Booservers - All about dedicated servers

Install Mailscanner MRTG

Thu, 15 Dec 2005 21:55:06 +0000

This will install Mailscanner MRTG on your system. I have tested it on Ensim 3.1.10 and Ensim 3.5.17. Others have also done this on CPanel, but make sure you make the change noted...

Regular, I am not responsible for your box/you are doing this at YOUR OWN RISK... It should not screw anything up, but you are ultimately responsible if it does. I will help out as much as I can, but I am not a genius.

PREREQUISITES
1) MRTG *MUST* be installed (HOW-TO)
2) Mailscanner *MUST* be installed (I use gpans MS/SA/CM HOW-TO, but there is a MS Only HOW-TO too)

INSTRUCTIONS
cd ~
wget http://umn.dl.sourceforge.net/sourc...rtg-0.05.tar.gz
tar -xzvf mailscanner-mrtg-0.05.tar.gz
cd mailscanner-mrtg-0.05
cp mailscanner-mrtg.conf /etc/MailScanner/
cp mailscanner-mrtg.cfg /etc/mrtg/
cp mailscanner-mrtg /usr/sbin/
cp mailscanner-mrtg.include /etc/httpd/conf/
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bk

For CPanel Users
mkdir /usr/local/apache/htdocs/mailscanner-mrtg
cp web/* /usr/local/apache/htdocs/mailscanner-mrtg/
pico -w /etc/MailScanner/mailscanner-mrtg.conf
Find the two lines that start with:
Incoming Queue Dir =
Outgoing Queue Dir =
and change it to look like this:
Incoming Queue Dir = /var/spool/exim_incoming/input/
Outgoing Queue Dir = /var/spool/exim/input/

For Ensim/Red Hat/Fedora Users
mkdir /var/www/html/mailscanner-mrtg
cp web/* /var/www/html/mailscanner-mrtg/

Continued... FOR ALL USERS
pico -w /etc/httpd/conf/httpd.conf
Add this line to the very bottom
Include /etc/httpd/conf/mailscanner-mrtg.include
Ctrl + X to quit, y to save

Run this command 3 times. Ignore the errors and wait, it takes a few seconds each time.
mrtg /etc/mrtg/mailscanner-mrtg.cfg
-- IGNORE THE ERRORS (They are normal) --

service httpd restart
If this fails, check that you copied the file mailscanner-mrtg.include to the /etc/httpd/conf folder. Also recheck that you added the Include line above. If all else fails comment out the Include line and post your errors. DO NOT CONTINUE until httpd restarts successfully.

pico -w /etc/crontab
Add this line to the bottom of the file
0-59/5 * * * * root /usr/bin/mrtg /etc/mrtg/mailscanner-mrtg.cfg >> /dev/null
Ctrl + X to quit, y to save

Go to http://hostname.domain.com/mailscanner-mrtg

Chkrootkit

Thu, 15 Dec 2005 21:43:05 +0000

Installing CHKROOTKIT

(Version 0.42b Sep 20 2003)

SSH as admin to your server. DO NOT use telnet

#Change to root
su -

#Type the following
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

#Unpack the tarball using the command
tar xvzf chkrootkit.tar.gz

#Change to the directory it created
cd chkrootkit*

#Compile by typing
make sense

#To use chkrootkit, just type the command
./chkrootkit

#Everything it outputs should be 'not found' or 'not infected'...

#Now,
cd ..
#Then remove the .gz file
rm chkrootkit.tar.gz

Credits: http://www.cheetaweb.com/

Use SFTP (Secure FTP via SSH2) instead of FTP

Thu, 15 Dec 2005 21:41:52 +0000

NOTE: If you have SSH set up on your server, your server is ready to be an SFTP server. SFTP uses SSH.

What does this How-To show you?

a. How to install, setup and use an SFTP client to connect to your box using SSH2 to download/ upload files rather than FTP.

b. How to block port 21 (the default FTP port) which you don't need anymore.

c. How to uninstall and remove the FTP server from your box (if you don't need it anymore).

Why you should NOT use normal FTP

Most people use normal unsecure FTP do upload and download files to their servers using an FTP client from home.

