Sometime you will be logged out from your jailshell ssh without displaying any errors on your Putty.
This may be due to lfd is killing your jailshell process.
lfd[623238]: *User Processing* PID:622892 Kill:1 User:ajeesh Time:92 EXE:/home/virtfs/ajeesh/bin/bash CMD:-jailshell
We can fix this issue using the following steps:
1. Login to your whm > Plugins > ConfigServer Security&Firewall
2. csf.pignore, process tracking
edit and needs to update these rules.
exe:/home/virtfs/ajeesh/bin/bash
user:ajeesh
cmd:jailshell
Sunday, February 12, 2012
Saturday, February 11, 2012
Apache tweaking
Apache tweaking
1. Compilation
* Apache is modular based software, we can compile module into apache either statistically or dynamically(DSO)load only required modules
* In DSO we can compile when the server built time or latter by using "apxs"
* Statically compiling Apache will increase memory performance.
2. use good MPM
*MPM can be loaded into the server at any time. MPM is responsible for binding the netwok ports, accepting request, send chindren to handle the request.
* two types of MPM we have in apache 1. Worker 2. prefork
* Worker :- This is **multi-thread**,fast,less memory consumer. Which makes multiple thread in a single child process
dis: faulty threas can affect all the thread in that child process.
* prefork :- This is **muti-child** process, each child handle one connection at a time, this MPM is good for single and double processor server.
dis: memory utilization is high, high chance to crshing children
3. DNS Lookup
*using for hostname logging instead of IP address, enabling this reduce the speed of the apache ,If you want to resolve IP address use "Logresolve"
*By default " HostnameLookups Off " in apache
* use IP address in "Allow from " and "Deny from" if you use hostname there will be a double dns check
4. AllowOverride
*not set " AllowOverride None " , because this will check all .htaccess file . So this is good to enable for the required directory alone.
4. SymLinksIfOwnerMatch
* need to avoid this, otherwise apache needs to make another system call to verify the owner
But for securing it is good to enable symlink protection at kernel level. In cpanel once we enable SymLinksIfOwnerMatch does not come in affect and hackers easily hack the accounts and use symlink to root directory.
5. MaxClient
* Maximum simultanious request can handle by the web-server. If we put this to a low value will cause more unused resources on your server and if we increase this to a high value which will eat your resources and increase the response time for the requests made into the web-server.
equation for the best MaxClient=RAM dedicated to your web-server/Maxchild process , child process sizecan be find out using " ps -ylC httpd --sort:rss "
6. MaxSpareServers , MinSpareServers , StartServers -> prfork : MinSpareThreads , MaxSpareThreads -> worker
*Max and Min means number of child processes keep alive while waiting for a request
* Apache can spawn 32 child process per second.
* startserver means the number of child process can create at the start up, If there are lots of request and apache is restarting frequently then set a high value for this
7. MaxRequestsPerChild
*Means the number of request that to a individual child server process handle.(maximum number of requests a server process serves)
*MaxRequestsPerChild set to some thousand , by defauld this is set as "0" so the child process never expire.
8. KeepAlive and KeepAliveTimeout
* Means multiple request send to the same tcp connection, if we set this to "Off" separate tcp connection is needed.
*KeepAliveTimeout means wait time for the next request.Good to set value between 4-7 second.
9. Compression
* We can enable compression using mod_deflate module or gzip. There is no other software required for the client side.
ServerLimit = MaxClients / ThreadsPerChild
MaxClients = ServerLimit x ThreadsPerChild
16G-32G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5
StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 450
MaxClients 450
MaxRequestsPerChild 1000
ifmodule worker.c
ServerLimit 18
StartServers 8
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 450
MaxRequestsPerChild 1000
ifmodule
Timeout 30
2G-8G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5
ifmodule prefork.c
StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 350
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
ifmodule worker.c
ServerLimit 14
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
Timeout 30
VPS (Xen/OpenVZ) less than 1G RAM
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 1
ifmodule prefork.c
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 300
ifmodule
ifmodule worker.c
ServerLimit 16
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 500
1. Compilation
* Apache is modular based software, we can compile module into apache either statistically or dynamically(DSO)load only required modules
* In DSO we can compile when the server built time or latter by using "apxs"
* Statically compiling Apache will increase memory performance.
