UnixServerAdmin

Server Administration & Management

How to Remove Unwanted route to 169.254.0.0 in RHEL Linux

Every time the system boots, You may have seen the following with the route to 169.254.0.0.

# route
Kernel IP routing table
Destination     Gateway                 Genmask        Flags    Metric      Ref      Use    Iface
10.10.2.0             *                255.255.255.0       U           0         0        0      bond0
10.10.2.0             *                255.255.255.0       U           0         0        0      eth3
169.254.0.0         *                 255.255.0.0          U           0         0        0      eth3
default           10.10.2.254         0.0.0.0              UG          0         0        0      bond0

This is the zeroconf route (169.254.0.0). You manually disable it by turning off the firewall and remove the route with 169.254.0.0 / 255.255.0.0 using the route command.

Permanent Solution: To disable the zeroconf route during system boot, edit the /etc/sysconfig/network file and add the following NOZEROCONF value to the end of the file:

NETWORKING=YES
HOSTNAME=localhost.localdomain
NOZEROCONF=yes

Layman Explanation: Zeroconf, or Zero Configuration Networking, is a set of techniques that automatically create a usable IP network without configuration or special servers. This allows inexpert users to connect computers, networked printers, and other network devices and expect a functioning network to be established automatically. Without Zeroconf, a user must either set up special services, like DHCP and DNS, or set up each computer’s network settings manually, which may be challenging for non-technical or novice users.

Advertisements

August 30, 2012 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment

How to recover accidentally deleted .bash_profile

Issue : How to recover server’s .bash_profile which got deleted accidentally ?

Solution : This can be restored from /etc/skel. Copy the required file to /root and log in to the server again.

# cp -rvdf /etc/skel/.bash_profile /root/

That should resolve the issue.

August 25, 2012 Posted by | Tips & Tricks, Unix/Linux | , , | Leave a comment

How to Install Ruby on Rails

Here is following steps to install:-

# wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.5-p2.tar.gz

# tar xzvf ruby-1.8.5-p2.tar.gz

# cd ruby-1.8.5-p2

# ./configure

# make

# make install

# cd /root/source

# wget http://rubyforge.org/frs/download.php/11289/rubygems-0.9.0.tgz

# tar xzvf rubygems-0.9.0.tgz

# cd rubygems-0.9.0

# ruby setup.rb

# gem install rails –include-dependencies

# gem install mongrel –include-dependencies

# gem install mongrel_cluster –include-dependencies

That’s it.

August 20, 2012 Posted by | Ruby on Rail | , | Leave a comment

Unable to open pty: No such file or directory in Virtuozzo

# vzctl enter 1053
enter into VE  1053failed
Unable to open pty: No such file or directory

Solution :-

# vzctl exec 1053 /sbin/MAKEDEV tty

# vzctl exec 1053 /sbin/MAKEDEV pty

# vzctl enter 1053

Restart that VE.

August 15, 2012 Posted by | Virtualization, Virtuozzo | , | Leave a comment

sysctl-tunner-update.sh

##############################################################################
# sysctl is an interface that allows you to make changes to a running Linux kernel.    ####################### ####################
# With /etc/sysctl.conf you can configure various Linux networking and system settings such as: ########################################
###############################################################################
## 1. Limit network-transmitted configuration for IPv4 ################################################################
## 2. Limit network-transmitted configuration for IPv6 ################################################################
## 3. Turn on execshield protection ###########################################################################
## 4. Prevent against the common ‘syn flood attack’ ##################################################################
## 5. Turn on source IP address verification ######################################################################
## 6. Prevents a cracker from using a spoofing attack against the IP address of the server. ############################################
## 7. Logs several types of suspicious packets, such as spoofed packets, source-routed packets & redirects. ###################################
##############################################################################
# The sysctl command is used to modify kernel parameters at runtime. /etc/sysctl.conf is a text file containing sysctl values to be read in and set by sysct at boot time. ##
#!/bin/bash

function sysctlw {
if [ `grep -c $1 /etc/sysctl.conf` -eq 0 ]; then
echo “$1=$2“ >> /etc/sysctl.conf
echo “Added sysctl preference ‘$1‘=’$2‘”
fi
}

echo “Tuning network stack..”