The problem with this is that YOUR USERNAME AND PASSWORD are sent in PLAIN TEXT - a hacker can easily get this information and use it to gain access to your server.

What is secure FTP or SFTP?

SFTP basically removes the need to use FTP, and instead uses SSH to connect to your server to upload or download files. Choose SSH2 to connect (as you should anyway with your SSH client) and your connection will be secure.

What are the advantages of SFTP?

a. Your username and passwords are secure.

b. You can disable the FTP server - ftpd (proftpd or pure-ftpd) - on your server which should reduce server overhead. SFTP uses SSH to transfer files, not FTP.

c. You can block port 21 with your firewall. One less port to worry about.

Let's begin...

1. Download and install an SFTP client on your home computer.

You can use WS-FTP Pro, or CuteFTP Pro, which has SFTP built-in. I prefer to use a free open-source one called Filezilla which you can download and install here:

http://sourceforge.net/project/show...lease_id=183014

NOTE: Filezilla uses part of PUTTY to work, so you may need to install PUTTY on your computer too.

2. Set up your SFTP client.

If you are using Filezilla:

a. Open the program.
b. Click on Edit.
c. Click on Settings.
d. Open Connection tree.
e. Click on SFTP settings.
f. Leave Use Compression as default.
g. Choose to Use SSH2 (a more secure SSH connection).
h. Click OK.

i. Click on File.
j. Click on File Manager.
k. Click on New Site.
l. Enter your server SSH IP address in Host.
m. Choose SSH2 for ServerType - the port number should be 22.
n. Change the port number if you have a custom one for SSH.
o. Choose Normal for LogonType.
p. Enter your SSH username and password.
q. Click on Save and Exit.

Done! Try connecting to your server now via SSH2 using your SFTP client by clicking on the connect icon on the toolbar (most left). It should work. If it doesn't, check your Host SSH IP address again, Port number, Username and Password. Remember, it's the same settings as your SSH client (e.g. PUTTY).

3. Block port 21 (the default FTP port) in your server using your favorite firewall.

If you are using APF 0.91:

pico -w /etc/apf/conf.apf

Find:

IG_TCP_CPORTS="

and remove 21 from the list.

Then find:

EG_TCP_CPORTS="

and remove 21 from the list.

Then find:

EG_UDP_CPORTS="

and remove 21 from the list as well.

This will prevent port 21 from ever being used.

Don't forget to restart apf after this by running this command:

service apf restart

4. Remove the FTP server from your box by uninstalling FTP.

Find out what FTP server software you are using by running either commands:

service proftpd status

service pure-ftpd status

Then find out which RPM version of the software you are using by running either commands:

If you're using ProFTP run this:

rpm -qa | grep proftpd

Cut and paste the rpm name into your Notepad - you'll need it.

OR if you're using PureFTP run this:

rpm -qa | grep pure-ftpd

Cut and paste the rpm name somewhere.

Then run this command to uninstall FTP:

rpm -e (full rpm name)

Done!

Check to make sure if the FTP client has been uninstalled successfully by running this again:

service proftpd status

service pure-ftpd status

Install/Upgrade ProFTPd

Thu, 15 Dec 2005 21:22:32 +0000

Ensim
I'm not going to handle Ensim again since gpan made a nice Howto on this issue and even created
rpms for your usage all information can be found here.
After installing it you can also do the proftpd.conf tweak but you have todo pico -w /etc/proftpd.conf
note:
1. that i can't give any support on the rpm made by gpan, so that will have to go through him.
2. Mouse is against upgrading your ProFTPd on Ensim when you run a up to date 3.1.x and 3.5.x

Plesk
Nighthawk just said to me that this is actually a bad idea for Plesk.
Nighthawk has years of experience with Plesk so i fully support what he's saying about Plesk whatsoever .
So your officially warned by me and NightHawk so dont do this howto on your system.
You will destroy it otherwise but you can do the proftpd.conf tweak without a problem, so just skip most of this how-to and usage pico -w /etc/proftpd.conf instead just like Ensim.

Plain i didn't test this on cPanel but it needs to be able to run this as well, as far as i know

First we login to the machine through SSH.
We become superuser... we all know su - or sudo su does the trick.

