calendar
| « | December 2005 | » | ||||
|---|---|---|---|---|---|---|
| Su | Mo | Tu | We | Th | Fr | Sa |
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 | 31 |
recently...
Install Mailscanner MRTG
Email with attachments from command line
Easy Mailscanner + Clam Antivirus + SpamAssassin *Updated 5/9/2003*
Set up Tripwire on RedHat
Chkrootkit
Use SFTP (Secure FTP via SSH2) instead of FTP
OpenSSH public key login (no password)
Easy CURL 7.10.4 w/SSL
APF Firewall 0.9.4-7
Antidos via APF Firewall
Install Mailscanner MRTG
Luigi Ramone | 15 December, 2005 21:55
This will install Mailscanner MRTG on your system. I have tested it on Ensim 3.1.10 and Ensim 3.5.17. Others have also done this on CPanel, but make sure you make the change noted...
Regular, I am not responsible for your box/you are doing this at YOUR OWN RISK... It should not screw anything up, but you are ultimately responsible if it does. I will help out as much as I can, but I am not a genius.
PREREQUISITES
1) MRTG *MUST* be installed (HOW-TO)
2) Mailscanner *MUST* be installed (I use gpans MS/SA/CM HOW-TO, but there is a MS Only HOW-TO too)
INSTRUCTIONS
cd ~
wget http://umn.dl.sourceforge.net/sourc...rtg-0.05.tar.gz
tar -xzvf mailscanner-mrtg-0.05.tar.gz
cd mailscanner-mrtg-0.05
cp mailscanner-mrtg.conf /etc/MailScanner/
cp mailscanner-mrtg.cfg /etc/mrtg/
cp mailscanner-mrtg /usr/sbin/
cp mailscanner-mrtg.include /etc/httpd/conf/
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bk
Email with attachments from command line
Luigi Ramone | 15 December, 2005 21:53
Sending emails from command line
I’ll describe possible ways to send emails from the command line. Of course there are much nicer ways to do it, but you may be in the situation (such as the one that drove me to do a deeper research and come out with this solution) and will need an easy and fast way to send mails from the prompt.
Simple text emails:
You can send simple emails by using the already installed sendmail program with the following command at the prompt:
echo "Simple, small body Text goes here" | mail -s "The Subject goes here" user@domain.com
If you have already typed a message in a text file, then import the text into the body of the email you are sending by using command:
mail -s "The Subject goes here" user@domain.com < text_file
Disadvantage: the email will be sent using header From: root@host.domain.com
(More)Easy Mailscanner + Clam Antivirus + SpamAssassin *Updated 5/9/2003*
Luigi Ramone | 15 December, 2005 21:52
We have put together the following package which will install Mailscanner, Clam Antivirus and SpamAssassin on your Ensim 3.1, or Ensim Pro 3.5 server.
This package installs:
Mailscanner 4.22
Clam Antivirus 0.60
SpamAssassin 2.55
We have tested it on upgrades from 4.11 + Mailscanner versions without issues. If you have an older Mailscanner install, we would recommend uninstalling it first and deleting the /etc/MailScanner folder before running this package.
This package does not use f-prot as you need a commercial license for use in a business environment.
(More)Set up Tripwire on RedHat
Luigi Ramone | 15 December, 2005 21:45
Install tripwire
It's installed by default, but if it isn't, grab your RedHat disks, and install it:
---------------------
# rpm -ihv /mnt/cdrom/RedHat/RPMS/tripwire-2.3.1-5.i386.rpm
# /etc/tripwire/twinstall.sh
---------------------
Clean the policy file
Go over to /etc/tripwire, and clean out the policy file with this handy script:
---------------------
# cat > ./cleantw.pl
#!/usr/bin/perl
while (<>){
#look at the line, and check for a line that can be
# Construed as a file name
CASE:{
( m|(^s*)(/[/w._-]+)(s+->.*)| ) and do {
print $1;
print "#" unless (-e $2);
print "$2$3n";
last;
};
print $_;
}
};
^D
#
---------------------
(More)Chkrootkit
Luigi Ramone | 15 December, 2005 21:43
Installing CHKROOTKIT
(Version 0.42b Sep 20 2003)
SSH as admin to your server. DO NOT use telnet
#Change to root
su -
Use SFTP (Secure FTP via SSH2) instead of FTP
Luigi Ramone | 15 December, 2005 21:41
NOTE: If you have SSH set up on your server, your server is ready to be an SFTP server. SFTP uses SSH.
What does this How-To show you?
a. How to install, setup and use an SFTP client to connect to your box using SSH2 to download/ upload files rather than FTP.
b. How to block port 21 (the default FTP port) which you don't need anymore.
c. How to uninstall and remove the FTP server from your box (if you don't need it anymore).
