Posts Tagged ‘Installing’

Adding a nice advanced text editor to make wordpress wp-admin have Microsoft Word like edit functionality

Friday, September 16th, 2011

By the default wordpress does not have support for changing the exact font, therefore copying and pasting a text made in Open Office or MS Word often places in the Post or Page wp edit fonts different from the default one set for articles.
Hence some articles after being published on a wordpress blog show up with improper font and the only way to fix that is to change the font first in Open Office and then copy back to wordpress instead of simply being able to change the font from within the wordpress article.

To get around this problem, there is a nice plugin fckeditor-for-wordpress-plugin which aids wordpress with an awesome Word like edit functionalities.
, downhload location for FCKEdit for WordPress is here

Here is a screenshot of the extra nice functionality the FCKEditor for wordpress providces.

FCKEDitor for wordpress extra functionality screenshot

Installing the plugin is like installing any other wordpress plugin and comes easily to:

debian:/~# cd /var/www/blog/wp-content/plugins
debian:/plugins# wget http://downloads.wordpress.org/plugin/fckeditor-for-wordpress-plugin.3.3.1.zip
...
debian:/plugins# unzip fckeditor-for-wordpress-plugin.3.3.1.zip
...
debian:/plugins# cd fckeditor-for-wordpress-plugin/

And further enabling the plugin from:

Plugins -> Inactive -> (Dean's FCKEditor For WordPress) Enable

fckeditor for wordpress will replace the default wordpress editor TinyMCE straight after being enabled.
 I’ve done also a mirror of the current version as of time of writting of this article, one can  download the fckeditor for wordpress mirrored here 
Now really file editting inside wordpress admin panel is way easier and convenient 😉 Cheers

Secure Apache webserver against basic Denial of Service attacks with mod_evasive on Debian Linux

Wednesday, September 7th, 2011

Secure Apache against basic Denial of Service attacks with mod evasive, how webserver DDoS works

One good module that helps in mitigating, very basic Denial of Service attacks against Apache 1.3.x 2.0.x and 2.2.x webserver is mod_evasive

I’ve noticed however many Apache administrators out there does forget to install it on new Apache installations or even some of them haven’t heard about of it.
Therefore I wrote this small article to create some more awareness of the existence of the anti DoS module and hopefully thorugh it help some of my readers to strengthen their server security.

Here is a description on what exactly mod-evasive module does:

debian:~# apt-cache show libapache2-mod-evasive | grep -i description -A 7

Description: evasive module to minimize HTTP DoS or brute force attacks
mod_evasive is an evasive maneuvers module for Apache to provide some
protection in the event of an HTTP DoS or DDoS attack or brute force attack.
.
It is also designed to be a detection tool, and can be easily configured to
talk to ipchains, firewalls, routers, and etcetera.
.
This module only works on Apache 2.x servers

How does mod-evasive anti DoS module works?

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address which matches the criterias:

  • Requesting the same page more than number of times per second
  • Making more than N (number) of concurrent requests on the same child per second
  • Making requests to Apache during the IP is temporarily blacklisted (in a blocking list – IP blacklist is removed after a time period))

These anti DDoS and DoS attack protection decreases the possibility that Apache gets DoSed by ana amateur DoS attack, however it still opens doors for attacks who has a large bot-nets of zoombie hosts (let’s say 10000) which will simultaneously request a page from the Apache server. The result in a scenario with a infected botnet running a DoS tool in most of the cases will be a quick exhaustion of system resources available (bandwidth, server memory and processor consumption).
Thus mod-evasive just grants a DoS and DDoS security only on a basic, level where someone tries to DoS a webserver with only possessing access to few hosts.
mod-evasive however in many cases mesaure to protect against DoS and does a great job if combined with Apache mod-security module discussed in one of my previous blog posts – Tightening PHP Security on Debian with Apache 2.2 with ModSecurity2
1. Install mod-evasive

Installing mod-evasive on Debian Lenny, Squeeze and even Wheezy is done in identical way straight using apt-get:

deiban:~# apt-get install libapache2-mod-evasive
...

