By default Centos 4 doesn’t have awstats.

Running yum install awstats, unable to detect awstats installation as it’s not default base and updates repositories from Centos.
In order to overcome this issue, I installed another repositories which is RPMForge.

Installing RPMForge is quite easy. In this case my Centos distro is Centos 4 version.

First we have to install yum-plugin-priorities

# yum install yum-plugin-priorities

To be able to use this plugin, we must enable plugins in our /etc/yum.conf file.

Read more »

I have web server which serving forum service and it’s powered with few linux web server boxes.

Time accuracy for the forum posting for each server is quite critical. If not, all posting from different server will be mess up.

To keep server time in sync for all servers I install NTP daemon and here is what the step taken on my Linux box :

1. Install the ntp service if it’s not already installed.

   # yum install ntp

2. Both UDP port 123 have to be open for incoming and outgoing on the firewall.
3. Find a reliable close ntp pool server. For default installation ntp server should be

   server 0.pool.ntp.org
   server 1.pool.ntp.org
   server 2.pool.ntp.org

Read more »

OpenSSH is a FREE version of the SSH and often it’s default ssh server for most linux distros.

To enhance sshd security, you can follow these quickest and easy method to better protect your linux box.

1. Secure your sshd_config

First of all you want to further secure your sshd_config file and can be found in /etc/ssh/ directory.

#cd /etc/ssh
#vi sshd_config

Disable root login:
Never login as a root and instead use normal user to login then become as root by issuing su command.

Now find the line PermitRootLogin , and if it’s says PermitRootLogin no then you already safe from root login, otherwise change from yes to no.

Change sshd port number:
Default sshd port number is 22. You can change it to any random 4 or 5 digit number. Example change to 2925

Find where it says: Port 22 and change it to Port 2925.

Binding to SSH version 2:
Find this line Protocol 2,1 and change it to Protocol 2 to allow access to ssh version 2. It’s more secure than ssh version 1.

Save the new changes and make it effect by issue this command

# /etc/rc.d/init.d/sshd restart

2. Use tcp wrappers

Second method is using tcp wrappers hosts.allow and hosts.deny files in /etc directory to only allow from trusted host to access ssh server.

Lets say your trusted host is 192.168.2.5, then your hosts.deny/hosts.allow example :

# vi /etc/hosts.allow
sshd: 192.168.2.5

#vi /etc/hosts.deny
sshd: ALL

Your can replace this with your specific ip or your trusted host ip. Save the changes you have made.

By implementing these methods, at least your sshd can be more protected instead of leaving you sshd server default installation wide open to outsider.