Tips Untuk Mengamankan Apache Web Server

ali ini saya akan membahas cara atau tips untuk mengamankan web server apache dari gangguan tangan-tangan jahil :D. Walaupun mungkin tips ini ga akan mengamankan server anda secara 100%, tetapi setidaknya mengurangi celah . Ok langsung saja,
1. Menyebunyikan versi apache dan jenis OS.
Saat kita meng-install webserver apache, browser akan memunculkan versi apache dan jenis OS yang kita gunakan saat page yang kita browse tidak ditemukan atau error, seperti gambar dibawah ini:

Page Error

Dari gambar diatas, kita dapat melihat informasi mengenai versi apache yang digunakan dan jenis OS nya. Dengan munculnya informasi tersebut, maka ini merupakan sebuah celah keamanan yang dapat digunakan oleh para tangan-tangan jahil :D. Untuk itu kita perlu menyembunyikan informasi tersebut, agar terhindar dari eksploitasi. Berikut caranya:

# nano /etc/httpd/conf/httpd.conf (RHEL/CentOS/Fedora)
# nano /etc/apache/apache2.conf (Debian/Ubuntu)

ServerSignature Off
ServerTokens Prod

# service httpd restart (RHEL/CentOS/Fedora)
# service apache2 restart (Debian/Ubuntu)

Setelah SeverSignature & ServerTokens kita setting seperti diatas, maka saat page tidak ditemukan atau page error tampilan dibrowser akan seperti gambar dibawah ini:

Page Error

2. Disable Directory Listing
Secara default pada web server apache, apabila web directory kita tidak mempunyai file index, maka list file akan ditampilkan dibrowser seperti gambar berikut:

Directory Listing

Kita dapat menghilangkan fungsi directory listing pada apache dengan menambahkan command dibawah ini pada httpd.conf / apache2.conf

    Options -Indexes

Setelah itu restart apache servernya, maka sekarang saat kita browser web directory yang tidak mempunyai file index, maka akan ditampilkan seperti berikut ini:

No Directory Listing

3. Selalu Update Apache Secara Berkala.
Pastikan apache web server anda selalu update, karena diversi apache terbaru akan selalu ada patch untuk celah-celah keamanan pada versi sebelumnya.

# yum update httpd (RHEL/CentOS/Fedora)
# apt-get install apache2 (Debian/Ubuntu)

4. Disable Modul-Modul yang tidak digunakan.
Untuk melihat semua modul-modul yang aktif di server apache, bisa kita liat dengan cara berikut ini:

# grep LoadModule /etc/httpd/conf/httpd.conf

# have to place corresponding `LoadModule' lines at this location so the
# LoadModule foo_module modules/mod_foo.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
....

Dari list modul diatas dapat kita lihat modul yang sedang aktif secara default tetapi tidak digunakan/dibutuhkan, seperti: mod_imap,mod_include, mod_info, mod_userdir, mod_autoindex. Untuk disable modul tersebut, kita tinggal tambahkan tanda pagar “#” (tanpa tanda kutip) didepan LoadModule pada file /etc/httpd/conf/httpd.conf, kemudia restart apache server anda.

5. Gunakan Modul mod_security dan mod_evasive untuk keamanan Apache Server.
Mod_security
Mod_security bekerja sama seperti firewall untuk aplikasi web dan memonitoring webserver secara realtime. Ini dapat membantu kita untuk mengamankan aplikasi web dari jenis serangan brute force. Kita dapat meng-install mod_security di webserver kita seperti langkah dibawah ini:

Install mod_security on Ubuntu/Debian

$ sudo apt-get install libapache2-modsecurity
$ sudo a2enmod mod-security
$ sudo /etc/init.d/apache2 force-reload

Install mod_security on RHEL/CentOS/Fedora/

# yum install mod_security
# /etc/init.d/httpd restart

Mod_evasive
mod_evasive sangat efficient kita gunakan untuk menanggulangi DDOS Attack. Fitur mod_evasive dapat menangani serangan seperti HTTP Brute Force, DOS, dan DDOS. Berikut cara instalasi mod_evasive:

## For RHEL/CentOS 6.2/6.1/6/5.8 ##
# cd /usr/src 
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

## For Fedora 17,16,15,14,13,12 ##
# cd /usr/src 
# wget http://www.zdziarski.com/blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar xzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive
# apxs -cia mod_evasive20.c

Untuk konfigurasinya sebagai berikut:
Pada file httpd.conf cari modul evasive kemudian enable dengan cara menghilangkan tanda pagar # didepan modul tersebut. Jika tidak ada, silahkan tambahkan kedalam httpd.conf nya baris berikut ini:

LoadModule evasive20_module   /usr/lib/httpd/modules/mod_evasive20.so

Setelah itu, kita tambahkan parameter untuk modul mod_evasive pada baris terakhir konfigurasi apache/httpd.conf nya. Pada DOSEmailNotify silahkana isi dengan email anda, untuk mendapatkan notifikasi saat ada serangan Dos. Seperti berikut ini:

DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   60
DOSEmailNotify someone@somewhere.com

Setelah itu restart apache webservernya.

#service httpd restart

How to remove apache test page in CentOS

After you install apache web server in CentOS and point your browser to http://localhost you will see a Apache 2 Test Page powered by CentOS. You can disable or remove this apache test page from the configuration file. Before you do any modification, please make sure you have the privilege to reload the apache webserver.

