Install TCPtrack

Tcptrack is an excellent tool to monitor your server network connections and bandwidth quickly, installation is pretty easy and can be done either via rpm or source.

Install Tcptrack from rpm

Download Tcptrack rpm  from http://packages.sw.be/tcptrack/ by selecting your OS and arch :
$ cd /usr/src
$ wget http://packages.sw.be/tcptrack/tcptrack-1.1.5-1.2.el5.rf.i386.rpm
$ rpm -ivh tcptrack-1.1.5-1.2.el5.rf.i386.rpm

Install TCPtrack from source

Download TCPtrack source from :  http://www.rhythm.cx/~steve/devel/tcptrack/release/
$ tar zxvf tcptrack-1.3.0.tar.gz
$ cd tcptrack-1.3.0
$ ./configure ; make & make install

Run ‘ tcptrack -h ‘ to list help menu :

Usage: tcptrack [-dfhvp] [-r <seconds>] -i <interface> [<filter expression>]

TCPtrack can monitor only one nic at once with only one parameter to run (if you have two nic ie.. eth0 & eth1 )
    # tcptrack -i eth0
    # tcptrack -i eth1

Tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump(8) and other libpcap-based sniffers. The following example will only show connections from host 68.36.45.78:
    # tcptrack -i eth0 src or dst 68.36.45.78

To monitor the specific ports (ie..port 80 and 22):
    # tcptrack -i eth0 port 80
    # tcptrack -i eth0 port 22

Tcptrack is little resouce intensive, try to use -f option for fast  average recalculation under less resource usage.

link -- http://www.gnutoolbox.com/tcptrack/

install softaculous on cpanel server

Note: Before starting the installation make sure ionCube Loaders are enabled.

WHM >> Tweak Settings >> Ioncube loader

Run this below commands in screen

wget -N http://files.softaculous.com/install.sh
chmod 755 install.sh
./install.sh

Now go to : WHM > Plugins > Softaculous - Instant Installs

Install Teamspeak on cent OS

The first step would be creating a directory for your TS3 installation.

 cd /home
 mkdir teamspeak3

 cd teamspeak3

 wget http://ftp.4players.de/pub/hosted/ts3/releases/beta-5/teamspeak3-server_linux-amd64-3.0.0-beta5.tar.gz

 tar zxvf teamspeak3-server_linux-amd64-3.0.0-beta5.tar.gz

 cd teamspeak3-server_linux-amd64

 create a ts3server.ini

 ./ts3server_linux_amd64 createinifile=1

Now close it by pressing Ctrl-C. Don’t forget to copy/paste the admin
login and password since you’ll need it later. it looks like this.

——————————————————————
I M P O R T A N T
——————————————————————
Server Query Admin Acccount created
loginname= “serveradmin”, password= “42ds23ak”
——————————————————————

Now that youv’e setup everything (including your license key), it’s time
to start TS3 using screen so that it runs in the background. Don’t worry
you can switch your to it anytime you want.

Let’s first create a file. I named mine /ts3-server/.

 vi ts3-server

Add the following line.

 screen -A -m -d -S ts3-server ./ts3server_linux_amd64

Save your file and then chmod it so it’s recognized as an executable by
your system.

 chmod +x ts3_run

To go back to your TS3′s screen, just type…

 screen -r ts3-server

To close your TS3 screen without closing your server, just type…

Ctrl-A-D

Install node.js in CentOS server

Get the latest stable version from http://nodejs.org/download/

 cd /usr/local/src
 wget node-v0.6.8.tar.gz --> get the latest version
 tar zxvf node-v0.6.8.tar.gz
 cd node-v0.6.8
 ./configure
 make
 make install

Install maldetect

 wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
 tar -xzvf maldetect-current.tar.gz
 cd maldetect-*
 sh install.sh

 maldet --scan-all  /home/*/public_html/      ---> To scan
 maldet --report 122111-1532.827                -----> To see the report
 maldet -q 122111-1532.8272                         ----> To remove the Infected files

maldet(7488): {scan} quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 125211-1258.7488


Infected file lists in

 cd /usr/local/maldetect/sess/

There is a file that start with session.

