Author: tadmin

Bind named check named.conf db zone file check

~ tadmin

Before making any configuration changes to any services remember to create backup.

1. To check named server Bind main configuration file /etc/named.conf syntax use command:

# named-checkconf /etc/named.conf

2. To check zone file configuration use command:

# named-checkzone shkodenko.com /var/named/run-root/var/shkodenko.com
zone shkodenko.com/IN: loaded serial 201306071
OK
#

3. To apply configuation files changes use command:

# /sbin/service named reload
Reloading named: [ OK ]
#

Apache server status setup

~ tadmin

To set up server status page for web server Apache use the following commands:

1. Check Apache web service configuration files
# /sbin/service httpd configtest
Syntax OK

2. Make backup copy of main web server Apache configuration file
# cp -fvp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-2013-05-21.bak
`/etc/httpd/conf/httpd.conf’ -> `/etc/httpd/conf/httpd.conf-2013-05-21.bak’

3. Edit main web server Apache configuration file /etc/httpd/conf/httpd.conf with your favorite editor. Mine is vim.

3.1. Make sure status module is loaded:
LoadModule status_module modules/mod_status.so

3.2. Add these lines:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 11.123.44.56
</Location>

Where 11.123.44.56 is your IP address.
You can check your IP address here.

Now, you can check web server Apache status using URI /server-status e.g.: https://www.shkodenko.com/server-status

git change remote origin

~ tadmin

Sometimes you need to migrate remote git repository from one server to another.

I am using these commands to make migration:
[t.shkodenko@server1 git-projects]$ cd project
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.122:project.git (fetch)
origin git@192.168.1.122:project.git (push)
[t.shkodenko@server1 project]$ git remote rm origin
[t.shkodenko@server1 project]$ git remote add origin git@192.168.1.123:project.git
[t.shkodenko@server1 project]$ git config master.remote origin
[t.shkodenko@server1 project]$ git config master.merge refs/heads/master
[t.shkodenko@server1 project]$ git push origin master
Counting objects: 458, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (255/255), done.
Writing objects: 100% (458/458), 8.83 MiB | 14.93 MiB/s, done.
Total 458 (delta 175), reused 428 (delta 158)
To git@192.168.1.123:project.git
* [new branch] master -> master
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.123:project.git (fetch)
origin git@192.168.1.123:project.git (push)
[t.shkodenko@server1 project]$

rkhunter installation procedure

~ tadmin

To install rkhunter on Linux servers I am usually using the following procedure:

# mkdir -pv /root/install
# cd /root/install/
# wget -O rkhunter-1.tar.gz http://sourceforge.net/projects/rkhunter/files/latest/download?source=files
# tar xzf rkhunter*.tar.gz
# cd rkhunter*
# sh installer.sh --layout default --install

To find out where it is installed I am use command:
# whereis rkhunter
rkhunter: /usr/bin/rkhunter /etc/rkhunter.conf /usr/share/man/man8/rkhunter.8

To update rkhunter databases run:

# /usr/bin/rkhunter --update

[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
#

Also, I have created bash script:
# more /root/bin/update_and_check_rkhunter.sh

#!/bin/bash

date
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --versioncheck
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --update
/usr/bin/rkhunter -c --configfile /etc/rkhunter.conf --cronjob --propupd --createlogfile
date

#

… to check rkhunter version, update databases and run system check and added it to cron:
# crontab -l
1 2 * * 1 /root/bin/update_and_check_rkhunter.sh >/root/reports/update_and_check_rkhunter.log 2>&1

Problems with cPanel update MySQL conflicts with mysql-5.0.x

~ tadmin

To fix problem with cPanel / WHM upgrade if:

error: Failed dependencies:
MySQL conflicts with mysql-5.0.x

Read: http://docs.cpanel.net/bin/view/AllDocumentation/InstallationGuide/RPMTroubleshoot and forum posts http://forums.cpanel.net/f5/case-64049-overnight-update-failed-mysql-conflicts-mysql-5-0-77-4-el5_4-2-i386-320381.html

Made all MySQL databases backup and run command as root user:
# rpm -e –nodeps –allmatches –justdb mysql-5.0.x

It will resolve Conflict With Rogue mysql RPM.

Run cPanel / WHM update once again.

Apache .htaccess mod_rewrite rule redirect old URL to new one

~ tadmin ~ 1 Comment

Sometimes I need .htaccess mod_rewrite rule to redirect old URL to new one.
I am using the following rules:

# Add followsymlinks to server options
Options +FollowSymLinks

# It will work only if web server Apache mod_rewrite is enabled
<IfModule mod_rewrite.c>

# Turn on mod_rewrite engine
RewriteEngine On

# Should be added if virtual document root directive is used
RewriteBase /

# Redirect from /old-url
# to –> /new-url
RewriteCond %{REQUEST_URI} ^/old-url
RewriteRule ^old-url(.*)$ http://%{HTTP_HOST}/new-url$1 [NC,R=301,L]

</IfModule>

Notes:
%{REQUEST_URI} – web server Apache requested URL
%{HTTP_HOST} – your domain name: e.g. www.shkodenko.com or shkodenko.com
$1 – can be additional URL part including get parameters substituted from (.*)

MySQL full text search: minimum word length setting

~ tadmin

To set up full text search parameter minimum word length edit your main MySQL configuration file /etc/my.cnf.

In section
[mysqld]
# set minimum word length for full text search
ft_min_word_len=3

Restart MySQL using command:
# /etc/init.d/mysqld restart

Documentation: http://dev.mysql.com/doc/refman/5.0/en/fulltext-search.html

Linux ProFTPD setup passive mode

~ tadmin ~ 2 Comments

1. IPTables configuration.

If you have IPTables firewall enabled add rule
-A INPUT -m state –state NEW -m tcp -p tcp –dport 63000:65535 -j ACCEPT
to IPTables configuration file /etc/sysconfig/iptables
and restart IPTables service:
# /sbin/service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
#
To check if your new rule active run command:
# /sbin/iptables -vnL –line-numbers |more
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num pkts bytes target prot opt in out source destination

11 62 3720 ACCEPT tcp — * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:63000:65535

2. ProFTPD server configuration.

First step before making any changes to configuration files is to create backup:
# cp -fvp /etc/proftpd.conf /etc/proftpd.conf.bak

Second step is to check service configuration to make sure it is correct.
# proftpd -td10
Checking syntax of configuration file

Syntax check complete.

Add configuration lines to config file /etc/proftpd.conf:
MasqueradeAddress shkodenko.com
PassivePorts 63000 65535
under
ServerName “ProFTPD”
directive

Check service configuration to make sure it is correct after applying our changes.
# proftpd -td10
Checking syntax of configuration file

Syntax check complete.

Restart service.

If your ProFTPD server installed as part of xinetd:
# /sbin/service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]

If your ProFTPD server installed as standard Linux service:
# /sbin/service proftpd restart
or
# /etc/init.d proftpd restart