freebsd Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘freebsd’

Install and configure rkhunter for improved security on a PCI DSS Linux / BSD servers with no access to Internet

Wednesday, November 10th, 2021

rkhunter or Rootkit Hunter scans systems for known and unknown rootkits. The tool is not new and most system administrators that has to mantain some good security servers perhaps already use it in their daily sysadmin tasks.

It does this by comparing SHA-1 Hashes of important files with known good ones in online databases, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, commmon backdoors, sniffers and exploits as well as other special tests mostly for Linux and FreeBSD though a ports for other UNIX operating systems like Solaris etc. are perhaps available. rkhunter is notable due to its inclusion in popular mainstream FOSS operating systems (CentOS, Fedora,Debian, Ubuntu etc.).

Even though rkhunter is not rapidly improved over the last 3 years (its last Official version release was on 20th of Febuary 2018), it is a good tool that helps to strengthen even further security and it is often a requirement for Unix servers systems that should follow the PCI DSS Standards (Payment Card Industry Data Security Standards).

Configuring rkhunter is a pretty straight forward if you don't have too much requirements but I decided to write this article for the reason there are fwe interesting options that you might want to adopt in configuration to whitelist any files that are reported as Warnings, as well as how to set a configuration that sets a stricter security checks than the installation defaults.

1. Install rkhunter .deb / .rpm package depending on the Linux distro or BSD

If you have to place it on a Redhat based distro CentOS / Redhat / Fedora

[root@Centos ~]# yum install -y rkhunter
…

On Debian distros the package name is equevallent to install there exec usual:

root@debian:~# apt install –yes rkhunter
…

On FreeBSD / NetBSD or other BSD forks you can install it from the BSD "World" ports system or install it from a precompiled binary.

freebsd# pkg install rkhunter
…

One important note to make here is to have a fully functional Alarming from rkhunter, you will have to have a fully functional configured postfix / exim / qmail whatever mail server to relay via official SMTP so you the Warning Alarm emails be able to reach your preferred Alarm email address. If you haven't installed postfix for example and configure it you might do.

– On Deb based distros

[root@Centos ~]#yum install postfix

– On RPM based distros

root@debian:~# apt-get install –yes postfix

and as minimum, further on configure some functional Email Relay server within /etc/postfix/main.cf

# vi /etc/postfix/main.cf
relayhost = [relay.smtp-server.com]

2. Prepare rkhunter.conf initial configuration

Depending on what kind of files are present on the filesystem it could be for some reasons some standard package binaries has to be excluded for verification, because they possess unusual permissions because of manual sys admin monification this is done with the rkhunter variable PKGMGR_NO_VRFY.

If remote logging is configured on the system via something like rsyslog you will want to specificly tell it to rkhunter so this check as a possible security issue is skipped via ALLOW_SYSLOG_REMOTE_LOGGING=1.

In case if remote root login via SSH protocol is disabled via /etc/ssh/sshd_config
PermitRootLogin no variable, the variable to include is ALLOW_SSH_ROOT_USER=no

It is useful to also increase the hashing check algorithm for security default one SHA256 you might want to change to SHA512, this is done via rkhunter.conf var HASH_CMD=SHA512

Triggering new email Warnings has to be configured so you receive, new mails at a preconfigured mailbox of your choice via variable
MAIL-ON-WARNING=SetMailAddress

# vi /etc/rkhunter.conf

PKGMGR_NO_VRFY=/usr/bin/su

PKGMGR_NO_VRFY=/usr/bin/passwd

ALLOW_SYSLOG_REMOTE_LOGGING=1

# Needed for corosync/pacemaker since update 19.11.2020

ALLOWDEVFILE=/dev/shm/qb-*/qb-*

# enabled ssh root access skip

ALLOW_SSH_ROOT_USER=no

HASH_CMD=SHA512

# Email address to sent alert in case of Warnings

MAIL-ON-WARNING=Your-Customer@Your-Email-Server-Destination-Address.com

MAIL-ON-WARNING=Your-Second-Peronsl-Email-Address@SMTP-Server.com

DISABLE_TESTS=os_specific

Optionally if you're using something specific such as corosync / pacemaker High Availability cluster or some specific software that is creating /dev/ files identified as potential Risks you might want to add more rkhunter.conf options like:

# Allow PCS/Pacemaker/Corosync
ALLOWDEVFILE=/dev/shm/qb-attrd-*
ALLOWDEVFILE=/dev/shm/qb-cfg-*
ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
ALLOWDEVFILE=/dev/shm/qb-corosync-*
ALLOWDEVFILE=/dev/shm/qb-cpg-*
ALLOWDEVFILE=/dev/shm/qb-lrmd-*
ALLOWDEVFILE=/dev/shm/qb-pengine-*
ALLOWDEVFILE=/dev/shm/qb-quorum-*
ALLOWDEVFILE=/dev/shm/qb-stonith-*
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/md/md-device-map
# Needed for corosync/pacemaker since update 19.11.2020
ALLOWDEVFILE=/dev/shm/qb-*/qb-*

# tomboy creates this one
ALLOWDEVFILE="/dev/shm/mono.*"
# created by libv4l
ALLOWDEVFILE="/dev/shm/libv4l-*"
# created by spice video
ALLOWDEVFILE="/dev/shm/spice.*"
# created by mdadm
ALLOWDEVFILE="/dev/md/autorebuild.pid"
# 389 Directory Server
ALLOWDEVFILE=/dev/shm/sem.slapd-*.stats
# squid proxy
ALLOWDEVFILE=/dev/shm/squid-cf*
# squid ssl cache
ALLOWDEVFILE=/dev/shm/squid-ssl_session_cache.shm
# Allow podman
ALLOWDEVFILE=/dev/shm/libpod*lock*

3. Set the proper mirror database URL location to internal network repository

Usually file /var/lib/rkhunter/db/mirrors.dat does contain Internet server address where latest version of mirrors.dat could be fetched, below is how it looks by default on Debian 10 Linux.

root@debian:/var/lib/rkhunter/db# cat mirrors.dat
Version:2007060601
mirror=http://rkhunter.sourceforge.net
mirror=http://rkhunter.sourceforge.net

As you can guess a machine that doesn't have access to the Internet neither directly, neither via some kind of secure proxy because it is in a Paranoic Demilitarized Zone (DMZ) Network with many firewalls. What you can do then is setup another Mirror server (Apache / Nginx) within the local PCI secured LAN that gets regularly the database from official database on http://rkhunter.sourceforge.net/ (by installing and running rkhunter –update command on the Mirror WebServer and copying data under some directory structure on the remote local LAN accessible server, to keep the DB uptodate you might want to setup a cron to periodically copy latest available rkhunter database towards the http://mirror-url/path-folder/)

# vi /var/lib/rkhunter/db/mirrors.dat

local=http://rkhunter-url-mirror-server-url.com/rkhunter/1.4/

A mirror copy of entire db files from Debian 10.8 ( Buster ) ready for download are here.

Update entire file property db and check for rkhunter db updates

# rkhunter –update && rkhunter –propupdate

[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files…
Checking file mirrors.dat [ Skipped ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ No update ]
Checking file i18n/tr.utf8 [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
Checking file i18n/ja [ No update ]

rkhunter-update-propupdate-screenshot-centos-linux

4. Initiate a first time check and see whether something is not triggering Warnings

# rkhunter –check

As you might have to run the rkhunter multiple times, there is annoying Press Enter prompt, between checks. The idea of it is that you're able to inspect what went on but since usually, inspecting /var/log/rkhunter/rkhunter.log is much more easier, I prefer to skip this with –skip-keypress option.

# rkhunter –check –skip-keypress

5. Whitelist additional files and dev triggering false warnings alerts

You have to keep in mind many files which are considered to not be officially PCI compatible and potentially dangerous such as lynx browser curl, telnet etc. might trigger Warning, after checking them thoroughfully with some AntiVirus software such as Clamav and checking the MD5 checksum compared to a clean installed .deb / .rpm package on another RootKit, Virus, Spyware etc. Clean system (be it virtual machine or a Testing / Staging) machine you might want to simply whitelist the files which are incorrectly detected as dangerous for the system security.

Again this can be achieved with

PKGMGR_NO_VRFY=

Some Cluster softwares that are preparing their own /dev/ temporary files such as Pacemaker / Corosync might also trigger alarms, so you might want to suppress this as well with ALLOWDEVFILE

ALLOWDEVFILE=/dev/shm/qb-*/qb-*

If Warnings are found check what is the issue and if necessery white list files due to incorrect permissions in /etc/rkhunter.conf .

rkhunter-warnings-found-screenshot

Re-run the check until all appears clean as in below screenshot.

rkhunter-clean-report-linux-screenshot

Fixing Checking for a system logging configuration file [ Warning ]

If you happen to get some message like, message appears when rkhunter -C is done on legacy CentOS release 6.10 (Final) servers:

[13:45:29] Checking for a system logging configuration file [ Warning ]
[13:45:29] Warning: The 'systemd-journald' daemon is running, but no configuration file can be found.
[13:45:29] Checking if syslog remote logging is allowed [ Allowed ]

To fix it, you will have to disable SYSLOG_CONFIG_FILE at all.

SYSLOG_CONFIG_FILE=NONE

Tags: access, ALLOWDEVFILE, checking, com, configure, created, default, Fixing Checking, freebsd, howto, Install, installation, Internet, lib, linux?, logging, mirror, pci, postfix, repository, rkhunter, rkhunter add dev, rkhunter.conf, security, shm, something, sourceforge, updates, var, Warnings, whitelist
Posted in Computer Security, Educational, Linux, System Administration | 2 Comments »

Sysadmin tip: How to force a new Linux user account password change after logging to improve security

Thursday, June 18th, 2020

Have you logged in through SSH to remote servers with the brand new given UNIX account in your company just to be prompted for your current Password immediately after logging and forced to change your password?
The smart sysadmins or security officers use this trick for many years to make sure the default set password for new user is set to a smarter user to prevent default password leaks which might later impose a severe security risk for a company Demiliterized networks confidential data etc.

If you haven't seen it yet and you're in the beautiful world of UNIX / Linux as a developer qa tester or sysadmin sooner or later you will face it.
Here of course I'm talking about plain password local account authentication using user / pass credentials stored in /etc/passwd or /etc/shadow.

Lets Say hello to the main command chage that is used to do this sysadmin trick.
chage command is used to change user password expiry information and set and alter password aging parameters on user accounts.

1. Force chage to make password expire on next user login for a new created user

# chage -d 0 {user-name}

Below is a real life example

chage-force-user-account-password-expiry-linux

2. Get information on when account expires

[hipo@linux ~]$ chage -l hipo
Last password change : Apr 03, 2020
Password expires : Jul 08, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 90
Number of days of warning before password expires : 14

3. Use chage to set user account password expiration

The most straight forward way to set an expiration date for an active user acct is with:

# chage -E 2020-08-16 username

To make the account get locked automatically if the password has expired and the user did not logged in to it for 2 days after its expiration.

# chage -I 2 username

– Set Password expire with Minimum days 7 (-n mindays 7), (-x maxdays 28) and (-w warndays 5)

# passwd -n 7 -x 28 -w 5 username

To check the passwod expiration settings use list command:

# chage -l username
Last password change : юни 18, 2020
Password expires : юли 16, 2020
Password inactive : never
Account expires : never
Minimum number of days between password change : 7
Maximum number of days between password change : 28
Number of days of warning before password expires : 5

chage is a command is essential sysadmin command that is mentioned in every Learn Linux book out there, however due to its often rare used many people and sysadmins either, don't know it or learn of it only once it is needed.
A note to make here is some sysadmins prefer to use usermod to set a password expire instead of chage.

usermod -e 2020-10-14 username

For those who wonder how to set password expiry on FreeBSD and other BSD-es is done, there it is done via the pw system user management tool as chage is not present there.

A note to make here is chage usually does not provide information for Linux user accounts that are stored in LDAP. To get information of such you can use ldapsearch with a query to the LDAP domain store with something like.

ldapsearch -x -ZZ -LLL -b dc=domain.com,dc=com objectClass=*

It is worthy to mention also another useful command when managing users this is getent used to get entries from Name Service Switch libraries.
getent is useful to get various information from basic /etc/ stored db files such as /etc/services /etc/shadow, /etc/group, /etc/aliases, /etc/hosts and even do some simple rpc queries.

