Configuration files of Directadmin?

Guys,

You can refer the following URL.

====
http://help.directadmin.com/item.php?id=284
====

Check it out :)

Read More

How to convert from ext3 to ext2 file system?

Guys,

===========
1. # umount /dev/hda1
Now change the file system type to ext2 by typing the following command
2. # tune2fs -O ^has_journal /dev/hda1
Verify that there are no error:
3.# e2fsck -y /dev/hda1
Mount the file system to original mount point (for example /home or /mnt):
4. # mount -t ext2 /dev/hda1 /home
Go to mount point and remove .journal file
5. # rm -f .journal
===========

Try :)

Read More

How to convert ext2 to ext3 file system?

Guys,

The ext2 or second extended filesystem is a file system for the Linux kernel, and the ext3 is a journaled file system. The ext3’s main advantage over ext2 is journaling which improves reliability and eliminates the need to check the file system after an unclean shutdown. Journaling process file system log convert file system during disk, if any problem arise it will be reconstructed it will be done by tune2fs tune to ext3 file system,While the power failure occur, Journalism File system restore pre-crash data store on the disk. It will also restore unsaved data.

========

unmount hda1 and tune it by journel like :

tune2fs -c 0 -i 30 -j /dev/hda1

then mount it.
========

c : number of mounts after which the filesystem will be checked by e2fsck. If it's is 0 or -1, the number of times the filesystem is mounted will be disregarded by e2fsck and the kernel

i : Adjust the maximal time between two filesystem checks. Use it with c option.

PS: Replace the appropriate partition.

Try :)

Read More

How to enable swap space on xen VPS?

Guys,

I did the following steps :

==========
root@onweb:/# dd if=/dev/zero of=/swap bs=1024 count=1048576
1048576+0 records in
1048576+0 records out
1073741824 bytes (1.1 GB) copied, 8.60256 s, 125 MB/s
root@onweb:/# mkswap /swap
mkswap: /swap: warning: don't erase bootbits sectors
on whole disk. Use -f to force.
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=00d2e2b5-0453-48b7-809b-4e405fadd9e8
root@onweb:/# chmod 0600 /swap
root@onweb:/# vi /etc/fstab //give entry like : /swap swap swap defaults,noatime 0 0
root@onweb:/# swapon -a
root@onweb:/# free -m
total used free shared buffers cached
Mem: 531 524 6 0 5 398
-/+ buffers/cache: 120 410
Swap: 1023 0 1023
root@onweb:/#
==========

Try :)

Read More

ftp: connect: Connection refused

Guys,

If you get this type of error message, please check the server's firewall first. I have faced this error message during connecting to the FTP server. In my case passive ports ranges were not enabled in the FTP and iptables firewall.

====
PassivePortRange 30000 50000
====

Add the above line in the ftp configuration file and enable them in the iptables like :

=====
iptables -A INPUT -p tcp --destination-port 30000:50000 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 30000:50000 -j ACCEPT
=====

Then restart iptables and ftp server like :

====
service iptables restart
/etc/init.d/pure-ftpd restart
====

If above solutions don't work please configure CSF+LFD firewall on the server and stop iptables. This will solve the problem.

Another important point is that you may connect to the server through "active mode [server will connect to the client]" through the FTP client(like filezilla). Just enable the option a the FTP client and retry to connect. That's it.

Try :)

Read More

How to stop core file generation in the server from php?

Guys,

A core file records memory image of running process.when a php process is killed, apache creates core files under your account.These core files takes too much of space on server.There is no harm on deleting these files.You can get rid off these core files by modifying the httpd start up file.

=======
vi /usr/sbin/httpd and
ulimit -c 0 after the first "ulimit" counting from the last.
=======

PS: /usr/sbin/httpd is nothing but a bash script.

Try :)

Read More

eth0 errors +WARNINGs: packets is + outside range

Guys,

I got this error messages from munin monitoring service and following was the error messages :

=========
eth0 errors
WARNINGs: packets is 1.52 (outside range [:1]).
=========

So, my basic concept is either eth0 is being overloaded or isn't compatible with kernel or OS. So, I checked the settings of the eth0 and RX(receive) and TX(transmit) packet errors and I found that there is error at RX. I have pasted the results here.

========
root@server [/proc/net]#ethtool eth0
eth0 Link encap:Ethernet HWaddr 00:22:19:7A:7D:96
inet addr:178.250.55.14 Bcast:178.250.55.127
Mask:255.255.255.128
inet6 addr: fe80::222:19ff:fe7a:7d96/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:162432463 errors:3770202 dropped:0 overruns:0
frame:3770202
TX packets:258975594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2965541413 (2.7 GiB) TX bytes:3157382941 (2.9 GiB)
Interrupt:169 Memory:f8000000-f8012800
root@server [/proc/net]#
========

You can use other commands to check the continuous traffic statistics of the card like :

-----------------
root@server [~]# watch -n 1 cat /proc/net/dev
-----------------
root@server [~]# sar -n DEV|more
-----------------
root@server [~]# netstat -plan --interfaces=eth0
-----------------

I contacted the owner of the server and he assured me that the maximum speed of the NIC is 1GB/sec. So, I increased it using the following command and that fixed the notification error messages:

==================
root@server [~]#ethtool -s eth0 speed 1000 duplex full
==================

Try :)

Read More

How to access the webalizer from the outside of the cpanel?