2. use good MPM
*MPM can be loaded into the server at any time. MPM is responsible for binding the netwok ports, accepting request, send chindren to handle the request.
* two types of MPM we have in apache 1. Worker 2. prefork
* Worker :- This is **multi-thread**,fast,less memory consumer. Which makes multiple thread in a single child process
dis: faulty threas can affect all the thread in that child process.
* prefork :- This is **muti-child** process, each child handle one connection at a time, this MPM is good for single and double processor server.
dis: memory utilization is high, high chance to crshing children
3. DNS Lookup
*using for hostname logging instead of IP address, enabling this reduce the speed of the apache ,If you want to resolve IP address use "Logresolve"
*By default " HostnameLookups Off " in apache
* use IP address in "Allow from " and "Deny from" if you use hostname there will be a double dns check
4. AllowOverride
*not set " AllowOverride None " , because this will check all .htaccess file . So this is good to enable for the required directory alone.
4. SymLinksIfOwnerMatch
* need to avoid this, otherwise apache needs to make another system call to verify the owner
But for securing it is good to enable symlink protection at kernel level. In cpanel once we enable SymLinksIfOwnerMatch does not come in affect and hackers easily hack the accounts and use symlink to root directory.
5. MaxClient
* Maximum simultanious request can handle by the web-server. If we put this to a low value will cause more unused resources on your server and if we increase this to a high value which will eat your resources and increase the response time for the requests made into the web-server.
equation for the best MaxClient=RAM dedicated to your web-server/Maxchild process , child process sizecan be find out using " ps -ylC httpd --sort:rss "
6. MaxSpareServers , MinSpareServers , StartServers -> prfork : MinSpareThreads , MaxSpareThreads -> worker
*Max and Min means number of child processes keep alive while waiting for a request
* Apache can spawn 32 child process per second.
* startserver means the number of child process can create at the start up, If there are lots of request and apache is restarting frequently then set a high value for this
7. MaxRequestsPerChild
*Means the number of request that to a individual child server process handle.(maximum number of requests a server process serves)
*MaxRequestsPerChild set to some thousand , by defauld this is set as "0" so the child process never expire.
8. KeepAlive and KeepAliveTimeout
* Means multiple request send to the same tcp connection, if we set this to "Off" separate tcp connection is needed.
*KeepAliveTimeout means wait time for the next request.Good to set value between 4-7 second.
9. Compression
* We can enable compression using mod_deflate module or gzip. There is no other software required for the client side.
ServerLimit = MaxClients / ThreadsPerChild
MaxClients = ServerLimit x ThreadsPerChild
16G-32G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5
StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 450
MaxClients 450
MaxRequestsPerChild 1000
ifmodule worker.c
ServerLimit 18
StartServers 8
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 450
MaxRequestsPerChild 1000
ifmodule
Timeout 30
2G-8G of RAM
MaxKeepAliveRequests 150
KeepAliveTimeout 5
ifmodule prefork.c
StartServers 20
MinSpareServers 20
MaxSpareServers 40
ServerLimit 350
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
ifmodule worker.c
ServerLimit 14
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 350
MaxRequestsPerChild 1000
ifmodule
Timeout 30
VPS (Xen/OpenVZ) less than 1G RAM
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 1
ifmodule prefork.c
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 300
ifmodule
ifmodule worker.c
ServerLimit 16
StartServers 2
MinSpareThreads 25
MaxSpareThreads 75
ThreadsPerChild 25
MaxClients 150
MaxRequestsPerChild 500
Subscribe to:
Posts (Atom)