Tags: BSD, chage, force password change, freebsd, getent, hosts, ldapsearch, linux?, passwd, password expire, pw, shadow
Posted in Computer Security, Linux, Linux and FreeBSD Desktop, System Administration | No Comments »

How to install KVM Kernel-based Virtual Machine Virtualization on Linux

Sunday, October 14th, 2018

install-KVM-Kernel-based-Virtual-Machine-virtualization-on-Linux

If you want to run multiple virtual machines on GNU / Linux server or your Linux powered Desktop you have the possibility to use a couple of Virtual Machines just to name a few VirtualBox and VMWare are the option the native way to do it is using the Linux kernel via a loadable kernel module called KVM (Kernel-based Virtual Machine).
Though Oracle's Virtualbox generally works and you could add new test beds virtual machines (install multiple Linux / *BSD OS) it is not fully Free Software and not even fully open source licensed, VMWare even though superior as a Virtualization product is proprietary and its application costs a lot of money which not each develpoper or small / mid-sized company could afford.

Once the kvm.ko module is loaded your Linux kernel turns into a full-featured Virtual Machine Hypervisor.
Starting with Linux kernel 2.6.X the KVM Hypervisor is available and easy to install virtually all modern Linux distributions Redhat / CentOS Debian / Ubuntu etc. support it and its up to running few commands to install and start using the Power of Kernel embedded Virtualization.

KVM could be used to run in parallel multiple Operating Systems such as Windows / Linux / FreeBSD and others of BSDs family, each running under a separate virtual machine with its private dedicated (isolated), disc, graphic card, network card etc.

To start up I assume you have already installed some kind of Linux distribution either locally or on a remote dedicated server.

1. Installing KVM on Debian GNU / Linux / Ubuntu / Mint and other deb based distros

Using APT tool install below packages:

root@jeremiah:~# apt install –yes qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils libguestfs-tools genisoimage virtinst libosinfo-bin

2. Installing virt-manager GUI to manage Virtual servers

root@jeremiah:~# apt-cache show virt-manager|grep -i desc -A 1
Description-en: desktop application for managing virtual machines
It presents a summary view of running domains and their live performance &
—
Description-md5: 9f7f584744b77cdacc2291f2a8ac220e
Homepage: http://virt-manager.et.redhat.com/

root@jeremiah:~# apt install –yes virt-manager

virtual-manager-fedora-28-linux-virtual-machine-settings-screenshot

3. Configure bridged networking to allow access to newly configured VMs

Bridging has to be added via /etc/network/interfaces therefore it is a good idea to create a backup of it before modifying:

# cp -rpf /etc/network/interfaces /etc/network/interfaces.bakup-$(echo $(date '+%Y-%m-%d-%H'))

# vim /etc/network/interfaces

auto br0
iface br0 inet static
         address 10.15.44.26
         netmask 255.255.255.192
         broadcast 10.15.44.63
         dns-nameservers 10.0.80.11 10.0.80.12
         # set static route for LAN
    post-up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.18.44.1
    post-up route add -net 161.26.0.0 netmask 255.255.0.0 gw 10.18.44.1
         bridge_ports eth0
         bridge_stp off
         bridge_fd 0
         bridge_maxwait 0

# br1 setup with static wan IPv4 with ISP router as a default gateway
auto br1
iface br1 inet static
         address 192.168.222.51
         netmask 255.255.255.248
         broadcast 192.168.222.55
         gateway 192.168.222.49
         bridge_ports eth1
         bridge_stp off
         bridge_fd 0
         bridge_maxwait 0

Once file is saved in vim editor restart the networking.

# systemctl restart network.manager

To verify whether the bridge has been succesfully upped.

root@jeremiah:/home/hipo/kvm# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.525400cb1cd1 yes virbr0-nic

4. List all installable Virtual OS images

root@jeremiah:/home/hipo/kvm# virt-builder -list
centos-6                 x86_64     CentOS 6.6
centos-7.0               x86_64     CentOS 7.0
centos-7.1               x86_64     CentOS 7.1
centos-7.2               aarch64    CentOS 7.2 (aarch64)
centos-7.2               x86_64     CentOS 7.2
centos-7.3               x86_64     CentOS 7.3
centos-7.4               x86_64     CentOS 7.4
centos-7.5               x86_64     CentOS 7.5
cirros-0.3.1             x86_64     CirrOS 0.3.1
cirros-0.3.5             x86_64     CirrOS 0.3.5
debian-6                 x86_64     Debian 6 (Squeeze)
debian-7                 sparc64    Debian 7 (Wheezy) (sparc64)
debian-7                 x86_64     Debian 7 (wheezy)
debian-8                 x86_64     Debian 8 (jessie)
debian-9                 x86_64     Debian 9 (stretch)
fedora-18                x86_64     Fedora® 18
fedora-19                x86_64     Fedora® 19
fedora-20                x86_64     Fedora® 20
fedora-21                aarch64    Fedora® 21 Server (aarch64)
fedora-21                armv7l     Fedora® 21 Server (armv7l)
fedora-21                ppc64      Fedora® 21 Server (ppc64)
fedora-21                ppc64le    Fedora® 21 Server (ppc64le)
fedora-21                x86_64     Fedora® 21 Server
fedora-22                aarch64    Fedora® 22 Server (aarch64)
fedora-22                armv7l     Fedora® 22 Server (armv7l)
fedora-22                i686       Fedora® 22 Server (i686)
fedora-22                x86_64     Fedora® 22 Server
fedora-23                aarch64    Fedora® 23 Server (aarch64)
fedora-23                armv7l     Fedora® 23 Server (armv7l)
fedora-23                i686       Fedora® 23 Server (i686)
fedora-23                ppc64      Fedora® 23 Server (ppc64)
fedora-23                ppc64le    Fedora® 23 Server (ppc64le)
fedora-23                x86_64     Fedora® 23 Server
fedora-24                aarch64    Fedora® 24 Server (aarch64)
fedora-24                armv7l     Fedora® 24 Server (armv7l)
fedora-24                i686       Fedora® 24 Server (i686)
fedora-24                x86_64     Fedora® 24 Server
fedora-25                aarch64    Fedora® 25 Server (aarch64)
fedora-25                armv7l     Fedora® 25 Server (armv7l)
fedora-25                i686       Fedora® 25 Server (i686)
fedora-25                ppc64      Fedora® 25 Server (ppc64)
fedora-25                ppc64le    Fedora® 25 Server (ppc64le)
fedora-25                x86_64     Fedora® 25 Server
fedora-26                aarch64    Fedora® 26 Server (aarch64)
fedora-26                armv7l     Fedora® 26 Server (armv7l)
fedora-26                i686       Fedora® 26 Server (i686)
fedora-26                ppc64      Fedora® 26 Server (ppc64)
fedora-26                ppc64le    Fedora® 26 Server (ppc64le)
fedora-26                x86_64     Fedora® 26 Server
fedora-27                aarch64    Fedora® 27 Server (aarch64)
fedora-27                armv7l     Fedora® 27 Server (armv7l)
fedora-27                i686       Fedora® 27 Server (i686)
fedora-27                ppc64      Fedora® 27 Server (ppc64)
fedora-27                ppc64le    Fedora® 27 Server (ppc64le)
fedora-27                x86_64     Fedora® 27 Server
fedora-28                i686       Fedora® 28 Server (i686)
fedora-28                x86_64     Fedora® 28 Server
freebsd-11.1             x86_64     FreeBSD 11.1
scientificlinux-6        x86_64     Scientific Linux 6.5
ubuntu-10.04             x86_64     Ubuntu 10.04 (Lucid)
ubuntu-12.04             x86_64     Ubuntu 12.04 (Precise)
ubuntu-14.04             x86_64     Ubuntu 14.04 (Trusty)
ubuntu-16.04             x86_64     Ubuntu 16.04 (Xenial)
ubuntu-18.04             x86_64     Ubuntu 18.04 (bionic)
opensuse-13.1            x86_64     openSUSE 13.1
opensuse-13.2            x86_64     openSUSE 13.2
opensuse-42.1            x86_64     openSUSE Leap 42.1
opensuse-tumbleweed      x86_64     openSUSE Tumbleweed

5. Create Virtual Machine OS-es from scratch with virt-builder

Below we'll create two images one for Fedora 28 and 1 for Debian 9 using the virt-builder (a tool to build virtual images quickly), the images that could be used are shown through below virt-builder –list command.

# iso='fedora-28';
# iso1='debian-9';

# sudo virt-builder $iso \
   –size=10G \
   –format qcow2 -o /var/lib/libvirt/images/$iso-vm1.qcow2 \
   –hostname $iso-vm1 \
   –network \
   –timezone Europe/Sofia

[   3.3] Downloading: http://libguestfs.org/download/builder/fedora-28.xz
[   5.2] Planning how to build this image
[   5.2] Uncompressing
[ 20.8] Resizing (using virt-resize) to expand the disk to 10.0G
[ 50.8] Opening the new disk
[ 53.7] Setting a random seed
[ 53.7] Setting the hostname: fedora-28-vm1
[ 53.7] Setting the timezone: Europe/Sofia
[ 53.7] Setting passwords
virt-builder: Setting random password of root to YMTkxaJIkEU24Ytf
[ 54.7] Finishing off
                   Output file: /var/lib/libvirt/images/fedora-28-vm1.qcow2
                   Output size: 10.0G
                 Output format: qcow2
            Total usable space: 9.3G
                    Free space: 8.2G (87%)

# sudo virt-builder $iso1 \
   –size=10G \
   –format qcow2 -o /var/lib/libvirt/images/$iso-vm1.qcow2 \
   –hostname $iso1-vm1 \
   –network \
   –timezone Europe/Sofia

[   3.2] Downloading: http://libguestfs.org/download/builder/debian-9.xz
[   4.1] Planning how to build this image
[   4.1] Uncompressing
[ 16.9] Resizing (using virt-resize) to expand the disk to 10.0G
[ 40.1] Opening the new disk
[ 42.9] Setting a random seed
virt-builder: warning: random seed could not be set for this type of guest
[ 42.9] Setting the hostname: debian-9-vm1
[ 43.6] Setting the timezone: Europe/Sofia
[ 43.6] Setting passwords
virt-builder: Setting random password of root to JtzEYGff9KxL5jCR
[ 44.3] Finishing off
                   Output file: /var/lib/libvirt/images/debian-9-vm1.qcow2
                   Output size: 10.0G
                 Output format: qcow2
            Total usable space: 9.8G
                    Free space: 9.0G (91%)

vim bridged.xml

# sudo virsh net-define –file bridged.xml
# sudo virsh net-autostart br0
# sudo virsh net-start br0

Above two commands will download pre-packaged KVM isos and store them inside /var/lib/libvirt/images/ you see also the root (administrator) password for both ISOs printed out.

root@jeremiah:/home/hipo/kvm# ls -ld /var/lib/libvirt/images/*
-rw-r–r– 1 root root 10739318784 Oct 12 23:45 /var/lib/libvirt/images/debian-9-vm1.qcow2
-rw-r–r– 1 root root 10739318784 Oct 12 23:46 /var/lib/libvirt/images/fedora-28-vm1.qcow2

To access directly the new created VMs as we have specified the –vnc option it is possible to directly vnc to the new host with VNC client (in linux I use vncviewer), on Windows you can use something like TightVNC.

6. Use official Linux distributions ISO boot files to install into KVM VM

Those who would like to run inside KVM VM Linux could do it directly using installable ISO files and install the set of Linux with the required packages, just like installing a fresh new Linux on a bare-metal machine.
To do so download your ISO image from the net (either from official distro website or a mirror website, in case if you need to spin an older version) and use virt-install to run the installer inside KVM.

root@jeremiah:~# cd /var/lib/libvirt/boot/;
root@jeremiah:~# wget http://mirrors.netix.net/centos/7.5.1804/isos/x86_64/CentOS-7-x86_64-DVD-1804.iso
…

# sudo virt-install \
–virt-type=kvm \
–name centos7 \
–ram 2048 \
–vcpus=2 \
–os-variant=centos7.0 \
–virt-type=kvm \
–hvm \
–cdrom=/var/lib/libvirt/boot/CentOS-7-x86_64-DVD-1804.iso \
–network=bridge=br0,model=virtio \
–network=bridge=br1,model=virtio \
–graphics vnc \
–disk path=/var/lib/libvirt/images/centos7.qcow2,size=40,bus=virtio,format=qcow2

7. List newly created VMs with Virsh command

root@jeremiah:/home/hipo/kvm# virsh list –all
Id    Name                           State
—————————————————-
3     fedora-28                      running
–     debian9                        shut off

The –all parameter lists all available VMs ready to spin, if you want to check what are the VMs that are only running use instead:

root@jeremiah:/home/hipo/kvm# virsh list
Id Name State
—————————————————-
3 fedora-28 running

8. Install Virtual Machine OS-es

Below lines will install 2 Virtual machines one Fedora 28 and Debian 9

os='fedora-28';
virt-install –import –name $os \
   –ram 2048 \
   –vcpu 2 \
   –disk path=/var/lib/libvirt/images/$os-vm1.qcow2,format=qcow2 \
   –os-variant fedora-unknown \
   –network=bridge=br0,model=virtio \
    –noautoconsole \
–hvm \
–graphics vnc

os='debian9';
virt-install –import –name $os     \
–ram 2048     \
–vcpu 2     \
–disk path=/var/lib/libvirt/images/$os-vm1.qcow2,format=qcow2     \
–os-variant debian9     –network=bridge=br0,model=virtio     \
–noautoconsole \
–hvm \
–graphics vnc