2. Enable mod-evasive in Apache

debian:~# ln -sf /etc/apache2/mods-available/mod-evasive.load /etc/apache2/mods-enabled/mod-evasive.load

3. Configure the way mod-evasive deals with potential DoS attacks

Open /etc/apache2/apache2.conf, go down to the end of the file and paste inside, below three mod-evasive configuration directives:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097DOS
PageCount 30
DOSSiteCount 40
DOSPageInterval 2
DOSSiteInterval 1
DOSBlockingPeriod 120
#DOSEmailNotify hipo@mymailserver.com
</IfModule>

In case of the above configuration criterias are matched, mod-evasive instructs Apache to return a 403 (Forbidden by default) error page which will conserve bandwidth and system resources in case of DoS attack attempt, especially if the DoS attack targets multiple requests to let’s say a large downloadable file or a PHP,Perl,Python script which does a lot of computation and thus consumes large portion of server CPU time.

The meaning of the above three mod-evasive config vars are as follows:

DOSHashTableSize 3097 – Increasing the DoSHashTableSize will increase performance of mod-evasive but will consume more server memory, on a busy webserver this value however should be increased
DOSPageCount 30 – Add IP in evasive temporary blacklist if a request for any IP that hits the same page 30 consequential times.
DOSSiteCount 40 – Add IP to be be blacklisted if 40 requests are made to a one and the same URL location in 1 second time
DOSBlockingPeriod 120 – Instructs the time in seconds for which an IP will get blacklisted (e.g. will get returned the 403 foribden page), this settings instructs mod-evasive to block every intruder which matches DOSPageCount 30 or DOSSiteCount 40 for 2 minutes time.
DOSPageInterval 2 – Interval of 2 seconds for which DOSPageCount can be reached.
DOSSiteInterval 1 – Interval of 1 second in which if DOSSiteCount of 40 is matched the matched IP will be blacklisted for configured period of time.

mod-evasive also supports IP whitelisting with its option DOSWhitelist , handy in cases if for example, you should allow access to a single webpage from office env consisting of hundred computers behind a NAT.
Another handy configuration option is the module capability to notify, if a DoS is originating from a number of IP addresses using the option DOSEmailNotify
Using the DOSSystemCommand in relation with iptables, could be configured to filter out any IP addresses which are found to be matching the configured mod-evasive rules.
The module also supports custom logging, if you want to keep track on IPs which are found to be trying a DoS attack against the server place in above shown configuration DOSLogDir “/var/log/apache2/evasive” and create the /var/log/apache2/evasive directory, with:
debian:~# mkdir /var/log/apache2/evasive

I decided not to log mod-evasive DoS IP matches as this will just add some extra load on the server, however in debugging some mistakenly blacklisted IPs logging is sure a must.

4. Restart Apache to load up mod-evasive debian:~# /etc/init.d/apache2 restart
...

Finally a very good reading which sheds more light on how exactly mod-evasive works and some extra module configuration options are located in the documentation bundled with the deb package to read it, issue:

debian:~# zless /usr/share/doc/libapache2-mod-evasive/README.gz

Scanning shared hosting servers to catch abusers, unwanted files, phishers, spammers and script kiddies with clamav

Friday, August 12th, 2011

Clamav scanning shared hosting servers to catch abusers, phishers, spammers, script kiddies etc.  logo

I’m responsible for some GNU/Linux servers which are shared hosting and therefore contain plenty of user accounts.
Every now and then our company servers gets suspended because of a Phishing websites, Spammers script kiddies and all the kind of abusers one can think of.

To mitigate the impact of the server existing unwanted users activities, I decided to use the Clamav Antivirus – open source virus scanner to look up for potentially dangerous files, stored Viruses, Spammer mailer scripts, kernel exploits etc.

The Hosting servers are running latest CentOS 5.5. Linux and fortunately CentOS is equipped with an RPM pre-packaged latest Clamav release which of the time of writting is ver. (0.97.2).

Installing Clamav on CentOS is a piece of cake and it comes to issuing:

[root@centos:/root]# yum -y install clamav
...