Now we are going todo stuff

wget ftp://ftp.proftpd.org/distrib/sourc...pd-1.2.9.tar.gz

Now after recieving the tarball, we will extract it

tar -zxvf proftpd-1.2.9tar.gz

Now we move to the folder we just extracted

cd proftpd1.2.9

Now we need to configure ProFTPd

./configure --prefix=/usr/local/proftpd

Now we make the configure we just made.

make

Finally were going to install whatever we just made.

make install

-----------------------------------
ProFTPd 1.2.9 is now installed on your system. he four lines below are certain security measures that can be taken to hide the identity of ProFTPd.*These are optional, but recommended*

Now lets edit proftpd.conf

pico -w /usr/local/proftpd/etc/proftpd.conf

We add a line above ServerName

ServerIdent Off

Now we want to input a servername

ServerName "FTP Server" or put something else instead whatever you like
-----------------------------------

Stop your old ProFTPd (remember you have 2 proftpds now both old as new)

service proftpd stop or killall -9 proftpd

Start Your new ProFTPd

/usr/local/proftpd/sbin/proftpd

------------------------------------------------------------------------------------

All done, you should now have a successfully upgraded/installed proftpd configuration.

Small tip: if you want to loose your old proftpd after upgrade rpm remove it.

Tcpdump

Thu, 15 Dec 2005 21:20:40 +0000

What is tcpdump?

Tcpdump prints out what traffic is going inbound/outbound including headers.

Why should i usage tcpdump?

tcpdump is nice to monitor your network.

Download:

Redhat 9:
wget ftp://rpmfind.net/linux/redhat/9/en....7.2-1.i386.rpm

Redhat 8:
wget ftp://rpmfind.net/linux/redhat/upda....8.0.3.i386.rpm

Installation:

Redhat 9:
- Previously installed rpm
rpm -Uvh tcpdump-3.7.2-1.i386.rpm

- New installation
rpm -ivh tcpdump-3.7.2-1.i386.rpm

Redhat 8:
- Previously installed rpm
rpm -Uvh tcpdump-3.6.3-17.8.0.3.i386.rpm

- New installation
rpm -ivh tcpdump-3.6.3-17.8.0.3.i386.rpm

Libpcap is required for tcpdump to operate, if you do not have it installed you can download it from the following links for your applicable Redhat version.

Redhat 9:
ftp://rpmfind.net/linux/redhat/9/en....7.2-1.i386.rpm

Redhat 8:
ftp://rpmfind.net/linux/redhat/upda....8.0.2.i386.rpm

tcpdump is ready to run after installation

- Show me what it does!
tcpdump -c 2

Now you know the concept, you might want a gui for it.

There we come to iptraf;

Download:

Redhat 9:
wget ftp://rpmfind.net/linux/redhat/9/en....7.0-6.i386.rpm

Redhat 8:
wget ftp://rpmfind.net/linux/redhat/8.0/....7.0-3.i386.rpm

Installation:

Redhat 9:
- Previosly installed rpm
rpm -Uvh iptraf-2.7.0-6.i386.rpm

- New installation
rpm -ivh iptraf-2.7.0-6.i386.rpm

Redhat 8:
- Previosly installed rpm
rpm -Uvh iptraf-2.7.0-3.i386.rpm

- New installation
rpm -ivh iptraf-2.7.0-3.i386.rpm

Now enjoy iptraf and for more info on:
tcpdump
iptraf
*feel free to click them *

Enjoy your new monitor tools.

Upgrade kernel on Dual Xeons

Thu, 15 Dec 2005 21:15:39 +0000

Updated for latest kernel (RH 7.3):

2.4.20-24.7

This is the way I did it - I went to 2.4.20-18.7 first, then went to 2.4.20-20.7. (in any case I am running 2.4.20-20.9 which is the latest for RH 9 - this How-To assumes you are running RH 7.3, but the steps are the same).

This section has 2 parts:

If you are running a kernel that is OLDER THAN 2.4.20-18.7 run PART A first, then PART B.

If you are already running 2.4.20-18.7, go straight to Part B.