To deploy more just change the virtual machine type in os variable and modify the –os-variant variable to match the distribution name, to get the correct –os-variant variables that can be passed use osinfo-query below is output of the cmd:

root@jeremiah:/home/hipo/kvm# osinfo-query os
Short ID             | Name                                               | Version | ID
———————-+—————————————————-+———-+—————————————–
altlinux1.0          | Mandrake RE Spring 2001                            | 1.0      | http://altlinux.org/altlinux/1.0
altlinux2.0          | ALT Linux 2.0                                      | 2.0      | http://altlinux.org/altlinux/2.0
altlinux2.2          | ALT Linux 2.2                                      | 2.2      | http://altlinux.org/altlinux/2.2
altlinux2.4          | ALT Linux 2.4                                      | 2.4      | http://altlinux.org/altlinux/2.4
altlinux3.0          | ALT Linux 3.0                                      | 3.0      | http://altlinux.org/altlinux/3.0
altlinux4.0          | ALT Linux 4.0                                      | 4.0      | http://altlinux.org/altlinux/4.0
altlinux4.1          | ALT Linux 4.1                                      | 4.1      | http://altlinux.org/altlinux/4.1
altlinux5.0          | ALT Linux 5.0                                      | 5.0      | http://altlinux.org/altlinux/5.0
altlinux6.0          | ALT Linux 6.0                                      | 6.0      | http://altlinux.org/altlinux/6.0
altlinux7.0          | ALT Linux 7.0                                      | 7.0      | http://altlinux.org/altlinux/7.0
centos6.0            | CentOS 6.0                                         | 6.0      | http://centos.org/centos/6.0
centos6.1            | CentOS 6.1                                         | 6.1      | http://centos.org/centos/6.1
centos6.2            | CentOS 6.2                                         | 6.2      | http://centos.org/centos/6.2
centos6.3            | CentOS 6.3                                         | 6.3      | http://centos.org/centos/6.3
centos6.4            | CentOS 6.4                                         | 6.4      | http://centos.org/centos/6.4
centos6.5            | CentOS 6.5                                         | 6.5      | http://centos.org/centos/6.5
centos6.6            | CentOS 6.6                                         | 6.6      | http://centos.org/centos/6.6
centos6.7            | CentOS 6.7                                         | 6.7      | http://centos.org/centos/6.7
centos6.8            | CentOS 6.8                                         | 6.8      | http://centos.org/centos/6.8
centos6.9            | CentOS 6.9                                         | 6.9      | http://centos.org/centos/6.9
centos7.0            | CentOS 7.0                                         | 7.0      | http://centos.org/centos/7.0
debian1.1            | Debian Buzz                                        | 1.1      | http://debian.org/debian/1.1
debian1.2            | Debian Rex                                         | 1.2      | http://debian.org/debian/1.2
debian1.3            | Debian Bo                                          | 1.3      | http://debian.org/debian/1.3
debian2.0            | Debian Hamm                                        | 2.0      | http://debian.org/debian/2.0
debian2.1            | Debian Slink                                       | 2.1      | http://debian.org/debian/2.1
debian2.2            | Debian Potato                                      | 2.2      | http://debian.org/debian/2.2
debian3              | Debian Woody                                       | 3        | http://debian.org/debian/3
debian3.1            | Debian Sarge                                       | 3.1      | http://debian.org/debian/3.1
debian4              | Debian Etch                                        | 4        | http://debian.org/debian/4
debian5              | Debian Lenny                                       | 5        | http://debian.org/debian/5
debian6              | Debian Squeeze                                     | 6        | http://debian.org/debian/6
debian7              | Debian Wheezy                                      | 7        | http://debian.org/debian/7
debian8              | Debian Jessie                                      | 8        | http://debian.org/debian/8
debian9              | Debian Stretch                                     | 9        | http://debian.org/debian/9
debiantesting        | Debian Testing                                     | testing | http://debian.org/debian/testing
fedora-unknown       | Fedora                                             | unknown | http://fedoraproject.org/fedora/unknown
fedora1              | Fedora Core 1                                      | 1        | http://fedoraproject.org/fedora/1
fedora10             | Fedora 10                                          | 10       | http://fedoraproject.org/fedora/10
fedora11             | Fedora 11                                          | 11       | http://fedoraproject.org/fedora/11
fedora12             | Fedora 12                                          | 12       | http://fedoraproject.org/fedora/12
fedora13             | Fedora 13                                          | 13       | http://fedoraproject.org/fedora/13
fedora14             | Fedora 14                                          | 14       | http://fedoraproject.org/fedora/14
fedora15             | Fedora 15                                          | 15       | http://fedoraproject.org/fedora/15
fedora16             | Fedora 16                                          | 16       | http://fedoraproject.org/fedora/16
fedora17             | Fedora 17                                          | 17       | http://fedoraproject.org/fedora/17
fedora18             | Fedora 18                                          | 18       | http://fedoraproject.org/fedora/18
fedora19             | Fedora 19                                          | 19       | http://fedoraproject.org/fedora/19
fedora2              | Fedora Core 2                                      | 2        | http://fedoraproject.org/fedora/2
fedora20             | Fedora 20                                          | 20       | http://fedoraproject.org/fedora/20
fedora21             | Fedora 21                                          | 21       | http://fedoraproject.org/fedora/21
fedora22             | Fedora 22                                          | 22       | http://fedoraproject.org/fedora/22
fedora23             | Fedora 23                                          | 23       | http://fedoraproject.org/fedora/23
fedora24             | Fedora 24                                          | 24       | http://fedoraproject.org/fedora/24
fedora25             | Fedora 25                                          | 25       | http://fedoraproject.org/fedora/25
fedora26             | Fedora 26                                          | 26       | http://fedoraproject.org/fedora/26
fedora3              | Fedora Core 3                                      | 3        | http://fedoraproject.org/fedora/3
fedora4              | Fedora Core 4                                      | 4        | http://fedoraproject.org/fedora/4
fedora5              | Fedora Core 5                                      | 5        | http://fedoraproject.org/fedora/5
fedora6              | Fedora Core 6                                      | 6        | http://fedoraproject.org/fedora/6
fedora7              | Fedora 7                                           | 7        | http://fedoraproject.org/fedora/7
fedora8              | Fedora 8                                           | 8        | http://fedoraproject.org/fedora/8
fedora9              | Fedora 9                                           | 9        | http://fedoraproject.org/fedora/9
freebsd1.0           | FreeBSD 1.0                                        | 1.0      | http://freebsd.org/freebsd/1.0
freebsd10.0          | FreeBSD 10.0                                       | 10.0     | http://freebsd.org/freebsd/10.0
freebsd10.1          | FreeBSD 10.1                                       | 10.1     | http://freebsd.org/freebsd/10.1
freebsd10.2          | FreeBSD 10.2                                       | 10.2     | http://freebsd.org/freebsd/10.2
freebsd10.3          | FreeBSD 10.3                                       | 10.3     | http://freebsd.org/freebsd/10.3
freebsd10.4          | FreeBSD 10.4                                       | 10.4     | http://freebsd.org/freebsd/10.4
freebsd11.0          | FreeBSD 11.0                                       | 11.0     | http://freebsd.org/freebsd/11.0
freebsd11.1          | FreeBSD 11.1                                       | 11.1     | http://freebsd.org/freebsd/11.1
freebsd2.0           | FreeBSD 2.0                                        | 2.0      | http://freebsd.org/freebsd/2.0
freebsd2.0.5         | FreeBSD 2.0.5                                      | 2.0.5    | http://freebsd.org/freebsd/2.0.5
freebsd2.2.8         | FreeBSD 2.2.8                                      | 2.2.8    | http://freebsd.org/freebsd/2.2.8
freebsd2.2.9         | FreeBSD 2.2.9                                      | 2.2.9    | http://freebsd.org/freebsd/2.2.9
freebsd3.0           | FreeBSD 3.0                                        | 3.0      | http://freebsd.org/freebsd/3.0
freebsd3.2           | FreeBSD 3.2                                        | 3.2      | http://freebsd.org/freebsd/3.2
freebsd4.0           | FreeBSD 4.0                                        | 4.0      | http://freebsd.org/freebsd/4.0
freebsd4.1           | FreeBSD 4.1                                        | 4.1      | http://freebsd.org/freebsd/4.1
freebsd4.10          | FreeBSD 4.10                                       | 4.10     | http://freebsd.org/freebsd/4.10
freebsd4.11          | FreeBSD 4.11                                       | 4.11     | http://freebsd.org/freebsd/4.11
freebsd4.2           | FreeBSD 4.2                                        | 4.2      | http://freebsd.org/freebsd/4.2
freebsd4.3           | FreeBSD 4.3                                        | 4.3      | http://freebsd.org/freebsd/4.3
freebsd4.4           | FreeBSD 4.4                                        | 4.4      | http://freebsd.org/freebsd/4.4
freebsd4.5           | FreeBSD 4.5                                        | 4.5      | http://freebsd.org/freebsd/4.5
freebsd4.6           | FreeBSD 4.6                                        | 4.6      | http://freebsd.org/freebsd/4.6
freebsd4.7           | FreeBSD 4.7                                        | 4.7      | http://freebsd.org/freebsd/4.7
freebsd4.8           | FreeBSD 4.8                                        | 4.8      | http://freebsd.org/freebsd/4.8
freebsd4.9           | FreeBSD 4.9                                        | 4.9      | http://freebsd.org/freebsd/4.9
freebsd5.0           | FreeBSD 5.0                                        | 5.0      | http://freebsd.org/freebsd/5.0
freebsd5.1           | FreeBSD 5.1                                        | 5.1      | http://freebsd.org/freebsd/5.1
freebsd5.2           | FreeBSD 5.2                                        | 5.2      | http://freebsd.org/freebsd/5.2
freebsd5.2.1         | FreeBSD 5.2.1                                      | 5.2.1    | http://freebsd.org/freebsd/5.2.1
freebsd5.3           | FreeBSD 5.3                                        | 5.3      | http://freebsd.org/freebsd/5.3
freebsd5.4           | FreeBSD 5.4                                        | 5.4      | http://freebsd.org/freebsd/5.4
freebsd5.5           | FreeBSD 5.5                                        | 5.5      | http://freebsd.org/freebsd/5.5
freebsd6.0           | FreeBSD 6.0                                        | 6.0      | http://freebsd.org/freebsd/6.0
freebsd6.1           | FreeBSD 6.1                                        | 6.1      | http://freebsd.org/freebsd/6.1
freebsd6.2           | FreeBSD 6.2                                        | 6.2      | http://freebsd.org/freebsd/6.2
freebsd6.3           | FreeBSD 6.3                                        | 6.3      | http://freebsd.org/freebsd/6.3
freebsd6.4           | FreeBSD 6.4                                        | 6.4      | http://freebsd.org/freebsd/6.4
freebsd7.0           | FreeBSD 7.0                                        | 7.0      | http://freebsd.org/freebsd/7.0
freebsd7.1           | FreeBSD 7.1                                        | 7.1      | http://freebsd.org/freebsd/7.1
freebsd7.2           | FreeBSD 7.2                                        | 7.2      | http://freebsd.org/freebsd/7.2
freebsd7.3           | FreeBSD 7.3                                        | 7.3      | http://freebsd.org/freebsd/7.3
freebsd7.4           | FreeBSD 7.4                                        | 7.4      | http://freebsd.org/freebsd/7.4
freebsd8.0           | FreeBSD 8.0                                        | 8.0      | http://freebsd.org/freebsd/8.0
freebsd8.1           | FreeBSD 8.1                                        | 8.1      | http://freebsd.org/freebsd/8.1
freebsd8.2           | FreeBSD 8.2                                        | 8.2      | http://freebsd.org/freebsd/8.2
freebsd8.3           | FreeBSD 8.3                                        | 8.3      | http://freebsd.org/freebsd/8.3
freebsd8.4           | FreeBSD 8.4                                        | 8.4      | http://freebsd.org/freebsd/8.4
freebsd9.0           | FreeBSD 9.0                                        | 9.0      | http://freebsd.org/freebsd/9.0
freebsd9.1           | FreeBSD 9.1                                        | 9.1      | http://freebsd.org/freebsd/9.1
freebsd9.2           | FreeBSD 9.2                                        | 9.2      | http://freebsd.org/freebsd/9.2
freebsd9.3           | FreeBSD 9.3                                        | 9.3      | http://freebsd.org/freebsd/9.3
freedos1.2           | FreeDOS 1.2                                        | 1.2      | http://freedos.org/freedos/1.2
gnome-continuous-3.10 | GNOME 3.10                                         | 3.10     | http://gnome.org/gnome-continuous/3.10
gnome-continuous-3.12 | GNOME 3.12                                         | 3.12     | http://gnome.org/gnome-continuous/3.12
gnome-continuous-3.14 | GNOME 3.14                                         | 3.14     | http://gnome.org/gnome-continuous/3.14
gnome3.6             | GNOME 3.6                                          | 3.6      | http://gnome.org/gnome/3.6
gnome3.8             | GNOME 3.8                                          | 3.8      | http://gnome.org/gnome/3.8
macosx10.0           | MacOS X Cheetah                                    | 10.0     | http://apple.com/macosx/10.0
macosx10.1           | MacOS X Puma                                       | 10.1     | http://apple.com/macosx/10.1
macosx10.2           | MacOS X Jaguar                                     | 10.2     | http://apple.com/macosx/10.2
macosx10.3           | MacOS X Panther                                    | 10.3     | http://apple.com/macosx/10.3
