Linux Windows Admin Tips: February 2016

Saturday 13 February 2016

Disable ssl via ssh (unable to login into WHM)

If you are unable to login into WHM because of ssl error (An error occurred during a connection to . Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate)

you can disable those options from the shell. SSH to the server as root.

SSH to your server as root

Open

# vi /var/cpanel/cpanel.config and set the following options to 0 (zero).

alwaysredirecttossl

requiressl

—-

alwaysredirecttossl=0

requiressl=0

—–

Save the file and exit.

Thats it :)

CPanel installation tips

Disk layout

We recommend to use logical volumes (LVM)

swap - twice the server's RAM
/ - 40G (not that large if you want to use separate /var and /home)
/boot - 200M
/tmp - 2G
somewhat more for /var/lib/mysql to store more databases
/home - grow to fill the disk

Network

Set IP address: edit /etc/sysconfig/network-scripts/ifcfg-eth?. cPanel installation guide forbids to use NAT.
Set fully qualified domain name (FQDN): edit /etc/sysconfig/network. cPanel allows to use only 3rd level domain names (cp.example.com).

Base system installation

Install minimal CentOS.
Check for package groups installed (yum grouplist). Remove (yum groupremove) all of:

FTP Server
GNOME Desktop Environment
KDE (K Desktop Environment)
Mail Server or E-mail Server
Mono
Web Server
X Window System

for minimal installation only "E-mail server" was installed by default.
Install perl (yum install perl), wget (yum install wget)
Disable SELinux: edit /etc/selinux/config, set "SELINUX=disabled"
Disable iptables: chkconfig iptables off, chkconfig ip6tables off

cPanel installation

cd /home
wget -N http://httpupdate.cpanel.net/latest
sh latest

Post-installation configuration

You can enable firewall now: the best choice is to install CSF, so you could manage firewall rules under WHM menus:
wget http://www.configserver.com/free/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh
edit /etc/csf/csf.conf, set TESTING="0" and restart csf (csf -r)
or you can enable iptables (chkconfig iptables on, chkconfig ip6tables on) and open custom ports:

20 — FTP TCP inbound/outbound
21 — FTP TCP, UDP inbound/outbound
22 — SSH TCP inbound
25 — SMTP TCP inbound/outbound
26 — SMTP TCP inbound/outbound
37 — rdate TCP outbound
43 — whois TCP outbound
53 — DNS TCP/UDP inbound/outbound (inbound is only needed if you run your own public DNS server)
80 — HTTP TCP inbound/outbound
110 — POP3 TCP inbound
113 — ident TCP outbound
143 — IMAP4 TCP inbound
443 — HTTPS TCP inbound
465 — SMTP TLS/SSL TCP/UDP inbound/outbound
783 — SpamAssassin TCP/UDP inbound
873 — rsync TCP/UDP outbound
993 — IMAP4 SSL TCP inbound
995 — POP3 SSL TCP inbound
2077 — WebDAV TCP/UDP inbound/outbound
2078 — WebDAV SSL TCP/UDP inbound/outbound
2082 — cPanel TCP inbound
2083 — cPanel SSL TCP inbound
2086 — WHM TCP inbound
2087 — WHM SSL TCP inbound
2089 — cPanel license TCP outbound
2095 — Webmail TCP inbound
2096 — Webmail SSL TCP inbound
3306 — MySQL TCP (only if you need to connect remotely)
6666 — Chat TCP inbound

Configure WHM (https://<ip addr>:2087) and cPanel (https://<ip addr>:2083) accordingly to your needs.

You can find the most up to date installation guide at cPanel official documentation

OpenVZ Server Provisioning

Stage 1 : Server Setup
------------------------------

1 . Add the openVZ repository to yum.