After the install is completed, I’ve used freshclam to update clamav virus definitions

[root@centos:/root]# freshclam
ClamAV update process started at Fri Aug 12 13:19:32 2011
main.cvd is up to date (version: 53, sigs: 846214, f-level: 53, builder: sven)
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 81.91.100.173)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 163.1.3.8)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: getfile: daily-13357.cdiff not found on remote server (IP: 193.1.193.64)
WARNING: getpatch: Can't download daily-13357.cdiff from db.gb.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 13431, sigs: 173670, f-level: 60, builder: arnaud)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 144, sigs: 41, f-level: 60, builder: edwin)
Database updated (1019925 signatures) from db.gb.clamav.net (IP: 217.135.32.99)

In my case the shared hosting hosted websites and FTP user files are stored in /home directory thus I further used clamscan in the following way to check report and log into file the scan results for our company hosted user content.

[root@centos:/root]# screen clamscan -r -i --heuristic-scan-precedence=yes --phishing-scan-urls=yes --phishing-cloak=yes --phishing-ssl=yes --scan-archive=no /home/ -l /var/log/clamscan.log
home/user1/mail/new/1313103706.H805502P12513.hosting,S=14295: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1313111001.H714629P29084.hosting,S=14260: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1305115464.H192447P14802.hosting,S=22663: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/new/1311076363.H967421P17372.hosting,S=13114: Heuristics.Phishing.Email.SpoofedDomain FOUND/home/user1/mail/domain.com/infos/cur/859.hosting,S=8283:2,S: Heuristics.Phishing.Email.SSL-Spoof FOUND/home/user1/mail/domain.com/infos/cur/131.hosting,S=6935:2,S: Heuristics.Phishing.Email.SSL-Spoof FOUND

I prefer running the clamscan in a screen session, because it’s handier, if for example my ssh connection dies the screen session will preserve the clamscan cmd execution and I can attach later on to see how scan went.

clamscan of course is slower as it does not use Clamav antivirus daemon clamd , however I prefer running it without running the daemon, as having a permanently running clamd on the servers sometimes creates problems or hangs and it’s not really worthy to have it running since I’m intending to do a clamscan no more than once per month to see some potential users which might need to be suspended.

Also later on, after it finishes all possible problems are logged to /var/log/clamscan.log , so I can read the file report any time.

A good idea might also be to implement the above clamscan to be conducted, once per month via a cron job, though I’m still in doubt if it’s better to run it manually once per month to search for the malicious users content or it’s better to run it via cron schedule.

One possible pitfall with automating the above clamscan /home virus check up, might be the increased load it puts to the system. In some cases the Webserver and SQL server might be under a heavy load at the exactly same time the clamscan cron work is running, this might possible create severe issues for users websites, if it’s not monitored.
Thus I would probably go with running above clamscan manually each month and monitor the server performance.
However for people, who have “iron” system hardware and clamscan file scan is less likely to cause any issues, probably a cronjob would be fine. Here is sample cron job to run clamscan:

10 05 01 * * clamscan -r -i --heuristic-scan-precedence=yes --phishing-scan-urls=yes --phishing-cloak=yes --phishing-ssl=yes --scan-archive=no /home/ -l /var/log/clamscan.log >/dev/null 2>&1

I’m interested to hear if somebody already is using a clamscan to run on cron without issues, once I’m sure that running it on cron would not lead to server down-times, i’ll implement it via cron job.

Anyone having experience with running clamscan directory scan through crond? 🙂

Installing HTOP on CentOS 5.5 OpenVZ Linux server from source

Friday, July 22nd, 2011

Htop Cool picture logo / htop on CentOS OpenVZ

Lately, I’m basicly using htop‘s nice colourful advanced Linux top command frontend in almost every server I manage, therefore I’ve almost abondoned top usage these days and in that reason I wanted to have htop installed on few of the OpenVZ CentOS 5.5 Linux servers at work.

I looked online but unfortunately I couldn’t find any rpm pre-built binary packages. The source rpm package I tried to build from dag wieers repository failed as well, so finally I went further and decided to install htop from source

Here is how I did it:

1. Install gcc and glibc-devel prerequired rpm packages

[root@centos ~]# yum install gcc glibc-devel

2. Download htop and compile from source

[root@centos src]# cd /usr/local/src
[root@centos src]# wget "http://sourceforge.net/projects/htop/files/htop/0.9/htop-0.9.tar.gz/download"
Connecting to heanet.dl.sourceforge.net|193.1.193.66|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 418767 (409K) [application/x-gzip]
Saving to: "download"

