Author: Linda Evanty

Tutorial Install and enable OpenSSH on Ubuntu 22.04
OpenSSH is the premier connection tool for remote login with SSH protocol. If you follow us until the end of this article, you will learn the steps to install and enable OpenSSH on Ubuntu 22.04.

Introduction To OpenSSH

OpenSSH encrypts all traffic and eliminates eavesdropping, hijacking, and other attacks. It also provides a large set of secure tunneling capabilities, multiple authentication methods, and sophisticated configuration options. The OpenSSH suite consists of remote operation tools using ssh, scp, and sftp. It also includes key management with ssh-add, ssh-keysign, ssh-keyscan and ssh-keygen.

Prerequisites

First, before starting the OpenSSH installation process, you should have a Linux VPS with Ubuntu 22.04. Then, open Ubuntu 22.04 terminal by pressing CTRL+ALT+T then confirm that your system is updated.

How to Install OpenSSH on Ubuntu 22.04

Use the following command to update the repository list:
```
sudo apt update
```
```
sudo apt upgrade
```
Now install the SSH Server package using the following apt command:
```
sudo apt install openssh-server
```
```
sudo apt install openssh-client
```
How To Enable OpenSSH on Ubuntu 22.04

At this point, the SSH server service should start automatically, check the status of the SSH server service by running the following commands:
```
sudo systemctl start ssh
```
```
sudo systemctl enable ssh
```
Now in this step confirm that OpenSSH is working correctly and there are no problems with the help of the following systemctl command:
```
sudo systemctl status ssh
```
How To Connect SSH Server on Ubuntu 22.04

After the installation of OpenSSH is complete, once it is in working mode, now connect to another remote system, computer, or server. However, you must ensure that OpenSSH is installed and enabled on the remote system. Before connecting to the server, have the internal/external IP address or hostname or username of the account you want to connect. Then run the following command:
```
ssh username@ip-address/hostname
```
How To Disable OpenSSH on Ubuntu 22.04

If you don’t want to use OpenSSH, use the following command to disable it for security purposes so that you don’t get detected by malicious bots:
```
sudo systemctl disable ssh –now
```
Conclusion

In this article, you have learned how to Install and enable OpenSSH on Ubuntu 22.04. Now after enabling OpenSSH, you can connect to other devices that have OpenSSH installed and enabled on their systems. We hope this educational article was useful for you. Share your comments with us through the form below.
June 20, 2023
Tutorial Setup and Use Linux Telnet on Ubuntu 22.04
Linux telnet is used to communicate between different machines. This command allows you to manage remote devices using the CLI (Command Line Interface). Use TCP port 23, which is dedicated to the telnet protocol. In the continuation of this article, we are going to teach you how to Setup and Use Linux Telnet on Ubuntu 22.04.

Introduction to Telnet

Telnet is installed in isolated networks for historical purposes and for use in local environments. Telnet is not used for open network connections to the Internet because data is sent over the connection, including information such as passwords and other confidential information that is not encrypted. So the data can be easily intercepted by hackers. Use SSH (Secure Shell) to securely connect to remote servers over public networks.

Prerequisites

1. Recommended a Linux VPS Server with Ubuntu 22.04 OS

2. User account with sudo or root access

How To Setup Linux Telnet on Ubuntu 22.04

Ubuntu 22.04 repository Telnet is available by default. As the first step, use the following command to install it:
```
sudo apt install telnetd -y
```
After installation, check if the Telnet status works correctly with the following command:
```
sudo systemctl status inetd
```
Output

How to Use Linux Telnet on Ubuntu 22.04

In this section, we are going to show you step-by-step how to use Linux Telnet on Ubuntu 22.04. In the first step, we will teach you how to connect to a remote system running Telnet.

To connect to a remote system running Telnet, you must set a permission rule. By default, Telnet runs on port 23. There are several ways to regulate the UFW. It is recommended that you provide the connecting IP server only if the subnet is much worse. Do not leave port 23 open for everything, and this will lead to brute force efforts.

The rule for single IP using the following command:
```
sudo ufw allow from your_ip_address to any port 23
```
Allow from the subnet using the following command:
```
sudo ufw allow from your_ip_address to any port 23
```
How to Connect to the Remote Server Using Telnet

Now that you have set the UFW rules so that you can connect to the remote server using Telnet, use the following command (telnet):
```
telnet your_ip_address
```
How to Uninstall Telnet from Ubuntu 22.04

Use the following command to remove Telnet from Ubuntu 22.04 operating system:
```
sudo apt autoremove telnetd --purge
```
This command completely removes Telnet and traces.

Conclusion

In general, the safest form of communication of this nature is to use SSH instead of Telnet. Development environments running on isolated Telnet LANs can be more useful. In this tutorial, you learned how to Setup and Use Linux Telnet on Ubuntu 22.04. We hope you find this article useful. Share your comments with us via the form below.

FAQ

Is it possible to customize the Telnet setting?
Yes, you can customize various settings in Telnet. All you have to do is to the command prompt by entering ctrl+], and then use the commands to change the setting.

Can we trust Telnet?
Telnet is insecure because it transmits important data like passwords in plain text. It means that all ao the transmitted data can be intercepted and read by someone with malicious intent.
June 19, 2023
How to Install Virtualizor on AlmaLinux 8
By reading the step-by-step guide of this article, you can easily Install Virtualizor on AlmaLinux 8. Virtualization is a creative and very practical idea and solution to create a virtual version of storage devices, servers, networks, and other resources that were once only physically available to users. You can virtualize with Virtualizor.

What is Virtualizor?

Virtualizor is a powerful web-based admin control panel for KVM, XEN, and OpenVZ virtualizers. This control panel forms a very powerful virtualization system by combining the virtualizers. One of the most important features of this powerful panel is the limitation of bandwidth for each virtual server.

Virtualizor lets you create virtual servers with just one click. Virtualizor uses the OS Template feature and through this option, installing operating systems and creating a virtual server is done in less than a few seconds.

Features of Virtualizor

1. Configure the Server on which Virtualizor is installed

2. Create or edit a Virtual Server

3. Manage Server IPs

4. Storage management

5. User management

6. Create and manage invoices

7. Manage ISO or manages to create VPS

Prerequisites

– Linux VPS Server with AlmaLinux 8 OS

– yum/apt-get

– Storage to create the VPS disks

Stay with us in the continuation of this article on How to Install Virtualizor on AlmaLinux 8.