macosx10.4           | MacOS X Tiger                                      | 10.4     | http://apple.com/macosx/10.4
macosx10.5           | MacOS X Leopard                                    | 10.5     | http://apple.com/macosx/10.5
macosx10.6           | MacOS X Snow Leopard                               | 10.6     | http://apple.com/macosx/10.6
macosx10.7           | MacOS X Lion                                       | 10.7     | http://apple.com/macosx/10.7
mageia1              | Mageia 1                                           | 1        | http://mageia.org/mageia/1
mageia2              | Mageia 2                                           | 2        | http://mageia.org/mageia/2
mageia3              | Mageia 3                                           | 3        | http://mageia.org/mageia/3
mageia4              | Mageia 4                                           | 4        | http://mageia.org/mageia/4
mageia5              | Mageia 5                                           | 5        | http://mageia.org/mageia/5
mageia6              | Mageia 6                                           | 6        | http://mageia.org/mageia/6
mandrake10.0         | Mandrake Linux 10.0                                | 10.0     | http://mandriva.com/mandrake/10.0
mandrake10.1         | Mandrake Linux 10.1                                | 10.1     | http://mandriva.com/mandrake/10.1
mandrake10.2         | Mandrake Linux 10.2                                | 10.2     | http://mandriva.com/mandrake/10.2
mandrake5.1          | Mandrake Linux 5.1                                 | 5.1      | http://mandriva.com/mandrake/5.1
mandrake5.2          | Mandrake Linux 5.2                                 | 5.2      | http://mandriva.com/mandrake/5.2
mandrake5.3          | Mandrake Linux 5.3                                 | 5.3      | http://mandriva.com/mandrake/5.3
mandrake6.0          | Mandrake Linux 6.0                                 | 6.0      | http://mandriva.com/mandrake/6.0
mandrake6.1          | Mandrake Linux 6.1                                 | 6.1      | http://mandriva.com/mandrake/6.1
mandrake7.0          | Mandrake Linux 7.0                                 | 7.0      | http://mandriva.com/mandrake/7.0
mandrake7.1          | Mandrake Linux 7.1                                 | 7.1      | http://mandriva.com/mandrake/7.1
mandrake7.2          | Mandrake Linux 7.2                                 | 7.2      | http://mandriva.com/mandrake/7.2
mandrake8.0          | Mandrake Linux 8.0                                 | 8.0      | http://mandriva.com/mandrake/8.0
mandrake8.1          | Mandrake Linux 8.1                                 | 8.1      | http://mandriva.com/mandrake/8.1
mandrake8.2          | Mandrake Linux 8.2                                 | 8.2      | http://mandriva.com/mandrake/8.2
mandrake9.0          | Mandrake Linux 9.0                                 | 9.0      | http://mandriva.com/mandrake/9.0
mandrake9.1          | Mandrake Linux 9.1                                 | 9.1      | http://mandriva.com/mandrake/9.1
mandrake9.2          | Mandrake Linux 9.2                                 | 9.2      | http://mandriva.com/mandrake/9.2
mandriva2006.0       | Mandriva Linux 2006.0                              | 2006.0   | http://mandriva.com/mandriva/2006.0
mandriva2007         | Mandriva Linux 2007                                | 2007     | http://mandriva.com/mandriva/2007
mandriva2007.1       | Mandriva Linux 2007 Spring                         | 2007.1   | http://mandriva.com/mandriva/2007.1
mandriva2008.0       | Mandriva Linux 2008                                | 2008.0   | http://mandriva.com/mandriva/2008.0
mandriva2008.1       | Mandriva Linux 2008 Spring                         | 2008.1   | http://mandriva.com/mandriva/2008.1
mandriva2009.0       | Mandriva Linux 2009                                | 2009.0   | http://mandriva.com/mandriva/2009.0
mandriva2009.1       | Mandriva Linux 2009 Spring                         | 2009.1   | http://mandriva.com/mandriva/2009.1
mandriva2010.0       | Mandriva Linux 2010                                | 2010.0   | http://mandriva.com/mandriva/2010.0
mandriva2010.1       | Mandriva Linux 2010 Spring                         | 2010.1   | http://mandriva.com/mandriva/2010.1
mandriva2010.2       | Mandriva Linux 2010.2                              | 2010.2   | http://mandriva.com/mandriva/2010.2
mandriva2011         | Mandriva Linux 2011                                | 2011     | http://mandriva.com/mandriva/2011
mbs1.0               | Mandriva Business Server 1.0                       | 1.0      | http://mandriva.com/mbs/1.0
mes5                 | Mandriva Enterprise Server 5.0                     | 5.0      | http://mandriva.com/mes/5.0
mes5.1               | Mandriva Enterprise Server 5.1                     | 5.1      | http://mandriva.com/mes/5.1
msdos6.22            | Microsoft MS-DOS 6.22                              | 6.22     | http://microsoft.com/msdos/6.22
netbsd0.8            | NetBSD 0.8                                         | 0.8      | http://netbsd.org/netbsd/0.8
netbsd0.9            | NetBSD 0.9                                         | 0.9      | http://netbsd.org/netbsd/0.9
netbsd1.0            | NetBSD 1.0                                         | 1.0      | http://netbsd.org/netbsd/1.0
netbsd1.1            | NetBSD 1.1                                         | 1.1      | http://netbsd.org/netbsd/1.1
netbsd1.2            | NetBSD 1.2                                         | 1.2      | http://netbsd.org/netbsd/1.2
netbsd1.3            | NetBSD 1.3                                         | 1.3      | http://netbsd.org/netbsd/1.3
netbsd1.4            | NetBSD 1.4                                         | 1.4      | http://netbsd.org/netbsd/1.4
netbsd1.5            | NetBSD 1.5                                         | 1.5      | http://netbsd.org/netbsd/1.5
netbsd1.6            | NetBSD 1.6                                         | 1.6      | http://netbsd.org/netbsd/1.6
netbsd2.0            | NetBSD 2.0                                         | 2.0      | http://netbsd.org/netbsd/2.0
netbsd3.0            | NetBSD 3.0                                         | 3.0      | http://netbsd.org/netbsd/3.0
netbsd4.0            | NetBSD 4.0                                         | 4.0      | http://netbsd.org/netbsd/4.0
netbsd5.0            | NetBSD 5.0                                         | 5.0      | http://netbsd.org/netbsd/5.0
netbsd5.1            | NetBSD 5.1                                         | 5.1      | http://netbsd.org/netbsd/5.1
netbsd6.0            | NetBSD 6.0                                         | 6.0      | http://netbsd.org/netbsd/6.0
netbsd6.1            | NetBSD 6.1                                         | 6.1      | http://netbsd.org/netbsd/6.1
netbsd7.0            | NetBSD 7.0                                         | 7.0      | http://netbsd.org/netbsd/7.0
netbsd7.1            | NetBSD 7.1                                         | 7.1      | http://netbsd.org/netbsd/7.1
netbsd7.1.1          | NetBSD 7.1.1                                       | 7.1.1    | http://netbsd.org/netbsd/7.1.1
netware4             | Novell Netware 4                                   | 4        | http://novell.com/netware/4
netware5             | Novell Netware 5                                   | 5        | http://novell.com/netware/5
netware6             | Novell Netware 6                                   | 6        | http://novell.com/netware/6
openbsd4.2           | OpenBSD 4.2                                        | 4.2      | http://openbsd.org/openbsd/4.2
openbsd4.3           | OpenBSD 4.3                                        | 4.3      | http://openbsd.org/openbsd/4.3
openbsd4.4           | OpenBSD 4.4                                        | 4.4      | http://openbsd.org/openbsd/4.4
openbsd4.5           | OpenBSD 4.5                                        | 4.5      | http://openbsd.org/openbsd/4.5
openbsd4.8           | OpenBSD 4.8                                        | 4.8      | http://openbsd.org/openbsd/4.8
openbsd4.9           | OpenBSD 4.9                                        | 4.9      | http://openbsd.org/openbsd/4.9
openbsd5.0           | OpenBSD 5.0                                        | 5.0      | http://openbsd.org/openbsd/5.0
openbsd5.1           | OpenBSD 5.1                                        | 5.1      | http://openbsd.org/openbsd/5.1
openbsd5.2           | OpenBSD 5.2                                        | 5.2      | http://openbsd.org/openbsd/5.2
openbsd5.3           | OpenBSD 5.3                                        | 5.3      | http://openbsd.org/openbsd/5.3
openbsd5.4           | OpenBSD 5.4                                        | 5.4      | http://openbsd.org/openbsd/5.4
openbsd5.5           | OpenBSD 5.5                                        | 5.5      | http://openbsd.org/openbsd/5.5
openbsd5.6           | OpenBSD 5.6                                        | 5.6      | http://openbsd.org/openbsd/5.6
openbsd5.7           | OpenBSD 5.7                                        | 5.7      | http://openbsd.org/openbsd/5.7
openbsd5.8           | OpenBSD 5.8                                        | 5.8      | http://openbsd.org/openbsd/5.8
openbsd5.9           | OpenBSD 5.9                                        | 5.9      | http://openbsd.org/openbsd/5.9
openbsd6.0           | OpenBSD 6.0                                        | 6.0      | http://openbsd.org/openbsd/6.0
openbsd6.1           | OpenBSD 6.1                                        | 6.1      | http://openbsd.org/openbsd/6.1
openbsd6.2           | OpenBSD 6.2                                        | 6.2      | http://openbsd.org/openbsd/6.2
opensolaris2009.06   | OpenSolaris 2009.06                                | 2009.06 | http://sun.com/opensolaris/2009.06
opensuse-factory     | openSUSE                                           | factory | http://opensuse.org/opensuse/factory
opensuse-unknown     | openSUSE                                           | unknown | http://opensuse.org/opensuse/unknown
opensuse10.2         | openSUSE 10.2                                      | 10.2     | http://opensuse.org/opensuse/10.2
opensuse10.3         | openSUSE 10.3                                      | 10.3     | http://opensuse.org/opensuse/10.3
opensuse11.0         | openSUSE 11.0                                      | 11.0     | http://opensuse.org/opensuse/11.0
opensuse11.1         | openSUSE 11.1                                      | 11.1     | http://opensuse.org/opensuse/11.1
opensuse11.2         | openSUSE 11.2                                      | 11.2     | http://opensuse.org/opensuse/11.2
opensuse11.3         | openSUSE 11.3                                      | 11.3     | http://opensuse.org/opensuse/11.3
opensuse11.4         | openSUSE 11.4                                      | 11.4     | http://opensuse.org/opensuse/11.4
opensuse12.1         | openSUSE 12.1                                      | 12.1     | http://opensuse.org/opensuse/12.1
opensuse12.2         | openSUSE 12.2                                      | 12.2     | http://opensuse.org/opensuse/12.2
opensuse12.3         | openSUSE 12.3                                      | 12.3     | http://opensuse.org/opensuse/12.3
opensuse13.1         | openSUSE 13.1                                      | 13.1     | http://opensuse.org/opensuse/13.1
opensuse13.2         | openSUSE 13.2                                      | 13.2     | http://opensuse.org/opensuse/13.2
opensuse42.1         | openSUSE Leap 42.1                                 | 42.1     | http://opensuse.org/opensuse/42.1
opensuse42.2         | openSUSE Leap 42.2                                 | 42.2     | http://opensuse.org/opensuse/42.2
opensuse42.3         | openSUSE Leap 42.3                                 | 42.3     | http://opensuse.org/opensuse/42.3
opensusetumbleweed   | openSUSE Tumbleweed                                | tumbleweed | http://opensuse.org/opensuse/tumbleweed
rhel-atomic-7.0      | Red Hat Enterprise Linux Atomic Host 7.0           | 7.0      | http://redhat.com/rhel-atomic/7.0
rhel-atomic-7.1      | Red Hat Enterprise Linux Atomic Host 7.1           | 7.1      | http://redhat.com/rhel-atomic/7.1
rhel-atomic-7.2      | Red Hat Enterprise Linux Atomic Host 7.2           | 7.2      | http://redhat.com/rhel-atomic/7.2
rhel2.1              | Red Hat Enterprise Linux 2.1                       | 2.1      | http://redhat.com/rhel/2.1
rhel2.1.1            | Red Hat Enterprise Linux 2.1 Update 1  /etc/bind/masters/elinvent.com            | 2.1.1    | http://redhat.com/rhel/2.1.1
rhel2.1.2            | Red Hat Enterprise Linux 2.1 Update 2              | 2.1.2    | http://redhat.com/rhel/2.1.2
rhel2.1.3            | Red Hat Enterprise Linux 2.1 Update 3              | 2.1.3    | http://redhat.com/rhel/2.1.3
rhel2.1.4            | Red Hat Enterprise Linux 2.1 Update 4              | 2.1.4    | http://redhat.com/rhel/2.1.4
rhel2.1.5            | Red Hat Enterprise Linux 2.1 Update 5              | 2.1.5    | http://redhat.com/rhel/2.1.5
rhel2.1.6            | Red Hat Enterprise Linux 2.1 Update 6              | 2.1.6    | http://redhat.com/rhel/2.1.6
rhel2.1.7            | Red Hat Enterprise Linux 2.1 Update 7              | 2.1.7    | http://redhat.com/rhel/2.1.7
rhel3                | Red Hat Enterprise Linux 3                         | 3        | http://redhat.com/rhel/3
rhel3.1              | Red Hat Enterprise Linux 3 Update 1                | 3.1      | http://redhat.com/rhel/3.1
rhel3.2              | Red Hat Enterprise Linux 3 Update 2                | 3.2      | http://redhat.com/rhel/3.2
rhel3.3              | Red Hat Enterprise Linux 3 Update 3                | 3.3      | http://redhat.com/rhel/3.3
rhel3.4              | Red Hat Enterprise Linux 3 Update 4                | 3.4      | http://redhat.com/rhel/3.4
rhel3.5              | Red Hat Enterprise Linux 3 Update 5                | 3.5      | http://redhat.com/rhel/3.5
rhel3.6              | Red Hat Enterprise Linux 3 Update 6                | 3.6      | http://redhat.com/rhel/3.6
rhel3.7              | Red Hat Enterprise Linux 3 Update 7                | 3.7      | http://redhat.com/rhel/3.7
rhel3.8              | Red Hat Enterprise Linux 3 Update 8                | 3.8      | http://redhat.com/rhel/3.8
rhel3.9              | Red Hat Enterprise Linux 3 Update 9                | 3.9      | http://redhat.com/rhel/3.9
rhel4.0              | Red Hat Enterprise Linux 4.0                       | 4.0      | http://redhat.com/rhel/4.0
rhel4.1              | Red Hat Enterprise Linux 4.1                       | 4.1      | http://redhat.com/rhel/4.1
rhel4.2              | Red Hat Enterprise Linux 4.2                       | 4.2      | http://redhat.com/rhel/4.2
rhel4.3              | Red Hat Enterprise Linux 4.3                       | 4.3      | http://redhat.com/rhel/4.3
rhel4.4              | Red Hat Enterprise Linux 4.4                       | 4.4      | http://redhat.com/rhel/4.4
rhel4.5              | Red Hat Enterprise Linux 4.5                       | 4.5      | http://redhat.com/rhel/4.5
