Tag Archives: Linux - Page 3

Squid with simple authentication

Posted by on November 15, 2012 No comments

Typical task:
We order server at India, for development needs. Need to setup web proxy with authentication. Use squid, Luke!

#htpasswd -c  /etc/squid/passwd username
#htpasswd  /etc/squid/passwd

squid.conf

forwarded_for off #don`t show user real IP at HTTP headers
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
<span class="zbench-more-link"> <a href="https://it.randomthemes.com/2012/11/15/squid-with-simple-authentication/#more-193" class="more-link">Read more &raquo;</a></span>

qmail maillists and Jira messages delivery issues.

Posted by on October 29, 2012 No comments

We had interesting issue with jira and qmail.
No mail comes to mail list group.

Not trivial email routing probles, message for mail list comes to ezmlm, but ezmlm rejects messages with tag 

Precedence: bulk

Read more »

How to check if zabbix agent insstalled at all infrastructure hosts

Posted by on October 2, 2012 No comments

We use LXC containers at PH hosts.
containers named like:
rolename$RoleVersion-$InstanceNumber

For example
at host sXX2
appserver1-1
db1-1
db1-2
zabbix3-1

We need to check, if zabbix agents are installed at all infrastructure. One way – user fabric, Luke, as all 80 level DevOps do, or use ssh as all 40 level DevOps do.
Sorry for a little bit 🙂 “hindi” code 🙂 no review was done 🙂
Read more »

How to install unassigned packages ubuntu/debian

Posted by on October 1, 2012 No comments

We start chef deployment…
Chef deserve additional Huge article, but let`s start:

  echo "deb http://apt.opscode.com/ `lsb_release -cs`-0.10 main" | sudo tee /etc/apt/sources.list.d/opscode.list
  aptitude update
  aptitude -o Aptitude::CmdLine::Ignore-Trust-Violations=true install opscode-keyring
  aptitude -y -o Aptitude::CmdLine::Ignore-Trust-Violations=true install chef

phpmyadmin #1045 Cannot log in to the MySQL server

Posted by on July 17, 2012 No comments

Our developers really crazy about phpmyadmin 🙂 and ask me to setup one.
I really prefer console…
Setup in ubuntu is easy just use aptitude, Luke…
Only change I did is to add Basic Auth to phpmyadmin url, to prevent ugly internet bots from trying to bruteforce my databases.

htpasswd /etc/phpmyadmin/htpasswd.setup developers

But when I try to login to my DB interface I`v got this damned error.
#1045 Cannot log in to the MySQL server
Very very strange! I can login via console with this username…
I create user with following credentials:

mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,CREATE ROUTINE,
       CREATE TEMPORARY TABLES,CREATE VIEW,EXECUTE,INDEX,SHOW VIEW, ALTER ROUTINE
       on *.* to 'developer'@'%' IDENTIFIED by 'MEGASECUREPASSWORD';

phpmyadmin refuse this user. I turn on mysql debugging.
Read more »

How to mount disk to LXC container

Posted by on July 16, 2012 No comments

It`s rather simple.
just mount disk via fstab to host system:

root@sfa2 ~ # cat /etc/fstab | grep sdc1
/dev/sdc1       /mnt/sdc1   ext4     noatime,nodiratime      0 0

and add mount with bind to your LXC fstab, usually located at

root@sfa2 ~ # cat /var/lib/lxc/dbslave1-1/config | grep fstab
lxc.mount
.entry
= /var/lib/lxc/dbslave1-1/fstab

Now restart container and enjoy.

root@sfa2 ~ # cat /var/lib/lxc/dbslave1-1/fstab
proc            proc         proc    nodev,noexec,nosuid 0 0
sysfs           sys          sysfs defaults  0 0
/mnt/sdc1       /var/lib/lxc/dbslave1-1/rootfs/sdc1  none bind     0 0

BTW: Your cannot see remained space via df -h. I don`t know how to solve this issue 🙁 🙁 🙁

How to remove backdore at inittab, left by ISP

Posted by on May 2, 2012 No comments

Suddenly I found backdore at our servers, leaved by our dedicated server provider, I will not say it`s name, because we already talk to them, get a big discount and solve this issue.
If their engineer press Alt+ArrowUp he obtain a root console, without login record displayed by lastlog.
dump-utmp help 🙂

r: ~ #aptitude install acct
  r: ~ # dump-utmp /var/log/wtmp

And here is a backdore:

r: ~ # cat /etc/inittab | grep kbre                                                                                                                
  #kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."                                                                          
  kb::kbrequest:/sbin/getty -n -l /bin/bash tty12 115200                                                                                                    
  r: ~ #

How to remove it.

 #!/bin/sh
 
  for v in ` mkipsec -l |  awk '{print $1}' | sed s/:/\ / | tr -d '\n' | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g"`;
  do
    s=`echo $v|sed 's/.*\.//'` ;
    printf "$s :\n";
    ssh -q -t  $s "sed -i s/kb\:\:/\#kb\:\:/ /etc/inittab" ;
  done

How to restore windows MBR from linux

Posted by on April 20, 2012 No comments

Just install collection of boot loaders (usually already installed)
And use DD, Luke 🙂 🙂

  #aptitude install syslinux
  #sudo dd if=/usr/lib/syslinux/mbr.bin of=/dev/sda
  # aptitude search syslinux
  i   syslinux                                                               - collection of boot loaders                                                      
  i   syslinux-common                                                        - collection of boot loaders (common files)

netperf – measuring network bandwidth

Posted by on March 12, 2012 No comments

Netperf is much better way to measure network bandwidth, then using ftp/sftp, as many OPS do.

stx153:~# aptitude search netperf 
p   netperf                                                   - Network performance benchmark                                      
stx153:~# aptitude install netperf

Remove startup links, we don`t need netperf to be started at runtime.

stx153:~# update-rc.d -f netperf remove
 Removing any system startup links for /etc/init.d/netperf ...
   /etc/rc0.d/K20netperf
   /etc/rc1.d/K20netperf
   /etc/rc2.d/S20netperf
   /etc/rc3.d/S20netperf
   /etc/rc4.d/S20netperf
   /etc/rc5.d/S20netperf
   /etc/rc6.d/K20netperf
stx153:~# 
#/etc/init.d/netperf start

How to test:
There are a lot of netperf options, in general, but usually we need only test and CPU.

:~#man netperf
:~# netperf -H server.mydomain.com -c -C
TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to server.mydomain.com (10.253.46.1) port 0 AF_INET : demo
Recv   Send    Send                          Utilization       Service Demand
Socket Socket  Message  Elapsed              Send     Recv     Send    Recv
Size   Size    Size     Time     Throughput  local    remote   local   remote
bytes  bytes   bytes    secs.    10^6bits/s  % S      % S      us/KB   us/KB
 87380  87380  87380    10.09        86.29   8.67     2.37     65.847  18.012