MySQL: Recommended my.cnf Settings for InnoDB

Starting MySQL 5.5, InnoDB becomes the default storage engine replacing MyISAM. There are many performance improvements in this release. In particular, crash recovery, the automatic process that makes all data consistent when the database is restarted, is fast and reliable. (Now much much faster than long-time InnoDB users are used to.) The bigger the database, the more dramatic the speedup.

Tweaking and optimizing your MySQL database server is quite subjective, with a lot of conditions and variables need to consider. Following settings might help you improve and delivering the great InnoDB database by putting the specific value in my.cnf of your server:
Continue reading “MySQL: Recommended my.cnf Settings for InnoDB” »

Smartd Error: 1 Currently unreadable (pending) sectors

I am encountering following error in /var/log/messages:

Aug 15 03:55:42 hostname smartd[2366]: Device: /dev/sda, 1 Currently unreadable (pending) sectors

Which cause the / partition to be mounted as read-only. The server is accessible anyway but you cant do anything much inside. Lets troubleshoot this.

Collecting Information/Troubleshooting

I see read-only filesystem mounted when creating a test file in /root directory:

$ touch /root/testfile
touch: cannot touch `/root/testfile': Read-only file system

What is SMART daemon (smartd)?

Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA-3 and later ATA, IDE and SCSI-3 hard drives. The purpose of SMART is to monitor the reliability of the hard drive and predict drive failures, and to carry out different types of drive self-tests. We will use smartctl command to help us find out what is wrong with the disk.

Continue reading “Smartd Error: 1 Currently unreadable (pending) sectors” »

Linux: Setup and Enable WebDAV in Apache

WebDAV is Web-based Distributed Authoring and Versioning. In my environment, we have many web developer and programmers working on the same site, with access to some particular folder in the web development server. There are a lot of way that we can used to manage remote file and doing web publishing in the same time like FTP, SFTP, FrontPage, Samba and many other sharing protocol.

The best thing about WebDAV is it allow for file locking if someone is editing the file. It is suitable with my environment and I need to deliver this via our web server (Apache). Variables as below:

OS: CentOS 5.6 64bit
Web server: Apache 2.2.3
Web root: /home/webtest/public_html
WebDAV user1: mike
WebDAV password: mikecute
WebDAV user2: doni
WebDAV password: donifast

1. Lets start by installing Apache via yum:

$ yum install httpd* -y

Continue reading “Linux: Setup and Enable WebDAV in Apache” »

Linux: Create and Mount Swap via SSH

Some server that I am working with has no swap space mounted in the server. Swap is necessary as backup of our physical memory in case system needs more memory than what it has at that time and also increase application loading speed especially when starting and closing application.

Swap space can be setup in 2 ways, as partition or as a file. Since this server is already online and I have many free partition left in “/” partition, so it may good for me just to create swap file rather than swap partition.

My variables as below:

OS: RHEL 5.7 64bit (Tikanga)
Swap file location: /mnt/swapfile
Swap size: 4 GB

Continue reading “Linux: Create and Mount Swap via SSH” »

The Philosophy of System Administration

I found this articles in Red Hat Enterprise Linux Introduction to System Administration hand book. I highlight it here for knowledge sharing.

Although the specifics of being a system administrator may change from platform to platform, there are underlying themes that do not. These themes make up the philosophy of system administration.

 The themes are:

  • Automate everything
  • Document everything
  • Communicate as much as possible
  • Know your resources
  • Know your users
  • Know your business
  • Security cannot be an afterthought
  • Plan ahead
  • Expect the unexpected

Automate Everything

Most system administrators are outnumbered either by their users, their systems, or both. In many cases, automation is the only way to keep up. In general, anything done more than once should be examined as a possible candidate for automation.

Continue reading “The Philosophy of System Administration” »

CentOS 5: Converting Ext3 to Ext4

Ext4 (fourth extended file system) is the successor of current widely used Ext3 filesystem in Linux.

Since Ext4 filesystem already in the market, we can fully utilise this and improve IO (input/output) performance. Ext4 is well-known to be good in handling large storage, reduce up to 9 times of file system checking (fsck) time compare to Ext3 (refer to this) and also checksums in the journal.

Variables as follow:

OS: CentOS 5.6 64bit
Kernel version: 2.6.18-238.19.1.el5
Backup partition: /backup (mount from /dev/sdb)

1. First of all, its recommended to backup everything first. We will us ‘dd‘ command to backup the whole partition to another hard disk. That hard disk is attached via SATA cable. We will format the backup hard disk with ext3 filesystem and and mount as /backup partition:

$ fdisk /dev/sdb
.....
 
Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-3916, default 1):
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-3916, default 3916):
Using default value 3916
 
Command (m for help): w
The partition table has been altered!
 
......

The sequence I press in the keyboard is: n > p > 1 > enter > enter > w

Continue reading “CentOS 5: Converting Ext3 to Ext4” »

Linux: Kill Process based on Start Time (STIME)

One of the server that I am working with has some infinitely running PHP process. Due to incorrect way of cron setup by the development team, it has caused the process hanging and not ended properly. According to them, these processes can be killed if still hang after 12 hours.