rhel4.6              | Red Hat Enterprise Linux 4.6                       | 4.6      | http://redhat.com/rhel/4.6
rhel4.7              | Red Hat Enterprise Linux 4.7                       | 4.7      | http://redhat.com/rhel/4.7
rhel4.8              | Red Hat Enterprise Linux 4.8                       | 4.8      | http://redhat.com/rhel/4.8
rhel4.9              | Red Hat Enterprise Linux 4.9                       | 4.9      | http://redhat.com/rhel/4.9
rhel5.0              | Red Hat Enterprise Linux 5.0                       | 5.0      | http://redhat.com/rhel/5.0
rhel5.1              | Red Hat Enterprise Linux 5.1                       | 5.1      | http://redhat.com/rhel/5.1
rhel5.10             | Red Hat Enterprise Linux 5.10                      | 5.10     | http://redhat.com/rhel/5.10
rhel5.11             | Red Hat Enterprise Linux 5.11                      | 5.11     | http://redhat.com/rhel/5.11
rhel5.2              | Red Hat Enterprise Linux 5.2                       | 5.2      | http://redhat.com/rhel/5.2
rhel5.3              | Red Hat Enterprise Linux 5.3                       | 5.3      | http://redhat.com/rhel/5.3
rhel5.4              | Red Hat Enterprise Linux 5.4                       | 5.4      | http://redhat.com/rhel/5.4
rhel5.5              | Red Hat Enterprise Linux 5.5                       | 5.5      | http://redhat.com/rhel/5.5
rhel5.6              | Red Hat Enterprise Linux 5.6                       | 5.6      | http://redhat.com/rhel/5.6
rhel5.7              | Red Hat Enterprise Linux 5.7                       | 5.7      | http://redhat.com/rhel/5.7
rhel5.8              | Red Hat Enterprise Linux 5.8                       | 5.8      | http://redhat.com/rhel/5.8
rhel5.9              | Red Hat Enterprise Linux 5.9                       | 5.9      | http://redhat.com/rhel/5.9
rhel6.0              | Red Hat Enterprise Linux 6.0                       | 6.0      | http://redhat.com/rhel/6.0
rhel6.1              | Red Hat Enterprise Linux 6.1                       | 6.1      | http://redhat.com/rhel/6.1
rhel6.2              | Red Hat Enterprise Linux 6.2                       | 6.2      | http://redhat.com/rhel/6.2
rhel6.3              | Red Hat Enterprise Linux 6.3                       | 6.3      | http://redhat.com/rhel/6.3
rhel6.4              | Red Hat Enterprise Linux 6.4                       | 6.4      | http://redhat.com/rhel/6.4
rhel6.5              | Red Hat Enterprise Linux 6.5                       | 6.5      | http://redhat.com/rhel/6.5
rhel6.6              | Red Hat Enterprise Linux 6.6                       | 6.6      | http://redhat.com/rhel/6.6
rhel6.7              | Red Hat Enterprise Linux 6.7                       | 6.7      | http://redhat.com/rhel/6.7
rhel6.8              | Red Hat Enterprise Linux 6.8                       | 6.8      | http://redhat.com/rhel/6.8
rhel6.9              | Red Hat Enterprise Linux 6.9                       | 6.9      | http://redhat.com/rhel/6.9
rhel7.0              | Red Hat Enterprise Linux 7.0                       | 7.0      | http://redhat.com/rhel/7.0
rhel7.1              | Red Hat Enterprise Linux 7.1                       | 7.1      | http://redhat.com/rhel/7.1
rhel7.2              | Red Hat Enterprise Linux 7.2                       | 7.2      | http://redhat.com/rhel/7.2
rhel7.3              | Red Hat Enterprise Linux 7.3                       | 7.3      | http://redhat.com/rhel/7.3
rhel7.4              | Red Hat Enterprise Linux 7.4                       | 7.4      | http://redhat.com/rhel/7.4
rhl1.0               | Red Hat Linux 1.0                                  | 1.0      | http://redhat.com/rhl/1.0
rhl1.1               | Red Hat Linux 1.1                                  | 1.1      | http://redhat.com/rhl/1.1
rhl2.0               | Red Hat Linux 2.0                                  | 2.0      | http://redhat.com/rhl/2.0
rhl2.1               | Red Hat Linux 2.1                                  | 2.1      | http://redhat.com/rhl/2.1
rhl3.0.3             | Red Hat Linux 3.0.3                                | 3.0.3    | http://redhat.com/rhl/3.0.3
rhl4.0               | Red Hat Linux 4.0                                  | 4.0      | http://redhat.com/rhl/4.0
rhl4.1               | Red Hat Linux 4.1                                  | 4.1      | http://redhat.com/rhl/4.1
rhl4.2               | Red Hat Linux 4.2                                  | 4.2      | http://redhat.com/rhl/4.2
rhl5.0               | Red Hat Linux 5.0                                  | 5.0      | http://redhat.com/rhl/5.0
rhl5.1               | Red Hat Linux 5.1                                  | 5.1      | http://redhat.com/rhl/5.1
rhl5.2               | Red Hat Linux 5.2                                  | 5.2      | http://redhat.com/rhl/5.2
rhl6.0               | Red Hat Linux 6.0                                  | 6.0      | http://redhat.com/rhl/6.0
rhl6.1               | Red Hat Linux 6.1                                  | 6.1      | http://redhat.com/rhl/6.1
rhl6.2               | Red Hat Linux 6.2                                  | 6.2      | http://redhat.com/rhl/6.2
rhl7                 | Red Hat Linux 7                                    | 7        | http://redhat.com/rhl/7
rhl7.1               | Red Hat Linux 7.1                                  | 7.1      | http://redhat.com/rhl/7.1
rhl7.2               | Red Hat Linux 7.2                                  | 7.2      | http://redhat.com/rhl/7.2
rhl7.3               | Red Hat Linux 7.3                                  | 7.3      | http://redhat.com/rhl/7.3
rhl8.0               | Red Hat Linux 8.0                                  | 8.0      | http://redhat.com/rhl/8.0
rhl9                 | Red Hat Linux 9                                    | 9        | http://redhat.com/rhl/9
sled10               | SUSE Linux Enterprise Desktop 10                   | 10       | http://suse.com/sled/10
sled10sp1            | SUSE Linux Enterprise Desktop 10 SP1               | 10.1     | http://suse.com/sled/10.1
sled10sp2            | SUSE Linux Enterprise Desktop 10 SP2               | 10.2     | http://suse.com/sled/10.2
sled10sp3            | SUSE Linux Enterprise Desktop 10 SP3               | 10.3     | http://suse.com/sled/10.3
sled10sp4            | SUSE Linux Enterprise Desktop 10 SP4               | 10.4     | http://suse.com/sled/10.4
sled11               | SUSE Linux Enterprise Desktop 11                   | 11       | http://suse.com/sled/11
sled11sp1            | SUSE Linux Enterprise Desktop 11 SP1               | 11.1     | http://suse.com/sled/11.1
sled11sp2            | SUSE Linux Enterprise Desktop 11 SP2               | 11.2     | http://suse.com/sled/11.2
sled11sp3            | SUSE Linux Enterprise Desktop 11 SP3               | 11.3     | http://suse.com/sled/11.3
sled11sp4            | SUSE Linux Enterprise Desktop 11 SP4               | 11.4     | http://suse.com/sled/11.4
sled12               | SUSE Linux Enterprise Desktop 12                   | 12       | http://suse.com/sled/12
sled12sp1            | SUSE Linux Enterprise Desktop 12 SP1               | 12.1     | http://suse.com/sled/12.1
sled12sp2            | SUSE Linux Enterprise Desktop 12 SP2               | 12.2     | http://suse.com/sled/12.2
sled9                | SUSE Linux Enterprise Desktop 9                    | 9        | http://suse.com/sled/9
sles10               | SUSE Linux Enterprise Server 10            /etc/bind/masters/elinvent.com        | 10       | http://suse.com/sles/10
sles10sp1            | SUSE Linux Enterprise Server 10 SP1                | 10.1     | http://suse.com/sles/10.1
sles10sp2            | SUSE Linux Enterprise Server 10 SP2                | 10.2     | http://suse.com/sles/10.2
sles10sp3            | SUSE Linux Enterprise Server 10 SP3                | 10.3     | http://suse.com/sles/10.3
sles10sp4            | SUSE Linux Enterprise Server 10 SP4                | 10.4     | http://suse.com/sles/10.4
sles11               | SUSE Linux Enterprise Server 11                    | 11       | http://suse.com/sles/11
sles11sp1            | SUSE Linux Enterprise Server 11 SP1                | 11.1     | http://suse.com/sles/11.1
sles11sp2            | SUSE Linux Enterprise Server 11 SP2                | 11.2     | http://suse.com/sles/11.2
sles11sp3            | SUSE Linux Enterprise Server 11 SP3                | 11.3     | http://suse.com/sles/11.3
sles11sp4            | SUSE Linux Enterprise Server 11 SP4                | 11.4     | http://suse.com/sles/11.4
sles12               | SUSE Linux Enterprise Server 12                    | 12       | http://suse.com/sles/12
sles12sp1            | SUSE Linux Enterprise Server 12 SP1                | 12.1     | http://suse.com/sles/12.1
sles12sp2            | SUSE Linux Enterprise Server 12 SP2                | 12.2     | http://suse.com/sles/12.2
sles9                | SUSE Linux Enterprise Server 9                     | 9        | http://suse.com/sles/9
solaris10            | Solaris 10                                         | 10       | http://sun.com/solaris/10
solaris11            | Oracle Solaris 11                                  | 11       | http://oracle.com/solaris/11
solaris9             | Solaris 9                                          | 9        | http://sun.com/solaris/9
ubuntu10.04          | Ubuntu 10.04 LTS                                   | 10.04    | http://ubuntu.com/ubuntu/10.04
ubuntu10.10          | Ubuntu 10.10                                       | 10.10    | http://ubuntu.com/ubuntu/10.10
ubuntu11.04          | Ubuntu 11.04                                       | 11.04    | http://ubuntu.com/ubuntu/11.04
ubuntu11.10          | Ubuntu 11.10                                       | 11.10    | http://ubuntu.com/ubuntu/11.10
ubuntu12.04          | Ubuntu 12.04 LTS                                   | 12.04    | http://ubuntu.com/ubuntu/12.04
ubuntu12.10          | Ubuntu 12.10                                       | 12.10    | http://ubuntu.com/ubuntu/12.10
ubuntu13.04          | Ubuntu 13.04                                       | 13.04    | http://ubuntu.com/ubuntu/13.04
ubuntu13.10          | Ubuntu 13.10                                       | 13.10    | http://ubuntu.com/ubuntu/13.10
ubuntu14.04          | Ubuntu 14.04 LTS                                   | 14.04    | http://ubuntu.com/ubuntu/14.04
ubuntu14.10          | Ubuntu 14.10                                       | 14.10    | http://ubuntu.com/ubuntu/14.10
ubuntu15.04          | Ubuntu 15.04                                       | 15.04    | http://ubuntu.com/ubuntu/15.04
ubuntu15.10          | Ubuntu 15.10                                       | 15.10    | http://ubuntu.com/ubuntu/15.10
ubuntu16.04          | Ubuntu 16.04                                       | 16.04    | http://ubuntu.com/ubuntu/16.04
ubuntu16.10          | Ubuntu 16.10                                       | 16.10    | http://ubuntu.com/ubuntu/16.10
ubuntu17.04          | Ubuntu 17.04                                       | 17.04    | http://ubuntu.com/ubuntu/17.04
ubuntu17.10          | Ubuntu 17.10                                       | 17.10    | http://ubuntu.com/ubuntu/17.10
ubuntu4.10           | Ubuntu 4.10                                        | 4.10     | http://ubuntu.com/ubuntu/4.10
ubuntu5.04           | Ubuntu 5.04                                        | 5.04     | http://ubuntu.com/ubuntu/5.04
ubuntu5.10           | Ubuntu 5.10                                        | 5.10     | http://ubuntu.com/ubuntu/5.10
ubuntu6.06           | Ubuntu 6.06 LTS                                    | 6.06     | http://ubuntu.com/ubuntu/6.06
ubuntu6.10           | Ubuntu 6.10                                        | 6.10     | http://ubuntu.com/ubuntu/6.10
ubuntu7.04           | Ubuntu 7.04                                        | 7.04     | http://ubuntu.com/ubuntu/7.04
ubuntu7.10           | Ubuntu 7.10                                        | 7.10     | http://ubuntu.com/ubuntu/7.10
ubuntu8.04           | Ubuntu 8.04 LTS                                    | 8.04     | http://ubuntu.com/ubuntu/8.04
ubuntu8.10           | Ubuntu 8.10                                        | 8.10     | http://ubuntu.com/ubuntu/8.10
ubuntu9.04           | Ubuntu 9.04                                        | 9.04     | http://ubuntu.com/ubuntu/9.04
ubuntu9.10           | Ubuntu 9.10                                        | 9.10     | http://ubuntu.com/ubuntu/9.10
win1.0               | Microsoft Windows 1.0                              | 1.0      | http://microsoft.com/win/1.0
win10                | Microsoft Windows 10                               | 10.0     | http://microsoft.com/win/10
win2.0               | Microsoft Windows 2.0                              | 2.0      | http://microsoft.com/win/2.0
win2.1               | Microsoft Windows 2.1                              | 2.1      | http://microsoft.com/win/2.1
win2k                | Microsoft Windows 2000                             | 5.0      | http://microsoft.com/win/2k
win2k12              | Microsoft Windows Server 2012                      | 6.3      | http://microsoft.com/win/2k12
win2k12r2            | Microsoft Windows Server 2012 R2                   | 6.3      | http://microsoft.com/win/2k12r2
win2k3               | Microsoft Windows Server 2003                      | 5.2      | http://microsoft.com/win/2k3
win2k3r2             | Microsoft Windows Server 2003 R2                   | 5.2      | http://microsoft.com/win/2k3r2
win2k8               | Microsoft Windows Server 2008                      | 6.0      | http://microsoft.com/win/2k8
win2k8r2             | Microsoft Windows Server 2008 R2                   | 6.1      | http://microsoft.com/win/2k8r2
win3.1               | Microsoft Windows 3.1                              | 3.1      | http://microsoft.com/win/3.1
win7                 | Microsoft Windows 7                                | 6.1      | http://microsoft.com/win/7
win8                 | Microsoft Windows 8                                | 6.2      | http://microsoft.com/win/8
win8.1               | Microsoft Windows 8.1                              | 6.3      | http://microsoft.com/win/8.1
win95                | Microsoft Windows 95                               | 4.0      | http://microsoft.com/win/95
win98                | Microsoft Windows 98                               | 4.1      | http://microsoft.com/win/98
winme                | Microsoft Windows Millennium Edition               | 4.9      | http://microsoft.com/win/me
winnt3.1             | Microsoft Windows NT Server 3.1                    | 3.1      | http://microsoft.com/winnt/3.1
winnt3.5             | Microsoft Windows NT Server 3.5                    | 3.5      | http://microsoft.com/winnt/3.5
winnt3.51            | Microsoft Windows NT Server 3.51                   | 3.51     | http://microsoft.com/winnt/3.51
winnt4.0             | Microsoft Windows NT Server 4.0                    | 4.0      | http://microsoft.com/winnt/4.0
winvista             | Microsoft Windows Vista                            | 6.0      | http://microsoft.com/win/vista
winxp                | Microsoft Windows XP                               | 5.1      | http://microsoft.com/win/xp

