FAQforge » Debian

Debugging of ISPConfig 3 server actions in case of a failure

Till — Fri, 13 Jan 2012 09:03:18 +0000

The follwing article describes the steps that can be taken to debug the ISPConfig 3 server scripts.

Enable the debug Loglevel in ISPConfig

Login to the ISPConfig intterface and set the log level to Debug under System > System > Server Config (see also chapter 4.9.2.2 of the ISPConfig 3 manual) for the affected server. After one or two minutes, there should be more detailed messages in ISPConfig’s system log (Monitor > System State (All Servers) > Show System-Log).

Disable the server.sh cronjob

Go to the command line of the server on which the error happens (on multiserver systems, it is often the slave and not the master) and run (as root):

crontab -e

Comment out the server.sh cron job:

#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log

Run the server script manually to get detailed debug output

Then run the command:

/usr/local/ispconfig/server/server.sh

This will display any errors directly on the command line which should help you to fix the error. If you have fixed
the error, please don’t forget to uncomment the server.sh cron job again.

Apache mod-security installation on Debian 6.0 (squeeze)

Till — Mon, 02 Jan 2012 11:20:06 +0000

Install the apache mod-security 2 module with apt from the Debian repositories

apt-get install libapache-mod-security

Create the folder for the mod-security configuration files

mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security

Download and unpack the mod-security rules

cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs

Configure apache to load the activated mod-security rules

vi /etc/apache2/conf.d/mod-security.conf

Include /etc/apache2/mod-security/*.conf

To enable mod-security, edit the file

vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf

and remove the # in front of the line:

SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”

Then reload apache.

/etc/init.d/apache2 force-reload

Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.

tail /var/log/apache2/modsec_audit.log

You will see very likely some falsely blocked URL’s. To whitelist them, you can add the ID’s of the rules that should not be used in the whitelist file.

Example:

vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf

SecRuleRemoveById 960015
SecRuleRemoveById 960016

Guake – Dropdown-Terminal for Gnome

CSch — Tue, 13 Dec 2011 10:45:56 +0000

Guake saves you the time of managing your terminal windows with circumstantial key-combinations and mouse-clicks by providing a configurable dropdown-terminal which you can call with F12 by default. Just like with usual terminals, it is possible to create new tabs, but also to edit the opacity, the size, colors and everything you need:

Guake is available in the default Ubuntu, Debian, Fedora and Arch repositories. The source-code is downloadable at http://guake.org/downloads

Install .deb Packages Manually (Linux Debian/Ubuntu)

CSch — Fri, 09 Dec 2011 14:26:24 +0000

When you download packages for Linux Debian or Ubuntu they usually come in the .deb format and are installed automatically by your local package manager. If you download them from the internet instead of the repositorial way however you are given the .deb file and have to deal with it yourself. To install it, open a terminal, direct it to the folder where it has been downloaded to with cd and use the dpkg command:

cd /home/ctest/Downloads/
dpkg -i random_name.deb

nginx server error: 413 Request Entity Too Large

Till — Mon, 21 Nov 2011 11:34:10 +0000

The nginx webserver has a max. body size limit of 1 MB for requests as default. This might be too low for file uploads in scripts and you will see the following error message when you try to upload a file:

413 Request Entity Too Large

The configuration variable for this option is “client_max_body_size” and it can be set in the http, server and location sections of the nginx configuration file. To set the Limit globally to 25 MB, edit the nginx.conf file and add:

client_max_body_size 20M;

in the http section.

Example for Ubuntu Linux:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
        geoip_country  /etc/nginx/geoip/GeoIP.dat; # the country IP database
        geoip_city     /etc/nginx/geoip/GeoLiteCity.dat; # the city IP database
        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        client_max_body_size 20M;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Enhanced e-mail SPAM protection in ISPConfig 3

Till — Mon, 21 Nov 2011 10:22:41 +0000

The command below enables a stricter SPAM handling for postfix on ISPConfig 3 servers.

In Detail:

Reject sender hostnames with invalid syntax
Reject sender hostnames that are no fully qualified domains (e.g. reject “server1″ but allow server1.domain.tld)
Reject sender domains that have no DNS records
Check sender IP addresses against realtime blacklists.

First make a backup of the postfix main.cf file in case that you want to reverse the changes later:

cp -pf /etc/postfix/main.cf /etc/postfix/main.cf.bak

Then execute this command to enable the additional spam protection functions (the command is one line!).

postconf -e ‘smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_hostname, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client cbl.abuseat.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client ix.dnsbl.manitu.net, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination’

Then restart postfix:

/etc/init.d/postfix restart

How to get detailed information about the harddisk installed on a Linux server

Till — Mon, 07 Nov 2011 09:21:44 +0000

Detailed information about the hard disk type, disk vendor etc. of the disk used on a Linux system can be aquired with the linux tool hdparm. If hdparm is not installed on your server, it can be installed with this command (on Debian and Ubuntu systems):

apt-get install hdparm

For other Linux distributions, use the software installer and search for the package name ‘hdparm’.

To get the detailed disk info, run this command

hdparm -I /dev/sda

The device /dev/sda is the first SATA disk on the server, the second disk is /dev/sdb. Replace /dev/sda in the command with the name of the device that you want to query.

Get the disk health status with SMART monitor tools on Debian and Ubuntu Linux

Till — Wed, 02 Nov 2011 10:54:00 +0000

Every modern disk has a internal monitoring function called SMART that keeps track on errors in that disk. There is a software package called smartmontools on Linux which can be used to query the SMART status of the disk to monitor if the disk might fail in near future.

Installation

apt-get install smartmontools

Usage

First we need to know the internal device name of the harddisks. For the first SATA disk, this is normally /dev/sda, the second is /dev/sdb etc. If you are unsure about the device names of your computer, then you can get them with:

fdisk -l

The command lists the partitions e.g. /dev/sda1. To get the device name, use the partition name without the number, e.g. the device of partition/dev/sda1 is /dev/sda.

To get a summary of the healt status of the disk, run:

smartctl –health /dev/sda

replace /dev/sda with the device name of the harddisk that you want to query.

The output will look similar to this:

~# smartctl --health /dev/sda
smartctl version 5.38 [x86_64-unknown-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

To get the full detailed output of all parameters, use this command:

smartctl –all /dev/sda

Send all outgoing email trough one IP address in postfix

Till — Tue, 25 Oct 2011 13:59:05 +0000

When a server has more then one IP address, then postfix will use all IP addresses randomly to send out emails. This can cause your emails to be listed as SPAM on other servers because the sending IP does not match the reverse IP of the server hostname. The solution is to bind postfix to the primary IP address of the server.

Edit the postfix main.cf file:

vi /etc/postfix/main.cf

and add the line:

smtp_bind_address = 192.168.0.1

were 192.168.0.1 has to be replaced with the primary IP address of the server. Then restart postfix:

/etc/init.d/postfix restart

Fix for Courier IMAP Error: check for configuration errors with the FAM/Gamin library

Till — Mon, 17 Oct 2011 14:19:33 +0000

I’ve got the following error message on Debian Linux (6.0) with Courier IMAP server:

Filesystem notification initialization error -- contact your mail
administrator (check for configuration errors with the FAM/Gamin library)

when I tried to access a IMAP share. The resaon for the problem seems to be that the “fam” package was not working correctly. The solution is to install the gamin package which can replace fam in a courier setup:

apt-get install gamin

Dont worry when you get a message from apt that libfam0 gets uninstalled but is required by courier. This had no geative effects on my server.