To remove apache test page in CentOS, follow the steps below:-

Advertisements

• Start your Terminal and login to your webserver thru SSH
• Once logged in, edit this file with your favorite editor
  
  /etc/httpd/conf.d/welcome.conf

  1	/etc/httpd/conf.d/welcome.conf

• The content of the file should look similar like this:-
  
  # This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL. To disable the Welcome page, comment # out all the lines below. # <locationmatch "^/+$"> Options -Indexes ErrorDocument 403 /error/noindex.html </LocationMatch>

  1 2 3 4 5 6 7 8 9

  # This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL.  To disable the Welcome page, comment # out all the lines below. # <LocationMatch "^/+$">    Options -Indexes    ErrorDocument 403 /error/noindex.html </LocationMatch>

• To remove the apache test page, comments all the line like below:-
  
  # This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL. To disable the Welcome page, comment # out all the lines below. # #<locationmatch "^/+$"> # Options -Indexes # ErrorDocument 403 /error/noindex.html #</LocationMatch>

  1 2 3 4 5 6 7 8 9

  # This configuration file enables the default "Welcome" # page if there is no default index page present for # the root URL.  To disable the Welcome page, comment # out all the lines below. # #<LocationMatch "^/+$"> #    Options -Indexes #    ErrorDocument 403 /error/noindex.html #</LocationMatch>

• now reload your apache web server

  service httpd reload

• Now point your browser to http://localhost and you shouldn't see any Apache Test Page again.

How To Create a SSL Certificate on Apache for CentOS 6

 About Self-Signed Certificates

A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server's details while a self-signed certificate has no 3rd party corroboration.

Step One—Install Mod SSL

In order to set up the self signed certificate, we first have to be sure that Apache and Mod SSL are installed on our VPS. You can install both with one command:

yum install mod_ssl

Step Two—Create a New Directory

Next, we need to create a new directory where we will store the server key and certificate

mkdir /etc/httpd/ssl 

Step Three—Create a Self Signed Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
This command will prompt terminal to display a lists of fields that need to be filled in.
The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:NYC
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc
Organizational Unit Name (eg, section) []:Dept of Merriment
Common Name (e.g. server FQDN or YOUR name) []:example.com                  
Email Address []:webmaster@awesomeinc.com

Step Four—Set Up the Certificate

Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate.
Open up the SSL config file:

 vi /etc/httpd/conf.d/ssl.conf

Find the section that begins with and make some quick changes.
Uncomment the DocumentRoot and ServerName line and replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate):

 ServerName example.com:443

Find the following three lines, and make sure that they match the extensions below:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key 

Your virtual host is now all set up! Save and Exit out of the file.

Step Five—Restart Apache

You are done. Restarting the Apache server will reload it with all of your changes in place.

 /etc/init.d/httpd restart

In your browser, type https://youraddress to view the new certificate.



Source : digitalocean.com

Install OwnCloud in Linux

 Instalasi ownCloud di Linux CentOS 6.5

Saat ini cloud begitu populer dan menyimpan segala sesuatu melalui cloud adalah hal yang sangat biasa, contohnya menyimpan data di dropbox dan sebagainya. Begitu populernya penyimpanan di cloud sehingga muncul sebuah software OwnCloud yang merupakan aplikasi cloud storage over network, dengan menggunakan ownCloud user bisa berbagi data melalui network yang dapat diakses melalui web browser.

Saya sendiri sempet merekomendasikan salah satu customer freelance untuk menggunakan ownCloud ini untuk sharing data, itung-itung iseng mau coba diterapin di dunia nyata gimana sih hasilnya dan ternyata lumayan OK kok karena user itu lebih bersahabat dengan web-browser.

Aplikasi ini berbasis PHP dan sebuah database (SQLite, MySQL, MariaDB, Oracle atau PostgreSQL) sehingga kita bisa menggunakan ownCloud di berbagai platform yang memenuhi kriteria ini.

Dalam lab kali ini kita menggunakan Operating System CentOS 6.5, webserver yang digunakan adalah Apache dan database yang digunakan adalah MySQL.

Notes 

• Pada lab kali ini, Selinux dalam keadaan disabled.
• Pada lab kali ini, IPTables dalam keadaan disabled.

Install Database & Package Dependecies

[root@owncloud ~]# yum install httpd php php-mysql sqlite php-dom php-mbstring php-gd php-pdo php-json php-xml php-zip php-gd curl php-curl mysql-server -y

Notes

• Karena ownCloud version yang saya gunakan memerlukan versi php 5.4.0 dan version php yang diinstall diatas adalah version 5.3.3 maka saya update seluruh packagesnya, langkah-langkahnya adalah sebagai berikut.

Install SCL Repo lalu install dependencies lainnya.

[root@owncloud ~]# yum install centos-release-SCL

[root@owncloud ~]# yum install php54 php54-php php54-php-gd php54-php-mbstring php54-php-mysqlnd

Lakukan backup untuk konfigurasi php53, karna kita sudah menginstall php54 seharusnya pada direktori /etc/httpd/conf.d/ terdapat file konfigurasi php54 yaitu, php54-php.conf. 

[root@owncloud ~]# mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php53.off

Restart Apache Services

[root@owncloud ~]# /etc/init.d/httpd restart

Download & Setup

[root@owncloud ~]# wget http://download.owncloud.org/community/daily/owncloud-daily-master.tar.bz2

[root@owncloud ~]# tar -jxvf owncloud-daily-master.tar.bz2

[root@owncloud ~]# mv owncloud /var/www/html/

[root@owncloud ~]# chown -R apache.apache /var/www/html/owncloud/

[root@owncloud ~]# chmod 777 /var/www/html/owncloud/config/

Edit /etc/httpd/conf/httpd.conf, lalu ganti parameter Allowoverride None menjadi Allowoverride All.

[root@owncloud ~]# vi /etc/httpd/conf/httpd.conf
....
AllowOverride All
....

Setelah selesai start database & web service dan jangan lupa buat persistent on boot.
[root@owncloud ~]# chkconfig mysqld on
[root@owncloud ~]# chkconfig httpd on
[root@owncloud ~]# /etc/init.d/httpd start
[root@owncloud ~]# /etc/init.d/mysqld start

Setting root password mysql.
[root@owncloud ~]# /usr/bin/mysqladmin -u root password 'centos'
[root@owncloud ~]# /usr/bin/mysqladmin -u root -h owncloud.arifzulfikarp.net password 'centos'

Buat database untuk owncloud.
[root@owncloud ~]# mysql -uroot -p
Enter password: centos

>

mysql> create database owncloud;
mysql> GRANT ALL ON owncloud.* to 'owncloud'@'localhost' IDENTIFIED BY 'centos';
mysql> flush privileges;
mysql> exit;


Lakukan ownCloud Install Melalui Web Browser

Setelah melakukan langkah-langkah diatas saatnya melakukan provisioning melalui web browsernya.

