Linux Administrator

Linux Administrator

another informative website from Ivory Tower Group

Privacy Policy

RSS Feed


65 Mustang
Acoustic Guitar Tips
Anna Kendrick
Catherine Zeta Jones
My View On Things
Cheap Auto Insurance
Conspiracy Today
Delta Shaper
Easy Wood Projects
Eating Out Sacramento
Free Sheet Music
Funny Clean Jokes
Healthy Carbs
Heidi Klum
Improve Your Credit
Ivory Tower Group
Keke Palmer
Linda Ronstadt
Linux Administrator
Money Spigot
Nicole Kidman
Planet Cabinet
Quality Dating Advice
Rustic Cabinets
Sacramento Hiking
Sandra Bullock
Spintax Tool
The Actress
Who Are The Beatles


We don't need no stinking badges, or do we? <--click for more

Back in August 2015, the Linux Foundation Core Infrastructure Initiative (CII) announced a new badging effort to help open-source projects with security best practices. On May 3, the first groups to achieve the security badge were formally announced, and they include Curl, GitLab, OpenBlox, OpenSSL, Node.js, Zephyr and the Linux kernel.

To earn a badge, projects must comply with a set of security best practices as outlined in the CII Best Practices Badge GitHub repository. Most of the items are either automatically verified -- for example, providing encrypted access to a repository -- or obvious, such as providing good release notes, according to Dan Kohn, senior adviser to CII and the Linux Foundation.

For complete story, click HERE.


7 Steps to Start Your Linux SysAdmin Career <--click for more

Linux is hot right now. Everybody is looking for Linux talent. Recruiters are knocking down the doors of anybody with Linux experience, and there are tens of thousands of jobs waiting to be filled. But what if you want to take advantage of this trend and you're new to Linux? How do you get started?

For complete story, click HERE.


Nine dollar Linux Micro-Computer? <--click for more

Consider a computer that costs nine bucks. The CHIP Micro Computer has hit a million dollars in funding in just four days after arriving on Kickstarter. In what is undoubtedly an attempt to take on the Raspberry Pi and Arduino mini-computers, CHIP is smaller than a credit card (or a banana if you prefer), making it tremendously small considering its capabilities. It's powered by a 1GHz processor alongside 512MB RAM and 4GB storage, and comes with Bluetooth and WiFi connectivity options.

For complete story, click HERE.


Twistlock Launches To Solve Linux Container Security Problems <--click for more

As the idea of containers gains momentum, there are a couple of problems that increasingly need to be solved -- networking, storage and security being the key three. Twistlock aims to solve the last of those and be part of unlocking far-broader container adoption.

Containers are, of course, a Linux concept that allows the running of multiple isolated Linux systems on a single control host. Instead of creating a full virtual environment, with Linux containers, an operating system is shared across the various containers while running resources are offered to the container in isolation. Linux containers have existed for a long time, but Docker re-invigorated the notion and brought it to a wider audience.

For complete story, click HERE.


Debian 8 Linux moves to systemd by default <--click for more

Debian, one of the most widely used Linux distributions, has been updated with the release of Debian 8 'Jessie', which now uses systemd to initialise the system and ships with updated versions of the Gnome desktop and numerous other enhancements. Available to download now, Debian 8 is one of the last Linux distributions to make the switch to using systemd as the default init system for starting up the system. Sysvinit is still supported for those who want it, but systemd provides more advanced monitoring, logging and service management capabilities, according to the Debian project.

For complete story, click HERE.


Disable SSLv3 Protocol in Apache <--click for more

I have charge of about a dozen old servers that are running various incarnations of the Apache web server. As part of some housekeeping, I was asked to make sure that none of them are using the SSLv3 protocol. I did a bit of Googling to see how to get this task done and came up with the following solution.

First, logged in via ssh as root, I looked for the relevant Apache configuration file:

grep -i -r "SSLEngine" /etc/httpd
grep -i -r "SSLEngine" /etc/apache
grep -i -r "SSLEngine" /etc/apache2

Once I found the correct configuration file on the server, I looked for the line:

SSLEngine On

Right below that, I added this line:

SSLProtocol all -SSLv2 -SSLv3

This tells the server to use all ssl protocols except the ones marked with a minus sign. Since SSLv2 also has problems, I added it to the command line.

The final task was restarting Apache.


Apache, Perl, and Autoflushing <--click for more

OK, you're adminstering an Apache web server and you've just gotten a complaint from someone about how their perl script isn't displaying an updated status or progress of what it's doing. Instead of displaying a new line each time it iterates through its chores, the script waits until what it's doing is completely done and then puts it all the status messages on the screen at the same time.

If you have a time where you want to display data as it appears, this situation is not good at all. What you need to do is turn auto-buffering on.

In Apache, and probably other web servers, this is done by by including a line like this in your script:

$|=1;

This is supposed to tell your web server to not buffer data. Problem is, Apache might ignore the command. In order to remedy that, turn off the deflate module, which by default is turned on in a base installation of Apache. Do this using this command:

a2dismod deflate

Then, restart the Apache server:

/etc/init.d/apache2 restart

And here is an example of a perl script that should work properly:

Here's the script without $|:

autoflush1

Here's the script with $|:

autoflush2


Find Location Of File Used By Process ID (PID) <--click for more

If you have some processes you don't recognize, you might want to find the location of the file that's being run. In order to do this, get the process ID (PID) by typing:

ps awx

Once you have the PID, do this:

cd /proc/PID
cat environ

The PWD line will probably tell you where to look.

Example:

www-data 15554 186 0.0 54084 1668 ? Ssl 10:06 17:36 ./kernelupdates -B -o stratum+tcp://hk2.wemineltc.com:80 -u spdrman.10 -p passxxx

cd /proc/15554

The environ file shows that the file was running from /tmp/.ice-unix


Plesk Default IP Address <--click for more

Let's say you work with the Parallels Plesk control panel. Let's also say you've configured some ip addresses and you have it set to use a particular ip address as the default. Now, let's say you want to change that default ip address to something different. There does not appear to be a quick and easy method to do this, and looking at the Parallels website only gets confusing. Through some trial and error, I've managed to figure out how to do it. Follow these steps, and you should be able to do it as well.


Slow RDP Sessions? <--click for more

OK, this may not be an actual Linux problem, but I've dealt with it enough to decide to put it here in case you ever come across it.

Suffering from slow RDP sessions? The autotuning level on your machine may be the culprit. On later versions of Windows, it's set to configure huge packet sizes, which might cause grief, depending on your connection quality.

To alleviate the problems, try typing this line into the cmd prompt on a windows 7, 8, server 2008, or server 2012 machine:

netsh interface tcp set global autotuninglevel=highlyrestricted

to revert back to normal setting, type:

netsh interface tcp set global autotuninglevel=normal


Immediate Linux Reboot <--click for more

What do you do when you have a process hung and the server won't reboot? What if you just want to reboot the thing and shutdown doesn't work? If you can get to the root command line, issue these two commands:

 
echo 1 > /proc/sys/kernel/sysrq 
echo b > /proc/sysrq-trigger

This is basically the same as hitting the reset button on the server. It will cause the computer to immediately reboot. Once the server comes back up, you might want to perform an fsck to be on the safe side:

shutdown -rF 0


Disable Output Buffering with PHP and NGINX <--click for more

A client wanted to be able to display a line at a time in a user's web browser, not wait for the entire result and display everything at once. This worked fine in Apache, but when he upgraded to NGINX, it stopped working. The solution was to change the default NGINX configuration to not buffer output. He also had to make a few changes to his script.

First things first. The NGINX configuration needed these three lines added to the http section:

fastcgi_keep_conn on;
proxy_buffering off;
gzip off;
Then, his script needed this line added to the beginning:

header('Content-Encoding: none;');

That's it.


500 Server Error With NGINX <--click for more

If you're working with Plesk 11.5.30 and you're running into those dreaded 500 nginx errors, try running the following command (make sure the version information corresponds with the version of Plesk on the server):

/usr/local/psa/bootstrapper/pp11.5.30-bootstrapper/bootstrapper.sh repair

This will take about 15 to 30 minutes to complete, depending on how many domains are on the given machine. The "Reconfiguring mail subsystem" and "Regenerating web server configuration files" parts take the longest.

Once it completes, run this to restart required services:

/etc/init.d/psa stop; /etc/init.d/psa stopall; /etc/init.d/psa startall; /etc/init.d/psa start


Block a specific incoming port <--click for more

Let's say you want to block ftp traffic on a temporary basis, but you don't want to shut down the ftp server. That's where a temporary block would come in handy. You can do this with the trusty iptables tool. Use a line like this:

/sbin/iptables -A INPUT -p tcp --destination-port 21 -j DROP

Forward traffic for one IP to another IP <--click for more

In some situations, the service you had on one ip address might have moved. Maybe it's something beyond your control. Or maybe, you wanted to put the service on a better, faster machine, but you couldn't move the ip address to the new machine. And, since everyone connects via the IP address and not a domain name, you're pretty much stuck in making sure that IP address continues to work. What do you do? The simple solution is to forward the traffic intended for that IP address to the new destination. You can even map the source port to a new destination port if necessary. Here's a sample script you can run on the old machine to do the trick:

#!/bin/bash

OLDIP='1.2.3.4' NEWIP='5.6.7.8' OLDPORT='80' NEWPORT='8080'
# turn on ip forwarding, if it's not on already echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A PREROUTING -p tcp -d $OLDIP --dport $OLDPORT -j DNAT --to-destination $NEWIP:$NEWPORT /sbin/iptables -t nat -A POSTROUTING -p tcp --dport $OLDPORT -j MASQUERADE

Force FSCK on Reboot <--click for more

Maybe it's been a while since you've performed an fsck on your server's hard drive. Or maybe, you're not sure if one is going to be performed when you reboot the beast, but you want it to happen. To force fsck on reboot, use this command:

shutdown -rF now

That's it. Your server's hard drive will go through a forced fsck, whether it wants to or not.


Force Removal of LVM Partition <--click for more

If you ever get into a situation where you cannot remove an lvm partition by using lvremove, use "dmsetup remove" instead:

dmsetup remove /dev/mylvm/test-disk

This will force the removal of the partition in a situation where you get an error message like:

Unable to deactivation open partition


Move Email from POP3 to IMAP <--click for more

I had a client who had downloaded all the email from his email server using POP3 (post office protocol). Now, he couldn't see any of his old emails using webmail on another computer, since all the email was now on his laptop. He asked me for help, and I figured the easiest way to solve his problem was to put all his email back onto the mail server and have him use the IMAP protcol to grab his email. That way, his email stays on the mail server, and he can check things from anywhere he is, including his mobile phone, a friend's computer, the library, etc. He agreed this would be a good idea. The problem was, he had over a gigabyte of email already on his computer. How were we going to get it back on his mail server?


eth0 not showing up on reboot <--click for more

I had a server that failed, but I needed to get it back up and running as quickly as possible. That meant pulling the drives and putting them into a similar machine. Not a problem. Or so I thought...

I put the drives in the new machine and powered it on. And then, for some reason I couldn't figure out, Linux could not find eth0! I couldn't believe it. How could it not? It was the same hardware as the failed box, so it wasn't a matter of a missing driver or something like that. But, reboot after reboot, the thing refused the see eth0. Looking at the dump of dmesg, it even looked like it was loading the proper driver, so why wasn't it finding eth0? I hunted around the Internet a bit, and finally, I found the culprit. Being a slightly new installation of Debian Linux, it was using a /dev system that gets built when you set up the system the first time. And if there are any changes in hardware after that, forget about it finding the changes!


Unwanted comments in Wordpress <--click for more

I got a call from a client complaining about a huge amount of comments in her wordpress blog. I checked it out, and sure enough, it was all spam for some product or another. No valid comments whatsoever. Thankfully, none of it was showing up in her blog, since she had the moderation option turned on. However, it was truly annoying dealing with so many spammy comments, and she wanted to get rid of them all. After a bit of research, I found a line if sql code that could do it.


Backing up a drive partition <--click for more

I came across a problem a few weeks ago, and I thought I'd share it with you. I had a customer who wanted to have his vps site moved from one server to another, but he wanted to keep everything the same. As a matter of fact, he wanted nothing touched, not even the IP address. I was going to do a simple copy the files in the vps to a newly created one on a different server. Then, I thought, wouldn't it be nice if I could just copy the entire partition of his vps over the network instead of the thousands of files?


Directory browsing in apache <--click for more

If you have a directory of images or some other collection of files, and you don't want to spend the time creating an index.html file to make them all viewable, try adding this line to the .htaccess file where you want directory browsing to be applicable:

Options Indexes

Also, if the directory is already viewable, but you don't want people to see the contents, just put an empty index.html file in the directory. That will prevent people from getting a listing of the directory.


404 redirect missing pages <--click for more

Sometimes, you get customers who change the structure of a website, and the search engines still know about the old structure, so people click on links that take them to missing pages. This is easy to fix.

If you want to redirect missing pages to the index.html page of a website, put this line into the .htaccess file inside of the root of the domain. Sometimes, this is /web or /httpdocs.


Welcome to Linux Administrator <--click for more

If you've ever wanted to know more about the art of linux administration, or you'd like to hear from one administrator about his toils and troubles with various server problems, this is the site for you.


All Contents Copyright 2013-2015 by Ivory Tower Group
Last updated 20160826