9. Start / Stop listed KVM Virtual Machine

root@jeremiah:~# virsh list –all
Id    Name                           State
—————————————————-
3     fedora-28                      running
–     debian9                        shut off

To start debian9 linux virtual machine that is currently off

root@jeremiah:~# virsh start fedora-28
Domain fedora-28 started

root@jeremiah:/home/hipo# virsh start debian9
error: Failed to start domain debian9
error: Requested operation is not valid: network 'default' is not active

root@jeremiah:/home/hipo# virsh net-list –all
Name                 State      Autostart     Persistent
———————————————————-
br0                  active     yes           yes
default              inactive   no            yes

root@jeremiah:/home/hipo# virsh net-start default
Network default started

root@jeremiah:/home/hipo# virsh start debian9
Domain debian9 started

10. Attach to running VM with virsh or virt-manager

root@jeremiah:~# virsh list
Id    Name                           State
—————————————————-
1     fedora-28                      running
3     debian9                        running

root@jeremiah:~# virsh connect debian9

Note that to make the login prompt appear you have to press enter once after the ^] connection string appears

kvm-connect-to-virtual-machine-with-virsh-command-screenshot-howto

An alternative way is to use virt-manager GUI KVM desktop management interface and click over the Virtual Machine Guest name, in same fashion like in VirtualBox.

virtual-manager-virt-manager-screenshot-with-Virtual-Machines-inside-on-Debian-Linux

virt-manager-gui-interface-connect-to-fedora-28-virtual-machine

If you have KVM running on your Linux desktop PC / notebook you can also connect via VNC with virsh command.

root@jericho:~# virsh vncdisplay centos7

Another handy thing is to expose the Virtualized Guest OS with VNC in order to be able to connect and manage installation or further Linux configuration via VNC using an SSH Tunnel with port forwarding:

$ ssh hipo@www.pc-freak.net -L 5901:127.0.0.1:5901

11. Start / Shutdown / Suspend / Reboot (safe reboot) a VM guest machine domain

root@jericho:~# virsh shutdown debian9
root@jericho:~# virsh start fedora-28
root@jericho:~# virsh suspend debian9
root@jericho:~# virsh reboot fedora-28

12. Remove / Delete KVM Virtual Machines domain

root@jeremiah:~# virsh undefine fedora-28
root@jeremiah:~# virsh destroy fedora-28

Closing words

Using KVM to experiment with different OS distributions is really fun just like you can easily run a number of the major most popular Linux Distributions and a set of different versions. It takes few minutes to have a fully functional Linux to play with and it saves a lot of hassles when dealing with GNU / Linux and FreeBSD, doing so in Virtualbox for me prooved to be much more complicated (not to mention that often Virtualbox had an ugly bugs so even Importing an Appliance as a Guest VM with an official distro OS-es failed with weird errors.
One other very practical use of Kerkel-based Virtualization is if you want to run your servers using own Micro-Services architecture (e.g. run multiple Linux OS-es each running a separate Apache / Nginx / MySQL / PostGreSQL / Backup / Storage) etc. all of it running on a single dedicated server or a self-hosted bare-metal
There are plenty of Web Interfaces for Management KVM (proprietary and free software) that could even futher simplify the use and deploy / destory of KVM VMs.
All that makes possible running your own Linux or Web hosting provider a relatively easy task and seriously could cut business expenses and operational (maintenance) costs.

If you plan to run youw own hosting company, I can help you establish your infrastructure and advise you on the right technologies to use.

Tags: access, administrator, after, ALL, ALLOW, Alt, alternative, amp, and, another, Below, cmd, com, Debian Squeeze, freebsd, How to, howto, Installing, kvm, kvm install os, org, os-query, packages, root root, timezone, virsh, virt-builder, virt-install, virt-manager, Virtual Machine Hypervisor
Posted in Linux, Various, Virtual Machines | 1 Comment »

Optimize PNG images by compressing on GNU / Linux, FreeBSD server to Improve Website overall Performance

Monday, November 27th, 2017

how-to-optimize-your-png-pictures-to-reduce-size-and-save-speed-bandwidth-optipng-compression-tests-results

If you own a website with some few hundreds of .PNG images like 10 000 / 15 000 png images and the website shows to perform slow in Google PageSpeed Insights and is slow to open when Google Searched or Shared on Facebook / Twitter etc. then one recommended step to boost up the website opening speed is to compress (optimize) the .PNG pictures without loosing the images quality to both save space and account bandwidth you could use optipng even though this is not the only tool available to help you optimize and reduce the size of your images, some few other tools you might like to check out if you have more time are:

a.) pngcrush – optimizes PNG (Portable Network Graphics) files.
b.) pngnq – tool for optimizing PNG (Portable Network Graphics) images. It is a tool for quantizing PNG images in RGBA format.
c.) pngquant – PNG (Portable Network Graphics) image optimising utility. It is a command-line utility for converting 24/32-bit PNG images to paletted (8-bit) PNGs.

1. Install and Compress / optimize PNG / GIF / PNM / TIFF file format with optipng

OPTIPING tool recompresses the .PNG images to a smaller size without loosing any quality information, besides PNG file format it also supports (BMP, GIF, PNM and TIFF) image format.