Sekarang kita dapat mengakses ownCloud 

http://ipaddress/owncloud 

atau 

http://domainname/owncloud 

Apabila berhasil akan muncul tampilan seperti dibawah ini.

Untuk konfigurasi awal ini kita harus mendefinisikan database yang akan digunakan oleh ownCloud dan username beserta password yang akan digunakan oleh admin user di kemudian hari.

Klik storage & database yang ada di kotak merah dari gambar atas, lalu isi parameternya menyesuaikan dengan konfigurasi yang telah kita lakukan. 

Pada lab kita kali ini parameter yang kita gunakan adalah.

Setting admin account sebagai berikut,

Admin User : admin

Password : centos@123

Setting data folder sebagai berikut,

Data Folder : /var/www/html/owncloud/data (atau biarkan saja default seperti itu).

Setting database sebagai berikut, pilih MySQL/MariaDB.

Database User : owncloud

Database Password : centos

Database Name : owncloud

Database Host : localhost

Gambar lengkapnya seperti dibawah ini.

Setelah selesai klik Finish setup.

Apabila setup awal telah selesai dan berhasil maka kita akan di redirect ke dashboard ownCloud.

Saat ini ownCloud sudah siap digunakan, tinggal kita otak-atik aja karna penggunaan relatif mudah.

Source : http://arifzulfikarp.blogspot.co.id

RESET ADMIN PASSWORD

# For Debian based Systems #
$ sudo -u www-data php /var/www/dev.2daygeek.com/public_html/owncloud/occ user:resetpassword admin
Enter a new password:
Confirm the new password:
Successfully reset password for admin

# For RHEL based Systems #
$ sudo -u apache php /var/www/dev.2daygeek.com/public_html/owncloud/occ user:resetpassword admin
Enter a new password:
Confirm the new password:
Successfully reset password for admin

# For openSUSE Systems #
$ sudo -u www php /var/www/dev.2daygeek.com/public_html/owncloud/occ user:resetpassword admin
Enter a new password:
Confirm the new password:
Successfully reset password for admin

Upgrade PHP5.3 to 5.4

wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm
yum --enablerepo=remi upgrade php-mysql php-devel php-gd php-pecl-memcache php-pspell php-snmp php-xmlrpc php-xml

1. Confirm your version of PHP is the CentOS 6.7 default

Type in the following:

rpm -qa | grep php

Should output similar to the following:

php-cli-5.3.3-46.el6_6.x86_64
php-common-5.3.3-46.el6_6.x86_64
php-5.3.3-46.el6_6.x86_64

Great, let’s move on.

2. Install and activate the REMI and EPEL RPM Repositories

Type in the following to download and install the required files:

wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm && rpm -Uvh epel-release-latest-6.noarch.rpm

wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm && rpm -Uvh remi-release-6*.rpm

Now to enable the REMI repository globally:

nano /etc/yum.repos.d/remi.repo

Under the section that looks like [remi] make the following changes:

[remi]
name=Remi's RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

Press CTRL-O to save, and CTRL-X to exit, and we can continue.

3. Update PHP from 5.3 to 5.4

Easy as pie, simply type in the following:

yum -y update php*

Once that’s done, we can verify:

rpm -qa | grep php

And we should see something similar to the below:

php-common-5.4.45-1.el6.remi.x86_64
php-5.4.45-1.el6.remi.x86_64
php-cli-5.4.45-1.el6.remi.x86_64

Make sure PHP is working correctly:

php -v

You should see something similar to the following:

PHP 5.4.45 (cli) (built: Sep 2 2015 18:54:00)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

 Activate the new PHP version permanently:

source /opt/rh/php54/enable

Disable loading the old PHP 5.3 Apache module:

mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf/old

You should now have a /etc/httpd/conf.d/php54-php.conf file, which loads the correct PHP 5.4 module for Apache.

Finally, restart Apache:

service httpd restart

How to Enable RPMForge Repository in RHEL/CentOS 7.x/6.x/5.x

Verifying RHEL/CentOS is 32 Bit or 64 Bit System

We use “uname -a” command to verify a system, whether it is 32 bit or 64 bit.
The 32 bit system will show i686 i686 i386 GNU/Linux and 64 bit server shows x86_64 x86_64 x86_64 GNU/Linux.
So, it’s very easy to verify whether a system is 32 or 64 bit using “uname -a” command from the command line shell.

32 Bit RHEL/CentOS

# uname -r

Linux tecmint.com 2.6.32-279.5.2.el6.i686 #1 SMP Thu Aug 23 22:16:48 UTC 2012 i686 i686 i386 GNU/Linux

64 Bit RHEL/CentOS

# uname -r

Linux tecmint.com 2.6.32-279.5.2.el6.i686 #1 SMP Thu Aug 23 22:16:48 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Installing RPMForge Repository in RHEL/CentOS 6/5/4

Download and Install RPMForge repository by selecting appropriate rpm package for your system.

For RHEL/CentOS 7 64 Bit

# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

For RHEL/CentOS 6 32-64 Bit

## RHEL/CentOS 6 32 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.i686.rpm

## RHEL/CentOS 6 64 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

For RHEL/CentOS 5 32-64 Bit

## RHEL/CentOS 5 32 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

## RHEL/CentOS 5 64 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

For RHEL/CentOS 4 32-64 Bit

## RHEL/CentOS 4 32 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el4.rf.i386.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el4.rf.i386.rpm

## RHEL/CentOS 4 64 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el4.rf.x86_64.rpm
# rpm -Uvh rpmforge-release-0.5.2-2.el4.rf.x86_64.rpm

Note : The RPMForge repository will be installed under /etc/yum.repod directory as a file rpmforge.repo.

Importing RPMForge Repository Key in RHEL/CentOS 7/6/5/4

Next, you’ll need to download and install DAG’s GPG key for your system.

# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# rpm --import RPM-GPG-KEY.dag.txt

Note : The imported GPG key stored under /etc/pki/rpm-gpg directory as a file RPM-GPG-KEY-rpmforge-dag.

Installing Packages using RPMForge Repository in RHEL/CentOS 7/6/5/4

Let’s try installing something using rpmforge repository.

# yum --enablerepo=rpmforge install aria2

Sample Output :

Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
rpmforge                                                                                                                                       
Setting up Install Process
Dependencies Resolved

=================================================================================================
 Package                         Arch   Version                Repository       Size
=================================================================================================
Installing:
 aria2                           i686           1.15.1-1.el6.rf        rpmforge         1.2 M
Installing for dependencies:
 nettle                          i686           2.2-1.el6.rf           rpmforge         359 k

Transaction Summary
=================================================================================================
Install       2 Package(s)

So, whenever a new packages are install using Yum command the RPMForge repository will be included.

Disable RPMForge Repository in RHEL/CentOS 7/6/5/4

To disable RPMForge repository simply open the file /etc/yum.repos.d/rpmforge.repo.

# vi /etc/yum.repos.d/rpmforge.repo

Change “enabled=1” to “enabled=0“. 0 means turn-off and 1 means turn-on.

### Name: RPMforge RPM Repository for RHEL 6 - dag
### URL: http://rpmforge.net/
[rpmforge]
name = RHEL $releasever - RPMforge.net - dag
baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
#mirrorlist = file:///etc/yum.repos.d/mirrors-rpmforge
enabled = 0
protect = 0
gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
gpgcheck = 1

Source Tecmint.com 

Install VirtualBox in Centos 6.6

cd /etc/yum.repos.d
wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

Install EPEL

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh epel-release-6*.rpm

yum --enablerepo=epel install dkms

yum groupinstall "Development Tools"
yum install kernel-devel

Installing VirtualBox

 

Go to the /etc/yum.repos.d/ directory:

cd /etc/yum.repos.d/

Add the latest oracle virtualbox repository to your CentOS server. You can download the oracle virtualbox latest repository from here.

wget http://download.virtualbox.org/virtualbox/rpm/el/virtualbox.repo

Add the virtualbox public key:

wget -q http://download.virtualbox.org/virtualbox/debian/oracle_vbox.asc

rpm --import oracle_vbox.asc

yum update && yum install VirtualBox-5.0

 

After installing virtualbox, add the virtualbox user sk_vuser to the vboxusers group.

usermod -G vboxusers sk_vuser

Now, run the following command to check if virtualbox kernel modules are loaded or not.

In CentOS 7.x:

systemctl status vboxdrv

In CentOS 6.x:

/etc/init.d/vboxdrv status

Sample output:

vboxdrv.service - LSB: VirtualBox Linux kernel module
   Loaded: loaded (/etc/rc.d/init.d/vboxdrv)
   Active: active (exited) since Thu 2015-06-11 19:20:09 IST; 19min ago
  Process: 561 ExecStart=/etc/rc.d/init.d/vboxdrv start (code=exited, status=0/SUCCESS)
Jun 11 19:20:04 server1.unixmen.local systemd[1]: Starting LSB: VirtualBox Linux kernel module...
Jun 11 19:20:09 server1.unixmen.local vboxdrv[561]: Starting VirtualBox kernel modules [  OK  ]
Jun 11 19:20:09 server1.unixmen.local systemd[1]: Started LSB: VirtualBox Linux kernel module.

If it, not loaded, run the following command to load them:

/etc/init.d/vboxdrv setup

Install Oracle VirtualBox Extension pack

Starting with VirtualBox 4.0, we should install Extension pack that will help us to manage and connect our remote guest consoles via web interface. This Extension pack provides the following functionalities to the VirtualBox guests.

• The virtual USB 2.0 (EHCI) device
• VirtualBox Remote Desktop Protocol (VRDP) support
• Host webcam passthrough
• Intel PXE boot ROM
• Experimental support for PCI passthrough on Linux hosts

VirtualBox extension pack should be same version as VirtualBox base package. Download Extension pack for VirtualBox 4.3 from here.

wget http://download.virtualbox.org/virtualbox/4.3.28/Oracle_VM_VirtualBox_Extension_Pack-4.3.28-100309.vbox-extpack

Then, Install Extension pack as shown below.

sudo VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.3.28-100309.vbox-extpack

Sample output:

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Successfully installed "Oracle VM VirtualBox Extension Pack".

That’s it Oracle VirtualBox and Extension pack have been installed successfully on our CentOS 6.5 server. Start using Oracle VirtualBox on your CentOS headless server. For creating and managing virtual machines from the command line, refer the official manual.

Instead, you can use Oracle VirtualBox GUI client called “phpvirtualbox”. to easily create and manage virtual machines via web browser of any remote desktop system.

Create and manage VMs from command line

First, let us create a Ubuntu 14.04 server VM with 512MB RAM and 8GB virtual hdd.

To do that, run:

VBoxManage createvm --name "Ubuntu 14.04" --register

Sample output:

Virtual machine 'Ubuntu 14.04' is created and registered.
UUID: 6ac096ec-01a8-4f5b-9a84-46f874eb7cfb
Settings file: '/root/VirtualBox VMs/Ubuntu 14.04/Ubuntu 14.04.vbox'

Next, assign the RAM size and network card mode(Bridge or NAT).

VBoxManage modifyvm "Ubuntu 14.04" --memory 512 --acpi on --boot1 dvd --nic1 bridged --bridgeadapter1 eth0

Assign virtual hard drive size.

VBoxManage createhd --filename Ubuntu_14_04.vdi --size 8000

Sample Output:

0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%
Disk image created. UUID: 8d48aef4-eb92-4181-aed1-63ccbae0f2b1

Add Storage controller:

VBoxManage storagectl "Ubuntu 14.04" --name "IDE Controller" --add ide

Attach the Virtual hard drive file(vdi) to the storage controller using command:

VBoxManage storageattach "Ubuntu 14.04" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium /home/sk/Ubuntu_14_04.vdi

Now, Assign the Ubuntu ISO media using command:

VBoxManage storageattach "Ubuntu 14.04 Server" --storagectl "IDE Controller" --port 1 --device 0 --type dvddrive --medium /home/sk/ubuntu-14.04-server-i386.iso

That’s it. The new VM has been created.

