linuxbuddies.com » server tweak

Prevent image hotlinking

Riyesh — Tue, 20 Jan 2009 19:18:26 +0000

Hotlinking is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.
It is always recommended to enable hotlinking of images, else others use just links to your site to load their web-pages, thereby stealing your bandwidth. Do you want that to happen?

If not, copy-paste the below code to your websites .htaccess file.

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
RewriteRule ^.*\.(bmp|tif|gif|jpg|jpeg|jpe|png)$ – [F]

Haii.. Linux buddy,, you now. safe…. :D

kernel compilation

Riyesh — Tue, 20 Jan 2009 19:10:44 +0000

Kernel

It makes sure that all processes in the system works fine

Rebuilding

It is done to optimize the kernel to suit our requirements as well as make it more secure from internet attacks

Steps

1. Determining the current hardware
This is required during configuration process to enable hardwares that our new kernel has to support.
Commands used for the same are:

/sbin/lspci

cat /proc/cpuinfo

2. Download the Source
latest sources and its corresponding patches are always available fromhttp://www.kernel.org/pub/linux/kernel/
As of today (Oct 21, 2008) the latest available source is linux-2.6.27.2.tar.gz and the patch is patch-2.6.27.2.gz

Apply the patches

Extract the source using tar -zxvf and patch using gunzip to /usr/src/ folder.

Now cd to linux-2.6.27.2 and apply the patch as shown below:

patch -p1 <../patch-2.6.27.2

4. Configuration
You may copy the current configuration by copying the file .config.

cp ../linux/.config config.old

Begin the configuration by wiping out all previous configurations and resetting the source directory to a pristine state:

$ make mrproper

Run the configuration utility. Either of the below step can be used to run the configuration utility:

make config – least friendly tool

  make oldconfig         (- will read the defaults from the existing .config file. Note that oldconfig will only work within the same major version of the kernel. You cannot, for example, use a 2.4.x .config with the 2.6.x kernel.)

 make menuconfig      (- Most commonly and recommended method. Gives you a graphical front end to select your options)

5. Start Build
Clean before the build:

make clean

Start the build after cleaning process:

make bzImage

6. Build and install all the loadable modules

  make modules

 make modules_install

7. Copy the required files and generate initrd
Copy the files over for the kernel itself

 cp .config /boot/config-2.6.27.2

 cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.27.2

 cp System.map /boot/System.map-2.6.27.2

 mkinitrd /boot/initrd-2.6.27.2.img 2.6.27.2

If you come across an error like: “/dev/mapper/control: open failed: No such file or directory” , Run the following commands:

  rm -rf /boot/initrd-2.6.27.2.img

  mkinitrd –omit-lvm-modules /boot/initrd-2.6.27.2.img 2.6.27.2

8. Configure Grub & enable failsafe
Open grub.conf file
Add the below code to the top of the kernel list:

title Red Hat Linux (2.6.27.2)

root (hd0,0)

kernel /vmlinuz-2.6.27.2 ro root=LABEL=/

initrd /initrd-2.6.27.2.img

  Set the default value to your working kernel. (NOTE: NOT NEW KERNEL)
  Now save and exit from grub.conf file and enter into grub mode by typing “grub” from bash prompt
  And set to boot from newly compiled kernel during next reboot:

savedefault –default=0 –once

If your server is up, you are done with your new kernel. Open the file grub.conf and change the value of default to “0″

Congratulations! You are done with your new kernel.

Processor type in Linux

Riyesh — Tue, 20 Jan 2009 18:59:47 +0000

To find the processor type and details

Get the Processor details:

cat /proc/cpuinfo

Find whether the processor is 32 or 64 bit:

getconf LONG_BIT

Find the architecture:

uname -i

Enable/ disable ping requests in linux

Riyesh — Tue, 20 Jan 2009 18:54:11 +0000

Ping Requests use ICMP protocols. This is enabled/disabled using sysctl values.
To Disable Ping:

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

To Enable Ping:

echo 0 > /proc/sys/net/ipv4/icmp_echo_ignore_all

Limiting FTP users to their home directory

Riyesh — Fri, 16 Jan 2009 15:22:01 +0000

Purpose

Unless the ftp users are limited to their home directories, they will able to access all files & folders on the server .