# Controls IP packet forwarding
sysctlw    “net.ipv4.ip_forward”                “0“
sysctlw    “net.ipv4.conf.default.rp_filter”        “1“

# Controls the System Request debugging functionality of the kernel
sysctlw    “kernel.sysrq”                    “0“
sysctlw    “kernel.core_uses_pid”                “0“
sysctlw    “net.ipv4.ipfrag_time”                “30“
sysctlw    “net.core.rmem_default”                “262141“
sysctlw    “net.core.rmem_max”                “12582912“
sysctlw    “net.ipv4.tcp_rmem”                “10240 87380 12582912“
sysctlw    “net.core.wmem_default”                “262141“
sysctlw    “net.core.wmem_max”                “12582912“
sysctlw    “net.ipv4.tcp_wmem”                “10240 87380 12582912“
sysctlw    “net.ipv4.tcp_mem”                “195584 196096 196608“
sysctlw    “net.core.optmem_max”                “20480“
sysctlw    “net.ipv4.tcp_max_tw_buckets”            “360000“
sysctlw    “net.core.hot_list_length”            “256“

#Set maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them
sysctlw    “net.core.netdev_max_backlog”            “262144“
sysctlw    “net.core.somaxconn”                “262144“
sysctlw    “net.ipv4.tcp_reordering”            “3“

# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast
sysctlw    “net.ipv4.icmp_echo_ignore_broadcasts”        “1“
sysctlw    “net.ipv4.icmp_ignore_bogus_error_responses”    “1“

# Controls the use of TCP syncookies
sysctlw    “net.ipv4.tcp_synack_retries”            “2“
sysctlw    “net.ipv4.tcp_syn_retries”            “3“

# Prevent against the common ‘syn flood attack’
sysctlw    “net.ipv4.tcp_syncookies”            “1“

#Enable timestamps as defined in RFC1323
sysctlw    “net.ipv4.tcp_timestamps”            “1“

#Enable select acknowledgments
sysctlw    “net.ipv4.tcp_sack”                “1“

#By default, TCP saves various connection metrics in the route cache when the connection closes,
#so that connections established in the near future can use these to set initial conditions. Usually,
#this increases overall performance, but may sometimes cause performance degradation.
#If set, TCP will not cache metrics on closing connections
sysctlw       “net.ipv4.tcp_no_metrics_save“     “1“

#Turn on window scaling which can be an option to enlarge the transfer window
sysctlw    “net.ipv4.tcp_window_scaling”            “1“
sysctlw    “net.ipv4.tcp_keepalive_time”            “1200“
sysctlw    “net.ipv4.tcp_fin_timeout”            “15“
sysctlw    “net.ipv4.tcp_tw_recycle”            “1“
sysctlw    “net.ipv4.conf.default.log_martians”        “1“

# Log packets with impossible addresses to kernel log? yes
sysctlw    “net.ipv4.conf.all.log_martians”        “1“
sysctlw    “net.ipv4.conf.default.accept_redirects”    “0“

# Accept Redirects? No, this is not router
sysctlw    “net.ipv4.conf.all.accept_redirects”        “0“
sysctlw    “net.ipv4.conf.all.secure_redirects“            “0“
sysctlw    “net.ipv4.conf.default.accept_source_route”    “0“

# Accept packets with SRR option? No
sysctlw    “net.ipv4.conf.all.accept_source_route”        “0“

# Enable source validation by reversed path, as specified in RFC1812
sysctlw    “net.ipv4.conf.all.rp_filter”            “1“

