Official website: http://www.u-nas.cn/

U-NAS Information

U-NAS Version

• Serial Number: 000000000000
• U-NAS Model: U-NAS CE
• System Version: 3.1.1

System Information

• Host Name: U-NAS
• Host IP: 192.168.1.110
• Kernel Version: 3.16.0-6-amd64
• Average Load: 0.60, 0.55, 0.45
• Up Time: 1:36

Hardware Information

• CPU Model: Intel(R) Celeron(R) CPU J3160 @ 1.60GHz
• Physical Memory: 3GB
• nic0:Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 11)

Hardware

• Case: NSC-400 4-bay, front USB3.0
• SATA: 6 data 3.0, support up to 6 disks
• Power Supply: Delta 250W, Flex style. Server Power Supply.
• RAM: 3GB
• System Disk: 64GB  2.5 inch SSD.
• CPU: Intel J3160 four cores.
• Motherboard: AsRock J3160-ITX Rev1.02

Software

U-NAS system 3.1.1.  It is based on the Debian distribution 8, I think.

This system has a Web interface. Most of the time, I managed it through the web interface.

There are a lot of apps in the APP Manager.

Let me try to list the Apps I believe you will be interested in. I do not include the system apps.

• ISO Mount
• VPN service
• Peanut Hull
• Samba Service
• WebDAV service
• Web Server
• SSH Server
• U-NAS Cloud
• KVM
• Clam AV
• VirtualBox
• XMail Server
• FTP Service
• Media Center
• NGS Service
• RainLoop
• Surveillance
• Transmission
• U-Anywhere
• PlexMedia Server
• Aria2
• OnlyOffice
• Rclone
• Reverse Proxy
• Nextcloud
• Docker
• AWS S3
• Rsync Backup
• Card DAV
• Dropbox
• iTunes Server
• Time Machine

As a NAS system, RAID is very important.  U-NAS supports LVM + RAID 0/1/5/6/10.

But, I am not using any RAID. I just use the plain folder share function, BT download, FTP, etc.

Most of the time I used it as storage with other backup methods. It means, either I have a copy of these files in U-NAS, or it can be download from somewhere on the Internet.

The post U-NAS System appeared first on David Yin's Blog.

The command is du

du

Usage

du takes a single argument, specifying a pathname for du to work; if it is not specified, the current directory is used. The SUS mandates for du the following options:

-a, display an entry for each file (and not directory) contained in the current directory
-c, display a grand total of the disk usage found by the other arguments
-d #, the depth at which summing should occur. -d 0 sums at the current level, -d 1 sums at the subdirectory, -d 2 at sub-subdirectories, etc.
-H, calculate disk usage for link references specified on the command line
-k, show sizes as multiples of 1024 bytes, not 512-byte
-L, calculate disk usage for link references anywhere
-s, report only the sum of the usage in the current directory, not for each file
-x, only traverse files and directories on the device on which the pathname argument is specified.

Above command usage method retrieved from Wikipedia.

Here is what I entered to get the result I want.

du -hx --max-depth=2 |grep G

It will show you the folders which took over 1GB.

–max-depth=2 means the max depth of folder is two.
|grep G means at least 1GB. You can also use |grep M.

Following is another example.

du -hx --max-depth=2 |grep M

Test the command in your VPS terminal window.

The post How to know the disk usage of your VPS appeared first on David Yin's Blog.

First of all, rebuild the OS on VPS with Centos-6.2-x86_64.

Other VPS providers have similar interface to rebuild / reload operation system.

After 5 to 10 minutes, the VPS is ready to use.

SSH to VPS through PUTTY with root account.  The following installation steps will be done in terminal window.

1) Update the system to Centos 6.4

yum update

There are 158 updates need to be installed. So just confirm it and wait all the updates completed. Then the Centos is updated from 6.2 to 6.4.

2) Install the required repositories

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

3) Install MySQL server

yum install mysql mysql-server

Start MySQL

/etc/init.d/mysqld restart

Configure MySQL server

/usr/bin/mysql_secure_installation

It will guide you the whole procedure of steps to make the MySQL more security. It includes adding root password, remove sample database, remove anonymous user, disable root login remotely.

