" 
TYPE="Ethernet"
IPADDR="192.168.1.20" 
NETMASK="255.255.255.0" 
GATEWAY="192.168.1.1" 
DNS1="192.168.1.15" 
DOMAIN="houseofjaleel.com.au" 
IPV6INIT="no" 
USERCTL="no"


2. Restart Network service.
# /etc/rc.d/init.d/network restart

3. Enable Network Service to start at boot time.
# chkconfig network on

4. Check to see if network settings have been loaded from the configuration file for 'eth0'.
# ifconfig

5. Disable ipv6 device driver on this server machine from loading at boot time.
# echo "install ipv6 /bin/true" > /etc/modprobe.d/disable-ipv6.conf 

6. Restart server.
# reboot

 7. Login as root and check network settings. It should show that there is no "inet6" setting anymore.
# ifconfig

Conclusion:

Change the "DNS1" configuration to "127.0.0.1" or "192.168.1.20", if DNS is configured on the local machine.

Use 'DNS2' to add a secondary DNS host (eg. DNS2="192.168.1.16").

IPV6 is outside of the scope of this tutorial.

How To Install Webmin and Usermin Via The YUM Package Manager On CentOS 6.3

Synopsis:

How To Install Webmin and Usermin via the YUM Package Manager On CentOS 6.3 x64.

Assumptions and Prerequisites:

• Server IP Address: 192.168.1.11.
• OS: CentOS 6.3 x64
• Server Name: tyrion
• Firewall (IPTables) is disabled.
• YUM Repository EPEL has already been added. 
• SELinux is disabled.
• Text Editor: Nano

Step-by-Step Instructions:

1. Create the Webmin YUM Repo File: /etc/yum.repos.d/webmin.repo with the following configurations and save it.

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

2. Import GPG Key from the webmin website.
# rpm --import http://www.webmin.com/jcameron-key.asc

Webmin:

1. Install the required perl module.
# yum -y install perl-Net-SSLeay

2. Install Webmin via YUM.
# yum -y install webmin

3. Edit /etc/webmin/miniserv.conf and add the following line at the end of the file to allow users only from the LAN to be able to login to Webmin.

allow=127.0.0.1 192.168.1.0/24

4. Restart the Webmin service.
# /etc/rc.d/init.d/webmin restart

Usermin:

1. Install the required perl module.
# yum --enablerepo=epel -y install perl-Net-SSLeay perl-Authen-PAM

2. Install Usermin via YUM.
# yum -y install usermin

3. Edit /etc/usermin/miniserv.conf and add the following lines at the end of the file to allow users only from the LAN to be able to login to Webmin.

allow=127.0.0.1 192.168.1.0/24
denyusers=root


4. Restart the Usermin service.
# /etc/rc.d/init.d/usermin restart

Conclusion:

Webmin:

Open browser and go to https://192.168.1.11:10000 and login as 'root'.

If you have DNS configured, then https://tyrion:10000 will also work in the browser. And if you are on the same machine, then https://localhost:10000 will also work in the browser.

Usermin: 

Open browser and go to https://192.168.1.11:20000 and login as any user except root because root user has been disabled for usermin.


If you have DNS configured, then https://tyrion:20000 will also work in the browser. And if you are on the same machine, then https://localhost:20000 will also work in the browser.

How To Add Additional YUM Repositories In CentOS 6.3

Synopsis:

This is a tutorial on how to add 2 additional YUM repositories, RPMForge and EPEL on CentOS 6.3 x64.

Assumptions and Prerequisites: 

• OS: CentOS 6.3 x64.
• Text Editor: vi
• Network is configured and server has Internet access.
• Server Location: Melbourne, Australia

Step-by-Step Instructions:

RPMForge:

1. Import GPG Key for the RPMForge package.

# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

2. Verify RPM package with GPG Key.

# rpm -K http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

3. Install RPM package for RPMForge YUM repository.

# rpm -i http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

EPEL:

1. Import GPG Key for the EPEL package.

# rpm --import  http://mirror.optus.net/epel/RPM-GPG-KEY-EPEL-6

2. Verify RPM package with GPG Key.

# rpm -K http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

3. Install RPM package for EPEL YUM repository.

# rpm -i http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm

Conclusion:

After adding the RPMForge and EPEL YUM Repositories, you can install packages such as "htop" and "nano" via the YUM Package manager.

