Posts Tagged ‘ups’

How to find how much power (electricity) consumption a server or PC has?

Friday, November 2nd, 2012

Kill-A-Watt track system power electricty consumption on GNU / Linux servers and FreeBSD
A friend of mine today ask me if I have clue if it is possible to track his home computer Consumption with some piece of Software?

The question is quite interesting, since I run a home server with Linux and it would have been nice if I can exactly track how much electricity per month it  consumes

Now knowing, the answer I first checked online for some kind of software and all I can find something that does something similar but all can find is powertop.

Though powertop is nice Linux tool to keep an eye which program on PC consumes most from overall consumed electricity and order the programs and modules based on electricity consumption it is not providing information on overall electricity consumption.

As the topic seem to be some interesting, I've decided to ask in irc.freenode.net #deiban
Here is a paste from  irssi channel log:

17:21 < hipodilski> hi any idea, how can I find how much electricity a server conmuses per month
17:21 < hipodilski> is there some some kind of software
17:21 -!- digdilem [~digdilem@plague.digdilem.org] has joined #debian
17:22 < babilen> hipodilski: I would recommend an electricity meter rather than software
17:22 -!- tommy_e [~tommy@81.27.221.202] has quit [Ping timeout: 260 seconds]
17:22 < jelly-home> watt meters ftw
17:22 -!- msx [~msx@190.194.114.10] has joined #debian
17:22 -!- blackshirt [~najwa@103.3.223.5] has left #debian []
17:23 < hipodilski> yes but i don't have electricity metter, if there is software it would be interesting to try it
17:23 -!- badiane [~gdurand@D8FF67fa.cst.lightpath.net] has quit [Remote host closed the connection]
17:23 < xand> hipodilski: no, you need a hardware device.
17:23 < jelly-home> now everything can be solved in software, hipodilski
17:23 < jelly-home> not*
17:23 < jelly-home> dammit
17:23 < xand> unless you have a very fancy PSU, software can't find that out
17:23 < babilen> jelly-home: hehe, nice typo !
17:23 < vacuous> hipodilski yes
17:24 < HelloShitty> nsadmin, are you out of ideas for me?
17:24 < vacuous> there's various devices that do it
17:24 -!- firecode [~irc@unaffiliated/firecode] has joined #debian
17:24 < vacuous> you can either get a killawat which are highly innacurate but it might give you a clue
17:24 < vacuous> and they're very cheap too
17:25 < vacuous> you can get a device which measures your entire houses electric, then you just turn off all the appliances and run the
                 server only
17:25 -!- trysten [~trysten@37-251-103-145.FTTH.ispfabriek.nl] has quit [Quit: be back]
17:25  * babilen likes that approach
17:25 < babilen> But this is getting a bit too off-topic. Maybe hipodilski wants to take it to #debian-offtopic
17:25 < vacuous> or you can keep all fridges on, check what the reading is and then negate that from the total
17:25 < hipodilski> yes thanks 🙂
 

The answer makes it clear right of time of writing this post there is no software for Linux or BSD that keeps track electricity consumption daily or monthly

I've googled to see what is Kill-A-Watt hardware? and found fuzzy named device Kill-A-Watt for sale on ThinkGeek's website for the not so expensive 24.99$

To use Kill-A-Watt device is to be connected inside the power plug and then PC or Server has to be plugged into  Kill-A-Watt dev. I've red also (while researching) many Intelligent UPS devs has support for keeping log of discharged energy, so just buying a good UPS with web administrator or even a cheap one providing statistical information of UPS use via serial port should be another alternative to track ur server consumption.

Script to Automatically change current MySQL server in wp-config.php to another MySQL host to minimize WordPress and Joomla downtimes

Friday, July 20th, 2012

I'm running a two servers for a couple of home hosted websites. One of the servers is serving as Apache host1 and has configured MySQL running on it and the second is used just for database host2 – (has another MySQL configured on it).
The MySQL servers are not configured to run as a MySQL MASTER and MySQL SLAVE (no mysql replication), however periodically (daily), I have a tiny shell script that is actualizing the data from the active SQL host2 server to host1.

