Tag Archives: Linux

Install Zabbix on Linux server

Zabbix is an open-source monitoring software tool for diverse IT components, including networks, servers, virtual machines (VMs), and cloud services. Zabbix is able to monitor a lot of things, also provides a single pane of glass view of your whole IT infrastructure.

Configure the Zabbix repository.

yum install -y centos-release-scl

Install the Zabbix repository configuration package.

rpm -Uvh https://repo.zabbix.com/zabbix/5.0/rhel/7/x86_64/zabbix-release-5.0-1.el7.noarch.rpm

Install Zabbix Server.

yum install -y zabbix-web-mysql-scl zabbix-apache-conf-scl zabbix-server-mysql zabbix-agent --enablerepo=zabbix-frontend

Change timezone.

vi /etc/opt/rh/rh-php72/php-fpm.d/zabbix.conf
php_value[date.timezone] = America/Vancouver

Install MySQL or MariaDB.

yum install -y mariadb-server mariadb

Start mariadb service.

systemctl start mariadb
systemctl status mariadb

Login to MariaDB and create the database and user for our Zabbix installation.

mysql -u root -p

Create a database with information eblow.

DBUser: zabbixuser

MariaDB [(none)]> create database zabbixdb character set utf8 collate utf8_bin;
MariaDB [(none)]> grant all privileges on zabbixdb.* to zabbixuser@localhost identified by '123456';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

Import initial schema and database.

cd /usr/share/doc/zabbix-server-mysql*/
zcat create.sql.gz | mysql -u zabbixuser -p zabbixdb

Update Database Configuration

Edit the zabbix_server.conf file.


Restart Zabbix service.

systemctl restart zabbix-server zabbix-agent httpd rh-php72-php-fpm

Enable the service to start automatically on system reboot.

systemctl enable zabbix-server zabbix-agent httpd rh-php72-php-fpm

Disable SELinux.

sudo setenforce 0

Allow Zabbix services on Firewall.

firewall-cmd --permanent --add-port=10050/tcp
firewall-cmd --permanent --add-port=10051/tcp
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd –reload

Setup Zabbix via a web interface.

Enter zabbixdb, zabbixuser and password.

Zabbix Dashboard.

Username: Admin (Username is case sensitive.)


Zabbix Dashboard.

Check ports are used on the Zabbix server.
netstat -antp | grep "LISTEN"

Install HTTPS web certificate on the Zabbix web interface.

Install mod security.

yum install mod_ssl -y

Copy web server certificate (used wildcard cert *.linuxlab.local) to Zabbix server.

Edit ssl.conf file.

vi /etc/httpd/conf.d/ssl.conf
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/wildcard.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/wildcard-cert.key
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/pki/CA/certs/ourCA.crt

Restart Apache web service.

systemctl restart httpd
systemctl status httpd

Allow HTTPS on Firewall.

firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Access Zabbix server from Windows machine.


Redirect HTTP to HTTPS on Apache by using .htaccess file.

cd /etc/httpd/conf.modules.d/
cat 00-base.conf | grep rewrite
cd /usr/share/zabbix/
touch .htaccess
vi .htaccess
RewriteEngine On
RewriteCond %{HTTPS}  !=on
#RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/?(.*) https://zabbix.linuxlab.local/$1 [R,L]

Access Zabbix via HTTP. It will redirect the link to HTTPS.

Install Graylog open-source log management on Linux server

Graylog is an open-source log management system. Graylog centrally captures, collects, enhances, stores, and analyzes log data. It is an affordable alternative to Splunk.

Below are a couple of steps to install Graylog on CentOS 7.

Edit interface, change ONBOOT from “no” to “yes”, and restart network service.

Step #1: Update your system and install needed packages.

hostnamectl set-hostname graylog
yum update -y
yum install epel-release
yum install pwgen vim

Step #2: Install JAVA

yum install java-1.8.0-openjdk-headless.x86_64

Check the java version.

java -version

Create a repository file. Then add the content below to this repository.

vim /etc/yum.repos.d/mongodb-org.repo
name=MongoDB Repository

Install MongoDB

yum install mongodb-org

Enable and start mongoDB service on system.

sudo systemctl daemon-reload
sudo systemctl enable mongod.service
sudo systemctl start mongod.service
sudo systemctl --type=service --state=active | grep mongod

Check MongoDB service port.

netstat -antp | grep 27017

Step #4: Installing Elasticsearch

Graylog can be used with Elasticsearch 6x, 7.x, In this lab, I have used version 6x of Elasticsearch.

