Booservers - All about dedicated servers

This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Install Mailscanner MRTG

Luigi Ramone | 15 December, 2005 21:55

This will install Mailscanner MRTG on your system. I have tested it on Ensim 3.1.10 and Ensim 3.5.17. Others have also done this on CPanel, but make sure you make the change noted...

Regular, I am not responsible for your box/you are doing this at YOUR OWN RISK... It should not screw anything up, but you are ultimately responsible if it does. I will help out as much as I can, but I am not a genius.

PREREQUISITES
1) MRTG *MUST* be installed (HOW-TO)
2) Mailscanner *MUST* be installed (I use gpans MS/SA/CM HOW-TO, but there is a MS Only HOW-TO too)

INSTRUCTIONS
cd ~
wget http://umn.dl.sourceforge.net/sourc...rtg-0.05.tar.gz
tar -xzvf mailscanner-mrtg-0.05.tar.gz
cd mailscanner-mrtg-0.05
cp mailscanner-mrtg.conf /etc/MailScanner/
cp mailscanner-mrtg.cfg /etc/mrtg/
cp mailscanner-mrtg /usr/sbin/
cp mailscanner-mrtg.include /etc/httpd/conf/
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bk

Email with attachments from command line

Luigi Ramone | 15 December, 2005 21:53

Sending emails from command line
I’ll describe possible ways to send emails from the command line. Of course there are much nicer ways to do it, but you may be in the situation (such as the one that drove me to do a deeper research and come out with this solution) and will need an easy and fast way to send mails from the prompt.

Simple text emails:
You can send simple emails by using the already installed sendmail program with the following command at the prompt:

echo "Simple, small body Text goes here" | mail -s "The Subject goes here" user@domain.com

If you have already typed a message in a text file, then import the text into the body of the email you are sending by using command:

mail -s "The Subject goes here" user@domain.com < text_file

Disadvantage: the email will be sent using header From: root@host.domain.com

Easy Mailscanner + Clam Antivirus + SpamAssassin Updated 5/9/2003

Luigi Ramone | 15 December, 2005 21:52

We have put together the following package which will install Mailscanner, Clam Antivirus and SpamAssassin on your Ensim 3.1, or Ensim Pro 3.5 server.

This package installs:
Mailscanner 4.22
Clam Antivirus 0.60
SpamAssassin 2.55

We have tested it on upgrades from 4.11 + Mailscanner versions without issues. If you have an older Mailscanner install, we would recommend uninstalling it first and deleting the /etc/MailScanner folder before running this package.

This package does not use f-prot as you need a commercial license for use in a business environment.

Set up Tripwire on RedHat

Luigi Ramone | 15 December, 2005 21:45

Install tripwire

It's installed by default, but if it isn't, grab your RedHat disks, and install it:

---------------------

# rpm -ihv /mnt/cdrom/RedHat/RPMS/tripwire-2.3.1-5.i386.rpm
# /etc/tripwire/twinstall.sh

---------------------

Clean the policy file
Go over to /etc/tripwire, and clean out the policy file with this handy script:

---------------------

# cat > ./cleantw.pl
#!/usr/bin/perl

while (<>){
#look at the line, and check for a line that can be
# Construed as a file name
CASE:{
( m|(^s*)(/[/w._-]+)(s+->.*)| ) and do {
print $1;
print "#" unless (-e $2);
print "$2$3n";
last;
};

print $_;
}
};
^D
#

---------------------

Chkrootkit

Luigi Ramone | 15 December, 2005 21:43

Installing CHKROOTKIT

(Version 0.42b Sep 20 2003)

SSH as admin to your server. DO NOT use telnet

#Change to root
su -

Use SFTP (Secure FTP via SSH2) instead of FTP

Luigi Ramone | 15 December, 2005 21:41

NOTE: If you have SSH set up on your server, your server is ready to be an SFTP server. SFTP uses SSH.

What does this How-To show you?

a. How to install, setup and use an SFTP client to connect to your box using SSH2 to download/ upload files rather than FTP.

b. How to block port 21 (the default FTP port) which you don't need anymore.

c. How to uninstall and remove the FTP server from your box (if you don't need it anymore).

Why you should NOT use normal FTP

Most people use normal unsecure FTP do upload and download files to their servers using an FTP client from home.

The problem with this is that YOUR USERNAME AND PASSWORD are sent in PLAIN TEXT - a hacker can easily get this information and use it to gain access to your server.

OpenSSH public key login (no password)

Luigi Ramone | 15 December, 2005 21:37

How to connect to your linux server using OpenSSH and public keys.

This is for OpenSSH2 protocol only !