As some may already know, Dual Xeon servers have trouble with upgrading kernels to the latest one.

Check this thread for more info which was titled "WARNING - dont upgrade kernel on dell dual xenon's":
http://forum.rackshack.net/showthre...&threadid=23594

This How-To is based on Patrick's last post in that thread - he gets all the credits for getting the info from Red Hat:
http://forum.rackshack.net/showthre...0803#post160803

I am just posting here the way that worked for me based on his instructions - for some reason, his instructions alone did not work for me, and some of the files could not be found - also my server stalled on reboot using his instructions. I had to run up2date as well. I also made this thread so that others can discuss problems with it if any, since the other thread has been closed. Also, his post may not be noticed by those who have the same problem as myself with upgrading the kernel with the Dual Xeon.

The instructions are fairly straightforward. However, make sure you backup your server before attempting this. You do this at your own risk!

PART A: Upgrading to 2.4.20-18.7

1) Log in as root in SSH

2) If you have not registered for the Red Hat up2date service for automatic kernel updates, do it now by running this in your command line:

rhn_register

And follow the instructions. For more information, do a search in these forums.

3) Run the following commands (you are installing the "mkinitrd" from RH version 8 so that it works with version 7.3 - this is so that the kernel upgrade works - once you have done this, future kernel upgrades should work without any problems - note: lilo is updated automatically):

cd /

mkdir rpm2

cd rpm2

wget ftp://ftp.rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/glibc-2.2.93-5.i386.rpm

wget ftp://ftp.rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/glibc-common-2.2.93-5.i386.rpm

wget ftp://ftp.rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/glibc-devel-2.2.93-5.i386.rpm

wget ftp://ftp.uconn.edu/unix/linux/redhat/updates/7.3/i686/kernel-smp-2.4.20-18.7.i686.rpm

wget ftp://ftp.rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/lvm-1.0.3-9.i386.rpm

wget ftp://ftp.rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/mkinitrd-3.4.28-1.i386.rpm

rpm -Uvh *.rpm

up2date -uv

4) Now you need to reboot by typing this in the command line:

reboot

5) Check to see if the upgrade has worked by typing this in the command line:

uname -r

You should see:

2.4.20-18.7smp

Done! I hope this helps others with the same problem that I had. Also, feel free to discuss better ways of doing this, and let me know if I made a mistake with the above instructions.

NEW ADDITION:

PART B: Upgrading to 2.4.20-24.7

Only do this if you are already running 2.4.20-18.7 or higher. If not, do Part A first!

To upgrade to latest kernel 2.4.20-24.7 AFTER applying the above steps, I did the following which worked for me:

1) Run this in SSH as root:

up2date --configure

(Look for option # 1 (pkgSkipList). [or whatever the number is]
Remove kernel from the skip list by unchecking that option.
Save this.)

2) Run this in SSH:

up2date -uv

3) Reboot by running this:

reboot

4) Check to see if the upgrade has worked by typing this in the command line:

uname -r

You should see:

2.4.20-24.7smp

If that did not work, or if you get an error with up2date right at the end, you need to manually edit lilo.conf by doing this:

edit /etc/lilo.conf

Change:

default=2.4.20-18.7smp

to the new kernel label:

default=2.4.20-24.7smp

Then, run at the command line:

lilo

The * should be next to the newest kernel.

Then reboot.

(if you are running RH 8, the kernet would be - 2.4.20-24.8smp
For RH 9 it would be - 2.4.20-24.9smp)

ENSURE YOU DID STEP (1) AND UNCHECK THE SKIP KERNEL OPTION IN CONFIGURE.