4) Install NginX

yum install nginx

Start nginx

/etc/init.d/nginx start

Check the IP address

ifconfig eth0 | grep inet | awk '{ print $2 }'

or

ifconfig venet0:0 | grep inet | awk '{ print $2 }'

5) Install PHP

The php-fpm package is located within the REMI repository, which, at this point, is disabled. The first thing we need to do is enable the REMI repository and install php and php-fpm:

yum --enablerepo=remi install php-fpm php-mysql

6) Configure PHP

vi /etc/php.ini

Find the line, cgi.fix_pathinfo=1, and change the 1 to 0.

cgi.fix_pathinfo=0

7) Configure Nginx

vi /etc/nginx/nginx.conf

Raise the number of worker processes to 4 then save and exit that file. Actually, my Burst.net VPS has one core only.

Now we should configure the nginx virtual hosts. In order to make the default nginx file more concise, the virtual host details are in a different location.

vi /etc/nginx/conf.d/default.conf

The configuration should be including following things. Make sure the server_name is changed to your domain or IP address.

#
# The default server
#
server {
listen       80 default_server;
server_name sample.com;

#charset koi8-r;

#access_log  logs/host.access.log  main;

location / {
root   /usr/share/nginx/html;
index  index.php index.html index.htm;
}

error_page  404              /404.html;
location = /404.html {
root   /usr/share/nginx/html;
}

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
root   /usr/share/nginx/html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
#    proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root           /usr/share/nginx/html;
fastcgi_pass   127.0.0.1:9000;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
include        fastcgi_params;
}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
#    deny  all;
#}
}

Configure php-fpm configuration

vi /etc/php-fpm.d/www.conf

Replace apache by nginx

[...]
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;	will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
[...]

Restart php-fmp

 service php-fpm restart

8) Add autostart services

sudo chkconfig --levels 235 mysqld on
sudo chkconfig --levels 235 nginx on
sudo chkconfig --levels 235 php-fpm on

8) Make a testing page with phpinfo() function and look at the following screenshots
NginX default page

PHP information page

There is one issue I have during installation. When I restart nginx, following error message shown:

 * Restarting nginx
 * Stopping nginx nginx
   ...done.
 * Starting nginx nginx
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
   ...done.
   ...done.

After do a little bit research, I found it is because of the port 80 is used by others. So I found it is Apache, another web server is running already.
I enter the command to remove Apache

yum remove httpd

The post Install LEMP on Centos 6.4 64bit at Burst.Net VPS appeared first on David Yin's Blog.

• register_globals set to off
• safe_mode set to off
• error_reporting set to off
• disable these functions: system(), exec(), passthru(), shell_exec(), proc_open(), and popen()
• open_basedir set for both the /tmp directory and the web root so that scripts cannot access files outside a selected area
• expose_php set to off
• allow_url_fopen set to off

register_globals is turned off by default in PHP 4.2 and later.

safe_mode doesn’t really make anything safe.

Do not show error information in public or normal users. It attract hacker to discover the way to get into the system.  Enable error logging instead of the error displaying.

Disable expose_php to hide the PHP version number.

Be noticed that it is very important to keep the production server safe.

The post How to config PHP to secure Web Server appeared first on David Yin's Blog.

• test_math 2.332 sec.
• test_stringmanipulation : 2.321 sec.
• test_loops : 2.346 sec.
• test_ifelse : 1.483 sec.

Then I upgrade or replace the php 5.3 by php 5.5. I follow the guide on Webtactic. http://www.webtatic.com/packages/php55/ The testing result on php 5.5 as below:

• test_math 2.146 sec.
• test_stringmanipulation : 2.222 sec.
• test_loops : 1.419 sec.
• test_ifelse : 1.087 sec.
• Total time: 6.874 sec.

Compare the result of php 5.3. The total time is 20% shorter.

Regarding loops, it is 40% faster. For ifelse, 27% faster. These two type of control functions are used very often. So the benefit gained from upgrading to PHP 5.5 will be more than 20%. Here are one more benefit from the new feature of php 5.5. I added support of Zend OPcache v7.0.2-dev on it. The total time is reduced to 6.463 sec. It optimized ifelse operation. The virtual machine, Centos 6.4 is 4cores AMD A8-3870 APU, 512 MB memory.

Conclusion: PHP 5.5 will improve the php program performance at least 20%. And also PHP 5.3 series will receive only security fixes for the next year.  It is time to upgrade PHP.