To know about VBoxManage command, run:

VBoxManage --help

Or, refer the Official guide.

Now, start the VM using command:

VBoxHeadless --startvm "Ubuntu 14.04"

To stop a running VM, enter the following command:

VBoxManage controlvm "Ubuntu 14.04" poweroff

Similarly we can pause a VM, using command:

VBoxManage controlvm "Ubuntu 14.04" pause

To reset a VM, enter:

VBoxManage controlvm "Ubuntu 14.04" reset

To learn more about VBoxHeadless options, run:

VBoxHeadless --help

Sample output:

Oracle VM VirtualBox Headless Interface 4.3.28
(C) 2008-2015 Oracle Corporation
All rights reserved.
Usage:
   -s, -startvm, --startvm    Start given VM (required argument)
   -v, -vrde, --vrde on|off|config       Enable (default) or disable the VRDE
                                         server or don't change the setting
   -e, -vrdeproperty, --vrdeproperty  Set a VRDE property:
                                         "TCP/Ports" - comma-separated list of ports
                                         the VRDE server can bind to. Use a dash between
                                         two port numbers to specify a range
                                         "TCP/Address" - interface IP the VRDE server
                                         will bind to
   --settingspw                      Specify the settings password
   --settingspwfile                Specify a file containing the settings password
   -c, -capture, --capture               Record the VM screen output to a file
   -w, --width                           Frame width when recording
   -h, --height                          Frame height when recording
   -r, --bitrate                         Recording bit rate when recording
   -f, --filename                        File name when recording. The codec used
                                         will be chosen based on the file extension

For more details, refer the official manual.

Creating and managing might be bit difficult and time consuming method for some lazy administrators. If you are one of them, there is another way to create and manage VMs in the headless from a Remote system web browser using a tool called “phpvirtualbox”.

You can use Oracle VirtualBox GUI client called “phpvirtualbox” to easily create and manage virtual machines via a web browser from any remote desktop system.

What is phpVirtualBox?

phpVirtualBox is an open source, web-based client written using PHP. It can be used to manage and administer Oracle VirtualBox headless instances.

Install phpVirtualBox

Before installing phpVirtualBox, we have to install Apache web server and PHP. To install Apache, PHP refer the following links.

• Install LAMP Server On CentOS 6.5
• Install LAMP Stack On CentOS 7

Additionally, install php-soap extension which is required by phpVirtualBox to work well.

yum install php-soap

Restart the web server to take effect the changes.

In CentOS 7.x:

systemctl restart httpd

In CentOS 6.x:

service httpd restart

Now, Download the latest version from the phpVirtualBox official site.

wget http://sourceforge.net/projects/phpvirtualbox/files/phpvirtualbox-4.3-3.zip

Extract the zip file using the following command:

unzip phpvirtualbox-4.3-3.zip

Move the extracted folder to your apache root folder.

mv phpvirtualbox-4.3-3 /var/www/html/phpvirtualbox

Configure phpVirtualBox

Edit phpVirtualBox config.php file:

cp /var/www/html/phpvirtualbox/config.php-example /var/www/html/phpvirtualbox/config.php

vi /var/www/html/phpvirtualbox/config.php

Change the username/password for system user that runs VirtualBox. In our case, the username/password is sk_vuser/centos.

[...]
var $username = 'sk_vuser';
var $password = 'centos';
[...]

Save and close the file.

Create a file called /etc/default/virtualbox:

vi /etc/default/virtualbox

Append the following line:

VBOXWEB_USER=sk_vuser

Now, start vboxweb-service, and make it to start automatically on every reboot.

/etc/init.d/vboxweb-service start

chkconfig vboxweb-service on

I don’t want to messing around with iptables and SElinux. So, I simply disabled them both.

In CentOS 7.x:

systemctl disable firewalld

systemctl stop firewalld

In CentOS 6.x:

service iptables stop

chkconfig iptables off

Disable SELinux:

vi /etc/sysconfig/selinux

Set SELINUX=disabled.

[...]
SELINUX=disabled
[...]

Reboot your system once to take effect all the changes.

Access phpVirtualBox Web console

Now, go to any client systems that has installed with GUI desktop environments, and try to access the URL http://ip-address-of-virtualbox-headless-server/phpvirtualbox from the web browser.

Now, try again the same URL mentioned above. The following screen should appear. Enter the username/password.

The default username/password is admin/admin.

Now, you’ll be redirected to the phpVirtualBox main dashboard.

From here, you can create, modify, delete, and manage virtual machines.

Creating sample Virtual Machine

Let us create a sample virtual machine to install Ubuntu 14.04.

Click on the New button on the top left corner. Enter the Virtual machine name.

Set the Memory size for the virtual machine.

Select “Create a virtual hard drive now” option.

Select hard drive file type.

Choose whether the new virtual hard drive file should grow as it is used (dynamically allocated) or if it should be created at its maximum size (fixed size).

Enter the size of the virtual hdd.

That’s it. The virtual machine has been created. Start installing the OS, and use the virtual machine.

phpVirtualBox tool will definitely help the system administrators who have only headless CentOS server, and also the installation is not that difficult. So, You can easily run virtual machines as many as your hardware supports from your headless CentOS server.

Cara Membuat Notifikasi Email The Dude (Aplikasi Monitoring Jaringan

ebagai seorang Network Admin, sudah pasti kita menginginkan kondisi jaringan yang sehat dan handal tanpa adanya gangguan perangkat atau jaringan. Namun kenyataan nya gangguan tetap saja ada. Untuk mempermudah kita dalam mengetahui perangkat atau link mana yang mengalami gangguan, tentunya kita butuh Aplikasi Monitoring Jaringan yang dapat memberitahukan kita jika ada gangguan.