2.4.22 Kernel upgrade from SOURCE on XEON

Thu, 15 Dec 2005 21:12:42 +0000

What is new:
1. Quota support
2. ACPI support -> "CONFIG_ACPI_HT_ONLY=y"
( I spent 1.5 hours to find out why we boot without HT )

1) cd /usr/src

2) wget kernel.org/pub/linux/kernel/v2.4/linux-2.4.22.tar.bz2

3) bzcat linux-2.4.22.tar.bz2 | tar xv

4) rm linux

5) ln -s linux-2.4.22 linux

6) cd /usr/src/linux

7)
wget 64.246.63.172/conf2.txt <---- config file
mv conf2.txt .config
make dep
make clean
make bzImage
make modules
make modules_install
cp System.map /boot/System.map-2.4.22
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.22
cd /boot
ln -sf System.map-2.4.22 System.map
ln -sf vmlinuz-2.4.22 vmlinuz

8) edit /etc/lilo.conf

**** add following lines:

image=/boot/vmlinuz-2.4.22
label=linux2422
read-only
root=/dev/sda3

9) /sbin/lilo

Output:
Added newlinux *
Added linux
Added linux-up
Added linux2422

10) To test your first boot, run
/sbin/lilo -R linux2422

**** it will be one-time boot, so if anything is wrong, request to reboot the server and old kernel will be loaded

My /etc/lilo.conf:

prompt
timeout=50
default=newlinux
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-2.4.21
label=newlinux
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.xsmp
label=linux
initrd=/boot/initrd-2.4.18-27.7.xsmp.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.x
label=linux-up
initrd=/boot/initrd-2.4.18-27.7.x.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.22
label=linux2422
read-only
root=/dev/sda3

11) /sbin/shutdown -r now

12) uname -a
Linux tiger.------.--- 2.4.22 #2 SMP Fri Aug 29 07:43:00 CDT 2003 i686 unknown

13) If everything is ok after reboot, update lilo.conf :

prompt
timeout=50
default=linux2422
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-2.4.21
label=newlinux
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.xsmp
label=linux
initrd=/boot/initrd-2.4.18-27.7.xsmp.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.x
label=linux-up
initrd=/boot/initrd-2.4.18-27.7.x.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.22
label=linux2422
read-only
root=/dev/sda3

14) /sbin/lilo

Output:
Added newlinux
Added linux
Added linux-up
Added linux2422 * <-------- default kernel

15) /sbin/shutdown -r now

16) uname -a
Linux tiger.--------.---- 2.4.22 #2 SMP Fri Aug 29 07:43:00 CDT 2003 i686 unknown

USE IT ON YOUR OWN RISK
...and be ready to pay Rackshack to fix your server

========================================
OLD HOWTO for 2.4.21 + RC2 patch

1) cd /usr/src

2) wget http://kernel.org/pub/linux/kernel/...-2.4.21.tar.bz2

3) wget http://kernel.org/pub/linux/kernel/...-2.4.22-rc2.bz2

4) bzcat linux-2.4.21.tar.bz2 | tar xv

5) ln -s linux-2.4.21 linux

6) cd /usr/src/linux

7) bzip2 -dc /usr/src/patch-2.4.22-rc2.bz2 | patch -p1 --dry-run

8)
wget http://64.246.63.172/conf.txt <---- config file
mv conf.txt .config
make dep
make clean
make bzImage
make modules
make modules_install
cp System.map /boot/System.map-2.4.21
cp arch/i386/boot/bzImage /boot/vmlinuz-2.4.21
cd /boot
ln -sf System.map-2.4.21 System.map
ln -sf vmlinuz-2.4.21 vmlinuz

9) edit /etc/lilo.conf

**** add following lines:

image=/boot/vmlinuz-2.4.21
label=newlinux
read-only
root=/dev/sda3

10) /sbin/lilo

11) To test your boot run
/sbin/lilo -R newlinux

**** it will be one-time boot, so if anything is wrong, request to reboot the server and old kernel will be loaded

My /etc/lilo.conf:

prompt
timeout=50
default=linux
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-2.4.18-27.7.xsmp
label=linux
initrd=/boot/initrd-2.4.18-27.7.xsmp.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.x
label=linux-up
initrd=/boot/initrd-2.4.18-27.7.x.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.21
label=newlinux
read-only
root=/dev/sda3

12) /sbin/shutdown -r now

13) If everything is ok, update lilo.conf :

prompt
timeout=50
default=newlinux
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
message=/boot/message
linear
image=/boot/vmlinuz-2.4.18-27.7.xsmp
label=linux
initrd=/boot/initrd-2.4.18-27.7.xsmp.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.18-27.7.x
label=linux-up
initrd=/boot/initrd-2.4.18-27.7.x.img
read-only
root=/dev/sda3
image=/boot/vmlinuz-2.4.21
label=newlinux
read-only
root=/dev/sda3

