This guide came about from a post on the Linode forum (http://forum.linode.com/viewtopic.php?t=7454) and I thought it might be useful to have on file for myself and anyone else that might find this blog. The below are steps needed to change a CENTOS 6 server over to a Scientific Linux 6 server as they are both based on RHEL sources but SL is updated more often and seems to be gaining traction as CENTOS loses it with slow updates & releases. I did make a minor change from the initial post (changing distroverpkg) and then the formatting but otherwise the steps were laid out by tolle.

First, Install the yum repository

rpm -ivh http://ftp.scientificlinux.org/linux/scientific/6x/i386/os/Packages/yum-conf-sl6x-1-1.noarch.rpm

Then install the signing keys for a 32bit installation

rpm -ivh --force http://ftp.scientificlinux.org/linux/scientific/6x/i386/os/Packages/sl-release-6.1-2.i686.rpm

For a 64bit installation run

rpm -ivh --force http://ftp.scientificlinux.org/linux/scientific/6x/x86_64/os/Packages/sl-release-6.1-2.x86_64.rpm

Edit /etc/yum.conf and change

distroverpkg=centos-release

to

distroverpkg=sl-release

Have your CentOS installation pull all the updated packages from the SL repositories

yum erase centos-release
yum clean all
yum distro-sync

Run this to update all centos packages to SL

yum reinstall \`rpm -qa --qf "%{NAME} %{VENDOR}\n"|grep CentOS|awk \'{print $1}\'\`

And you are done. I reboot after all of this just to ensure everything was working properly. I would also probably recommend this be done on a clean install of CENTOS if at all possible (ie: you use Linode which only has CENTOS or some other provider) just to reduce your problems but it should be possible on a previously deployed server as well, just be sure to get backups done first.

A short url for accessing this page is at http://nixgeek.com/fixlinux/

TuxRadar's Guide - An older (2009) list but still some good info

YeoWorks Ubuntu Solutions - One Click Fix for common Ubuntu problems

Here is a quick guide on using UFW (Uncomplicated FireWall) under linux

A good first step is to do the following

sudo ufw default deny

which will set the default action to denying everything

If you are connection from remote, you will want to allow ssh otherwise it will create a nasty embarassing situation when you can't get into your machine :)

sudo ufw allow ssh

then you can enable UFW by:

sudo ufw enable

You will now have a very basic firewall setup to deny everything except ssh. Not overly helpful if you are hosting anything else on the system. The rest of the points will be in quick format and in the future I may update and clean up the info below

Disable UFW

sudo ufw disable

Enable UFW

sudo ufw enable

Get current UFW status

sudo ufw status

Allow port 80 (http)

sudo ufw allow 80

Deny a certain port

sudo ufw deny port <port number>

Deny a certain ip from entire host

sudo ufw deny from <ip address>

Block an ip from a port

sudo ufw deny from <ipaddress> to port <port number>

Advanced blocking of multiple ips from a port

sudo ufw deny from 10.0.0.1/24 to any port 22

To open up port range 64000-65000 on udp

ufw allow proto udp to any port 64000:65000

To open up port range 64000-65000 on tcp

ufw allow proto tcp to any port 64000:65000

Ever needed to find out what process has a port open? Or easily check all listening ports and see what process has them open?

If so, it's very easy to do. There are in fact, multiple ways to solve these problems.

The main way that I use is netstat. It can show many useful things but for this example, the syntax is:

netstat -tulpn

Which will show something like:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address        Foreign Address   State       PID/Program name
tcp        0      0 127.0.0.1:3306       0.0.0.0:*         LISTEN      1374/mysqld
tcp        0      0 0.0.0.0:139          0.0.0.0:*         LISTEN      1132/smbd
tcp        0      0 0.0.0.0:80           0.0.0.0:*         LISTEN      12171/apache2
tcp        0      0 0.0.0.0:50000        0.0.0.0:*         LISTEN      2247/mediatomb
tcp        0      0 0.0.0.0:4949         0.0.0.0:*         LISTEN      1413/munin-node
tcp        0      0 0.0.0.0:53           0.0.0.0:*         LISTEN      1371/dnsmasq
tcp        0      0 0.0.0.0:22           0.0.0.0:*         LISTEN      1093/sshd

You can also use grep to limit your results if you have a lot of open ports:

netstat -tulpn | grep :80

for example will show you port 80 (http)

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      12171/apache2

Another method that works but I find isn't as handy at times is fuser:

fuser 80/tcp

which will show something like:

80/tcp:              12171 12174 12175 12176 12177 12178

but doesn't tell you easily the name of the process like netstat will, which for example means another step like:

ls -l /proc/12171/exe

to give you

lrwxrwxrwx 1 root root 0 2011-02-14 12:55 /proc/12171/exe -> /usr/lib/apache2/mpm-prefork/apache2

which then tells you that port 80 is opened by process 12171 which is apache2.

I prefer the netstat option as that shows everything you need to know with just one command generally.

So while adding another user to my hosting setup, I encountered this annoying bug:

Write failed: Broken pipe
Couldn't read packet: Connection reset by peer

After some hunting and trying of various things, I realized that Ubuntu's ssh is more picky than Debian 5's was.

I knew that you had to set the users home directory as owned by root, but each directory up the line has to be owned by root as well under Ubuntu, which I didn't realize. Wondering why no other users noticed they couldn't login, must have been because it's holiday season and none tried to do updates.