Install the Elastic GPG key.

rpm –import https://artifacts.elastic.co/GPG-KEY-elasticsearch

Create a repository, then add the following contents to the file.

vim /etc/yum.repos.d/elasticsearch.repo

name=Elasticsearch repository for 6.x packages

Install the open-source version of Elasticsearch.

yum install elasticsearch-oss

Modify the Elasticsearch configuration file. Set the cluster name to graylog and add “action.auto_create_index: false” to the file.

vim /etc/elasticsearch/elasticsearch.yml

Save and exit the file.

Enable, start and check the status of elastic search on the system.

sudo systemctl daemon-reload
sudo systemctl enable elasticsearch.service
sudo systemctl restart elasticsearch.service
sudo systemctl --type=service --state=active | grep elasticsearch

Check elastic search health.

curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'

Step #5: Installing the Graylog

Now install the Graylog repository configuration with the following commands:

rpm -Uvh https://packages.graylog2.org/repo/packages/graylog-4.2-repository_latest.rpm

Install Graylog-server.

yum install graylog-server

Configure Graylog:

Add “password_secret” and “root_password_sha2” to server.conf file.

Generate password_secret.

pwgen -N 1 -s 96

Generate root_password_sha2.

echo -n foss@dan123 | sha256sum | cut -d” ” -f1

Edit etc/graylog/server/server.conf file.

vim /etc/graylog/server/server.conf

Uncomment the following line.

http_bind_address =

and add http_bind_address =

Enable and Start service.

systemctl enable graylog-server.service
systemctl start graylog-server.service

Monitor server logs.

tail -f /var/log/graylog-server/server.log

Copy Geo-IP database to Graylog server.

Check log again.

Check Graylog Server listening port.

netstat -antp | grep 9000

Check the port is opened on a remote host.

Allow Graylog service on Firewall.

Access Graylog web interface on another machine.

Create a Ceph cluster on Proxmox cluster

Ceph is an open-source distributed software solution. It is designed to serve block, file, and object workloads for a cluster system. There are a lot of advantages when using Ceph. Ceph supports distributed object storage on multiple cluster nodes, provides redundancy between cluster nodes and is able to scale out cluster storage nodes with Ceph.

Ceph is able to run on commodity hardware without vendor lock-in. Moreover, Ceph is also a unified storage infrastructure that supports storage clusters that may grow or shrink and allows to add and remove hardware while the Ceph cluster is online.

This lab below is used to deploy three Proxmox nodes on the Ceph clsuter.

Add a new second hard drive on Proxmox1, Proxmox2, and Proxmox3 nodes.

Install Ceph cluster on node 1.

Create an OSD on Proxmox node 1, node 2 and node 3.

Create Ceph Pool on Ceph storage.

Create a new Linux VM on Ceph.

Add this machine to the HA Ceph.

Hard turn off the Proxmox node1.

Linux VM has been migrated to Proxmox node2 with a couple of minutes of downtime.

Doing live migration the VM2 on Proxmox node 2 to node 3.

It is interesting to see there is no downtime when doing live migration VM2 on Proxmox node 2 to node 3 in the Ceph cluster.

Install a Proxmox cluster

Below is a lab to create a Proxmox cluster.

Node1: pve01.linuxlab.local –

Node2: proxmox02.linuxlab.local –

Node3: proxmox03.linuxlab.local –

Step #1 Check hostname, date and /etc/hosts pve01.linuxlab.local pve01 pve02.linuxlab.local pve02 pve03.linuxlab.local pve03
ping pve01
ping pve02
ping pve03

Creating Cluster via Proxmox GUI interface.

Click on Datacenter | Cluster | Create Cluster

Click on Copy information.

Install a LinuxMint VM on Proxmox node 3.

Install Proxmox on Virtualbox (Nested VT-x)

Proxmox Virtual Environment is an open-source server virtualization management solution based on QEMU/KVM and LXC. It is an affordable virtualization solution for small businesses

Create a new Linux VM on Virtualbox to install Proxmox. Click the link below to download Proxmox VE 7.1 ISO Installer, then mount the iso to the VM to install Proxmox.


To enable “Nested VT-x/AMD-V” function on Proxmox, open a terminal console and type the command below.

VBoxManage -nologo list vms
vboxmanage modifyvm "Virtual machine name of Proxmox" –nested-hw-virt on
vboxmanage modifyvm "proxmox1" --nested-hw-virt on
vboxmanage modifyvm "proxmox2" --nested-hw-virt on
vboxmanage modifyvm "proxmox3" --nested-hw-virt on

After installing Proxmox, open any web browser (such as Firefox on LinuxMint), access Proxmox web management interface (https://IPaddressofProxmox:8006).

Upload source installation such as LinuxMint, Windows OS iso files to install Linux and MS Windows VMs.

Create and install a Linux machine on Proxmox server.

LinuxMint VM can ping google.ca.