Guys,

I don't want to post this type of article since you'll get it from the Google. But still I did. I followed following steps :

Example :

=====
root@cp [~]# /scripts/whoowns domain.com
domain
root@cp [~]# cd ~domain
root@cp [/home/domain]# cd public_html/
root@cp [/home/domain/public_html]# pwd
/home/domian/public_html
root@cp [/home/domain/public_html]# ln -s /home/domian/tmp/webalizer stats
root@cp [/home/domain/public_html]# chown domain. stats
root@cp [/home/domain/public_html]# chmod 755 ~domain/tmp -R
=====

Now access http://domain.com/stats

PS: Domain : domain.com
username : domain

Try :)

Read More

kernel panic - not syncing: Attempted to kill init!

Guys,

Error messages during after upgrading the kernel :

----------
mount: could not find filesystem 'dev/root'

setuproot: moving /dev failed: No such file or directory

setuproot: eroor mounting /proc: No such file or directory

setuproot: eroor mounting /sys: No such file or directory

switchroot: mount failed: No such file or directory

Kernel panic - not syncing: Attempted to kill init!
----------

You need to check two important files and these are /etc/fstab and /boot/grub/grub.conf. The first file tells the system to mount the devices to the corresponding directory and second tells the exact location from which kernel will be booted.

So, as an example grub.conf contains :

-------------
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-194.3.1.el5PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-194.3.1.el5PAE ro root=LABEL=/
initrd /initrd-2.6.18-194.3.1.el5PAE.img
title CentOS (2.6.18-164.15.1.el5PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.15.1.el5PAE ro root=LABEL=/
initrd /initrd-2.6.18-164.15.1.el5PAE.img
title CentOS (2.6.18-164.el5PAE)
root (hd0,0)
kernel /vmlinuz-2.6.18-164.el5PAE ro root=LABEL=/
initrd /initrd-2.6.18-164.el5PAE.img
root@server [~]#
-------------

a) The root(hd2,5) is saying Linux where is the boot partition and it means, Third hard disk (the 0 counts and is the first disk) and sixth partition, in that disk. so, it is /dev/sdc6 or /dev/hdc6.
b)The next line is saying where to find the kernel and the root partition.

And in my server /etc/fstab contains :

------------
root@server [~]# cat /etc/fstab
LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/home /home ext3 defaults 1 2
LABEL=/tmp /tmp ext3 defaults 1 2
LABEL=/var /var ext3 defaults,usrquota 1 2
LABEL=/usr /usr ext3 defaults,usrquota 1 2
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
LABEL=SWAP-sda5 swap swap defaults 0 0
------------

As per the error messages it's clear that file systems has not correctly mounted or entries in that files are wrong. So, you need correct these entries. Please also check following entries in the kernel .config file.

=============
CONFIG_SYSFS_DEPRECATED=y
CONFIG_SYSFS_DEPRECATED_V2=y
=============


Then restart the server. Hope your basic concept will give you clue :)

Try :)

Read More

How to capture the network packet?

Guys,

Try these...

Capture the network packet :

[root@vienna ~]# tcpdump -i eth0 -w traffic.eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

Read the packet :

[root@vienna ~]# tcpdump -r traffic.eth0
..............................
..............................

Read More

How to change admin password in the table of the mysql database?

Guys,

You can use following command to do the same :

=====
update agb_book_auth set password=MD5("newwpass") where username="admin";
=====

Where table agb_book_auth contains admin and password attributes.

OR :

=====
update wp_users set user_pass = 'b15a2021cb835426552c5d8599d5c7ab' where user_login = 'admin';
=====
Then execute : flush privileges;

Try :)

Read More

Plesk configuration files path + linux?

Guys,

Here are the paths :

Plesk Config & Binary file

Linux :

===========================================================
# Plesk tree
PRODUCT_ROOT_D - /usr/local/psa
==================================================
# Directory of SysV-like Plesk initscripts
PRODUCT_RC_D - /etc/init.d

/etc/psa/psa.conf // common config file
/etc/psa/.psa.shadow // admin password file
/var/log // common log file
/etc/local/psa/admin/logs //plesk log file
================================================

# Directory for config files
PRODUCT_ETC_D - /usr/local/psa/etc
================================================

# Virtual hosts directory
HTTPD_VHOSTS_D - /var/www/vhosts
/var/www/vhosts//anon_ftp , cgi-bin, conf, error_docs , httpdocs, httpsdocs , pd , private , statistics-->/logs(domain logs), subdomains , web

Domain based httpd.conf file:- /var/www/vhosts/conf/httpd.include
Doc root : /var/www/vhosts//httpdocs
===============================================

