Tuesday, December 17, 2013

block a particular domain exim block Ratelimit

 Warning: "Increment slow_fail_block Ratelimit because of all messages failed"

F= rejected RCPT

Home »Service Configuration »Exim Configuration Manager
Advance Editor > Add additional configuration setting

domainlist exim_blacklist = lsearch;/etc/eximblacklist

Under ROUTERS CONFIGURATION  

reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +exim_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

#cat /etc/eximblacklist
alerts.hmrc.gov.uk
hmrc.gov.uk

Pidgin error : No authentication method

When I am try to connect my Pidgin, I got the following error message.

 Server does not use any supported authentication method

When I look into hosts file, it was:
 ajeesh@tech12:~$ cat /etc/hosts
127.0.0.1       localhost
127.0.0.1       tech12.ajeesh.net

hostname,  file it was
ajeesh@tech12:~$ hostname
tech12
So I have changed the host file as follows and this fixed my Issue.
root@tech12:# cat /etc/hostname
tech12.ajeesh.net

Friday, November 22, 2013

OpenVZ log

You can check the log file location in /etc/vz/vz.conf

# Logging parameters
LOGGING=yes
LOGFILE=/var/log/vzctl.log ---> this is the location

tail -f /var/log/vzctl.log

vzctl : CT 432 : Creating container private area (centos-6.4-x86_64)
vzctl : CT 432 : Performing postcreate actions
vzctl : CT 432 : CT configuration saved to /etc/vz/conf/432.conf
vzctl : CT 432 : Container private area was created

vzctl : CT 432 : CT configuration saved to /etc/vz/conf/432.conf

Tuesday, October 8, 2013

cpanel 500 ISE "Premature end of script headers".


A new cpanel/cloudLinux bug has been reported.

500 ISE "Premature end of script headers". while accessing domain.com/cpanel or domain.com/webmail


 But we can access cPanel using cpanel.domain.com and webmail as webmail.domain.com


I have tried cagefsctl --force-update /scripts/fixeverything.. but didn't fix the issue. The following commands fixed my cpanel redirection issue.


#cagefsctl --remount-all =>restart cagefs-fuse service, remount CageFS skeleton directory and all users


#service proxyexecd restart


Monday, October 7, 2013

Creating jailed user


Suppose /home/close/ is having some script/software located folder and you may need to give access to some users with restricted commands. So he cannot see other files and folders on the server


So here /home/close is our chroot directory.

Here I would like to provide “ls” and “echo” commands only for the user. So I need to copy these command's binary as well as libraries to this folder.

My computer is 32 bit based. So I will use lib , for 64 bit computers you need to use lib64.
That is , /lib/ld-linux.so.2 means your machine is 32 bit

How to check your cpu and OS is 32bit or 64bit: 
1. [root@localhost ajeesh]# getconf LONG_BIT
32
2. [root@localhost ajeesh]# uname -m
i686
3. [root@localhost ajeesh]# grep flags /proc/cpuinfo
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm xsave lahf_lm dtherm
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm constant_tsc arch_perfmon pebs bts aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm xsave lahf_lm dtherm

rm ==> 16-bit processor
tm ==> 32-bit processor
lm ==> 64-bit processor


4. [root@localhost ajeesh]# ldd /bin/echo
        linux-gate.so.1 =>  (0xb77e9000)
        libc.so.6 => /lib/libc.so.6 (0x41d4e000)
        /lib/ld-linux.so.2 (0x41d29000) =======> for 32 bit
===
For echo.
Binary
[root@localhost ~]# which echo
/bin/echo
Libraries :
[root@localhost ~]# ldd /bin/echo
linux-gate.so.1 => (0xb773d000)
libc.so.6 => /lib/libc.so.6 (0x41d4e000)
/lib/ld-linux.so.2 (0x41d29000)

[root@localhost ~]# cp /bin/echo /home/close/bin/
now copying libraries
[root@localhost ~]# cp /lib/libc.so.6 /home/close/lib/
cp /lib/ld-linux.so.2 /home/close/lib/

For ls
[root@localhost ~]# /bin/ls /home/close/bin/
library
cp /lib/libselinux.so.1 /home/close/lib/
cp /lib/librt.so.1 /home/close/lib/
cp /lib/libcap.so.2 /home/close/lib/
cp /lib/libacl.so.1 /home/close/lib/
cp /lib/libc.so.6 /home/close/lib/
cp /lib/libdl.so.2 /home/close/lib/
cp /lib/libpthread.so.0 /home/close/lib/
cp /lib/libattr.so.1 /home/close/lib/