Sometimes due to electricity problems or CPU overheats the active MySQL host at host2 gets stoned and stops working causing the 2 WordPress based websites and One joomla site inaccessible.
Until I manually get to the machine and restart host2 the 3 sites are down from the net and as you can imagine this has a very negative impact on the existing website indexing (PageRank) in Google.

When I'm at home, this is not a problem as I have physical access to the servers and if somethings gets messy I fix it quickly. The problem comes, whether I'm travelling or in another city far from home and there is no-one at home to give the hanged host hard reboot ….

Lately the problems with hang-ups of host2 happaned 3 times or so for 2 weeks, as a result the websites were inaccessible for hours and since there is nobody to reboot the server for hours; the websites keep hanging until the DB host is restarted ;;;;

To work-around this I came with the idea to write a tiny shell script to check if host2 is ping-able in order to assure the Database host is not down and then if script determines host2 (mysql) host is down it changes wp-config.php (set to use host2) to a wp-config.php (which I have beforehand configured to use) host1.

Using the script is a temporary solution, since I have to actually find the real hang-up causing troubles, but at least it saves me long downtimes. Here is a download link to the script I called change_blog_db.sh .
I've configured the script to be run on the Apache node (host1) via a crontab calling the script every 10 minutes, here is the crontab:
 

*/10 * * * * /usr/sbin/change_blog_db.sh > /dev/null 2>&1

The script is written in a way so if it determins host2 is reachable a copy of wp-config.php and Joomla's configuration.php tuned to use host2 is copied over the file config originals. In order to use the script one has to configured the head variables script section, e.g.:

host_to_ping='192.168.0.2';
blog_dir='/var/www/blog';
blog_dir2='/var/www/blog1';blog_dir3='/var/www/joomla';
notify_mail='hipo@pc-freak.net';
wp_config_orig='wp-config.php';
wp_config_localhost='wp-config-localhost.php';
wp_config_other_host='wp-config-192.168.0.2.php';
joomla_config_orig='configuration.php';
joomla_config_other_host='configuration-192.168.0.2.php';

You will have to manually prepare;;;

wp-config-localhost.php, wp-config-192.168.0.2.php ,configuration-192.168.0.2.php, wp-config-localhost.php to be existing files configured to with proper host1 and host2 IP addresses.
Hope the script will be useful to others, experiencing database downtimes with WordPress or Joomla installs.
 

How to disable ACPI (power saving) support in FreeBSD / Disable acpi on BSD kernel boot time

Tuesday, May 15th, 2012

FreeBSD disable ACPI how ACPI Basic works basic diagram

On FreeBSD the default kernel is compiled to support ACPI. Most of the modern PCs has already embedded support for ACPI power saving instructions.
Therefore a default installed FreeBSD is trying to take advantage of this at cases and is trying to save energy.
This is not too useful on servers, because saving energy could have at times a bad impact on server performance if the server is heavy loaded at times and not so loaded at other times of the day.

Besides that on servers saving energy shouldn't be the main motivator but server stability and productivity is. Therefore in my personal view on FreeBSD used on servers it is better to disable complete the ACPI in order to disable CPU fan control to change rotation speeds all the time from low to high rotation cycles and vice versa at times of low / high server load.

Another benefit of removing the ACPI support on a server is this would probably increase the CPU fan life span and possibly prevent the CPU to be severely heated at times.

Moreover, some piece of hardware might have troubles in properly supporting ACPI specifications and thus ACPI could be a reason for unexpected machine hang ups.

With all said I would recommend to anyone willing to use BSD for a server to disable the ACPI (Advanced Configuration and Power Interface), just like I did.