If you don't have optipng installed on your server you can;

a.) install it on Redhat RPM based Linux distributions lets say CentOS Linux use:

[root@centos: ~]# yum install epel-release [root@centos: ~]# yum install optipng

Note that, You will need to first enable epel repo on centos 7

b.) If instead you're on a Debian GNU / Linux

debian:~# apt-get install optipng

c.) FreeBSD users can install it from FreeBSD ports with:

freebsd# cd /usr/ports/graphics/optipng
freebsd# make install clean

optipng syntax is quite self explanatory
optipng [options] what-ever-file.png

You can get a full list of possible command options with -? command, here is a list:

debian:~# optipng -?
Synopsis:
    optipng [options] files …
Files:
    Image files of type: PNG, BMP, GIF, PNM or TIFF
Basic options:
    -?, -h, -help   show this help
    -o <level>       optimization level (0-7)       [default: 2]
    -v           run in verbose mode / show copyright and version info
General options:
    -backup, -keep   keep a backup of the modified files
    -clobber       overwrite existing files
    -fix       enable error recovery
    -force       enforce writing of a new output file
    -preserve       preserve file attributes if possible
    -quiet, -silent   run in quiet mode
    -simulate       run in simulation mode
    -out <file>       write output file to <file>
    -dir <directory>   write output file(s) to <directory>
    -log <file>       log messages to <file>
    —           stop option switch parsing
Optimization options:
    -f <filters>   PNG delta filters (0-5)           [default: 0,5]
    -i <type>       PNG interlace type (0-1)
    -zc <levels>   zlib compression levels (1-9)       [default: 9]
    -zm <levels>   zlib memory levels (1-9)       [default: 8]
    -zs <strategies>   zlib compression strategies (0-3)   [default: 0-3]
    -zw <size>       zlib window size (256,512,1k,2k,4k,8k,16k,32k)
    -full       produce a full report on IDAT (might reduce speed)
    -nb           no bit depth reduction
    -nc           no color type reduction
    -np           no palette reduction
    -nx           no reductions
    -nz           no IDAT recoding
Editing options:
    -snip       cut one image out of multi-image or animation files
    -strip <objects>   strip metadata objects (e.g. "all")
Optimization levels:
    -o0       <=>   -o1 -nx -nz               (0 or 1 trials)
    -o1       <=>   -zc9 -zm8 -zs0 -f0           (1 trial)
           (or…)   -zc9 -zm8 -zs1 -f5           (1 trial)
    -o2       <=>   -zc9 -zm8 -zs0-3 -f0,5           (8 trials)
    -o3       <=>   -zc9 -zm8-9 -zs0-3 -f0,5       (16 trials)
    -o4       <=>   -zc9 -zm8 -zs0-3 -f0-5           (24 trials)
    -o5       <=>   -zc9 -zm8-9 -zs0-3 -f0-5       (48 trials)
    -o6       <=>   -zc1-9 -zm8 -zs0-3 -f0-5       (120 trials)
    -o7       <=>   -zc1-9 -zm8-9 -zs0-3 -f0-5       (240 trials)
    -o7 -zm1-9   <=>   -zc1-9 -zm1-9 -zs0-3 -f0-5       (1080 trials)
Notes:
    The combination for -o1 is chosen heuristically.
    Exhaustive combinations such as "-o7 -zm1-9" are not generally recommended.
Examples:
    optipng file.png                       (default speed)
    optipng -o5 file.png                   (slow)
    optipng -o7 file.png                   (very slow)

Just running it with, lets say -o7 arguments is enough for optipng to compress your image and reduce some 15 to 30% of picture size

optipng -o7 what-ever-image-you-have.png

optipng-example-on-reducing-image-screenshot-24.9-png-image-compression

2. Compress images without loosing quality recursively inside directory and subdirectories with optiping

a.) To optimize all pictures inside a single directory (without sub-directories) on remote server you can run, below command:

cd whatever-dir/
for i in *.png; do optipng -o6 -quiet -keep -preserve -dir optimized -log optipng-compress.log "$i"; done

As you can see a log is being written on what the command has done and the originals of the optimized images is going to be preserved, the optimize level is 6 is the PNG encoding level.

cd /var/www/your-site/images/
find . -type f -iname "*.png" -print0 | xargs -I {} -0 optipng -o6 -keep -preserve -log optipng-compress.log "{}"

This command is pretty handy to run on own dedicated server, if you don't have one just do it on your Linux computer at home or if you don't own a PC with Linux install any Deb / RPM based Linux inside VirtualBox or VMWare Virtual Machine and do it there, then upload to your Hosting Provider / Amazon EC2 etc and Enjoy the increased website performance 🙂

Tags: compressing, freebsd, images, linux?, Optimize, server
Posted in Everyday Life, FreeBSD, Linux, Web and CMS | 1 Comment »

How to make for loop (cycles) in KSH useful for FreeBSD / UNIX system administrators

Friday, November 3rd, 2017

korn-shell-how-to-make-loops-easily-for-sys-admin-purposes

Sometimes we have to administrate this operating systems such as FreeBSD / AIX / HP UX or even Mac OS server where by default due to historical reasons or for security bash shell is not avialable. That's not a common scenario but it happens so if as sysadmin we need to create for loops on ksh it is useful to know how to do that, as for loop cycles are one of the most important command line tools the sysadmin swiss army knife kind of.

So how to create a for loop (cycle) in ksh (Korn Shell)?

The most basic example for a KSH loop shell is below:

#!/bin/ksh
for i in 1 2 3 4 5
do
echo "Welcome $i times"
done

Add the content to any file lets say ksh_loop.ksh then make it executable as you do in bash shells

$ chmod +x ksh_loop.ksh
$ ksh ksh_loop.ksh

The overall syntax of the for loop ksh command is as follows:

for {Variable} in {lists}
do
echo ${Variable}
done

Hence to list lets say 20 iterations in a loop in ksh you can use something like:

#!/bin/ksh
for i in {1..20}
do
echo "Just a simple echo Command $i times";
# add whatever system commands you like here
done

Example for some useful example with KSH loop is to list a directory content so you can execute whatever command you need on each of the files or directories inside

#!/bin/ksh
for f in $(ls /tmp/*)
do
print "Iterating whatever command you like on /tmp dir : $f"
done

Other useful for loop iteration would be to print a file content line by line just like it is done in bash shell, you can do that with a small loop like belows:

#!/bin/ksh
for iteration_variable in $(cat file_with-your-loved-content-to-iterate.txt)
do
print "Current iteration like is : $iteration_variable"
done

Tags: freebsd, loop, make, system, unix, Useful
Posted in FreeBSD, IBM AIX UNIX, Programming | No Comments »

FreeBSD post install configuration steps to make on fresh FreeBSD install to make ready for server and Desktop use

Saturday, October 28th, 2017

1. Update binary packages

First thing to do just like on any new operating system install is to update / patch the server

# freebsd-update fetch
# freebsd-update install

2. Update FreeBSD port packages

As a FreeBSD administrator you will need ports every now and then so make sure you have them at their latest release for your FBSD release

# pkg update
# pkg upgrade

3. Install editors and bash

# pkg install nano vim joe bash bash_completion

4. Install sudo

To be able to run commands without becoming superuser root just like on any Linux you will probably want to have sudo package installed

# pkg install sudo

Sudo config file is under /usr/local/etc/sudoers

To edit it with syntax check enabled use visudo

# visudo

…

# sudo pkg update

If you want a regular account to have root superuser edit / modify and do things permissions

# pw groupmod wheel -M your_user_name

Then to make the wheel permissions work add to sudoers:

%wheel ALL=(ALL=ALL) ALL

5. FreeBSD modify personal information for account

# chpass your_user_name

To change your account and others to use bash instead of default freebsd csh

# csh -s /bin/bash your_user_name

7. Set a Static IP address for a FreeBSD server and configure DNS

Edit /etc/rc.local to look something like so

#ifconfig_em0="DHCP"
ifconfig_em0="inet 192.168.1.100 netmask 255.255.255.0"
# default gateway
defaultrouter="192.168.1.1"

/etc/rc.conf is also the file where you can easily enable / disable freebsd startup scripts

To restart network interafaces just like Debian Linux's /etc/init.d/networking restart type

# service netif restart
# service routing restart

To set Google DNS in FreeBSD just like in Linux add the IPs with nameserver prefix to /etc/resolv.conf

# echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
# echo 'nameserver 8.8.8.8' >> /etc/resolv.conf
# echo 'search your-domain-name' >> /etc/resolv.conf

– If you need to change the hostname of the FreeBSD server change in /etc/rc.conf

hostname="your-freebsdhostname"

– To add multiple IP addresses to a network interface on FBSD add line like below to /etc/rc.conf

ifconfig_em0_alias0="192.168.1.5 netmask 255.255.255.255"
ifconfig_em0_alias1="192.168.1.6 netmask 255.255.255.255"
…

To apply changes and bring up the newly set multiple IPs

# service netif restart

8. Setting up proper timezone

If for some reason the Time zone is improperly set during FreeBSD install, you can later set that with

# tzsetup

9. Set up ntp time server synchronization daemon

# vim /etc/rc.conf

ntpd_enable="YES"
ntpd_sync_on_start="YES"

First command will bring up NTP server at start up and second make it synchroniza with Internet NTP servers, to restart ntp so it set proper time
immediately

# service ntpd start

10. Add additional SWAP space to FreeBSD server after install

– First we need to create the swap file with command and then set up proper permissions for it

# truncate -S 3G /swapf
# chmod 0600 /swapf

– Then to make the swapf being used on boot we need to add it to /etc/fstab

# echo "md99 none swap sw,file=/swapf,late 0 0" >> /etc/fstab

To immediately apply the new added swap to be used by the system run:

# swapon -aqL

To check various things on how swap is configured use

# swapinfo -g

11. Configure Firewall in FreeBSD

# vim /etc/rc.conf

firewall_enable="YES"
firewall_script="/usr/local/etc/ipfw.rules"

A very basic firewall to add to ipfw.rules file would be something like so:

    $IPF 70 allow all from any to any out keep-state
    $IPF 80 allow icmp from any to any
    # open port ftp

    $IPF 110 allow tcp from any to any 21 in
    $IPF 120 allow tcp from any to any 21 out

    # 22 for ssh
    $IPF 130 allow tcp from any to any 22 in
    $IPF 140 allow tcp from any to any 22 out

    # mail port 25

    $IPF 150 allow tcp from any to any 25 in
    $IPF 160 allow tcp from any to any 25 out

    # dns (53) udp and tcp in
    $IPF 170 allow udp from any to any 53 in
    $IPF 175 allow tcp from any to any 53 in

    # dns (53) udp and tcp out
    $IPF 180 allow udp from any to any 53 out
    $IPF 185 allow tcp from any to any 53 out

    # http (80),
    $IPF 200 allow tcp from any to any 80 in
    $IPF 210 allow tcp from any to any 80 out
    # deny and log everything
    $IPF 500 deny log all from any to any

To launch the firewall

# service ipfw start

To list current FreeBSD Firewall rules use

# ipfw list

Finally if you need to check your connections to the server just like Linux's netstat you might consider using sockstat comand

# sockstat -4 -6
…

– 4 -6 will list you network connections for ipv4 and ipv6 both tcp and udp

Tags: chpass, freebsd, fresh install, howto, ifconfig, Networking, ntp, pkg, routing, server, sudo
Posted in Everyday Life, FreeBSD, System Administration, Various | No Comments »

Tip: Quick Note taking on GNU / Linux and FreeBSD from terminal or console

Tuesday, May 8th, 2012

I believe, the quickest way to take notes on Linux and BSD and later view the notes is to use the command line.
A very easy simple way to keep record of various short notes is just to use a simple text editor like (vim) and store each note in a separate file in lets say ~/notes/ directory.
Actually, I'm using this way to take notes and store sensitive info for various important information I need for further reference, since 5 years or so..
Opening a new text editor for each note and then doing cd ~/notes/; ls |grep -i 'string' is a bit time consuming.
Fortunately there is a quick two shell functions hack that shortens time for note taking. The following two bash functions has to be added in ~/.bashrc:

n() { vim ~/notes/"$*".txt } nls() { ls -c ~/notes/ | grep "$1" }

Copy / Paste this two functions in the beginning or the end of ~/.bashrc in order to use them.

Also if ~/notes directory is not existing, yet create it:

hipo@noah:~$ mkdir notes

To make the two new input functions active across opened bash shells on console or terminal either re-login or reread the .bashrc by "sourcing it", e.g.

hipo@noah:~$ source ~/.bashrc

Afterwards, note taking becomes a piece of cake to store a new note with login credentials (user/password) for a new registration to a random named website, type something like:

hipo@noah:~$ n my_website_name-user-pass

This will open for editting ~/.notes/my_website_name-user-pass.txt, type the new desired note content and do save and exit from vim (press esc and type :x!.

Then to get a quick list of all previously stored notes use:

hipo@noah:~$ nls website my_website_name-user-pass.txt

If you already have a directory containing subdirectories with various taken notes (like me), you will need to use an improved version nls written by Jason Ryan, the nls improved is like this:

nls () { tree -CR --noreport ~/notes | awk '{ if ((NR >) gsub(/.txt/,"")); if (NF==1) print $1; else if (NF==2) print $2; else if (NF==3) printf " %s\n", $3}'; }

This two functions, were not my creation but was suggested in Linux Magazine issue 135 article entitled Command-line task managers and note-taking tools written by Dmitri Popov.

Hope this two functions, will be helpful to console geeks out there.