14) /sbin/lilo

Output:
Added newlinux * <-------- default kernel
Added linux
Added linux-up

15) /sbin/shutdown -r now

16) uname -a
Linux tiger.--------.---- 2.4.21 #1 SMP Tue Aug 19 22:31:52 CDT 2003 i686 unknown

Use RCS for version control when editing system configuration files

Thu, 15 Dec 2005 21:05:09 +0000

RCS is one of the oldest file revision control systems in use. It works on single files and is very handy for system administration. If you use RCS properly, you will have the ability to roll back a configuration file should you mess up an edit, and you also create an audit trail that shows what you (or others working with you) edited when ... very handy.

When you check a file into RCS, RCS creates a version control file for the file in question .. the version control master file is named the same as the original file with ',v' added to the end of the name.

Example:

/etc/hosts
/etc/hosts,v <-- RCS control file

NOTE 1: Make sure to use ci -u when checking in a file, if you just use ci the working copy will be removed.

NOTE 2: Also be aware that you may have to reset ownership / permissions of the file after checking a revision out!

Check in a file to RCS for the first time
===========================

If the file does not have an RCS file associated with it, do the following:

--------------------

ci -u filename

--------------------

Example:

--------------------

bash$ ls -al filename*
-rwxr-xr-x 1 root root 11313 Dec 17 18:45 filename
bash$ ci -u filename
filename,v <-- filename
enter description, terminated with single '.' or end of file:
NOTE: This is NOT the log message!
>> Initial revision <-- You type
>> . <-- You type
initial revision: 1.1
done
bash$ ls
bash$ ls -al filename*
-r-xr-xr-x 1 user group 11313 Apr 7 15:33 filename
-r-xr-xr-x 1 user group 11548 Apr 7 15:33 filename,v

--------------------

This will create an RCS file for the file you wish to edit, and leave a copy of the file checked out.

Change a file and check in the changes to RCS:
=================================

1) Check out a copy of the file

--------------------

co -l filename

--------------------

2) Edit the file using an editor

3) Check the file back in

--------------------

ci -u filename

--------------------

Example:

--------------------

bash$ co -l filename
filename,v --> filename
revision 1.2 (locked)
done
bash$ ls -al filename*
-rwxr-xr-x 1 user group 11317 Apr 7 15:38 filename
-r-xr-xr-x 1 user group 11689 Apr 7 15:38 filename,v
bash$ echo foo >> filename
bash$ ci -u filename
filename,v <-- filename
new revision: 1.3; previous revision: 1.2
enter log message, terminated with single '.' or end of file:
>> Added foo <-- You type a helpful message here
>> . <-- Type this to quit the editor
done
bash$ ls -al filename*
-r-xr-xr-x 1 user group 11321 Apr 7 15:38 filename
-r-xr-xr-x 1 user group 11796 Apr 7 15:38 filename,v

--------------------

Diff two versions of a file:
==================

--------------------

rcsdiff -r1.3 -r1.5 filename

--------------------

See a summary of all change comments for a file:
===================================

--------------------

rlog filename

--------------------

Credits: Webscorpion.com

Watchdog - Auto-Reboot your server in case of failures

Thu, 15 Dec 2005 20:50:30 +0000

Watchdog HowTo
==============
Keywords: software autoreboot, autorebooting, auto-reboot, auto-rebooting, auto rebooting

Watchdog is a program that you can use to reboot your server automatically in a lot of cases.
It has been used succesfully to reboot servers in the "Unexplained Crash" problem, that can have as causes a disk queue starvation problem, or a quota/ext3 filesystem deadlock, crashing the server many times randomly. If downtime due crashes in your system is a problem, probably you must use watchdog to assure you peacefully tranquility back again.

This works in any distribution: Ensim, Plesk, CPanel, etc., in any Linux system.

