Friday, 22 November 2013

Error : Old version of mysqlclient15 is installed, which can lead to upgrade fail ( When upgrading from plesk 9.5.4 to plesk 11.x)

Detailed error encountered:
------------------------------------------------------------------------------------------------------
EMERGENCY: Old version of mysqlclient15 is installed, which can lead to upgrade
fail. You can apply workaround from article http://kb.parallels.com/en/113737?

* Kindly apply the workaround given by Plesk http://kb.parallels.com/en/113737
before you proceed to upgrade the plesk.
------------------------------------------------------------------------------------------------------

The reported error is occurred while upgrade of plesk. Parallels suggest the solution to it as
show in the KB.  http://kb.parallels.com/en/113737. The KB show how to apply the solution
once the upgrade is completed.  You can also try to upgrade the mysqlclient before upgrade for the
upgrade to go smoothly. Please make sure that you don't have any other external repos enabled and make sure that you about yum install if other packages are shown for upgrade. before confirming a yes.


Command summary usage
 ----------------------------------------------------------------
#yum update mysqlclient15
#rpm -qa | grep  mysqlclient15
----------------------------------------------------------------

Once Mysql client is upgraded please go ahead with the upgrade of plesk via autoinstaller
(/usr/local/psa/admin/bin/autoinstaller). The upgrade should go smoothly without any issues.

Learn & share
rzm



 

Wednesday, 20 November 2013

Enable Mod deflate in plesk servers (10.x,11.x)

 
In the latest plesk 10.x and 11.x there is an option to add Apache modules from GUI
under "Tools&Settings >> Apache Modules". It just needs selection and saving to 
enable Apache modules from the Plesk panel.

Once the module is enabled. We will have to make sure that it is loaded in the
configuration file by using the following command. 

-----------------------------------------------
grep 'mod_deflate' /etc/httpd/conf/httpd.conf
----------------------------------------------- 

if it is not loaded we will have to edit the http configuration file to enable it 
with the following command
 
------------------------------------------------------------------------------------- 
perl -pi -e 's/# LoadModule mod_deflate/LoadModule mod_deflate/g' /etc/httpd/conf/httpd.conf 
-------------------------------------------------------------------------------------
 
In normal cases it will be enabled. Once this is done it is a good ideas to back up the configuration file.  
 
--------------------------------------------------------------- 
cp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.bak 
---------------------------------------------------------------

Once the backup is done we will have to add up the following lines in httpd.conf using text editors like vi.

vi /etc/httpd/conf/httpd.conf
and add the following lines at the end of the configuration file.
---------------------------------------------------------------------------------
 #
 # Deflate output configuration
 #
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
--------------------------------------------------------------------------------- 
 
Please check the syntax is correct once editing the apache conf by using the following
command
------------------------ 
/usr/sbin/apachectl -t
------------------------
 
Please restart the Apache process for the configuration changes to take place.
 
----------------------------  
/usr/sbin/apachectl graceful  
----------------------------
 
 
Learn & Share.
rzm 

Monday, 18 November 2013

Error : 1030 Got error 28 from storage engine ( From Mysql DB)

Error : 1030 Got error 28 from storage engine


Error encountered:
----------------------------------------------------------------------------------------
ERROR: Zend_Db_Statement_Exception: SQLSTATE[HY000]: General error: 1030 Got error 28 from storage engine

Additionally, an exception has occurred while trying to report this error: Zend_Db_Statement_Exception
SQLSTATE[HY000]: General error: 1030 Got error 28 from storage engine (Pdo.php:234)

<http://kb.parallels.com/plesk-error/search?metaId=fefb2d1dcd85711d0535f0978c1de361&messageId=4b6a0cdec167dfaa64fc3fbe7dc2061e&file=Pdo.php&line=234&type=Zend_Db_Statement_Exception&message=SQLSTATE%5BHY%5D%3A+General+error%3A++Got+error++from+storage+engine> Search for related Knowledge Base articles
----------------------------------------------------------------------------------------


Cause: The reported issue is mosly caused due to limited space in server or temp folder.


Solution : Just free up space in the server and temp folders.