Tags: Auto, BSD, cake, consuming, copy paste, cr, Draft, file, freebsd, gnu linux, hack, hipo, important information, info, information, input functions, jason ryan, Linux, login, login credentials, mkdir, need, nls, noah, opening, password, piece, piece of cake, sensitive info, Shell, shell functions, shells, something, store, subdirectories, terminal, text, time, time consuming, Tip Quick Note, txtIf, type, use, vim, websitemy
Posted in Curious Facts, Linux, System Administration, vim editor | 2 Comments »

TinyProxy Quick and Easy way to run a Proxy Caching server to protect and speed up web traffic on Linux / BSD and Mac

Tuesday, March 24th, 2015

tinyproxy-quick-and-easy-way-to-run-proxy-caching-server-on-linux-bsd-unix-and-mac
If you happen to have SSH account on a Dedicated server or a VPS that runs on some kind of UNIX like OS such as Linux / *BSD or just a friends Mac OS notebook and you don't want your HTTP traffic to be sniffed (spyed) by your local ISP, e.g. you want to get some kind of simple Web browsing anonimity on the Internet, easier alternative to using SSH Dynamic Tunnel to Proxify encrypted traffic is to just run a Proxy Cache server on remote *nix host to which you have access and configure your browser to use the host as proxy. Besides enhanced traffic privacy other advantage of running a Proxy server is of course the fact that using proxy server cache significantly improve page speed opening times, optimize web-sites content delivery saving you a lot of bandwidth and off-loads remote sites because already cached content at the proxy is served directly from the proxy server instead of each time requested from the server. Those admins who remember "the dawn of mass internet use" should remember that a lot of the small and middle sized internet providers were into the habit to use Squid transparent proxy with huge Disk Cache in order to speed-up their customers internet page opening times and thus offer a superior service and save money for themselves since the ISPs were also paying not for a bandwidth to end providers but for used overall Traffic.

Historically I've personally used TinyProxy a lot to "obfuscate" my traffic (hide my originating host IP) and to save-bandwidth cause in late 1990's I paid my internet bills based on used traffic and starting a TinyProxy saved me network traffic and hence cut my Internet bill but even today it is great to optimize web traffic.

Usually for a single or few persons proxy it is not worthy to use "Full Featured" Complex Caching servers such as Squid Cache because installing and configuring one has plenty of dependency packages and a lot of time to spend in configuring (dealing with squid's cryptic squid.conf) it is much better and easier to use a light-weight HTTP/HTTPS proxy service (daemon) such as TinyProxy if using Tor Project (Anonymity Online) Network to protect against network surveillance / traffic analysis Privoxy.

Below is TinyProxy package description from Debian

apt-cache show tinyproxy|grep -i desc -A 5
Description: A lightweight, non-caching, optionally anonymizing http proxy
An anonymizing http proxy which is very light on system resources,
ideal for smaller networks and similar situations where other proxies
(such as Squid) may be overkill and/or a security risk. Tinyproxy can
also be configured to anonymize http requests (allowing for exceptions
on a per-header basis).

To install TinyProxy on Debian Linux:

root@debian:~# apt-get update && apt-get install –yes tinyproxy

To TinyProxy on CentOS 6.5 / 7 Linux:

Install first EPEL (Packages for Enterprise Linux) RPM repository (included by default in CentOS 6 / 7) – also possible to install easily on RHELs (but on RHEL you need to add epel rpm package manually)

[root@centos ~]# yum install -y epel-release
[root@centos ~]# yum -y install tinyproxy

Configuring TinyProxy Linux:

On Debian Linux config is in:

vim /etc/tinyproxy.conf

On CentOS / Fedora / RHEL RPM based ones:

vim /etc/tinyproxy/tinyproxy.conf

You might want to change some of below default values:

# User and Group with which TinyProxy will be running
User nobody
Group nogroup
# Default proxy listen port
Port 8888
# Specifies IP (interface) to be used for outgoing proxy host connections
Bind 192.168.0.1
# To which IP address (interface) tinyproxy will listen for connections. If uncommented it will listen to all available network interfaces
Listen 192.168.0.1
# Seconds after which connection will be terminated
Timeout 600
# Where proxy queries will be logged (very useful to keep a history for yourself on pages you have visted), sometimes useful if you wipe out browser cache
Logfile "/var/log/tinyproxy/tinyproxy.log"
# How many clients (connections) can be made to tinyproxy for one client (personal use) 100 is a good value
MaxClients 100
# This two values are settings on how many (minumum and maximum) tinyproxy instances will listen for connection from remote hosts – this should be familiar to people who configured Apache webserver, note that tinyproxy uses process fork and not threads
MinSpareServers 5
MaxSpareServers 20
# This is how many sites connections the proxy will listen to
# if you open 20 sites in 20 tabs which will refresh make here 20
# you might need to raise this if you have 10 clients
StartServers 10
# hosts to allow connection to proxy server from (Be careful to allow only access from your network otherwise you might end up being an open proxy), allowing some hax0r to do something terrible proxying through you
Allow 127.0.0.1
#The Log Level – "Error" is generally Okay, who may like more information can take Notice – Connect and Info
LogLevel Error
# pidfile location
PidFile "/var/run/tinyproxy/tinyproxy.pid"
# The "Via" header is required by the HTTP RFC, but using the real host name
# is a security concern. If the following directive is enabled, the string
# supplied will be used as the host name in the Via header; otherwise, the
# server's host name will be used.
#
ViaProxyName "tinyproxy

To install TinyProxy on FreeBSD

freebsd# cd /usr/ports/www/tinyproxy
freebsd# make install distclean

If you need to change the default TinyProxy port from port 8888 to something else for security reasons edit:

vim /usr/local/etc/tinyproxy.conf

Find port and change is to lets say 7000 or whatever network port is good for you

To make TinyProxy auto start on BSD boot time:

freebsd# vim /etc/rc.conf
tinyproxy_enable="YES"

To start / stop tinyproxy any time use:

freebsd# /usr/local/etc/rc.d/tinyproxy start

For Firefox users I also recommend using TinyProxy is to install FoxyProxy FF extension

add-multiple-proxies-and-choose-between-them-on-firefox-foxyproxy-screenshot

Securing TinyProxy traffic with SSH Tunnel

If you're concerned about transferred data security between your client host (Desktop) machine and remote installed Proxy server that your ISP or some malicious guy could sniff your website login credentials using Man in the Middle attack, its also a good idea to use TinyProxy together with SSH Tunnel, that's pretty easy if you have an SSH client on your machine (if you're on a Mac OS X).

ssh User@server.remote-tinyproxy-server-host.com -L 1234:localhost:8888 -N

To make SSH Tunnel Windows users could use Plink or MobaXterm embedded Tunneling interface

Then setup your Firefox / Chrome / Opera browser to use as a Proxy localhost:1234

Tags: bandwidth, Below, data security, debian linux, Easy, easy proxy, freebsd, host name, hosts, internet providers, login credentials, lot, opening, page, ports, privoxy, Proxy Caching, proxy server, running, save bandwidth proxy, squid cache, ssh, tinyproxy, tunnel proxy traffic, use, vim, website login
Posted in Everyday Life, Firefox, Linux, Linux and FreeBSD Desktop, Networking, System Administration, Various | 3 Comments »

How to find and Delete Duplicate files in directory on Linux server with find and fdupes command

Monday, March 16th, 2015

Linux / UNIX find command is very helpful to do a lot of tasks to us admins such as Deleting empty directories to free up occupied inodes or finding and printing only empty files within a root file system within all sub-directories
There is too much of uses of find, however one that is probably rarely used known by sysadmins find command use is how to search for duplicate files on a Linux server:

find -not -empty -type f -printf “%s\n” | sort -rn | uniq -d | xargs -I{} -n1 find -type f -size {}c -print0 | xargs -0 md5sum | sort | uniq -w32 –all-repeated=separate

If you're curious how does duplicate files finding works, they are found by comparing file sizes and MD5 signatures, followed by a byte-by-byte comparison.

Most common application of below command is when you want to search and get rid of some old obsolete files which you forgot to delete such as old /etc/ configurations, old SQL backups and PHP / Java / Python programming code files etc.

If you have to do a regular duplicate file find on multiple servers Linux servers perhaps you should install and use fdupes command.
On Debian Linux to install it:

root@pcfreak:/# apt-cache show fdupes|grep -i descr -A 4
Description: identifies duplicate files within given directories
FDupes uses md5sums and then a byte by byte comparison to find
duplicate files within a set of directories. It has several useful
options including recursion.
Homepage: http://code.google.com/p/fdupes/

root@www.pc-freak.net:/# apt-get install –yes fdupes

To search for duplicate files with fdupes in lets /etc/ just run fdupes without arguments:

root@pcfreak:/# fdupes /etc/
/etc/magic
/etc/magic.mime

/etc/odbc.ini
/etc/.pwd.lock
/etc/environment
/etc/odbcinst.ini

/etc/shadow-
/etc/shadow

If you want to look up for all duplicate files within root directory:

root@pcfreak:/# fdupes -r /etc/
Building file list /
…

You can also find duplicate files for multiple directories by just passing all directories as arguments to fdupes

root@pcfreak:/# fdupes -r /etc/ /usr/ /root /disk /nfs_mount /nas
…

The -r argument (makes a recursive subdirectory search for duplicates), if you want to also see what is the size of duplicate files found add -S option

fdupes -r -S /etc/ /usr/ /root /disk /nfs_mount /nas

If you want to delete all duplicate files within lets say /etc/

root@pcfreak:/# fdupes -d /etc/
…

fdupes is also available and installable also on RPM based Linux distros Fedora / RHEL / CentOS etc., install on CentOS with:

[root@centos~ ]# yum -y install fdupes

There is also a port available for those who want to run it on FreeBSD on BSD install it from ports:

freebsd# cd /usr/ports/sysutils/fdupes
freebsd# make install clean

If you have a GUI environment installed on the server and you don't want to bother with command line to search for all duplicate files under main filesystem and other lint (junk) files take a look at FSlint

If you're looking for a GUI cross platform duplicate file finder tool that runs on all major used Operating Systems Mac OS X / Windows / Linux take a look at dupeGuru

Tags: command, Delete Duplicate, directory, filesystem, freebsd, How to, ini, Linux, look, multiple, obsolete files, pcfreak, root, use, usr
Posted in Curious Facts, Linux, Monitoring, System Administration, Various | 1 Comment »

Fix “Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable.” in FreeBSD

Monday, May 21st, 2012

I'm running FreeBSD with Apache and PHP on it and I got in dmesg (kernel log), following error:

freebsd# dmesg|grep -i vm.pmap.shpgperproc Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable. Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable. Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable. Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable. Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable.

The exact FreeBSD, Apache and php versions I have installed are:

freebsd# uname -a ; httpd -V ; php –version
FreeBSD pcfreak 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #0: Fri Oct 2 12:21:39 UTC 2009 root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
Server version: Apache/2.0.64
Server built: Mar 13 2011 23:36:25Server's Module Magic Number: 20050127:14
Server loaded: APR 0.9.19, APR-UTIL 0.9.19
Compiled using: APR 0.9.19, APR-UTIL 0.9.19
Architecture: 32-bit
Server compiled with….
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_FLOCK_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D HTTPD_ROOT="/usr/local"
-D SUEXEC_BIN="/usr/local/bin/suexec"
-D DEFAULT_PIDLOG="/var/run/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="etc/apache2/mime.types"
-D SERVER_CONFIG_FILE="etc/apache2/httpd.conf"
PHP 5.3.5 with Suhosin-Patch (cli) (built: Mar 14 2011 00:29:17)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with eAccelerator v0.9.6.1, Copyright (c) 2004-2010 eAccelerator, by eAccelerator

After a bunch of research a FreeBSD forums thread , I've found the fix suggested by a guy.

The solution suggested in the forum is to raise up vm.pmap.pv_entry_ma to vm.pmap.pv_entry_max=1743504, however I've noticed this value is read only and cannot be changed on the BSD running kernel;

freebsd# sysctl vm.pmap.pv_entry_max=1743504 sysctl: oid 'vm.pmap.pv_entry_max' is read only

Instead to solve the;

Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable.
, I had to add in /boot/loader.conf

vm.pmap.pde.mappings=68 vm.pmap.shpgperproc=500 vm.pmap.pv_entry_max=1743504

Adding this values through /boot/loader.conf set them on kernel boot time. I've seen also in the threads the consider increasing either the vm.pmap.shpgperproc is also encountered on FreeBSD hosts running Squid, Dansguardion and other web proxy softwares on busy hosts.

This problems are not likely to happen for people who are running latest FreeBSD releases (>8.3, 9.x), I've read in same above post in newer BSD kernels the vm.pmap is no longer existing in newer kernels.

Tags: apache 2, apache2, architecture, Auto, boot time, BSD, dmesg, Draft, eeBSDI, errorlog, Fix Approaching, flock, freebsd, freebsd apache, Fri, GENERIC, grep, httpd, kernel, limit, loader, logs apache, magic number, Mar, mime types, mmap, Module, mpm, net usr, number, Oct, patc, pcfreak, php version, php versions, PV, RELEASE-p, root, scoreboard, sendfile, serialize, server, server config, server version, shpgperproc, suexec, threads, uname, UTC, vm, Zend
Posted in FreeBSD, System Administration | No Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Posts Tagged ‘freebsd’

How to make for loop (cycles) in KSH useful for FreeBSD / UNIX system administrators

FreeBSD post install configuration steps to make on fresh FreeBSD install to make ready for server and Desktop use

Fix “Approaching the limit on PV entries, consider increasing either the vm.pmap.shpgperproc or the vm.pmap.pv_entry_max tunable.” in FreeBSD

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites