Linux » Mochabomb

Archive for the ‘Linux’ Category

servercheck – keep processes running

November 8th, 2010

Its a process/server babysitter that will manage, monitor and restart processes as needed to keep things running. Alerting has been configured to not be too annoying, else the logging will enough information to go back later and retrace steps.

I use this on my cpanel server – processes die and need restart occasionally, but I have been using a variation of this for 3 years now. Some wheels were re-invented along the way – but I am learning OO perl and this is something I’ve meant to re-write since 2007 properly.. This is much closer to what I envisioned.

download servercheck

Install steps: all done in the config file – see INSTALL in zip file
0. Configure what processes to run
1. How/when to check, stop/start/restart and frequency
2. When NOT to check – like NOT restart apache when yum is running
3. How often to send email/text via email alerts..

Use perldoc or servercheck.pl -h to see the help for the modules. See INSTALL and README for info..

This was tested on cpanel and direct admin servers – will work with any *nix that has perl installed and with tweaking of course.

Expect about 1/2 hour to configure the first machine. A cpanel and direct admin were
different enough it took 20 minutes to configure the direct admin machine…

Leave your comment »

Posted in Linux

Parallels Bug – root login reset when change hostname

June 15th, 2009

Sent this to Parallels yesterday – hope they fix it..

==================================

Hi,

This weekend after 5 months accessed the Parallels control panel and “corrected” my server from the initial hostname, and did other maint and stumbled onto a bug, well what seems to me a bug.

It can be replicated like this:

For purposes of this say root was originally “root#ABC” and the new one is “root#DEF”

1. At the command line of the VPS, change root to something else, in this case change from root#ABC to root#DEF

2. In the Parallels automation change the hostname of the VPS.

3. The root password will now be set back to the old one.

I’d like to have been warned instead of wondering for a few hours why my server root password changed. Glad to know why – and that it was not rooted.

Leave your comment »

Posted in hosting, Linux, VPS

Drop Bogon IP’s quickly and easily

October 15th, 2008

Blocking bogon’s is good for you and your servers health – only because they are generally un-assigned by IANA or the RIR. These bogus IP blocks are perfect for spamming and criminal activity. Read more about them here.

To block these, I wrote this a while back and while hits may be low, in case they ever get routed or make it to my box. I do need to expand to allow updates if a block is now assigned.

#!/bin/sh
#
# Drop all these bad IP's
#
TMPFILE=/tmp/`apg -a 1 -M nc -n 1 -m 26`

touch $TMPFILE

curl -s http://www.spamhaus.org/drop/drop.lasso |grep ^[1-9]|cut -f 1 -d ' ' > $TMPFILE  

for IP in `cat $TMPFILE`; do
    /sbin/shorewall drop $IP
    sleep 5
done

Run this as a cron or in sync with reloading IP tables.

Leave your comment »

Posted in Linux, Security

Cron errors – cron’s not running etc.. (CentOS 5.2)

September 27th, 2008

Had these errors recently on the exodus and genesis servers – been a lot of recent work on these…

pam_access(crond:account): access denied for user `someuser' from `cron'
crond[9985]: CRON (someuser) ERROR: failed to open PAM security session: Success
crond[9985]: CRON (someuser) ERROR: cannot set security context

This link solved it:

http://hostechs.com/2008/07/cron-error-failed-to-open-pam-security-session/

* /etc/cron.allow – add users to this file

* /etc/security/access.conf – comment out

# All other users should be denied to get access from all sources.
#- : ALL : ALL
# -:ALL EXCEPT root:LOCAL

Leave your comment »

Posted in Linux

Dual NIC setup with CentOS – public and local interfaces

May 7th, 2008

I learned again the value of this configuration – rebooted and my public interface did not come up, but the local one was fine. Simply telnet’d in from another local machine, fixed the issue and rebooted and now all is well. My configs worked for a year – not nor more.. in /etc/sysconfig/networking/devices/ifcfg-eth1 – the issue was the BOOTPROTO – was either giving the mac as 00:00:00:00:00:00 or nothing at all.

GATEWAY=192.168.1.100
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:11:f7:77:34:9e
BOOTPROTO=none     < -------- changed to static
NETMASK=255.255.255.0
IPADDR=192.168.1.12
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes

changed BOOTPROTO=static:

GATEWAY=192.168.1.100
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:11:f7:77:34:9e
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=192.168.1.12
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes

.. then rebooted and all is well again. It seems a good test is if something survives 2 reboots, its golden. After one reboot the kernel/kudzu/other/undo its still “new” to the system for that boot (hey look, a new card! Lets autoconfigure…), after the second its no longer “new”, then it breaks on the second reboot (say the card did not configure, might be skipped). If some change survives a reboot, great – I test, and if successful reboot right away. If something survives 2 reboots, I generally consider the the fix reliable and can relax.

So why do this? If you have to servers, its easy, what about only one colocated server? What if do not have an IP KVM? Get a $69 Mikrotik router to use as a secondary local access device (LAD)- they use 5W of power and are the size of a small switch – just will need an extra power outlet – I am sure if you explain to your ISP how service calls will be avoided, they’ll let you use an extra outlet. I use this as a backup to the backup LAD – works well. Set 2 ports in bridged mode and it will act like a switch, the assign an IP to the bridge (not the individual interfaces).

The config tool system-config-network is good for a single port system – for dual/triple NIC for local, DMZ and advanced networking, you need to do this by hand. The key entry is the GATEWAYDEV – this sets up the routing correctly – as seen in netstat -r

Here is a configuration for dual NIC with eth0 local and eth1 private – your names may be different – tweak as necessary.
/etc/sysconfig/network

NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=host.example.com
GATEWAYDEV=eth1
MOUNTD_PORT=4002

/etc/sysconfig/networking/devices/eth0 - local network card

# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
GATEWAY=192.168.10.1
TYPE=Ethernet
DEVICE=eth0
HWADDR=00:98:c7:16:77:43
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=192.168.10.2
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes

/etc/sysconfig/networking/devices/eth1 - public network card

# nVidia Corporation MCP51 Ethernet Controller
DEVICE=eth1
BROADCAST=1.1.1.15
HWADDR=00:47:e1:6f:3e:27
IPADDR=1.1.1.4
NETMASK=255.255.255.240
NETWORK=1.1.1.0
ONBOOT=yes
TYPE=Ethernet
GATEWAY=1.1.1.1
USERCTL=no
IPV6INIT=no
PEERDNS=yes

Reboot your system – though a restart is nice service networking restart; service [firewall software] restart, if your changes survive a couple reboots you can be sure its correct. If this is for a live system in a far away datacenter, test it at home first, then one more time, get some coffee, then test again.

[root@host devices]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
1.1.1.0    *               255.255.255.240 U         0 0          0 eth1
192.168.10.0    *               255.255.255.0   U         0 0          0 eth0
169.254.0.0     *               255.255.0.0     U         0 0          0 eth1
default         1.1.1.1    0.0.0.0         UG        0 0          0 eth1

Leave your comment »

Posted in Cygwin Linux, Linux, Networking, Subversion

Tags: centos network nics routing

« Older Entries