# Apache configuration files directory
HTTPD_CONF_D - /etc/httpd/conf/httpd.conf //server based
/var/www/vhosts/conf/httpd.include // domain based
------------------------------------------------------------------------------------------------------------
# Apache include files directory
HTTPD_INCLUDE_D - /etc/httpd/conf.d/mailman.conf , perl.conf, python.conf , webalizer.conf, zz010_psa_httpd.conf, fcgid.conf, manual.conf , php.conf, ssl.conf, welcome.conf
------------------------------------------------------------------------------------------------------------
# Apache binary files directory
HTTPD_BIN_D - /usr/bin
--------------------------------------------------------------------------------------------------------------
#Apache log files directory
HTTPD_LOG_D - /var/log/httpd
-----------------------------------------------------------------------------------------------------------
#apache startup script
HTTPD_SERVICE httpd
/etc/init.d/httpd [start|stop|restart|status]


================================================

# Qmail directory
QMAIL_ROOT_D /var/qmail

# Location of qmail maildirs
QMAIL_MAILNAMES_D /var/qmail/mailnames/
/var/qmail/mailnames//mail a/c/Maildir/new,cur,tmp
# Path to rblsmtpd
RBLSMTPD /usr/sbin/rblsmtpd

# Courier-IMAP
COURIER_IMAP_ROOT_D /

/etc/init.d/qmail [status,start,stop,restart] //service control

================================================
# Proftpd
FTPD_CONF /etc/proftpd.conf
FTPD_CONF_INC /etc/proftpd.include
FTPD_BIN_D /usr/bin
FTPD_VAR_D /var/run/proftpd
FTPD_SCOREBOARD /var/run/proftpd/scoreboard

Log file :- /var/log/xferlog
Service control :- /etc/init.d/proftpd [start,stop,status,restart]
================================================
# Bind
NAMED_RUN_ROOT_D /var/named/run-root/etc/named.conf
/var/named/run-root/var/ // db record

Service control :- /etc/init.d/named [status,start,stop,restart]
log:- /var/log/messages
===============================================

# Webalizer
WEB_STAT /usr/bin/webalizer
===============================================
# Logrotate
LOGROTATE /usr/local/psa/logrotate/sbin/logrotate
===============================================
# MySQL
MYSQL_VAR_D /var/lib/mysql
MYSQL_BIN_D /usr/bin

Service control:- /etc/rc.d/init.d /mysqld [start,stop,restart,status]
log :- /var/log/messages
===============================================
# PostgreSQL
PGSQL_DATA_D /var/lib/pgsql/data
PGSQL_BIN_D /usr/bin
===============================================
# Backups directory
DUMP_D /var/lib/psa/dumps
===============================================
# Mailman directories
MAILMAN_ROOT_D /usr/lib/mailman
MAILMAN_VAR_D /var/lib/mailman
===============================================
# Python binary
PYTHON_BIN /usr/bin/python2.3

# Tomcat root directory
CATALINA_HOME /usr/share/tomcat5

# DrWeb
DRWEB_ROOT_D /opt/drweb
DRWEB_ETC_D /etc/drweb

# GnuPG binary
GPG_BIN /usr/bin/gpg

# Tar binary
TAR_BIN /bin/tar
===============================================
# Curl certificates
CURL_CA_BUNDLE_FILE /usr/share/curl/curl-ca-bundle.crt
=========================================================
# AWStats
AWSTATS_ETC_D /etc/awstats
AWSTATS_BIN_D /var/www/cgi-bin/awstats
AWSTATS_TOOLS_D /usr/share/awstats
AWSTATS_DOC_D /var/www/html/awstats
===============================================
# openssl binary
OPENSSL_BIN /usr/bin/openssl

LIB_SSL_PATH /lib/libssl.so
LIB_CRYPTO_PATH /lib/libcrypto.so

CLIENT_PHP_BIN /usr/local/psa/bin/php-cli
--------------------------------------------------------------------------------------------------
Psa Spammasion:-
/usr/local/psa/admin/bin/spamd --status
--stop
--start
--------------------------------------------------------------------------------------------------

===========================

Check it out :)

Read More

Links for linux commands?

You can refer following links :

==========
http://www.hscripts.com/tutorials/linux-commands/who.html
http://www.pixelbeat.org/cmdline.html
=========

NFS and NIS configuration :

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS

If you get any link you can share here :)

Munin(server monitoring) configuration link :

http://wiki.kartbuilding.net/index.php/Munin_Statistics

Read More

How to use grep,find,sor,pg,ip,wget commands in linux

Guys,

grep -irl saqun.com * [i=case sensitive,allow both case. r=recursive, l=list out] // search domain in /hsphere/local/config/httpd/sites/
1.check php version: php -v
2.check which php: php -i // php -i |grep php.ini
3./usr/local/cpanel/logs // logs of cpanel
4./var/cpanel/userdata // gives the user data.
5.ctrl+] // to come out from established connection
Then q enter.