How to

Below you may see how this can done to 3 of the ftp servers used in common.

Pro-ftpd

vsftpd

pure-ftpd

Pure-ftpd

vi /etc/pure-ftpd.conf

And change the following line

ChrootEveryone=YES

pro-ftpd

vi /etc/proftpd.conf

DefaultRoot ~

Vsftpd

vi /etc/vsftpd.conf

chroot_local_user=YES

Nagios installation

Riyesh — Sat, 27 Dec 2008 08:22:39 +0000

Nagios is the new name for NetSaint, a network/service monitoring tool. It was designed for Linux, but can be compiled and run perfectly well under any UNIX variant as far as I am aware. The monitoring daemon runs intermittent checks on hosts and services you specify.Nagios can send report through sms, email, instant message, etc..

Please follow the steps to install nagios.

Download nagios from source

wget http://prdownloads.sourceforge.net/nagios/nagios-2.9.tar.gz?download

Unpack the sourc file

tar -xzvf nagios-2.9.tar.gz

create user for nagios

useradd nagios

Create Installation Directory

mkdir /usr/local/nagios

Change the owner of the base installtion directory to be the Nagios user and group you added earlier as follows:

chown nagios.nagios /usr/local/nagios

Create a new command file group whose members include the user your web server is running as and the user Nagios is running
as.

groupadd nagcmd

Add the users that your web server and Nagios run as to the newly created group

usermod -G nagcmd nagios
usermod -G nagcmd nobody

Run the configuration script.

./configure –prefix=/usr/local/nagios –with-cgiurl=/nagios/cgi-bin –with-htmurl=/nagios/ –with-nagios-user=nagios –with-nagios-group=nagios –with-command-group=nagcmd

Compile Binaries-

make all

Install the Binaries And HTML Files-

make install

9. Install An Init Script-

make install-init

Download Nagios plugin to /usr/local/nagios from

wget http://downloads.sourceforge.net/nagiosplug/nagios-plugins-1.4.9.tar.gz?modtime=1180952247&big_mirror=0

untar; and cd into the new directory.

Compile Binaries- make

make install

Setup The Web Interface

ADD THE FOLLOWING ENTRIES TO HTTPD.CONF

Configure Aliases and Directory Options For The Web Interface

ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/

AllowOverride AuthConfig
Options ExecCGI
Allow from all
Order allow,deny

Alias /nagios/ /usr/local/nagios/share/

Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all

Include the file in the Apache configuration file.

Create a user for the web authentication -nagiosadmin
Provide a password that will be used when nagiosadmin authenticates to the web server.

htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

Enable Authentication/Authorization Functionality In The CGIs

Set use_authentication=0 in cgi.cfg file.

Set the default Permissions To CGI Information

authorized_for_system_information=nagiosadmin
authorized_for_configuration_information=nagiosadmin
authorized_for_system_commands=nagiosadmin
authorized_for_all_services=nagiosadmin
authorized_for_all_hosts=nagiosadmin
authorized_for_all_service_commands=nagiosadmin
authorized_for_all_host_commands=nagiosadmin

Restart The Web Server

cd /user/local/nagios/etc

Create directories hosts and services

mkdir hosts.
mkdir services.

Specify the directories in the nagios.cfg file.

cfg_dir=/usr/local/nagios/etc/hosts
cfg_dir=/usr/local/nagios/etc/services

In each of these directories we need to create files for each servers we need to monitor.
Each of these files will contain the hostname and ip of the respective servers.
For this we need to make a copy of the HOSTS block in the localhost.cfg file for each servers.
Similarly we need to make a copy of the SERVICES block of the localhost.cfg for each servers
in the services directory.