/bin/bash : otherwise users can not login to to this directory.
cp /bin/bash /home/close/bin/
cp /lib/libtinfo.so.5 /home/close/lib/
cp /lib/libdl.so.2 /home/close/lib/
cp /lib/libgcc_s.so.1 /home/close/lib/
cp /lib/libc.so.6 /home/close/lib/


Now we can test and confirm by using the following steps:
[root@localhost ~]# chroot /home/close/
bash-4.2# passwd
bash: passwd: command not found
bash-4.2# ls
bin lib
bash-4.2# pwd
/ ====> user will think that he is in the root directory.
bash-4.2#

Now adding an user with as jailed permission
[root@localhost ~]# groupadd jail
[root@localhost ~]# useradd -G jail fahad
[root@localhost ~]# passwd fahad

[root@localhost ~]# su - fahad
[fahad@localhost ~]$ ls
[fahad@localhost ~]$ pwd
/home/fahad

Now I need to add the following lines in /etc/ssh/sshd_config

Match Group jail
ChrootDirectory /home/close

#service sshd restart


Now we can test and confirm:

[root@localhost ~]# ssh fahad@localhost
fahad@localhost's password:
Last login: Wed Aug 14 22:01:08 2013 from localhost

-bash-4.2$ ls
bin lib

-bash-4.2$ cd /home/
-bash: cd: /home/: No such file or directory

-bash-4.2$ rm -rf *
-bash: rm: command not found












Saturday, September 21, 2013

php: undefined symbol: client_errors

 [~]# php -v
php: symbol lookup error: php: undefined symbol: client_errors

500 error for all the domains on your cPanel Clould Linux server.

Latest  MySQL governor version will break mysqli if your server is running CloudLinux witn mysql 5.5 version

I have fixed this issue my recompiling the apache by disabling Mysqli php extension.

If your domains are using Mysqli then remove  MySQL governor and recompile the apache again with the default settings.

# /usr/share/lve/dbgovernor/mysqlgovernor.py --delete
# /scripts/easyapache

moving one vm from one disk to another disk

Moving your openVZ container from one disk to another disk in the same server.

That is moving vm locally on the server. Normally we are doing this when your current Hard disk space is over.

Let say the new disk is mounted on your server as disk2

We are trying to migrate a vm (2013 CTID) to disk 2

1. cd /disk2/
mkdir private
mkdir 2002
2. cp -a /var/lib/vz/private/2013/* /disk2/private/2013/

3. vzctl stop 2013   => stop the vm

4. vzquota drop 2013  => drop the quota , otherwise you will find some quota related issues.


Then edit the config file and enter the new VE_PRIVATE value,

5. vi /etc/vz/conf/2013.conf

VE_PRIVATE="/disk2/private/2013"  

6. mv /var/lib/vz/private/2013  /var/lib/vz/private/2013.bak  //taking backup to restore if needed, once successfully you can remove this file

*Start the vps

7. vzctl start 2013

Sunday, August 4, 2013

Installing iftop

Using the iftop we can monitor the server network traffic and find out which is slowing down your server.

1. cd /usr/local/src/
2. wget http://www.ex-parrot.com/~pdw/iftop/download/iftop-0.17.tar.gz
3. tar zxf  iftop-0.17.tar.gz
4.  cd iftop-0.17
5. ./configure
6. make
7. make install

Commands:

iftop -i etho
iftop -i eth0:cp2
S -> display source port
D -> display destination port

Error while installing iftop.

ISSUE :1.
./configure
checking for library containing gethostbyaddr_r... none required
checking how to call gethostbyaddr_r... 8 args, int return
checking gethostbyaddr_r usability... yes
checking where to find pcap.h... no idea
configure: error: can't find pcap.h
You're not going to get very far without libpcap.

Fix :
yum install libpcap-devel



Saturday, July 13, 2013

Installing Java for development

For your java development you may need to install JDK package for your system instead of installing jre. Once you install JDK package jre will automatically installed.

Please note down the steps for implementing java environment on your computer.

First you should download the java package from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html

 * Click on "Java" 
* Then you need to click "Accept License Agreement"
* Download the 64bit Package 
(For windows 7) => jdk-7u25-windows-x64.exe 
(for Xp ) => jdk-7u25-windows-i586.exe

Double click on jdk-7u25-windows-x64.exe package and follow the installation instructions (clieck next ..next )

Finally you will receive the following out put.
Successfully installed Java SE Development Kit 7 Update 25(64-bit) : This will create "jdk as well as "jre" on your installation.
Click "Close" in the installation window. Thats it you have installed your java software on your machine.