Typing keyword in VirtualBox VM is very slow and lag on MacOS Monterey

Below is a workaround solution to fix VirtualBox issue is running in MacOS Monterey.

Open Terminal.

sudo nano /Applications/VirtualBox.app/Contents/Resources/VirtualBoxVM.app/Contents/Info.plist 

Changed the following parameter from true to false: <key>NSHighResolutionCapable</key>     <false/>

Saved the file, reopen VirtualBox. We can see typing keyword in Virtualbox VM is faster than before.

Install TP-Link AC600 Archer T2U Plus WiFi USB Adapter In LinuxMint

It is capable to provide 433 Mbps speed on 5GHz with a dual USB adapter by using this adapter.

Install TP-Link AC600 Archer T2U Nano on LinuxMint.

sudo apt install dkms git build-essential libelf-dev linux-headers-$(uname -r)
# Cloning into 'rtl8812au'
git clone https://github.com/aircrack-ng/rtl8812au.git
cd rtl8812au/
sudo make dkms_install

Unplug the TP-Link Archer T2U Plus adapter and plug it in again. The LED will start to blink. Verify the driver has been installed successfully.

sudo dkms status

Then setup your new wireless USB adapter device.

Install OCS Inventory on Linux

OCS stands for Open Computers and Software Inventory Next Generation. This is an open-source assets management and deployment solution.

Below is a couple of steps to install OCS inventory.


yum install -y epel-release yum-utils vim wget
wget https://rpms.remirepo.net/enterprise/remi-release-7.rpm --no-check-certificate
wget https://rpm.ocsinventory-ng.org/ocsinventory-release-latest.el7.ocs.noarch.rpm --no-check-certificate
yum install -y ocsinventory-release-latest.el7.ocs.noarch.rpm remi-release-7.rpm
yum-config-manager --enable remi && yum-config-manager --enable remi-php73

Create a .repo file so that MariaDB can be installed.

vim /etc/yum.repos.d/MariaDB.repo

Install the whole bunch of applications and extensions that are required to run OCS

yum install -y httpd MariaDB-client MariaDB-server perl-Archive-Zip perl-Compress-Zlib perl-DBD-MySQL perl-DBI perl-Mojolicious perl-Net-IP perl-Plack perl-SOAP-Lite perl-Switch perl-XML-Entities perl-XML-Simple php php-cli php-common php-curl php-domxml php-gd php-imap php-intl php-ldap php-mbstring php-mcrypt php-mysql php-mysqlnd php-opcache php-pdo php-pear-CAS php-pecl-apcu php-pecl-zip php-simplexml php-soap php-sodium php-xmlrpc php-zip
yum update && yum upgrade

Install OCS Inventory.

yum install -y ocsinventory

Configure the MariaDB database.

systemctl enable mariadb
systemctl start mariadb

Secure MySQL.


Create a new an ocsweb database and assign permissions for user ocs/ocs.

mysql -u root -p
MariaDB [(none)]> create database ocsweb;
CREATE USER 'ocs'@'localhost' IDENTIFIED BY 'ocs';
GRANT ALL PRIVILEGES ON ocsweb. * TO 'ocs'@'localhost' IDENTIFIED BY 'ocs';
flush privileges;

Allow HTTP and HTTPS on Firewall.

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd –reload
firewall-cmd --list-services

Configure the MariaDB database.

systemctl enable mariadb && systemctl start mariadb

Setup OCS user/password on OCS configuration/

vim /etc/httpd/conf.d/ocsinventory-server.conf
# Name of database
PerlSetEnv OCS_DB_NAME ocsweb
PerlSetEnv OCS_DB_LOCAL ocsweb
# User allowed to connect to database
PerlSetEnv OCS_DB_USER ocs
# Password for user
PerlSetVar OCS_DB_PWD ocs

Enables and restarts Apache Web Service.

systemctl enable httpd && systemctl start httpd
Check TCP ports are running on the server.
Access OCS Inventory web interface (http://IPaddressofOCS/ocsreports).

Enter user/password is admin/admin to log on.

Rename the “install.php” file in the “OCSReports” directory.

mv /usr/share/ocsinventory-reports/ocsreports/install.php /usr/share/ocsinventory-reports/ocsreports/install.php.bak
+ Install OCS Inventory agent via GPO.

Create a logon script OCSinventory.bat

@echo off
\\dc1.cisalab.local\shared\OCS-Windows-Agent-\OCS-Windows-Agent-Setup-x64.exe /S /SERVER=

Create a new GPO and link the script to the domain level.

Restart Windows 10 domain-joined machine.

OCS inventory agent has been automatically installed on this machine.

Check TCP connection from Windows 10 machine to OCS Inventory server.