7.Search customer by name or by email id:-
8.vps # vzctl enter (id of domain) // to go to root of particular domain.

9.For neural customer search from database the details. Take user & password and login from www.emcwebhosting.com site.

10.cd /dir && command
11.ls /etc | pr -T9 -W$COLUMNS // print contents in 9 columns.pr=print T9=9 column W=width.
12.find -name '*.[ch]' | xargs grep -E 'expr' //Search 'expr' in this dir and below. See also findrepo
13.find -type f -print0 | xargs -r0 grep -F 'example' //Search all regular files for 'example' in this dir and below
14.find -maxdepth 1 -type f | xargs grep -F 'example' //Search all regular files for 'example' in this dir

15.find -type f ! -perm -444 ///Find files not readable by all (useful for web site)
16.find -type d ! -perm -111 //Find dirs not accessible by all (useful for web site)
17.grep --color kamal /etc/passwd //Highlight occurances of regular expression in dictionary

18. gpg -c file //Encrypt file
gpg file.gpg //Decrypt file
19. scp -p -r $USER@$HOST: file dir/ // Copy with permissions to $USER's home directory on $HOST

20.ssh -g -L 8080:localhost:80 root@$HOST //Forward connections to $HOSTNAME:8080 out to $HOST:80
ssh -R 1434:imap:143 root@$HOST //Forward connections from $HOST:1434 in to imap:143

21.
wget -c http://www.example.com/large.file //Continue downloading a partially downloaded file
wget -r -nd -np -l1 -A '*.jpg' http://www.example.com/dir/ //Download a set of files to the current directory

22.
echo 'wget url' | at 01:00 //Download url at 1AM to current dir
wget --limit-rate=20k url //Do a low priority download (limit to 20KB/s in this case)
wget -o log url // faults r stored in log file . log=/x.txt
wget --dns-timeout=seconds url
--connect-timeout=seconds url
--read-timeout=seconds url
--limit-rate=amount url
--user=user url
--password=password url

23. ethtool eth1 // show status of ethernate 0 1
24.ip link show //List network interfaces
25.

ethtool eth0 //Show status of ethernet interface eth0
ethtool --change eth0 autoneg off speed 100 duplex full //Manually set ethernet interface speed
iwconfig eth1 //Show status of wireless interface eth1
iwconfig eth1 rate 1Mb/s fixed //Manually set wireless interface speed
iwlist scan //List wireless networks in range
ip link set dev eth0 name wan //Rename interface eth0 to wan
ip link set dev eth0 up //Bring interface eth0 up (or down)
ip addr show //List addresses for interfaces
ip addr add 1.2.3.4/24 brd + dev eth0 //Add (or del) ip and mask (255.255.255.0)
ip route show //List routing table
ip route add default via 1.2.3.254 //Set default gateway to 1.2.3.254


26.
netstat -tupl //List internet services on a system with it we can search anything by grep
netstat -tup //List active connections to/from system
27.

cal -3 // Display a calendar
cal 9 1752 // Display a calendar for a particular month year
date -d fri //What date is it this friday. See also day
28. ls -lSr ls -lS // show the file order in size.

29. df -h Show free space on mounted filesystems
• df -i Show free inodes on mounted filesystems
• fdisk -l Show disks partitions sizes and types (run as root)

30.lsof -p $$ //List paths that process id has open
tcpdump not port 22 //Show network traffic except ssh. See also tcpdump_not_me
ps -e -o pid,args --forest //List processes in a hierarchy
ps -p 1,2 //List info for particular process
watch -n.1 'cat /proc/interrupts' // Watch changeable data continuously IDs

=================================================
31.• uname -a //Show kernel version and system architecture
• head -n1 /etc/issue //Show name and version of distribution
• cat /proc/partitions //Show all partitions registered on the system
• grep MemTotal /proc/meminfo //Show RAM total seen by the system
• grep "model name" /proc/cpuinfo //Show CPU(s) info
• lspci -tv //Show PCI info
• lsusb -tv //Show USB info
• mount | column -t //List mounted filesystems on the system (and align output)
• grep -F capacity: /proc/acpi/battery/BAT0/info // Show state of cells in laptop battery
# dmidecode -q | less //Display SMBIOS/DMI information
# smartctl -A /dev/sda | grep Power_On_Hours //How long has this disk (system) been powered on in total
# hdparm -i /dev/sda //Show info about disk sda
# hdparm -tT /dev/sda //Do a read speed test on disk sda
# badblocks -s /dev/sda
=====================================================

32. pg
Used to display data one page (screenful) at a time. The command can take a number of filenames as arguments.
Pg [option] [filename] [filename2]…..

33.sort
Sort is a utility program that can be used to sort text files in numeric or alphabetical order
Sort [filename]


34.& - run a program in background mode.
=================================================
35. Get back windows admin password: "C:\Program Files\SWsoft\Plesk\admin\bin\plesksrvclient.exe" –get


Check it out :)

Read More

How to delete file using inode number?