Setting Environment path in windows 7:
Sometimes you will encountered the following error while running java on you your machine.

'javac' is not recognized as an internal or external command, operable program or batch file,

For correcting this error please do the following steps: 
Control Panel > System
Or
Right click on your MyComputer > Properties > Advanced System Settings >  Advanced > Environment Variables
Click "New" Set Variable name as " java" and Variable value as "C:\Program Files\Java\jdk1.7.0_25\bin" without any quotes click ok and now you can execute your command anywhere on your command prompt.

If you don't want to set an environment path you can change the installed "bin" directory on your command prompt and execute the java command.

That is cd command ,
For example : > cd C:\Program Files\java\
C:\Program Files\Java>cd jdk1.7.0_25
cd bin



Friday, July 5, 2013

Root Login Email alert

cPanel / WHM / Centos server root login alert to your email address:
open bashrc file and and the following line at the end of the file

 vi /root/.bashrc


echo 'ALERT - Root Shell Access ( server.ajeesh.com )on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`"   ajeesh@xxxx.com

Sunday, June 30, 2013

Grub2 recovery

centos / cPanel server grub2 recovery steps : 
1. Boot your server from a live CD 
2. type fdisk -l command to find out your primary disk partition where you want to recover your grub. 

3. mkdir /media/sda1
4.  mount /dev/sda1 /media/sda1 
5.  mount --bind /dev /media/sda1/dev
6.  mount --bind /proc /media/sda1/proc 
7.  chroot /media/sda1
8.  grub-install /dev/sda
9.  If you get an error, then we need to execute this command -> grub-install --recheck /dev/sda 

10 After the grub installation we will exist from chroot => exit

11 umount /media/sda1/proc
12 umount /media/sda1/dev
13 umount /media/sda1 
14 reboot the server

Friday, June 28, 2013

CSF WHM Internal Server Error

When trying to access CSF via WHM it's coming back with:

Internal Server Error

500
No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi): subprocess exited with status 2

=================
We can check the error log here tail -f /usr/local/cpanel/logs/error_log while accessing csf through your WHM.

From the error log we can see which perl module is missing for csf. We can install the missing perl module using the follows command.

/usr/sbin/csf -x
/scripts/perlinstaller --force Net::LibIDN
/usr/sbin/csf -e
/usr/sbin/csf -u

But this is not fixed my 500 internal server error. I have fixed this issue by executing the following command.

curl -s configserver.com/free/csupdate | perl

Saturday, June 15, 2013

Upgrade Firefox version to 21

I have upgraded my Fedora 16 firefox to the latest version 21. Please check my upgrade steps for this process.

[root@localhost ajeesh]# cd /usr/local/src/
[root@localhost src]# wget http://rpms.famillecollet.com/remi-release-16.rpm

[root@localhost src]# rpm -Uvh remi-release-16.rpm
warning: remi-release-16.rpm: Header V3 DSA/SHA1 Signature, key ID 00f97f56: NOKEY
Preparing...                ########################################### [100%]
   1:remi-release           ########################################### [100%]

[root@localhost src]# yum --enablerepo=remi list firefox
Installed Packages

firefox.i686                                                                  18.0-1.fc16                                                                       @updates

Available Packages                                                                                                                                                       
firefox.i686                                                                  21.0-4.fc16.remi                                                                  remi 

[root@localhost src]# yum --enablerepo=remi update firefox

Dependencies Resolved

========================================================================================================================================================================
 Package                                     Arch                              Version                                          Repository                         Size
========================================================================================================================================================================
Updating:
 firefox                                     i686                              21.0-4.fc16.remi                                 remi                               26 M
Installing for dependencies:
 xulrunner-last                              i686                              21.0-2.fc16.remi                                 remi                               19 M

Transaction Summary
========================================================================================================================================================================
Install       1 Package
Upgrade       1 Package

Total download size: 45 M
Is this ok [y/N]: y

Thursday, June 13, 2013

Centos 6 32bit PAE kernel

There is no centos 6 32 bit PAE kernel. So you should be very careful while selecting a 32 centos6 OS on your server. Latter you can not upgrade more than 4GB RAM on your server. In the case of RAM upgrade you need a server migration from 32 bit CentOS 6 to 64 bit CentOS 6

Thursday, May 23, 2013

Integrating Varnish cache with Apache


Installing Varnish cache in cPanel server+Centos5.8

Varnish cache can be configure as a reverse apache proxy for accelarate web site access. Varnish cache stores the web pages in server's virtual memory.
Each users connection will be handled by each worker thread. I have tested this in my testing server. Here we are listrning port 80 to Varnish process and web server will handles the request in port 8080.


