Posts Tagged ‘Debian’
Debugging of ISPConfig 3 server actions in case of a failure
The follwing article describes the steps that can be taken to debug the ISPConfig 3 server scripts.
Enable the debug Loglevel in ISPConfig
Login to the ISPConfig intterface and set the log level to Debug under System > System > Server Config (see also chapter 4.9.2.2 of the ISPConfig 3 manual) for the affected server. After one or two minutes, there should be more detailed messages in ISPConfig’s system log (Monitor > System State (All Servers) > Show System-Log).
Disable the server.sh cronjob
Go to the command line of the server on which the error happens (on multiserver systems, it is often the slave and not the master) and run (as root):
crontab -e
Comment out the server.sh cron job:
#* * * * * /usr/local/ispconfig/server/server.sh > /dev/null >> /var/log/ispconfig/cron.log
Run the server script manually to get detailed debug output
Then run the command:
/usr/local/ispconfig/server/server.sh
This will display any errors directly on the command line which should help you to fix the error. If you have fixed
the error, please don’t forget to uncomment the server.sh cron job again.
Apache mod-security installation on Debian 6.0 (squeeze)
Install the apache mod-security 2 module with apt from the Debian repositories
apt-get install libapache-mod-security
Create the folder for the mod-security configuration files
mkdir /etc/apache2/mod-security
chmod 600 /etc/apache2/mod-security
Download and unpack the mod-security rules
cd /tmp
wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz
tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz
mv *.conf /etc/apache2/mod-security/
ln -s /var/log/apache2 /etc/apache2/logs
Configure apache to load the activated mod-security rules
vi /etc/apache2/conf.d/mod-security.conf
Include /etc/apache2/mod-security/*.conf
To enable mod-security, edit the file
vi /etc/apache2/mod-security/modsecurity_crs_10_config.conf
and remove the # in front of the line:
SecDefaultAction “phase:2,log,deny,status:403,t:lowercase,t:replaceNulls,t:compressWhitespace”
Then reload apache.
/etc/init.d/apache2 force-reload
Mod security will now start to block hack attempts to your websites and log the actions in the file /var/log/apache2/modsec_audit.log.
tail /var/log/apache2/modsec_audit.log
You will see very likely some falsely blocked URL’s. To whitelist them, you can add the ID’s of the rules that should not be used in the whitelist file.
Example:
vi /etc/apache2/mod-security/modsecurity_crs_99_whitelist.conf
SecRuleRemoveById 960015
SecRuleRemoveById 960016
Install .deb Packages Manually (Linux Debian/Ubuntu)
When you download packages for Linux Debian or Ubuntu they usually come in the .deb format and are installed automatically by your local package manager. If you download them from the internet instead of the repositorial way however you are given the .deb file and have to deal with it yourself. To install it, open a terminal, direct it to the folder where it has been downloaded to with cd and use the dpkg command:
cd /home/ctest/Downloads/
dpkg -i random_name.deb
How to get detailed information about the harddisk installed on a Linux server
Detailed information about the hard disk type, disk vendor etc. of the disk used on a Linux system can be aquired with the linux tool hdparm. If hdparm is not installed on your server, it can be installed with this command (on Debian and Ubuntu systems):
apt-get install hdparm
For other Linux distributions, use the software installer and search for the package name ‘hdparm’.
To get the detailed disk info, run this command
hdparm -I /dev/sda
The device /dev/sda is the first SATA disk on the server, the second disk is /dev/sdb. Replace /dev/sda in the command with the name of the device that you want to query.
Get the disk health status with SMART monitor tools on Debian and Ubuntu Linux
Every modern disk has a internal monitoring function called SMART that keeps track on errors in that disk. There is a software package called smartmontools on Linux which can be used to query the SMART status of the disk to monitor if the disk might fail in near future.