Ada banyak sekali Aplikasi Monitoring Jaringan Gratis yang bisa kita manfaatkan. Salah satu yang menurut saya cukup bagus dengan fitur yang lumayan lengkap dan yang pastinya GRATIS yaitu The Dude.

The Dude adalah aplikasi buatan Mikrotik yang berfungsi untuk memonitor jaringan komputer dengan simple dan mudah. Saya sudah pernah bahas tentang The Dude, silakan baca disini :

Cara Memantau dan Memonitor Jaringan Mikrotik Menggunakan The Dude.

Oke. Yang akan kita bahas pada artikel kali ini adalah Cara Membuat Notifikasi Email di The Dude, sehingga ketika ada perubahan status perangkat karena gangguan kita akan dapat pemberitahuan melalui email.

Kenapa email? kok gak pakai SMS aja sih? Yups pertanyaan yang bagus, pakai SMS juga bisa, tapi kita coba dulu bertahap via Email ya. Karena kalo pakai email bisa gratis, jadi seberapa pun banyaknya perangkat yang ingin kita monitor tidak jadi masalah. Lain halnya jika kita pakai SMS, tentu bakalan nyedot pulsa banyak kan.

Sebelum kita mulai, ada beberapa hal yang kita perlukan :

1. Aplikasi The Dude. Saya sarankan install versi terbaru dari The Dude disini. Atau bisa Download versi 4.0beta3 disini.
2. Akun email Gmail (Untuk kirim email notifikasi). Saya sarankan gunakan email yang tidak terpakai.
3. Aplikasi Mailsend. Download disini.

Oke, langsung kita mulai saja Tutorial Cara Membuat Notifikasi Email dengan The Dude:

1. Install The Dude. Langkah-langkah install hingga membuat Network Map ada disini.

2. Buka folder instalasi The Dude  -->
Untuk Windows 64 bit C:\Program Files (x86)\Dude\
Untuk Windows 32 bit C:\Program Files\Dude\
Buat Folder Baru beri nama mailsend --> Copy file mailsend.exe ke folder tersebut.


3. Buat file mailsend.cmd --> Caranya buka notepad masukkan script berikut :

::
:: Kirim Notifikasi Email The Dude via Gmail
::
set mailsenderdir=C:\Program Files (x86)\Dude\mailsend
set mailsender=mailsend.exe
set smtpsender=username@gmail.com
set smtpsenderfullname=username
set smtpserver=smtp.gmail.com
set smtpport=465
set smtpuser=username@gmail.com
set smtppwd=password
set mailto=username@gmail.com
::
::
"%mailsenderdir%\%mailsender%" -smtp %smtpserver% -port %smtpport% -ssl -auth -user %smtpuser% -pass %smtppwd% -t %mailto% -f %smtpsender% -name "%smtpsenderfullname%" +cc +bc -q -sub %1 -M %2
::
::pause
::

Silakan edit script tersebut pada bagian yang berwarna. Kemudian save dengan nama mailsend.cmd di folder yang sama dengan mailsend.exe.

4. Buka Aplikasi The Dude --> Masuk ke menu Notifications --> Tambahkan Notifikasi Baru --> Beri nama dan pilih tipe nya execute on server. Ganti Command nya dengan script berikut :

"C:\Program Files (x86)\Dude\mailsend\mailsend.cmd" "Service [Probe.Name] on [Device.Name] is now [Service.Status]" "Service [Probe.Name] on [Device.Name] is now [Service.Status] ([Service.ProblemDescription])"

Silakan sesuaikan path direktori pada bagian yang berwarna kuning.

5. Coba test setingan nya, Klik Test.

6. Jika setingan benar, maka akan muncul jendela CMD untuk mengirim email otomatis.

7. Silakan buka email anda untuk mengecek apakah email test tadi berhasil dikirim.

8. Sekarang kembali ke The Dude, Masuk ke Network Map. Klik menu Settings --> Tab Polling --> Centang opsi Use Notifications --> Centang Notifikasi Kirim Email --> Ok

9. Sampai disini setingan sudah selesai. Silakan coba down/up kan device yang ada di network map untuk mengetes hasil nya.

10. Cek Email untuk melihat hasil Notifikasi nya

Oke Selesai sudah. Hal yang perlu diingat adalah The Dude tidak bisa mengirim notifikasi email jika tidak ada koneksi Internet. Jadi pastikan Server The Dude terkoneksi ke internet.



(Source mikrotikindo.blogspot.com)

how-to-install-kvm-and-libvirt-on-centos-6.2-with-bridged-networking

Requirements

• Hardware:
  • Processor with support for Intel-VT or AMD-V technology
  • Plenty RAM memory depending on the number of guests
  • Network connectivity
• Software:
  • A previosly installed Linux CentOS 6.2 with a recent Linux kernel. On this how to:
    $ uname -r
    2.6.32-220.2.1.el6.x86_64
    $ lsb_release -a
    LSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch
    Distributor ID: CentOS
    Description: CentOS release 6.2 (Final)
    Release: 6.2
    Codename: Final
  • A Linux client with a Desktop environment installed
  • An available CentOS mirror/repository

Installation Steps

1. Log into the CentOS as bozz user (a sudoer user) and check if your hardware support for  virtualization extensions, on my hardware it was:
$ egrep '^flags.*(vmx|svm)' /proc/cpuinfo
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology nonstop_tsc aperfmperf pni dtes64 monitor ds_cpl vmx est tm2 ssse3 cx16 xtpr pdcm sse4_1 sse4_2 popcnt lahf_lm ida dts tpr_shadow vnmi flexpriority ept vpid
2. Install kvm and libvirt packages:
   $ sudo yum install kvm libvirt
3. Update both packages to the latest version available on repositories/mirrors:
   $ sudo yum update libvirt kvm
   $ yum info libvirt
   Installed Packages
   Name        : libvirt
   Arch        : x86_64
   Version     : 0.9.4
   Release     : 23.el6_2.4
   $ yum info qemu-kvm
   Installed Packages
   Name        : qemu-kvm
   Arch        : x86_64
   Epoch       : 2
   Version     : 0.12.1.2
   Release     : 2.209.el6_2.1
4. Restart the libvirtd daemon:
   $ sudo service libvirtd restart
5. Verify if the kvm module is loaded, you should see amd or intel depending on the hardware:
   $ lsmod | grep kvm
   kvm_intel              50380  0
   kvm                   305113  1 kvm_intel
6. Issue a virsh command to ensure local root connectivity first:
   $ sudo virsh sysinfo
   