 # wget http://repo.varnish-cache.org/redhat/varnish-3.0/el5/noarch/varnish-release-3.0-1.noarch.rpm
 # rpm --nosignature -i varnish-release-3.0-1.noarch.rpm
 # yum install varnish

Open /etc/sysconfig/varnish and make the changes as follows:
NFILES=131072
MEMLOCK=82000
RELOAD_VCL=1
VARNISH_VCL_CONF=/etc/varnish/default.vcl
VARNISH_LISTEN_PORT=80
VARNISH_SECRET_FILE=/etc/varnish/secret
VARNISH_MIN_THREADS=2
VARNISH_MAX_THREADS=1000
VARNISH_THREAD_TIMEOUT=120
VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin
VARNISH_STORAGE_SIZE=1G

We need to make sure the following options are updated in this configuration file:
VARNISH_LISTEN_ADDRESS , VARNISH_LISTEN_PORT, VARNISH_VCL_CONF
VARNISH_ADMIN_LISTEN_ADDRESS,VARNISH_ADMIN_LISTEN_PORT
VARNISH_TTL,VARNISH_MIN_THREADS,VARNISH_MAX_THREADS,VARNISH_THREAD_TIMEOUT
VARNISH_SECRET_FILE,VARNISH_STORAGE

Next configuration is at /etc/varnish/default.vcl

backend b1 {
.host = "IP_Address of your server";
.port = "8080";
}

acl a1 {
"IP_Address";
}

sub vcl_recv {
if (server.ip ~ a1) {
set req.backend = b1;
}
}

Next we need to change Apache's port from 80 to 8080

]# /etc/init.d/varnish restart
Stopping Varnish Cache:                                    [  OK  ]
Starting Varnish Cache:                                    [  OK  ]

]# /etc/init.d/httpd restart

]# netstat -lpn | grep varnish
tcp        0      0 127.0.0.1:6082              0.0.0.0:*                   LISTEN      18276/varnishd    
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      18278/varnishd    
tcp        0      0 :::80                       :::*                        LISTEN      18278/varnishd



Thursday, May 2, 2013

remove IP block

If your cPanel server csf will not remove temporary / permanent block while using

csf -tr and csf -dr commands. In this situation we can remove the block using following method.

[~]# csf -g IP_ADDRESS

Chain            num   pkts bytes target     prot opt in     out     source               destination        

DENYIN           3     1178 72006 DROP       all  --  !lo    *       ip         0.0.0.0/0



Solution
 [~]#  iptables -D DENYIN 3


root@ajeesh [~]# csf -g 174.129.254.101
Chain num pkts bytes target prot opt in out source destination

LOCALOUTPUT 9 183 11076 DROP all -- * !lo 0.0.0.0/0 IP/16 Solution
root@ajeesh [~]# iptables -D LOCALOUTPUT 9

Saturday, April 13, 2013

Formating and mouting a disk

Formating and mouting a new disk in Linux system.

In cPanel server we can take backups in /backup folder. For this we can purchase a new disk and formate and mount to your existing system. So the backup space will be added in the new disk.


Step 1: We need to find out the new disk attached to our system.

# fdisk -l

Disk /dev/sda: 1999.9 GB, 1999978364928 bytes
255 heads, 63 sectors/track, 243150 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14        6387    51199155   83  Linux
/dev/sda3            6388        6897     4096575   83  Linux
/dev/sda4            6898      243150  1897702222+   5  Extended
/dev/sda5            6898       10084    25599546   83  Linux
/dev/sda6           10085       10594     4096543+  82  Linux swap / Solaris
/dev/sda7           10595       10849     2048256   83  Linux
/dev/sda8           10850      243150  1865957751   83  Linux

 Disk /dev/sdb: 500 GB, 16139354112 bytes

/dev/sdb new partition will not have a partition. 