In order to add the EPEL and RPMForge Repositories for the x86(32 bit), you have to locate and install the 32 bit version from their respective mirrors.

How To Install and Configure DHCP Server on CentOS 6.3

Synopsis:

A short tutorial on how to Install and Configure a DHCP Server on CentOS 6.3 x64, listening on the "eth0" Interface only.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64.
• Server Name: mujahid
• DNS IP: 192.168.1.10
• IPv6 is disabled.
• SELinux is disabled.
• Firewall (IPTables) is disabled.
• Subnet: 192.168.1.0/24
• Domain: houseofjaleel.com.au
• Gateway (Router IP Address): 192.168.1.1
• Text Editor: Nano
• Dynamic DNS (DDNS) is not enabled.

Step-by-Step Instructions:

1. Install the DHCP Package via a terminal.
# yum -y install dhcp

2. Edit file /etc/dhcp/dhcpd.conf with "nano" editor and write the following configuration:


# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.sample
#   see 'man 5 dhcpd.conf'
#


# This DHCP server to be declared valid
authoritative;

# Subnet 192.168.1.0/24
subnet 192.168.1.0 netmask 255.255.255.0 {

# default gateway
option routers 192.168.1.1;

# domain name
option domain-name "houseofjaleel.com.au";

# DNS's hostname or IP address
option domain-name-servers 192.168.1.10;

# range of lease IP address
range dynamic-bootp 192.168.1.2 192.168.1.254;

# default lease time
default-lease-time 600;

# max lease time
max-lease-time 7200;

# broadcast address
option broadcast-address 192.168.1.255;

##### Reserved Hosts #####

# Router
host router {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.1;
}

# Farooq
host farooq {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.10;
}

# Tariq
host tariq {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.11
}

# Humaira
host humaira {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.12;
}

# Khalid
host khalid {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.13;
}

# Asim
host asim{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.14;
}

# Mujahid
host mujahid{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.15;
}

# Amir
host amir{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.16;
}

# Muneera
host muneera{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.17;
}

# Atif
host atif{
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.1.18;
}

} # end of Subnet 192.168.1.0/24

3. edit file /etc/sysconfig/dhcp to make sure the DHCP service is listening on the relevant Interface (eth0).

# nano /etc/sysconfig/dhcp

eg.

DHCPDARGS="eth0"  

4. Start DHCP at boot.

# chkconfig dhcpd on

5. Start the DHCP service.

# /etc/rc.d/init.d/dhcpd start

How To Install and Configure DNS (Bind) on CentOS 6.3

Synopsis:

A short tutorial on how to Install and Configure a DNS service on CentOS 6.3 x64 using Webmin.

Assumptions and Prerequisites:

• OS: CentOS 6.3 x64.
• Server Name: tyrion
• The Server [tyrion] hosts all services on the same machine (e.g. DHCP, Postfix, HTTP, and FTP).
• Webmin is already installed and the DNS configuration will be done via Webmin.
• The DNS for both internal (LAN) and external (WAN) IPs will be hosted on the same Server Machine.
• There are no DNS Slaves.
• IPv6 is disabled.
• Firewall (IPTables) is disabled.
• SELinux is disabled.
• Subnet: 192.168.1.0/24
• Domain: kingslanding.com.au
• WAN IP: 110.92.81.14
• Gateway (Router IP Address): 192.168.1.1
• Local ISP (TPG) DNS are used as forwarders. (203.12.160.35 and 203.12.160.36) 
• DHCP is installed and a couple of IP addresses are reserved.
• Dynamic DNS is not enabled for the DHCP Server.
• Text Editor: Nano
• Server Location: Melbourne, Australia.

Step-by-Step Instructions:

1. Install DNS packages. Run the following command in terminal.
# yum -y install bind bind-utils

2. Disable IPV6 for the named deamon

# echo 'OPTIONS="-4"' >>  /etc/sysconfig/named

3. Configure Bind (named) via Webmin

4. Create views "lan" and "wan". "lan" is for internal clients i.e. Private Machines. "wan" is for external clients that reside outside the router i.e. Internet.

