Author Archives: Geneva Sibanda

About Geneva Sibanda

I assist companies in the Areas of Network Infrastructure Design and Implementation: (from Windows Active Directory Security, networking, etc.).

How to Study Bachelor of Science in Computing Through UNISA

Bachelor of Science in Computing

Qualification code: 98906
NQF level: 7
Total credits: 360

I am actually studying a Bachelor of Science in Computing at UNISA (98906).

Studying with UNISA can be both challenging and rewarding. The work load is very hectic, if you are hard working, self-motivated and self discipline you are guaranteed to do exceptionally well.

UNISA encourages you to access all study guides, assignments etc via MyUnisa.

Assignment contributes handsomely towards the year mark. As such you need to take your assignments  very serious. As soon you receive or have access to your  UNISA Official Study Material,  start tackling assignments immediately.

To do exceedingly well in your module exam, you need to make sure that your assignment mark is above 95%, with that % the possibility of passing is high.

To be continued…

How to install VestaCP Nginx Only on ubuntu Server

Vesta Control Panel:

VestaCP is an Open Source web hosting control panel with premium features, secure, advanced and minimalistic design.

Vesta CP has all the features for easy and fast operation, without the need for a “manual” editing of configuration files. Right after installation the following is completely supported:

◾Apache + nginx as a webserver;
◾DNS-server;
◾Mail server, including the setting up of DKIM, spam filter and antivirus;
◾The stable version of PHP;
◾Database management system MySQL 5.5;
◾Built-in backup functions;
◾Task Scheduler (cron);
◾Monitoring server load;
◾Fast, multi-language interface

Panel installation process is very simple and can be done even by a beginner. In order to start, you need to decide with your operating system – Vesta CP successfully works on Centos, Ubuntu and Debian. For this guide I used Ubuntu Server 14.04 of the OS.

Remember the best way to learn any new technical skill, is to play around and see how things work. Get comfortable you’re few steps in right direction. Click HERE to Order Your VPS NOW! so that you can gain the practical experience needed.

Now 50% OFF! VPS hosting solutions optimized for you: Click HERE to Order NOW!

How to install

Connect to your server ssh as root via putty:

Update your Ubuntu Server

root@ns1:~# apt-get update && sudo apt-get -y upgrade && sudo apt-get -y dist-upgrade && sudo apt-get -y autoremove

Then I edited /etc/hosts. Setup it look like this:

root@ns1:~# vi /etc/hosts

Now run

root@ns1:~# echo ns1.magwinya.co.za /etc/hostname
root@ns1:~# service hostname restart

Afterwards, run

root@ns1:~# hostname
root@ns1:~# hostname -f

Both should show ns1.magwinya.co.za now.
Download the VestaCP installation script

root@ns1:~# curl -O http://vestacp.com/pub/vst-install.sh
<root@ns1:~# ls
vst-install.sh

Run it

root@ns01:~# bash vst-install.sh --nginx yes --phpfpm yes --apache no --vsftpd no --proftpd yes --exim yes --dovecot yes --spamassassin yes --clamav yes --named yes --iptables yes --fail2ban yes --mysql yes --postgresql no --remi no --quota yes

_| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|
_| _| _| _| _| _| _|
_| _| _|_|_| _|_| _| _|_|_|_|
_| _| _| _| _| _| _|
_| _|_|_|_| _|_|_| _| _| _|

Vesta Control Panel

Following software will be installed on your system:
– Nginx Web Server
– PHP-FPM Application Server
– Bind DNS Server
– Exim mail server + Antivirus Antispam
– Dovecot POP3/IMAP Server
– MySQL Database Server
– ProFTPD FTP Server
– Iptables Firewall + Fail2Ban

Would you like to continue [y/n]:y

Please enter admin email address: your@yourdomain.co.za
Please enter FQDN hostname [ns01]: ns01.magwinya.co.za

bash vst-install.sh

=======================================================

_| _| _|_|_|_| _|_|_| _|_|_|_|_| _|_|
_| _| _| _| _| _| _|
_| _| _|_|_| _|_| _| _|_|_|_|
_| _| _| _| _| _| _|
_| _|_|_|_| _|_|_| _| _| _|

——————————-
https://192.168.10.63:8083
username: admin
password: kMtXWuyZ5t
——————————-

Congratulations, you have successfully installed Vesta Control Panel and you can logon and get started using VestaCP

That is all. Next time you create a web domain from vesta it will be configured to use Nginx + PHP-fpm as a webserver instead of proxying for apache.

