Archive for the ‘Linux & Unix’ Category
Debugging of ISPConfig 3 server actions in case of a failure
The follwing article describes the steps that can be taken to debug the ISPConfig 3 server scripts.
Enable the debug Loglevel in ISPConfig
Login to the ISPConfig intterface and set the log level to Debug under System > System > Server Config (see also chapter 4.9.2.2 of the ISPConfig 3 manual) for the affected server. After one or two minutes, there should be more detailed messages in ISPConfig’s system log (Monitor > System State (All Servers) > Show System-Log).
Disable the server.sh cronjob
Go to the command line of the server on which the error happens (on multiserver systems, it is often the slave and not the master) and run (as root):
crontab -e
Comment out the server.sh cron job:
#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log
Run the server script manually to get detailed debug output
Then run the command:
/usr/local/ispconfig/server/server.sh
This will display any errors directly on the command line which should help you to fix the error. If you have fixed
the error, please don’t forget to uncomment the server.sh cron job again.
Apache mod-security installation on Debian 6.0 (squeeze)
Install the apache mod-security 2 module with apt from the Debian repositories
apt-get install libapache-mod-security
Create the folder for the mod-security configuration files
mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security
Download and unpack the mod-security rules
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs
Configure apache to load the activated mod-security rules
vi /etc/apache2/conf.d/mod-security.conf
Include /etc/apache2/mod-security/*.conf
To enable mod-security, edit the file
vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf
and remove the # in front of the line:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Then reload apache.
/etc/init.d/apache2 force-reload
Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.
tail /var/log/apache2/modsec_audit.log
You will see very likely some falsely blocked URL’s. To whitelist them, you can add the ID’s of the rules that should not be used in the whitelist file.
Example:
vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
SecRuleRemoveById 960015
SecRuleRemoveById 960016
Enable USB Support In Virtualbox (Ubuntu)
Enabling USB Support in Virtualbox means to be able to access USB drives plugged into your physical machine on your virtual machines. To accomplish this, you first need to download the newest version of Virtualbox (4.1.8 at the time of this writing), which is not available in the Ubuntu repositories but on the Virtualbox homepage:
https://www.virtualbox.org/wiki/Downloads
Uninstall any previously installed version if present and then install the downloaded Debian package with a package installer taking care of dependencies, such as gdebi.
Next, head back to the homepage and install the Virtualbox Extension pack which supports USB 2.0.
Now you have to make yourself member of the vboxusers group. Go to the Users and Groups Settings in your Control Panel and hit Manage Groups. Scroll down to the vboxusers group and hit Properties. Check the box next to your username and click OK.
Last but not least you have to enable USB for the virtual machine. Close it if it is running and enter the Settings window. On the left panel, select USB. Check Enable USB Controller as well as Enable USB 2.0 (EHCI) Controller. Then click the button with the small green plus-symbol and add the USB device you need:
If you run the machine a USB symbol will indicate that USB is enabled and a device is running on virtual machine:
Guake – Dropdown-Terminal for Gnome
Guake saves you the time of managing your terminal windows with circumstantial key-combinations and mouse-clicks by providing a configurable dropdown-terminal which you can call with F12 by default. Just like with usual terminals, it is possible to create new tabs, but also to edit the opacity, the size, colors and everything you need:
Guake is available in the default Ubuntu, Debian, Fedora and Arch repositories. The source-code is downloadable at http://guake.org/downloads
Kill Processes On Ubuntu
When it comes to killing a frozen process, Ubuntu and its derivatives offer a great variety of ways to do so:
You can open the System Monitor to end or kill a running process. Just right-click and annihilate:
Then there is the Force Quit applet. Not that powerful, but does its job in most of the cases:
Working similarly but more powerful is the xkill command line tool. You can also wrap that one into a launcher and use it the same way as an applet.
Another command line tool is killall followed by the name of the process, granting the advantage of not having to know the process ID of the program, which the next tool requires:
kill, provided with the -9 switch and the ID of the process (available with top or ps) shuts down nearly every running process.
If none of those commands help, there is still the option to close the current session with ctrl + alt + backspace. This however comes with the warranty of losing any data you could not save before!
Install .deb Packages Manually (Linux Debian/Ubuntu)
When you download packages for Linux Debian or Ubuntu they usually come in the .deb format and are installed automatically by your local package manager. If you download them from the internet instead of the repositorial way however you are given the .deb file and have to deal with it yourself. To install it, open a terminal, direct it to the folder where it has been downloaded to with cd and use the dpkg command:
cd /home/ctest/Downloads/
dpkg -i random_name.deb
nginx server error: 413 Request Entity Too Large
The nginx webserver has a max. body size limit of 1 MB for requests as default. This might be too low for file uploads in scripts and you will see the following error message when you try to upload a file:
413 Request Entity Too Large
The configuration variable for this option is “client_max_body_size” and it can be set in the http, server and location sections of the nginx configuration file. To set the Limit globally to 25 MB, edit the nginx.conf file and add:
client_max_body_size 20M;
in the http section.
Example for Ubuntu Linux:
user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
geoip_country /etc/nginx/geoip/GeoIP.dat; # the country IP database
geoip_city /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048; client_max_body_size 20M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}Enhanced e-mail SPAM protection in ISPConfig 3
The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.
In Detail:
- Reject sender hostnames with invalid syntax
- Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
- Reject sender domains that have no DNS records
- Check sender IP addresses against realtime blacklists.
First make a backup of the postfix main.cf file in case that you want to reverse the changes later:
cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak
Then execute this command to enable the additional spam protection functions (the command is one line!).
postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’
Then restart postfix:
/etc/init.d/postfix restart
How to change the welcome email message text in ISPConfig 3
As of ISPConfig 3.0.4, the text of the welcome email message that is sent to new email accounts is stored in the folder /usr/local/ispconfig/server/conf/mail/.
The message has this format:
————————————————————————
From: ISPConfig <postmaster@localhost.localdomain>
Subject: Welcome to your new email account.
Welcome to your new email account. Your webmaster.
————————————————————————
The first line starts with “From: ” followed by the sender email address. The second line starts with “Subject: ” followed by the email subject. The third line should be empty. All following lines are the email text.
The email text files are named “welcome_email_<language>.txt” where <language> has to be replaced with the system language like “en” for English or “de” for German language, e.g. “welcome_email_en.txt” for the english welcome email.
The customized language file should be stored in the folder /usr/local/ispconfig/server/conf-custom/mail/ so that it does not get overwritten by ISPConfig updates.
How to get detailed information about the harddisk installed on a Linux server
Detailed information about the hard disk type, disk vendor etc. of the disk used on a Linux system can be aquired with the linux tool hdparm. If hdparm is not installed on your server, it can be installed with this command (on Debian and Ubuntu systems):
apt-get install hdparm
For other Linux distributions, use the software installer and search for the package name ‘hdparm’.
To get the detailed disk info, run this command
hdparm -I /dev/sda
The device /dev/sda is the first SATA disk on the server, the second disk is /dev/sdb. Replace /dev/sda in the command with the name of the device that you want to query.