Here is how;

1. Quick review on how ACPI is handled on FreeBSD

acpi support is being handled on FreeBSD by a number of loadable kernel modules, here is a complete list of all the kernel modules dealins with acpi:

freebsd# cd /boot
freebsd# find . -iname '*acpi*.ko'
./kernel/acpi.ko
./kernel/acpi_aiboost.ko
./kernel/acpi_asus.ko
./kernel/acpi_fujitsu.ko
./kernel/acpi_ibm.ko
./kernel/acpi_panasonic.ko
./kernel/acpi_sony.ko
./kernel/acpi_toshiba.ko
./kernel/acpi_video.ko
./kernel/acpi_dock.ko

By default on FreeBSD, if hardware has some support for ACPI the acpi gets activated by acpi.ko kernel module. The specific type of vendors specific ACPI like IBM, ASUS, Fujitsu are controlled by the respective kernel module from the list …

Hence, to control if ACPI is loaded or not on a FreeBSD system with no need to reboot one can use kldload, kldunload module management BSD cmds.

a) Check if acpi is loaded on a BSD

freebsd# kldstatkldstat | grep -i acpi
9 1 0xc9260000 57000 acpi.ko

b) unload kernel enabled ACPI support

freebsd# kldunload acpi

c) Load acpi support (not the case with me but someone might need it, if for instance BSD is running on laptop)

freebsd# kldload acpi

2. Disabling ACPI to load on bootup on BSD

a) In /boot/loader.conf add the following variables:

hint.acpi.0.disabled="1"
hint.p4tcc.0.disabled=1
hint.acpi_throttle.0.disabled=1


b) in /boot/device.hints add:

hint.acpi.0.disabled="1"

c) in /boot/defaults/loader.conf make sure:

##############################################################
### ACPI settings ##########################################
##############################################################
acpi_dsdt_load="NO" # DSDT Overriding
acpi_dsdt_type="acpi_dsdt" # Don't change this
acpi_dsdt_name="/boot/acpi_dsdt.aml"
# Override DSDT in BIOS by this file
acpi_video_load="NO" # Load the ACPI video extension driver

d) disable ACPI thermal monitoring

It is generally a good idea to disable the ACPI thermal monitoring, as many machines hardware does not support it.

To do so in /boot/loader.conf add

debug.acpi.disabled="thermal"

If you want to learn more on on how ACPI is being handled on BDSs check out:

freebsd# man acpi

Other alternative method to permanently wipe out ACPI support is by not compiling ACPI support in the kernel.
If that's the case in /usr/obj/usr/src/sys/GENERIC make sure device acpi is commented, e.g.:

##device acpi

 

How to exclude files on copy (cp) on GNU / Linux / Linux copy and exclude files and directories (cp -r) exclusion

Saturday, March 3rd, 2012

I've recently had to make a copy of one /usr/local/nginx directory under /usr/local/nginx-bak, in order to have a working copy of nginx, just in case if during my nginx update to new version from source mess ups.

I did not check the size of /usr/local/nginx , so just run the usual:

nginx:~# cp -rpf /usr/local/nginx /usr/local/nginx-bak
...

Execution took more than 20 seconds, so I check the size and figured out /usr/local/nginx/logs has grown to 120 gigabytes.

I didn't wanted to extra load the production server with copying thousands of gigabytes so I asked myself if this is possible with normal Linux copy (cp) command?. I checked cp manual e.g. man cp, but there is no argument like –exclude or something.

Even though the cp command exclude feature is not implemented by default there are a couple of ways to copy a directory with exclusion of subdirectories of files on G / Linux.