As documentation in /usr/src/[your-linux-kernel]/Documentation/watchdog.txt, kernel provides watchdog timer interfaces in a device named /dev/watchdog, "which when open must be written to within a timeout or the machine will reboot. Each write delays the reboot time another timeout. In the case of the software watchdog the ability to reboot will depend on the state of the machines and interrupts. The hardware boards physically pull the machine down off their own onboard timers and will reboot from almost anything.". The timeout default is 60 seconds.

The watchdog program simply uses the /dev/watchdog device, activating the softdog module on your system, if you have support in your kernel, and writes in /dev/watchdog within 10 seconds, making several checks in your system. If your system crashes, or watchdog stop to working, or in any case watchdog be supposed not to write in that device in 60 seconds, but kernel remains live, it will reboot within 60 seconds.

I have acknowledgement the following RedHat kernel already comes with support to softdog module:
2.4.18-27.7.x
2.4.20-19.7
2.4.20-24.7
2.4.20-27.7
2.4.20-28.7

If you don�t use any of above kernels, you must compile a kernel with support for watchdog, setting these parameters:
CONFIG_WATCHDOG=y
CONFIG_SOFT_WATCHDOG=m

Refer to "Kernel compile HowTo" to compile a new kernel for your system.

Installation
============
In general steps, to install watchdog it�s suffice download, install, and change a few parameters in /etc/watchdog.conf. It�s very simple. But in *NO* way experiment with watchdog !!! You can have a bad experience, and need to restore your server. Only do what you know what you are doing! Be advised. I�m a experienced network administrator (16 years IT, 7 years with hosting), and although my experience, this cost me 2 (two) restores with EV1 to learn.

Always check your backups *before* install watchdog.

Download:
=========
If you are using Ensim, download from:http://rpm.pbone.net/
# wget ftp://ftp.pbone.net/mirror/dag.wiee...g.rh73.i386.rpm

Run your rpm:
# rpm -ivh watchdog-5.2-5.dag.rh73.i386.rpm

Configuration:
==============
Softdog is auto-loaded by watchdog, so you don�t need make nothing.
You need at least to change the /etc/watchdog.conf, in the following lines, uncomenting its:
Uncomment:

-------------------

=================================
#file = /var/log/messages
#watchdog-device = /dev/watchdog
=================================

-------------------

Turning in:

-------------------

=================================
file = /var/log/messages
watchdog-device = /dev/watchdog
=================================

-------------------

Create the watchdog device:
# mknod /dev/watchdog c 10 130

Check if it exists really:
# ls -alF /dev/watchdog

If ok, execute the following:
# service watchdog start

You already have watchdog working.

Check in your /var/log/messages if there are some lines like the following:

-------------------

Jan 13 15:06:13 ensim kernel: Software Watchdog Timer: 0.05,
timer margin: 60 sec
Jan 13 15:06:13 ensim kernel: pcwd: v1.13 (03/06/2002) Ken Hollis
(kenji@bitgate.com)
Jan 13 15:06:13 ensim kernel: pcwd: No card detected, or port not
available
Jan 13 15:06:13 ensim kernel: WDT driver for Acquire single board
computer initialising.
Jan 13 15:06:13 ensim watchdog: watchdog startup succeeded
Jan 13 15:06:13 ensim watchdog[3130]: starting daemon (5.1): (...
long line with options...)

-------------------

If so, it�s all right.
After, test watchdog, rebooting your server:
# service watchdog stop
(NOTICE: This is not a truely shutdown/reboot procedure! The kernel will make a hard reboot here. So, analyse the consequences, if you do not have any program writting in your disk. Close all processes first, if you have worries about, shutdowning all daemons before. Is kernel rebooting your machine, not watchdog program.)

In 60 seconds your system will reboot. If not, something are wrong. Your system should restart in next two minutes. (Pray!)

If your system it�s ok, restart watchdog again (service watchdog restart), and you could include a line in the end of file /etc/rc.d/rc.local:
# echo "/sbin/service watchdog restart" >> /etc/rc.d/rc.local

If you to want, test again watchdog:
# service watchdog stop

If reboot ok, you are already protected.
If not reboot, ask for EV1 reboot in single user mode, or a different kernel, and undo your changes.