Ans :

You can find the file and remove it by rm -f command like :

$ find . -inum 782263 -exec rm -f {} \;

To view the inode number :

ls -il

Try :)

Read More

Install firewalls on linux?

Security Softwares

1. APF
2. BFD
3. CSF
4. RkHunter
5. ChkRootkit
6. DDOS-Deflate
7. Secure-Nobody

-===========================
APF

cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz;
tar -xvzf apf-current.tar.gz;
rm -rf apf-current.tar.gz;
cd apf-0*;
./install.sh



BFD

cd /usr/local/src/;
wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz;
tar -xvzf bfd-current.tar.gz;
rm -rf bfd-current.tar.gz;
cd bfd-0*;
./install.sh



CSF

http://configserver.com/cp/csf.html

cd /usr/local/src/;
wget http://www.configserver.com/free/csf.tgz;
tar -xzf csf.tgz;
cd csf;
sh install.sh



RkHunter

cd /usr/local/src/;
wget http://downloads.rootkit.nl/rkhunter-1.1.4.tar.gz;
tar -xzvf rkhunter-1.1.4.tar.gz;
rm -rf rkhunter-*;
cd rkhunter;
./installer.sh

Run
rkhunter -c



ChkRootkit

cd /usr/local/src/;
wget http://www.net-security.org/dl/software/chkrootkit.tar.gz;
tar zxvf chkrootkit.tar.gz;
rm -rf chkrootkit.tar.gz;
cd chkrootkit-0*;
make sense

Run
./chkrootkit -x



DDOS-Deflate


Description:
When you run this Perl script, it will then run an netstat command check how many times each IP is connected and if there are more then the number of connections you specified then it will automatically run a command in APF for the IP to be banned.

Installing:
wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

Uninstalling:
wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos



Secure Nobody


wget -O securenobody.rpm servstra.com/securenobody.rpm;
rpm -Uvh securenobody.rpm;
cd /usr/local/securenobody ;
./securenobody
==========================

Try :

Read More

How to secure linux server?

Guys,

You can refer the following URL :

======
http://www.mysql-apache-php.com/basic-linux-security.htm
======

check :)

Read More

How to setup loop device?

Guys,

In Unix-like operating systems, a loop device, vnd (vnode disk), or lofi (loopback file interface) is a pseudo-device that makes a file accessible as a block device.


losetup /dev/loop0 example.img
mount /dev/loop0 /home/you/dir

The second command mounts the device on the directory /home/you/dir. The overall effect of executing these two commands is that the content of the file is used as a file system rooted at the mount point.

The mount utility is usually capable of handling the entire procedure:

mount -o loop example.img /home/you/dir

Try :)

Read More

How to create tmp partition on linux server?

PS : Making more available for you :

====
If you do not have any /tmp partition you will need to follow the directions below to create and mount a partition.

Create a 190Mb partition
shell: cd /dev/; dd if=/dev/zero of=tmpMnt bs=1024 count=200000

Format the partition
shell: mke2fs /dev/tmpMnt

Make a backup of the old data
shell: cp -Rp /tmp /tmp_backup

Mount the temp filesystem
shell: mount -o loop,noexec,nosuid,rw /dev/tmpMnt /tmp

Set the permissions
shell: chmod 1777 /tmp

Copy the old files back
shell: cp -Rp /tmp_backup/* /tmp/

Once you do that go ahead and start mysql and make sure it works ok.
If it does you can add this line to the bottom of the /etc/fstab to automatically have it mounted:
/dev/tmpMnt /tmp ext2 loop,noexec,nosuid,rw 0 0

While we are at it we are going to secure /dev/shm. Look for the mount line for /dev/shm and change it to the following:
none /dev/shm tmpfs noexec,nosuid 0 0

Umount and remount /dev/shm for the changes to take effect.
shell: umount /dev/shm
shell: mount /dev/shm

If everything still works fine you can go ahead and delete the /tmp_backup directory.
shell: rm -rf /tmp_backup
====

Try :)

Read More

[a fatal error or timeout occurred while processing this directive] + cpanel

Guys,

Just check the cpanel log file and you'll get the clue from there. I got following messages :

execute : tail -f /usr/local/cpanel/logs/error_log

=====
[2010-11-03 15:16:46 -0700] warn [branding::include] Encountered error in branding::include: Branding::include(index.html) failed: can't write into /home/j279259/.cpanel/nvdata.cache: Disk quota exceeded at /usr/local/cpanel/Cpanel/NVData.pm line 60
=====

I have reduced the disk usage to fix the issue.

Try :)

Read More

How to use strace command in linux?

Guys,

strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.

