web development and system administration of Linux
If you see error messages below:
And checking port using telnet utility
$ telnet ‘Server IP’ 3306
Gives error message:
Trying ‘Server IP’…
telnet: connect to address ‘Server IP’: Connection timed out
It is possible because MySQL server TCP port 3306 is closed on server in firewall.
To fix courier-imap connections limit errors like shown below:
Thunderbird
Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections.
Edit configuration file /etc/courier-imap/imapd parameters:
Restart courier-imap service.
To get installed Drupal version from MySQL database use the following SQL query:
select name,type,info from system where type = 'module' and name = 'node';
Inside info you will see serialized data something like:
s:7:”package”;s:4:”Core”;s:7:”version”;s:4:”7.22″
or
s:7:”package”;s:15:”Core – required”;s:7:”version”;s:4:”6.28″
To protect your server with Plesk control panel from zero day exploit the following fail2ban configuration can be added:
1. Added custom config with the following regex:
# more /etc/fail2ban/filter.d/apache-plesk-vulnerability.conf
# Fail2Ban configuration file
#
# Author: Taras Shkodenko
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named “host”. The tag “
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P
# Values: TEXT
#
failregex = ^
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
#
2. Added these lines to fail2ban configuration file: /etc/fail2ban/jail.conf
#
#
# Ban attackers that try to use Plesk zero day vulnerability
#
[apache-plesk-vulnerability]
enabled = true
filter = apache-plesk-vulnerability
action = iptables-multiport[name=apachePleskVulner, port=”http,https”, protocol=tcp]
sendmail-whois[name=apachePleskVulner, dest=serveradmin@shkodenko.com]
logpath = /var/log/httpd/access_log
maxretry = 1
#
3. To check new ban regex use command:
# /usr/bin/fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-plesk-vulnerability.conf
4. Restarted fail2ban using command:
# /sbin/service fail2ban restart
To find files and fix permissions example bash script below can be used:
$ ./find_fix_permissions.sh
#!/bin/bash
CORRECT_PERMISSIONS=644
SEARCH_FOLDER="./images/"
if [ "$(find $SEARCH_FOLDER -type f ! -perm $CORRECT_PERMISSIONS -print)" ]; then
find $SEARCH_FOLDER -type f ! -perm $CORRECT_PERMISSIONS -print0 |xargs -0 chmod -fv $CORRECT_PERMISSIONS
fi
$
It searches all files in folder SEARCH_FOLDER including sub-folders and if these files found correct permissions set in variable CORRECT_PERMISSIONS
To fix .htaccess error message: Invalid command ‘AuthUserFile’, perhaps misspelled or defined by a module not included in the server configuration
add directive
LoadModule authn_file_module modules/mod_authn_file.so
to main web server Apache configuration file /etc/httpd/conf/httpd.conf
check web server Apache configuration:
# /sbin/service httpd configtest
and reload web server using command:
# /sbin/service httpd graceful
Before making any configuration changes to any services remember to create backup.
1. To check named server Bind main configuration file /etc/named.conf syntax use command:
# named-checkconf /etc/named.conf
2. To check zone file configuration use command:
# named-checkzone shkodenko.com /var/named/run-root/var/shkodenko.com
zone shkodenko.com/IN: loaded serial 201306071
OK
#
3. To apply configuation files changes use command:
# /sbin/service named reload
Reloading named: [ OK ]
#
To install Drush for Drupal use commands:
# pear channel-discover pear.drush.org # pear install drush/drush
To view help:
# drush --help
Drush options description also available at http://drush.ws/
To set up server status page for web server Apache use the following commands:
1. Check Apache web service configuration files
# /sbin/service httpd configtest
Syntax OK
2. Make backup copy of main web server Apache configuration file
# cp -fvp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-2013-05-21.bak
`/etc/httpd/conf/httpd.conf’ -> `/etc/httpd/conf/httpd.conf-2013-05-21.bak’
3. Edit main web server Apache configuration file /etc/httpd/conf/httpd.conf with your favorite editor. Mine is vim.
3.1. Make sure status module is loaded:
LoadModule status_module modules/mod_status.so
3.2. Add these lines:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 11.123.44.56
</Location>
Where 11.123.44.56 is your IP address.
You can check your IP address here.
Now, you can check web server Apache status using URI /server-status e.g.: https://www.shkodenko.com/server-status
Sometimes you need to migrate remote git repository from one server to another.
I am using these commands to make migration:
[t.shkodenko@server1 git-projects]$ cd project
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.122:project.git (fetch)
origin git@192.168.1.122:project.git (push)
[t.shkodenko@server1 project]$ git remote rm origin
[t.shkodenko@server1 project]$ git remote add origin git@192.168.1.123:project.git
[t.shkodenko@server1 project]$ git config master.remote origin
[t.shkodenko@server1 project]$ git config master.merge refs/heads/master
[t.shkodenko@server1 project]$ git push origin master
Counting objects: 458, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (255/255), done.
Writing objects: 100% (458/458), 8.83 MiB | 14.93 MiB/s, done.
Total 458 (delta 175), reused 428 (delta 158)
To git@192.168.1.123:project.git
* [new branch] master -> master
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.123:project.git (fetch)
origin git@192.168.1.123:project.git (push)
[t.shkodenko@server1 project]$
