Abhishek Singh Bailoo

Install FreeSWITCH on CentOS

yum install libtool bison libjpeg-devel

git clone git://git.freeswitch.org/freeswitch.git

cd freeswitch

./bootstrap.sh

./configure

Edit modules.conf and uncomment any commented module that you might need. For eg, Flite and UniMRCP for TTS and ASR, etc.

make && make install

make sounds-install moh-install

cp build/freeswitch.init.redhat /etc/init.d/freeswitch

Edit /etc/init.d/freeswitch

PID_FILE=${PID_FILE-/usr/local/freeswitch/log/freeswitch.pid}
FS_USER=${FS_USER-freeswitch}
FS_FILE=${FS_FILE-/usr/local/freeswitch/bin/freeswitch}
FS_HOME=${FS_HOME-/usr/local/freeswitch}

chmod 755 /etc/init.d/freeswitch

chkconfig  —level 345 freeswitch on

chkconfig —list freeswitch

groupadd freeswitch

useradd -g freeswitch freeswitch

chown -R freeswitch.freeswitch /usr/local/freeswitch

Floating Point Arithmetic in Shell

echo “scale=2; 2.51+2.51” | bc
5.02

CentOS Asterisk iptables

Add the following rules to /etc/sysconfig/iptables

-A INPUT -i lo -j ACCEPT
-A INPUT -m state —state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp —dport 22 -j ACCEPT
-A INPUT -p udp -m udp —dport 5060 -j ACCEPT
-A INPUT -p udp -m udp —dport 10000:20000 -j ACCEPT
-A INPUT -p udp -m udp —dport 4000:4999 -j ACCEPT
-A INPUT -p udp -m udp —dport 4569 -j ACCEPT
-A INPUT -p tcp -m tcp —dport 5038 -j ACCEPT
-A INPUT -p udp -m udp —dport 10000:20000 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 80 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 443 -j ACCEPT

#service iptables restart

Hint: iptables-save does NOT save to /etc/sysconfig/iptables

To do that use

#service iptables save

Shell Remove blank space filenames

find | while read fname; do newname=`echo $fname | sed -e ‘s/ /_/g’`; mv “$fname” “$newname”; done

Linux Format new Hard Disk

Source: http://www.ehow.com/how_1000631_hard-drive-linux.html

1. Preparation

   • 1

     When you format a computer hard drive, you will lose everything that is on the drive. Therefore, it is very important to back up anything you might later want.

   • 2

     To format a secondary drive, you will need root access. All commands used in this tutorial are run from a command line (terminal) as root. You may also want to make note of the size (total capacity in MB) of the drive.

   • 3

     Linux refers to hard drives as either “hdx” or “sdx,” where x is a letter, starting with a, which represents the order in which the drive was added to or detected by the computer. The “hd” prefix is used for IDE and PATA (formerly just ATA), and the “sd” prefix is used for SCSI, SATA and USB drives. Usually, a number is also put at the end of “hdx” or “sdx” to denote different partitions on the same physical drive, but for the purpose of formatting, you only need to know which letter the drive you want to format is.

   • 4

     The examples given in this how-to are for a computer with two IDE hard drives attached as a master and slave. In this, the drives are “hda” and “hdb.” You will need to determine the letter of the drive you want to format for your own setup. We will be formatting the drive hdb. For all examples, replace “hdb” with whatever your drive designation is.

   • 5

     You can see all the drives attached to your system by typing the command “ls /dev/hd*” or “ls /dev/sd*”, depending on which type (IDE, SATA and so forth) the drives are. On the example system, the result of this command looks like “/dev/hda /dev/hda1 /dev/hda2 /dev/hdb /dev/hdb1”. The operating system is installed on hda, which has two partitions (hda1 and hda2), and there is one partition on hdb and hdb1.

   Using fdisk

   • 1

     First, you will use the fdisk command to erase any old partitions on the drive and create a new one. Any changes you make using fdisk are only made permanent if you then issue the “w” command before quitting, so feel free to play around a little if you like. If at any time you find yourself stuck, you can quit the program without saving changes by holding the “Ctrl” key and pressing “c.”

   • 2

     At the command prompt, type “fdisk /dev/hdb”, replacing the “hdb” with the letters for your drive. Upon opening, fdisk may give you a couple of warnings, all of which can be ignored. It then gives you a prompt that looks like this: Command (m for help):

   • 3

     Enter “p” to see the partition table of the drive. The first line of output from the “p” command will also tell you the size of the drive. This is a good way to double-check that you are working with the correct drive.

