Archive for the ‘Ubuntu’ Category
Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive
The following guide explains the installation of the apache module “mod_evasive”. Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached.
Installation
apt-get install libapache2-mod-evasive
Create the log directory for mod_evasive
mkdir -p /var/log/apache2/evasive
chown -R www-data:root /var/log/apache2/evasive
Now we add the configuration for the module at the end of the file /etc/apache2/mods-available/mod-evasive.load
vi /etc/apache2/mods-available/mod-evasive.load
so that it looks like this:
LoadModule evasive20_module /usr/lib/apache2/modules/mod_evasive20.so
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 5
DOSSiteInterval 1
DOSBlockingPeriod 10
DOSLogDir “/var/log/apache2/evasive”
and restart apache:
/etc/init.d/apache2 restart
Solve the warning: connect to mysql server 127.0.0.1: Too many connections
If you get the error message “connect to mysql server 127.0.0.1: Too many connections” in a log file, e.g. the mail.log file, then the max. number of mysql database connections on your server is reached. To increase the max. number of simultanious connections, edit the MySQL my.cnf file:
vi /etc/mysql/my.cnf
and add or change the lines for mysql max_connections and max_user_connections in the [mysqld] section of the my.cnf file:
[mysqld]
……
max_connections = 500
max_user_connections = 500
…….
How to solve the PHP XCache error: /dev/zero: No space left on device
If you get the error “/dev/zero: No space left on device” in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.
Edit the file /etc/php5/conf.d/xcache.ini
vi /etc/php5/conf.d/xcache.ini
and check the mm_path. On a OpenVZ virtual machine it should be set to “/tmp/xcache” as /dev/zero might not work correctly in a virtual machine:
xcache.mmap_path = “/tmp/xcache”
Then restart apache2:
/etc/init.d/apache2 restart
and check if the error has been resolved.
If the roor still occurs after some time, you will have to reduce the xcache.size.
Edite the xcache.ini file:
vi /etc/php5/conf.d/xcache.ini
and set xcache.size to e.g. 8 MB
xcache.size = 8M
Then restart apache2:
/etc/init.d/apache2 restart
How to disable spamfilter- and antivirus functions in ISPConfig 3
If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:
Edit postfix main.cf file
vi /etc/postfix/main.cf
and comment out these lines by adding a “#” in front of them:
# content_filter = amavis:[127.0.0.1]:10024
# receive_override_options = no_address_mappings
Then restart postfix:
/etc/init.d/postfix restart
Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-freshclam stop
/etc/init.d/amavis stop
update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove
update-rc.d -f amavis remove
P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.
The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.
How to update Spamassassin on ISPConfig 2
The spamassassin installation on a ISPConfig 2 server is normally updated together with ISPConfig. Here are the steps iIf you want to update spamassassin manually without updating ISPConfig 2:
Download the latest Spamassassin sources and unpack the tar.gz file
cd /tmp
wget http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/\
www.apache.org/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
tar xfz Mail-SpamAssassin-3.3.1.tar.gz
Configure, make and install spamassassin
cd Mail-SpamAssassin-3.3.1
perl Makefile.PL PREFIX=/home/admispconfig/ispconfig/tools/\
spamassassin/usr SYSCONFDIR=/home/admispconfig/ispconfig/\
tools/spamassassin/etc
make
make install
Cleanup
cd ..
rm -f Mail-SpamAssassin-3.3.1.tar.gz
rm -rf Mail-SpamAssassin-3.3.1
How to enable port 587 (submission) in postfix
Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.
To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line:
#submission inet n – n – – smtpd
so that it looks like this:
submission inet n – n – – smtpd
and restart postfix:
/etc/init.d/postfix restart
Get a list of all virtual hosts which are defined in all apache configuration files
Have you ever searched where the virtual host of a website is defined in the apache config files? There is a handy option of the apache2ctl script which might help then. When you run the command:
apache2ctl -S
on the shell, you will get a list of all virtual hosts and default servers incl. the line number where it is defined. Example:
~# apache2ctl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:8080 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10)
port 8080 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10)
*:8081 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10)
port 8081 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10)
*:80 is a NameVirtualHost
default server ispconfig.local (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-default:1)
port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.vhost:7)
Syntax OK
Thanks to Planetfox for this tipp.