Good luck

Fully functional CRM & Sales System for Your Small Business.

OUR SALES & CRM is a fully functional CRM & Sales System, to help your company empower your sales department with a complete CRM & Sales solution that they can use to boost sales dramatically.

Competitive Advantage:

OUR SALES & CRM helps you record leads, opportunities, add new customers, add main contacts, register sales orders, create quotations and create invoices.

The whole sales process simplified in a simple modern light-weight system that will change how you do business. Most if not all systems out there are using the SAAS model or were built using a complicated business processes that will take you a while to understand, we built OUR SALES & CRM using simple modern practical business approaches.

This means that customizing the software to your needs will be easier than any other system out there. We also implemented the pricelist system so you can add discounts for certain customers within a certain period of time. OUR SALES & CRM also contains a simple email application to receive and send emails from within this software. We aim to make your whole sales process easier and smoother.

Core Features:

Leads Management
Opportunities
Customer & Contacts Management
Calls Logs
Meetings Schedule
Products Categories
Sales Reps – Assign to Customers
Quotations
Sales Orders
Invoicing & Payments
Pricelists
Contracts
Calendar

Application Security Access Control:

Super User
Base User
Customer

I’m happy to arrange a pilot project so that you can see how the solution fits within your organisational operations. Please note that the entire solution is on a SAAS business model, meaning that the service is fully hosted on my cloud servers.

Price Est: R165p/m Exl VAT.

cakePHP 3 Installation Step by Step

CakePHP is a powerful and robust PHP framework built around the Model-View-Controller (MVC) programming paradigm. In addition to the flexible way you can use it to build your application, it provides a basic structure for organizing files, classes and database table names – keeping everything consistent and logical.

Installing CakePHP 3 on Ubuntu 16.04.

CakePHP is simple and easy to install. The minimum requirements are a web server and a copy of CakePHP, that’s it! While this guide focuses primarily on setting up on Nginx (because it’s simple to install and setup), CakePHP will run on a variety of web servers such as Apache2, LightHTTPD, or Microsoft IIS.

Additionally, since databases are part of most web applications, CakePHP supports a number of drivers such as MySQL, PostgreSQL, Microsoft SQL Server or SQLite (all with their respective PDO extensions installed).

Remember the best way to learn any technical skill, is to play around and see how things work. Get comfortable you’re few steps in right direction. Click HERE to Order Your VPS NOW! so that you can gain the practical experience.

Now 50% OFF! VPS hosting solutions optimized for you: Click HERE to Sign UP NOW!

Requirements.

  • HTTP Server. For example: Nginx. Having mod_rewrite is preferred, but
    by no means required.
  • PHP 5.4.16 or greater.
  • mbstring extension
  • intl extension

CakePHP uses Composer, a dependency management tool for PHP 5.3+, as the officially supported method for installation.

First, you’ll need to download and install Composer if you haven’t done so already. If you have cURL installed, it’s as easy as running the following:

Run these commands to globally install composer on your ubuntu server system:

sibanda@gs2:~#curl -s https://getcomposer.org/installer | php

sibanda@gs2:~#ls

sibanda@gs2:~#sudo mv composer.phar /usr/local/bin/composer

You should execute the command mkdir -p which will create the directory in your server to place cakePHP.

sibanda@gs2:~#mkdir -p /var/www/cakephp/public_html

Now you need to grant www-data access to files with 750 permissions

sibanda@gs2:~#sudo chown -R www-data:www-data /var/www/cakephp/public_html

Set Up Nginx Server Blocks (Virtual Hosts). 

sibanda@gs2:~#cp -f /etc/nginx/sites-available/default /etc/nginx/sites-available/cake.mwired.lan

Nginx Serverblock configuration should look something like this:

sibanda@gs2:~#vi /etc/nginx/sites-available/cake.mwired.lan

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Server Block Configuration for cake.mwired.lan
server {
        listen 80;
#       listen [::]:80 default_server ipv6only=on;

        root /var/www/cakephp/public_html/app/webroot;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name cake.mwired.lan;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?q=$uri&$args;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                allow ::1;
                deny all;
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #       proxy_pass http://127.0.0.1:8080;
        #}

        error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht/ {
                deny all;
        }
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