100%[======================================>] 418,767 417K/s in 1.0s
2011-07-22 13:30:28 (417 KB/s) – “download” saved [418767/418767]

[root@centos src]# mv download htop.tar.gz
[root@centos src]# tar -zxf htop.tar.gz
[root@centos src]# cd htop-0.9
[root@centos htop-0.9]# ./configure && make && make install

make install should install htop to /usr/local/bin/htop

That’s all folks! , now my OpenVZ CentOS server is equipped with the nifty htop tool 😉

Installing the phpbb forum on Debian (Squeeze/Sid) Linux

Saturday, September 11th, 2010

howto-easily-install-phpbb-on-debian-gnu-linux

I've just installed the phpbb forum on a Debian Linux because we needed a goodquick to install communication media in order to improve our internal communication in a student project in Strategic HR we're developing right now in Arnhem Business School.

Here are the exact steps I followed to have a properly it properly instlled:

1. Install the phpbb3 debian package
This was pretty straight forward:

debian:~# apt-get install phpbb3

At this point of installation I've faced a dpkg-reconfigure phpbb deb package configuration issue:
I was prompted to pass in the credentials for my MySQL password right after I've selected the MySQL as my preferred database back engine.
I've feeded my MySQL root password as well as my preferred forum database name, however the database installation failed because, somehow the configuration procedure tried to connect to my MySQL database with the htcheck user.
I guess this has to be a bug in the package itself or something from my previous installation misconfigured the way the debian database backend configuration was operating.
My assumption is that my previously installed htcheck package or something beforehand I've done right after the htcheck and htcheck-php packages installation.

after the package configuration failed still the package had a status of properly installed when I reviewed it with dpkg
I've thought about trying to manually reconfigure it using the dpkg-reconfigure debian command and I gave it a try like that:

debian:~# dpkg-reconfigure phpbb3

This time along with the other fields I've to fill in the ncurses interface I was prompted for a username before the password prompted appeared.
Logically I tried to fill in the root as it's my global privileges MySQL allowed user.
However that didn't helped at all and again the configuration tried to send the credentials with user htcheck to my MySQL database server.
To deal with the situation I had to approach it in the good old manual way.

2. Manually prepare / create the required phpbb forum database

To completet that connected to the MySQL server with the mysql client and created the proper database like so:

debian:~# mysql -u root -p
mysql>
CREATE database phpbb3forum;

3. Use phpmyadmin or the mysql client command line to create a new user for the phpbb forum

Here since adding up the user using the phpmyadmin was a way easier to do I decided to go that route, anyways using the mysql cli is also an option.

From phpmyadmin It's pretty easy to add a new user and grant privileges to a certain database, to do so navigate to the following database:

Privileges -> -> Add a new user ->

Now type your User name: , Host , Password , Re-type password , also for a Host: you have to choose Local from the drop down menu.

Leave the Database for user field empty as we have already previously created our desired database in step 2 of this article

Now press the "Go" button and the user will get created.

Further after choose the Privileges menu right on the bottom of the page once again, select through the checkbox the username you have just created let's say the previously created user is phpbb3

Go to Action (There is a picture with a man and a pencil on the right side of this button

Scroll down to the page part saying Database-specific privileges and in the field Add privileges on the following database: fill in your previosly created database name in our case it's phpbb3forum

and then press the "Go" button once again.
A page will appear where you will have to select the exact privileges you would like to grant on the specific selected database.
For some simplicity just check all the checkbox to grant as many privilegs to your database as you could.
Then again you will have to press the "Go" button and there you go you should have already configured an username and database ready to go with your new phpbb forum.

4. Create a virtualhost if you would like to have the forum as a subdomain or into a separate domain

If you decide to have the forum on a separate sub-domain or domain as I did you will have to add some kind of Virtualhost into either your Apache configuration /etc/apache2/apache2.conf or into where officially the virutualhosts are laid in Debian Linux in /etc/apache2/sites-available
I've personally created a new file like for instance /etc/apache2/sites-available/mysubdomain.mydomain.com

Here is an example content of the new Virtualhost:

<VirtualHost *>
ServerAdmin admin-email@domain.com
ServerName mysubdomain.domain.com