Here are the 3 major ones:

1. Copy directory recursively and exclude sub-directories or files with GNU tar

Maybe the quickest way to copy and exclude directories is through a littke 'hack' with GNU tarnginx:~# mkdir /usr/local/nginx-new;
nginx:~# cd /usr/local/nginx#
nginx:/usr/local/nginx# tar cvf - \. --exclude=/usr/local/nginx/logs/* \
| (cd /usr/local/nginx-new; tar -xvf - )

Copying that way however is slow, in my case it fits me perfectly but for copying large chunks of data it is better not to use pipe and instead use regular tar operation + mv

# cd /source_directory
# tar cvf test.tar --exclude=dir_to_exclude/*\--exclude=dir_to_exclude1/* . \
# mv test.tar /destination_directory
# cd /destination# tar xvf test.tar

2. Copy folder recursively excluding some directories with rsync

P>eople who has experience with rsync , already know how invaluable this tool is. Rsync can completely be used as for substitute=de.a# rsync -av –exclude='path1/to/exclude' –exclude='path2/to/exclude' source destination

This example, can also be used as a solution to my copy nginx and exclude logs directory casus like so:

nginx:~# rsync -av --exclude='/usr/local/nginx/logs/' /usr/local/nginx/ /usr/local/nginx-new

As you can see for yourself, this is a way more readable for the tar, however it will not work on servers, where rsync is not installed and it is unusable if you have to do operations as a regular users on such for that case surely the GNU tar hack is more 'portable' across systems.
rsync has also Windows version and therefore, the same methodology should be working on MS Windows and good for batch scripting.
I've not tested it myself, yet as I've never used rsync on Windows, if someone has tried and it works pls drop me a short msg in comments.
3. Copy directory and exclude sub directories and files with find

Find in collaboration with cp can also be used to exclude certain directories while copying. Actually this method is better than the GNU tar hack and surely more efficient. For machines, where rsync is not installed it is just a perfect way to copy files from location to location, while excluding some directories, here is an example use of find and cp, for the above nginx case:

nginx:~# cd /usr/local/nginx
nginx:~# mkdir /usr/local/nginx
nginx:/usr/local/nginx# find . -type d \( ! -name logs \) -print -exec cp -rpf '{}' /usr/local/nginx-bak \;

This will find all directories inside /usr/local/nginx with find command print them on the screen, then execute recursive copy over each found directory and copy to /usr/local/nginx-bak

This example will work fine in the nginx case because /usr/local/nginx does not contain any files but only sub-directories. In other occwhere the directory does contain some files besides sub-directories the files had to also be copied e.g.:

# for i in $(ls -l | egrep -v '^d'); do\
cp -rpf $i /destination/directory

This will copy the files from source directory (for instance /usr/local/nginx/my_file.txt, /usr/local/nginx/my_file1.txt etc.), which doesn't belong to a subdirectory.

The cmd expression:

# ls -l | egrep -v '^d'

Lists only the files while excluding all the directories and in a for loop each of the files is copied to /destination/directory

If someone has better ideas, please share with me 🙂

The Edukators 2004 – Die fetten Jahre sind vorbei (The Fat Year are Over) movie short review

Monday, February 6th, 2012

The Edukators movie cover

I'm in Sofia for a couple of days being a guest to a friend (thx Nomen), after my stay for a week in Bodesće (a little village nearby Bled located in Slovenia).
Yesterday on my way to sleep I wanted to see a movie and asked Nomen to recommend me a movie. His recommendation was a German-Australian movie from 2004 called The Edukators The Fat years are Over. I had absolutely no idea what it will be like so I didn't expected much but it seems the movie plot took my attention.

The movie plot revolves around 3 avarage German persons who live in Berlin. The three youngsters has just passed the 20s, Peter and Daniel (two close friends who hold some serious anti-capitalist views and does organize house break-ups without stealing.) Peter and Daniel's rich villas break-ups aim is idealistic, they don't steal but just change the order of furniture and leave messages to make rich people aware that money doesn't make them invincible…
Jule a girlfriend of Peter, becomes friend with Daniel and they fall in love, while Peter is away for a vacation. During Peters sojourn abroad Daniel tells Jule the secret (Peter and Daniel) are the Edukators whose break-ins has just recently become known via the local Berlin newspapers.
The Edukators group leave messages to every of the "victim" homes saying – "die fetten Jahre sind vorbei" – "The fat years are over", a sentence well known from the Holy Bible's story of Joseph in Egypt.