# Controls source route verification
sysctlw    “net.ipv4.conf.default.rp_filter”        “1“

# Do not accept source routing
sysctlw    “net.ipv4.conf.default.accept_source_route”    “0“

# Send redirects, if router, but this is just server
sysctlw    “net.ipv4.conf.default.send_redirects”        “0“
sysctlw    “net.ipv4.conf.default.mc_forwarding”        “0“
sysctlw    “net.ipv4.conf.default.forwarding”            “0“
sysctlw    “net.ipv4.conf.all.bootp_relay”                “0“
sysctlw    “net.ipv4.conf.all.proxy_arp”                “0“

#arp
sysctlw    “net.ipv4.neigh.default.gc_thresh3?        “2048“
sysctlw    “net.ipv4.neigh.default.gc_thresh2?        “1024“
sysctlw    “net.ipv4.neigh.default.gc_thresh1?        “32“
sysctlw    “net.ipv4.neigh.default.gc_interval”        “30“
sysctlw    “net.ipv4.neigh.default.proxy_qlen”        “96“
sysctlw    “net.ipv4.neigh.default.unres_qlen”        “6“

#tcp options
sysctlw    “net.ipv4.tcp_dsack”                    “0“
sysctlw    “net.ipv4.tcp_fack”                    “0“
sysctlw    “net.ipv4.tcp_ecn”                    “0“
sysctlw    “net.ipv4.tcp_max_syn_backlog”        “2048“
sysctlw    “net.ipv4.tcp_retries2?                “15“
sysctlw    “net.ipv4.tcp_retries1?                “3“
sysctlw    “net.ipv4.tcp_rfc1337?                “1“
sysctlw    “net.ipv4.netfilter.ip_conntrack_max”    “1048576“
sysctlw    “net.nf_conntrack_max”                “1048576“
sysctlw    “sunrpc.tcp_slot_table_entries”        “32“
sysctlw    “sunrpc.udp_slot_table_entries”        “32“
sysctlw    “net.unix.max_dgram_qlen”            “50“
sysctlw    “net.core.netdev_max_backlog”        “5000“
sysctlw    “net.core.dev_weight”                “64“

#Enable ExecShield protection
sysctlw       “kernel.exec-shield“      “1“
sysctlw       “kernel.randomize_va_space“        “1“

echo “Optimizing filesystem…”

sysctlw    “fs.file-max”                “209708“
sysctlw    “kernel.ctrl-alt-del”            “0“

echo “Optimizing kernel…”

sysctlw    “kernel.printk”                “4 4 1 7“
sysctlw    “kernel.maps_protect”            “1“
sysctlw    “vm.mmap_min_addr”            “65536“
sysctlw    “vm.page-cluster”            “6“
sysctlw    “kernel.shmmax”                “67108864“

echo “Setting up host.conf…”

cp /etc/host.conf /etc/host.conf.bak

cat <<HOSTCONF >/etc/host.conf
order bind,hosts
multi on
nospoof on
HOSTCONF

/sbin/sysctl -p &>/dev/null &
/sbin/sysctl -w net.ipv4.route.flush=1

echo “Disabling unneeded services…”

for i in acpid anacron auditd autofs avahi-daemon bluetooth cpuspeed \
gpm ip6tables irqbalance mcstrans netfs nfslock pcscd \
portmap rpcgssd rpcidmapd setroubleshoot xfs; do
service $i stop &>/dev/null
chkconfig –level 3 $i off &>/dev/null
done

August 10, 2012 Posted by | Security, Shell Script | , | Leave a comment

Rails applications cannot be started from cPanel

The applications show as ‘not running’ when restarted.

Make sure that APF or CSF is off. Then do the following.

# /scripts/installruby –force

# /usr/local/cpanel/bin/ror_setup

# gem install rubygems-update

# update_rubygems

Now your RoR application should start.

August 5, 2012 Posted by | cPanel | , | Leave a comment