Any process which run in server will have start time (STIME). You can check this by using ps command. In this case, following result will appear:

$ ps aux | grep php
root      1399  0.0  0.0  61188   740 pts/2    S+   10:10   0:00 grep php
user1  2697  0.0  0.0 100664  8340 ?        Ss   Jul04   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1  5551  0.0  0.4 171052 78832 ?        Ss   Jun25   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1  9913  0.0  0.5 174636 82392 ?        Ss   Jun22   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 11961  0.0  0.7 223276 131060 ?       Ss   May25   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 16455  0.0  0.4 171564 79420 ?        Ss   Jun24   0:01 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 17474  0.0  0.5 182060 90016 ?        Ss   Jun18   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 20094  0.0  0.6 206636 114588 ?       Ss   Jun03   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 22555  0.0  0.7 213548 121476 ?       Ss   May30   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 24670  0.0  0.7 214572 122320 ?       Ss   May30   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 28200  0.0  0.7 220204 127988 ?       Ss   May26   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 30832  0.0  0.4 170284 78168 ?        Ss   Jun25   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 30837  0.0  0.4 170114 88508 ?        Ss   23:20   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php
user1 30848  0.0  0.4 120439 80770 ?        Ss   12:20   0:00 /usr/local/bin/php /home/user1/cron/sync2server.php

Continue reading “Linux: Kill Process based on Start Time (STIME)” »

ELS: Great Server Administration Tool

ELS stands for Easy Linux Security. ELS was created by the Server Monkeys Founder, Richard Gannon. ELS takes many of the tasks performed by server administrators and puts it into an easy to use program. It is released under the GNU/GPL so it is free to use.

If you want to know more about this project, please go to this website, http://servermonkeys.com/els.php . To install this tool, just execute following command as root:

wget --output-document=installer.sh http://servermonkeys.com/projects/els/installer.sh; chmod +x installer.sh; sh installer.sh

Once installed, you should able to perform following command and output below should appear:
Continue reading “ELS: Great Server Administration Tool” »

Protect Apache Against Slowloris Attack

Slowloris allows a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. The tools used to launch Slowloris attack can be downloaded at http://ha.ckers.org/slowloris/

Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.

Following web server has been tested and NOT affected by this kind of attack:

  • IIS6.0
  • IIS7.0
  • lighttpd
  • Squid
  • nginx
  • Cherokee
  • Netscaler
  • Cisco CSS

Since Apache is vulnerable to this attack, we should do some prevention. We need to install one Apache module called mod_antiloris. The module limits the number of threads in READ state on a per IP basis and protecting Apache against the Slowloris attack. Installation instruction as below:
1. Download the installer and install from Sourceforge.net:

$ cd /usr/local/src
$ wget http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2/download
$ tar -xvjf mod_antiloris-0.4.tar.bz2
$ cd mod_antiloris-*
$ apxs -a -i -c mod_antiloris.c

2. Restart Apache:

$ service httpd restart

3. Check whether mod_antiloris is loaded:

$ httpd -M | grep antiloris
   antiloris_module (shared)

or you can check using httpd fullstatus command:

$ service httpd fullstatus | grep antiloris
   mod_antiloris/0.4

For cPanel servers, don’t forget to run following command to make sure the new modifications be checked into the configuration system by running:

$ /usr/local/cpanel/bin/apache_conf_distiller --update

We have protect our web server from Slowloris attack. Try by launch the Slowloris attack to your web server and check the Apache status page to see whether it affected or not. Cheers!

 

UPDATE! Slowloris can be used to attack any port. Refer to comment section for more details. (Thanks to Luka Paunović for the highlight!)

Setup Mail Gateway/Forwarding using Postfix

I will show you on how to setup a mail forwarding run in Postfix, which is my MX record will be the email gateway and this server will forward all emails to my mail server which run under cPanel.

What we really need is an MTA (mail transfer agent), application which route your email here and there until all the transaction complete and the email reach the destination. Variables as below:

OS: CentOS 5.5 64bit
MTA version: Postfix 2.3.3
Mail gateway IP: 28.90.150.2
Mail gateway IP: forwarder.getmail.com
Destination server (cPanel): 28.90.166.73
Domain: getmail.com, yoursetup.net and mymouse.biz

1. In this case, I already have MX record which pointing to my cPanel server for 3 domains as below:

getmail.com.    MX    10    mail.getmail.com.
mail             A          28.90.166.173
 
yoursetup.net.    MX    10    mail.yoursetup.net.
mail               A          28.90.166.173
 
mymouse.biz.    MX    10    mail.mymouse.biz.
mail             A          28.90.166.173

2. Lets setup and configure MTA and all required applications. We also need to stop sendmail (by default has been enabled by system), remove sendmail from start-up service, disable SElinux and install Postfix using yum:

service sendmail stop
chkconfig sendmail off
setenforce 0
yum install postfix -y

3. We need to do some configuration to tell Postfix what type of MTA it should be. Edit /etc/postfix/main.cf with text editor and change or uncomment following value: Continue reading “Setup Mail Gateway/Forwarding using Postfix” »