Install fping

Network administrators may need a command or tool that will display all the live hosts in their network/subnet to keep track of all the activities and for that you can try using fping tool which works based on the ICMP echo request.

 Fping rpm : http://packages.sw.be/fping

To install via yum on centos/fedora/rhel

    # yum insall fping

After installing just execute the following command :

    fping -g 192.168.1.0/24

(or)

    fping -g 192.168.1.0 192.168.1.255

Fping Man Page : http://fping.sourceforge.net/man/

Install CSF firewall

Execute below commands:

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

install postgresql in cpanel servers

Issue the following command from shell:

    /scripts/installpostgres

Once this is done, you should configure postgresql from WHM:
    SQL Services >> Postgres Config

That's it.

Cloudlinux installation

1) Download the cloud linux auto installer from http://www.cloudlinux.com/downloads/index.php

For cpanel servers, use the following steps

 a) For IP-based CloudLinux license

 #  /usr/local/cpanel/cpkeyclt
 # /usr/local/cpanel/bin/cloudlinux_system_install -k

b) For license key based CloudLinux
 wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cpanel2cl
 sh cpanel2cl -k $key

2) Now reboot your server into the Cloud linux kernel

 Then Recompile apache using /scripts/easyapache

 Compile apache and php with the following minimal requirements,
 - Make sure to use Apache 2.2.x version
 - Suexec must be enabled
 - Apache MPM will be Prefork, Worker or Event . Better to user preforker

3) Install the lve cPanel modules and Plugin as follows,

 yum  -y install cpanel-lve   cpanel-lvemanager

4) Compile apache and php with the following minimal requirements, – Make sure to use Apache 2.2.x version – Suexec must be enabled – Apache MPM will be Prefork, Worker or Event . Better to user preforker

5) Now go to WHM -> Plugins -> LVE Manager and monitor the use . You can set the limits per domain from here

after installing the Cloud linux kernel we will get the kernel as

 [root@ ~]# uname -r
 2.6.18-374.12.1.el5.lve0.8.54

It have few issues with the RAM memory so we need to install PAE kernel for the Cloud linux,

 yum install kernel-PAE-2.6.18-374.12.1.el5.lve0.8.54

 And reboot the server.



Reference:

 Installation : http://www.cloudlinux.com/docs/getting-started-cpanel.php

 RAM memory : http://www.cloudlinux.com/blog/clnews/115.php

 LVE Plugin Manager : http://www.cloudlinux.com/docs/whmplugin.php

 LVE Plugin cPanel : http://cloudlinux.com/docs/cpanel-enduser-plugin0.2.php

Clam Scan install on cpanel server

Using WHM:

 Main >> cPanel >> Manage Plugins

Manual installation:

 cd /usr/local/src
 rm -Rf clamav-*
 wget http://downloads.sourceforge.net/clamav/clamav-0.96.tar.gz
 tar -xzf clamav-*
 cd clamav-*
 if [ -d "/usr/lib64" ]; then libdir=”–libdir=/usr/lib64″ ; fi ; ./configure –prefix=/usr $libdir –sysconfdir=/etc –disable-ipv6 –disable-zlib-  vcheck
 make
 make install
 freshclam
 echo “ClamAV update complete!”

manually backup, migrate, restore a cpanel user account

'''Method one:'''

Run on source server:

 /scripts/pkgacct $user
 mv /home/cpmove-$user.tar.gz /home/$user/public_html
 chmod 644 /home/$user/public_html/cpmove-$user.tar.gz

Run on destination server:

 cd /home
 wget http://$userdomain/cpmove-$user.tar.gz
 /scripts/restorepkg $user

'''Method two:'''

Run on source server:

 /scripts/pkgacct $user
 scp -P SSH_port /home/cpmove-$user.tar.gz root@destinationIP:/home
 enter root password

Run on destination server:

 /scripts/restorepkg $user

Thats it

Forcefully restore cpanel backup file from a specific location.

Forcefully restore cpanel backup file from a specific location.

 /scripts/restorepkg --force /home/USERNAME/backup-11.28.2011_23-00-USER.tar.gz

Server Restore from secondary disk

1)After reinstalling cpanel, first confiigure WHM.

2)Mount old drives

3)Take backup of the following.