Why you should NOT use normal FTP
Most people use normal unsecure FTP do upload and download files to their servers using an FTP client from home.
The problem with this is that YOUR USERNAME AND PASSWORD are sent in PLAIN TEXT - a hacker can easily get this information and use it to gain access to your server.
(More)OpenSSH public key login (no password)
Luigi Ramone | 15 December, 2005 21:37
How to connect to your linux server using OpenSSH and public keys.
This is for OpenSSH2 protocol only !
Ok, here we go....
To generate keys on a linux desktop / workstation :
First, in a local shell (on your machine as your normal user) you must generate your keys.
(More)Easy CURL 7.10.4 w/SSL
Luigi Ramone | 15 December, 2005 21:35
We've put together these RPM's for libcurl 7.10.2 with SSL support. They upgrade over the stock RH ones. Installation is via rpm -Uvh
Applicability (RH 7.2 / 7.3 required) :
Webppliance 3.1
Webppliance Pro 3.5
cPanel 6
Plesk 5.0
These are also Modernbill compatible on all above panel types.
(More)APF Firewall 0.9.4-7
Luigi Ramone | 15 December, 2005 21:32
Just thought I'd update the howto's for APF.
Type ifconfig
Find out if it’s using eth0 or eth1.
Usually its eth0 but if its not, change it in conf.apf or you’ll be completely blocking the server from access
wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
tar -xvzf apf-current.tar.gz
cd apf*
./install.sh
pico -w /etc/apf/conf.apf
RESV_DNS="1"
All SYSCTL options should be set to 1 EXCEPT for
SYSCTL_OVERFLOW="0"
SYSCTL_SYNCOOKIES="0"
USE_DS="1"
USE_AD="1"
Antidos via APF Firewall
Luigi Ramone | 15 December, 2005 21:30
Antidos is a really nice feature of the APF firewall, but it's not automatically turned on when you install and run APF.
First you probably want to make sure APF is running nicely for a few days and you have your own IP listed in the "allow_hosts.rules" file so you can't lock yourself out. You also want to understand how to access the EV1 remote console (from your EV1 account manager), just in case you do lock yourself out.
And to be even more safe, lets set DEVEL_MODE to "1" (on) and we need to setup USE_AD to enable the use of antidos, so find and edit these:
pico -w /etc/apf/conf.apf
DEVEL_MODE="1"
USE_AD="1"
apf -r
Now APF will quit in 5 minutes. Don't forget to put DEVEL_MODE back when everything is OK!
(More)Using fail2ban to ban abusive IP's for SSH and Apache
Luigi Ramone | 15 December, 2005 21:24
How to automatically ban abusive ip's using fail2ban
Originally from Ensim 4.0; similar steps had to be taken after the upgrade to 4.0.2; I would assume the same follows until python 2.3 is included [it may already be; corrections welcome].
Fail2Ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.
(More)Install/Upgrade ProFTPd
Luigi Ramone | 15 December, 2005 21:22
Ensim
I'm not going to handle Ensim again since gpan made a nice Howto on this issue and even created
rpms for your usage all information can be found here.
After installing it you can also do the proftpd.conf tweak but you have todo pico -w /etc/proftpd.conf
note:
1. that i can't give any support on the rpm made by gpan, so that will have to go through him.
2. Mouse is against upgrading your ProFTPd on Ensim when you run a up to date 3.1.x and 3.5.x
Plesk
Nighthawk just said to me that this is actually a bad idea for Plesk.
Nighthawk has years of experience with Plesk so i fully support what he's saying about Plesk whatsoever .
So your officially warned by me and NightHawk so dont do this howto on your system.
You will destroy it otherwise but you can do the proftpd.conf tweak without a problem, so just skip most of this how-to and usage pico -w /etc/proftpd.conf instead just like Ensim.
Tcpdump
Luigi Ramone | 15 December, 2005 21:20
What is tcpdump?
Tcpdump prints out what traffic is going inbound/outbound including headers.
Why should i usage tcpdump?
tcpdump is nice to monitor your network.
Download:
Redhat 9:
wget ftp://rpmfind.net/linux/redhat/9/en....7.2-1.i386.rpm
Redhat 8:
wget ftp://rpmfind.net/linux/redhat/upda....8.0.3.i386.rpm
Common SSH Commands - Linux Shell Commands
Luigi Ramone | 15 December, 2005 21:19We've put together some of the more frequently used SSH commands or linux shell commands, and organized them by name so you can easily find a command, their description and how to use it. This guide will continue to be updated and should not be considered a complete list of SSH commands or linux shell commands, but commands, we found, often used. If you would like to add to this guide, please email us and let us know. (More)
Upgrade kernel on Dual Xeons
Luigi Ramone | 15 December, 2005 21:15
Updated for latest kernel (RH 7.3):
2.4.20-24.7
This is the way I did it - I went to 2.4.20-18.7 first, then went to 2.4.20-20.7. (in any case I am running 2.4.20-20.9 which is the latest for RH 9 - this How-To assumes you are running RH 7.3, but the steps are the same).
