etc/resolv.conf

tom on June 29th, 2007

This file (/etc/resolv.conf) holds the config for the resolver in your dedicated box. Always make sure that you have the most recent nameservers listed in there without any lines reading “search domain.com” because that will slow things down.

It would be good practice to check with your dedicated hosting provider (datacenter) to always make sure they are up to date or if any nameservers go down. This is unlikely and rare, however, if you find your server downloading from remote servers quite slowly it is always something good to check.

Many other reasons can occur for slow servers including but not limited to: network issues, router problems (datacenter’s fault unless CoLo), massive traffic slowing down the pipe, a limited bandwidth pipe (10mbit or less with more traffic than that), DDOS and DOS attacks on the network. Always check the news or announcements section on your hosts’ website, blog, or forum and check your email for any items they may send regarding network status. Hope it helps.

Post a comment | Comments Off

Installing APF

tom on June 26th, 2007

Before you begin, you must have root access via SSH in order to execute these commands and properly install APF.

This post will log how I installed APF, the great advanced policy firewall tool for Linux.

A firewall is an essential tool for any linux box, and each one comes with the ip-tables firewall by default.

In order to fully maximize the effectiveness of your linux firewall though, you should utilize a 3rd party program such as APF to mitigate rules and add them on the fly.

Step 1. Download the tarball:

# wget http://www.r-fx.ca/downloads/apf-current.tar.gz

Step 2. Unpack the archive:

# tar -zxvf apf-current*

(note: the * is a wildcard match, so if you have more than one tarball with the prefix apf-current, this will unpack them all.)

Step 3. change directories and run the install script:

# cd apf*

# ./install.sh

You must now configure the firewall by editing the file /etc/apf/conf.apf

step 4:

# vi /etc/apf/conf.apf

FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

To use DShield’s list of things to block.

Next, scroll down and find

# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,25,53,80,110,143,443,2082,2083,2086,2087,2095,2096,20069,30000_35000″

I’ve added ports 30000-35000 for SmartFTP since I use that a lot.

these are pretty much your common ports. However if you’ve changed your SSH listening port to avoid bruteforce attacks by scriptkiddies, you must add it to this list.

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″

# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

These are fairly common and are useful with cpanel servers.

Once you’re done configuring with vi, type :wq to save and quit the editor.

Next, start the program using:

#/usr/local/sbin/apf -s

After this, log out of SSH and try logging back in. Try accessing your website (if you have one configured on this box) and try using FTP.

If everything goes fine, edit the configuration file again and change DEVM=”1″ to DEVM=”0″ to disable development mode.

In dev mode, the firewall rules are flushed every 5 minutes to avoid you from getting locked out of your own box.

Save the file and restart APF. That’s all there is to it.

Checking logs and configuring APF to start on boot.

# tail -f /var/log/apf_log

Shall show you the last ~10 lines in the log file. This will tell you what rules were added for which IPs.

To make APF start on boot you should type:

# chkconfig –level 2345 apf on

And to remove it from boot:

# chkconfig –del apf

Manually adding rules ( hosts to block) to APF:

# apf -d 123.123.123.123 Comment for Rule

Shall add the IP 123.123.123.123 to the deny list with the comment, so you can remember why you blocked the IP.

You can also manually add/remove IPs from the file /etc/apf/deny_hosts.rules

But you must restart APF after you do that, with:

# apf -r

you can also allow IPs with the simple -a option as you denied it before:

# apf -a 123.123.123.123 unblocked IP.

After this you shall know the ins and outs of APF (Advanced Policy Firewall).

Post a comment | Comments Off

Custom MySQL port and more

tom on May 12th, 2007

Edit your /etc/my.cnf File and add something similar to this:

[mysqld]
user = mysql
pid-file = /var/lib/mysql/server.mysite.net.pid
socket = /var/lib/mysql/mysql.sock
port = 3307
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/english
bind-address = localhost
[/mysqld]

This will change the port to 3307, which is what I did. The other options are pretty much default, but they are included so you can alter then to your liking.

Post a comment | Comments Off

PHP 5.2 on fresh HD installation

tom on April 13th, 2007

I was installing PHP 5.2 with GD support on a brand spanking new HD.

With a ./configure like:

./configure –enable-fastcgi –enable-discard-path –enable-force-redirect –with-gd –with-jpeg-dir=/usr/local/lib –with-png-dir=/usr/local/lib

You will definitely need some dependencies. Here is how I solved them Read the rest of this entry »

Post a comment | Comments Off

Error when installing Lighttpd 1.5 – gthread-2.0 requirements

tom on April 13th, 2007

I was installing lighttpd 1.5 the other day when I received this error:

configure: error: Package requirements (gthread-2.0 >= 2.4.0) were not met:

The new lighttpd 1.5 requires glib2-2.4.0 or greater. Thus, to install the necessary files, simply type:

# yum install glib2-devel

And you are all set.

Post a comment | Comments Off

How to change the linux login banner/message

tom on April 12th, 2007

The login banner is essential to legal actions taken against people who misuse and illegally hack into your box. There have been cases where the hackers got off because the server they hacked into actually “Welcomed” them into the system!

To change the login banner/welcome message, simply edit the /etc/issue file.

#vi /etc/issue

Should do the trick!

Post a comment | Comments Off

Device: /dev/hda, 3 Offline uncorrectable sectors

tom on April 9th, 2007

If you are finding this in your /var/log/messages file, it most likely means your Harddrive is failing or going to fail very soon.

I tried fscking it

# fsck /dev/hda

However that returned:
Couldn’t find ext2 superblock, trying backup blocks…
fsck.ext2: Bad magic number in super-block while trying to open /dev/hda

The superblock could not be read or does not describe a correct ext2
filesystem. If the device is valid and it really contains an ext2
filesystem (and not swap or ufs or something else), then the superblock
is corrupt, and you might try running e2fsck with an alternate superblock:
e2fsck -b 8193 <device>

Which means it definitely is the harddrive failing. Time to replace it!

MySQL log slow queries

tom on March 29th, 2007

edit /etc/my.cnf

using

# vi /etc/my.cnf

Then add

log-slow-queries
long_query_time = 5

Long_query_time is the number of seconds for a query to be considered long enough to log. The log will be created with detailed information about the queries that are slower than 5 seconds (in this case) for MySQL.

The default location of this log is

/var/lib/mysql/server-slow.log

Enjoy.

Post a comment | Comments Off

Updating your hostname on linux server

tom on February 16th, 2007

This is a very simple task, however many linux server newbies will be hard pressed to figure it out on their own.

First Read the rest of this entry »

Post a comment | Comments Off

How Do I add multiple IP addresses manually?

tom on January 20th, 2007

If you have a box without a control panel and you have several IP addresses assigned to your server, here are some steps to add them into your network configuration.

# ifconfig

will output all the configured addresses. For example:

Read the rest of this entry »

Post a comment | Comments Off