Get-NetTcpConnection -RemoteAddress

Install OpenProject on CentOS 7

Create a CentOS 7 VPS.

Update your system & disable SELinux

Start the installation by updating system packages to the latest release.

#sudo yum -y update

Next, disable SELinux in CentOS

edit /etc/selinux/config file and run a command setenforce 0 to disable SELinux in CentOS.

Reboot Linux VPS server.

Add the OpenProject Repository

Next is to add OpenProject Repository by executing the below commands in your terminal.

# sudo yum -y install wget # sudo wget -O /etc/yum.repos.d/openproject.repo https://dl.packager.io/srv/opf/openproject/dev/installer/el/7.repo

Install OpenProject on CentOS 7

Run the commands below to install OpenProject on CentOS 7 # sudo yum -y install openproject

Run the command below to configure OpenProject

#sudo openproject configure Select “Install a new PostgreSQL server and database locally”

Select “Install Apache2 server”

Choose Sendmail application as the default send email service on CentOS.

Enter admin email to be used for access and notifications.

Choose to install Memcache server.

The installation was failed because the issue below

Run the command below to generate a self-signed certificate for OpenProject. # sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/certs/openproject.cisa2380.tk.key -out /etc/ssl/certs/openproject.cisa2380.tk.crt

# mkdir /etc/ssl/private/

# cp /etc/ssl/certs/openproject.cisa2380.tk.key /etc/ssl/private/

Run the command below to complete the installation

#sudo openproject reconfigure

Allow port 80 and 443 on the CentOS firewall.

After finishing OpenProject installation, log into OpenProject with default user/password is admin/admin.

Install certbot on OpenProject.

Restart Apache web service.

# cat /etc/httpd/conf.d/openproject.conf

Log into the OpenProject and see the interface will be redirected to HTTPS.

Installing Zimbra Collaboration Suite (ZCS) on CentOS 7

This tutorial describes how to install Zimbra Collaboration Suite Open Source Edition on a CentOS/RHEL 7 VPS server.

Step 1: Create both A and MX records for Zimbra Mail Server. Create both A and MX records on the VPS to point to your Zimbra mail server

Step 2: Install System Packages for Zimbra

Login as a root account to install the following packages below:

# yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so.6

Next, disable SELinux in CentOS. Edit /etc/selinux/config file and run a command setenforce 0 to disable SELinux in CentOS

Install wget package:

# yum install wget

Set hostname on Zimbra host. # hostnamectl set-hostname mail

Disable unwanted services. Postfix mail service has already been installed and run on CentOS. We need to disable and remove the postfix service before installing Zimbra.

# systemctl stop postfix

# systemctl disable postfix

# yum remove postfix

Step 3: Install Zimbra Collaboration Suite Open Source Edition # wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_3869.RHEL7_64.20190918004220.tgz

After the download completes, use unzip command to extract the archive

# tar xfz zcs-8.8.15_GA_3953.RHEL8_64.20200629025823.tgz

# cd zcs-8.8.15_GA_3953.RHEL8_64.20200629025823/ # ls

Run the command install.sh to install Zimbra. After a series of system checks, click y in continue installation

# ./install.sh

Next, the installation process will prompt a couple of questions that we need to choose to configure Zimbra properly.

Finally, it will start the Zimbra installation process. The system will be modified.  Continue? [N] y

Allow Zimbra services on Linux Firewall.

Step 4: Zimba Initial Configuration. After the installation finishes, access the Zimbra administration page via a link https://mail.cisa2380.tk:7071 or

Step 5: Create 500 Zimbra test users:

#su – zimbra

$cd /opt/mail/backup

$touch usercreation.sh

$nano usercreation.sh

[zimbra@mail backup]$ more usercreation.sh


# Generate user list

#cd /var/tmp


while [ $x -lt 501 ] do

echo “ca demo$x@cisa2380.tk ‘@zimbra@password’ cn ‘Demo User${x}’ givenName ‘Demo’ zimbraPrefFromDisplay ‘Demo User${x}'” >> userlist.zmp

x=`expr $x + 1` done

# run the script ./usercreation.sh

Next, use the command below to create 500 Zimbra users from the userlist.zmp file $zmprov -f userlist.zmp

List down all Zimbra accounts with zmprov command $zmprov -l gaa

Checking on Zimbra Administration.

Step 6: Evaluate Zimbra performance by simulating concurrent Zimbra user’s login.


[root@li1978-114 tmp]# cat usersimulate.sh


# Simulate user login

# x start from 1 and end with 500


for x in {1..500}


    curl -v -k ‘https://mail.cisa2380.tk/’ -H ‘Cookie: ZM_TEST=true’ –data ‘loginOp=login&username=demo$x@cisa2380.tk&password=@zimbrapassword’

    sleep 1s done