Installation
apt-get install smartmontools
Usage
First we need to know the internal device name of the harddisks. For the first SATA disk, this is normally /dev/sda, the second is /dev/sdb etc. If you are unsure about the device names of your computer, then you can get them with:
fdisk -l
The command lists the partitions e.g. /dev/sda1. To get the device name, use the partition name without the number, e.g. the device of partition/dev/sda1 is /dev/sda.
To get a summary of the healt status of the disk, run:
smartctl –health /dev/sda
replace /dev/sda with the device name of the harddisk that you want to query.
The output will look similar to this:
~# smartctl --health /dev/sda smartctl version 5.38 [x86_64-unknown-linux-gnu] Copyright (C) 2002-8 Bruce Allen Home page is http://smartmontools.sourceforge.net/ === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED
To get the full detailed output of all parameters, use this command:
smartctl –all /dev/sda
Webalizer: Error Opening file /usr/share/GeoIP/GeoIP.dat on Debian Linux
The webalizer package in Debain 6 has currently small bug as the required package for the GeoIP database is not installed automatically when webalizer is isntalled. The symptoms are that webalizer statistics are not created and this error message is displayed when webalizer is run:
Error Opening file /usr/share/GeoIP/GeoIP.dat
The solution is to install the missing package manually:
apt-get install geoip-database
Fix for Courier IMAP Error: check for configuration errors with the FAM/Gamin library
I’ve got the following error message on Debian Linux (6.0) with Courier IMAP server:
Filesystem notification initialization error -- contact your mail administrator (check for configuration errors with the FAM/Gamin library)
when I tried to access a IMAP share. The resaon for the problem seems to be that the “fam” package was not working correctly. The solution is to install the gamin package which can replace fam in a courier setup:
apt-get install gamin
Dont worry when you get a message from apt that libfam0 gets uninstalled but is required by courier. This had no geative effects on my server.
How to convert RPM software packages to Debian (.deb)
Maybe you had this problem already: you use Debian or Ubuntu Linux and a software package that you like to install is only available in RPM format. The solution is a handy tool called alien, which converts .rpm files to .deb. Installing alien:
apt-get install alien
Converting a rpm package to debian format:
alien –to-deb /tmp/mysoftwarefile.rpm
Conversions from .deb to rpm are also possible:
alien –to-rpm /tmp/mysoftwarefile.deb
How to use apt-file to find which .deb package contains a specific file
Sometimes you need to know which debian package contains a specific file e.g. because you deleted a system file accidently or you try to install a new software that requires this file. The apt package management utility which is used in Debian and Ubuntu comes with a handy tool called apt-file which allows a saerch for filenames in the package database.
Install apt-file
apt-get install apt-file
Update the apt-file database
apt-file update
Search for a specific file name, e.g. “lcrypto”
apt-file search /bin/bash
apt-file search /bin/bash
bash: /bin/bash
bash: /usr/bin/bashbug
bash-minimal: /bin/bash-minimal
bash-static: /bin/bash-static
bashdb: /usr/bin/bashdb
mybashburn: /usr/bin/bashburn
Backing up OpenVZ virtual machines with vzdump
Vzdump is a perl script that makes live backups of OpenVZ virtual machines very easy. The following steps are for Debian Linux but vzdump can be used on all other linux distributions. Only the installation may vary.
Download and install vzdump from http://download.openvz.org/contrib/utils/vzdump/
cd /tmp
wget http://download.openvz.org/contrib/utils/vzdump/vzdump_1.1-2_all.deb
dpkg -i vzdump_1.1-2_all.deb
Create the backup directory
mkdir /home/backup
Create a backup of all virtual machines as compressed (tar.gz) archive and send a email report to the root user when finished.
vzdump –dumpdir /home/backup –suspend –compress –mailto root –all
vzdump can also be used to restore a backup. Example: restore the backup of the virtual machine 101:
vzdump –restore /home/backup/vzdump-101.tgz 101
To restore the backup to a different virtual machine, you can specify a differnt target ID. E.g. restore the backup of vm 101 to the virtual machine with the ID 500:
vzdump –restore /home/backup/vzdump-101.tgz 500