   ...
7. [OPTIONAL] To use KVM by a non-root user verify if kvm group was created on installation:
   $ cat /etc/group | grep kvm
   kvm:x:36:qemu
   Then add the bozz user to kvm group, so it can gain access to hypervisor:
   
   $ sudo usermod -a -G kvm bozz
   $ logout
   Login again as the bozz user and verify kvm's membership:
   
   $ id
   uid=500(bozz) gid=500(bozz) groups=500(bozz),10(wheel),36(kvm) context=...
   and verify if /dev/kvm is owned by group kvm:
   
   $ ls -l /dev/kvm
   crw-rw-rw-. 1 root kvm 10, 232 Jan 17 14:50 /dev/kvm
   On a system that runs udev, you will probably need to add the following line in your udev configuration so it will automatically give the right group to the newly created device:
   
   $ cat /etc/udev/rules.d/80-kvm.rules
   KERNEL=="kvm", GROUP="kvm", MODE="0666"
8. To manage libvirt with a non-root account you should use PolicyKit. Define access control for a libvirt group:
   $ sudo groupadd libvirt
   $ sudo usermod -a -G libvirt bozz
   $ logout
   Login again as bozz user and edit a new archive:
   
   $ sudo nano /etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
   with this content:
   

   [libvirt Management Access]
   # For allowing access to specific user only:
   #Identity=unix-user:bozz
   # For allowing access to a group (like this guide):
   Identity=unix-group:libvirt
   Action=org.libvirt.unix.manage
   ResultAny=yes
   ResultInactive=yes
   ResultActive=yes
   

   Restart libvirtd daemon:
   
   $ sudo service libvirtd restart
   Verify if bozz user can locally access to qemu:///system (NOTE: the use of qemu:///session is discouraged):
   
   $ virsh -c qemu:///system sysinfo
   
   ...
   Verify if bozz user can remotely access to qemu+ssh://bozz@SERVER/system too. So on the Linux client issue:
   For Ubuntu client (like in this guide):
   
   $ sudo apt-get install libvirt-bin
   For CentOS client:
   
   $ sudo yum install libvirt
   Then:
   
   $ virsh -c qemu+ssh://bozz@SERVER/system sysinfo
   
   ...
   Change group ownership and permissions on the default images directory:
   
   $ sudo chown root:libvirt /var/lib/libvirt/images
   $ sudo chmod g+rw /var/lib/libvirt/images
9. [OPTIONAL] When libvirtd (>= 0.9.3) is running as non-root it tries to read ~/.libvirt/libvirtd.conf (see here). A workaround is: 
   $ mkdir -p ~/.libvirt
   $ touch ~/.libvirt/libvirtd.conf
   Then issue a virsh command as bozz user:
   
   $ virsh list
    Id Name                 State
   ----------------------------------
10. Configure Bridged Network by creating a new network script at /etc/sysconfig/network-scripts/ifcfg-br0:
    $ sudo nano /etc/sysconfig/network-scripts/ifcfg-br0
    and configuring the parameters according to your LAN settings (NOTE: options are case sensitive i.e. Bridge and bridge are two different options):
    

    DEVICE="br0"
    TYPE=Bridge
    DELAY=0
    ONBOOT="yes"
    BOOTPROTO=static
    IPADDR=192.168.11.12
    NETMASK=255.255.255.0
    NETWORK=192.168.11.0
    GATEWAY=192.168.11.1
    DNS1=192.168.11.2
    PEERDNS="yes"
    NM_CONTROLLED=no
    

    Then edit the Ethernet network script /etc/sysconfig/network-scripts/ifcfg-eth0:
    
    $ sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
    with the following content (NOTE: the hardware address depends on your NIC, an arbitrary MAC address is used here):
    

    DEVICE="eth0"
    HWADDR="00:2C:C2:85:29:A3"
    ONBOOT="yes"
    BRIDGE=br0
    NM_CONTROLLED=no
    

    Restart the networking service:
    
    $ sudo service network restart
    and verify the bridge config:
    
    $ brctl show
    bridge name bridge id STP enabled interfaces
    br0 8000.002cc28529a3 no eth0
    ...
    Configure iptables to allow all traffic to be forwarded across the bridge:
    
    $ sudo iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
    $ sudo service iptables save
    $ sudo service iptables restart
    Prevent bridged traffic from being processed by iptables rules, this improves the bridge’s performance. In /etc/sysctl.conf append the following lines:
    

    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0

    Reload the kernel parameters configured with sysctl:
    
    $ sudo sysctl -p /etc/sysctl.conf
    Restart the libvirt daemon:
    
    $ sudo service libvirtd reload
    
    
    
    
    
    
    Source :  www.howtoforge.com

How to Create Virtual Machines in Linux Using KVM (Kernel-based Virtual Machine)

What is KVM?

KVM or (Kernel-based Virtual Machine) is a full virtualization solution for Linux on Intel 64 and AMD 64 hardware that is included in the mainline Linux kernel since 2.6.20 and is stable and fast for most workloads.

KVM Feautres

There are many useful features and advantages which you will gain when you use KVM to deploy your virtual platform. KVM hypervisor supports following features:

1. Over-committing : Which means allocating more virtualized CPUs or memory than the available resources on the system.
2. Thin provisioning : Which allows the allocation of flexible storage and optimizes the available space for every guest virtual machine.
3. Disk I/O throttling : Provides the ability to set a limit on disk I/O requests sent from virtual machines to the host machine.
4. Automatic NUMA balancing : Improves the performance of applications running on NUMA hardware systems.
5. Virtual CPU hot add capability : Provides the ability to increase processing power as needed on running virtual machines, without downtime.