Jule works as a waitress in a luxurious restaurant but her payment is only good to cover her very basic needs as well as pay her debt (as she is already indebted as many youngsters in Germany).

Jule is more indebted compared to many of the young germans, since by accident she hit a rich businessman's car which costs 100 000 eur. Since more than a year she is working for paying the monthly bills to cover richman's car and she succeeded to pay only €55000 …

The Jule's "injustice" is just a part of the many injustices that are in society, but as the youngsters hold anarchistic and anti democratic views, this whole Mercedes crash accelerates as Jule and Daniel break up in the Luxurious Villa of the rich man whose car Jule is still paying.
The Edukators die fetten jahre sind vorbei movie cover

Just like the other break ups Jule and Daniel change completely the order of the furniture and leave the threatening message die fetten Jahre sind vorbei , this time however they do even more as they decide to drop the sofa in the pool. These time Daniel and Jule's planning is more like an venture than just a well planned Edukators break-in. Suddenly the watchdogs in the yard start barking and the two youngesters has to move quickly to prevent being taken by the police patrol.
On the next day Peter is back from his vacation and Jule realizes her mobile phone is missing (probably fallen in the pool or somewhere in the richman's mansion)… On the next night Jule and Daniel, enter the house again in hope to find and cover-up the tracks they left last night and hopefully find, Jule's missing mobile.
They don't know however the richman would arrive his villa to stay for the night. As he enter his house, the businessman encounters Jule and immediately recognizes her.
Daniel being in the other floor comes down and hits the richman from behind and he enters unconscioness. As the two are panicked they call Peter and tell him about "the villa accident". Daniel arrives immediately and the three "revolutionaries" decide to take the wealthy man who as a hostage bringing him in Jule's uncle mountain hut.
The 3 anti-current system democrats and the representative of the wealthy class has to spend few weeks together in a small house each one exposing his stand point and philosophy. Little by little the 4 people become friends and a dramma between Daniel and Peter emerges as Jule is now in love with Daniel and Peter finds out …
Hardenberg (the 3 youngesters hostage) happens to be an ex-leader of a Socialist German Student Union some 35 years go … and tells a story how he and his union members hostiged a VIP german person in their youth days and how funny is that he is in the same situation like the person they hostiged so long time ago…
The movie is interesting as it really shows the sad reality and the falling democratic system which we have established and follow. It exposes the injustice of the system but it doesn't really offer a solution to the society and economic problems and injustices.

How to fix Thinkpad R61i trackpoint (mouse pointer) hang ups in GNU / Linux

Wednesday, February 1st, 2012

Earlier I've blogged on How to Work Around periodically occuring TrackPoint Thinkpad R61 issues on GNU / Linux . Actually I thought the fix I suggested there is working but I was wrong as the problems with the trackpoint reappeared at twice or thrice a day.

My suggested fix was the use of one script that does periodically change the trackpoint speed and sensitivity to certain numbers.

The fix script to the trackpoint hanging issue is here

Originally I wrote the script has to be set to execute through crontab on a periods like:

0,30 * * * * /usr/sbin/restart_trackpoint.sh >/dev/null 2>&1

Actually the correct values for the crontab if you use my restart_trackpoint.sh script are:

0,5,10,15,20,25,30,35,40,45,50,55,58 * * * * /usr/sbin/restart_trackpoint.sh >/dev/null 2>&3

ig it has to be set the script is issued every 5 minutes to minimize the possibility for the Thinkpad trackpoint hang up issue.