The post PHP 5.5 is 20% faster than PHP5.3 appeared first on David Yin's Blog.

Version 1.640 (13th August 2013)

• Even more German translation updates thanks to Raymond Vetter, Norwegian updates thanks to Stein-Aksel Basma, Polish from Piotr Kozica, and Catalan from Jaume Badiella.
• UI consistency improvements in the Linux Firewall and Xinetd modules.
• Support for new Apache 2.4 features, such as IncludeOptional, the removal of NameVirtualHost and use of apachectl to get enabled modules.
• Improved error detection and better handling of disks that don’t start on cylinder 1 in the Fdisk module.
• Support for growing a logical volume to the maximum size possible in the LVM module.
• Fixes for total and free memory detection under OpenVZ / Virtuozzo.
• Mandriva Linux improvements in the Bootup and Shutdown and other modules.
• Fix for a bug that could cause /etc/webmin to be deleted following a failed upgrade on Debian.
• Improved support for FreeBSD 8, bringing it into sync with FreeBSD 9.

When the upgrade process finished, it said

There are 1 updates for this new version of Webmin. Click here to automatically download and install them now.

So, click the link and Updating module apache to version 1.642.

If you are also use Webmin as control panel, go to you site and upgrade it.

The post Webmin update to 1.64 appeared first on David Yin's Blog.

Since I have rpmforge Repository on my VPS, the installation is as simple as one command.

yum install htop

When finished, I run htop command.

Comparison between htop and top

• In ‘htop’ you can scroll the list vertically and horizontally to see all processes and complete command lines.
• In ‘top’ you are subject to a delay for each unassigned key you press (especially annoying when multi-key escape sequences are triggered by accident).
• ‘htop’ starts faster (‘top’ seems to collect data for a while before displaying anything).
• In ‘htop’ you don’t need to type the process number to kill a process, in ‘top’ you do.
• In ‘htop’ you don’t need to type the process number or the priority value to renice a process, in ‘top’ you do.
• ‘htop’ supports mouse operation, ‘top’ doesn’t
• ‘top’ is older, hence, more used and tested.

official site of htop

The post Install htop on Linode VPS appeared first on David Yin's Blog.

2048 (default since fdisk 2.17.2) means that my SDD is aligned correctly. Any other value divisible by 8 is good as well.

When you install Windows, use diskgenius, it is a Chinese software. There is a check box allowing 4K alignment when you create the partition.
Or, you can use Acronis Disk Director to do this job.
Let me use IBM’s conclusion to end this post.

• At present, only a handful of Advanced Format hard drive models are available. Press reports indicate that this technology will be spreading to more drives from all the major manufacturers in 2010 and beyond. It’s conceivable that new models will suffer other performance problems that differ from those with the first generation of Advanced Format drives.
• Ultimately, manufacturers may abandon the fiction of 512-byte sectors, or they may provide jumpers to enable users to choose whether or not to use this compatibility feature. If you encounter a drive with 4096-byte sectors but with an option to use the true sector size, you may want to use it; however, you should be aware of some caveats.
• As noted earlier, software from the BIOS up may contain assumptions about a hard disk’s sector size. If the BIOS contains such an assumption, it’s likely that your computer won’t boot from a disk that has 4096-byte sectors and lacks firmware translation to 512-byte sectors. As of version 2.2, GNU Parted displays a warning that support for disks with sectors of other than 512 bytes is experimental when it is launched on such disks. Other problems may lurk in software that may be important to you. Using the latest software may help you work around problems, as may using a conventional disk as the boot disk, restricting your new-technology disk to use as a data disk (/dev/sdb or higher).
• Overall, caution is in order when dealing with exotic new disks. That said, chances are that the dust will settle on the current style of Advanced Format disk, as well as other new drive types, relatively quickly.

The post Make sure 4K Alignment on SSD appeared first on David Yin's Blog.