Step 2:

Check new disk is already mounted

# df

If the new device is mounted you can unmounted this
# umount /dev/sdb

Step 3:

Create a new partition in" /dev/sdb"

A) # fdisk /dev/sdb

A console will be prompted and

Press "n"  make new partition
Press Enter Button
Preess P button to create a new partition(primary)
Press 1
Press Enter Button
Press Enter Button for First and last cylinder. This will make the entire disk as a single partition.
Press t button   To change the file system typr
Press  Enter Button
Press L  button to see all list
type 83 for Linux
Press Enter Button
press w  Button
Press  Enter Button

This will create a new partition on your /dev/sdb disk.

Step 4:
Formate the new partition
# mkfs.ext4 /dev/sdb1

Step 5:
Mount the partition.

# mkdir /backup
# mount /dev/sdb1 /backup

# vi /etc/fstab

/dev/sdb1 /backup ext4 defaults 1 2

Another Issue.
My test server which is created in VMWare EXSI server. After upgrading the disk space we need to mount the extra hard disk space on it.


root@puppetmaster:/# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       6.8G  6.0G  501M  93% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            1.1G  4.0K  1.1G   1% /dev
tmpfs           208M  512K  207M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            1.1G  208K  1.1G   1% /run/shm
none            100M     0  100M   0% /run/user
overflow        100M     0  100M   0% /tmp
overflow        100M     0  100M   0% /tmp
root@puppetmaster:/# mkfs.ext3 /dev/sda2



root@puppetmaster:/# fdisk -l

Disk /dev/sda: 19.3 GB, 19327352832 bytes
255 heads, 63 sectors/track, 2349 cylinders, total 37748736 sectors

So I have created a new partition /dev/sda2
root@puppetmaster:/# fdisk /dev/sda

Command (m for help): n
Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p):
Using default response p
Partition number (1-4, default 2):
Using default value 2
First sector (14680064-37748735, default 14680064):
Using default value 14680064
Last sector, +sectors or +size{K,M,G} (14680064-37748735, default 37748735):
Using default value 37748735

Command (m for help): p

I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00047f2a

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048    14680063     7339008   83  Linux
/dev/sda2        14680064    37748735    11534336   83  Linux


Command (m for help): t
Partition number (1-4): 2
Hex code (type L to list codes): 83

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.
root@puppetmaster:/#

while formating the new partition,

root@puppetmaster:/# mkfs.ext3 /dev/sda2
mke2fs 1.42.9 (4-Feb-2014)
mkfs.ext3: inode_size (128) * inodes_count (0) too big for a
    filesystem with 0 blocks, specify higher inode_ratio (-i)
    or lower inode count (-N).
So I have rebooted the server and executed the command.

The system is going down for reboot NOW!
root@puppetmaster:/#

ubuntu@puppetmaster:~$ sudo mkfs.ext3 /dev/sda2
mke2fs 1.42.9 (4-Feb-2014)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
655360 inodes, 2621440 blocks
131072 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2684354560
80 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
    32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                           
Writing inode tables: done                           
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

ubuntu@puppetmaster:~$
ubuntu@puppetmaster:~$ sudo mount /dev/sda2 /backup
ubuntu@puppetmaster:~$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda1       6.8G  6.0G  506M  93% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
udev            1.1G   12K  1.1G   1% /dev
tmpfs           208M  500K  207M   1% /run
none            5.0M     0  5.0M   0% /run/lock
none            1.1G  208K  1.1G   1% /run/shm
none            100M     0  100M   0% /run/user
/dev/sda2       9.8G   23M  9.2G   1% /backup

Wednesday, April 3, 2013

Make atractive color for your Linux shell prompt.

You can make actractive colors for your linux servers shell prompt.

Add the following lines to your home directories .bashrc file.

export PS1='\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'

Here you can see  color codes used for user , @, hostname , w, etc in the above scripts. By changing the values you can use your own colors.

 ajeesh@tech3:~$ export PS1='\[\033[01;31m\]\u\[\033[01;33m\]@\[\033[01;36m\]\h \[\033[01;33m\]\w \[\033[01;35m\]\$ \[\033[00m\]'

ajeesh@tech3 ~ $


Monday, April 1, 2013

Monitoring Mysql in cPanel server.

You can easily monitor mysql process on your cPanel servers.

Steps:
1. cd /home
2. remove file named latest-watchmysql , if any
3. wget http://www.ndchost.com/cpanel-whm/plugins/watchmysql/download.php
4. sh latest-watchmysql

Login to WHM > Plugins > Watch MySQL

After enabling the watchmysql daemon you can monitor your mysql process on your server.