One other thing that helps if trackpoint stucks is setting in /etc/rc.local is psmouse module to load with resetafter= parameter:

echo '/sbin/rmmod psmouse; /sbin/modprobe psmouse resetafter=30' >> /etc/rc.local

 

How to solve “IPv6 addrconf: prefix with wrong length 48”

Friday, December 9th, 2011

While reading some log files on one of the co-located servers at UK2.net , I’ve noticed dmesg log was filling in with tons of junk messages like:

[4288245.609762] IPv6 addrconf: prefix with wrong length 48
[4288445.984153] IPv6 addrconf: prefix with wrong length 48
[4288646.296110] IPv6 addrconf: prefix with wrong length 48
[4288846.609119] IPv6 addrconf: prefix with wrong length 48
[4289046.922604] IPv6 addrconf: prefix with wrong length 48
[4289247.267273] IPv6 addrconf: prefix with wrong length 48
[4289447.545800] IPv6 addrconf: prefix with wrong length 48
[4289647.857789] IPv6 addrconf: prefix with wrong length 48
[4289848.169308] IPv6 addrconf: prefix with wrong length 48
[4290048.595104] IPv6 addrconf: prefix with wrong length 48
[4290248.808497] IPv6 addrconf: prefix with wrong length 48
[4290449.103503] IPv6 addrconf: prefix with wrong length 48
[4290649.418747] IPv6 addrconf: prefix with wrong length 48
[4290849.742731] IPv6 addrconf: prefix with wrong length 48

After checking the message to make sure it would not suddeny lead to server hang ups I figured out the message is not dangerous but just an annoying warning that some other (routing) host on the same network as mine is advertising something using IPv6, that doesn’t fit with my IPv6 server config.
Actually the server doesn’t use the IPv6 configuration at all, and the assigned configuration is just some kind of auto set IPv6 IP address.
The server, where this message appeared is powered by 64 bit Debian GNU / Linux Squeeze

To resolve the annoying message, 5 of the kernel sysctl settings needs to be modified with cmds:

debian:~# sysctl net.ipv6.conf.all.accept_ra=0
debian:~# sysctl net.ipv6.conf.all.autoconf=0
debian:~# sysctl net.ipv6.conf.lo.autoconf=0
debian:~# sysctl net.ipv6.conf.eth0.autoconf=0
debian:~# sysctl net.ipv6.conf.eth1.autoconf=0

Furthermore to prevent the IPv6 addrconf: prefix with wrong length 48 to re-appear after future server reboots / boots the two sysctl values of course needs to be included in /etc/sysctl.conf e.g.:

debian:~# echo 'net.ipv6.conf.all.accept_ra = 0' >> /etc/sysctl.conf
debian:~# echo 'net.ipv6.conf.all.autoconf = 0' >> /etc/sysctl.conf
echo 'net.ipv6.conf.lo.autoconf = 0' >> /etc/sysctl.conf
echo 'net.ipv6.conf.eth0.autoconf = 0' >> /etc/sysctl.conf
echo 'net.ipv6.conf.eth1.autoconf = 0' >> /etc/sysctl.conf

My server has 2 etherhet interfaces, eth0 and eth1 that’s the reason I had to set up autoconf kernel the two vars net.ipv6.conf.eth0.autoconf and net.ipv6.conf.eth1.autoconf , for more interfaces more kernel vars (eth2, eth3) etc. needs to be set to “0”

I’ve seen posts online of people complaining about a similar errors to IPv6 addrconf: prefix with wrong length 48, like:

IPv6 addrconf: prefix with wrong length 96
IPv6 addrconf: prefix with wrong length 128

The solution to this messages is also done by setting the above described sysctl kernel vars. Setting the vars will suppress the messages which by the way with time could take up A LOT of disk space and fills /var/log/dmesg with this useless message, hence applying the “fix” is a must 😉

Another thing, I’ve noticed while I was researching about the error and the respective fix is that people on other deb based distributions like Ubuntu as well as on Fedora GNU / Linux had also experienced the issue.

