Ufw or ‘uncomplicated firewall’ is a really nice tool that allows you to easily manage ‘iptables’ firewall in Linux with a bit more user friendly frontend instead of ‘iptable’ chains and rules.

   It’s included in the most recent version of Debian and Ubuntu and we’ll start with a simple example – how to open or restrict SSH access to your cloud server.

   To allow the SSH port:

   

       ufw allow ssh

   or

   

       ufw allow 22/tcp

   This will open the SSH port ( TCP 22 ) to the entire world.

   Your cloud server is a public machine and you might want to protect it a bit better than being open to the whole Internet. To restrict the SSH access from only one IP address you can do:

   

       ufw allow from your_ip_address to any port 22

   for example

   

       ufw allow from 78.130.176.1 to any port 22

   You can also allow SSH access to you server from a range of addresses using the network slash notation:

   

       ufw allow from 78.130.176.0/24 to any port 22

   Before we are ready to go with your new firewall setup with ‘ufw’ we can check if it’s enabled by:

   

       ufw status

   and eventually if you get “status: inactive” enable it:

   

       ufw enable

   Get updates on cloud server security topics by following CloudBalkan.

   An easy way to search for a word within directory contents is the ‘rgrep’ command:

   

       rgrep “word“ /some/directory

   If you don’t have the rgrep command installed on your distribution, you can use grep with the following flags:

   

       grep -rnw “word” /some/directory

   Example:

   

       grep -rnw “Failed password” /var/log/auth.log

   will list you all unsuccessful login attempts on your machine.

   

       tar czf target-filename -N “8 hours ago” source-directory

   

       tar czf /var/backup/archive.tar.gz -N “1 day ago” /var/www

   Overview

   In this tutorial we will give a quick instruction on downloading and installing phpMyAdmin from the source on a general setup.

   phpMyAdmin is a popular web based MySQL management environment used by many developers. On popular distributions you can quickly install phpMyAdmin using package managers. This tutorial focuses on the installation from the source files when installing with package manager is not applicable.

   Full script

   

       cd /usr/share

   

       wget https://files.phpmyadmin.net/phpMyAdmin/4.6.5.2/phpMyAdmin-4.6.5.2-english.tar.gz

   

       tar xzf phpMyAdmin-4.6.5.2-english.tar.gz

   

       mv phpMyAdmin-4.6.5.2-english phpmyadmin

   

       chmod -R 0755 phpmyadmin

   Installation

   In order to install phpMyAdmin you might need administrative priviledges on your server as well as administator user for the MySQL database server.

   Our recommended location for installing phpMyAdmin is ‘/usr/share’, so we start with:

   

       cd /usr/share

   Download the latest version of phpMyAdmin from the official site (https://www.phpmyadmin.net/):

   

       wget https://files.phpmyadmin.net/phpMyAdmin/4.6.5.2/phpMyAdmin-4.6.5.2-english.tar.gz

   and extract the files from the archive:

   

       tar xzf phpMyAdmin-4.6.5.2-english.tar.gz

   rename the folder:

   

       mv phpMyAdmin-4.6.5.2-english phpmyadmin

   change permissions:

   

       chmod -R 0755 phpmyadmin

   Adding Apache2 alias

   The last step to enable access to the phpMyAdmin is to add an alias to the folder in the Apache2 configuration.

   To do it either edit the apache2.conf or add a new ‘phpmyadmin.conf’ file in the Apache2 configuration folder.

   To add an alias, you must include the following lines in your Apache2 configuration:

   

       Alias /phpmyadmin “/usr/share/phpmyadmin/”
       <Directory “/usr/share/phpmyadmin/”>
            Order allow,deny
            Allow from all
            Require all granted
       </Directory>

   After changing the configuration you must restart the Apache2 service:

   RHEL / CentOS:

   

       service httpd restart

   Debian / Ubuntu:

   

       service apache2 restart

   With that your phpMyAdmin should be ready to use and accessible at your server address – “/phpmyadmin”.

   Monit is an awesome small, free tool that can save you a lot of troubles by simply monitoring and eventually restarting a service. It’s simplicity and yet fairly large flexibility make it SysAdmins and DevOps best friend.

   Installation:

   To setup monit you should start from installing it:

   

       yum install monit

   Configuration:

   Once set up, you can configure the service to be monitored by adding configuration files for each service in the ‘/etc/monit.d/’ directory.

   The service templates are pretty straight forward. You can find a plenty of example templates at:

   https://mmonit.com/wiki/Monit/ConfigurationExamples#apache

   Build your solid applications with monit and CloudBalkan

   Certificate Signing Request is most often used to request a signed SSL certificate.

   The CSR contains your company and domain information, encrypted with a strong asymetric encryption key.

   To generate an CSR you can use OpenSSL:

   

       openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

   This one line generates both the encryption key and the CSR itself. As a result you’ll get a ‘.csr’ file which will be used for requesting the SSL certificate and a ‘.key’ file containing the encryption private key. 

   Important!: You will need the private key later, to install the SSL certificate on your web server. Keep it safe and do not send your private key to anyone.