5. Move all the zones to "lan" i.e. "Root Zone", "0", "127.0.0.1", "localhost", "localhost.localdomain". 

 a. Set "allow queries" to "localhost" and "192.168.1.0/24" under "Zone Defaults".

 b. Add 203.12.160.35 and 203.12.160.36 to "Forwarders and Transfers".

 c. Comment out "Listen on port 53 {127.0.0.1;}" because we want the 'named" service to listen on all interfaces.

 d. Set "listen-on-v6 port 53" to 'none' because we are not using IPv6.

 e. Set "recursion" to 'yes' because we want all devices on the LAN to be able to list all the devices listed on the DNS service.

 f. Set "recursion" to 'no' only for the "wan" view because we don't want users from the Internet to find out the IP addresses of our local machines on the LAN.   

6. Create Master Zone "kingslanding.com.au" of Forward type in the "lan" view with the following details:

 a. Domain = kingslanding.com.au

 b. Master server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

7. Add "Address (A)" record "kingslanding.com.au." -> 192.168.1.11

8. Add "Mail (MX)" record "kingslanding.com.au." -> "tyrion.kingslanding.com.au." with 10 priority.

9. Add "Address (A)" record "tyrion" -> 192.168.1.11

10. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

11. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au." 

12. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au." 

13. Add "Address (A)" record "jamie" -> 192.168.1.12

14. Add "Address (A)" record "tywin" -> 192.168.1.10

15. Add "Address (A)" record "cersei" -> 192.168.1.13

16. Add "Address (A)" record "joffery" -> 192.168.1.14

17. Create Master Zone "192.168.1" of Reverse type in the "lan" view with the following details:

 a. Domain name / network = 192.168.1

 b. Master Server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

18. Add "Reverse Address (PTR)" record "192.168.1.11" -> "tyrion.kingslanding.com.au."

19. Add "Reverse Address (PTR)" record "192.168.1.10" -> "tywin.kingslanding.com.au."

20. Add "Reverse Address (PTR)" record "192.168.1.12" -> "jamie.kingslanding.com.au."

21. Add "Reverse Address (PTR)" record "192.168.1.13" -> "cersei.kingslanding.com.au."

22. Add "Reverse Address (PTR)" record "192.168.1.14" -> "joffery.kingslanding.com.au."

23. Create Master Zone "kingslanding.com.au" of Forward type in the "wan" view with the following details:

 a. Domain = kingslanding.com.au

 b. Master server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

24. Add "Address (A)" record "kingslanding.com.au." -> "110.92.81.14"

25. Add "Address (A)" record "tyrion.kingslanding.com.au." -> "110.92.81.14"

26. Add "Mail (MX)" record "kingslanding.com.au." -> "kingslanding.com.au." with 10 priority.

27. Add "Alias (CNAME)" record "www" -> "kingslanding.com.au."

28. Add "Alias (CNAME)" record "ftp" -> "kingslanding.com.au."

29. Add "Alias (CNAME)" record "mail" -> "kingslanding.com.au."

30. Add "Alias (CNAME)" record "ns1" -> "kingslanding.com.au."

31. Add "Alias (CNAME)" record "ns2" -> "kingslanding.com.au."

32. Add "Alias (CNAME)" record "vpn" -> "kingslanding.com.au."

33. Create Master Zone "110.92.81.14" of Reverse type in the "wan" view with the following details:

 a. Domain name / network = 110.92.81.14

 b. Master Server = tyrion.kingslanding.com.au

 c. Tick "Add NS record for Master Server".

 d. Enter Email address "root@kingslanding.com.au"

 e. Select "Use zone template".