How to find and kill Abusers on OpenVZ Linux hosted Virtual Machines (Few bash scripts to protect OpenVZ CentOS server from script kiddies and easify the daily admin job)

Friday, July 22nd, 2011

OpenVZ Logo - Anti Denial Of Service shell scripts

These days, I’m managing a number of OpenVZ Virtual Machine host servers. Therefore constantly I’m facing a lot of problems with users who run shit scripts inside their Linux Virtual Machines.

Commonly user Virtual Servers are used as a launchpad to attack hosts do illegal hacking activities or simply DDoS a host..
The virtual machines users (which by the way run on top of the CentOS OpenVZ Linux) are used to launch a Denial service scripts like kaiten.pl, trinoo, shaft, tfn etc.

As a consequence of their malicious activities, oftenly the Data Centers which colocates the servers are either null routing our server IPs until we suspend the Abusive users, or the servers go simply down because of a server overload or a kernel bug hit as a result of the heavy TCP/IP network traffic or CPU/mem overhead.

Therefore to mitigate this abusive attacks, I’ve written few bash shell scripts which, saves us a lot of manual check ups and prevents in most cases abusers to run the common DoS and “hacking” script shits which are now in the wild.

The first script I’ve written is kill_abusers.sh , what the script does is to automatically look up for a number of listed processes and kills them while logging in /var/log/abusers.log about the abusive VM user procs names killed.

I’ve set this script to run 4 times an hour and it currently saves us a lot of nerves and useless ticket communication with Data Centers (DCs), not to mention that reboot requests (about hanged up servers) has reduced significantly.
Therefore though the scripts simplicity it in general makes the servers run a way more stable than before.

Here is OpenVZ kill/suspend Abusers procs script kill_abusers.sh ready for download

Another script which later on, I’ve written is doing something similar and still different, it does scan the server hard disk using locate and find commands and tries to identify users which has script kiddies programs in their Virtual machines and therefore are most probably crackers.
The scripts looks up for abusive network scanners, DoS scripts, metasploit framework, ircds etc.

After it registers through scanning the server hdd, it lists only files which are preliminary set in the script to be dangerous, and therefore there execution inside the user VM should not be.

search_for_abusers.sh then logs in a files it’s activity as well as the OpenVZ virtual machines user IDs who owns hack related files. Right after it uses nail mailing command to send email to a specified admin email and reports the possible abusers whose VM accounts might need to either be deleted or suspended.

search_for_abusers can be download here

Honestly I truly liked my search_for_abusers.sh script as it became quite nice and I coded it quite quickly.
I’m intending now to put the Search for abusers script on a cronjob on the servers to check periodically and report the IDs of OpenVZ VM Users which are trying illegal activities on the servers.

I guess now our beloved Virtual Machine user script kiddies are in a real trouble ;P
 

How to clear Squid Proxy Cache on Debian and Ubuntu

Saturday, July 16th, 2011

Squid proxy cache clear logo

It was necessery to clean up some squid cache for some proxy users on a Debian host. Until now I’ve used to run only custom build Squid server on Slackware Linux.

Thus I was curious if Debian guys were smart enough to implement a proxy cache cleaning option as an option to be passed on to squid’s init script.

Honestly I was quite suprised squid clear cache option is not there;

squid-cache:~# /etc/init.d/squid3
Usage: /etc/init.d/squid3 {start|stop|reload|force-reload|restart}
squid-cache:/#

As it was not embedded into init script I still hoped, there might be some Debian way to do the proxy cache clearing, so I spend some 10 minutes checking online as well as checked in squid3‘s manual just to find there is no specific command or Debian accepted way to clean squid’s cache.

Since I couldn’t find any Debian specific, way I did it the old fashioned way 😉 (deleted directory/file structures in /var/spool/squid3/* and used squid’s -z option, to recreate the swap directories.

