Cara Disable AppArmor di Ubuntu Server 16.04

Kebetulan saya lagi mencoba install DNS Server di Ubuntu Server 16.04 menggunakan Bind, namun begitu saya merubah default lokasi file konfigurasi nya, kemudian saya start BIND nya ada error dan tidak mau UP service nya :

15-May-2017 15:42:13.050 ----------------------------------------------------
15-May-2017 15:42:13.050 BIND 9 is maintained by Internet Systems Consortium,
15-May-2017 15:42:13.050 Inc. (ISC), a non-profit 501(c)(3) public-benefit
15-May-2017 15:42:13.050 corporation.  Support and training for BIND 9 are
15-May-2017 15:42:13.050 available at https://www.isc.org/support
15-May-2017 15:42:13.050 ----------------------------------------------------
15-May-2017 15:42:13.050 adjusted limit on open files from 65536 to 1048576
15-May-2017 15:42:13.050 found 1 CPU, using 1 worker thread
15-May-2017 15:42:13.050 using 1 UDP listener per interface
15-May-2017 15:42:13.050 using up to 4096 sockets
15-May-2017 15:42:13.053 loading configuration from '/var/named/master/named.conf'
15-May-2017 15:42:13.054 open: /var/named/master/named.conf: permission denied
15-May-2017 15:42:13.054 loading configuration: permission denied
15-May-2017 15:42:13.054 exiting (due to fatal error)

Jadi saya juga baru tahu, ternyata di Ubuntu saat ini sudah ada apparmor yang fungsi nya sama seperti SELINUX di Redhat atau Centos.

Jadi kita tinggal disable saja AppArmor nya, Caranya adalah :

1. Disable service semua service dan profile AppArmor nya

# /etc/init.d/apparmor stop
# /etc/init.d/apparmor teardown
# update-rc.d -f apparmor remove

2. Disable dari StartUP Ubuntu nya :

# systemctl stop apparmor.service
# update-rc.d -f apparmor remove

Sekarag Bind nya sudah bisa UP dengan file konfigurasi yang ada di folder yang bukan default nya :

15-May-2017 15:43:20.763 zone localhost/IN: not loaded due to errors.
15-May-2017 15:43:20.763 zone dony.id/IN: loaded serial 2017051501
15-May-2017 15:43:20.763 all zones loaded
15-May-2017 15:43:20.763 running
15-May-2017 15:48:41.177 shutting down
15-May-2017 15:48:41.178 no longer listening on ::#53
15-May-2017 15:48:41.178 no longer listening on 127.0.0.1#53
15-May-2017 15:48:41.178 no longer listening on 192.168.1.104#53

Kalau mau enable service AppArmor nya lagi :

# systemctl start apparmor.service
# update-rc.d apparmor defaults



Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah
site : http://donyramansyah.net
blog : dony-ramansyah.blogspot.com
email : dony.ramansyah[at]gmail.com
Registered linux user : ID 40017

Memperbaiki Folder DCIM Kosong di Smartphone Xiaomi Ketika Koneksi ke OS Windows

Ada problem yang terjadi pada smartphone xiaomi redmi 3s, dimana ketika di koneksikan ke PC/Laptop dengan OS Windows, untuk folder tempat menyimpan foto nya terlihat kosong semua, padahal kalau dibuka dari handphone nya ada semua file gambar nya.

Solusi nya adalah :

1. Buka menu Settings, buka menu installed apps dan cari Media storage lalu lakukan clear data.

2. Buka Playstores dan download aplikasi "media.Re.Scan" dan jalankan, nanti program ini akan meminta di colokan handphone ke kabel data ke laptop/komputer, tunggu sampai selesai.

3. Setelah selesai scanning, silahkan coba restart hanphone nya dan dicoba lagi koneksi handphone ke laptop/PC dengan kabel data dengan mode MTP. Kini folder DCIM sudah bisa terbaca dengan baik isi nya di PC/Laptop.

Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah
site : http://donyramansyah.net
blog : dony-ramansyah.blogspot.com
email : dony.ramansyah[at]gmail.com
Registered linux user : ID 40017

Install OCI8 di Linux Centos 7

Setelah saya berhasil upgrade ke PHP versi 7 di Linux Centos 7 dengan cara saya ini. Maka saya akan melanjutkan untuk melakukan instalasi OCI8 di Linux Centos 7, OCI8 ini adalah oracle database client agar script web kita bisa terkoneksi ke database oracle.