   • 4

     If there are any partitions already on the drive, they will be listed as the last lines of the “p” command. On our example, this looks like “/dev/hdb1”, followed by some information about the partition’s size and filesystem.

   • 5

     To delete any existing partitions, press “d” and then “Enter.” It will ask you which partition number you wish to delete. The number of the partition is the number that follows hdb, so on our example system, we enter 1. If there are multiple partitions, repeat the “d” command for each one. You can always view the partition table again with the “p” command.

   • 6

     Once you have deleted all existing partitions on the drive, you are ready to make a new one. Type “n” and hit “Enter.” Then press “p” to create a primary partition. It asks you for a partition number; enter “1.” Now you are asked which cylinder the partition should start at. The beginning of the drive is the default, so just hit “Enter.” Then, you are asked for the last cylinder. The end of the drive is the default, so you can just press “Enter” again.

   • 7

     Now you are back at fdisk’s command prompt. Use the “p” command to check the partition table. You should now see your new partition at the bottom of the output. In the example, it lists as “/dev/hdb1.”

   • 8

     You now need to set the filesystem type for your new partition with the “t” command. You are asked for the Hex code of the filesystem you wish to use. We will use the standard Linux ext2 filesystem, which is “83.” If you are doing something special and know of a particular filesystem that you need to use, you can press “L” to see all the codes, which are one or two characters made up of the numbers 0 to 9 and the letters a to f.

   • 9

     Now just issue the “w” command to write your new partition table and exit fdisk.

   Creating the New Filesystem With mkfs

   • 1

     Now you need to create the filesystem on the drive. This is done with the “mkfs” command.

   • 2

     At the command prompt, enter “mkfs -t ext2 /dev/hdb1”, while remembering to change the hdb1 to whatever the letters are for the partition you just created.

   • 3

     If you are using a different filesystem than ext2, you will have to specify that where “ext2” is in the above command.

   Finalizing the Format With fsck

   • 1

     All that is left is to run a check on the drive and enter it into your fstab so that the drive mounts each time you start your computer. This can be done with a single fsck command.

   • 2

     At the command prompt, type “fsck -f -y /dev/hdb1”, again replacing hdb1 with the letters and number for your partition.

   • 3

     After fsck runs, your new drive is formatted. Restart your system before using it.

   • 4

     If you reformatted your system drive, you will now need to boot off an installation disk to install an operating system.

   • Edit /etc/fstab and add the following line

   • /dev/sdb1               /media                  ext3    defaults        1 2

CentOS Install SugarCRM

yum install php-mbstrings php-imap

Edit /etc/php.ini

memory_limit = 48MB

upload_max_filesize = 12M

/etc/init.d/httpd restart

chown -R apache.apache /var/www/html/*

In order to run SugarCRM schedulers add the following line in crontab

*    *    *    *    *     cd /var/www/html/SugarCE-Full-6.3.0RC1; php -f cron.php > /dev/null 2>&1

Mysql change user password

Source: http://www.cyberciti.biz/faq/mysql-change-user-password/

First, login to MySQL server, type following command at shell prompt to login as root
$ mysql -u root -p

2) Use mysql database (type command at mysql> prompt, do not include string “mysql>”):
mysql> use mysql;

3) Change password for user tom:
mysql> update user set password=PASSWORD("NEW-PASSWORD-HERE") where User='tom';

Install ffmpeg centos

Source: http://www.boonex.com/n/How_to_install_ffmpeg_on_centos_5

The most easy way to install ffmpeg in CentOS is with yum.
First of all, edit /etc/yum.repos.d/CentOS-Base.repo and add those lines at bottm of file:
[dag]
name=Dag RPM Repository for Centos
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag

gpgcheck=0

enabled=1

Then, run command:
yum install ffmpeg

Or, you can install from svn:

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg

cd ffmpeg
./configure —help

add some parameters, like —enable-gpl, —enable-libmp3lame, etc..

make && make install

(if svn command not found, type yum install subversion)

Asterisk iptables

Source: http://www.selbytech.com/2010/04/how-to-setup-iptables-for-asterisk-1-6-2-on-centos-5-4/

First things first, I want to point out, if you’re not careful when you’re setting up your iptables settings, there’s a very real possibility of blocking all remote access to your server.  If you’re working on your server remotely, be very careful, and be sure to read all of this article before proceeding!

First, let’s make sure we’ve already got iptables installed on our box.  It should be installed by default on most CentOS 4.x and 5.x installs.