How to Install Virtualizor on AlmaLinux 8

At first, you should open the Shell and SSH Terminals on your server and enter the following commands:
```
wget -N http://files.virtualizor.com/install.sh
chmod 0755 install.sh
./install.sh [email protected] kernel-kvm
```
Remember to give the email address correctly.

What are the Virtualizor Installation Parameters?

email: The Admin email address

kernel: Its KVM

noos: Add noos=true as a parameter to avoid downloading the DomU operating system for DomU

beta: If you add beta=true as a parameter, you can test the new version of the existing Virtualizor

nested_virt: Adding nested_virt=1 as a parameter enables nested virtualization on the server. Enabling this will install a new kernel to enable nested virtualization

Ivg (optional): If you are going to use LVM for the VPS storage

interface: You can specify the default interface you want to set. If not specified, it is considered eth0

license: You will get the internal license key, by opening the support ticket

After completing the installation process, you will see the following output:

After the installation is complete, restart the system by typing and running “Y“:

/root/virtualizor.log is an installation process log file that is created after installation.

You can create a Storage and Virtual Server and also manage your server from the Admin Panel.

How to Login to the Virtualizor Admin Panel

Go to the following URL:
```
https://Your-Server-IP:4085/
http://Your-Server-IP:4084/
```
Log in with your server’s root details:

Now, you will see the following Dashboard:

At this point, you need to define storage. To do this first, go to the Virtualizor Admin Panel and select Storage from the left column, and finally click Add Storage. Then fill in the details and define the storage:

As mentioned earlier, the network interface is considered eth0 by default. Therefore, to add the desired network interface to Virtualizor, you need to do the following steps:

1) Go to Virtualizor Admin Panel

2) Select Configuration

3) Click Save Settings

Manage the Bridge

A viifbr0 bridge is created by Virtualizor that detects the IP, Netmask, and GATEWAY from the following:
```
/etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
```
If you change the above file, remember to restart the Virtualizor network with the following command:
```
service virtnetwork restart
```
Enter the following command to start Virtualizor:
```
service virtnetwork start
```
And you can use the following command to stop Virtualizor:
```
service virtnetwork stop
```
You can Make the bridge permanent

Run the following commands to make the bridge permanent, so that, it can be started as soon as the operating system is booted, and the network is created.

Tip: You should have the bridge-utils package on your server backup ifcfg-eth0.

– Take a Backup from ifcfg-eth0.

/etc/sysconfig/network-scripts/ifcfg-eth0 directory will contains the content below:
```
cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0 
BOOTPROTO=static 
TYPE=Ethernet 
HWADDR=00:25:90:98:35:90 
IPADDR=10.0.0.93 
NETMASK=255.255.255.0 
GATEWAY=10.0.0.1 
IPV6INIT=yes 
IPV6ADDR=2607:f0d0:1002:0011:0000:0000:0000:0002
IPV6_DEFAULTGW=2607:f0d0:1002:0011:0000:0000:0000:0001
ONBOOT=yes
```
Then you should make a copy of that directory:
```
cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0.bak
```
Now, it is time to create the bridge file. This is the directory:
```
vi /etc/sysconfig/network-scripts/ifcfg-viifbr0
```
You should copy some sections of ifcfg-eth0 to ifcfg-viifbr0. Here is the content:
```
DEVICE=viifbr0 
TYPE=Bridge 
BOOTPROTO=static 
IPADDR=10.0.0.93 
NETMASK=255.255.255.0 
GATEWAY=10.0.0.1 
ONBOOT=yes 
IPV6INIT=yes 
IPV6ADDR=2607:f0d0:1002:0011:0000:0000:0000:0002
IPV6_DEFAULTGW=2607:f0d0:1002:0011:0000:0000:0000:0001
```
Then you should save the copied file.

To edit the ifcfg-eth0 file, go through this way:
```
vi /etc/sysconfig/network-scripts/ifcfg-eth0
```
The result would be like this:
```
DEVICE=eth0
HWADDR=00:25:90:98:35:90 
IPV6INIT=yes 
ONBOOT=yes 
BRIDGE=viifbr0
```
Tip: If the eth0 is the NIC name, then you should change the interface name in that route file to viifbr0:
```
root# mv route6-eth0 route6-viifbr0
```
As the last step, you should restart the network.

We should mention that virtnetwork is out of work now and you should restart only with the network, so use the command below:
```
service network restart
```
Conclusion

This article taught you how to install Virtualizor on AlmaLinux 8 and also you learned how to log in to the Virtualizor Admin Panel. Users can manage VPS on dedicated servers with the help of Virtualizor. I hope this tutorial was useful for you.

FAQ

Is virtulizor suitable for AlmaLinux?
Yes, you can install virtulizor for this operating system. It is proper for Linux distributions, including AlmaLinux.

What is the maximum RAM and CPU for Virtualzor?
At least, you should dedicate 4 GB RAM and 64-bit CPU for using virtualizor. (8 GB is recommended)
June 19, 2023
Tutorial Install RainLoop on Debian 11
RainLoop is a webmail application that allows you to access your external mail server from a web server. This article is presented to show How to Install RainLoop on Debian 11. Rainlop is an alternative program to web email programs like Squirrelmail and Roundcube and supports two-step authentication, so it’s highly secure.

What is RainLoop?

RainLoop is a free, web-based, open-source, and web-based email application written in PHP and is an alternative to other web-based email applications such as RoundCube and SquirrelMail. RainLoop is a simple, modern solution, powerful and flexible. It is interesting to know that RainLoop email has an internal storage mechanism that improves the overall performance of the application while reducing the load on the web server and email server, supports two-step authentication with SMTP and IMAP, and can be done with Facebook.

RainLoop Features

– Sieve scripts

– Direct access to the email server

– Administrative panel for configuring main options

– Modern user interface

– Integrating with Facebook, Google, Twitter, and Dropbox

– Autocomplete email addresses

– Minimalistic resources requirements

– Manage folders list

– Drag and drop option for emails and attachments

– Simple installation and update

– The configurable multi-level caching system

– Keyboard shortcuts support

– Additional identities

– Extend the functionality with plugins installed via the admin panel

– Perfect rendering of complex HTML mails

– Ability to add multiple accounts to the primary account

Prerequisites

1) PHP and PHP-required packages

2) Nginx

3) MariaDB

4) A non-root user account with sudo access

5) A Linux VPS with a Debian 11 server

How to Install RainLoop on Debian 11

It’s better to check your Debian version with the help of the following command:
```
lsb_release -ds
```
Now update your system by entering the following command:
```
apt update
```
```
apt upgrade -y
```
Then you should install the necessary packages by running the following command:
```
apt install -y sudo dirmngr wget curl vim
```
You can create a non-root user account with sudo access by executing the following command:
```
adduser lindaevanty --gecos "Linda Evanty"
usermod -aG sudo lindaevanty
su - lindaevanty
```
Tip: Remember to replace your username with “lindaevanty”.