This section has 2 parts:
If you are running a kernel that is OLDER THAN 2.4.20-18.7 run PART A first, then PART B.
If you are already running 2.4.20-18.7, go straight to Part B.
(More)2.4.22 Kernel upgrade from SOURCE on XEON
Luigi Ramone | 15 December, 2005 21:12
What is new:
1. Quota support
2. ACPI support -> "CONFIG_ACPI_HT_ONLY=y"
( I spent 1.5 hours to find out why we boot without HT )
1) cd /usr/src
2) wget kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2
3) bzcat linux-2.4.22.tar.bz2 | tar xv
4) rm linux
5) ln -s linux-2.4.22 linux
6) cd /usr/src/linux
7)
wget 64.246.63.172/conf2.txt <---- config file
mv conf2.txt .config
make dep
make clean
make bzImage
make modules
make modules_install
cp System.map /boot/System.map-2.4.22
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.22
cd /boot
ln -sf System.map-2.4.22 System.map
ln -sf vmlinuz-2.4.22 vmlinuz
Automatically Install Shoutcast & Shoutcast Monitor
Luigi Ramone | 15 December, 2005 21:11
Legal Stuff
Everything Below (Excluding Shoutcast Itself) Has Been Custom Built By aexiHOSTING, Although we offer support for this product we cannot be held responsible for the affect it will have on your system
What is Shoutcast?
SHOUTcast is Nullsoft's Free Winamp-based distributed streaming audio system. Thousands of broadcasters around the world are waiting for you to tune in and listen. Take a peek through the SHOUTcast directory (immediately listed below) to start browsing the most popular stations. Be sure to select your connection speed and then what kind of music you're looking for over on the right hand side for optimal listening pleasure. All you need is a player (we recommend Winamp) and you're set to go!
What is the Shoutcast Monitor?
The shoutcast monitor is a custom built script by the team @ aexiHOSTING that enables the most novice user to be able to start, stop and view the status of a shoutcast installation on their server.
Use RCS for version control when editing system configuration files
Luigi Ramone | 15 December, 2005 21:05
RCS is one of the oldest file revision control systems in use. It works on single files and is very handy for system administration. If you use RCS properly, you will have the ability to roll back a configuration file should you mess up an edit, and you also create an audit trail that shows what you (or others working with you) edited when ... very handy.
When you check a file into RCS, RCS creates a version control file for the file in question .. the version control master file is named the same as the original file with ',v' added to the end of the name.
Example:
/etc/hosts
/etc/hosts,v <-- RCS control file
NOTE 1: Make sure to use ci -u when checking in a file, if you just use ci the working copy will be removed.
NOTE 2: Also be aware that you may have to reset ownership / permissions of the file after checking a revision out!
(More)Banning over-aggressive web crawlers
Luigi Ramone | 15 December, 2005 21:03
Not all web crawlers obey robots.txt like they should
One in particular was getting on my nerves, the Inktomi Slurp crawler. Essentially, it would go to my site (http://rpg-works.net) and load ALL my clients sites in quick succession, bogging down my server to the point of becoming unresponsive.
So, for your benefit, here's my current ban list (I put this in rc.local)
(More)Install/Upgrade Apache 2.0
Luigi Ramone | 15 December, 2005 20:58
FRESH INSTALL
This part of the how-to is for a clean install only, for upgrades please scroll down.
Make a copy of your current httpd.conf incase you need to roll-back
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf_back
Download The Apache Tar.Gz File
wget http://www.tux.org/pub/net/apache/d...d-2.0.47.tar.gz
Extract The File To Your Server
tar -xz -f httpd*
Move Into The Extracted Folder
cd httpd*
Forward domain.com to www.domain.com
Luigi Ramone | 15 December, 2005 20:54
For getting my domain.com to forward to www.domain.com automatically.
<keywords>
Here is how to get domain.com to auto automatically forward to www.domain.com add www to my url rewrite my url from mydomain.com to www.mydomain.com httpd.conf configure redirect url to 'www.'
</keywords>
edit: /usr/local/apache/conf/httpd.conf
(ignore my line numbers)
Make a backup of your original httpd.conf file in case you screw it up. You'll be able to swap em back out and get things live again in a hurry.
