With the release of CentOS 5.5 ext4 is considered stable in this distribution so I decided to migrate to it. Luckily I started from migrating fresh server with CentOS 5.5 using some instruction I found on the internet. I think I shouldn’t say, that I screwed the whole thing up 
After about 6 hours cursing, kicking, and crying I solved the task and figured the correct sequence of actions. The small problem with migrating root partition is that you can’t unmount it BTW.
Continue reading “CentOS: Migrating root (and any other) filesystem from ext3 to ext4″
Some time ago I noticed many messages in log file about named attempt to resolve strange addresses.
Continue reading “[Linux] “network unreachable resolving XXXX” messages in system log”
Tags: ipv6, named
Hello.
I’d like to share my script, which I use on some production servers for quick database backup using mysql tools. People say, that I should use bash for that, but I prefer PHP 
Script uses mysqldump for dumping databases and gzip for compressing backups. rm is run to ensure backups are not stored for too long.
Continue reading “[Linux, PHP] PHP script to backup all databases”
Tags: backup, mysql, mysqldump, php
I’ve gotten cron log from one of my servers today which says:
/etc/cron.weekly/99-raid-check:
WARNING: mismatch_cnt is not 0 on /dev/md0
That worried me a little and I decided to investigate.
Continue reading “WARNING: mismatch_cnt is not 0 on /dev/md0″
Tags: linux, mdstat, mismatch_cnt, raid, sync_action
Hello.
Here is a script, which I use on my production servers to secure them a bit. I hope it will be useful to you. Script logs all dropped packets so that you can easily find out tye clutch should there be any. Additional FTP server setup will be necessary. For ProFTPD add the following line to /etc/proftpd.conf:
PassivePorts 65400 65534
Continue reading “Script for securing server with IPTables”
Tags: firewall, iptables, script, secure
Struggling with DDoS on my friend’s site, I wrote small Anti-DDoS script, that in original just lists all IPs, that have more than X active connections open to your server. It was originally written for FreeBSD.
#!/bin/sh
# Set here a minimum number of connections for action to be executed (150 by default).
FR_MIN_CONN=150
TMP_PREFIX='/tmp/frrr'
TMP_FILE=`mktemp $TMP_PREFIX.XXXXXXXX`
netstat -ntu -f inet| awk '{if(NR>2 && NF=6) print $5}' | cut -d. -f1-4 | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}$' | sort | uniq -c | sort -nr > $TMP_FILE
while read line; do
CURR_LINE_CONN=$(echo $line | cut -d" " -f1)
CURR_LINE_IP=$(echo $line | cut -d" " -f2)
if [ $CURR_LINE_CONN -lt $FR_MIN_CONN ]; then
break
fi
# You can insert your own logic here (e.g. ban with your favourite firewall). Now it just prints the IP to console.
echo $CURR_LINE_IP
done < $TMP_FILE
rm -f $TMP_PREFIX.*I think this will work on general Linux also. You just need to change “cut -d.” to “cut -d:” in the listing and, probably, “/bin/sh” to “/bin/bash”.
Tags: DDOS, freebsd, linux
This is just an addition to my this article with some corrections needed if you use FreeBSD.
netstat command should look like
netstat -ntu -f inet| awk '{print $5}' | cut -d. -f1-4 | sort | uniq -c | sort -nr|more
And firewall IP blocking command should be
ipfw add deny all from xxx.xxx.xxx.xxx to any in
Tags: freebsd, ipfw, linux, netstat
Actually, I am using CentOS on production servers. CentOS native repository is very small and contains very necessary packages. If you need something more, you should consider using RPMForge repository as I do But to add this repository to CentOS you need to do several annoying actions. And this is annoyng when you do so on each new server you are asked to setup. So, I wrote small script to automate the job which I like to share with you now.
Continue reading “[Linux] Automated RPMForge Repository Installation”
Tags: install, installation, repo, repository, rpmforge
My friend asked me to check the server with this problem. I did and of course first I checked free space on disk using ‘df -h’, but free space was ok. Googling around I found the reason. Unclean shutdown of Apache left many semaphores opened. So, I cleaned them with
for i in `ipcs -s | awk '/nobody/ {print $2}'`; do (ipcrm -s $i); done
You should replace “nobody” in the command with the name of the user Apache is running on your system under. Also I increased semaphore limit in /etc/sysctl.conf by adding to the end of this file
kernel.msgmni = 1024
kernel.sem = 250 256000 32 1024
No system restart is needed to apply changes. Just issue 'sysctl -p‘ command. The solution was found here.
You may also want to switch to another SSLMutex implementation.
Tags: apache
As you probably know, latest software versions are rarely available to be installed as rpms. So, you need to compile them yourself. In this article I will briefly describe a process of installing, configuring and upgrading latest Apache and PHP.
Please remember, that installing from sources can sometimes break working system. So, please use this guide carefully.
Continue reading “[Linux] Installing latest Apache, PHP and MySQL from sources”
Tags: apache, CentOS, httpd, linux, mysql, php
YUM is an rpm package manager with very easy syntax. It is preferred especially for beginners to install packages using yum as this is very easy. Your Linux distro should already have yum by default, but if this is not so, let’s install it. BTW, you can find yum manual here.
You can check if your system has yum by entering
Continue reading “[Linux] Installing YUM (Yellow dog Updater, Modified)”
Tags: install yum, yum
If you have many greedy users downloading files from your server using many streams per user, you can fight them easily with mod_choke Apache 1.x module. It is very easy. The article assumes your server is running under CPanel/WHM
Continue reading “[Linux] Limiting download speed and number of connections per IP with mod_choke (Apache 1.x)”
As you know, each time php script is executed, PHP interpreter need to compile it first to bytecode and only after that – execute. That compilation takes much time.
APC PHP extension (which will be included and enabled in PHP6 by default. It becomes a standard) can speedup php script execution process by caching once compiled PHP bytecode in memory. So, installing this extension increases your server performance (we assume you are doing this at CPanel/WHM controlled server). To install extension just do the following:
Continue reading “[Linux] Decreasing server CPU load with PHP APC cache extension”
Tags: apc, php, php optimization
Every good server must have a good antivirus installed. Let’s install ClamAV to our machine. Paths to distributions are provided to the latest versions at the time of writting. If new version releases all you need to do is to change numbers in shell command.
Continue reading “[Linux] Installing ClamAV antivirus and integrating with Exim and pure-ftpd”
Tags: clam, clamav, linux
During several months server I was responsible for was under DDoS attack, that almost flooded it. Due to lacking Linux skills, I almost lost my hope in protecting it by myself and started to think about paying some specialist to protect my server.
But suddenly, I found a miraculos and VERY easy to install and use solutuons I want to share with you today.
Continue reading “[Linux] Installing automatic protection from DoS and DDoS attacks to your server”
Tags: apf, DDOS, DOS, inetbase, iptables, linux, netstat
If you suspect, that your server is flooded, the first thing you need to do is to issue the following command:
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -nr
This will show you IP addresses (second column) and the total number of connections from each (first one). If you see, that you have too many connections from some IP address, you can block it by issueing the following command:
Continue reading “[Linux] Using netstat and iptables to manually detect and blacklist DOSers”
Tags: DDOS, DOS, iptables, linux, netstat