Now you should setup the timezone by executing the following command:
```
sudo dpkg-reconfigure tzdata
```
In this step, you should download and install PHP and the necessary extensions by entering the following command:
```
sudo apt install -y php7.0 php7.0-cli php7.0-fpm php7.0-curl php7.0-json php7.0-mbstring php7.0-mysql php7.0-pgsql php7.0-sqlite3 php7.0-common php7.0-xml
```
To check the PHP version just run the following command:
```
php --version
```
In this step, you can install MariaDB by executing the following command:
```
sudo apt install -y mariadb-server
```
To check the MariaDB version just enter the following command:
```
mysql --version
```
You can run the following command to improve the security of the MariaDB installation:
```
sudo mysql_secure_installation
```
Then you should log into MariaDB as the root user by entering the following command:
```
sudo mysql -u root -p
# Enter password:
```
Now you should create a MariaDB database by executing the following command:
```
CREATE DATABASE dbname;
```
Then you need to create a MariaDB user. To do this just enter the following command:
```
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON 'dbname'.*TO 'username'@'localhost';
FLUSH PRIVILEGES;
EXIT;
```
Next, you need to install Nginx using the following command:
```
sudo apt install -y nginx
```
You can check the Nginx version by executing the following command:
```
sudo nginx -v
```
Now you should configure Nginx for RainLoop. To do this first enter the following command:
```
sudo vim /etc/nginx/sites-available/rainloop.conf
```
And then enter the following configuration:
```
server {

  listen 80;

  server_name example.com;
  root /var/www/rainloop;

  index index.php;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    fastcgi_index index.php;
    fastcgi_split_path_info ^(.+\.php)(.*)$;
    fastcgi_keep_conn on;
    include fastcgi_params;
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }

  location ~ /\.ht {
    deny all;
  }

  location ^~ /data {
     deny all;
  }

}
```
Now you need to activate the new rainloop.conf configuration. To do this link the file to the sites-enabled directory:
```
sudo ln -s /etc/nginx/sites-available/rainloop.conf /etc/nginx/sites-enabled
```
You can test the configuration with the help of the following command:
```
sudo nginx -t
```
Finally, reload Nginx with the following command:
```
sudo systemctl reload nginx.service
```
You need to create a document root directory before downloading Rainloop:
```
sudo mkdir -p /var/www/rainloop
```
Then you should change the ownership of the /var/www/rainloop directory to your name as shown below:
```
sudo chown -R lindaevanty:lindaevanty /var/www/rainloop
```
If you do not have the unzip app, you can install it with the following command:
```
sudo apt install -y unzip
```
Now it’s time to download Rainloop. To do this, just run the following command:
```
cd /var/www/rainloop
wget http://www.rainloop.net/repository/webmail/rainloop-latest.zip
```
Then you should unzip it with the following command:
```
unzip rainloop-latest.zip -d /var/www/rainloop
rm rainloop-latest.zip
```
Finally, you have to change the ownership of the /var/www/rainloop directory to www-data:
```
sudo chown -R www-data:www-data /var/www/rainloop
```
How to Access RainLoop Dashboard on Debian 11

First, you need to open your web browser and access the RainLoop Dashboard using the following URL:
```
http://rainloop.example.com/?admin
```
Then you should enter the default username admin and password 12345 and click on the “>” button. You should see the following screen:

You can change the default admin password by clicking the Change Password button. After entering the new password, click the Update Password button to change the password:

Conclusion

This article taught you how to install RainLoop on Debian 11. After installing RainLoop with the help of this article, you can add your email server from the RainLoop web interface and access your email through a web browser.

FAQ

Where can I find additional support for Rainloop?
Refer to the Rianloop documentation and community support.

What is the limitation of file size for Rainloop?
You can use a maximum of 1 GB file size limit set by Nginx.
June 18, 2023
Tutorial Configure Firewall on Windows Server 2016
A firewall generally prevents dangerous attacks on the local network and computer. In simple terms, a wall that prevents fire from moving from one part to another is called a firewall. Generally, a firewall controls the information that is transmitted between computers and the Internet. In this article, we are going to teach you How to Configure Firewall on Windows Server 2016.

What is Firewall?

A Firewall is a network security system that controls and monitors incoming and outgoing network traffic based on predefined security rules. A firewall is a network security device that monitors inbound and outbound network traffic. It protects the network against threats and creates a barrier between a trusted internal network and an unreliable external network such as the Internet. This process is governed by a set of predefined security instructions. It is interesting to know that a Firewall is designed to secure the communication process between different networks. The Firewall prevents unauthorized data from entering computers where ports called ports enter.

How to Configure Firewall on Windows Server 2016

Before starting the steps to configure the firewall, we suggest you visit the Windows VPS and Admin RDP plans provided on our website and configure the firewall after installing Windows Server 2016.

By default, the Windows Firewall with Advanced Security is turned on. Note that you should confirm the current status and turn on the firewall.

To turn on the firewall first, you need to open “Server Manager“, then click on the Tools tab, and then select Windows Firewall with Advanced Security:

Now you can check the current status of Windows Firewall profiles from open group policy management and if it was not set to On. You need to click on Windows Firewall properties and turn on the service in each profile:

You can permit or block specific input and output network packets on your server and select multiple parameters for each inbound or outbound rule with the help of a Windows Firewall. Windows server profiles include Domain, Private, and Public groups. The Domain represents your server’s connection to a corporate domain network, Private is used to connecting to your home or workplace network, and Public represents insecure public network locations.

How to Open an Inbound Port

First, you need to launch the Windows Firewall with Advanced Security from the Tools sub-menu under Server Manager. Select Inbound Rules from the left panel of the Firewall console. Then click on New Rule under the right sub-menu of Inbound Rules under Actions:

Now you should select Port in the rule wizard section and then click on Next:

In this step, you have to choose whether the new rule applies to a TCP or UDP port on the server. Then select your desired ports and enter their number. Also, you can enter ports range or multiple ports separated by – and, respectively, and finally click Next:

You can use Allow the connection to allow incoming connections to the specified server port.