!!! CAUTION !!! CAUTION !!! CAUTION !!!
1) Never, never, never use chkconfig to make watchdog auto-restart in next boot. Redhat kill processes when changing runlevels, and when kill watchdog your system will eternally rebooting, needing a restore from EV1. Don�t experiment with watchdog.
2) Following rigorously the steps above worked for me, and I think can work for your. But I cannot warranty any thing to you, so you are the ultimate responsible to following them.
!!! CAUTION !!! CAUTION !!! CAUTION !!!

That steps above are secure. But before you install new kernels NEVER forget to drop the line in your /etc/rc.d/rc.local file (comment it). Test watchdog again in the new system, like showed before, but without start automatically in the next boot, commenting the start line of watchdog in rc.local. If any problem, simply ask a reboot to EV1, and all it�s ok again, allowing you know what fails, if kernel not support watchdog, if installation problem, etc.

Upgrade the Linux Kernel

Thu, 15 Dec 2005 20:46:58 +0000

We've used the following instructions to upgrade our Linux Kernel at Rackshack from 2.4.9-31 to 2.4.18.

There were no problems, and we did not have to get Rackshack technical support installed.

Please note that upgrading the kernel can be dangerious and it is possible to freeze your system bad enough that Rackshack support has to get involved.

I would recommend reading the README file included with the kernel source prior to following these steps. It will provide an outline along with recovery techniques (if needed).

If this is something you want some one with system administration capabilities (for a fee) to do, please contact us. Otherwise, enjoy.

1. Download the full source of the latest kernel from http://www.kernel.org/ to /usr/local/src on the machine to be upgraded.

2. gzip -cd <kernel> | gtar xvf -

3. cd <kernel dir name>

4. Create the following shell script (I called mine, "steps.sh"):

#!/bin/sh
make dep
make modules
make modules_install
make bzImage
cp arch/i386/boot/bzImage /boot
make
make install

5. Make it executable (chmod 755 script name).

6. Run make menuconfig

make menuconfig

IMPORTANT

If you were on a kernel that did not have IPtables support, make sure you do the following changes under "Networking Options":

A. Enable "Network packet filtering (replaces ipchains)"

B. Go into IP: Netfilter Configuration and make modules of all options, and permanent for the following:

(1) Connection tracking and FTP protocol support
(2) IP tables support (required for filtering/masq/NAT)
(3) Packet filtering and Reject
(4) Full NAT and all under it.
(5) Packet mangling and all under it.

C. Make any other changes are required

Potentially enabling "Ext3 journaling file system support (EXPERIMENTAL) " under file systems

(This is supposed to help with crashes).

NOTES:

Most of the configuration options other than noted
above should be good "as is."

If you want to stick with ipchains, this is what I
believe you must do (I have not done it, therefore
it is untested):

Do A.
Then in B, make permenant ipchains (you may
have to unselect modules in order to get
ipchains to show.

7. Save your changes.

8. Run the script you created.

9. Check the /boot directory that the following files are present / created:

bzImage (recent date and time showing you just made it)
System.map linked to the latest
vmlinuz linked to the latest
vmlinuz-version for the latest

10. Copy /etc/lilo.conf to /etc/lilo.conf.save

11. Edit /etc/lilo.conf

Create another "image" section pointing to

A. Point the boot image to vmlinuz-version
B. Point the initrd to bzImage
C. Change the old labels to something other than "linux"
D. Make sure you new section has a label of "image"

(sample lilo.conf file)

boot=/dev/hde
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=linux

image=/boot/vmlinuz-2.4.9-31
label=linux.bak
initrd=/boot/initrd-2.4.9-31.img
root=/dev/hde6
read-only

image=/boot/vmlinuz-2.4.18
label=linux
initrd=/boot/bzImage
root=/dev/hde6
read-only

12. Run "lilo"

13. Restart the server

14. uname -a should report the new kernel version.

15. depmod -a should report no problems. If it does, then either modules have to be specified or made permanent.

Ending Notes:

We did this on a Compaq box running Ensim. Ensim and other applications where not impacted by the upgrade; all worked fine.

Credits:

http://www.dynamicnet.net/services/hsphere.htm