Copy your Nginx Server Blocks (Virtual Hosts) as follows:

sibanda@gs2:~#cp -f /etc/nginx/sites-available/cake.mwired.lan /etc/nginx/sites-enabled/cake.mwired.lan

The nginx package comes with scripts that provides the usual start|stop|restart|reload … functionality.

sibanda@gs2:~#service nginx restart

Change the folder to where you will have CakePHP application files.

sibanda@gs2:~#cd /var/www/cakephp/public_html/

Now that you’ve prepared the environment and installed Composer globally, Composer will start downloading the application skeleton and the core CakePHP library, you will have a functioning CakePHP application installed via Composer, you can get a new CakePHP application by running:

sibanda@gs2:/var/www/cakephp/public_html#composer create-project --prefer-dist cakephp/app

Installing cakephp/app (3.1.2)
  - Installing cakephp/app (3.1.2)
    Loading from cache

Created project in /var/www/cakephp/public_html/app
Loading composer repositories with package information
Installing dependencies (including require-dev)
- Installing aura/installer-default (1.0.0)
    Loading from cache

  - Installing cakephp/plugin-installer (0.0.12)
    Loading from cache

  - Installing psr/log (1.0.0)
    Loading from cache

  - Installing nesbot/carbon (1.13.0)
    Loading from cache

  - Installing mobiledetect/mobiledetectlib (2.8.17)
    Loading from cache

  - Installing aura/intl (1.1.1)
    Loading from cache

  - Installing ircmaxell/password-compat (v1.0.4)
    Loading from cache

  - Installing cakephp/cakephp (3.1.5)
    Loading from cache

  - Installing symfony/yaml (v2.8.0)
    Loading from cache

  - Installing symfony/filesystem (v3.0.0)
    Loading from cache

  - Installing symfony/config (v2.8.0)
    Loading from cache

  - Installing symfony/polyfill-mbstring (v1.0.0)
    Loading from cache

  - Installing symfony/console (v2.8.0)
    Loading from cache

  - Installing robmorgan/phinx (v0.5.0)
    Loading from cache

  - Installing cakephp/migrations (1.5.1)
    Loading from cache

  - Installing jakub-onderka/php-console-color (0.1)
    Loading from cache

  - Installing jakub-onderka/php-console-highlighter (v0.3.2)
    Loading from cache

  - Installing dnoegel/php-xdg-base-dir (0.1)
    Loading from cache

  - Installing nikic/php-parser (v2.0.0)
    Loading from cache

  - Installing symfony/var-dumper (v3.0.0)
    Loading from cache

  - Installing psy/psysh (v0.6.1)
    Loading from cache

  - Installing jdorn/sql-formatter (v1.2.17)
    Loading from cache

  - Installing cakephp/debug_kit (3.2.2)
    Loading from cache

  - Installing cakephp/bake (1.1.2)
    Loading from cache

symfony/console suggests installing symfony/event-dispatcher ()
symfony/console suggests installing symfony/process ()
symfony/var-dumper suggests installing ext-symfony_debug ()
psy/psysh suggests installing ext-pdo-sqlite (The doc command requires SQLite to work.)
cakephp/debug_kit suggests installing ext-sqlite (DebugKit needs to store panel data in a database. SQLite is simple and easy to use.)
Writing lock file
Generating autoload files
> Cake\Composer\Installer\PluginInstaller::postAutoloadDump
> App\Console\Installer::postInstall
Created `config/app.php` file
Set Folder Permissions ? (Default to Y) [Y,n]? y
Permissions set on /var/www/cakephp/public_html/app/tmp/cache
Permissions set on /var/www/cakephp/public_html/app/tmp/cache/models
Permissions set on /var/www/cakephp/public_html/app/tmp/cache/persistent
Permissions set on /var/www/cakephp/public_html/app/tmp/cache/views
Permissions set on /var/www/cakephp/public_html/app/tmp/sessions
Permissions set on /var/www/cakephp/public_html/app/tmp/tests
Permissions set on /var/www/cakephp/public_html/app/tmp
Permissions set on /var/www/cakephp/public_html/app/logs
Updated Security.salt value in config/app.php

Once Composer finishes downloading be sure to keep the composer.json and composer.lock files with the rest of your source code.

Create MySQL Database

You would need special privileges to create or to delete a MySQL database. So assuming you have access to root user, you can create any database using “mysql -u root -p” command line.