Allow the connection if it is secure will authenticate with IP security and you can deny or allow the connection. For example, HTTP connections will be allowed and HTTP blocked.

Block the connection will block all incoming connections to your server through the specified port.

In this step, you should select the allow the connection to open port option and then click Next to assign a new rule to the profile:

Now select Domain, Private, and Public, or select all to apply the Firewall rule in multiple profiles:

Remember to give your new firewall rule a name and description. Finally, you should click on Finish to enable the new rule. All connections to the server that match the port are accepted:

How to Open an Outbound Port

First, you should go to the Windows Firewall with Advanced Security console and click on Outbound Rules on the left pane. Now you will see a list of available outgoing connection rules. Then, you need to click on New Rule on the right pane under the outbound rules node.

In the next step, you should select Port as the rule type in the new output rule wizard and then click Next:

Next, you have to choose whether the new rule applies to the TCP port or UDP. Select specific remote ports and then enter the port number of the server you want:

In this step, after selecting Allow the connection on the Action page, you should click Next:

Then you need to select the Server Profile on which the rule should be enabled:

Remember to name the new output rule and describe it. Finally, you should click Finish to enable the outbound rule for the target port on all selected server profiles:

How to Open a Port through Windows PowerShell

To do this first, you should go to the Windows Start menu and search for PowerShell and open it. Then you have to replace your settings in the following command:
```
New-NetFirewallRule  -Enabled:True  -LocalPort 21  -Protocol TCP  -Direction Inbound  -Profile Domain  -Action Allow  -DisplayName example opening a port rule"
```
The words in the above command indicate:

New-NetFirewallRule: It will create a new Firewall rule.

Enabled: It enables the new rule and by default, it will be set to True.

LocalPort: It is your target port number.

Protocol: It specifies the protocol associated with your port number.

Direction: It sets your target direction to either Inbound or Outbound.

Profile: It assigns the new rule to a server profile.

Action: It defines the state for the new firewall rule. You should enter Allow.

DisplayName: It sets a custom name for the new firewall rule.

Output:
```
PS C:\Users\Administrator> New-NetFirewallRule -Enabled:True -LocalPort 21 -Protocol TCP -Direction Inbound -Profile Domain -Action Allow -DisplayName "example opening a port rule"


Name : {427a1b12-ece6-4d54-847d-de482b227c6c}
DisplayName : example opening a port rule
Description :
DisplayGroup :
Group :
Enabled : True
Profile : Domain
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
```
That is it!

Conclusion

This article taught you how to configure the Firewall on Windows Server 2016. You can use this article to open a network port on your Windows Server 2016. The server accepts incoming and outgoing connections through selected ports, but the Firewall blocks profile connections that don’t comply with port rules.

FAQ

Are there any other tools available for managing Windows Firewall?
Yes, you can use a command line provided by Microsoft.

Is it dangerous to turn off Windows Firewall?
It allows all the data packets to enter your network easily and makes it vulnerable to all kinds of Cyber attacks.
June 18, 2023
Tutorial Install and Configure Cacti on AlmaLinux 8
Certainly, one of the important pillars of any network is having a monitoring system to check the structure of the network. Cacti is one of the free network monitoring software. If you want to compare the monitoring tools, Cacti is in a higher position in order to its open-source and availability of resources. If you follow this post until the end, you will learn how to Install and Configure Cacti on AlmaLinux 8 step by step.

What is Cacti?

Cacti make a connection to your devices using the SNMP protocol and analyze them during the interval. Cacti software is based on PHP/MySQL, which is basically installed on Linux Operating Systems and uses the RRDTool software to present its graphs. It should be noted that Cacti also allows you to provide a monitoring panel to your customers. In this software, you can specify which ports the subscriber will have access to after logging in. Cacti has made the monitoring process powerful by having a web-based management environment and various templates for different operating systems and devices.

Prerequisites

– A Linux VPS Server with AlmaLinux OS

– Apache Webserver

– MariaDB Database Server

– PHP and PHP extensions

– SNMP and RRDTool

Follow us in the continuation of this article by teaching how to install and configure Cacti on Almalinux.

How to Install Cacti on AlmaLinux 8

Cacti is a web-based tool, so you need to create an Apache web server on which to run Cacti. You can install the Apache web server by entering the following command:
```
sudo dnf install httpd -y
```
To start the Apache web server, execute the following command:
```
sudo systemctl start httpd
```
Now you should enter the following command to enable the Apache webserver:
```
sudo systemctl enable --now httpd
```
At this point, Cacti requires a database to store the collected data, which in this article uses the MariaDB database. To install the MariaDB database, execute the following command:
```
sudo dnf install -y mariadb-server mariadb
```
You should enter the following command to start the MariaDB database:
```
sudo systemctl start mariadb
```
Then you can use the following command to enable MariaDB to start on boot:
```
sudo systemctl enable mariadb
```
Since Cacti is written in PHP, PHP and PHP extensions should be installed. So use this command to add the Remi repository:
```
sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpmmi
```
Then you should enable the DNF module for PHP installation by entering the following command:
```
sudo dnf module reset php
sudo dnf module enable php:remi-7.4
```
Now you can install PHP and PHP extensions by executing the following commands:
```
sudo dnf install @php
sudo dnf install -y php php-{mysqlnd,curl,gd,intl,pear,recode,ldap,xmlrpc,snmp,mbstring,gettext,gmp,json,xml,common}
```
Use the following command to enable the PHP-fpm service:
```
sudo systemctl enable --now php-fpm
```
In this step, you should install SNMP and RRDTool, which are needed to gather and analyze system metrics:
```
sudo dnf install -y net-snmp net-snmp-utils net-snmp-libs rrdtool
```
You can start it with the following command:
```
sudo systemctl start snmpd
```
Enter the following command to enable snmpd:
```
sudo systemctl enable snmpd
```
The next step is to create a database and user for the Cacti and then grant all the necessary privileges to the Cacti user. So, enter the following command:
```
mysql -u root -p

MariaDB [(none)]> CREATE DATABASE cactidb;
MariaDB [(none)]> GRANT ALL ON cactidb.* TO cacti_user@localhost IDENTIFIED  BY 'passwd123';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
```
Now you should import the mysql test data timezone.sql file into the MySQL database:
```
mysql -u root -p mysql < /usr/share/mariadb/mysql_test_data_timezone.sql
```
Now you should enter the following command to connect to the MySQL database and then provide the Cacti user access to the mysql.time zone name table:
```
MariaDB [(none)]> GRANT SELECT ON mysql.time_zone_name TO cacti_user@localhost;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
```
Then you should add the following configuration to the mariadb-server.cnf file under the [ mysqld ] section:
```
sudo vi /etc/my.cnf.d/mariadb-server.cnf
```
Remember to paste the following configuration.
```
collation-server=utf8mb4_unicode_ci
character-set-server=utf8mb4
max_heap_table_size=32M
tmp_table_size=32M
join_buffer_size=64M
# 25% Of Total System Memory
innodb_buffer_pool_size=1GB
# pool_size/128 for less than 1GB of memory
innodb_buffer_pool_instances=10
innodb_flush_log_at_timeout=3
innodb_read_io_threads=32
innodb_write_io_threads=16
innodb_io_capacity=5000
innodb_file_format=Barracuda
innodb_large_prefix=1
innodb_io_capacity_max=10000
```
You can exit after saving the changes.