# Indexes + Directory Root.
DirectoryIndex index.php index.php5 index.htm index.html index.pl index.cgi index.phtml index.jsp index.py index.asp

DocumentRoot /usr/share/phpbb3/www/

# Logfiles
ErrorLog /var/log/apache2/yourdomain/error.log
CustomLog /var/log/apache2/yourdomain/access.log combined
# CustomLog /dev/null combined
<Directory /usr/share/phpbb3/www/>
Options FollowSymLinks MultiViews -Includes ExecCGI
AllowOverride All
Order allow,deny
allow from all </Directory>
</VirtualHost>

In above Virtualhost just change the values for ServerAdmin , ServerName , DocumentRoot , ErrorLog , CustomLog and Directory declaration to adjust it to your situation.

5. Restart the Apache webserver for the new Virtualhost to take affect

debian:~# /etc/init.d/apache2 restart

Now accessing your http://mysubdomain.domain.com should display the installed phpbb3 forum
The default username and password for your forum you can use straight are:

username: admin
password: admin

So far so good you by now have the PHPBB3 forum properly installed and running, however if you try to Register a new user in the forum you will notice that it's impossible because of a terrible ugly message reading:

Sorry but this board is currently unavailable.

I've spend few minutes online to scrape through the forums before I can understand what I have to stop that annoying message from appearing and allow new users to register in the phpbb forum

The solution came natural and was a setting that had to be changed with the forum admin account, thus login as admin and look at the bottom of the page, below the text reading Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group you will notice a link with Administration Control Panel
just press there a whole bunch of menus will appear on the screen allowing you to do numerous things, however what you will have to do is go to
Board Settings -> Disable Board

and change the radio button there to say No

That's all now your forum will be ready to go and your users can freely register and if the server where the forum is installed has an already running mail server, they will receive an emails with a registration data concerning their new registrations in your new phpbb forum.
Cheers and Enjoy your new shiny phpbb Forum 🙂

Installing SuPHP on Debian Lenny 5.04 with Apache 2.2.9

Thursday, February 18th, 2010

My daily duties as a sys admin today included installation and configuration of SuPHP .
SuPHP is an apache dynamic module for executing PHP scripts with the permissions of their owners. It consists basicly of twoparts Apache module (mod_suphp) and a setuid root binary (suphp). The suphp module is invoked by the mod_suphp module and instructsApache to change the user id (uid) of the process executing the PHP script.
SuPHP is not a standard Apache module so it’s not 100% tested. Therefore from security point of view it’s better not to use SuPHP.
So beware use it at your own risk! You better know what you’re doing if you’re installing this piece of soft.

The official SuPHP documentation is rather I would say archaic and it’s completely out of date. Though according to the official documentation it’s noted that suphp module won’t work with Apache 2.2.x, it actually works perfectly fine.
I’ve checked and I couldn’t find any tutorials on installing suphp on Debian Lenny therefore I decided to write this tutorial to shed some light on it.
So enough talk let’s approach to the installation and configuration of suphp;

1. Install the module itself from the debian package

debian-server# apt-get install libapache2-mod-suphp
Debian will enable the mod_suphp automatically after installation, though this kind of behaviour is pretty stupid, since it won’t disable mod_php5 which is enabled by default.

2 Therefore we need to disable mod_php5 from executing to enable suphp.

debian-server# a2dismod php5

3. Enable suphp globally for the Apache
Edit /etc/apache2/apache2.conf and put in the end of the configuration file

# Enable SuPHP
suPHP_Engine on
suPHP_AddHandler application/x-httpd-php .php

In my case I’m not using Debian’s default DocumentRoot website location for both my Apache and my VirtualHosts, therefore I need also to configure
suphp.conf

4. Edit /etc/suphp/suphp.conf and change;

;Path all scripts have to be in
docroot=/var/www/

to let’s say:
;Path all scripts have to be in
docroot=/home/

5. Restart your Apache server

debian-server# /etc/init.d/apache2 restart

Now test if mod_suphp is working on your Apache. We will test it through a tiny php script;
Paste the script to let’s say suphp.php

<? system( "id" ); ?>

Now if suphp is working you’ll see something like:
uid=1002(myuser) gid=1002(myuser) groups=1002(myuser)
instead of the default;
uid=33(www-data) gid=33(www-data) groups=32(www-data)

Now there are a few more drawbacks with SuPHP which I feel obliged to discuss.
On the first place suphp will excecute through php5-cgi and therefore the script execution
should be considered a way slower comparing to the default mod_php5.
I cannot precisely tell how much slower would be php script execution compared to mod_php5 but I
pressume at least 10 to 20% of the usual performance will be gone.
One of the possible ways to speed-up php execution in that case is to use mod_fastcgi.