 /var/cpanel
 /etc/passwd
 /etc/shadow
 /etc/group
 /var/named

4)First restore /var/cpanel
 cp -rpf /oldvar/cpanel/* /var/cpanel

5)Please take little care while doing this step
Take the backup of old /etc/passwd, /etc/shadow, /etc/group
 cp -rp

Edit backup of old etc/passwd.
Remove the Entires which are currentlly present in new /etc/passwd

 Save the file. cat /olddrive/etc/passwd.bkp >>/etc/passwd

 do the same for shadow and group

Note:After doing the above step please make sure that you are able to login to server.

6) run /scripts/updateuserdomains
This will restore /etc/userdomains

7) Named restore
Restore named from the olddrive
 cp -rpf /olddrive/var/named/* /var/named/

 run /scripts/rebuildnamedconf
 /scripts/fixndc

check whether named is running and named.conf is updated.

Cool Apache restore
 /scripts/rebuildhttpdconf >> /root/httpd
 append /root/httpd to httpd.conf
 restart httpd

9)Restore Home
 copy the oldhome to the new home.

At this point domains will start working

10) restore mysql
 copy the /oldvar/lib/mysql to /var/lib/mysql

11) FTP
 copy the old proftpd /old/etc/proftpf

12)Mail
 restore /etc/valiases and /etc/vfiilters

13)Restore the following
 /etc/ips, /etc/quota.conf, /etc/ssl, /etc/domainaliases, /etc/remotedomains /etc/reservedips, /usr/share/ssl, /var/log/bandwidth,
 /var/spool/cron , /usr/local/cpanel/3rdparty/mailman.

Thats it……..

If the mysql does not start then check the error log at
 tail -100 /var/lib/mysql/servername.com.err

Sometimes the permission of the mysql directories and files will not be correct. Correct that and everything will work fine.

Increasing the number of file-listings in pureftpd

By default in cPanel the limits number of files and sub directory trees is 2,000 files till 8 levels.
If you have a large amount of files to be listed (more than 2000) you need to make some changes in the pure-ftpd’s configuration file.
Following are the steps for the same.

 1) Login to the server as root.

 2) Open the configuration file for pure-ftpd.

 [root@server~]# vi /etc/pure-ftpd.conf

 3) Locate the line which says :

 LimitRecursion 2000 8

This is ‘ls’ recursion limits. The first argument is the maximum number of files to be displayed and the second one is the max subdirectories depth.

 4) Edit the mentioned line to the limits as needed. For Eg I would like to list 3000 files to a subdirectory depth of 6 the setting will be as follows:

 LimitRecursion 3000 6

 5) Now just restart the pure-ftpd service on the server.

 [root@server~]# /etc/init.d/pure-ftpd restart

Now you can view the difference in listing.

Xen PV & HVM Migrations

Please refer this direct link solus wiki -- http://wiki.solusvm.com/index.php?title=Xen_Migrations

openvz VPS Migration

Install vzdump command if it is not installed in the Node.

1.Download

 wget http://download.openvz.org/contrib/utils/vzdump/vzdump-1.2-4.noarch.rpm

There will be some dependency errors while installing vzdump. Please install those also also using rpm.

How to take dump of a vps?

 vzdump vid

While using the vzdump command I got the below given error :

Can’t locate PVE/VZDump.pm in @INC (@INC contains: /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 .) at /usr/sbin/vzdump line 27.
BEGIN failed–compilation aborted at /usr/sbin/vzdump line 27.

Solution :

 ln -s /usr/share/perl5/PVE/ /usr/lib/perl5/5.8.8/PVE

After that take the dump of the vps again using the command vzdump vid. The dump will get created in the /vz/dump partition.

When it gets completed we need to scp the vps dump to the Node were we wants to restore it.

How to restore a vps?

  vzrestore vzdump-777.tar 160, where 160 is the VID of the vps to which we are going to restore.

After migration the VPS was not listing in the Hypervm.

 >> Stop the vps which was migrated.
 >> Move the conf file of the vps from /etc/vz/conf
 >> Move the vps data also from /vz/private to avoid conflicts.
 >> Create vps from hypervm
 >> Move back the data and conf of the vps.
 >> Restart the vps
 >> Migrated vps will appear in the Hypervm.