Find the domain.com VirtualHost entry you want to fix:
(More)Watchdog - Auto-Reboot your server in case of failures
Luigi Ramone | 15 December, 2005 20:50
Watchdog HowTo
==============
Keywords: software autoreboot, autorebooting, auto-reboot, auto-rebooting, auto rebooting
Watchdog is a program that you can use to reboot your server automatically in a lot of cases.
It has been used succesfully to reboot servers in the "Unexplained Crash" problem, that can have as causes a disk queue starvation problem, or a quota/ext3 filesystem deadlock, crashing the server many times randomly. If downtime due crashes in your system is a problem, probably you must use watchdog to assure you peacefully tranquility back again.
This works in any distribution: Ensim, Plesk, CPanel, etc., in any Linux system.
As documentation in /usr/src/[your-linux-kernel]/Documentation/watchdog.txt, kernel provides watchdog timer interfaces in a device named /dev/watchdog, "which when open must be written to within a timeout or the machine will reboot. Each write delays the reboot time another timeout. In the case of the software watchdog the ability to reboot will depend on the state of the machines and interrupts. The hardware boards physically pull the machine down off their own onboard timers and will reboot from almost anything.". The timeout default is 60 seconds.
The watchdog program simply uses the /dev/watchdog device, activating the softdog module on your system, if you have support in your kernel, and writes in /dev/watchdog within 10 seconds, making several checks in your system. If your system crashes, or watchdog stop to working, or in any case watchdog be supposed not to write in that device in 60 seconds, but kernel remains live, it will reboot within 60 seconds.
(More)Upgrade the Linux Kernel
Luigi Ramone | 15 December, 2005 20:46
We've used the following instructions to upgrade our Linux Kernel at Rackshack from 2.4.9-31 to 2.4.18.
There were no problems, and we did not have to get Rackshack technical support installed.
Please note that upgrading the kernel can be dangerious and it is possible to freeze your system bad enough that Rackshack support has to get involved.
I would recommend reading the README file included with the kernel source prior to following these steps. It will provide an outline along with recovery techniques (if needed).
If this is something you want some one with system administration capabilities (for a fee) to do, please contact us. Otherwise, enjoy.
(More)Get FTP running on your P-NET (PNET) storage server
Luigi Ramone | 15 December, 2005 20:43
Telnet/SSH into your P-NET server as root (or use su).
Use the following command:
/sbin/service vsftpd start
This will start the ftp server.
That's it!
(More)Check server hardware
Luigi Ramone | 15 December, 2005 20:41There are a lot of things that may cause a server to crash, this guide is going to primarily look at the hardware side of crashing. There are many things that might be causing the server to crash from a software standpoint such a process that runs out of control or uses too many resources. There are a fwe things that might be going wrong with a server. Normally the component that goes wrong is the hard drive, simply because it is use so much and is a moving part. The RAM on a server will occasionally go but this is more common when the server is moved around or the RAM moved because it has a chance of being statically shocked. On the less common side of things you could have the CPU, powersupply, ethernet card, or motherboard going out. (More)
setup remote serial console to display grub menu and boot process
Luigi Ramone | 15 December, 2005 20:32
this HOWTO will show you how to setup your redhat linux server (and probably a few others) to do the following:
* send the grub menu to the remote serial console (so you can select the kernel to boot from)
* send boot process info to the remote serial console (like what you see on your monitor when you boot up at home... you use linux at home, right?)
why does this matter? for me, this all equates to less stress during kernel upgrades (being able to see any problems, choose different kernels, change kernel boot parameters from the grub menu), and less stress when things go awry somewhere on a box and i have to use the master reboot switch and sit around twiddling my thumbs wondering if the system really is rebooting.
WARNING: if you aren't 100% sure of what you're doing, DO NOT do any of the following on a live/production server. in other words, if you are new to this stuff, only try this on your brand new box you just ordered just in case you mess it up so bad you have to get it re-imaged.
if you aren't sure what the remote console is or how to use it, please see this HOWTO: http://forum.ev1servers.net/showthread.php?t=52961
a thread discussing some uses for the remote console (and the people there probably could have made use of this tutorial) can be found here: http://forum.ev1servers.net/showthread.php?t=51199
using this tutorial requires grub to be installed as your server's bootloader (some basic instructions below). it's probably very possible to get the boot process info sent to the serial console even if you're using lilo, but i don't know how to do it with lilo and have no desire to google that info as i don't like or use lilo (maybe someone else will post info on how to do this with lilo).
this tutorial also makes a few extra assumptions, like that the serial port to use is ttyS0, but i doubt that won't be the case for anyone.
enjoy and let me know if you have any comments/additions/complaints.
(More)