Because the Cacti package is available in the EPEL (Extra Packages for Enterprise Linux) repository. First release it with the following command:
```
sudo dnf install epel-release -y
```
Now you can install the Cacti monitoring tool by executing the following command:
```
sudo dnf install cacti -y
```
Then you should verify the installation of Cacti with the following command:
```
rpm -qi cacti
```
Now to determine the default Cacti database path, execute the following command:
```
rpm -ql cacti | grep cacti.sql
```
Then you should import the default cacti database tables into the MariaDB cacti database using the following command:
```
mysql -u root -p cactidb < /usr/share/doc/cacti/cacti.sql
```
You should modify the cacti configuration file according to the following database details:
```
sudo vim /usr/share/cacti/include/config.php
```
Now you should change the database name, username, and password to reflect the name you have already created and then set the timezone in the php.ini file. Remember to change the following parameters:
```
date.timezone = Africa/Nairobi
memory_limit = 512M
max_execution_style = 60
```
At this point, you need to set the cron for Cacti. To do this, you should first edit the /etc/cron.d/cacti file:
```
sudo vim /etc/cron.d/cacti
```
To have a Cacti poll for data every 5 minutes, you can uncomment the following line:
```
*/5 * * * *   apache /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1
```
After saving the changes, you can exit the configuration file.

Modifying the Apache configuration file enables remote access to Cacti. To do this, enter the following command:
```
sudo vim /etc/httpd/conf.d/cacti.conf
```
Now you should change the following lines in the file:

– Modify Require host localhost to require all grants.

– Change Allow from localhost to Allow from network subnet.

– Specify your network subnet.

To apply the changes, just restart the Apache and PHP-fpm services with the following command:
```
sudo systemctl restart httpd
sudo systemctl restart php-fpm
```
Finally, you need to enable HTTP service on your Firewall by executing the following command:
```
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
```
How to Configure Cacti on AlmaLinux 8

First, you should visit your server’s IP with the following command:
```
http://server-ip/cacti
```
After viewing the login page, you should log in with the default credentials:
```
Username: admin
Password: admin
```
Then click on Login:

Now you need to set the default Cacti admin login password:

Next, you should accept the GPL license agreement and then click on Begin:

Cacti execute pre-installation tests to ensure that the necessary PHP modules and database settings are installed. Then, click Next to continue:

Now you should choose the New Primary Server as the type of installation and then verify the database connection parameters are right:

At this point, you can check for directory issues and confirm that there are proper permissions. Then click on Next; but if there is a problem you should click on Previous and correct the problems:

Then the installation of binary paths of the required packages is checked by the installer:

Now you should validate the data input methods and read the instructions; then check the ‘I have read this statement’ box:

Next, you need to choose the cron interval and input your network subnet. Then click Next:

Cacti has templates with which you can monitor and graph a variety of network devices, including Linux and Windows computers. Check all the options to make sure you get all the templates you need. Then click on Next:

Now it is being checked whether the database/server collation is compatible with UTF8. Then click on Next:

Now you should click on the Confirm Installation checkbox and then click on the Install:

After completing the installation of the necessary packages, you can click on Get Started:

Finally, you can see the Cacti dashboard:

You can navigate through Graph –> Default Tree –> Local –> Choose Your Device to view the graphs:

Conclusion

This article introduced one of the best monitoring tools called Cacti. In the continuation of the article, we taught how to install and configure Cacti on AlmaLinux 8. If you want to install Cacti on your AlmaLinux system, you can get inspired by this tutorial.

FAQ

Do we need any additional steps after installing Cacti?
Yes, you should setup device polling, configure graphs and you should define devices in cacti monitoring.

Is it possible to install Cacti on other distributions?
Yes, you can install it o various Linux distributions like CentOS, Rocky Linux, Ubuntu, and so on.
June 16, 2023
Tutorial Set Up Time Synchronization on Rocky Linux
Accurate timekeeping is a critical component in the deployment of modern software. On the other hand, it should be noted that out-of-sync time can cause errors, data corruption, and other difficult debugging issues. By reading this article, you will learn how to Set Up Time Synchronization on Rocky Linux. Therefore, if you are interested in Rocky Linux distribution, we suggest that you stay with us until the end of this article.

What is Time Synchronization?

Time Synchronization is the process of synchronizing the time of independent clocks. Clocks will diverge without synchronization. Clocks and timepieces often use relatively low-cost components that are not accurate. Time Synchronization creates time accuracy between computer clocks in an Ethernet system.

A client’s time may be synchronized with another server, a reference time source such as a radio or satellite receiver, or a GPS time server. Typical time service configurations use additional servers and diverse network paths to provide high accuracy and reliability. In the continuation of this article, learn about the setup time synchronization on Rocky Linux.

How to Set Up Time Synchronization on Rocky Linux

First, you should buy a Linux VPS with the Rocky Linux Operating system. We recommend that you visit the quality and affordable plans on our website. In the beginning, you should list the available time zone by entering the following command:
```
sudo timedatectl list-timezones
```
Now you need to set the timezone of your location using the following command:
```
sudo timedatectl US/Canada
```
There are two types of NTP daemons including chronyd and ntpd. To avoid two NTP daemons from running on the same machine at a time, select one and use it.