Here is the exact usage of the strace command :

=========
Arguments and returned value :

Each line in the trace contains the system call name, followed by its arguments in parentheses and its return value. An example from stracing the command ''cat /dev/null'' is:

open("/dev/null", O_RDONLY) = 3

Errors (typically a return value of -1) have the errno symbol and error string appended.

open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory)


Examples :

strace -s ls
strace -o output_file ls
strace -o outputfile -d ls
strace -e expr

like
strace -e trace=set
strace -e trace=open
strace -e trace=read
strace -e trace=file
strace -e trace=process
strace -e trace=network
strace -e trace=signal
strace -e trace=ipc
strace -e trace=desc //descriptors
strace -e read=set

For example, to see all input activity on file descriptors 3 and 5 use
-e read=3,5
For example, to see all output activity on file descriptors 3 and 5 use
-e write=3,5

-p pid //Attach to the process with the process ID pid and begin tracing

example : strace -e trace=network -p 4009

-u username //Run command with the user ID , group ID , and supplementary groups of username
===============

Special Use :

==================
1. Find out which config files a program reads on startup :-

strace php 2>&1 | grep php.ini
strace -e open php 2>&1 | grep php.ini

2. Why does this program not open my file?

$ strace -e open,access 2>&1 | grep your-filename

Look for an open() or access() syscall that fails

3. What is that process doing RIGHT NOW?

Ever had a process suddenly hog lots of CPU? Or had a process seem to be hanging?

strace -p 15427

4. What is taking time?

strace -c -p 11084

5. Can't I connect to that server?

strace -e poll,select,connect,recvfrom,sendto nc www.yahoo.com 80
================

Note :

-------------------------
ps -e -o pcpu,cpu,nice,state,cputime,args --sort pcpu | sed '/^ 0.0 /d' //
List processes by % cpu usage

ps -C firefox-bin -L -o pid,tid,pcpu,state //
List all threads for a particular process

watch -n.1 'cat /proc/interrupts' //
Watch changeable data continuously
--------------------------

try :)

Read More

How to view binary file in linux?

Guys,

Ans :

====
hexdump /bin/ps //in hexadecimal format
od /bin/ps //in octal format
strings /bin/ps //in human readable
====

check :)

Read More

What's the exact path of system call functions in linux?

Ans :

Where are the system call fuctions stored : /usr/src/linux/kernel/sys_call.S
many of the system calls can be found in /usr/src/linux/kernel/sys.c
Some system calls, like fork, have their own source file (e.g., kernel/fork.c).

Check it out :)

Read More

How to add shared libraries on linux?

Guys,

Example :

------
1. As root, edit file /etc/ld.so.conf. Add a line like /usr/local/pgsql/lib
2. Then run command /sbin/ldconfig
3.#In a bash shell, type
export LD_LIBRARY_PATH=/usr/local/pgsql/lib
4#In a csh shell, type
setenv LD_LIBRARY_PATH /usr/local/pgsql/lib
------

That's it. try :)

Read More

mysql query chache clear

Guys,

You can use the following command to clear the cache :

======
RESET QUERY CACHE;
======

Ref :

http://dev.mysql.com/tech-resources/articles/mysql-query-cache.html

try :)

Read More

Linux + firewall + iptables configuring ?

Firewall configuring :) Here is the excellent URL.

http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

check :)

Read More

How to install xinetd on linux ?

Guys,

You can install it by yum like : yum install xinted*

Configuring :

xinetd Configuration files location

Following are important configuration files for xinetd:

/etc/xinetd.conf - The global xinetd configuration file.
/etc/xinetd.d/ directory - The directory containing all service-specific files such as ftp
Task: Understanding default configuration file

You can view default configuration file with less or cat command:
# less /etc/xinetd.conf
OR
# cat /etc/xinetd.conf
Output:

# Simple configuration file for xinetd
#
# Some defaults, and include /etc/xinetd.d/

defaults
{
instances = 60
log_type = SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps = 25 30
}

includedir /etc/xinetd.d
Where,

instances = 60 : Determines the number of servers that can be simultaneously active for a service. So 60 is the maximum number of requests xinetd can handle at once.
log_type = SYSLOG authpriv: Determines where the service log output is sent. You can send it to SYSLOG at the specified facility (authpriv will send log to /var/log/secure file).
log_on_success = HOST PID: Force xinetd to log if the connection is successful. It will log HOST name and Process ID to /var/log/secure file.
log_on_failure = HOST: Force xinetd to log if there is a connection dropped or if the connection is not allowed to /var/log/secure file
cps = 25 30: Limits the rate of incoming connections. Takes two arguments. The first argument is the number of connections per second to handle. If the rate of incoming connections is higher than this, the service will be temporarily disabled. The second argument is the number of seconds to wait efore re-enabling the service after it has been disabled. The default for this setting is 50 incoming connections and the interval is 10 seconds. This is good to avoid DOS attack against your service.
includedir /etc/xinetd.d: Read other service specific configuration file this directory.

Try :)

Read More

how to integrate TCP wrapper with xinetd + linux ?

Guys,

During installation of xinetd just use the option --with-libwrap=/path/to/libfile

That't it.

Read More

How do I examine TCP wrapper config file?

Guys.

Use tcpdchk command toexamines your tcp wrapper configuration and reports all potential and real problems it can find.

tcpdchk
tcpdchk -v

try :)

Read More

How do I predict how the TCP wrapper would handle a specific request for service?