Thursday, March 7, 2013

hot link protection

We can enable hot link protection using out .htaccess.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg|jpeg|bmp|zip|rar|mp3|flv|swf|xml|php|png|css|pdf|html)$ - [F]

Friday, March 1, 2013

view external: query (cache) message for non existing domains

Mar  1 02:13:48 server named[51666]: client IP_address#4938: view external: query (cache) 'domain.com/A/IN' denied


This is seems to be a dns attack in your server and lots of messages are getting in /var/log/messages.

I have fixed this issue by adding ,
additional-from-cache no;

+++++++++++++++++
recursion no;
additional-from-cache no;
minimal-responses yes;
};
+++++++++++++++++

Here BIND server consider it as " additional-from-auth yes " and Cache disabled. BIND will follow out-of-zone records but since this requires the cache.BIND will return REFUSED for the out-of-zone record. In the case you have to set recursion no

Installing Nagios and monitoring remote machines:

Installing Repo:

[root@server /]# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
--2013-02-21 10:24:21-- http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt

2013-02-21 10:24:25 (78.8 KB/s) - `RPM-GPG-KEY.dag.txt' saved [1672/1672]

[root@server /]# rpm --import RPM-GPG-KEY.dag.txt
[root@server /]# rm -f RPM-GPG-KEY.dag.txt
[root@server /]# vi /etc/yum.repos.d/dag.repo

The contents should be :
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el5/en/$basearch/dag/
gpgcheck=1
enabled=0



[root@server /]# yum --enablerepo=dag -y install nagios nagios-plugins


Dependency Installed:
fontconfig.x86_64 0:2.4.1-7.el5 fping.x86_64 0:3.4-1.el5.rf gd.x86_64 0:2.0.33-9.4.el5_4.2 libtool-ltdl.x86_64 0:1.5.22-7.el5_4 perl-Crypt-DES.x86_64 0:2.05-3.2.el5.rf
perl-Digest-HMAC.noarch 0:1.01-15 perl-Digest-SHA1.x86_64 0:2.11-1.2.1 perl-Net-SNMP.noarch 0:5.2.0-1.2.el5.rf perl-Socket6.x86_64 0:0.19-3.fc6

Complete!



Configuration:


[root@server /]# vi /etc/nagios/nagios.cfg

uncommend the below line:

cfg_dir=/etc/nagios/servers



[root@server /]# vi /etc/httpd/conf.d/nagios.conf

For Directory "/usr/lib64/nagios/cgi"
Order allow,deny
Allow from all

Or allow IP as per your requirements.

and for directory /nagios "/usr/share/nagios"
Allow from all


[root@server /]# mkdir /etc/nagios/servers
[root@server /]# chown nagios. /etc/nagios/servers


[root@server /]# vi /etc/nagios/objects/contacts.cfg

Update your notification email address:


email ajeesh@xyz.com


[root@server /]# htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
New password:
Re-type new password:

root@server /]# /etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@server /]#
[root@server /]# /etc/rc.d/init.d/nagios start
nagios is stopped
Starting nagios: [ OK ]


Now you will be able access your Nagios using http://172.16.9.155/nagios/ that is  ip/nagios

user name : nagiosadmin password : xyz


Next step is add a remote machine on your Nagios server.



vi /etc/nagios/servers/ldapserver.cfg

define host{
use linux-server
host_name ldap.ajeesh.com
alias lan
address 172.16.9.156
}
define service{
use generic-service
host_name ldap.ajeesh.com
service_description PING
check_command check_ping!100.0,20%!500.0,60%

}

Saturday, February 23, 2013

sshd rootkit exploit reported

Recently sshd rootkit exploited in cPanel , CentOs, CloudLinux , DirectAdmin, Plesk etc.

Once this happened hackers can steal passwords, ssh keys ,  /etc/shadow and they will get the server access and do spamming in your server.

For 64 bit servers

 /lib64/libkeyutils.so.1.9

For 32 bit servers

 /lib/libkeyutils.so.1.9

For non effected server it should be

[~]# ls -la /lib64/libkeyutils*
-rwxr-xr-x 1 root root 9472 Jan  6  2007 /lib64/libkeyutils-1.2.so*
lrwxrwxrwx 1 root root   18 Aug 24 11:26 /lib64/libkeyutils.so.1 -> libkeyutils-1.2.so*

You can check your server is infected or not using the following command
# wget -qq -O - http://www.cloudlinux.com/sshd-hack/check.sh |/bin/bash

Ajeesh.server10.net #                                                                                                                                                    
Cannot find compromised library