34. Install DNS (Bind) as CHROOT
# yum -y install bind-chroot

35. Enable named (DNS) service to start at boot.
# chkconfig named on

36. Start named service
# /etc/rc.d/init.d/named start

37. Edit /etc/resolv.conf file to have the local machine use the local DNS service to resolve host names.
eg:
search kingslanding.com.au
nameserver 127.0.0.1

38. Also edit your network startup scripts, usually that's where the network configuration is written to in /etc/resolv.conf
eg. File: /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE="eth0"
BOOTPROTO="none"
HWADDR="00:2B:34:01:FB:82"
NM_CONTROLLED="no"
ONBOOT="yes"
TYPE="Ethernet"
IPADDR="192.168.1.11"
NETMASK="255.255.255.0"
GATEWAY="192.168.1.1"
DOMAIN="kingslanding.com.au"
DNS1="127.0.0.1"
IPV6INIT="no"
USERCTL="no"


39. Switch off DNS and DHCP on your Router. On your router, forward port 53 to 192.168.1.11 so that your DNS host provider has access to your DNS server to update it's records.

40. Restart your Network service.
# /etc/rc.d/init.d/network restart

Conclusion:

Use the "dig" tool to test the DNS service on your server.

In order to have the users from the Internet to be able to access kingslanding.com.au, you will have to have your DNS server linked to a Web and DNS hosting service provider. Personally, I use Zone Edit as my DNS hosting provider and Digital Pacific as my Web Domain Service Provider.

It takes up to 2 - 24 hours for the DNS Root servers to update their records to sync your DNS server records. So, be patient.

Root the Sony Ericsson Xperia X8 Step By Step for Windows

1. Download and install the Xperia X8 USB Drivers to your Windows PC
2. Turn on USB debugging on your phone: Settings>Applications>Development>USB Debugging
3. Download the latest SuperOneClick.zip file to your Windows computer. link Download the latest version.
4. Extract the files from the .zip file into a new folder on your Windows PC.
5. Restart both. The PC and X8 just in case.
6. Plug your phone in to your PC and turn on USB debugging. DO NOT MOUNT THE SD CARD!!!
7. Open the folder with the SuperOneClick contents and double click “SuperOneClick.exe”.
8. Run the program, click root and wait few minutes. Done.

If it doesn’t work at the first time just re-run the program one more time.

Successfully Configured a DNS Server On Linux (Fedora 12)

Recently, I successfully configured a DNS server on my Fedora 12 Linux box. It took me weeks of reading and watching DNS related materials and tutorials. I had to watch Webmin videos on youtube and read up on Bind-9 manuals. During the course of the task, at times it got pretty frustrating because to my surprise, there isn't a one-stop tutorial on the Internet on how to setup a DNS Server. I had to read several sources scattered around all over the Internet. Every tutorial that I read seemed to be either incomplete or had a very limited scope. Anyway, in the end I got it to work and it felt really good after all was done. Even though I got it to work, it still needs a bit of tweaks here and there. I'll finish with those tweaks by next week.

After setting up DNS, I managed to configure the DHCP server as well. Configuring a DHCP server is a cake walk compared to configuring a DNS server on Fedora Core 12.

All the effort and time that went into researching DNS servers gave me an idea. Since there isn't a good tutorial available on the Internet to setup a DNS server, I thought I might write one up and publish it on my blog for personal references. It might also help out others who want to setup a DNS server on their own personal network just as I have. Just thinking about the scope of this task I know will require quite a significant amount of time.

How To Install and Configure VNC Server on Linux (Fedora 12)

1. Run the the following command to install VNC Server.
    # yum install vnc-server
 It will most likely install tigervnc-server and that will also work for this tutorial.

2. Configure VNC Server by editing the /etc/sysconfig/vncservers file as the root user using 'vi', 'nano', or the 'gedit' editor.

     VNCSERVERS="1:data 2:picard 3:mujahid"
     VNCSERVERARGS[1]="-geometry 1280x720 -depth 16"
     VNCSERVERARGS[2]="-geometry 1024x768 -depth 16"
     VNCSERVERARGS[3]="-geometry 800x600 -depth 8"

VNC Server uses the port 5900+N for each instances. For example, for the user 'data', the port would be 5901 and for 'picard' 5902. The rest of the configuration lines define the resolution and color depth for the remote desktop.

3. Login to linux as the user you want to setup vnc instance for and type the following command to set a password for the user (eg: mujahid).
   # vncpasswd
This password would be saved in /home/mujahid/.vnc/passwd file.