LInux LOader, or LILO, comes as standard on all distributions of Linux. As one of the older/oldest Linux boot loaders, its continued strong Linux community support has enabled it to evolve over time and stay viable as a usable modern-day boot loader. Some new functionality includes an enhanced user interface and exploitation of new BIOS functions that eliminate the old 1024-cylinder limit.
Lilo configuration file is located at /etc/lilo.conf
Here is an example:

boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=100
compact
default=Linux
image=/boot/vmlinuz-2.4.18-14
label=Linux
root=/dev/hdb3
read-only
password=linux
other=/dev/hda
label=WindowsXP

Since lilo.conf is not read at boot time, the MBR needs to be “refreshed” when this is changed. If you do not do this upon rebooting, none of your changes to lilo.conf will be reflected at startup. Like getting LILO into the MBR in the first place, you need to run:

$ /sbin/lilo -v -v

More recently, the GRand Unified Boot loader (commonly known as GRUB) seems to have somewhat taken the boot loaders crown from LILO. GNU GRUB is actively developed by the Free Software Foundation and based on the original GRUB program, originally created by Erich Stefan Boleyn.
GRUB configuration file is located at /boot/grub/grub.conf
Here is an example of it:

default=0
timeout=10
splashimage=(hd1,2)/grub/splash.xpm.gz
password --md5 $1$opeVt0$Y.br.18LyAasRsGdSKLYlp1
title Red Hat Linux
password --md5 $1$0peVt0$Y.br.18LyAasRsGdSKLYlp1
root (hd1,2)
kernel /vmlinuz-2.4.18-14 ro root=LABEL=/
initrd /initrd-2.4.18-14.img
title Windows XP
password --md5 $1$0peVt0$Y.br.18LyAasRsGdSKLYlp1
rootnoverify (hd0,0)
chainloader +1

Unlike LILO’s configuration file, grub.conf is read at boot time, and the MBR does not need to be refreshed when this is changed.
Let us see the difference
GRUB vs. LILO
As stated at the start of this article, all boot loaders work in a similar way to fulfill a common purpose. But LILO and GRUB do have a number of differences:
LILO has no interactive command interface, whereas GRUB does.
LILO does not support booting from a network, whereas GRUB does.
LILO stores information regarding the location of the operating systems it can to load physically on the MBR. If you change your LILO config file, you have to rewrite the LILO stage one boot loader to the MBR. Compared with GRUB, this is a much more risky option since a misconfigured MBR could leave the system unbootable. With GRUB, if the configuration file is configured incorrectly, it will simply default to the GRUB command-line interface.
Most of this post via here.

The post Difference between GRUB and Lilo appeared first on David Yin's Blog.

tar xvzf abc.tar.gz – for uncompress a gzip tar file (.tgz or .tar.gz)
tar xvjf abc.tar.bz2 – for uncompress a bzip2 tar file (.tbz or .tar.bz2)
tar xvf abc.tar – for uncompressed tar file (.tar)
The command options for tar.
x = eXtract, this indicated an extraction ( c = create to create )
v = verbose (optional) the files with relative locations will be displayed.
z = gzip-ped; j = bzip2-zipped
f = from/to file … (what is next after the f is the archive file)
The files will be extracted in the current folder (most of the times in a folder with the name ‘abc’).

The post How to untar a tar file or gzip-bz2 tar file in linux appeared first on David Yin's Blog.

find . -name '.htaccess' -type f -print -exec rm -rf {} \;

See the details of this command line.
. dot means search from current folder.
-name ‘.htaccess’ means search based on file name, the file name is followed
-type f means the one searched is file
-exec it is very important. It followed by a command to run.
Then is a {} and a space and \ end with ;.
This command will show the results on screen.

The post Delete files recursively appeared first on David Yin's Blog.

To make it safe and minimize the risk, change the default setting and make it more safe.
OpenSSH setting file is located:

/etc/ssh/sshd_config

1) Only Use SSH Protocol 2
SSH protocol version 1 (SSH-1) has man-in-the-middle attacks problems and security vulnerabilities. SSH-1 is obsolete and should be avoided at all cost. Open sshd_config file and make sure the following line exists:

Protocol 2

2) Allow Only Specific Users or Groups (AllowUsers AllowGroups)
By default anybody who is authenticated successfully are allowed to login. Instead you can restrict which users (or groups) you allow to login to the system.

This is helpful when you have created several user accounts on the system, but want only few of them to login.

This is also helpful when you are using NIS, openLDAP (or some other external system) for authentication. Every user in your company might have account on NIS, OpenLDAP etc. But, on a specific server you want only few of them to login. For example, on production system you want only sysadmins to login.

Add the following entry to the sshd_config file to allow only specific users to login to the system. In the example below only ramesh, john and jason can login to this system. Usernames should be separated by space.

AllowUsers ramesh john jason

Add the following entry to the sshd_config file to allow only the users who belong to a specific group to login. In the exampe below only users who belong to sysadmin and dba group can login to the system.

AllowGroups sysadmin dba

3) Change SSHD Port Number (Port)
By default ssh runs on port 22. Most of the attackers will check if a server is open on port 22, and will randomly use brute force to login to the server using several username and password combination.

If you change the port # to something different, others need to know exactly what port to use to login to the server using ssh. The exampe below uses port 222 for ssh.

Port 222

From your logs (/var/log/secure), if you see lot of invalid logins using ssh for accounts that don’t exist on your system, from the
ip-address that you don’t recognize, it migth be some brute-force attack. Those kind of ssh invalid login will stop, if you change the port number.

Please note that this causes little inconvenience to your team who login to the system, as they need to know both the ip-address and the port number.

4) Disconnect SSH when no activity (ClientAliveInterval)
Once you’ve successfully logged in to the system, you might want to get disconnected when there are no activities after x number of minutes. This is basically idle timeout.

In Bash, you can achieve this using TMOUT variable.

In OpenSSH, this can be achieved by combining ClientAliveCountMax and ClientAliveInterval options in sshd_config file.

ClientAliveCountMax – This indicates the total number of checkalive message sent by the ssh server without getting any response from the ssh client. Default is 3.
ClientAliveInterval – This indicates the timeout in seconds. After x number of seconds, ssh server will send a message to the client asking for response. Deafult is 0 (server will not send message to client to check.).

If you want ssh client to exit (timeout) automatically after 10 minutes (600 seconds), modify the sshd_config file and set the following two parameters as shown below.

ClientAliveInterval 600
ClientAliveCountMax 0

5) Disable Empty Passwords
You need to explicitly disallow remote login from accounts with empty passwords, update sshd_config with the following line:

PermitEmptyPasswords no

6)Use Log Analyzer
Read your logs using logwatch or logcheck. These tools make your log reading life easier. It will go through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. Make sure LogLevel is set to INFO or DEBUG in sshd_config:

LogLevel INFO

You want even more secure for your Server. You can do following as suggested.

• • Add Firewall on SSH port.

• • Use Public Key Based Authentication

• • Chroot SSHD (Lock Down Users To Their Home Directories)

• • Use TCP Wrappers

• • Disable Empty Passwords

• • Thwart SSH Crackers (Brute Force Attack)

The post OpenSSH server Security Top 6 appeared first on David Yin's Blog.

uname -a

or

uname -m

i386 => 32bits, x86_64 => 64bits

Let’s see how to use the other way to check it.

file /bin/bash

If it is 64bits, the system return the results as below:
/bin/bash: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.8, stripped
If it is 32bits, it may looks like below:
/bin/bash: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.18, stripped

The post Is your Linux 32bits or 64bits appeared first on David Yin's Blog.

For myself, I am very interested in Linux VPS hosting. I played Linux for many years.
Compare with Windows VPS, Linux system use less memory and disk space. The price is also lower. VPS Standard cost $35.95/month, if you pay it biyearly.
Monthly payment will 11% higher.
Let’s look at it closer.
20GB storage, 1000GB bandwidth, 2 IP address, are same as the Windows VPS I mentioned above.
Memory is 256MB, guaranteed. It is a little bit low, but it is ok for start. When you need more memory, you can upgrade it to VPS Pro or VPS 2000.
I like SSH. It can let me do anything on the Linux. Even reboot it.
Actually, they provide SSH2, more secure.
In a word, get your own VPS based on your needs and budget.

The post VPS of Canadian Web Hosting appeared first on David Yin's Blog.

top

The top command monitors CPU utilization, process statistics, and memory utilization. The top section contains information related to overall system status – uptime, load average, process counts, CPU status, and utilization statistics for both memory and swap space.

I use a Centos OS, no swap space now.

To quit from the real time screen, press button q.

If you find a process is always have many memory or running so long, you can kill it to free resource.

The post How to Find Out Linux CPU Utilization? appeared first on David Yin's Blog.