Installing usual Software Tools and Development header files and libraries on a newly installed Debian Server

Thursday, February 11th, 2010

Today I start my work as a system administrator for a new IT company.
My first duties include configuration and installation of some usual programs
used in everyday's sys admin job.
In that manner of thoughts I have long ago realized there is a common group of
tools and software I had to install on almost each and every new configured
Debian GNU / Linux running Server.
Here is a list of packages I usually install on new Debian systems,
even though this exact commands are expected to be executed on Debian (5.0) Lenny
I believe they are quite accurate for Debian Testing and Debian Testing/Unstable,
bleeding edge distributions.
Before I show you the apt-get lines with all the packages, I would advice you to install
and use netselect-apt to select the fastest Debian package mirror near you
So to install and use run the following commands;

aptitude install netselect-apt
netselect-apt -n lenny

Now as netselect-apt would have tested for the fastest mirror and created sources.list
file in your current directory, open the sources.list file and decide what should enter your
official /etc/apt/sources.list file or in other words merge the two files as you like.
Good, now as we have a fast mirror to download our packages let's continue further with the
packages to install.
Excecute the following command to install some of the basic tools and packages:

# install some basic required tools, software and header files
debian-server:~# apt-get install tcpdump mc ncurses-dev htop iftop iptraf nmap tcpdump apache2 apachetop
mysql-server-5.0 phpmyadmin vnstat rsync traceroute tcptrace e2fsprogs hddtemp finger mtr-tiny
netcat screen imagemagick flex snort mysql-server-5.0 sysstat lm-sensors alien rar unrar util-linux curl
vim lynx links elinks sudo autoconf gcc build-essential dpkg-dev webalizer awstats

Herein I'll explain just a few of the installed package and their install
purpose,as they could be unknown to some of the people out there.

apachetop - monitors apache log file in real time similar to gnu top
iftop - display bandwidth usage on selected interface interactively
vnstat - show inbound & outbound traffic usage on selected network interfaces
e2fsprogs - some general tools for creation of ext2 file systems etc.
hddtemp - Utility to monitor hard drive temperature
mtr-tiny - matt's traceroute great traceroute proggie
netcat - TCP/IP swiss army knife, quite helpful for network maintance tasks
snort - an Intrusion Detecting System
build-essential - installs basic stuff required for most applications compiled from source code
sysstat - generates statistics about server load each and every ten minutes, check man for more
lm-sensors - enables you to track your system hardware sensors information and warn in CPU heatups etc.

I believe the rest of them are no need to be explained, if you're not familiar with them check the manuals.
So far so good but this is not all I had to install, as you probably know most Apache webservers nowadays
are running PHP and are using a dozen of PHP libraries / extensions not originally bundled with PHP install
Therefore here are some more packages related to php to install that would install some more php goodies.

# install some packages required for many php enabled applications
debian-esrver:~# apt-get install php-http php-db php-mail php-net-smtp php-net-socket php-pear php-xml-parser
php5-curl php5-gd php5-imagick php5-mysql php5-odbc php5-recode php5-sybase php5-xmlrpc php5-dev

As I said that is mostly the basic stuff that is a must have on most of the Debian servers I have
configured this days, of course this is not applicable to all situations, however I hope
this would be of use to somebody out there.

Installing hardware RAID monitor on IBM xseries 345 model 8670, IBM Server RAID monitoring via IBM’s RAID software RaidMan on 32 bit (i386) Debian Etch

Friday, October 16th, 2009

Following my prescriptions the company where I work for has bought two hard drives for one of the servers we use for website hosting. The two drives are with capacity of 80GB.

Yesterday I spend part of the day communicating with the tech support in the colocation center in (Evolink) Sofia Thanks God the hardware raid building has been succesfully managed by one of my colleagues working in Evolink.
However he mentioned that some kind of warnings were present in the previous existing RAID 1 array.
To be honest I’ve never thought before about monitoring the RAID array, before the tech support guy suggested to check the warning messages the raid array issues.

