Enable display of hidden dot files in VSFTPD

September 11, 2013 ~ tadmin

To enable display of hidden dot files in VSFTPD edit main configuration file /etc/vsftpd/vsftpd.conf
Add configuration directive:

force_dot_files=YES

and restart service using command:

# /sbin/service vsftpd restart

bind named error: zone NS has no address records A or AAAA

August 12, 2013June 3, 2015 ~ tadmin

Today I have found bind named error on one of my Linux servers in main server log file /var/log/messages

Aug 12 19:39:53 shkodenko named: zone shkodenko.com/IN: NS 'ns.shkodenko.com' has no address records (A or AAAA)
Aug 12 19:39:53 shkodenko named: zone shkodenko.com/IN: not loaded due to errors.
Aug 12 19:39:53 shkodenko named: _default/shkodenko.com/IN: bad zone

Command to start bind named service:

# /sbin/service named start

has failed with errors listed above.

To fix this error I have added NS and A records to zone file /var/named/chroot/var/shkodenko.com:

shkodenko.com.               IN NS   ns.shkodenko.com.
ns.shkodenko.com.            IN A    217.20.163.193

Also, I have changed zone serial number.
I have started bind named service using command:

# /sbin/service named start

Error messages has disappeared.

PHP Fatal error: Allowed memory size of M bytes exhausted (tried to allocate N bytes) in

August 8, 2013December 18, 2014 ~ tadmin

To fix PHP Fatal error: Allowed memory size of M bytes exhausted (tried to allocate N bytes) in /path/to/file.php PHP configuration parameter memory_limit should be changed respectively.

If PHP is runned as module (web server Apache). It can be done in .htaccess configuration file:

# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_value memory_limit 128M
</IfModule>

where 128M – is desired increased value.

Web server Apache should be restarted to apply new configuration parameter using command:

# /sbin/service httpd graceful

PHP values and flags can be customized in .htaccess only if no php_admin_flag or php_admin_value directives are set on virtual host configuration level.

If PHP is runned as CGI (FastCGI) php.ini configuration directive should be changed with desired value.

Fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux

July 29, 2013May 20, 2021 ~ tadmin ~ 2 Comments

I am using the following fail2ban configuration for ProFTPd with Plesk on RHEL CentOS Fedora Redhat-based Linux (because default one is not working for me properly).

File /etc/fail2ban/jail.local or /etc/fail2ban/jail.conf if you have not installed fail2ban using yum package manager which will overwrite your custom configuration files each time you update the package.

[proftpd-iptables]

enabled  = true
filter   = proftpd
action   = iptables[name=ProFTPD, port=ftp, protocol=tcp]
           sendmail-whois[name=ProFTPD, dest=serveradmin@shkodenko.com]
logpath  = /var/log/secure
maxretry = 7

Filter configuration file: /etc/fail2ban/filter.d/proftpd.conf

# Fail2Ban configuration file
#
# Author: Yaroslav Halchenko
#
# $Revision: 728 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
# failregex = \(\S+\[<HOST>\]\)[: -]+ USER \S+: no such user found from \S+ \[\S+\] to \S+:\S+$
#             \(\S+\[<HOST>\]\)[: -]+ USER \S+ \(Login failed\): Incorrect password\.$
#             \(\S+\[<HOST>\]\)[: -]+ SECURITY VIOLATION: \S+ login attempted\.$
#             \(\S+\[<HOST>\]\)[: -]+ Maximum login attempts \(\d+\) exceeded$
#
# default failregex does not work @see http://www.howtoforge.com/forums/showthread.php?t=35089
#

failregex = ^(.)+proftpd(.)+\[<HOST>\](.)*no such user found from (.)* to (.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*USER(.)*Login failed(.)*Incorrect password(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*SECURITY VIOLATION:(.)*login attempted(.)*$
            ^(.)+proftpd(.)+\[<HOST>\](.)*Maximum login attempts(.)*exceeded(.)*$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

To check new ban regex use command:

# /usr/bin/fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/proftpd.conf

Restarted fail2ban using command:

# /sbin/service fail2ban restart

Reconfigure vhost in Plesk 10.4.4 add custom web server configuration file

July 24, 2013June 3, 2015 ~ tadmin

Plesk Control Panel version 10.4.4 does not allow to create aliases for subdomains.

To fix it I have created two custom configuration files:

[root@shkodenko ~]# more /var/www/vhosts/dev.shkodenko.com/conf/vhost*conf
::::::::::::::
/var/www/vhosts/dev.shkodenko.com/conf/vhost.conf
::::::::::::::
ServerAlias dev.shkodenko1.com
ServerAlias dev.shkodenko2.com
::::::::::::::
/var/www/vhosts/dev.shkodenko.com/conf/vhost_ssl.conf
::::::::::::::
ServerAlias dev.shkodenko1.com
ServerAlias dev.shkodenko2.com
[root@shkodenko ~]#

and reconfigured subdomain using command:

[root@shkodenko ~]# /usr/local/psa/admin/sbin/httpdmng --reconfigure-domain dev.shkodenko.com

I have checked web server Apache configuration

[root@shkodenko ~]# /sbin/service httpd configtest

and restarted it:

[root@shkodenko ~]# /sbin/service httpd graceful

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0

July 17, 2013December 18, 2014 ~ tadmin

To fix error message:

PHP Warning: Unknown: Input variables exceeded 1000. To increase the limit change max_input_vars in php.ini. in Unknown on line 0

Change/add PHP ini configuration directive max_input_vars default value in main configuration file /etc/php.ini and restart web server Apache using command:

# /sbin/service httpd graceful

Get list of Linux users with shell access

July 15, 2013July 15, 2013 ~ tadmin

To get list of Linux users with shell access (/bin/sh, /bin/bash) the following command can be used:

# cat /etc/passwd |egrep "/bin/.*sh" |cut -f1 -d':' |sort

Shell script to remove Plesk health monitor package for RPM-based Linux RHEL CentOS Fedora etc

July 10, 2013June 3, 2015 ~ tadmin

Because I have tired from annoying e-mail messages with subject alarm level changed which are killing me.

I can`t find how to disable them in Plesk control panel.

I have developed simple script to remove Plesk health monitor package for RPM-based Linux: RHEL, CentOS, Fedora etc.

#!/bin/sh

RPM_NAME="`rpm -qa |grep -i psa-health-monitor`"

if [ -z "$RPM_NAME" ];
then
        echo "Plesk health monitor package has not found"
else
        echo "Found Plesk health monitor package: $RPM_NAME"
        rpm -e $RPM_NAME
fi

ERROR 2003 (HY000): Can’t connect to MySQL server on ‘server IP’ (10061)

July 8, 2013July 15, 2013 ~ tadmin

If you see error messages below:

Can’t connect to MySQL server on ‘Server IP’ (10061):
ERROR 2003 (HY000): Can’t connect to MySQL server on ‘Server IP’ (110)
Server did not respond within the specified timeout interval

And checking port using telnet utility
$ telnet ‘Server IP’ 3306

Gives error message:
Trying ‘Server IP’…
telnet: connect to address ‘Server IP’: Connection timed out

It is possible because MySQL server TCP port 3306 is closed on server in firewall.

Courier imap connections limit error

July 2, 2013July 2, 2013 ~ tadmin

To fix courier-imap connections limit errors like shown below:

Thunderbird
Unable to connect to your IMAP server. You may have exceeded the maximum number of connections to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections.

Edit configuration file /etc/courier-imap/imapd parameters:

MAXDAEMONS=40
MAXPERIP=4

Restart courier-imap service.