This is our first on-going KVM (Kernel-based Virtual Machine) series, here we will going to cover following articles in part wise fashion.


Prerequisites Make sure that your system has the hardware virtualization extensions: For Intel-based hosts, verify the CPU virtualization extension [vmx] are available using following command.

[root@server ~]# grep -e 'vmx' /proc/cpuinfo

Check Virtualization Support

For AMD-based hosts, verify the CPU virtualization extension [svm] are available.

[root@server ~]# grep -e 'svm' /proc/cpuinfo

Check CPU Virtualization Support

If there is no output make sure that virtualization extensions is enabled in BIOS. Verify that KVM modules are loaded in the kernel “it should be loaded by default”.

[root@server ~]# lsmod | grep kvm

The output should contains kvm_intel for intel-based hosts or kvm_amd for amd-based hosts.

Check KVM Kernel Module

Before starting , you will need the root account or non-root user with sudo privileges configured on your system and also make sure that your system is up-to-date.

[root@server ~]# yum update

Make sure that Selinux be in Permissive mode.

[root@server ~]# setenforce 0

Step 1: KVM Installation and Deployment

1. We will install qemu-kvm and qemu-img packages at first. These packages provide the user-level KVM and disk image manager.

[root@server ~]# yum install qemu-kvm qemu-img

2. Now, you have the minimum requirement to deploy virtual platform on your host, but we also still have useful tools to administrate our platform such as:

1. virt-manager provides a GUI tool to administrate your virtual machines.
2. libvirt-client provides a CL tool to administrate your virtual environment this tool called virsh.
3. virt-install provides the command “virt-install” to create your virtual machines from CLI.
4. libvirt provides the server and host side libraries for interacting with hypervisors and host systems.

Let’s install these above tools using the following command.

[root@server ~]# yum install virt-manager libvirt libvirt-python libvirt-client 

3. For RHEL/CentOS7 users, also still having additional package groups such as: Virtualization Client, Virtualization Platform and Virtualization Tools to install.

[root@server ~]#yum groupinstall virtualization-client virtualization-platform virtualization-tools 

4. The virtualization daemon which manage all of the platform is “libvirtd”. lets restart it.

[root@server ~]#systemctl restart libvirtd

5. After restarting the daemon, then check its status by running following command.

[root@server ~]#systemctl status libvirtd  

Sample Output

libvirtd.service - Virtualization daemon 
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled) 
   Active: active (running) since Mon 2014-12-29 15:48:46 EET; 14s ago 
 Main PID: 25701 (libvirtd) 

Check Libvirtd Status

Now, lets switch to the next section to create our virtual machines.

Step 2: Create VMs using KVM

As we mentioned early, we have some useful tools to manage our virtual platform and creating virtual machines. One of this tools called [virt-manager] which we use in the next section.
6. Although virt-manager is a GUI based tool, we also could launch/start it from terminal as well as from GUI.

[root@server ~]#virt-manager

Using GNOME

Start Virtual Manager in GNOME

Using GNOME Classic

Start Virtual Manager in GNOME Classic

7. After starting the tool, this window will appear.

Start Virtual Manager Window

8. By default you will find manager is connected directly to localhost, fortunately you could use the same tool to mange another host remotely. From “File” tab, just select “Add Connection” and this window will appear.

Add Connection

Check “Connect to remote host” option then provide Hostname/IP of the remote server. If you need establishing connection to the remote host at every time the manager starting, just check “Auto Connect” option.
9. Let’s return to our localhost, before creating new virtual machine you should decide where will the files be stored?! in other words, you should create the Volume Disk (Virtual disk / Disk image ) for your virtual machine.
By Right clicking on localhost and selecting “Details” and then select “Storage” tab.

VM Storage Details

VM Storage Volume

10. Next, press “New Volume” button, then enter the name of your new virtual disk (Volume Disk) and enter the size which you want/need in the “Max Capacity” section.

Create VM Storage Disk

The allocation size is the actual size for your disk which will be allocated immediately from your physical disk after finishing the steps.
Note: This is an important technology in storage administration field which called “thin provision”. It used to allocate the used storage size only, NOT all of available size.
For example, you created virtual disk with size 60G, but you have used actually only 20G, using this technology the allocated size from your physical hard disk will be 20G not 60G.
In another words the allocated physical size will by dynamically allocated depending on the actual used size. You could find more information in details at VMWare vStorage Thin Provisioning.
11. You will note that a label of the new Volume Disk has been appeared in the list.

VM Storage Label

You should also notice the path of the new disk image (Volume Disk), by default it will be under /var/lib/libvirt/images, you can verify it using the following command.

[root@server Downloads]# ls -l /var/lib/libvirt/images
-rw-------. 1 root root 10737418240 Jan  3 16:47 vm1Storage.img

12. Now, we’re ready to create our virtual machine. Let’s hit the button “VM” in the main window, this wizard window will be appear.

Create New Virtual Machine

Select the installation method which you will use to create the virtual machine. For now we will use Local install media, later we will discuss the remaining methods.
13. Now its time to specify which Local install media to be used, we have two options:

1. From physical [CDROM/DVD].
2. From ISO image.

For our tutorial, lets use ISO image method, so you should provide the path of your ISO image.

Select Installation Media

Important: Unfortunately there’s a really silly bug for whom use RHEL/CentOS7. This bug prevents you from installation using physical [CDROM/DVD], you will find the option is grayed like this.

Disabled CD DVD Rom in KVM

And if you hold your cursor on it, this error message will appear.

CD DVD Not Supported in KVM

Until now there is no official/direct solution for this bug, you could find more information about this but here.
14. The storage has return back, we will use the virtual disk which we have created early to install virtual machine on it. It will be as shown.

Enable Storage for Virtual Machine

15. The final step which ask you about the name of your virtual machine and another advanced options lets talk about it later.

Enter Name of Virtual Machine

If you like to change some configuration or doing some customization just check “Customize configuration before install” option. Then click finish and wait seconds, control console will appear for your Guest OS to manage it

Virtual Machine Installation

Copy from : tecmint.com