In this article, you can synchronize time with the help of two NTP daemons:

1) Time Synchronization using chronyd which is suitable for virtual systems.

2) Time Synchronization using ntpd which is suitable for the network systems.

Time Synchronization Using chronyd

First, you can install the chronyd package with the following command:
```
sudo yum install chrony
```
chronyd can be used to manually synchronize Rocky Linux server time with the remote NTP server:
```
chronhyd -q 'server 0.europe.pool.ntp.org iburst'
```
Then run the following command to start the chronyd service:
```
sudo systemctl start chronyd
```
Now you should edit the configuration file:
```
sudo vi /etc/chrony.conf
```
Next, you should add the following lines:
```
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
```
```
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
```
Now save the file and exit and then restart the services by entering the following command to apply the changes:
```
sudo systemctl restart chronyd
```
You need to enable these services to run at every boot:
```
sudo systemctl enable chronyd
```
You can verify if your time system is synchronized or not with the following command:
```
chronyc tracking
```
Reference ID is the ID and name of the server with which your system time is currently synchronized. Stratum indicates the number of hops away from the server connected to the reference clock.

The following command can list information about the current time sources that chronyd uses:
```
chronyc sources
```
You can list information about drift speed and offset estimation of any source that uses chronyd with the following command:
```
chronyc sourcestats -v
```
Time Synchronization Using ntpd

First of all, install the ntpd package by executing the following command:
```
sudo yum install ntp
```
Next, you need to start the ntpd services using the following command:
```
sudo systemctl start ntpd
```
Now you should edit the configuration file.
```
sudo vi /etc/ntp.conf
```
Then you should add the following lines:
```
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
```
```
server 0.rhel.pool.ntp.org iburst
server 1.rhel.pool.ntp.org iburst
server 2.rhel.pool.ntp.org iburst
server 3.rhel.pool.ntp.org iburst
```
Save the file and exit.

Now you need to restart the services by executing the following command for the changes to take effect:
```
sudo systemctl restart ntpd
```
Finally, you should enable services using the following command to run them on every boot:
```
sudo systemctl enable ntpd
```
Conclusion

Time Synchronization is essential to determine certain activities of a computer. Every modern system has a mechanism that automatically sets the time of the machine. NTP is one of these mechanisms, and this article taught you how to synchronize time with your NTP server. In this article, you were taught how to set up Time Synchronization on Rocky Linux.
June 15, 2023
Tutorial Install and Use Webmin on AlmaLinux 8.4
The Control Panel is a set of sub-programs that can be used to configure various aspects of the Operating System. The Control Panel is the center of all operating system settings and is designed to make changes to the mouse, keyboard, sound, speakers, and screen. Webmin is also a Control Panel and Graphical User Interface for hosting. After reading this article, you can learn how to Install and Use Webmin on AlmaLinux 8.4 from the AlmaLinux training series.
What is Webmin?
Webmin is a web-based Control Panel and Graphical User Interface for Linux systems that can be used for free. You can configure all aspects of the system through your web browser with Webmin. It should note that Webmin removes the need to manually edit Linux/Unix configuration files, allowing you to manage a server from the console or remotely. It also allows you to control many machines through a single interface or seamless access to other Webmin hosts on the same subnet or LAN.
Webmin Features
1- Configure Email Server 2- Configure Apache Web Server 3- Configure DNS Server 4- Data Backup 5- Manage users and User groups
How to Install Webmin on AlmaLinux 8.4
First, you should buy a Linux VPS with the AlmaLinux Operating system. Then, switch to root user and log in as root to run all commands:
```
sudo -i
```
You need to add the yum Webmin repository to AlmaLinux 8.4 so that you can fetch Webmin packages for installation. Enter the following command in your Terminal and press Enter:
```
cat << EOF > /etc/yum.repos.d/webmin.repo
[Webmin]
name=Webmin
mirrorlist=https://download.webmin.com/download/yum/mirrorlist
enabled=1
gpgkey=http://www.webmin.com/jcameron-key.asc
EOF
```
Then you should update the system by entering the following command, which refreshes the repository cache and makes the system recognize the latest added repo of Webmin:
```
dnf update
```
In this step, you can download and install Webmin on the AlmaLinux RPM-based Linux Operating System:
```
dnf install webmin
```
Next, you should open Webmin port 10000 in the firewall to access the web interface of this web-based system configuration tool from any system browser that can access the IP address of the server or domain. Run the following command:
```
firewall-cmd --add-port=10000/tcp --permanent
firewall-cmd --reload
```
How to Use Webmin on AlmaLinux 8.4
Open Webmin through your web browser and specify the name of the computer and port that Webmin is running on. Note that if the Webmin installed in AlmaLinux is managed through a browser, its IP address or domain should be specified in the URL box along with port 10000. But if you are using Webmin in a GUI system, the management should be done using the local URL in the web address http://localhost:10000 and if only encrypted communication is possible in the system, just replace http with https:
```
https://server-ip-address:10000
or
https://example.com:10000
```
If SSL isn’t implemented, you will receive a ‘Your connection is not private‘ alert. You should click on Advanced and then click the Proceed to x.x.x.x link. Now you should enter your username and password. Be sure to enter AlmaLinux 8.4 server root as your username and password. The Webmin Dashboard running on AlmaLinux is as follows, where the user can manage its server:

Conclusion
Webmin is easy to use and offers several options for administrators to manage their Linux server through web-based remote access. In this article, Webmin Control Panel was introduced and how to install and use Webmin on AlmaLinux 8.4 was taught.
June 14, 2023
How To Install and Secure Memcached on Ubuntu 22.04
Memory object storage systems such as Memcached can optimize the performance of the backup database by temporarily storing information in memory and preserving frequently requested records. This will reduce the number of direct requests to your databases. We’ll look at how to add authentication to secure Memcached using Simple Authentication and Security Layer (SASL), as well as how to connect Memcached to a local or private network interface to make sure only on networks trusted by users. After reading this post, you will fully learn How To Install and Secure Memcached on Ubuntu 22.04. Therefore, we suggest you stay with us until the end of this article.

What is Memcached?

Memcached is a very powerful and free cache system that has been released as open source. Memcached is software for performing cache operations on Dynamic website servers that will make better and more efficient use of resources. Typically, it is using as a cache system to speed up applications by storing various objects from the results of database conversations.