Ok, here we go....

To generate keys on a linux desktop / workstation :

First, in a local shell (on your machine as your normal user) you must generate your keys.

Easy CURL 7.10.4 w/SSL

Luigi Ramone | 15 December, 2005 21:35

We've put together these RPM's for libcurl 7.10.2 with SSL support. They upgrade over the stock RH ones. Installation is via rpm -Uvh

Applicability (RH 7.2 / 7.3 required) :

Webppliance 3.1
Webppliance Pro 3.5
cPanel 6
Plesk 5.0

These are also Modernbill compatible on all above panel types.

APF Firewall 0.9.4-7

Luigi Ramone | 15 December, 2005 21:32

Just thought I'd update the howto's for APF.

Type ifconfig

Find out if it’s using eth0 or eth1.

Usually its eth0 but if its not, change it in conf.apf or you’ll be completely blocking the server from access

wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

tar -xvzf apf-current.tar.gz
cd apf*
./install.sh
pico -w /etc/apf/conf.apf

RESV_DNS="1"

All SYSCTL options should be set to 1 EXCEPT for
SYSCTL_OVERFLOW="0"
SYSCTL_SYNCOOKIES="0"

USE_DS="1"
USE_AD="1"

Antidos via APF Firewall

Luigi Ramone | 15 December, 2005 21:30

Antidos is a really nice feature of the APF firewall, but it's not automatically turned on when you install and run APF.

First you probably want to make sure APF is running nicely for a few days and you have your own IP listed in the "allow_hosts.rules" file so you can't lock yourself out. You also want to understand how to access the EV1 remote console (from your EV1 account manager), just in case you do lock yourself out.

And to be even more safe, lets set DEVEL_MODE to "1" (on) and we need to setup USE_AD to enable the use of antidos, so find and edit these:

pico -w /etc/apf/conf.apf

DEVEL_MODE="1"

USE_AD="1"

apf -r

Now APF will quit in 5 minutes. Don't forget to put DEVEL_MODE back when everything is OK!

Using fail2ban to ban abusive IP's for SSH and Apache

Luigi Ramone | 15 December, 2005 21:24

How to automatically ban abusive ip's using fail2ban

Originally from Ensim 4.0; similar steps had to be taken after the upgrade to 4.0.2; I would assume the same follows until python 2.3 is included [it may already be; corrections welcome].

Fail2Ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

Install/Upgrade ProFTPd

Luigi Ramone | 15 December, 2005 21:22

Ensim
I'm not going to handle Ensim again since gpan made a nice Howto on this issue and even created
rpms for your usage all information can be found here.
After installing it you can also do the proftpd.conf tweak but you have todo pico -w /etc/proftpd.conf
note:
1. that i can't give any support on the rpm made by gpan, so that will have to go through him.
2. Mouse is against upgrading your ProFTPd on Ensim when you run a up to date 3.1.x and 3.5.x

Plesk
Nighthawk just said to me that this is actually a bad idea for Plesk.
Nighthawk has years of experience with Plesk so i fully support what he's saying about Plesk whatsoever .
So your officially warned by me and NightHawk so dont do this howto on your system.
You will destroy it otherwise but you can do the proftpd.conf tweak without a problem, so just skip most of this how-to and usage pico -w /etc/proftpd.conf instead just like Ensim.

Tcpdump

Luigi Ramone | 15 December, 2005 21:20

What is tcpdump?

Tcpdump prints out what traffic is going inbound/outbound including headers.

Why should i usage tcpdump?

tcpdump is nice to monitor your network.

Download:

Redhat 9:
wget ftp://rpmfind.net/linux/redhat/9/en....7.2-1.i386.rpm

Redhat 8:
wget ftp://rpmfind.net/linux/redhat/upda....8.0.3.i386.rpm

Common SSH Commands - Linux Shell Commands

Luigi Ramone | 15 December, 2005 21:19

We've put together some of the more frequently used SSH commands or linux shell commands, and organized them by name so you can easily find a command, their description and how to use it. This guide will continue to be updated and should not be considered a complete list of SSH commands or linux shell commands, but commands, we found, often used. If you would like to add to this guide, please email us and let us know. (More)

Upgrade kernel on Dual Xeons

Luigi Ramone | 15 December, 2005 21:15

Updated for latest kernel (RH 7.3):

2.4.20-24.7

This is the way I did it - I went to 2.4.20-18.7 first, then went to 2.4.20-20.7. (in any case I am running 2.4.20-20.9 which is the latest for RH 9 - this How-To assumes you are running RH 7.3, but the steps are the same).