If your server is infected please execute the following command:
# wget -qq -O - http://www.cloudlinux.com/sshd-hack/clean.sh |/bin/bash

Also you can check the integrity of this file using rpm commands , whether there is any patch over written with your existing libkey-utils package.

 root@server [/]# rpm -Vv keyutils-libs-1.2-1.el5
........    /lib/libkeyutils-1.2.so
........    /lib/libkeyutils.so.1
........    /usr/share/doc/keyutils-libs-1.2
........  d /usr/share/doc/keyutils-libs-1.2/LICENCE.LGPL
........    /lib64/libkeyutils-1.2.so
........    /lib64/libkeyutils.so.1
........    /usr/share/doc/keyutils-libs-1.2
........  d /usr/share/doc/keyutils-libs-1.2/LICENCE.LGPL

From the above output we can see that the package installed on our server is not modified with any patches.

If your output something like
S.5.....    /lib/libkeyutils.so.1

It is vulnerable and you need to update your server as fast as possible.

Saturday, February 9, 2013

'YUM', failed

!! The server's system package manager, 'YUM', failed. !!

!!
This is the command that failed: yum --exclude=kernel* -y install

Solution:

I have added kernel* in /etc/yum.conf file and done the following steps.

yum clean metadata
yum clean all

Thursday, February 7, 2013

Sphinx Open Source Search Server

Recently i have installed Sphinx search engine in my cPanel server.


]# yum install sphinx.x86_64
Which ended with the following error.
 
Error: Missing Dependency: libmysqlclient.so.15()(64bit) is needed by package sphinx-0.9.9-1.el5.rf.x86_64 (rpmforge)
Error: Missing Dependency: libmysqlclient.so.15(libmysqlclient_15)(64bit) is needed by package sphinx-0.9.9-1.el5.rf.x86_64 (rpmforge)

So i have gone for a manual installation.

1. /usr/local/src/]# wget http://sphinxsearch.com/files/sphinx-2.0.4-release.tar.gz
2. tar -zxf sphinx-2.0.4-release.tar.gz 
3. cd sphinx-2.0.4-release
4. mkdir /var/lib/mysql/plugins
5. cd /usr/local/src/
MySql server for my cPanel server is 5.1.65-cll.
  6. wget http://www.percona.com/redir/downloads/Percona-Server-5.1/Percona-Server-5.1.65-14.0/source/Percona-Server-5.1.65-rel14.0.tar.gz
7. tar -xvzf Percona-Server-5.1.65-rel14.0.tar.gz
8. cd Percona-Server-5.1.65-rel14.0
9. cp -Rf /usr/local/src/sphinx-2.0.4-release/mysqlse/ storage/sphinx
10. sh BUILD/autorun.sh
11. ./configure
12 make
13 cp -rf storage/sphinx/.libs/ha_sphinx.so* /var/lib/mysql/plugins/
14. vi /etc/my.cnf
and add
plugin_dir=/var/lib/mysql/plugins

15. restart your mysql server.
16.
mysql> show engines;
+------------+---------+----------------------------------------------------------------+--------------+------+------------+
| Engine | Support | Comment | Transactions | XA | Savepoints |
+------------+---------+----------------------------------------------------------------+--------------+------+------------+
| InnoDB | YES | Supports transactions, row-level locking, and foreign keys | YES | YES | YES |
| MRG_MYISAM | YES | Collection of identical MyISAM tables | NO | NO | NO |
| BLACKHOLE | YES | /dev/null storage engine (anything you write to it disappears) | NO | NO | NO |
| CSV | YES | CSV storage engine | NO | NO | NO |
| MEMORY | YES | Hash based, stored in memory, useful for temporary tables | NO | NO | NO |
| FEDERATED | NO | Federated MySQL storage engine | NULL | NULL | NULL |
| ARCHIVE | YES | Archive storage engine | NO | NO | NO |
| MyISAM | DEFAULT | Default engine as of MySQL 3.23 with great performance | NO | NO | NO |
+------------+---------+----------------------------------------------------------------+--------------+------+------------+

17. mysql> INSTALL PLUGIN sphinx SONAME 'ha_sphinx.so';
Query OK, 0 rows affected (0.06 sec)

18. mysql> show engines;
+------------+---------+----------------------------------------------------------------+--------------+------+------------+
| Engine | Support | Comment | Transactions | XA | Savepoints |
+------------+---------+----------------------------------------------------------------+--------------+------+------------+
|

| SPHINX | YES | Sphinx storage engine 2.0.4-release | NO | NO | NO |
|

Friday, January 25, 2013

ImageMagick install in cPanel/WHM server

First we need to check ImageMagick is installed in the server.
[~]#/scripts/checkimagemagick
missing