Cara install OCI8 nya setelah selesai PHP nya naik ke versi 7 adalah :

1. Download dulu paket oracle client nya :

http://www.oracle.com/technetwork/topics/linuxx86-64soft-092277.html

Kebetulan saya menggunakan Linux Centos 7 64bit.

2. Paket yang di download adalah :

oracle-instantclient12.2-basic-12.2.0.1.0-1.x86_64.rpm
oracle-instantclient12.2-devel-12.2.0.1.0-1.x86_64.rpm
oracle-instantclient12.2-jdbc-12.2.0.1.0-1.x86_64.rpm
oracle-instantclient12.2-odbc-12.2.0.1.0-1.x86_64.rpm
oracle-instantclient12.2-sqlplus-12.2.0.1.0-1.x86_64.rpm
oracle-instantclient12.2-tools-12.2.0.1.0-1.x86_64.rpm

3. Install semua paket RPM nya :

# rpm -ivh *.rpm

Preparing...                          ################################# [100%]

Updating / installing...

   1:oracle-instantclient12.2-basic-12################################# [ 17%]

   2:oracle-instantclient12.2-devel-12################################# [ 33%]

   3:oracle-instantclient12.2-jdbc-12.################################# [ 50%]

   4:oracle-instantclient12.2-odbc-12.################################# [ 67%]

   5:oracle-instantclient12.2-sqlplus-################################# [ 83%]

   6:oracle-instantclient12.2-tools-12################################# [100%]

4. Download OCI8 nya :

# pear download pecl/oci8

5. Extract file OCI8 yang sudah di download :

# tar -xvzf oci8-2.1.8.tgz

6. Masuk ke folder OCI8 yang sudah di extract :

# cd oci8-2.1.8

7. Jalankan phpsize :

# phpize

Configuring for:

PHP Api Version:         20100412

Zend Module Api No:      20100525

Zend Extension Api No:   220100525

8. Install development tools di centos 7 :

# yum groupinstall "Development tools"

9. Install OCI8 nya :

# pecl install oci8

10. Tambahkan di php.ini :

vi /etc/php.ini

[OCI8]

extension=oci8.so

11. Restart service apache nya :

# service httpd restart

Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah

site : http://donyramansyah.net

blog : dony-ramansyah.blogspot.com

email : dony.ramansyah[at]gmail.com

Registered linux user : ID 40017

Upgrade PHP Versi 7 Di Linux Centos 7

Kali ini saya akan sharing sedikit tutorial untuk melakukan upgrade PHP versi 7 di Linux Centos 7

Karena saya akan ingin install OCI8, maka saya terlebih dahulu untuk upgrade PHP nya yang ada di Linux Centos 7 ke PHP versi 7 (default nya masih versi 5.4)

Caranya adalah :

1. Download dulu repository tambahan untuk Centos 7 :

# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

2. Update data repository nya :

# yum update

3. Lakukan upgrade dengan perintah berikut :

# yum install yum-plugin-replace

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.nes.co.id
 * epel: fedora.dionipe.id
 * extras: mirror.axarva.id
 * updates: mirror.axarva.id
 * webtatic: sp.repo.webtatic.com
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-replace.noarch 0:0.2.7-1.ius.el7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=======================================================================================================
 Package                       Arch              Version                     Repository           Size
=======================================================================================================
Installing:
 yum-plugin-replace            noarch            0.2.7-1.ius.el7             webtatic             15 k

Transaction Summary
=======================================================================================================
Install  1 Package

Total download size: 15 k
Installed size: 28 k
Is this ok [y/d/N]: y
Downloading packages:
warning: /var/cache/yum/x86_64/7/webtatic/packages/yum-plugin-replace-0.2.7-1.ius.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 62e74ca5: NOKEY
Public key for yum-plugin-replace-0.2.7-1.ius.el7.noarch.rpm is not installed
yum-plugin-replace-0.2.7-1.ius.el7.noarch.rpm                                   |  15 kB  00:00:00
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7
Importing GPG key 0x62E74CA5:
 Userid     : "Webtatic EL7 "
 Fingerprint: 830d b159 6d9b 9b01 99dc 24a3 e87f d236 62e7 4ca5
 Package    : webtatic-release-7-3.noarch (installed)
 From       : /etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7
Is this ok [y/N]: y
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Warning: RPMDB altered outside of yum.
  Installing : yum-plugin-replace-0.2.7-1.ius.el7.noarch                                           1/1
  Verifying  : yum-plugin-replace-0.2.7-1.ius.el7.noarch                                           1/1

Installed:
  yum-plugin-replace.noarch 0:0.2.7-1.ius.el7

Complete!