===============
a. cd /etc/yum.repos.d
     b. http://download.openvz.org/openvz.repo
     c. rpm --import http://download.openvz.org/RPM-GPG-Key-OpenVZ
===============

2. Search Available kernels
    a.
===============
yum search vzkernel
===============

3 Install kernel
    a.
===============
yum install vzkernel
===============
         * it will install necessary packages for openvz virtualization inludes vzctl ,vzquota etc
         *

===============
rmp -qa | grep vzk*
===============
    ---> verification command

4.Configure boot loader
     a . /etc/grub.conf
     b . edit   title of   vzkernel as OpenvZ   ( Just for clarity )

5. Set Kernel parameters and disable SElinux


       a.
==============
vi /etc/sysctl.conf
==============
and set below parameter


====
Quote

    net.ipv4.ip_forward = 1
                  net.ipv6.conf.default.forwarding = 1
                  net.ipv6.conf.all.forwarding = 1
                  net.ipv4.conf.default.proxy_arp = 0
====

Quote
====
    # Enables source route verification
                   net.ipv4.conf.all.rp_filter = 1
                   # Enables the magic-sysrq key
                    kernel.sysrq = 1
                   # We do not want all our interfaces to send redirects
                     net.ipv4.conf.default.send_redirects = 1
                     net.ipv4.conf.all.send_redirects = 0
====

           b.
====
vi /etc/sysconfig/selinux
====
and set
====
SELINUX=disabled
====

6. Now rebooting to OpenVz kernel
7.Check whether Eth0 detected or not ,if no refer below link for fix .

    http://in.myloth.com/forum/index.php?topic=17.0

8. Start OpenVz

=====
/sbin/service vz start
=====

Stage 2 : Templates
--------------------------

1. Download OS templates to /vz/template/cache/
     Check http://wiki.openvz.org/Download/template/precreated

Stage 3 : Setup VMs
---------------------------

1. Create virtual machines   ( CID --> Container ID )

====
vzctl create CID --ostemplate   template --config-basic
          vzctl set CID --onboot yes --save
====
---> To start Vms on boot

2. Configure VM
        a. add ip

====
vzctl set CID --ipadd ip --save
====
         b. No of sockets

====
vzctl set CID --numothersock 150 --save
====
         c. Set name server for N/w access

====
vzctl set CID --nameserver IP --save
====
( our case 192.168.1.1 )
         d. Start VM

====
vzctl start CID
====

OpenVZ Commands

1) vzlist –a : To list all VPS.

2) vzlist : To list all Running VPS.

3) vzctl start <VPSID> : To Start a VPS.

4) vzctl stop <VPSID> : To Stop a VPS.

5) vzctl stop <VPSID> –fast : To Stop a VPS quickly and forcefully.

6) vzctl restart <VPSID> : To Restart a VPS.

7) vzctl status <VPSID> : To view the status of the particular VPS.

vzctl enter <VPSID> : To enter in a particular VPS.

9) vzcalc -v <VPSID> : To view the resources used by the VPS.

10) vzctl exec <VPSID> <COMMAND> : To execute a commands against the VPS.

12) vzdqcheck [options] <path> : To counts inodes and disk space used.

Options available to the vzdqcheck command are:

-h:-Usage info.
-V:- vzquota version info.
-v:- Verbose mode
-q:- Quiet mode.

13) vzcpucheck –v : To get the CPU usage.

14) vzmemcheck [-v] [-A] : Shows the Node memory parameters.

Options available to the vzmemcheck command are:
-v:- Display information for each Container.
-A:- Display absolute values (in megabytes).

15) vzpid <pid> : To display the ID of the Container where the process is running.

16) vzsplit -n <numve> -f <conf_name> -s <swapsize> -v <yes|no> : To generate a sample VE configuration file.

-n numv :- Specify the number of containers.
-f conf_name :- Specify the configuration sample name to write configuration
-s swapsize :-Specify the swap size in Kbytes.
-v yes|no :- Whether to generate VSwap enabled configuration.

17) vzcfgvalidate : To catch typical mistakes in the configuration.

It can be invoked as follows:

# cd /etc/vz/conf

# vzcfgvalidate <config_file>

18) vzctl set <VPSID> --hostname <HOSTNAME> --save : To set the Hostname of a VPS.

19) vzctl set <VPSID> --ipadd <IP> --save : To add a new IP to the hosting VPS

20) vzctl set <VPSID> --ipdel <IP> --save : To delete the IP from VPS

21) vzctl set <VPSID> --userpasswd root:<NEW PASSWORD> --save : To reset root password of a VPS.

22) vzctl set <VPSID> --nameserver <IP> --save : To add the nameserver IP’s to the VPS.

23) exit : log out from VPS.

24) vzctl destroy <VPSID> : To destroy the VPS.