VPS iptables rule limit error

We installed csf firewall in main node and we have following error when try to start firewall

 [root@csf]# csf -s
 Error: The VPS iptables rule limit (numiptent) is too low (400/400) – stopping firewall to prevent iptables blocking all connections, at line
 123

Solution:

 vzctl set veid --numipt 400 --save

Turning On and Off Second-Level Quotas for Container

The parameter that controls the second-level disk quotas is QUOTAUGIDLIMIT in the Container configuration file. By default, the value of this parameter is zero and this corresponds to disabled per-user and per-group quotas.

If you assign a non-zero value to the QUOTAUGIDLIMIT parameter, this action brings about the two following results:

Second-level (per-user and per-group) disk quotas are enabled for the given Container;
The value that you assign to this parameter will be the limit for the number of file owners and groups of this Container, including Linux system users. Note that you will theoretically be able to create extra users of this Container, but if the number of file owners inside the Container has already reached the limit, these users will not be able to own files.
Enabling per-user and per-group quotas for a Container requires restarting the Container. The value for it should be carefully chosen; the bigger value you set, the bigger kernel memory overhead this Container creates. This value must be greater than or equal to the number of entries in the Container /etc/passwd and /etc/group files. Taking into account that a newly created Red Hat Linux-based Container has about 80 entries in total, the typical value would be 100. However, for Containers with a large number of users this value may be increased.

When managing the quotaugidlimit parameter, please keep in mind the following:

if you delete a registered user but some files with their ID continue residing inside your Container, the current number of ugids (user and group identities) inside the Container will not decrease.
if you copy an archive containing files with user and group IDs not registered inside your Container, the number of ugids inside the Container will increase by the number of these new IDs.
The session below turns on second-level quotas for Container 101:

  vzctl set 101 --quotaugidlimit 100 --save

Unable to apply new quota values: ugid quota not initialized

Saved parameters for Container 101

vzctl stop 101; vzctl start 101

Stopping Container …
Container was stopped
Container is unmounted
Starting Container …
Container is mounted
Adding IP address(es): 192.168.1.101
Hostname for Container set: ct101
Container start in progress…

check the load of all vps containers

You can use the any one of the below commands:

 vzlist -o veid,laverage,hostname

 for i in  `vzlist | awk '{print $1}' | grep -v CTID` ; do echo -n "$i --> "; vzctl exec $i cat /proc/loadavg ;  done

OpenVz commands

Some of commonly used openvz commands

VZ Information To list all the running/stopped VPS in the node
 vzlist -a

To list all the running VPS in the node
 vzlist

To display the templates present in the server
 vzpkgls

Creating a VPS To create a VPS with VEID 101 and ostemplate fedora-core-4 with vps.basic configuration
 vzctl create 101 --ostemplate fedora-core-4 -.config vps.basic

Deleting a VPS To destroy a VPS with VEID 101
 vzctl destroy 101

Configuring VPS (The changes are saved in /etc/vz/conf/<VEID>.conf) To automatically boot when a node is up
 vzctl set 101 --onboot yes --save

To set hostname
 vzctl set 101 --hostname test101.my.org --save

To add an IP address
 vzctl set 101 --ipadd 10.0.186.1 --save

To delete an IP address
 vzctl set 101 --ipdel 10.0.186.1 --save

To set the name servers
 vzctl set 101 --nameserver 192.168.1.165 --save

To set the root password of VPS 101
 vzctl set 101 --userpasswd root:password

To set shortname for VPS
 vzctl set 101 --name test101 --save

Start/Stop/Restart VPS To start a VPS
 vzctl start 101

To start a disabled VPS
 vzctl start 101 --force

To stop a VPS
 vzctl stop 101

To restart a VPS
 vzctl restart 101

To know the status of a VPS
 vzctl status 101

To get the details of the VPS like VEID, ClassID, number of processes inside each VPS and the IP addresses of VPS
 cat /proc/vz/veinfo

To enter into a VPS 101
 vzctl enter 101

To execute a command in VPS 101
 vzctl exec 101 command --- replace command with the command you need to execute
 vzctl exec 101 df -h