Here is how:

squid-cache:~# /etc/init.d/squid3 stop;
squid-cache:~# rm -Rf /var/spool/squid3/*;
squid-cache:~# squid3 -z; /etc/init.d/squid3 start

Finally I was quite amazed to realize, there was not even a crontab script to periodically clear and re-create proxy cache.

My previous experience with maintaning an office Squid proxy cache has prooved, that periodic cache clean ups are very helpful, especially to resolve issues with cached unreslovable DNS entries in the server.
Clearing up squid cache every week or something, guarantees that failure to resolve certain hosts at certain times would not stay unresolvable like forever 😉

In that manner of thougths, I decided to put the following crontab which will twice a month clear up proxy’s cache, to possibly solve some failed squid DNS issues.

squid-cache:~# crontab -u root -l > file;
echo '00 04 12,26 * * /etc/init.d/squid3 stop; rm -Rf /var/spool/squid3/*; squid3 -z; /etc/init.d/squid3 start >/dev/null 2>&1'
>> file; crontab file

By the way, implementing the squid clear cache in Debian and Ubuntu ‘s init scripts and putting a periodic proxy clear up cron, seems like a feature worthy to be proposed to the distro developers and hopefully be embbed in some of the upcoming distro releases 😉

How to disable or remove completely Adobe (Macromedia) Flash Cookies on Linux

Monday, April 11th, 2011

As I’ve mentioned in my previous post, one of the greatest “evils” which prevents a good internet anonymization whether you surf online is Adobe Flash Player

There are two approaches you might partake to disable the privacy issues which might be related to Adobe Flash cookies saving data about flash banners or websites which stores their cookies to your computer.

To find out if flash websites has already saved their nasty flash cookies on your Linux, issue the commands:

hipo@debian:~$ cd .macromedia
hipo@debian:/home/hipo/.macromedia$ find -iname '*.sol'
./Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
./Flash_Player/macromedia.com/support/flashplayer/sys/#ip-check.info/settings.sol

The returned output of the above find command clearly reveals the shitty flash has stored already 3 flash cookies on my Linux, 3 cookies which later can be easily requested by other flash banners.
The 3 flash cookies are:
1. Saved by Adobe’s Flash Configuration Manager
2. Saved by the website ip-check.info
3. Saved by s.ytimg.com’s website

Now to deal with the situation and get rid of flash cookies, there are possibly two ways of approach that one can take:

1. One is to use some kind of script like the one clear_flash_cookies.tsch the other one is to completely disable flash cookies.
Using the clear_flash_cookies.tcsh does get rid of flash cookie problems just temporary as it might be set to be executed either once the browser is starting up, or directly via some kind of cron job entry like:

01 11,19 * * * /home/hipo/scripts/clear_flash_cookies.tcsh

eHowever clearing up (removing) the flash cookies, still doesn’t completely proihibit saving up of flash cookies and in the time intervals between the clear ups of the flash cookies, still some websites might save information related to their use on your Linux host and expose this information for other external flash websites to read and retrieve information about your previous websites visits.

Therefore it might be a better solution in terms of browser security to;

2. completely disable the use of adobe flash cookies on your Linux powered desktop.

Disabling adobe flash cookies is possible by either using the online flash Global Storage Settings (Flash Settings Manager) by navigating to the URL:

http://www.macromedia.com/support/documentation/
en/flashplayer/help/settings_manager03.html

Adobe Flash Player online settings manager unticked option

And by removing the tick which is present to the option:

Allow third party Flash content to store data on your computer

Or by linking the local directory ~/.macromedia -> /dev/null

hipo@debian:~$ mv .macromedia .macromedia-bak
hipo@debian:~$ ln -s /dev/null .macromedia
hipo@debian:~$ ls -ald .macromedia
lrwxrwxrwx 1 hipo hipo 9 2009-03-30 09:56 .macromedia -> /dev/null

That’s all, Farewell nasty Flash cookies!