# ps aux | grep ssh
Will print something like:
root 1450 0.0 0.0 5432 620 pts/0 S+ 02:46 0:00 grep ssh
root 26528 0.0 0.0 5068 1016 Ss Jul28 0:00 /usr/sbin/sshd
With this you can execute the command
# kill -15 26528
This was the user session for root that I never closed because it timed out.. So this is what I did.
This may seem extremely trivial for many people out there.. but all it takes is a forgetful server admin.
I had an old box that needed reloading, so I had to reinstall the GD library for php using YUM.
# yum install php-gd
Is all it takes to install gd for php. I’ve forgotten the php- part so I’ve tried installing gd-devel, gd-progs and other crap I didn’t need… it’s so simple sometimes.
Although this is a frequently asked question which has many answers, I thought it should be addressed.
If you are not receiving mail from your server, grep through all the log files in your /var/spool/mail mailboxes.
# grep “MX” root
for example will output if you have had any of these errors reported back to root. (This only applies if root is receiving the mail. replace root with another username).
The solution to this problem is configuring sendmail properly.
For (Sendmail version 8.11 and up):
1. Add the line server.yourdomain.com to /etc/mail/local-host-names
2. Send the Sendmail daemon SIGHUP termination signal:
#kill -HUP `head -1 /var/run/sendmail.pid`
If you use sendmail 8.11 or before you should upgrade, but here is the fix:
1. Add the line server.yourdomain.com to /etc/mail/sendmail.cw
2. Send the Sendmail daemon SIGHUP termination signal as before:
#kill -HUP `head -1 /var/run/sendmail.pid`
If this doesn’t work then make sure the use_cw_file option is on in your config.
This file (/etc/resolv.conf) holds the config for the resolver in your dedicated box. Always make sure that you have the most recent nameservers listed in there without any lines reading “search domain.com” because that will slow things down.
It would be good practice to check with your dedicated hosting provider (datacenter) to always make sure they are up to date or if any nameservers go down. This is unlikely and rare, however, if you find your server downloading from remote servers quite slowly it is always something good to check.
Many other reasons can occur for slow servers including but not limited to: network issues, router problems (datacenter’s fault unless CoLo), massive traffic slowing down the pipe, a limited bandwidth pipe (10mbit or less with more traffic than that), DDOS and DOS attacks on the network. Always check the news or announcements section on your hosts’ website, blog, or forum and check your email for any items they may send regarding network status. Hope it helps.
Before you begin, you must have root access via SSH in order to execute these commands and properly install APF.
This post will log how I installed APF, the great advanced policy firewall tool for Linux.
A firewall is an essential tool for any linux box, and each one comes with the ip-tables firewall by default.
In order to fully maximize the effectiveness of your linux firewall though, you should utilize a 3rd party program such as APF to mitigate rules and add them on the fly.
Step 1. Download the tarball:
# wget http://www.r-fx.ca/downloads/apf-current.tar.gz
Step 2. Unpack the archive:
# tar -zxvf apf-current*
(note: the * is a wildcard match, so if you have more than one tarball with the prefix apf-current, this will unpack them all.)
Step 3. change directories and run the install script:
# cd apf*
# ./install.sh
You must now configure the firewall by editing the file /etc/apf/conf.apf
step 4:
# vi /etc/apf/conf.apf
FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″
To use DShield’s list of things to block.
Next, scroll down and find
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096,20069,30000_35000″
I’ve added ports 30000-35000 for SmartFTP since I use that a lot.
these are pretty much your common ports. However if you’ve changed your SSH listening port to avoid bruteforce attacks by scriptkiddies, you must add it to this list.
# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″
These are fairly common and are useful with cpanel servers.
Once you’re done configuring with vi, type :wq to save and quit the editor.
Next, start the program using:
#/usr/local/sbin/apf -s
After this, log out of SSH and try logging back in. Try accessing your website (if you have one configured on this box) and try using FTP.
If everything goes fine, edit the configuration file again and change DEVM=”1″ to DEVM=”0″ to disable development mode.
In dev mode, the firewall rules are flushed every 5 minutes to avoid you from getting locked out of your own box.
Save the file and restart APF. That’s all there is to it.
Checking logs and configuring APF to start on boot.
# tail -f /var/log/apf_log
Shall show you the last ~10 lines in the log file. This will tell you what rules were added for which IPs.
To make APF start on boot you should type:
# chkconfig –level 2345 apf on
And to remove it from boot:
# chkconfig –del apf
Manually adding rules ( hosts to block) to APF:
# apf -d 123.123.123.123 Comment for Rule
Shall add the IP 123.123.123.123 to the deny list with the comment, so you can remember why you blocked the IP.
You can also manually add/remove IPs from the file /etc/apf/deny_hosts.rules
But you must restart APF after you do that, with:
# apf -r
you can also allow IPs with the simple -a option as you denied it before:
# apf -a 123.123.123.123 unblocked IP.
After this you shall know the ins and outs of APF (Advanced Policy Firewall).
Edit your /etc/my.cnf File and add something similar to this:
[mysqld]
user = mysql
pid-file = /var/lib/mysql/server.mysite.net.pid
socket = /var/lib/mysql/mysql.sock
port = 3307
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/english
bind-address = localhost
[/mysqld]
This will change the port to 3307, which is what I did. The other options are pretty much default, but they are included so you can alter then to your liking.
I was installing PHP 5.2 with GD support on a brand spanking new HD.
With a ./configure like:
./configure –enable-fastcgi –enable-discard-path –enable-force-redirect –with-gd –with-jpeg-dir=/usr/local/lib –with-png-dir=/usr/local/lib
You will definitely need some dependencies. Here is how I solved them Read the rest of this entry »
I was installing lighttpd 1.5 the other day when I received this error:
configure: error: Package requirements (gthread-2.0 >= 2.4.0) were not met:
The new lighttpd 1.5 requires glib2-2.4.0 or greater. Thus, to install the necessary files, simply type:
# yum install glib2-devel
And you are all set.
The login banner is essential to legal actions taken against people who misuse and illegally hack into your box. There have been cases where the hackers got off because the server they hacked into actually “Welcomed” them into the system!
To change the login banner/welcome message, simply edit the /etc/issue file.
#vi /etc/issue
Should do the trick!
If you are finding this in your /var/log/messages file, it most likely means your Harddrive is failing or going to fail very soon.
I tried fscking it
# fsck /dev/hda
However that returned:
Couldn’t find ext2 superblock, trying backup blocks…
fsck.ext2: Bad magic number in super-block while trying to open /dev/hda
The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>
Which means it definitely is the harddrive failing. Time to replace it!