Guys,

Use tcpdmatch command. predict how tcpd would handle a sshd request from the local system:

tcpdmatch sshd localhost

The same request, pretending that hostname lookup failed:

tcpdmatch sshd 192.168.1.5

To predict what tcpd would do when the client name does not match the client address:

tcpdmatch sshd paranoid

Replace sshd with in.telnetd, or ftpd and so on. You can use all daemon names specified in inetd.conf or xinetd.conf file.

try :)

Read More

Default Log Files of TCPwrapper ?

TCP Wrappers will do all its logging via syslog according to your /etc/syslog.conf file. The following table lists the standard locations where messages from TCP Wrappers will appear:

AIX - /var/adm/messages
HP-UX - /usr/spool/mqueue/syslog
Linux - /var/log/messages
FreeBSD / OpenBSD / NetBSD - /var/log/messages
Mac OS X - /var/log/system.log
Solaris - /var/log/syslog

Read More

Configuring TCP Wrapper Config Files?

Guys,

Note : I made this article more available for you.

/etc/hosts.allow and /etc/hosts.deny

File protections: the wrapper, all files used by the wrapper, and all directories in the path leading to those files, should be accessible but not writable for unprivileged users (mode 755 or mode 555). Do not install the wrapper set-uid.

As the root user, perform the following edits on the /etc/inetd.conf configuration file:

finger stream tcp nowait nobody /usr/sbin/in.fingerd in.fingerd

becomes:

finger stream tcp nowait nobody /usr/sbin/tcpd in.fingerd

[Note]
Note

The finger server is used as an example here.

Similar changes must be made if xinetd is used, with the emphasis being on calling /usr/sbin/tcpd instead of calling the service daemon directly, and passing the name of the service daemon to tcpd.

Contents :

Installed Programs: tcpd, tcpdchk, tcpdmatch, try-from, and safe_finger
Installed Library: libwrap.{so,a}
Installed Directories: None

Short Descriptions :

tcpd : is the main access control daemon for all Internet services, which inetd or xinetd will run instead of running the requested service daemon.

tcpdchk : is a tool to examine a tcpd wrapper configuration and report problems with it.

tcpdmatch : is used to predict how the TCP wrapper would handle a specific request for a service.

try-from : can be called via a remote shell command to find out if the host name and address are properly recognized.

safe_finger : is a wrapper for the finger utility, to provide automatic reverse name lookups.

libwrap.{so,a}


contains the API functions required by the TCP Wrapper programs as well as other programs to become “TCP Wrapper-aware”.

Try :)

Read More

How to install tcpwrapper on linux server?

Guys,

Ans : yum install tcpd

Or From sources :

#Download (HTTP): http://files.ichilton.co.uk/nfs/tcp_wrappers_7.6.tar.gz
#Download (FTP): ftp://ftp.porcupine.org/pub/security/tcp_wrappers_7.6.tar.gz
Download MD5 sum: e6fa25f71226d090f34de3f6b122fb5a

#Additional Downloads
Required Patch (Fixes some build issues and adds building a shared library): http://www.linuxfromscratch.org/patches/blfs/svn/tcp_wrappers-7.6-shared_lib_plus_plus-1.patch


Installation of TCP Wrapper

Install TCP Wrapper with the following commands:

patch -Np1 -i ../tcp_wrappers-7.6-shared_lib_plus_plus-1.patch &&
sed -i -e "s,^extern char \*malloc();,/* & */," scaffold.c &&
make REAL_DAEMON_DIR=/usr/sbin STYLE=-DPROCESS_OPTIONS linux

This package does not come with a test suite.

Now, as the root user:

make install

Note : sed -i -e ... scaffold.c: This command removes an obsolete C declaration which causes the build to fail if using GCC >= 3.4.x.

that's it :)

Read More

Secure Linux Using TCP Wrappers or Protect the daemons using TCP wrappers on Linux??

Guys,

TCP Wrappers can be used to GRANT or DENY access to various services on your machine to the outside network or other machines on the same network. It does this by using simple Access List Rules which are included in the two files /etc/hosts.allow and /etc/hosts.deny .

Let us consider this scenario: A remote machine remote_mc trying to connect to your local machine local_mc using ssh.

When the request from the remote_mc is received by the tcp wrapped service (SSH in this case), it takes the following basic steps:

1. It checks the /etc/hosts.allow file and applies the first rule specified for that service. If it finds a matching rule , it allows the connection. If no rule is found, it moves on to step 2.

2. It checks the /etc/hosts.deny file and if a matching rule is found, it deny's the connection.

Points to remember

Rules in hosts.allow takes precedence over rules in hosts.deny . Which means if a matching rule is found in hosts.allow file, the remote_mc is allowed access to the service even if there is a matching deny rule in hosts.deny file.
You can have only one rule per service in hosts.allow and hosts.deny file.
If there are no matching rules in either of the files or if the files don't exist, then the remote_mc is allowed access to the service.
Any changes to hosts.allow and hosts.deny file takes immediate effect.