Here is a simple example to create database called cake3

From the console you can create the database:

root@gs2:/var/www/app/public_html# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.6.27-2 (Ubuntu)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database cake3;
Query OK, 1 row affected (0.27 sec)

mysql> GRANT ALL PRIVILEGES ON cake3.* TO gs2star@localhost IDENTIFIED BY 'typeyourpasswordhere';
Query OK, 0 rows affected (0.55 sec)

mysql> flush privileges;

Now visit the path to where you installed your CakePHP application and Setup the values of ‘cake3 database’ in app/config/app.php

root@gs2:/var/www/app/public_html# vi app/config/app.php


'Datasources' => [
        'default' => [
            'className' => 'Cake\Database\Connection',
            'driver' => 'Cake\Database\Driver\Mysql',
            'persistent' => false,
            'host' => 'localhost',
            /**
             * CakePHP will use the default DB port based on the driver selected
             * MySQL on MAMP uses port 8889, MAMP users will want to uncomment
             * the following line and set the port accordingly
             */
            //'port' => 'nonstandard_port_number',
            'username' => 'gs2star',
            'password' => 'typeyourpasswordhere',
            'database' => 'cake3',
            'encoding' => 'utf8',
            'timezone' => 'UTC',
            'cacheMetadata' => true,
            'log' => false,

You can now visit your URL and Get the Ovens Ready.

More about Cake

CakePHP is a rapid development framework for PHP which uses commonly known design patterns like Front Controller and MVC.

That’s it for now! If you have any questions or need assistance, please don’t hesitate to contact me.

In the next article we will play a bit with CakePHP to create a simple Invoicing, Accounting & CRM, Billing and Business Management app that will be used by Small Businesses in South Africa and the world.

Easily deploy an SSD cloud server

Easily deploy an SSD cloud server on @esgnet in 55 seconds. Sign up using my link and receive $10 in credit: https://www.digitalocean.com/?refcode=2d36b262058d

Just a quick friendly reminder to let you know that we’re open for business, standing ready to WOW you! Promote your business on online now.

How To Install (LEMP), Linux, nginx, MySQL, PHP stack on Ubuntu 15.10

LEMP stacks are an open source platform for web applications consisting of Linux, Nginx, MySQL or MariaDB, and PHP or another language such as Python.

L – Linux
E – Nginx (Pronounced Engine-X)
M – MySQL
P – PHP

Remember the best way to learn any new technical skill, is to play around and see how things work. Get comfortable you’re few steps in right direction. Click HERE to Order Your VPS NOW! so that you can gain the practical experience needed.

Now 50% OFF! VPS hosting solutions optimized for you: Click HERE to Order NOW!

Step 1 Log in to your Linux server with the root user. This has taken care of the ‘L’ of LEMP.

Step 2 Next we will update all the softwares to the latest versions

sibanda@gs2:~# sudo apt-get update

Step 3 Install MySQL on the server with the following command :

sibanda@gs2:~# sudo apt-get install mysql-server php5-mysql

You would be prompted to enter a password for your MySQL.

Once the installation is complete activate it using the following command :

sibanda@gs2:~# sudo mysql_install_db

Next run the MySQL set up script :

sibanda@gs2:~# sudo /usr/bin/mysql_secure_installation

You will be prompted to enter your password. Then you will be asked to change the root password, type N and move on. For the rest of the options chose ‘Y’.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.


Remove anonymous users? [Y/n] y

 ... Success!



Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.



Disallow root login remotely? [Y/n] y
... Success!



By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.



Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!



Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.



Reload privilege tables now? [Y/n] y
 ... Success!



Cleaning up...

Step 4 Install PHP

sibanda@gs2:~# sudo apt-get install php5-fpm

Open www.conf file

sibanda@gs2:~# sudo vi /etc/php5/fpm/pool.d/www.conf

Find the line

;listen = /var/run/php5-fpm.sock
; listen = 127.0.0.1:9000

and change it to

listen = /var/run/php5-fpm.sock
Save the file and exit and restart php-fpm :

sibanda@gs2:~# sudo service php5-fpm restart

Step 5 Install nginx

sibanda@gs2:~# echo "deb http://ppa.launchpad.net/nginx/stable/ubuntu $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/nginx-stable.list
sibanda@gs2:~# sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C
sibanda@gs2:~# sudo apt-get update && sudo apt-get install nginx