We need to specify the emailID where we recieve the alerts in the localhost.cfg file.

Also we need to add all the hostname we are monitoring in the HOSTGROUP of the localhost.cfg file.

Once this is done, we need to start nagios.

We can see the logg details of nagios in the /usr/local/nagios/var/nagios. log file.

This completes the configuration of NAGIOS!!!

SAMPLE CONFIGURATION TO ADD A HOST
———————————-

# Generic host definition template – This is NOT a real host, just a template!

define host{
name generic-host ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 1 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
notification_period 24×7 ; Send host notifications at any time
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL HOST, JUST A TEMPLATE!
}

# Linux host definition template – This is NOT a real host, just a template!

define host{
name swww3.couchsurfing.com ; The name of this host template
use generic-host ; This template inherits other values from the generic-host template
check_period 24×7 ; By default, Linux hosts are checked round the clock
max_check_attempts 10 ; Check each Linux host 10 times (max)
check_command check-host-alive ; Default command to check Linux hosts
notification_period workhours ; Linux admins hate to be woken up, so we only notify during the day
; Note that the notification_period variable is being overridden from ; the value that is inherited from the generic-host template!
notification_interval 120 ; Resend notification every 2 hours
notification_options d,u,r ; Only send notifications for specific host states
contact_groups admins ; Notifications get sent to the admins by default
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL HOST, JUST A TEMPLATE!
}

# Since this is a simple configuration file, we only monitor one host – the
# local host (this machine).

define host{
use swww3.couchsurfing.com ; Name of host template to use
; This host definition will inherit all variables that are defined
; in (or inherited by) the linux-server host template definition.
host_name swww3.couchsurfing.com
alias swww3.couchsurfing.com
address 207.210.80.122
}

SAMPLE CONFIGURATION TO ADD SERVICES TO A HOST
———————————————-

# Generic service definition template – This is NOT a real service, just a template!

define service{
name generic-service ; The ‘name’ of this service template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized (disabling this can lead to major performance problems)
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service ‘freshness’
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
failure_prediction_enabled 1 ; Failure prediction is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
is_volatile 0 ; The service is not volatile
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}

# Local service definition template – This is NOT a real service, just a template!

define service{
name local-service ; The name of this service template
use generic-service ; Inherit default values from the generic-service definition
check_period 24×7 ; The service can be checked at any time of the day
max_check_attempts 4 ; Re-check the service up to 4 times in order to determine its final (hard) state
normal_check_interval 5 ; Check the service every 5 minutes under normal conditions
retry_check_interval 1 ; Re-check the service every minute until a hard state can be determined
contact_groups admins ; Notifications get sent out to everyone in the ‘admins’ group
notification_options w,u,c,r ; Send notifications about warning, unknown, critical, and recovery events
notification_interval 60 ; Re-notify about service problems every hour
notification_period 24×7 ; Notifications can be sent out at any time
register 0 ; DONT REGISTER THIS DEFINITION – ITS NOT A REAL SERVICE, JUST A TEMPLATE!
}

# Define a service to “ping” the local machine

define service{
use local-service ; Name of service template to use
host_name www4.couchsurfing.com
service_description PING
check_command check_ping!100.0,20%!500.0,60%
}

# Define a service to check the disk space of the root partition
# on the local machine. Warning if < 20% free, critical if
# < 10% free space on partition.

define service{
use local-service ; Name of service template to use
host_name www4.couchsurfing.com
service_description Root Partition
check_command check_local_disk!20%!10%!/
}

# Define a service to check the number of currently logged in
# users on the local machine. Warning if > 20 users, critical
# if > 50 users.

define service{
use local-service ; Name of service template to use
host_name www4.couchsurfing.com
service_description Current Users
check_command check_local_users!20!50
}

# Define a service to check the number of currently running procs
# on the local machine. Warning if > 250 processes, critical if
# > 400 users.