Managing Disk Quotas To assign disk quotas – First limit is soft limit, second limit is hard limit
 vzctl set 101 --diskspace 10485760 --save  ==>> for setting 10GB
 OR
 vzctl set 101 --diskspace 1048576 --save   ==>> for setting 1GB

To assign disk inodes
 vzctl set 101 --diskinodes 90000:91000 --save

To check the disk quota of a VPS
 vzquota stat 101 -t

Managing CPU quota To display the available CPU power
 vzcpucheck

To set the number of CPUs available to a VPS
 vzctl set 101 --cpus 2 --save

To set the minimum and maximum CPU limits
 vzctl set 101 --cpuunits nnnn --cpulimit nn --save

(cpuunits is a an absolute number (fraction of power of the node) and cpulimit is taken as percentage)

Managing memory quota To display memory usage
 vzmemcheck -v

To set kmem
 vzctl set 101 --kmemsize 2211840:2359296 --save

To set privvmpages
 vzctl set 101 --privvmpages 2G:2G --save

Other Commands To copy/clone a VPS
 vzmlocal -C <source_VEID>:<desitnation_VEID>

To disable a VPS
 vzctl set 101 --disabled yes

To enable a VPS
 vzctl set 101 --disabled no

To suspend a VPS
 vzctl suspend 101

To resume a VPS
 vzctl resume 101

To run yum update on a VPS
 vzyum 101 -y update

To install a package using yum on VPS
 vzyum 101 -y install package

To install a package using rpm on VPS
 vzrpm 101 -ivh package


Refer : http://download.openvz.org/doc/OpenVZ-Users-Guide.pdf

Cannot lock VE warning openvz

Any operation on a VPS gives "Cannot lock VE" warning

    Fix:
    A VPS is locked when some operation (backup, migration, start / stop, etc.) with that VPS is in progress. You can determine which process is holding VPS #VEID using the following command on the hardware node:

    cat /vz/lock/VEID.lck

    You can kill that process if needed, but make sure that the process is really killed. If there is no process with that PID on the node, just remove the lockfile.

How To Add Private IP in OpenVZ VPS

First we need to configure a private IP and its route in VPS Node and ensure that private network is available on Node. Then follow the steps below.

1) Add private IP to VPS.

 vzctl set <VEID> --ipadd <private IP> --save
 Eg:
 vzctl set 100 --ipadd 10.10.11.5 --save

2) Add routing rules as follows.

 ip ro add <private network range> via <gateway of private IP>
 Eg:
 ip ro add 10.10.0.0/16 via 10.10.11.5

Here we are using the VEs own private IP as the gw to work the private IP in VPS, no need to use its original gateway(like 10.10.11.1), it wont work.

Force delete a openvz slave node from solusvm master server

If at any point you find you have an orphaned slave node linked to your master, you can delete it by running the following command on the master node:

 php /usr/local/solusvm/scripts/deletenode.php --level=force --comm=delete --id=<NODEID>

PLEASE NOTE: This will also remove any VPS assigned to that Node in SolusVM (NOT on the Physical Server it self)

FATAL: kernel too old

If the openvz slave node uses old kernel. i.e., 2.6.18-238.5.1.el5 then you get an error like "FATAL: kernel too old" when you restart a vps container from node.

FIX: All we need to do is replace the kernel version at  /proc/sys/kernel/virt_osrelease at slave node.

cd /proc/sys/kernel/    

 cat virt_osrelease
 2.6.18-238.5.1.el5.028stab085.5

 echo 2.6.32 > virt_osrelease

Thats it.

Error: Kernel image does not exist: /boot/solus-vmlinuz

Run this below command on main node

 php -f /usr/local/solusvm/includes/xenkernel.php

Enable Tun/Tap on Openvz VPS servers

The Tun/Tap module should be available in all VPS by default.
You can check this by doing:

 modprobe tun
 modprobe blktap

If they are present you shouldn't get any errors.
On CentOS (and possibly others) you will need to create the necessary devices in /dev/ for it to work.

 mkdir /dev/net
 mknod /dev/net/tap c 10 200
 mknod /dev/net/tun c 10 200

Connection to the server closed after providing password[vps servers]

When trying to ssh to a server, it asked for the password and upon providing the password we got the message “Connection to the server closed”. The password provided is correct. If this error occurs, make sure that it is a VPS by accessing the WHM and checking the Disk usage. If it shows the device as “/dev/simfs”, then you can confirm that it is a VPS.