This section has 2 parts:

If you are running a kernel that is OLDER THAN 2.4.20-18.7 run PART A first, then PART B.

If you are already running 2.4.20-18.7, go straight to Part B.

2.4.22 Kernel upgrade from SOURCE on XEON

Luigi Ramone | 15 December, 2005 21:12

What is new:
1. Quota support
2. ACPI support -> "CONFIG_ACPI_HT_ONLY=y"
( I spent 1.5 hours to find out why we boot without HT )

1) cd /usr/src

2) wget kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2

3) bzcat linux-2.4.22.tar.bz2 | tar xv

4) rm linux

5) ln -s linux-2.4.22 linux

6) cd /usr/src/linux

7)
wget 64.246.63.172/conf2.txt <---- config file
mv conf2.txt .config
make dep
make clean
make bzImage
make modules
make modules_install
cp System.map /boot/System.map-2.4.22
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.22
cd /boot
ln -sf System.map-2.4.22 System.map
ln -sf vmlinuz-2.4.22 vmlinuz

Automatically Install Shoutcast & Shoutcast Monitor

Luigi Ramone | 15 December, 2005 21:11

Legal Stuff
Everything Below (Excluding Shoutcast Itself) Has Been Custom Built By aexiHOSTING, Although we offer support for this product we cannot be held responsible for the affect it will have on your system

What is Shoutcast?
SHOUTcast is Nullsoft's Free Winamp-based distributed streaming audio system. Thousands of broadcasters around the world are waiting for you to tune in and listen. Take a peek through the SHOUTcast directory (immediately listed below) to start browsing the most popular stations. Be sure to select your connection speed and then what kind of music you're looking for over on the right hand side for optimal listening pleasure. All you need is a player (we recommend Winamp) and you're set to go!

What is the Shoutcast Monitor?
The shoutcast monitor is a custom built script by the team @ aexiHOSTING that enables the most novice user to be able to start, stop and view the status of a shoutcast installation on their server.

Use RCS for version control when editing system configuration files

Luigi Ramone | 15 December, 2005 21:05

RCS is one of the oldest file revision control systems in use. It works on single files and is very handy for system administration. If you use RCS properly, you will have the ability to roll back a configuration file should you mess up an edit, and you also create an audit trail that shows what you (or others working with you) edited when ... very handy.

When you check a file into RCS, RCS creates a version control file for the file in question .. the version control master file is named the same as the original file with ',v' added to the end of the name.

Example:

/etc/hosts
/etc/hosts,v <-- RCS control file

NOTE 1: Make sure to use ci -u when checking in a file, if you just use ci the working copy will be removed.

NOTE 2: Also be aware that you may have to reset ownership / permissions of the file after checking a revision out!

Banning over-aggressive web crawlers

Luigi Ramone | 15 December, 2005 21:03

Not all web crawlers obey robots.txt like they should

One in particular was getting on my nerves, the Inktomi Slurp crawler. Essentially, it would go to my site (http://rpg-works.net) and load ALL my clients sites in quick succession, bogging down my server to the point of becoming unresponsive.

So, for your benefit, here's my current ban list (I put this in rc.local)

Install/Upgrade Apache 2.0

Luigi Ramone | 15 December, 2005 20:58

FRESH INSTALL

This part of the how-to is for a clean install only, for upgrades please scroll down.

Make a copy of your current httpd.conf incase you need to roll-back

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf_back

Download The Apache Tar.Gz File
wget http://www.tux.org/pub/net/apache/d...d-2.0.47.tar.gz

Extract The File To Your Server
tar -xz -f httpd*

Move Into The Extracted Folder
cd httpd*

Forward domain.com to www.domain.com

Luigi Ramone | 15 December, 2005 20:54

For getting my domain.com to forward to www.domain.com automatically.

<keywords>
Here is how to get domain.com to auto automatically forward to www.domain.com add www to my url rewrite my url from mydomain.com to www.mydomain.com httpd.conf configure redirect url to 'www.'
</keywords>

edit: /usr/local/apache/conf/httpd.conf

(ignore my line numbers)
Make a backup of your original httpd.conf file in case you screw it up. You'll be able to swap em back out and get things live again in a hurry.

Find the domain.com VirtualHost entry you want to fix:

Watchdog - Auto-Reboot your server in case of failures

Luigi Ramone | 15 December, 2005 20:50

Watchdog HowTo
==============
Keywords: software autoreboot, autorebooting, auto-reboot, auto-rebooting, auto rebooting

Watchdog is a program that you can use to reboot your server automatically in a lot of cases.
It has been used succesfully to reboot servers in the "Unexplained Crash" problem, that can have as causes a disk queue starvation problem, or a quota/ext3 filesystem deadlock, crashing the server many times randomly. If downtime due crashes in your system is a problem, probably you must use watchdog to assure you peacefully tranquility back again.