4. Install apache php nya juga :

# yum install php70w php70w-opcache php70w-common php70w-pear php70w-devel

5. Cek PHP nya apakah sudah naik ke versi 7 :

$ php -v

PHP 7.0.18 (cli) (built: Apr 15 2017 07:09:11) ( NTS )

Copyright (c) 1997-2017 The PHP Group

Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies

Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah

site : http://donyramansyah.net

blog : dony-ramansyah.blogspot.com

email : dony.ramansyah[at]gmail.com

Registered linux user : ID 40017

Sedikit Tentang Firewall di Linux Centos 7

Di Linux Centos 7 by default sudah tidak menggunakan lagi firewall dengan iptables, namun menggunakan firewalld, konsep nya sudah mirip dengan firewall beneran yang ada dipasaran.

Jadi ada beberapa re-defined zones untuk firewalld ini :

- drop: The lowest level of trust. All incoming connections are dropped without reply and only outgoing connections are possible.

- block: Similar to the above, but instead of simply dropping connections, incoming requests are rejected with an icmp-host-prohibited or icmp6-adm-prohibited message.

- public: Represents public, untrusted networks. You don't trust other computers but may allow selected incoming connections on a case-by-case basis.

- external: External networks in the event that you are using the firewall as your gateway. It is configured for NAT masquerading so that your internal network remains private but reachable.

- internal: The other side of the external zone, used for the internal portion of a gateway. The computers are fairly trustworthy and some additional services are available.

- dmz: Used for computers located in a DMZ (isolated computers that will not have access to the rest of your network). Only certain incoming connections are allowed.

- work: Used for work machines. Trust most of the computers in the network. A few more services might be allowed.

- home: A home environment. It generally implies that you trust most of the other computers and that a few more services will be accepted.

- trusted: Trust all of the machines in the network. The most open of the available options and should be used sparingly.

Untuk mengaktifkan firewalld perintah nya :

# systemctl start firewalld.service

Untuk melihat sudah running atau belum, perintah nya :

# firewall-cmd --state

output
running

Untuk melihat zone yang ada :

# firewall-cmd --get-default-zone

output
public

Untuk melihat zone yang aktif :

# firewall-cmd --get-active-zones

output
public
  interfaces: eth0 eth1

Untuk melihat list service dan zone yang aktif :

# firewall-cmd --list-all

output
public (default, active)
  interfaces: eth0 eth1
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Contoh, saya ingin menambahkan untuk membuka port untuk service http dan https (80 dan 443), maka perintah nya adalah :

# firewall-cmd --zone=public --permanent --add-service=http
# firewall-cmd --zone=public --permanent --add-service=https

Kalau mau merubah port ssh di firewall bisa edit file ini :

# more /usr/lib/firewalld/services/ssh.xml


  SSH
  Secure Shell (SSH) is a protocol for logging into and executing commands on remote machi
nes. It provides secure encrypted communications. If you plan on accessing your machine remotely via SS
H over a firewalled interface, enable this option. You need the openssh-server package installed for th
is option to be useful.
 

Setelah selesai melakukan edit firewall, silahkan di reload :

# firewall-cmd --reload

Untuk restart service firewall :

# systemctl restart firewalld.service

Untuk stop service firewall :

# systemctl stop firewalld.service

Agar firewalld aktif pada saat boot :

# systemctl enable firewalld

Referensi : https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7#enable-your-firewall-to-start-at-boot

Semoga bermanfaat untuk pembaca semua.

Dony Ramansyah

site : http://donyramansyah.net

blog : dony-ramansyah.blogspot.com

email : dony.ramansyah[at]gmail.com

Registered linux user : ID 40017