Automated ClamAV Virus Scanning

If any client demanding us to setup an automated ClamAV Virus Scanning in the server. Please do the following

The most simple way is trying a cron job on daily basis or hourly basis according to client's wish.
First of all you need to install the clamAV >> yum install clamav clamav-db clamd
Starting it>>/etc/init.d/clamd start
Removing the test virus files>> rm -rf /usr/share/doc/clamav-0.95.3/test/
Creating the scripts
>> vi /etc/cron.daily/clamscan_daily
Past these into the file
=================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi

}

clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${LOG}

check_scan
===================================================================
For hourly base >> vi /etc/cron.hourly/clamscan_hourly

paste these
===================================================================
#!/bin/bash

# email subject
SUBJECT="VIRUS DETECTED ON `hostname`!!!"
# Email To ?
EMAIL="me@domain.com"
# Log location
LOG=/var/log/clamav/scan.log

check_scan () {

# Check the last set of results. If there are any "Infected" counts that aren't zero, we have a problem.
if [ `tail -n 12 ${LOG} | grep Infected | grep -v 0 | wc -l` != 0 ]
then
EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
echo "To: ${EMAIL}" >> ${EMAILMESSAGE}
echo "From: alert@domain.com" >> ${EMAILMESSAGE}
echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE}
echo "Importance: High" >> ${EMAILMESSAGE}
echo "X-Priority: 1" >> ${EMAILMESSAGE}
echo "`tail -n 50 ${LOG}`" >> ${EMAILMESSAGE}
sendmail -t < ${EMAILMESSAGE}
fi

}

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan

find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -cmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${LOG}
check_scan
===================================================================

NB>>Dont forget to give the execution permission to both the scripts>>

chmod +x script

You can customize the log file according to the client's wish but should be updated in the script along with the full path.
You are permitted to customize all the variables also but should be legible account in case of E-mail account.

If you have done these then you are all set to go...

Reset the Root password for th Xen VPS

If you face root login issue with Xen VPS.Then please do the following steps.

1)First Stop the container using command or through solusvm
2)Secondlyfind the the the Xen image location of the VPS which is /dev/mapper/xen-vm369_img(example)
3)create a directory name test and then mount the image to it using command mount /dev/mapper/xen-vm369_img /test
4)then change the root environment to test using the command chroot /test
5)Now the root environment will be same as that of Xen VPS which we have mounted
6)Then change the root password of root using passwd command.
7)Then exit from the root environment by typing the command exit and unmount the /test directory using umount /test
8)Reboot the server in solusvm

Database size not showing in cPanel

Most of you might have come across this issue before where database size show '0' in cPanel but tables, data exists in server. Here is the fix for it :

Open /var/cpanel/cpanel.config

Edit line

disk_usage_include_sqldbs=1 ( you need to set it to '1' if '0' )

And run

#/scripts/update_db_cache

That will do...

Linux ate more RAM !!!!!!!!!

Linux servers are utilizing unused memory for disk caching. This makes it looks like you are low on memory, but you are not! Everything is fine!

Why ?

Disk caching makes the system much faster! There are no downsides, except for confusing newbies. It does not take memory away from applications in any way, ever!

What if I need to run more appilication?

If your applications want more memory, they just take back a chunk that the disk cache borrowed. Disk cache can always be given back to applications immediately! You are not low on ram!

Swap ! needed ?
==============

No, disk caching only borrows the ram that applications don't currently want. It will not use swap. If applications want more memory, they just take it back from the disk cache. They will not start swapping.

How to stop ?

You can't disable disk caching. The only reason anyone ever wants to disable disk caching is because they think it takes memory away from their applications, which it doesn't! Disk cache makes applications load faster and run smoother, but it NEVER EVER takes memory away from them! Therefore, there's absolutely no reason to disable it!
Why does top and free say all my ram is used if it isn't?
This is just a misunderstanding of terms. Both you and Linux agree that memory taken by applications is "used", while memory that isn't used for anything is "free".

But what do you call memory that is both used for something and available for applications?