This works in any distribution: Ensim, Plesk, CPanel, etc., in any Linux system.

As documentation in /usr/src/[your-linux-kernel]/Documentation/watchdog.txt, kernel provides watchdog timer interfaces in a device named /dev/watchdog, "which when open must be written to within a timeout or the machine will reboot. Each write delays the reboot time another timeout. In the case of the software watchdog the ability to reboot will depend on the state of the machines and interrupts. The hardware boards physically pull the machine down off their own onboard timers and will reboot from almost anything.". The timeout default is 60 seconds.

The watchdog program simply uses the /dev/watchdog device, activating the softdog module on your system, if you have support in your kernel, and writes in /dev/watchdog within 10 seconds, making several checks in your system. If your system crashes, or watchdog stop to working, or in any case watchdog be supposed not to write in that device in 60 seconds, but kernel remains live, it will reboot within 60 seconds.

Upgrade the Linux Kernel

Luigi Ramone | 15 December, 2005 20:46

We've used the following instructions to upgrade our Linux Kernel at Rackshack from 2.4.9-31 to 2.4.18.

There were no problems, and we did not have to get Rackshack technical support installed.

Please note that upgrading the kernel can be dangerious and it is possible to freeze your system bad enough that Rackshack support has to get involved.

I would recommend reading the README file included with the kernel source prior to following these steps. It will provide an outline along with recovery techniques (if needed).

If this is something you want some one with system administration capabilities (for a fee) to do, please contact us. Otherwise, enjoy.

Get FTP running on your P-NET (PNET) storage server

Luigi Ramone | 15 December, 2005 20:43

Telnet/SSH into your P-NET server as root (or use su).

Use the following command:
/sbin/service vsftpd start

This will start the ftp server.

That's it!

Check server hardware

Luigi Ramone | 15 December, 2005 20:41

There are a lot of things that may cause a server to crash, this guide is going to primarily look at the hardware side of crashing. There are many things that might be causing the server to crash from a software standpoint such a process that runs out of control or uses too many resources. There are a fwe things that might be going wrong with a server. Normally the component that goes wrong is the hard drive, simply because it is use so much and is a moving part. The RAM on a server will occasionally go but this is more common when the server is moved around or the RAM moved because it has a chance of being statically shocked. On the less common side of things you could have the CPU, powersupply, ethernet card, or motherboard going out. (More)

setup remote serial console to display grub menu and boot process

Luigi Ramone | 15 December, 2005 20:32

this HOWTO will show you how to setup your redhat linux server (and probably a few others) to do the following:

* send the grub menu to the remote serial console (so you can select the kernel to boot from)

* send boot process info to the remote serial console (like what you see on your monitor when you boot up at home... you use linux at home, right?)

why does this matter? for me, this all equates to less stress during kernel upgrades (being able to see any problems, choose different kernels, change kernel boot parameters from the grub menu), and less stress when things go awry somewhere on a box and i have to use the master reboot switch and sit around twiddling my thumbs wondering if the system really is rebooting.

WARNING: if you aren't 100% sure of what you're doing, DO NOT do any of the following on a live/production server. in other words, if you are new to this stuff, only try this on your brand new box you just ordered just in case you mess it up so bad you have to get it re-imaged.

if you aren't sure what the remote console is or how to use it, please see this HOWTO: http://forum.ev1servers.net/showthread.php?t=52961

a thread discussing some uses for the remote console (and the people there probably could have made use of this tutorial) can be found here: http://forum.ev1servers.net/showthread.php?t=51199

using this tutorial requires grub to be installed as your server's bootloader (some basic instructions below). it's probably very possible to get the boot process info sent to the serial console even if you're using lilo, but i don't know how to do it with lilo and have no desire to google that info as i don't like or use lilo (maybe someone else will post info on how to do this with lilo).

this tutorial also makes a few extra assumptions, like that the serial port to use is ttyS0, but i doubt that won't be the case for anyone.

enjoy and let me know if you have any comments/additions/complaints.

Install HotSaNIC (updated)

Luigi Ramone | 15 December, 2005 20:26

HotSaNIC is a very nice tool which combines all sorts of very important system graphs into a simple and easy to understand webpage. It allows the admin to take a quick glance at the graphs to see what may or may not be working with the system. With the new APPS graph it is also possible to watch as more processes are started which can be helpful in tracking down why the server load is increasing. For instance if you see a huge load spike but you see that the number of exim processes has gone up significantly at the same time you can start to investigate. (More)

Mount /tmp with noexec

Luigi Ramone | 15 December, 2005 20:20

What we are doing it creating a file that we will use to mount at /tmp.