Command usage:

Use df -h to check disk space in the server and /tmp.
Also check out the permissions for /tmp directory.


Reference: http://stackoverflow.com/questions/10631387/1030-got-error-28-from-storage-engine

Learn and share
rzm

Saturday, 16 November 2013

dpkg cheat sheet


Syntax                                 Explanation                                            Example
dpkg -i {.deb package}      Install the package                                 dpkg -i zip_2.31-3_i386.deb

dpkg -i {.deb package}      Upgrade package if it is installed          dpkg -i zip_2.31-3_i386.deb
                                           else install a fresh copy of package

dpkg -R {Directory-name}Install all packages recursively             dpkg -R /tmp/downloads
                                            from directory

dpkg -r {package}              Remove/Delete an installed package    dpkg -r zip
                                           except configuration files

dpkg -P {package}            Remove/Delete everything including     dpkg -P apache-perl
                                           configuration files

dpkg -l                               List all installed packages, along             dpkg -l,dokg -l | less,
                                          with package version and short                dpkg -l '*apache*'
                                          description                                                dpkg -l | grep -i 'sudo'



dpkg -l {package}             List individual installed packages,           dpkg -l apache-perl
                                          along with package version and
                                          short description
dpkg -L {package}           Find out files are provided by the            dpkg -L apache-perl,dpkg -L perl
                                          installed package i.e. list where
                                          files were installed

dpkg -c {.Deb package}    List files provided (or owned) by            dpkg -c dc_1.06-19_i386.deb
                                          the package i.e. List all files
                                          inside debian .deb package file,
                                          very useful to find where files
                                          would be installed    
dpkg -S {/path/to/file}     Find what package owns the file              dpkg -S /bin/netstat
                                         i.e. find out what package does                dpkg -S /sbin/ippool
                                         file belong    

dpkg -p {package}           Display details about package                  dpkg -p lsof
                                          package group, version, maintainer,
                                          Architecture, display depends
                                          packages, description etc    
dpkg -s {package} | grep Status Find out if Debian package            dpkg -s lsof | grep Status
                                        is installed or not (status)

apt-get cheatsheet

apt-get install {package}     :Install the new package. If package is installed then try to upgrade
                                 to latest version apt-get install zip apt-get install lsof samba mysql-client
apt-get remove {package}     :Remove/Delete an installed package except configuration files    
                                 apt-get remove zip
apt-get --purge remove {package}:Remove/Delete everything including configuration files    
                                  apt-get --purge remove mysql-server

apt-get upgrade, apt-get update: Resynchronize the package index files and Upgrade the Debian Linux system
                                 including security update (Internet access required)     apt-get update apt-get upgrade

apt-get update,apt-get dist-upgrade: Usually use to upgrade to Debian distribution. For example Woody to
                                     Sarge upgrade. 'dist-upgrade' in addition to performing the function
                                     of upgrade, also intelligently handles changing dependencies with new
                                     versions of packages; apt-get has a "smart" conflict resolution system,
                                     and it will attempt to upgrade the most important packages at the expense
                                     of less important ones if necessary.    

Cron cheatsheet

# Cron cheatsheet
#
# * * * * * command to be executed
# - - - - -
# | | | | |
# | | | | +- - - - day of week (0 - 6) (Sunday=0)
# | | | +- - - - - month (1 - 12)
# | | +- - - - - - day of month (1 - 31)
# | +- - - - - - - hour (0 - 23)
# +- - - - - - - - minute (0 - 59)

# Alarm clock set to 6:30AM
# 30 6 * * * /home/nano/alarm

For several fields, you may denote subdivision by using the forward-slash (/) character. To execute a job every 5 minutes, */5 in the minutes field would specify this condition.

Spans may be indicated using the dash (-) character. To execute a job Monday through Friday, MON-FRI should be used in the day-of-week field.

Multiple values may be separated using the comma (,) character. The specification of 1,15 in the day-of-month field would result in the job firing on the 1st and 15th of each month.

Either day-of-month or day-of-week must be specified using the ? character, since specifying both is contradictory.