You need to start nginx by typing :

sibanda@gs2:~# sudo service nginx start

Step 6 Copy the default config file for Nginx

sibanda@gs2:~# sudo cp -rf /etc/nginx/sites-available/default /etc/nginx/sites-available/magwinya.co.za

I normally delete the default nginx server block to avoid “conflicting server name” error.

sibanda@gs2:~# sudo rm -rf /etc/nginx/sites-available/default

Step 7 Open the copied config file for Nginx

sibanda@gs2:~# sudo vi /etc/nginx/sites-available/magwinya.co.za

The Server block for the config file should have the following settings

# You may add here your
# server {
#       ...
# }
# statements for each of your virtual hosts to this file

##
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##

# Server Block Configuration for www.magwinya.co.za
server {
        listen 80;
#       listen [::]:80 default_server ipv6only=on;

        root /home/mwired/public_html;
        index index.php index.html index.htm;

        # Make site accessible from http://localhost/
        server_name magwinya.co.za www.magwinya.co.za;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?q=$uri&$args;
                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules
        }

        location /doc/ {
                alias /usr/share/doc/;
                autoindex on;
                allow 127.0.0.1;
                allow ::1;
                deny all;
        }

        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #       proxy_pass http://127.0.0.1:8080;
        #}

        error_page 404 /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
                root /usr/share/nginx/html;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {
        #       fastcgi_split_path_info ^(.+\.php)(/.+)$;
        #       # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        #
        #       # With php5-cgi alone:
        #       fastcgi_pass 127.0.0.1:9000;
        #       # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht/ {
                deny all;
        }
}


# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#       listen 8000;
#       listen somename:8080;
#       server_name somename alias another.alias;
#       root html;
#       index index.html index.htm;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}


# HTTPS server
#
#server {
#       listen 443;
#       server_name localhost;
#
#       root html;
#       index index.html index.htm;
#
#       ssl on;
#       ssl_certificate cert.pem;
#       ssl_certificate_key cert.key;
#
#       ssl_session_timeout 5m;
#
#       ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
#       ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
#       ssl_prefer_server_ciphers on;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

Step 8

sibanda@gs2:~# sudo cp /etc/nginx/sites-available/magwinya.co.za /etc/nginx/sites-enabled/

Alternatively, you can activate the host by creating a symbolic link between the sites-available directory and the sites-enabled directory.

sibanda@gs2:~# sudo ln -s /etc/nginx/sites-available/magwinya.co.za /etc/nginx/sites-enabled/magwinya.co.za

Important: Restart php-fpm and nginx so that changes can take effect.

sudo service php5-fpm restart && service nginx restart

How to upgrade to Ubuntu 14.04 Server

Before upgrading it is always recommended that you create a backup first.

Step 1 : Check the current version of Ubuntu

Remember the best way to learn any new technical skill, is to play around and see how things work. Get comfortable you’re few steps in right direction. Click HERE to Order Your VPS NOW! so that you can gain the practical experience needed.

Now 50% OFF! VPS hosting solutions optimized for you: Click HERE to Order NOW!

sibanda@gs2:~# lsb_release -a

This should return an output in the following format :

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:        14.04
Codename:       trusty

Step 2 : Now we need to update the package list and install the update-manager-core package if it is not already installed:

sibanda@gs2:~# apt-get update && apt-get install update-manager-core

Step 3 : Upgrade to the latest LTS release of Ubuntu, using the below mentioned command. This command will open up a upgrade tool. Just follow the on screen instructions to complete :

sibanda@gs2:~# do-release-upgrade

In case you get the following message from this command, it means taht there is no newer LTS version available :

Checking for a new Ubuntu release No new release found But if you still want to upgrade to the latest version of Ubuntu, regardless of it have LTS (Long term support), you can use the same command but with a ‘-d’ option :

sibanda@gs2:~# do-release-upgrade -d

Step 4 : After the installation is completed, it is recommended that you reboot the server and check the new settings :

sibanda@gs2:~# reboot
sibanda@gs2:~# lsb_release -a

How to install ClamAV on Ubuntu Server

What is ClamAV®?

ClamAV® is an open source antivirus engine for detecting trojans, viruses, malware & other malicious threats.

ClamAV® can be easily installed via Terminal on your ubuntu Server.

root@gs2:~# apt-get install clamav

Once ClamAV® is installed, the first thing you have do is to update the virus definitions with:

root@gs2:~# freshclam
ClamAV update process started at Fri Oct  3 23:42:51 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20952, sigs: 1589971, f-level: 63, builder: jesler)
bytecode.cld is up to date (version: 268, sigs: 47, f-level: 63, builder: anvilleg)
root@gs2:~#

Then you can scan for viruses.

