Author Archive

You can use the following command to list all the loaded modules in apache (both DSO and Static)
———-

 

# apachectl -t -D DUMP_MODULES

 

———-

The output will be something like
———
dir_module (static)
actions_module (static)
userdir_module (static)
alias_module (static)
rewrite_module (static)
so_module (static)
auth_passthrough_module (shared)
bwlimited_module (shared)
php5_module (shared)
fcgid_module (shared)
proxy_module (shared)

Comments No Comments »

Here’s a nifty little trick with vimdiff, say you want to compare the output of to commands. You can do so with a little redirections:

# vimdiff <(cat /etc/passwd) <(cat /etc/shadow)

I know this is silly since you can simply vimdiff the files directly without the redirects. But say you want to compare who is currently logged in with who was last 10 people logged in.

# vimdiff <(who) <(last|head)

Boom.

Note: the space between th ‘)’ and the ‘<’ is required.

Comments No Comments »

1. Download the latest version of cacti from the dag repository.

# wget http://packages.sw.be/cacti/cacti-0.8.7g-2.el5.rf.noarch.rpm

2. install cacti

# rpm -Uvh cacti-0.8.7g-2.el5.rf.noarch.rpm(this will restart the apache process)

3. Create the MySQL database:

# mysql
mysql> create database cactidb
mysql> GRANT ALL ON cactidb.* TO cactiadmin@localhost IDENTIFIED BY ‘$PASSWORD’;
mysql> flush privileges;

4. Import the default cacti database:

# mysql cactidb < /var/www/cacti/cacti.sql

5. Edit include/config.php and specify the database type, name, host, user and password for your Cacti configuration.

# vi /var/www/cacti/include/config.php
$database_type = “mysql”;$database_default = “cactidb”;$database_hostname = “localhost”;$database_username = “cactiadmin”;$database_password = “$PASSWORD”;$database_port = “3306″;

6. Set the appropriate permissions on cacti’s directories for graph/log generation. You should execute these commands from inside cacti’s directory to change the permissions.

# chown -R cacti /var/www/cacti/rra/ /var/www/cacti/log

7. Update snmpd.conf to allow cacti to pull info and restart snmpd

# vi /etc/snmp/snmpd.conf
view    systemview    included   .1.3.6.1.2.1.0view    systemview    included   .1.3.6.1.2.1.25.1.0view    systemview    included   .1
#/etc/init.d/snmpd restart

8. Update cacti vhost to allow IP addresses and reload apache.

# vi /etc/httpd/conf.d/cacti.conf

Allow from 127.0.0.1 $YOUR_IP

# /etc/init.d/httpd reload

9. Add a line to your /etc/crontab file similar to:

# crontab -e
*/5 * * * * cacti php /var/www/cacti/poller.php > /dev/null 2>&1

10. Finish the configuration

Default pageclick next
Ensure “new install” is selected.click next
All the defaults should be green. If there are a bunch of read, ensure that it is looking in the right place for the files.Click Next
Login with admin admin and set the password to ‘$PASSWORD’

Comments No Comments »

User said they changed clients and now saw UIDs in place of usernames. At first I thought it was a client issue, as it turns out, it is a client issue on how it’s requesting data. Unfortunately, the client was not smart enough to know the syntax was wrong with the new command set. proftpd has a setting to disable the list of modes it supports, so the client establishes the connection with the older command set. Here is the information on the switch.

FactsAdvertise

Syntax: FactsAdvertise on|off
Default: FactsAdvertise on
Context: server config, ,
Module: mod_facts
Compatibility: 1.3.2rc2 and later
The FactsAdvertise directive is used to control whether the mod_facts module advertises its MLST support via the FEAT command.

By default, the mod_facts module will list MLST in the FEAT response. FTP clients use this to determine whether to use the newer MLSD/MLST commands, or the older LIST/NLST commands. Some FTP clients, though, will attempt to use the newer commands just as if they were equivalent to the older commands, including supporting glob/wildcard characters. Section 2.2.2 of RFC3659 explicitly states that wildcard characters are not supported in the MLSD and MLST commands. Thus, to prevent problems when using such FTP clients with proftpd, you can disable the advertising of support for those commands using e.g. the following in your proftpd.conf:

FactsAdvertise off

Comments No Comments »

In order to have multiple people able to update the same directories/files:

1. Create directory that multiple user to access.

# mkdir /var/www/html/site1.com

2. Create the group that needs to be able to write to the directory.

# groupadd webdev

3. Change the group associated with the directory.

# chgrp webdev /var/www/html/site1.com

4. Make the directory group writable.

# chmod g+w /var/www/html/site1.com

5. Change the SGID of directory so that any new files retain the group ownership

# chmod g+s /var/www/html/site1.com

6. Create the new user, adding the additional group(set the home directory if necassary).

# useradd -G webdev -d /var/www/html/site1.com user1

7. Change the umask so that newly uploaded files retain group writable permissions:

# vi /etc/ssh/sshd_config

Update the sftp subsytem line to look like so:

Subsystem sftp /bin/sh -c ‘umask 0002; /usr/libexec/openssh/sftp-server’

For chrooted sftp:

Subsystem sftp /bin/sh -c ‘umask 0002; internal-sftp’

Note: if you are trying to make these changes to a directory structure that already exists, any changes to permissions will need to be done recursively.

Comments No Comments »

Often times replication gets hosed and you have to skip a bad record. It’s easy to use:

mysql> SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1;

But what if you have an undetermined number due an upgrade of mysql? Luckily Maatkit has a nice little script that will increment skip counter by one until it no longer sees an error. Simply grab the perl script and run it as so:

# wget http://maatkit.org/get/mk-slave-restart

# perl mk-slave-restart –verbose

Once the errors are done, you can ctrl-c out of the script and check the slave status.

Comments No Comments »

According to Apache’s web site for FAQ:

Why the name “Apache”?
The name ‘Apache’ was chosen from respect for the Native American Indian tribe of Apache (Indé), well-known for their superior skills in warfare strategy and their inexhaustible endurance. For more information on the Apache Nation, we suggest searching Google, or AllTheWeb.

Secondarily, and more popularly (though incorrectly) accepted, it’s a considered cute name which stuck. Apache is “A PAtCHy server”. It was based on some existing code and a series of “patch files

I find the use of ‘it’s a patchy server’ to be a misnomer as it could apply to any type of server, whether running apache or not. Check your sources people.

Comments No Comments »

Well, I tried to find a howto on parsing NGINX with logwatch, but I found content lacking. So I decided to create my own. There is a small caveat, this is for the CentOS RPM install of NGINX; your files may reside in different places.

1. copy the logfile conf for httpd to nginx located in /usr/share/logwatch/default.conf/logfiles/

# cp httpd.conf nginx.conf

2. Modify the nginx.conf file to use the files in /var/log/nginx (Note: logwatch already knows /var/log/ as the LogPath). You can modify the conf file to look as such:

########################################################
# Define log file group for nginx
########################################################

# What actual file? Defaults to LogPath if not absolute path….
LogFile = nginx/*access.log

# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are…
#If you use a “-” in naming add that as well -mgt
Archive = nginx/*access.log*

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range…
*ApplyhttpDate

# vi: shiftwidth=3 tabstop=3 et

3, copy the services conf for httpd to nginx located in /usr/share/logwatch/default.conf/services/

# cp http.conf nginx.conf

4. Modify the nginx.conf so that the head of the file looks like such:

###########################################################################
# Configuration file for nginx filter
###########################################################################

Title = “nginx”

# Which logfile group…
LogFile = nginx

5. copy service file for http to nginx located in /usr/share/logwatch/scripts/services

# cp http nginx

6. Run Logwatch

# /usr/sbin/logwatch

Comments 4 Comments »

I have officially obtained my IPv6 newbie certification. Hurricane Electric has a nice program to make people more aware of the coming IPv6 storm. I am lucky enough to have my company send me to IPv6 training. There is a lot of good information out there, but if your personally type is like mine, you might have the patience to finish a technical manual. Hurricane Electric provides a step-by-step certification system to warm you up to IPv6. I am planning on continuing to take the certs to enhance my understanding of IPv6.

Further Reading

IPv6 Certification Badge for neoproxy

Comments No Comments »

Oorah, so I decided to try out this NGINX (engine X) web server. I got it installed on my new could server. I was able to find some howto’s and get php working on it. However, I noted some differences in the install (CentOS RPM) to what the documentation states. While it was fun to get it working. I would like to see how it is installed by default. So I will likely end up blowing away this install and doing it yet again. If you have any experience with NGINX, please feel free to share.

Comments No Comments »