How to convert RPM software packages to Debian (.deb)
Maybe you had this problem already: you use Debian or Ubuntu Linux and a software package that you like to install is only available in RPM format. The solution is a handy tool called alien, which converts .rpm files to .deb. Installing alien:
apt-get install alien
Converting a rpm package to debian format:
alien –to-deb /tmp/mysoftwarefile.rpm
Conversions from .deb to rpm are also possible:
alien –to-rpm /tmp/mysoftwarefile.deb
How to Update ISPConfig 3
The ISPConfig update script is a easy way to update a ISPConfig 3 installation. If you want to create a manual backup of ISPConfig, take a look at the instructions at the end of the article.
To update ISPConfig 3, login as root user on the shell of your server and run the command:
ispconfig_update.sh
>> Update
Please choose the update method. For production systems select ‘stable’.
The update from svn is only for development systems and may break your current setup.
Select update method (stable,svn) [stable]:
You should always select “stable” on a production system. The “svn” version is only suitable for ISPConfig 3 development.
The updater will then check the version of your system, download the latest update and starts the update process.
This application will update ISPConfig 3 on your server.
Shall the script create a ISPConfig backup in /var/backup/ now? (yes,no) [yes]:
You should choose “yes” here. This will create a backup of the ISPConfig scripts (/usr/local/ispconfig), the /etc directory and the ISPC0nfig MySQL database in the directory /var/backup/
Creating backup of “/usr/local/ispconfig” directory…
Creating backup of “/etc” directory…
Checking ISPConfig database .. OK
Starting incremental database update.
The update script will then start to install incremental database updates for ISPConfig, if required.
Reconfigure Permissions in master database? (yes,no) [no]:
If this is a slave server in a multiserver setup, then choose “yes” here on at least one of the slave servers. For single server installations, choose ‘no’. Then you were asked if the services shall be reconfigured:
Reconfigure Services? (yes,no) [yes]:
You should choose “yes” here, only if you modified your system configuration manually, it might be better to choose no. But in this case, new features in ISPConfig might not work or functions might stop working until you adjusted the config files manually. So its always a good choice to select ‘yes’ here. In the next step, select the ispconfig port:
ISPConfig Port [8080]:
Port 8080 is the default, if you have not changed it, press enter. Otherwise enter the port number and then press enter. As the last step, you wre asked if the crontab shall get reconfigured, you can select yes here by just pressing return.
Create new ISPConfig SSL certificate (yes,no) [no]:
If your SSL certificate for the ISPConfig interface has been expired and you want to renew it or if you want to enable SSL encryption for the ISPConfig interface, then choose “yes”. If you dont need a new SSL certificate, take the default (no).
Reconfigure Crontab? (yes,no) [yes]:
The ISPConfig updater will then update the ispconfig files and restart services, if the configuration has been changed.
Backup before updates
(This backup procedure is now integrated into the ISPConfig updater and gets executed automatically when you choose to create a backup during update)
Before you update a software, it is always a good idea to backup all relevant data. This enables you to restore the software version that you had before in case of an error. The steps to create a backup of the ispconfig software and settings are:
Create a backup folder:
mkdir /home/backup
chmod 700 /home/backup
cd /home/backup
Backup the database
mysqldump -u root -p dbispconfig > dbispconfig.sql
Backup the ISPConfig software
tar pcfz ispconfig_software.tar.gz /usr/local/ispconfig
Backup the configuration files in /etc
tar pcfz etc.tar.gz /etc
This backup does not include the emails and website data.
Keep the spamassassin filter rules up to date in ISPConfig 3
To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:
crontab -e
then insert the following line:
23 4 */2 * * /usr/bin/sa-update –no-gpg &> /dev/null
and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:
which sa-update
to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.