4. Start the VNC-SERVER
    # service vncserver start

5. Enable VNC Server to start on boot and on all run levels
    # chkconfig vncserver on

6. Make sure you open ports 5900 and 5900+N (eg: 5903) in your fedora firewall or otherwise fedora won't let you log on.

Checkout => Setup VNC Server in Fedora by George Notaras for more user configuration.

How To Install Webmin on Linux (Fedora 12)

1. Go to webmin.com and click on the downloads link and copy the web link for the RPM for fedora.

2. Open terminal window and enter the following commands.
    # rpm --import http://www.webmin.com/jcameron-key.asc
    # yum -y install http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm

3. After installing webmin then open the web browser and type the following in the address bar.
     http://localhost:10000/
    
    if your using a ssl certificate then type https://localhost:10000/ (https not http).

* A shout out to Jamie Cameron for making Linux administration such a breeze with Webmin.

How To Install and Configure SSH On Linux (Fedora 12)

Usually SSH package is already install on fedora 12 by default. Just in case its not then follow the steps below.

1. Check to see if ssh is installed.
    # rpm -qa openssh
    openssh-5.3p1-19.fc12.i686

if not then install it with the following command.
    # yum -y install openssh

2. Run the following command as the user (eg: mujahid) you want to enable SSH for.
    # ssh-keygen -rsa
    the previous command generates a key for that user (eg: mujahid). The previous command has to be run for every user you want to enable shh

3. Start service with the command.
    # service sshd start

4. Enable ssh to start on boot and all run levels.
    # chkconfig sshd on

5. Make sure the port 22 is open on the linux's firewall or it won't allow remote logons.

You can do the same for the root user. But, I won't recommend enabling ssh for root because its not a good security practice. You can always "# su" into root from your regular user (eg: mujahid).

How To Install nVidia Driver On Linux (Fedora 12)

Source: www.if-not-true-then-false.com

I've tried this method in two Fedora 12 machine, and looks like it is working. Nouveau has been enabled by default starting from Fedora 11 and looks like nouveau cause some problems on Fedora 12, when try to use nVidia proprietary driver.

Note: nVidia proprietary drivers on Fedora 12 does not support older cards than GeForce 6 cards.

Install nVidia driver and disable nouveau.

Step 1: Run the following commands as root. Enable access to both the free and the nonfree RPM Fusion repository.

   rpm -Uvh http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-stable.noarch.rpm
   rpm -Uvh http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-stable.noarch.rpm

Step 2: Update system and repositories.

   yum update

Step 3: Install kmod-nvidia or kmod-nvidia-PAE if you are using PAE (Physical Address Extension) kernel.

   yum install kmod-nvidia
                or
   yum install kmod-nvidia-PAE


Step 4:  Allow nVidia driver loading and set SElinux allow_execstack on.
 
   setsebool -P allow_execstack on


Step 5: Disable nouveau, add following to grub.conf (/boot/grub/grub.conf or /etc/grub.conf) end of the "kernel" line.

  rdblacklist=nouveau

eg.
title Fedora (2.6.31.5-127.fc12.i686)
       root (hd0,0)
       kernel /vmlinuz-2.6.31.5-127.fc12.i686 ro root=UUID=a94a89b7-e984-4c00-4447-7d45a77b124 rhgb quiet SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8 KEYTABLE=en rdblacklist=nouveau
       initrd /initramfs-2.6.31.5-127.fc12.i686.img

Step 6: Reboot system.

   reboot

And finally nVidia driver should work normally.

Web Design Update

After 3 years of reading up on web designing, particularly PHP and PEAR, I have finally stumbled on somthing known as Model-View-Controller (MVC) paradigm. I always felt web designing seemed a whole lot chaotic and unstructured.

Now, thanks to the MVC methodology and a good PHP framework like Yii, I have managed to develop the basic structure of my web application/site with the basic login processing.

Although, there are many PHP frameworks out there such as Akelos and CakePhp, but I found the Yii well documented for beginners. So, after I got the blog tutorial to work, I sat down to design the whole database schema of my application before I go on further. I'm only got it done half which is enough for now.

