Installing and using ClamAV antivirus software

Clam AntiVirus — a package of antivirus software running on many operating systems.

The installation command in Ubuntu/Debian:

sudo apt-get install clamav

Installation in CentOS:

yum -y install epel-release
yum -y update
yum clean all
yum -y install clamav clamd

For scanning, you can use the clamscan utility. Information about the launch can be read by typing the command:

info clamscan

I’ll give you an example of how to start scanning:

sudo clamscan -i -r /home

where -i means that only infected files will be displayed in the console, /home – the directory to be scanned, and -r that all subdirectories will be scanned.

An example of starting a scan with deleting detected threats:

sudo clamscan -i -r --remove /home

To update the ClamAV anti-virus databases, you must run the following command:

sudo freshclam

For ClamAV there is also a graphical interface – ClamTk.

See also my article:
How to start ClamAV scanning from the command line on the cPanel server

Firmware Update for D-Link DES-3200 Switches

On an example I will use several switches, DES-3200-10, DES-3200-26, DES-3200-28, DES-3200-28F, with different firmware and revisions.

First of all, download the new firmware from the official website of D-Link http://forum.dlink.ru/viewtopic.php?f=2&t=92700
or FTP ftp://ftp.dlink.ru/pub/Switch/
It is necessary to look at which revision switch, for example A1, B1 or C1, etc. and under it to download the firmware. Put the downloaded archive with the firmware on the tftp server.

How to start a tftp server can be read in these articles:
Starting a TFTP server in Windows
Installing and Configuring a TFTP Server in Ubuntu

We connect to the switch via telnet, see information about free memory, files, what firmware is downloaded and what firmware is bootable:

show switch
show firmware information
show storage_media_info
dir
show boot_file

The first step is the D-Link DES-3200 C1 with firmware 4.35.
Download the new firmware to the switch (where 192.168.1.5 address of the tftp server):

download firmware_fromTFTP 192.168.1.5 src_file DES3200R_4.37.B014.had dest_file runtime.had

If the download does not work, then the firmware file on the TFTP server can be renamed to eg 1.had and run again:

download firmware_fromTFTP 192.168.1.5 src_file 1.had dest_file runtime.had

In case of a “Memory is insufficient!” Error, you need to update first to the intermediate firmware version, and then to the latest one. We also watch it on the link above. For example, when I stitched the DES-3200 C1 on 4.46, then the intermediate version was 4.38.000.

If it does not work, then the problem is more likely with a tftp server or a firewall that can block access.
To check the availability of ip, you can ping directly from the switch:

ping 192.168.1.5

At the time of firmware upgrade, it is not possible that the power to the switch has disappeared, otherwise it may not start.
When the firmware file is uploaded to the switch – we will reload it with the command:

reboot

The switch will boot with the new firmware version, the configuration in my case has not been changed.

Switch DES-3200-28F from version 4.46 to 4.48 I updated the firmware as follows:

download firmware_fromTFTP 192.168.1.5 src_file DES3200_Run_4_48_B003.had dest_file DES3200_Run_4_48_B003.had
config firmware image /c:/DES3200_Run_4_48_B003.had boot_up
reboot

Now by the D-Link DES-3200 A1 and D-Link DES-3200 B1 with firmware 1.85 (since the firmware for them is the same, then the commands are the same):

download firmware_fromTFTP 192.168.1.5 DES-3200R_1.88.B001.had image_id 1
config firmware image_id 1 boot_up
reboot

After the firmware settings are also left unchanged.

On D-Link switches, the DES-3200 B1 often noticed a spontaneous reset of the settings when power was lost, firmware upgrade did not help, so it was replaced with revision switches A1, C1.

Installing Webmin

Webmin – a graphical web interface for managing a Linux server, written in Perl.
Official site: www.webmin.com

Here is an example of installing Webmin in Ubuntu.

Open the list of sources in a text editor:

nano /etc/apt/sources.list

Add this line to it:

deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib

We go to the temporary directory and import the key:

cd /tmp
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc

We update the list of sources:

apt-get update

We install the packages necessary for the correct operation of Webmin:

sudo apt-get install perl libnet-ssleay-perl openssl libauthen-pam-perl libpam-runtime libio-pty-perl libmd5-perl

Install Webmin:

apt-get install webmin

The installation is complete, to open the Webmin interface we will open in the browser https://HOST:10000

Configuring Fail2Ban for Bind9

Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.

By default, Bind9 does not write logs, so open its configuration file in any text editor:

sudo nano /etc/bind/named.conf

And add:

logging {
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 30m;
        severity dynamic;
        print-time yes;
    };
    category security {
        security_file;
    };
};

Continue reading Configuring Fail2Ban for Bind9

Restoring MikroTik (RouterOS) using NetInstall

NetInstall is used to reinstall RouterOS when it is damaged, the access password is incorrectly set or the access password is not known.

I will describe the basic steps:

1) Download NetInstall from the official site http://www.mikrotik.com/download

2) Register a static IP address to the computer, for example 192.168.88.254

3) Connect the Ethernet cable to the router through the ETH1 port with the computer using the switch or directly.