This system is typically using to speed up websites that use the database, using data storage and objects in main memory (RAM) to reduce the number of times the data is read from an external data source (for example, the database). In the continuation of this article, you will learn about Install and Secure Memcached on Ubuntu 22.04

Prerequisites

A Linux VPS Ubuntu 22.04 server

– Non-root sudo user

– firewall enabled.

Install and Secure Memcached on Ubuntu 22.04

In this section, we are going to teach you step-by-step how to Install and Secure Memcached on Ubuntu 22.04. If you do not have Memcached installed on your server, install it from the official Ubuntu repositories. First, make sure your local package list is updated using the following command:
```
sudo apt update
```
Install the official package of memcached as follows:
```
sudo apt install memcached
```
You can install libmemcached-tools, which contain various tools that you can use to check, test, and manage your Memcached server. Add the package to the server using the following command:
```
sudo apt install libmemcached-tools
```
Memcached is installed as a service on your server, with tools that allow you to test its connectivity. To launch Memcached, run the systemctl command:
```
sudo systemctl start memcached
```
You can now go to secure the configuration settings.

How to Configure Memcached Network Settings

If the Memcached server only needs to support local IPv4 connections using TCP, you can skip this step and go to the next step. But if you want to configure Memcached to use UDP sockets, Unix domain sockets, or add support for IPv6 connections, follow the steps in this section.

First, make sure your Memcached instance listens to the local IPv4 127.0.0.1 Loopback interface. The current version of Memcached, which ships with Ubuntu and Debian, has its -l configuration parameter configured on the local interface to receive only connections from the server where Memcached runs.

Use the following command to verify that Memcached is currently connected to the local IPv4 127.0.0.1 interface and is listening for TCP connections:
```
sudo ss -plunt
```
The flags will alter ss output in the following ways:

-p adds the name of the process that is using a socket

-l limits the output to listening sockets only, as opposed to also including connected sockets to other systems

-u includes UDP-based sockets in the output

-n displays numeric values in the output instead of human-readable names and values

-t includes TCP-based sockets in the output

You should receive the output as follows:

This output verifies that Memcached is connected to the IPv4 Loopback address 127.0.0.1 using the TCP protocol. Now that it has been verified that Memcached is configured to support IPv4 with TCP connections only, you can edit /etc/memcached.conf to support UDP connections, Unix domain sockets, or IPv6.

How to Configuration IPv6 to Memcached

To enable IPv6 connections to Memcached, open the configuration file with Nano or other editors:
```
sudo nano /etc/memcached.conf
```
First, find the following command in the file:
```
. . .
-l 127.0.0.1
```
This line is where Memcached is configuring to listen to the local IPv4 interface. To add IPv6 support, add the IPv6 local loop address command (:: 1) as follows:
```
. . .
-l 127.0.0.1
-l ::1
```
Save and close the file by pressing CTRL+O, then ENTER to save, and then CTRL+X to exit Nano. Also, restart Memcached using the systemctl command:
```
sudo systemctl restart memcached
```
You can now check that Memcached also responds to IPv6 connections by repeating the ss command in the previous section:
```
sudo ss -plunt
```
You should receive the output as follows:
```
Output
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 
. . .
tcp LISTEN 0 1024 127.0.0.1:11211 0.0.0.0:* users:(("memcached",pid=8889,fd=26)) 
. . .
tcp LISTEN 0 1024 [::1]:11211 [::]:* users:(("memcached",pid=8889,fd=27))
```
Output segments show that Memcached is now responding to TCP connections in the local IPv6 interface. If you want to disable IPv4 support and only listen to IPv6 connections, you can remove the -l 127.0.0.1 command from /etc/memcached.conf and restart the service using the systemctl command.

How to Configure UDP on Memcached

If you want to use Memcached with UDP sockets, enable UDP support by editing the configuration file and opening /etc/memcached.conf using the nano or custom editor, then add the following command to the bottom of the file do:
```
. . .
-U 11211
```
If you do not need TCP support, find the -p 11211 command and change it to -p 0 to disable TCP connections. After editing the file, save and close it by entering CTRL+O to save and then CTRL+X to exit.

Restart the Memcached service with the systemctl command to apply the changes:
```
sudo systemctl restart memcached
```
Memcached listens to UDP connections using the following command:
```
sudo ss -plunt
```
If you have disabled TCP support and enabled IPv6 connections, you should get the following output:
```
[secondary_label Output] 
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process 
. . .
udp UNCONN 0 0 127.0.0.1:11211 0.0.0.0:* users:(("memcached",pid=8889,fd=28))
udp UNCONN 0 0 [::1]:11211 [::]:* users:(("memcached",pid=8889,fd=29))
. . .
```
Note that if you only enable IPv4 connections and enable TCP connections, your output may be different.

How to Configure Unix Domain Sockets

If you want to use Memcached with Unix domain sockets, you can enable support by editing the configuration file. Note that if you configure Memcached to use the Unix domain socket, Memcached disables TCP and UDP support, so before enabling socket support, make sure your applications do not need to connect using those protocols. Open /etc/memcached.conf using Nano or other editors, then add the following commands to the bottom of the file:
```
. . .
-s /var/run/memcached/memcached.sock
-a 660
```
The -a flag specifies the permissions in the socket file. Make sure the user to connect to Memcached is part of the Memcache group on your server, otherwise, a permission message will reject when you try to access the socket. Then, restart the Memcached service with the following command to apply the changes:
```
sudo systemctl restart memcached
```
Make sure Memcached listens to Unix domain socket connections using the following command:
```
sudo ss -lnx | grep memcached
```
The -x flag restricts the ss output to display socket files. You should receive the outputs as follows:
```
Output
u_str LISTEN 0 1024 /var/run/memcached/memcached.sock 20234658 * 0
```
Now that you have configured the Memcached network settings, go to the next step, adding SASL for authentication to Memcached.

How to Add Authorized Users to Memcached

To add authentication users to the Memcached service, use Simple Authentication and Security Layer (SASL), which separates authentication procedures from application protocols. First, add SASL support to the server and configure the user with authentication. Also, enable SASL in the Memcached configuration file and verify that everything is working properly.