[~]#/scripts/installimagemagick

Appending installation info to /usr/lib64/perl5/perllocal.pod
OK
Successfully installed Image-Magick-6.77
1 distribution installed
ImageMagick installed ok

[~]# convert --version
Version: ImageMagick 6.8.0-1 2013-01-24 Q16 http://www.imagemagick.org
Copyright: Copyright (C) 1999-2012 ImageMagick Studio LLC
Features: OpenMP 

WHM -> Software -> Module Installers -> PHP Pecl > click manage
Install a PHP Pecl box type " imagick "and click "Install Now"

[~]#/scripts/restartsrv_httpd

root@ajeesh [~]# /scripts/checkimagemagick
ok

Uninstalling
/scripts/cleanimagemagick
WHM -> Software -> Module Installers -> PHP Pecl and click uninstall Imagick.

Friday, January 11, 2013

Memory set for a Xen Node

After installing a Xen server we need to cap the Xen Node's total Moemory, If it is not set ,the Total memory of the server will assigned to "Domain-0" and we can not add new VPS on this newly created Xen Node.

We can cap the host node memory by editing /etc/grub.conf ,
Suppose we want to cap 512MB RAM then we should add dom0_mem=512m at the end of Kernel parameter.

title CentOS (2.6.18-308.24.1.el5xen)
        root (hd0,0)
        kernel /boot/xen.gz-3.4.4 dom0_mem=512m
        module /boot/vmlinuz-2.6.18-308.24.1.el5xen ro root=LABEL=/
        module /boot/initrd-2.6.18-308.24.1.el5xen.img

After this changed i have rebooted the server.

#] shutdown -r -f now

  Before capping :
[root@server.ajeesh ~]# free -m
total used free shared buffers cached
Mem: 3521 1386 2134 0 148 931
-/+ buffers/cache: 305 3215
Swap: 4094 0 4094


xm info
total_memory : 4094
free_memory : 4

After the capping :

 [root@server.ajeesh ~]# free -m
total used free shared buffers cached
Mem: 512 418 93 0 35 181
-/+ buffers/cache: 200 311
Swap: 4094 0 4094

Xm info
 total_memory : 4094
free_memory : 3013



Can not create VPS in Solsvm Xen

First we need to check the Xen logs here /var/log/xen/xend.log
root@server10.ajeesh]# tail -f /var/log/xen/

VmError: Kernel image does not exist: /boot/solus-vmlinuz

If you found this error simply execute the following commands and your vps get added.

php /usr/local/solusvm/includes/xenkernel.php

Thursday, January 3, 2013

Restarting MediaCore service

Please note down the steps to restart the mediaCore service.

Media core default port is 5000

1. change the directory to the installed location :
2. execute this command
source mediacore_env/bin/activate
You will get the Media core Environment
(mediacore_env)

3.
(mediacore_env)root@server [media core installed location]# paster serve --daemon --reload development.ini
Starting subprocess with file monitor
Entering daemon mode

4. root@server [/]# netstat -lpn | grep :5000
tcp 0 0 serverIP:5000 0.0.0.0:* LISTEN 11402/python

Tuesday, January 1, 2013

WHM/cPanel 500 error

Internal Server Error 500
No response from subprocess (whostmgr (cpanel)) with exit signal: 0

# tail -f /usr/local/cpanel/logs/error_log
warn [whostmgr10] Unable to write datastore file: /root/.cpanel/datastore/_usr_local_cpanel_cpanel_-F: target directory does not match uid 0 at /usr/local/cpanel/Cpanel/CachedCommand/Save.pm line 24
        Cpanel::CachedCommand::Save::_savefile('/root/.cpanel/datastore/_usr_local_cpanel_cpanel_-F', SCALAR(0x100ed20)) called at /usr/local/cpanel/Cpanel/CachedCommand.pm line 210
        Cpanel::CachedCommand::_cached_cmd('binary', '/usr/local/cpanel/cpanel', 'args', ARRAY(0x10479f0), 'mtime', 1356972302) called at /usr/local/cpanel/Cpanel/CachedCommand.pm line 27

I have seen some root files are in wrong file permission. After correcting this i have restarted my cPanel service in the server fixed my issue.

service cpanel restart