To build the hardware array during boot, (Kalin), that’s how the technical support in Evolink is called, he had to download the cd with software for our IBM xseries 8670, and then boot up from the cd
following the instructions in the Server manual to build the array. Anyways that obviously went smoothly as I already mentioned. Taking in consideration his suggestions for monitoring the drives in the RAID array.

I did some research in Google and came across the following Ubuntu’s forums thread Monitoring utility for IBM ServerRAID .
The thread dealt with converting the original RPM package bundled on the IBM software original CD to a deb package in order to make it properly installable and integrated into debian based systems (debian, ubuntu).

Since our current OS of choice on the IBM server is Debian Etch linux, I had the follow the part in the Article from the post dealing with 32 bit rpm package conversion. Everything explained in the forum worked out-of-the-box happily, no settle backs occured. Thus I’ll present the steps here literally required to be partaked to achieve
the proper install of IBM’s hardware monitoring software:

1. Download the IBM ServerRAID application CD from IBM Support's Website
Link to the ISO at the time of writting this post can be obtained from IBM ServerRAID application CD ,

just make sure you use a browser and accept the license agreement before the download proceeds
2. Install the following 3 packages,
# apt-get install alien fakeroot libstdc++5

3. link sort required, cause in Redhat sort is located on a different place
# ln -s /usr/bin/sort /bin/sort

4.Mount the downloaded iso
# mount -o loop ibm_sw_srapp_9.00-16973_anyos_32-64.iso /media/cdrom

5. Copy rpm to /some/directory and convert it to .deb package
# cp /media/cdrom/linux/manager/RaidMan-9.00.i386.rpm /some/directory
# cd /some/directory
# fakeroot alien -c RaidMan-9.00.i386.rpm
Next tweak some scripts to make it Debian/Ubuntu native

6.
# mkdir -p raidman_9.00-1_i386/DEBIAN

7.
# dpkg -x raidman_9.00-1_i386.deb raidman_9.00-1_i386/

8.
# dpkg -e raidman_9.00-1_i386.deb raidman_9.00-1_i386/DEBIAN

9.
# vim raidman_9.00-1_i386/DEBIAN/postinst

10.
# (remove the line containing “chkconfig –add raid_agent”
Next open:
# vim raidman_9.00-1_i386/DEBIAN/postrm
# chkconfig –del raid_agent

11.
# dpkg -b raidman_9.00-1_i386/ raidman_9.00-1_i386.deb
12. Now install the new .deb raidman package
# dpkg -i raidman_9.00-1_i386.deb

13. With God’s help everything should go smoothly and now you should have
a working raid monitoring software on your Debian Server
To start the raid agent issue the command:

# /etc/init.d/raid_agent start

Here is also a download link to raidman_9.00-1_i386.deb

Installing a new server

Friday, October 19th, 2007

On monday I was in Varna to install a new server. The old one is a P3 450 Mhz 320 MB of RAMsince the developers work on the samba the machine is heavy loaded and the collegues’s workis being often interrupted waiting for files to save on the machine etc.The new server is a 2 CPU Xeon (3.2 Ghz), pretty neat box. It took me 2 days to configurethe machine because I experienced problems with the Hardware (Motherboard included VIA RAID 6410).I prayed God to bless me be able to make the machine and ofcourse it happened. Since Wednesdaythe new server works smoothly. It’s running SAMBA, Apache, MySQL and some routine backupping scriptsetc. Actually I ended installing a software RAID, VIA seems to have support only for 2.4.x kernels.I was thinking about installing FreeBSD but eventually I ended with Debian 4.0.Today I had to configure some Squid ACLs because the boss wanted to filter some job recruitmentsites for the users in the office. Also I installed the ipp2p kernel module on the Internet Gatewayto drop all torrent based traffic. I had to make one redirect from 10.10.10.1:80 -> 10.10.10.2:80 I thoughtabout the classical way to redirect port but it didn’t worked after some investigation and helpfrom the people on irc.freenode.net #iptables I figured out If you have to redirect ports on thesame subnet then you have to have also one more SNAT ruleEND—–