Tuesday, 12 November 2013

How to set up VPN server in linux

I will show you how to configure a VPN server with pptpd. It can also be installed with L2TP or OpenVPN. I have not tried the later.


1) Install ppp in the server
2) Download pptpd-1.3.4-2.rhel5.x86_64.rpm in the server
3) Install the downloaded pptpd rpm package in the server
4) Edit IP setting in the pptpd.conf (/etc/pptpd.conf) you will have to specify the server
   address and the network range (localip,remoteip)
5) Add user accounts in /etc/ppp/chap-secrets (assign username and password)
   in the specified format.
   ---------------------------------------------------------
   # client    server    secret            IP addresses
     rasimvs pptpd password *
   ---------------------------------------------------------
6) You can also do the optional settings of DNS resolver
   /etc/ppp/options.pptpd

    ms-dns 8.8.8.8
    ms-dns 4.4.4.4
7) Enable Network forwarding in /etc/sysctl.conf
     net.ipv4.ip_forward = 1
     sysctl -p
8) Configure firewall rules using the following commands

---------------------------------------------------------
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart
---------------------------------------------------------
9) Add pptp to check config so that it is started on restarts 
    chkconfig pptpd on

10) restart the pptpd service or may be restart theserver.


Command summary on this regard.

--------------------------------------------------------------------------------------------------------------------------
yum install ppp
cd /usr/local/src/ 
wget http://lnmpp.googlecode.com/files/pptpd-1.3.4-2.el6.x86_64.rpm 
rpm -Uvh pptpd-1.3.4-2.el6.x86_64.rpm
vi /etc/pptpd.conf 
vi /etc/ppp/chap-secrets 
vi /etc/ppp/options.pptpd 
vi /etc/sysctl.conf 
sysctl -p
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart
chkconfig pptpd on
getenforce  
vi /etc/selinux/config 
init 6
--------------------------------------------------------------------------------------------------------------------------

Monday, 11 November 2013

Yum clean all options

The following are the ways which you can invoke yum in clean mode. Note
that "all files" in the commands below means "all files in currently
enabled repositories". If you want to also clean any (temporarily)
disabled repositories you need to use --enablerepo='*' option.

yum clean expire-cache
Eliminate the local data saying when the metadata and mir‐
rorlists were downloaded for each repo. This means yum will
revalidate the cache for each repo. next time it is used. How‐
ever if the cache is still valid, nothing significant was
deleted.

yum clean packages
Eliminate any cached packages from the system. Note that pack‐
ages are not automatically deleted after they are downloaded.

yum clean headers
Eliminate all of the header files, which old versions of yum
used for dependency resolution.

yum clean metadata
Eliminate all of the files which yum uses to determine the
remote availability of packages. Using this option will force
yum to download all the metadata the next time it is run.

yum clean dbcache
Eliminate the sqlite cache used for faster access to metadata.
Using this option will force yum to download the sqlite metadata
the next time it is run, or recreate the sqlite metadata if
using an older repo.

yum clean rpmdb
Eliminate any cached data from the local rpmdb.

yum clean plugins
Tell any enabled plugins to eliminate their cached data.







                                
Learn and share
rzm

How to enable EPEL repository in RHEL/Centos6 64bit

EPEL (Extra Packages for Enterprise Linux) is open source repository based on Fedora which provides additional softwares for linux which could be installed using  yum.

Basically this just involves 4 steps
1) Login as root user or (do su  - and make user root)
2) Downloading the rpm package for enabling the repository for yum.
3) Install it via rpm commands.
4) Use yum command to  clean current settings(clears information of all 
    enabled  repo)

You can also check the currently enabled repository list by the command
 "yum repolist "


Command summary
------------------------------------------------------------------------------
#su - 
#wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
#rpm -ivh epel-release-6-8.noarch.rpm
#yum clean all
#yum repolist 
------------------------------------------------------------------------------ 
 
 
Note: change "x86_64" to i386 for  32 bit OS

hope this helps you.
rzm
 
 
 









IP tables basic overview and usage

I have been working with iptables for quiet some time. iptables rules are stored iin the file /etc/sysconfig/iptables