Locate the hardware node of the VPS and login to the node. Try logging into the VPS by executing the command

 vzctl enter VEID
Then you will receive the error

Unable to open pty: No such file or directory
In such case, run the following commands to fix it:

 vzctl exec VEID /sbin/MAKEDEV pty
 vzctl exec VEID /sbin/MAKEDEV tty
 vzctl enter VEID

To fix the issue permanently,

1. Edit the file /etc/rc.sysinit of the VPS server

2. Comment the line

 /sbin/start_udev
3. Add the following lines after /sbin/start_udev:

 /sbin/MAKEDEV tty
 /sbin/MAKEDEV pty

4. Reboot your VPS

 vzctl restart VEID

Timezone change in OpenVZ Node

You can set the timezone of you main nodeusing teh following method.

1. Login to the main host node.(SSH).

2.check the file /usr/share/zoneinfo/ and confirm which is your timezone(PST,UTC,EST,IST)

3.Now move the file /etc/localtime

 mv /etc/localtime /etc/localtime_bk

4.link your timezone to /etc/localtime

 ln -s /usr/share/zoneinfo/IST  /etc/localtime

Now you may need to synchronize the time using rdate command. If rdate is not available install it with yum.

 rdate -s rdate.cpanel.net&

Autoftpbackup configuration on openvz node

A complete details about autoftpbackup can be found from -- http://wiki.solusvm.com/Automated_Backups

Steps:

 Admincp >> Nodes > List > Manage Node (On the Node you wish to backup) > Auto FTP Backup.

Under FTP Server Settings
 Profile         --> make it default
 IP or Hostname  --> FTP server ip
 Username        --> FTP user name
 Password        --> FTP user password
 Port            --> FTP server port, usually port 21
 Passive         --> leave it as it is.
 Directory       --> / is default

Under Backup Settings
 Enabled                      --> Turn backup ON or OFF
 Frequency                    --> Run the backup every day, week or month
 Run Time                     --> 00-23 hours, 00-59 mins
 Day                          --> Only required for weekly
 Day of Month                 --> Only required for monthly
 Rotation                     --> How many backups per vps you want to keep
 Ionice Priority              --> 0: High - 7: Low. Default is 4
 Ionice Class                 --> 1: realtime, 2: best-effort, 3: idle. Default is 2
 Nice                         --> Niceness range from -20 (most favorable scheduling) to 19 (least favorable). D3fault is 19
 Xen HVM/KVM Compression Type --> bzip2 or pbzip2  
 pbzip2 Threads (Xen/KVM)     --> 1
 OpenVZ Backup Type           --> Online
 KVM/Xen Backup Type          --> Online
 OpenVZ Temp Directory        --> Default: /vz/dump
 KVM/Xen Temp Directory       --> Default: /tmp
 Exclude VPS                  --> CTRL + Click to select multiple

Then click "update"

If you want to run this now, Login into main node and then run

 /usr/bin/php /usr/local/solusvm/includes/autoftpbackup.php

This will take backup of your vps and stored to the FTP server.

Restoring backups can be done via CLI on the node in question. To start a restore, do the following in SSH:

 /scripts/ftp-restore

When asked, enter the vserver id of the vps you want to restore as shown in SolusVM.

'''Please note:''' If the VPS has been removed from SolusVM then you will need to create a New VPS for the client and run the following command:

 /usr/sbin/vzdump --restore /path/to/backup/file NEW-CONTAINER-ID

That's all :)

FATAL: no pg hba.conf entry for host "::1", user "xxx", database "xxxx"

While checking pgsql log I've found the below error.