Rule Syntax
The syntax for both hosts.allow and hosts.deny file takes the following form:

daemon : client [:option1:option2:...]

Where daemon can be a combination of ssh daemon, ftp daemon, portmap daemon and so on. Basically any service which has support for libwrap.a library compiled into it is a good candidate for utilizing the services of TCP Wrappers.

client is a comma separated list of hostnames, host IP addresses, special patterns or special wildcards which identify the hosts effected by that rule.

options is an optional action like say sending mail to the administrator when this rule is matched, log to a particular file and so on. It can be a colon separated list of actions too.

Examples of using TCP Wrappers

I want to allow SSH access to hosts in a particular domain say xyz.com and deny access to all the others. I enter the following rule in the hosts.allow file.

sshd : .xyz.com

... and in the hosts.deny file I include the rule:

sshd : ALL

The next rule denys FTP access to all the hosts in the abc.co.in domain as well as hosts in the 192.168.1.0 network.

#FILE: /etc/hosts.deny
vsftpd : 192.168.1. , .abc.co.in : spawn /bin/echo `/bin/date` access denied >> /var/log/vsftpd.log : deny

The backslash (\) in the above rule is used to break the line and prevents the failure of the rule due to length.

spawn and deny are options. Spawn launches a shell command as a child process. In the above rule, spawn logs a message to the vsftpd log file each time the rule matches. deny is optional if you are including this rule in the hosts.deny file.

Note: The last line in the files hosts.allow and hosts.deny must be a new line character. Or else the rule will fail.
For example, you can use spawn option to send mail to the admin when ever a deny rule is matched.

Wildcards :-

You can use wildcards in the client section of the rule to broadly classify a set of hosts. These are the valid wildcards that can be used.

ALL - Matches everything
LOCAL - Matches any host that does not contain a dot (.) like localhost.
KNOWN - Matches any host where the hostname and host addresses are known or where the user is known.
UNKNOWN - Matches any host where the hostname or host address are unknown or where the user is unknown.
PARANOID - Matches any host where the hostname does not match the host address.
Patterns

You can also use patterns in the client section of the rule . Some examples are as follows:

ALL : .xyz.com

Matches all hosts in the xyz.com domain . Note the dot (.) at the beginning.

ALL : 123.12.

Matches all the hosts in the 123.12.0.0 network. Note the dot (.) in the end of the rule.

ALL : 192.168.0.1/255.255.255.0

IP address/Netmask can be used in the rule.

ALL : *.xyz.com

Asterisk * matches entire groups of hostnames or IP addresses.

sshd : /etc/sshd.deny

If the client list begins with a slash (/), it is treated as a filename. In the above rule, TCP wrappers looks up the file sshd.deny for all SSH connections.

sshd : ALL EXCEPT 192.168.0.15

If the above rule is included in the /etc/hosts.deny file, then it will allow ssh connection for only the machine with the IP address 192.168.0.15 and block all other connections. Here EXCEPT is an operator.

Note: If you want to restrict use of NFS and NIS then you may include a rule for portmap . Because NFS and NIS depend on portmap for their successful working. In addition, changes to portmap rules may not take effect immediately.

Suppose I want to log all connections made to SSH with a priority of emergency. See my previous post to know more on logging. I could do the following:

sshd : .xyz.com : severity emerg

Note: You can use the options allow or deny to allow or restrict on a per client basis in either of the files hosts.allow and hosts.deny

in.telnetd : 192.168.5.5 : deny
in.telnetd : 192.168.5.6 : allow

Shell Commands :-

As mentioned above, you can couple the rules to certain shell commands by using the following two options.

spawn - This option launches a shell command as a child process. For example, look at the following rule:

sshd : 192.168.5.5 : spawn /bin/echo `/bin/date` from %h >> /var/log/ssh.log : deny

Each time the rule is satisfied, the current date and the clients hostname %h is appended to the ssh.log file.

twist - This is an option which replaces the request with the specified command. For example, if you want to send to the client trying to connect using ssh to your machine, that they are prohibited from accessing SSH, you can use this option.

sshd : client1.xyz.com : twist /bin/echo "You are prohibited from accessing this service!!" : deny

When using spawn and twist, you can use a set of expressions. They are as follows :
%a — The client's IP address.
%A — The server's IP address.
%c — Supplies a variety of client information, such as the username and hostname, or the username and IP address.
%d — The daemon process name.
%h — The client's hostname (or IP address, if the hostname is unavailable).
%H — The server's hostname (or IP address, if the hostname is unavailable).
%n — The client's hostname. If unavailable, unknown is printed. If the client's hostname and host address do not match, paranoid is printed.
%N — The server's hostname. If unavailable, unknown is printed. If the server's hostname and host address do not match, paranoid is printed.
%p — The daemon process ID.
%s — Various types of server information, such as the daemon process and the host or IP address of the server.
%u — The client's username. If unavailable, unknown is printed.

Try :)

Read More