You would call that "free", but Linux calls it "used".
Memory that is    You'd call it    Linux calls it
taken by applications     Used     Used
available for applications, and used for something     Free     Used
not used for anything     Free     Free

This "something" is what top and free calls "buffers" and "cached". Since your and Linux's terminology differs, you think you are low on ram when you're not.
How do I see how much free ram I really have?
To see how much ram is free to use for your applications, run free -m and look at the row that says "-/+ buffers/cache" in the column that says "free". That is your answer in megabytes:

$ free -m
             total       used       free     shared    buffers     cached
Mem:          1504       1491         13          0         91        764
-/+ buffers/cache:        635        869
Swap:         2047          6       2041
$

If you don't know how to read the numbers, you'll think the ram is 99% full when it's really just 42%.

KVM Node setup Basic steps only

To use LVM-based guests, you need a volume group that has some free space that is not allocated to any logical volume.

In this example, I use the volume group /dev/vg_server1 with a size of approx. 465GB...

vgdisplay

[root@server1 ~]# vgdisplay
--- Volume group ---
VG Name               vg_server1
System ID
Format                lvm2
Metadata Areas        1
Metadata Sequence No 3
VG Access             read/write
VG Status             resizable
MAX LV                0
Cur LV                2
Open LV               2
Max PV                0
Cur PV                1
Act PV                1
VG Size               465.28 GiB
PE Size               4.00 MiB
Total PE              119112
Alloc PE / Size       26500 / 103.52 GiB
Free PE / Size       92612 / 361.77 GiB

that contains the logical volumes /dev/vg_server1/LogVol00 with a size of approx. 100GB and /dev/vg_server1/LogVol01 (about 6GB) - the rest is not allocated and can be used for KVM guests:

lvdisplay

[root@server1 ~]# lvdisplay
--- Logical volume ---
LV Path                /dev/vg_server1/LogVol01
LV Name                LogVol01
VG Name                vg_server1
LV UUID                uUpXY3-yGfZ-X6bc-3D1u-gB4E-CfKE-vDcNfw
LV Write Access        read/write
LV Creation host, time server1.example.com, 2012-08-21 13:45:32 +0200
LV Status              available
# open                 1
LV Size                5.86 GiB
Current LE             1500
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:0

--- Logical volume ---
LV Path                /dev/vg_server1/LogVol00
LV Name                LogVol00
VG Name                vg_server1
LV UUID                FN1404-Aczo-9dfA-CnNI-IKn0-L2hW-Aix0rV
LV Write Access        read/write
LV Creation host, time server1.example.com, 2012-08-21 13:45:33 +0200
LV Status              available
# open                 1
LV Size                97.66 GiB
Current LE             25000
Segments               1
Allocation             inherit
Read ahead sectors     auto
- currently set to     256
Block device           253:1

Or you can reinstall the OS and create a lvm partition as below
=======

df
====
/dev/md125              ext4      476M 150M 298M 34% /boot
/dev/mapper/lvroot-home ext4       85G 5.8G   75G   8% /home
/dev/md126              ext4       40G 3.3G   35G   9% /

Install required KVM RPMs/packages

# yum groupinstall "Virtualisation Tools" "Virtualization Platform"
# yum install python-virtinst

# chkconfig libvirtd on

# service libvirtd status
libvirtd (pid 31128) is running...
# virsh list

Setup will be like below

                    +-------------+
                     | CentOS/RHEL |             |-----|
     -->ISP router---+ Box Host w/ +--- eth0 -->-+ br0 + Private IP
                     | KVM         |             |     |
                     +-------------+--- eth1 -->-+ br1 | Public IP
                                                 |-----|
                                                    |
                                                vm1-+---vm2----vm3---vm4
*** NOTE: each VMs will have two interface i.e. Private and Public *****

===================

Install and configure a network bridge
=============================================

KVM network setup
============
[root@vz2 template]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
BROADCAST=IP
IPADDR= Main IP
GATEWAY=IP
NETMASK=255.255.255.X
NETWORK=IP
ONBOOT=yes

=========

>> /etc/sysconfig/network-scripts/ifcfg-eno1

DEVICE=eno1
TYPE=Ethernet
HWADDR=check with hw
IPV6INIT=yes
IPV6_AUTOCONF=yes
ONBOOT=yes
BRIDGE=br0
==========================================================================

Next steps >> solusvm master /slave installation steps

Sreejith Anchal >> ping me @ s9400578382@gmail.com , if need.