# rpm -q iptables
iptables-1.3.5-5.3.el5_4.1

# lsmod | grep ip_tables
ip_tables              17029  1 iptable_filter
x_tables               17349  5 xt_state,ip_tables,ip6t_REJECT,xt_tcpudp,ip6_tables

With that out of the way, we can look at how iptables is currently setup, using the “iptables -L” command.  The following should be the default rules on a fresh CentOS 5.4 install.

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

If for some reason iptables isn’t running yet, you can enable it by running

# system-config-securitylevel

Now, the defaults are fine and good for defaults, but they aren’t really what we’re looking for.  So at this point we’re going to clear them out, and setup a very basic default set of access rules.  I like to use the basic ruleset from the CentOS wiki, located here.

# iptables -P INPUT ACCEPT
# iptables -F
# iptables -A INPUT -i lo -j ACCEPT
# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -P OUTPUT ACCEPT

Let’s take a look at what we did here:

iptables -P INPUT ACCEPT – This sets the default policy on the input chain to ACCEPT, so we don’t lock ourselves out if we’re connected remotely via ssh.

iptables -F – This is the command to flush the current rule set and only use the defaults (which we just set to ACCEPT on inbound connections, which gives us a blank slate to work with without locking us out of our own box).

iptables -A INPUT -i lo -j ACCEPT – This is a simple rule to allow all access from the loopback adapter.  The -A switch means we’re Appending a new rule to the chain.  -i means this rule has to do with all traffic flowing through a network interface (in this case, the lo, or loopback, interface).  -j means to Jump to the ACCEPT action.  A lot of applications expect to be able to talk with the loopback adapter, so be sure to include this rule.

iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT – You should already recognize some parts of this line.  What’s new here is the -m switch, which we use to load a module (in this case, the ‘state’ module). The state module is able to examine the state of a packet and determine if it is NEW, ESTABLISHED or RELATED. NEW refers to incoming packets that are new incoming connections that weren’t initiated by the host system. ESTABLISHED and RELATED refers to incoming packets that are part of an already established connection or related to an already established connection.

iptables -A INPUT -p tcp –dport 22 -j ACCEPT – This rule is a very important rule, at least it’s important if you’re connecting remotely!  This rule is appended to the INPUT chain and says that any packets coming in on the tcp protocol (-p), on port 22 (–dport 22), should be accepted.  Port 22 is of course the default ssh port.  If you’ve changed your ssh port in your sshd_config, you would of course alter this line accordingly.

iptables -P INPUT DROP – Remember our first rule?  When we set the default policy for the INPUT chain to ACCEPT?  This line changes the default policy for the INPUT chain back to DROP, which is what is required if you want to actually block traffic coming into your server.  If you correctly set the previous line to allow ssh traffic, you shouldn’t lock yourself out at this point.

iptables -P FORWARD DROP – This rule is pretty much the same as the previous one, except that we’re setting the default policy for the FORWARD chain, which handles traffic flowing through our system from one interface to another (i.e if you’re using your server as a router, which in this case we’re not).

iptables -P OUTPUT ACCEPT – And finally, this rule allows all traffic to flow outwards from your server.

Now that we’ve got these new rules, we should save them so that they’re applied the next time we restart the iptables service.

# iptables-save

or

# service iptables save

If you want to learn more about iptables and the various switches available to you, I recommend you read the IPTables How-To on the CentOS wiki I linked to earlier.  There’s a lot of useful information there.

Now, if you want to run asterisk on your server that you’ve got protected with IPTables, you’ll need to setup a few specific rules.  Let’s go over those here:

# iptables -A INPUT -p udp -m udp --dport 5060 -j ACCEPT
# iptables -A INPUT -p udp -m udp --dport 10000:20000 -j ACCEPT
# iptables -A INPUT -p udp -m udp --dport 4000:4999 -j ACCEPT
# iptables -A INPUT -p udp -m udp --dport 4569 -j ACCEPT
# iptables -A INPUT -p tcp -m tcp --dport 5038 -j ACCEPT

Let’s take a look at what we’re doing here:

iptables -A INPUT -p udp -m udp –dport 5060 -j ACCEPT – This rule and the next are needed if you have SIP endpoints or a SIP connection to your ITSP.  UDP port 5060 is the port used for SIP traffic.  If you don’t want to accept SIP traffic from anyone, anywhere, you can further restrict this line by adding source IP addresses or networks with the -s switch:

# iptables -A INPUT -p udp -m udp -s 172.19.240.24 --dport 5060 -j ACCEPT
# iptables -A INPUT -p udp -m udp -s 172.23.129.58 --dport 5060 -j ACCEPT
# iptables -A INPUT -p udp -m udp -s 172.36.15.0/24 --dport 5060 -j ACCEPT

iptables -A INPUT -p udp -m udp –dport 10000:20000 -j ACCEPT – This rule goes hand in hand with the previous rule.  This is the rule that allows RTP traffic.  By default, asterisk uses a large range of rtp ports to establish rtp connections, and you have to set a large range of udp ports as well.  If you’re uncomfortable with this idea, you can trim down on the number of ports used for your RTP traffic in asterisk’s /etc/asterisk/rtp.conf file.

# cat /etc/asterisk/rtp.conf
[general]
rtpstart=10000
rtpend=10050

# iptables -A INPUT -p udp -m udp --dport 10000:10050 -j ACCEPT

A good rule of thumb is to have 4 ports per concurrent call you plan on having flow through your system, plus 10% for breathing room.  So if you plan on having at most 10 concurrent calls on your system at any time, configure asterisk to use 44 ports (10 calls x 4 ports = 40, 40 * 1.10 = 44).  Be sure the range in your firewall matches the range in your rtp.conf file.

iptables -A INPUT -p udp -m udp –dport 4000:4999 -j ACCEPT – This rule is used to allow udptl traffic, which is a T.38 transport protocol.  If you don’t plan on doing faxing, you can skip this rule.  I don’t have any handy rules of thumb for the number of udptl ports used per T.38 fax, so you may want to leave this rule at it’s default.  You can try changing it down, but until I hear otherwise from the folks at Digium, I’ll leave the defaults as the recommended.

iptables -A INPUT -p udp -m udp –dport 4569 -j ACCEPT – This rule is for IAX2 connections.  IAX2 is another VoIP protocol, much like SIP.  Unlike SIP, it only needs one port open on your firewall for both control traffic and audio / data traffic.  You don’t need to open any ranges of ports to allow multiple concurrent calls using IAX2 either, as it’s all handled through the one port.  If you plan on making any IAX2 connections through your firewall, be sure to open this port.

iptables -A INPUT -p tcp –dport 5038 -j ACCEPT – This rule is to allow connections to the Asterisk Manager Interface, or AMI.  If you’re not accessing AMI remotely, you should leave this rule off your firewall.

Now that you’ve got your rules in place, go ahead and test your system.  If everything seems to be working properly, save your new rules to your iptables config by running one of the following commands:

# iptables-save

or

# service itpables save

And that’s it!  You should be all set now.  If you have any questions, please feel free to leave a comment below.

Next week we’ll cover using Fail2Ban along with IPTables to secure your asterisk server from malicious and costly attacks.

Recover MySQL root Password

Source: http://www.cyberciti.biz/tips/recover-mysql-root-password.html

If you simple want to change root password then

$ mysqladmin -u root password NEWPASSWORD

Otherwise, if you do not know the root password then

You can recover MySQL database server password with following five easy steps.
 

Step # 1: Stop the MySQL server process.

Step # 2: Start the MySQL (mysqld) server/daemon process with the —skip-grant-tables option so that it will not prompt for password.

Step # 3: Connect to mysql server as the root user.

Step # 4: Setup new mysql root account password i.e. reset mysql password.

Step # 5: Exit and restart the MySQL server.

Here are commands you need to type for each step (login as the root user):

Step # 1 : Stop mysql service

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld.

Step # 2: Start to MySQL server w/o password:

# mysqld_safe --skip-grant-tables &
Output:

[1] 5988
Starting mysqld daemon with databases from /var/lib/mysql
mysqld_safe[6025]: started

Step # 3: Connect to mysql server using mysql client:

# mysql -u root
Output:

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 4.1.15-Debian_1-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql>

Step # 4: Setup new MySQL root user password

mysql> use mysql;
mysql> update user set password=PASSWORD("NEW-ROOT-PASSWORD") where User='root';
mysql> flush privileges;
mysql> quit

Step # 5: Stop MySQL Server:

# /etc/init.d/mysql stop
Output:

Stopping MySQL database server: mysqld
STOPPING server from pid file /var/run/mysqld/mysqld.pid
mysqld_safe[6186]: ended

[1]+  Done                    mysqld_safe --skip-grant-tables

Step # 6: Start MySQL server and test it

# /etc/init.d/mysql start
# mysql -u root -p