For Example:

•To check all files on the computer, displaying the name of each file:

root@gs2:~# clamscan -r /


----------- SCAN SUMMARY -----------
Known viruses: 4008679
Engine version: 0.98.7
Scanned directories: 23613
Scanned files: 92730
Infected files: 0
Total errors: 11692
Data scanned: 2375.55 MB
Data read: 2647.36 MB (ratio 0.90:1)
Time: 2464.365 sec (41 m 4 s)
root@gs2:~#

•To check all files on the computer, but only display infected files and ring a bell when found:

root@gs2:~# clamscan -r --bell -i /

----------- SCAN SUMMARY -----------
Known viruses: 4008679
Engine version: 0.98.7
Scanned directories: 23613
Scanned files: 92730
Infected files: 0
Total errors: 11692
Data scanned: 2375.55 MB
Data read: 2647.36 MB (ratio 0.90:1)
Time: 2360.552 sec (39 m 20 s)
root@gs2:~#

•To check files in the all users home directories:

root@gs2:~# clamscan -r /home

----------- SCAN SUMMARY -----------
Known viruses: 4008676
Engine version: 0.98.7
Scanned directories: 9
Scanned files: 26
Infected files: 0
Data scanned: 36.14 MB
Data read: 499.79 MB (ratio 0.07:1)
Time: 15.731 sec (0 m 15 s)
root@gs2:/home/sibgen#

•To check files in the USER home directory and move infected files to another folder:

root@gs2:~# clamscan -r --move=/tmp/home/sibgen/virus /home/sibgen

----------- SCAN SUMMARY -----------
Known viruses: 4008676
Engine version: 0.98.7
Scanned directories: 8
Scanned files: 26
Infected files: 0
Data scanned: 36.14 MB
Data read: 499.79 MB (ratio 0.07:1)
Time: 15.050 sec (0 m 15 s)
root@gs2:/home/sibgen#

•To check files in the USER home directory and remove infected files (WARNING: Files are gone.):

root@gs2:~# clamscan -r --remove /home/sibgen

----------- SCAN SUMMARY -----------
Known viruses: 4008676
Engine version: 0.98.7
Scanned directories: 8
Scanned files: 26
Infected files: 0
Data scanned: 36.14 MB
Data read: 499.79 MB (ratio 0.07:1)
Time: 15.050 sec (0 m 15 s)
root@gs2:/home/sibgen#

•To see more options:

root@gs2:~# clamscan --help


                       Clam AntiVirus Scanner 0.98.7
           By The ClamAV Team: http://www.clamav.net/about.html#credits
           (C) 2007-2009 Sourcefire, Inc.

    --help                -h             Print this help screen
    --version             -V             Print version number
    --verbose             -v             Be verbose
    --archive-verbose     -a             Show filenames inside scanned archives
    --debug                              Enable libclamav's debug messages
    --quiet                              Only output error messages
    --stdout                             Write to stdout instead of stderr
    --no-summary                         Disable summary at end of scanning
    --infected            -i             Only print infected files
    --suppress-ok-results -o             Skip printing OK files
    --bell                               Sound bell on virus detection

    --tempdir=DIRECTORY                  Create temporary files in DIRECTORY
    --leave-temps[=yes/no(*)]            Do not remove temporary files
    --database=FILE/DIR   -d FILE/DIR    Load virus database from FILE or load
                                         all supported db files from DIR
    --official-db-only[=yes/no(*)]       Only load official signatures
    --log=FILE            -l FILE        Save scan report to FILE
    --recursive[=yes/no(*)]  -r          Scan subdirectories recursively
    --allmatch[=yes/no(*)]   -z          Continue scanning within file after finding a match
    --cross-fs[=yes(*)/no]               Scan files and directories on other filesystems
    --follow-dir-symlinks[=0/1(*)/2]     Follow directory symlinks (0 = never, 1 = direct, 2 = always)
    --follow-file-symlinks[=0/1(*)/2]    Follow file symlinks (0 = never, 1 = direct, 2 = always)
    --file-list=FILE      -f FILE        Scan files from FILE
    --remove[=yes/no(*)]                 Remove infected files. Be careful!
    --move=DIRECTORY                     Move infected files into DIRECTORY
    --copy=DIRECTORY                     Copy infected files into DIRECTORY
    --exclude=REGEX                      Don't scan file names matching REGEX
    --exclude-dir=REGEX                  Don't scan directories matching REGEX
    --include=REGEX                      Only scan file names matching REGEX
    --include-dir=REGEX                  Only scan directories matching REGEX