Right now, the website only exist on my local development machine. I've been configuring and reconfiguring my production machine since the web hoster did their upgrade, which messed up everything for me. I just can't get to change my [include_path]. I contacted tech support and the genius on the other end had no clue what the hell she was doing. But, I've managed to find a way around the problem. Although, it would make my life easier if I can edit the [include_path].

Lenovo Ideapad S10e

I bought a Lenovo Ideapad S10e (Notebook) a couple of days ago and it just arrived today. From the looks of it...its alright. I spent half the time today installing and updating windows and its applications.

Configuration:

• CPU: Intel Atom N27 1.6GHz
• RAM: 1GB
• Hard Drive: 160GB
• Monitor: 10.1 inches
• Networking: LAN, WLAN, Bluetooth
• Battery: Lithium ION, 4-6 hours
• Extra Features: 2 USB2.0 ports, 2 internal speakers, 1 internal microphone, jack for each external mic and speakers, 2 PCI expansion slots, 1 internal webcam.
• OS: Linux Quick Launch and WinXP Home.
• Color: Black
• Total Weight: 1.2kg

I specifically bought it for mobile and simple use. For example, Internet surfing, email, online chatting, simple word proccessing and nothing too heavey like running high powered applications like webserver or video editing. Plus, it will come in handy on a road trip, like if I have to look up a map to somewhere, I can look it up on google maps in the car.

Personally, I prefer a PC over anything, but I bought this for someone else's use. I did a lot of reasearch before buy it. Checked out the user reviews and everything. The whole thing came around to AU $482.00.

University of Melbourne: Graduate Expo

I went to an engineering graduate expo at the Melbourne University yesterday. I've never been on the Melbourne University campus before and it kind of felt nostalgic to be on an actual university campus again; not like those sorry excuses for a campus like CQU or RMIT. I could see the university has been around for a long time because of the old building structures. According to the presentation at the expo, the university engineering college was established back in 1861. From the looks of the campus, it looked like a significant amount of money has been invested. Good thing they had refreshments there which, made the whole trip worthwhile. I was actually accompanying someone who is interested in the "Master of Engineering" program. Its 2-3 years long Full-Time, 3-4 years Part-Time.

If I could ever go back and do it again, I would rather study Literature, Law, Business, or Medicine. Such power I could have wielded. I can't even remember what made me choose to go into IT in the first place and the fact, that I can't recall the reason why, scares me. I'm afraid the reason might be so regrettable that my mind may have repressed the memory.

Being in IT is like being a clerk in British India. Born into bondage to take orders from your Dark Overlords. Just a facilitator to the evil empire's grand exploitation scheme. They educate you just enough to make you useful for their own gain, but not enough to grow or be independent. They just use you up and spit you out.

Life Update

Not much has happened since the last time I posted anything. I'm still working the same old problems. Can't think of anything of significance to write about. Well, at least the weather got better today.

I can't seem to figure out whether the state of the job market is really bad or I just don't have the qualifications to get a decent job.

Uni Flashback

Back when I was in my last semester at uni and about to graduate. Most of the questions I started to get from my classmates were regarding my immediate plans for a job. I would tell them a very detailed plan and then they would say "wow that's pretty planned out. you sure its gonna turn out that way?".

At one time, someone asked me that question, and I replied by something along these lines. I said "Well, if one day you turn on the TV, there is a flashing 'breaking news' banner on CNN with a live broadcast from who knows where, and you see me standing in front of a cave threatening a superpower, then you'll know that things have not gone according to my plan". The guy gave me an utter confused stare and then a moment later said "What?", and I said "never mind". The whole thing went over his head. He couldn't connect the dots to the Bin-Ladin reference.

This is what I have to endure, I come up with comedy gold, and no one is remotely smart enough to get it.

Web Development Update

Alrighty then! I figured out what I was doing wrong with the sessions in php. It turns out I have to use the 'session_start()' function on every php page, even if when the page is redirected to another php page.

Another Web Development Setback

I tried to create a Session variable in PHP and it didn't work. The variable was created but I wasn't able to retrieve it after a page redirection. For the life of me I can't understand why it didn't work. I've crossed checked the documentation for it and everything seems to be fine but it still doesn't work.....? Anyway, back to the drawing board.