define service{
use local-service ; Name of service template to use
host_name www4.couchsurfing.com
service_description Total Processes
check_command check_local_procs!250!400!RSZDT
}

# Define a service to check the load on the local machine.

define service{
use local-service ; Name of service template to use
host_name www4.couchsurfing.com
service_description Current Load
check_command check_local_load!5.0,4.0,3.0!10.0,6.0,4.0
}

Upgrading kernel

Riyesh — Sat, 27 Dec 2008 08:06:33 +0000

Upgrading kernel

Situation

the existing kernel was 2.4 and the required one is 2.6

cd /usr/local/src
wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.20.1.tar.gz

tar -zxf linux-2.6.20.1.tar.gz

cd linux-2.6.20.1

Now we need to copy the existing kernel configuration file

cp /boot/config-2.4.22-1.2199.nptlsmp /usr/local/src/linux-2.6.20.1/.config

Now we need to configure the kernel using this configuration file .. for that use

make oldconfig

You can see a lot of new features for the 2.6 kernel and select the ones we need .
Then to compile and install:

make bzImage
make modules
make modules_install
make install

Once it is installed we need to edit the boot loader (/etc/grub.conf) to load the new kernel . Reboot the server

MySql Replication

Riyesh — Sat, 27 Dec 2008 01:09:11 +0000

Mysql Replication is used to get a mirror copy of master server to slave. All changes made in server is updated on slave. This can be achieved by the following steps. one thing to be notify is the master and salvemay contain the same version of mysql.

changes in master

edit /etc/my.cnf
[mysqld]
log-bin = mysql-bin
server-id = 1
restart the mysql service

enter the following commands in mysql

grant all on *.* to user@slaveip identified by ‘userpassword’ with grant option;
grant replication slave on *.* to ‘username’@masterip identified by ‘userpassword’;
show master status;

changes in slave

vi /etc/my.cnf
[mysqld]
log-bin = mysql-bin
server-id = 2
restart the mysql service

enter the following commands in mysql

grant all on *.* to username@localhost identified by ‘userpassword’;
change master to master_host=’server ip’;
change master to master_user=’username’;
change master to master_password=’userpassword’;
change master to master_log_file=’mysql-bin’;
change master to master_log_pos=561; (by command show master status; in master )

to update data from master by using the command

load data from master;

Server monitoring script!

Riyesh — Fri, 26 Dec 2008 08:31:31 +0000

Please do this script on your own risk, first test this script on test machine. then do it on live server

#!/bin/bash
EMAIL=”riyesh@linuxbuddies.com”
SUBJECT=”Alert $(hostname) load average is $L05?
TEMPFILE=”/tmp/$(hostname)”
echo “Load average Crossed allowed limit.” >> $TEMPFILE
echo “Hostname: $(hostname)” >> $TEMPFILE
echo “Local Date & Time : $(date)” >> $TEMPFILE
echo “| Uptime status: |” >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
/usr/bin/uptime >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
echo “| Top 20 CPU consuming processes: |” >> $TEMPFILE
ps aux | head -1 >> $TEMPFILE
ps aux –no-headers | sort -rn +2 | head -20 >> $TEMPFILE
echo “| Top 10 memory-consuming processes: |” >> $TEMPFILE
ps aux –no-headers| sort -rn +3 | head >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
echo “| Memory and Swap status: |” >> $TEMPFILE
/usr/bin/free -m >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
echo “| Active network connection: |” >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
/bin/netstat -tnup | grep ESTA >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
echo “| Disk Space information: |” >> $TEMPFILE
echo “——————————————-” >> $TEMPFILE
/bin/df -h >> $TEMPFILE
echo “—————–THE END——————-” >> $TEMPFILE
L05=”$(uptime|awk ‘{print $(NF-2)}’|cut -d. -f1)”
if test $L05 -gt 5
then
mail -s “$SUBJECT” “$EMAIL” < $TEMPFILE
fi
rm -f $TEMPFILE