 FATAL: no pg_hba.conf entry for host "::1", user "cullyb_mahara", database "cullyb_mahara", SSL off

The reason is why we got the above error is postgresql only allows 127.0.0.1 to connect to its database as per pg_hba.conf

 host all all 127.0.0.1 255.255.255.255 md5

You need to update the config.php file with 127.0.0.1 in place of dbhost.

 grep dbhost config.php
 $cfg->dbhost   = '127.0.0.1';

Sshd deamon failing to start

There was no error shown at service startup, but the service status showed it was down

 /etc/init.d/sshd start
 Starting sshd: [ OK ]

 /etc/init.d/sshd status
 openssh-daemon is stopped

I checked the /var/log/secure logs to see what error is being thrown and it showed below error :

  Feb 8 13:54:54 vps sshd[18431]: fatal: daemon() failed: No such device

The error was  related to /dev/null which is suppossed to be a proper character device and not a regular file.

In this case it was a regular file so I removed it and recreated the character device as below :

 rm -f /dev/null
 mknod /dev/null c 1 3

Once the character device is created the permissions should look like below :

 ls -lh /dev/null
 crw-rw-rw- 1 root root 1, 3 Jan 12 16:07 /dev/null

However, another error showed up when we tried to create /dev/null again

 mknod /dev/null c 1 3
 mknod: `/dev/null’: File exists

The solution for this was to create another /dev/null1 and renamed it to /dev/null

 mknod /dev/null1 c 1 3

 ll /dev/null1
 crw-r–r– 1 root root 1, 3 Jun  9 00:47 /dev/null1

 mv /dev/null1 /dev/null

After this was confirmed that /dev/null is a proper character device , I restarted the service and it came up fine this time :

 /etc/init.d/sshd start
 Starting sshd: [ OK ]

 /etc/init.d/sshd status
 openssh-daemon (pid 27662) is running...

SSH Port Forwarding

SSH port forwarding, or TCP/IP connection tunneling, is a process whereby a TCP/IP connection that would otherwise be insecure is tunneled through a secure SSH link, thus protecting the tunneled connection from network attacks.

In other words, port forwarding, or tunneling, is a way to forward insecure TCP traffic through SSH Secure Shell.

There are two kinds of port forwarding:

 1. Local port forwarding and

 2. Remote port forwarding

They are also called outgoing and incoming tunnels, respectively.

Syntax:

Local port forwarding :

 ssh SSHHOST -L LPORT:RHOST:RPORT
 [You can use SSHHOST and RHOST as same or different]

Remote port forwarding :

 ssh SSHHOST -R RPORT:LIP:LPORT
 Example for local port forwarding:

Aim : Access a service (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80) on machine “YY.YY.YY.YY”

From your shell type:

 ssh root@XX.XX.XX.XX -L 10000:YY.YY.YY.YY:22
Then, from your local machine, you should be able to connect to YY.YY.YY.YY by

 ssh root@localhost -p 10000

Example for Remote Port Forwarding:

Aim : Access a service in your home machine from your office (in this example SSH port tcp/22, but it could be anything like a web server on tcp/80)

From your machine at home type following:

 ssh root@server1SSHHOST.COM -R 10000:192.168.1.19:22
Then SSH to the server “server1SSHHOST.COM” from your machine at office and type following.

 ssh root@localhost -p 10000
Note : Don’t forget to open necessary ports on any firewall either at home or work.

SSH many users to one Home with full access

Home : /home/onehome
Default user and group is onehome

 1.Add users to “onehome’s” directory
 useradd -d /home/onehome -s /bin/bash user1
 useradd -d /home/onehome -s /bin/bash user2

 2.Add new users to onhome’s group
 useradd -G onehome user1
 useradd -G onehome user2

 3.Set full permission to new users on onehome’s home directory.
 setfacl -R -m u:user1:rwx /home/onehome
 setfacl -R -m u:user2:rwx /home/onehome

Get your public IP from SSH

Run this below command
$ curl -s ip.appspot.com

Init process at 100% CPU usage debian/ubuntu

Reference links

 http://askubuntu.com/questions/68144/init-process-at-100-cpu-usage
 https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/880049


I've run the below commands in that problematic server and got it working.

 add-apt-repository ppa:jammy/upstart.fix-880049
 apt-get update
 apt-get upgrade
 reboot

To enable ping to the Windows Server 2008 R2

To enable ping:

Start >> Administrative Tools >> Windows Firewall with advanced security >> Inbound Rules >> File and Printer Sharing (Echo Request - ICMPv4-IN) >> right click and select Enable Rule.

To disable the ping select Disable Rule in the last step.