There are mainly 3 tables under iptables filter,nat and mangle
filter : used for packet filtering
nat    : used to provide packet modification capabilities; NAT/PAT and IP masquerading
mangle : used for setting packet options and marking packets for further filtering or routing

We deal with filter table here,Some of the basic commands which we need to understand when manipulating the default table filter of iptables are as follows

iptables -L INPUT %To list the currently loaded iptable rules in INPUT chain %
iptabes-save % command to save the currently configured iptable rules%
iptables -C %command to check whether the reported command is already there in theiptables%
iptables -N % creates a new chain with a user specified name
iptables -t filter -A INPUT -j <customchain> %Adding custom chain to iptables%
iptables -g %Jump to chain with no return%
iptables -t %Table to manupulate default is filter%
iptables -t filter -A INPUT -j <custom-chain> % Adding custom chain to the INPUT table%
iptables -X <chain-name> % If you want to delete the iptables chain you have created%
iptables -A INPUT 4 -s 192.168.1.0/24 -j ACCEPT % Inputs the rule in a specific location %
iptables -A INPUT -m limit --limit % using module limit state etc%


Kernal files which could be used to prevent and during attack

# PREVENT YOU SYSTEM FROM ANSWERING ICMP ECHO REQUESTS
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

# DROP ICMP ECHO-REQUEST MESSAGES SENT TO BROADCAST OR MULTICAST ADDRESSES
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# DONT ACCEPT ICMP REDIRECT MESSAGES
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

# DONT SEND ICMP REDIRECT MESSAGES
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects

# DROP SOURCE ROUTED PACKETS
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route

# ENABLE TCP SYN COOKIE PROTECTION FROM SYN FLOODS
echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# ENABLE SOURCE ADDRESS SPOOFING PROTECTION
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

# LOG PACKETS WITH IMPOSSIBLE ADDRESSES (DUE TO WRONG ROUTES) ON YOUR NETWORK
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians

# DISABLE IPV4 FORWARDING
echo 0 > /proc/sys/net/ipv4/ip_forward

###############
# INPUT

# DROP INVALID
$IPTABLES -A INPUT -m state --state INVALID -j DROP

# ALLOW ONLY ESTABLISHED, RELATED
$IPTABLES -A INPUT -p tcp -i $PUBIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A INPUT -p udp -i $PUBIF -m state --state ESTABLISHED,RELATED -j ACCEPT

# DROP INVALID SYN PACKETS
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# MAKE SURE NEW INCOMING TCP CONNECTIONS ARE SYN PACKETS; OTHERWISE WE NEED TO DROP THEM
$IPTABLES -A INPUT -p tcp ! --syn -m state --state NEW -j DROP

# DROP PACKETS WITH INCOMING FRAGMENTS. THIS ATTACK RESULT INTO LINUX SERVER PANIC SUCH DATA LOSS
$IPTABLES -A INPUT -f -j DROP

# DROP INCOMING MALFORMED XMAS PACKETS
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP

# DROP INCOMING MALFORMED NULL PACKETS
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

###############
# OUTPUT

# DROP INVALID
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP

# DROP INVALID SYN PACKETS
$IPTABLES -A OUTPUT -p tcp --tcp-flags ALL ACK,RST,SYN,FIN -j DROP
$IPTABLES -A OUTPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
$IPTABLES -A OUTPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# MAKE SURE NEW OUTGOING TCP CONNECTIONS ARE SYN PACKETS; OTHERWISE WE NEED TO DROP THEM
$IPTABLES -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP

# DROP PACKETS WITH OUTGOING FRAGMENTS. THIS ATTACK RESULT INTO LINUX SERVER PANIC SUCH DATA LOSS
$IPTABLES -A OUTPUT -f -j DROP

# DROP OUTGOING MALFORMED XMAS PACKETS
$IPTABLES -A OUTPUT -p tcp --tcp-flags ALL ALL -j DROP

# DROP OUTGOING MALFORMED NULL PACKETS
$IPTABLES -A OUTPUT -p tcp --tcp-flags ALL NONE -j DROP