--------------

cd /dev

--------------

Create 100MB file for our /tmp partition. If you need more space, make count size larger.

--------------

dd if=/dev/zero of=tmpMnt bs=1024 count=100000

--------------

Make an extended filesystem for our tmpMnt file

--------------

mke2fs /dev/tmpMnt

--------------

Transferring an SSL Cert between two CP/WHM Servers

Luigi Ramone | 15 December, 2005 20:14

The problem with some SSL cert authorities is that they won't regenerate a new cert for you to use the moment you switch servers. This is the problem I faced with Geotrust. All the company is willing to say is that you should be able to export the CSR, key file, and the cert quite easily.

So after a bit of mucking around, this is what I did when I found that WHM didn't transfer the cert over when I copied the domain account over.

You'll need to have SSH root access for this.

Before you begin, make sure that you've already used the WHM copy account function to transfer the domain account, dns settings, etc, over.

Fix "Support Request" in PRO Version

Luigi Ramone | 15 December, 2005 20:10

Everyone knows that the initial PRO version of CPanel comes with a broken "Submit a Support Request". It seems the reseller settings just plain out don't work, and the root setting overrides everything.

Follow the How-To below and you will get the submit a support request feature working the way it was intended to.

Fedora Core 1 to Fedora Core 2 Upgrade

Luigi Ramone | 15 December, 2005 20:08

As we have decided to go down the Fedora Path, instead of the RHEL path, we now have to contend with Fedora's really short release cycle.

To comprehend this, we will be writing how-to's for those interested to continually migrate their Systems to the newest Fedora Core releases.

Fedora Core 1 EOL's very soon, and to that end, we have prepared a painless upgrader to upgrade Fedora Core 1 systems to Fedora Core 2.

If any mods/admins view this thread, could they please sticky it.

yum upgrade; redhat 9 -> CentOS 3.1

Luigi Ramone | 15 December, 2005 20:02

Here are the steps i took to update a Redhat 9 box running on a minimal install ( no X, etc ) as suitable for a server to CentOS 3.1 ( which is a fork of RedHat Enterprise Linux v3 )..

I took a fresh install of redhat 9, slapped it on a test box then updated it with up2date. I then installed yum for redhat 9 which can be found here:
Yum Download

Now, you might want to rebuild the rpm database, just incase, thats up to you:
# rpm -vv --rebuilddb

I then modified /etc/yum.conf to look like this:

Installing PHP5 and PHP4 together on Unix

Luigi Ramone | 15 December, 2005 19:19

So you have PHP4 working on your server, and have heard that PHP5 may break things. Here’s how to have both running alongside. (More)

cPanel Reverse DNS

Luigi Ramone | 15 December, 2005 19:14

After searching for help all over the net in adding PTR records to my cPanel DNS setup, I found a very easy to follow tutorial which along with some other sources, made it possible for me to get reverse DNS working with cPanel. It’s still a question I see quite a bit so I decided to create a short how-to to help others.

1. You must have reverse authority delegated to you from your hosting provider. Though common wisdom in forums says most providers do not delegate authority, I have found this to be untrue. I don’t recommend asking for it if you don’t feel confident you can handle the technical end of setting up BIND.
2. You need to have a domain of course, or a few and it helps greatly to have DNS setup and working for a few days prior to attempting this.
3. Every install of cPanel I have done to date comes with a broken BIND server. The issue is always the rndc.key issue. This is my first task for every cPanel install now to do the following fix before I add any information in cPanel WHM at all. To fix it, open /etc/rndc.conf in a text editor and at the top you should see this:

Installing Postgresql on Cpanel

Luigi Ramone | 15 December, 2005 19:07

cPanel requires Postgresql 7.3.x or later. 7.2.x will not work.

===========================================
Step 1
===========================================
Upgrade to cPanel 7.4.0 build 45 or later
===========================================

===========================================
Step 1a (If you do not have 7.2.x or earlier installed skip this step)
===========================================
Login to a root shell via ssh or the console.

If you have Postgres 7.2.x installed, backup your databases using pg_dumpall or some other method.

Move the postgres data directory somewhere else. ie

mv /var/lib/pgsql /var/lib/pgsql.old
===========================================

Powered by Boonic, Bloogo & pLog
This Blog does not have any affiliation nor relation with the mentioned companies. All the logotipos, trade names and images are property of the companies that registered them.