    --bytecode[=yes(*)/no]               Load bytecode from the database
    --bytecode-unsigned[=yes/no(*)]      Load unsigned bytecode
    --bytecode-timeout=N                 Set bytecode timeout (in milliseconds)
    --bytecode-statistics[=yes/no(*)]    Collect and print bytecode statistics
    --detect-pua[=yes/no(*)]             Detect Possibly Unwanted Applications
    --exclude-pua=CAT                    Skip PUA sigs of category CAT
    --include-pua=CAT                    Load PUA sigs of category CAT
    --detect-structured[=yes/no(*)]      Detect structured data (SSN, Credit Card)
    --structured-ssn-format=X            SSN format (0=normal,1=stripped,2=both)
    --structured-ssn-count=N             Min SSN count to generate a detect
    --structured-cc-count=N              Min CC count to generate a detect
    --scan-mail[=yes(*)/no]              Scan mail files
    --phishing-sigs[=yes(*)/no]          Signature-based phishing detection
    --phishing-scan-urls[=yes(*)/no]     URL-based phishing detection
    --heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
    --phishing-ssl[=yes/no(*)]           Always block SSL mismatches in URLs (phishing module)
    --phishing-cloak[=yes/no(*)]         Always block cloaked URLs (phishing module)
    --partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
    --algorithmic-detection[=yes(*)/no]  Algorithmic detection
    --scan-pe[=yes(*)/no]                Scan PE files
    --scan-elf[=yes(*)/no]               Scan ELF files
    --scan-ole2[=yes(*)/no]              Scan OLE2 containers
    --scan-pdf[=yes(*)/no]               Scan PDF files
    --scan-swf[=yes(*)/no]               Scan SWF files
    --scan-html[=yes(*)/no]              Scan HTML files
    --scan-archive[=yes(*)/no]           Scan archive files (supported by libclamav)
    --detect-broken[=yes/no(*)]          Try to detect broken executable files
    --block-encrypted[=yes/no(*)]        Block encrypted archives
    --nocerts                            Disable authenticode certificate chain verification in PE files
    --dumpcerts                          Dump authenticode certificate chain in PE files

    --max-filesize=#n                    Files larger than this will be skipped and assumed clean
    --max-scansize=#n                    The maximum amount of data to scan for each container file (**)
    --max-files=#n                       The maximum number of files to scan for each container file (**)
    --max-recursion=#n                   Maximum archive recursion level for container file (**)
    --max-dir-recursion=#n               Maximum directory recursion level
    --max-embeddedpe=#n                  Maximum size file to check for embedded PE
    --max-htmlnormalize=#n               Maximum size of HTML file to normalize
    --max-htmlnotags=#n                  Maximum size of normalized HTML file to scan
    --max-scriptnormalize=#n             Maximum size of script file to normalize
    --max-ziptypercg=#n                  Maximum size zip to type reanalyze
    --max-partitions=#n                  Maximum number of partitions in disk image to be scanned
    --max-iconspe=#n                     Maximum number of icons in PE file to be scanned
    --enable-stats                       Enable statistical reporting of malware
    --disable-pe-stats                   Disable submission of individual PE sections in stats submissions
    --stats-timeout=#n                   Number of seconds to wait for waiting a response back from the stats server
    --stats-host-id=UUID                 Set the Host ID used when submitting statistical info.

(*) Default scan settings
(**) Certain files (e.g. documents, archives, etc.) may in turn contain other
   files inside. The above options ensure safe processing of this kind of data.
root@gs2:~#

ClamAV® Virus definitions update automatically every 2 hours by default, as such it is recommended to running the updated version virus definitions in order to keep your Server secure at all times. To automate this task using freshclam you need to create a shell script called freshclam.sh: 

root@gs2:/usr/local/bin# vi freshclam.sh

Press i to insert text, and the "Copy and Paste" this text into your freshclam.sh shell script.