Adding a Verified User

To start adding SASL support, you must install the sasl2-bin package, which includes management programs for the SASL user database. This tool helps you create an authenticated user. To install this tool, run the following command:
```
sudo apt install sasl2-bin
```
Create a directory and file that Memcached checks the SASL configuration settings using the mkdir command:
```
sudo mkdir -p /etc/sasl2
```
Now create the SASL configuration file using nano or the editor:
```
sudo nano /etc/sasl2/memcached.conf
```
Add the following command:
```
log_level: 5
mech_list: plain
sasldb_path: /etc/sasl2/memcached-sasldb2
```
In addition to setting the report level, mech_list is set to plain, which indicates to Memcached that it must use its password file and confirm the plain text password. The last command you added specifies the path to the user database file that you will create in the next step. Save and close the file when done.

Now create a valid SASL database and use the saslpasswd2 command with the -c flag to create a new user entry in the SASL database. The user here will be Linda, but you can replace this name with your own. The -f flag specifies the path to the database. This is the path you set in /etc/sasl2/memcached.conf:
```
sudo saslpasswd2 -a memcached -c -f /etc/sasl2/memcached-sasldb2 linda
```
Give the SASL database ownership to the user and memcache group with the following chown command:
```
sudo chown memcache:memcache /etc/sasl2/memcached-sasldb2
```
You now have a SASL configuration that Memcached uses for authentication. Next, verify that Memcached is running with its default settings, then reconfigure it and verify that it works with SASL authentication.

How to Configure SASL Support of the Memcached

First test the connection of the Memcached instance with the memcstat command. This check helps determine if Memcached is running and properly configured before activating SASL and authenticating the user. After making changes to the configuration files, run the command again to check for different outputs. To verify that Memcached is enabled and running using the memcstat command, type the following:
```
memcstat --servers="127.0.0.1"
```
If you are using IPv6, replace :: 1 with IPv4 127.0.0.1. If you are using a Unix domain socket, use the socket path instead of the IP address, for example –servers =/var/run/memcached/memached.sock. When you run the memcstat command and successfully connect to Memcached, you should get the following output:
```
Output
Server: 127.0.0.1 (11211)
pid: 2299875
uptime: 2020
time: 1632404590
version: 1.5.22
. . .
```
Tip: If you are using Memcached with UDP support, the memcstat command cannot connect to the UDP port. Use the following netcat command to confirm the connection:
```
nc -u 127.0.0.1 11211 -vz
```
If Memcached responds, you should get the output as follows:
```
Output
Connection to 127.0.0.1 11211 port [udp/*] succeeded!
```
If you are using Memcached with IPv6 and UDP, the command should look like this:
```
nc -6 -u ::1 11211 -vz
```
Enable SASL now. Add the -S parameter to the configuration file. Reopen the file with Nano:
```
sudo nano /etc/memcached.conf
```
In the file, add the following command:
```
. . .
-S
```
Next, find and ignore the -vv option, which provides full output to /var/log/memcached. The command without comment should be as follows:
```
. . .
-vv
```
Save and close the file. Restart the Memcached service using the systemctl command below:
```
sudo systemctl restart memcached
```
Check the journalctl report for Memcached to make sure SASL support is enabled:
```
sudo journalctl -u memcached |grep SASL
```
You should receive the output command as follows to indicate that SASL support is enabled:
```
Output
Sep 23 17:00:55 memcached systemd-memcached-wrapper[2303930]: Initialized SASL.
```
Now try connecting to Memcached again. Despite SASL support and initialization, the following memcstat command must fail without valid authentication:
```
memcstat --servers="127.0.0.1"
```
The command should not generate output. Enter the following shell command to check the status as follows:
```
echo $?
```
$? Always returns the exit code of the last command that came out. Anything other than 0 indicates process failure. In this case, you should get exit status 1, which indicates the failure of the memcstat command. Re-running memcstat, with the username and password, verifies that the authentication process works.

If you use different credentials, replace the following command with the values linda and your_password:
```
memcstat --servers="127.0.0.1" --username=linda --password=your_password
```
You should receive the output as follows:
```
Output
Server: 127.0.0.1 (11211)
pid: 3831
uptime: 9
time: 1520028517
version: 1.4.25
. . .
```
Memcached is now configuring and executing with SASL support and user authentication.

Allowing Access Over the Private Network (Optional)

Memcached is configuring to listen only to the local loopback interface (127.0.0.1), which protects the Memcached interface from being exposed to outside parties. There may be times when you need permission to access from other servers. You can configure it to connect Memcached to a private network interface.

How to Restrict IP Access with a Firewall

Before configuring settings, set firewall rules to restrict machines that can connect to your Memcached server. You must first record the private IP address of each device you used to connect to Memcached. Once you have a private IP address, add the explicit firewall rule to allow the device to access Memcached. If you are using a UFW firewall, restrict access to the Memcached instance by entering the following commands in the Memcached server:
```
sudo ufw allow from client_system_private_IP/32 to any port 11211
```
If more than one system has access to Memcached over a private network, be sure to add the ufw rules for each device using the above rule as a template. Make changes to the Memcached service to connect to the server’s private network interface.

Memcached Connection to Private Network Interface

Now that your firewall is in place, configure Memcached to connect to the server’s private network interface instead of 127.0.0.1. Find the Memcached server’s private network interface using the IP command below.
```
ip -brief address show
```
Depending on the server network configuration, the output may differ.

Once you find the IP address or private addresses of the server, reopen the configuration file using Nano:
```
sudo nano /etc/memcached.conf
```
Find the -l 127.0.0.1 command that you previously checked or modified, and change the address to match the server’s private network interface:
```
. . .
-l memcached_servers_private_IP
. . .
```
If you want Memcached to listen to multiple addresses, add another similar instruction for each address, either IPv4 or IPv6 using the -l memcached_servers_private_IP format. Save and close the file after completing the steps. Then restart the Memcached service:
```
sudo systemctl restart memcached
```
Check the new settings with ss to confirm the change:
```
sudo ss -plunt
```
Test your external customer connection to make sure you can still access the service. Also, check the access of an unauthorized client (try connecting without a username and password) to make sure your SASL authentication works properly. Also, try connecting to Memcached from another server that is not allowed to connect to make sure the firewall rules created are effective.

Conclusion

In this tutorial, you learned How To Install and Secure Memcached on Ubuntu 22.04. Also configure Memcached with IPv4, IPv6, TCP, UDP, and Unix domain sockets and how to secure your Memcached server by enabling SASL authentication. Finally, you learned how to connect Memcached to your local or private network interface and configure firewall rules to restrict access to Memcached. We hope you find this article useful. Share your comments with us via the form below.
June 12, 2023