4) Run the NetInstall application. Click the “Net booting” button, check “Boot Server” enabled and enter the IP address from the same subnet where the computer is located, for example 192.168.88.200, its NetInstall will temporarily assign it to the router. Any firewall on the computer must be disabled.

5) When the router is disconnected from the mains, press the “reset” button and continue to turn it on, wait for about half a minute until the NetInstall program displays a new device in the device list.

6) In “Packages”, click the “Browse” button and specify the directory with the firmware. In the list of devices (Routers/Drives) select a router, in the bottom of the list, tick the firmware to be downloaded to the router and click “Install”. The firmware is downloaded to the router and the status will be written “Waiting for reboot”, after which, instead of the install button, there will be a reboot button, and you will need to click it.

The router will boot with the new firmware. If there are any problems with the loading of the router, you can try to reset it to the standard settings by holding the reset button, or if there is a display, select “Restore settings” and enter the standard pin code 1234. Alternatively, restore via Netinstall with the tick “Keep Old Configuration” and indicating below your “Configure script”.

Firmware update of MikroTik devices

Updating the MikroTik firmware is easy enough, just open the web-interface of the device or WinBox, select “System” – “Packages” from the menu and click “Check For Updates”, if a new firmware is found, then click “Download & Upgrade”. The device will download the firmware from the official website and starts from it.

To flash MikroTik devices not to the newest version, or when the device does not have access to the Internet, I propose the following:

1) Download the firmware from the official website https://www.mikrotik.com/download
2) Connect via WinBox (not through the web interface!), Select “Files” in the menu, a window will appear, just drag the firmware file with the *.npk extension and wait for the file to upload.
3) Reload the router. It will have to start with a new firmware.

Done.

To downgrade the firmware version, you need to perform steps 1 and 2, then connect to the device via telnet and run the command:

/system package downgrade

In case of problems, you can restore the router by following the instructions Restoring MikroTik (RouterOS) using NetInstall

Transfer /boot from a separate partition to a main partition

On the test, I installed a clean Ubuntu Server 18.04, during the installation, the system automatically split the disk into one main /dev/sda1, which already had /boot files.
Since I did not have a system with /boot on a separate partition, I transferred it to a separate one and described the process in this article – Transfer /boot from a main partition to a separate partition

Now let’s move the /boot partition to the main /.

Let’s look at the information about the disks:

sudo fdisk -l
df -h

Continue reading Transfer /boot from a separate partition to a main partition

Transfer /boot from a main partition to a separate partition

Today, I’ll give an example of moving /boot from a shared partition to a separate partition.
For the test, you can connect a new disk or use the first partition on any disk, for example, with a size of 512MB.

Let’s look at the information about the disks:

sudo fdisk -l
sudo ls -l /boot
sudo du -hs /boot

Continue reading Transfer /boot from a main partition to a separate partition

Upgrading PHP Version on Ubuntu 14.04

Once it was necessary to upgrade the version of PHP 5.5.9 to 5.6 on Ubuntu Server 14.04 LTS, the usual update of the system components did not help:

sudo apt-get update
sudo apt-get upgrade

You can try to upgrade the system to 16.04 or higher as I described in the article Updating Ubuntu 14.04 to 16.04. Together with the system will be updated and PHP.

If the system update fails, you can add a third-party source with PHP:

sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

And install the correct version from it, for example PHP 5.6:

sudo apt-get install php5.6 php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml

Since there are several installed versions, disable the old version and activate the installed one:

sudo a2dismod php5
sudo a2enmod php5.6
sudo service apache2 restart

Similarly, you can install PHP 7.2:

sudo apt-get install php7.2
sudo a2dismod php5.6
sudo a2enmod php7.2
sudo service apache2 restart

Or PHP 7.0:

sudo apt-get install php7.0
sudo a2dismod php7.2
sudo a2enmod php7.0
sudo service apache2 restart

The solution to the error in ProFTPd “unable to open passwd file”

Once I noticed the following error in the file /var/log/proftpd/proftpd.log:

error: unable to open passwd file ‘/etc/proftpd/ftpd.passwd’: Permission denied

As it turned out, the rights to the file were 440 and the owner and group were specified as root
Let’s look in the file /etc/proftpd/proftpd.conf, from which user ProFTPd works, by default from the user proftpd:

User proftpd
Group nogroup

Just in case, we will specify the correct rights to the files (if they are other, then ProFTPd may not start):

sudo chmod 440 /etc/proftpd/ftpd.passwd
sudo chmod 440 /etc/proftpd/ftpd.group

And we will point to the owner files under which ProFTPd is running (for example, by default from proftpd, we leave the group as root):

sudo chown proftpd.root /etc/proftpd/ftpd.group
sudo chown proftpd.root /etc/proftpd/ftpd.passwd

If necessary, restart ProFTPd:

sudo service proftpd restart

After that, you can connect to ProFTPd, there should be no errors.

See also my article:
Configuring ProFTPd with virtual users in a file