#!/bin/sh
# Automate : ClamAV® Virus definitions update
# Author : Geneva Sibanda under GPL v.2.x+
# ------------------------------------------
/usr/bin/freshclam --quiet
exit 0

To save and exit from vi, press [Esc] key on your keyboard and type : (colon) and type wq!.

Then set up a cronjob to update the virus definitions to every 3 hours by calling freshclam script created above.

0 0-23/3 * * * * * * bash /usr/local/bin/freshclam.sh

Till next time. Take Your Server Security very seriously.

NB: Remember that it is your responsibility to keep your server secure and you can install firewall. A firewall can help you block incoming and outgoing ports as well as block brute force login attempts.

How to connect/logon and create a database in MySQL?

In order to be able to use a database, one needs to create: a new database, give access permission to the database server to a database user and finally grant all right to that specific database to this user.

For the purpose of this tutorial, I will demonstrate how to create a database for a company called MWired and user to access the database.

Now you should create the database with the root user:

1. Open mysql from terminal:

root@gs2:~# mysql -u root -p

2. Enter the password created before.

Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 49
Server version: 5.5.44-0ubuntu0.14.04.1 (Ubuntu)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

3. Enter the following line:

If you enter SHOW DATABASES; you should see it in the list. If so, you have a database ready to use!

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| phpmyadmin         |
+--------------------+
8 rows in set (0.16 sec)

4. CREATE DATABASE piERP;

mysql> create database piERP;
Query OK, 1 row affected (0.10 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| phpmyadmin         |
| piERP              |
+--------------------+
9 rows in set (0.02 sec)

5. CREATE USER called gs and GRANT privileges to gs user.

From MySQL command line:

mysql> create user 'gs'@'localhost' IDENTIFIED BY 'MyGSL1nks15100s';
Query OK, 0 rows affected (0.04 sec)

As it stands at this point 'gs' user has no permissions to do anything with the databases. In fact, if 'gs' user even tries to login (with the password, password), they will not be able to reach the MySQL shell.

Therefore, the first thing to do is to provide the user with access to the information they will need.

mysql> grant all on piERP.* to 'gs'@'localhost' identified by 'MyGSL1nks15100s';
Query OK, 0 rows affected (0.04 sec)

The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.

Once you have finalised the permissions that you want to set up for your new users, always be sure to reload all the privileges.

mysql> flush privileges;
Query OK, 0 rows affected (0.24 sec)

Your changes will now be in effect.

MySQL Administrator makes creating users, dropping users, granting privileges, and seeing privileges quite easy.

That's it for now!

In the next post I will further explore MySQL where I will outline a practical business case so that you can relate to real-world scenario.

Improve the Security of your MySQL installation.

Improve MySQL Installation Security – mysql_secure_installation

This program enables you to improve the security of your MySQL installation in the following ways:

  • You can set a password for root accounts.
  • You can remove root accounts that are accessible from outside the local host.
  • You can remove anonymous-user accounts.
  • You can remove the test database (which by default can be accessed by all users, even anonymous users), and privileges that permit anyone to access databases with names that start with test.

With Ubuntu based systems you have the option of running the mysql_secure_installation script to initialize passwords and perform other security-related tasks. It manages for you much of the secure installation steps by assigning passwords for the accounts with the username root and removing the anonymous accounts.

The mysql_secure_installation tool helps to improve MySQL Installation Security. To execute this tool MySQL server service requires to be running. If you see the following error, it means mysqld is not running:

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

You can just run the following command line to make sure that MySQL Server is started:

root@gs2:~# service mysql start
mysql start/running, process 2194

Now you should be ready run mysql_secure_installation and this program enables you to improve the security of your MySQL.

root@gs2:~# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current password for the root user. If you’ve just installed MySQL, and you haven’t set the root password yet, the password will be blank, so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL root user without the proper authorization.

Set root password? [Y/n] y
New password:
Re-enter new password:

Password updated successfully!
Reloading privilege tables..
... Success!

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? [Y/n] y
... Success!

Normally, root should only be allowed to connect from ’localhost’. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
... Success!

By default, MySQL comes with a database named ’test’ that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...

All done! If you’ve completed all of the above steps, your MySQL installation should now be secure.

Thanks for using MySQL!

root@gs2:~#

Installations and securing MySQL database are part of the duties of a database administrator. In the next post I will covered the howto connect/logon and create a database in MySQL and how to use MySQL to perform different tasks. I will show you how to grant user access and manage your MySQL databases.