Archive for the ‘General’ Category

Grub Single Boot

Friday, May 27th, 2005

Grub allows you to boot into a new kernel only once. If you reboot the previous kernel will loaded. This is the safest way to do remote kernel updates.

Step 1: Once the new kernel is installed, determine which position the kernel has been installed too, example:
[root@rh9 root]# vi /etc/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=10
splashimage=(hd0,0)/grub/splash.xpm.gz
title Red Hat Linux (2.4.28-1)
root (hd0,0)
kernel /vmlinuz-2.4.28-1 ro root=LABEL=/ hda=ide-scsi
initrd /initrd-2.4.28-1.img
title Red Hat Linux (2.4.20-37.9.legacy)
root (hd0,0)
kernel /vmlinuz-2.4.20-37.9.legacy ro root=LABEL=/ hda=ide-scsi
initrd /initrd-2.4.20-37.9.legacy.img

Replace default=0, with the number of the kernel you want the system to boot by default (starting with 0 for the first position). In this example, the kernel 2.4.20-37.9.legacy will be the default, in position 1, as its reliability is known.
change the line: default=0 to default=1
Save the file and exit.

Step 2: type grub

Step 3: At the grub prompt type the following:

savedefault --default=N --once

where N is the number of the kernel being tested, again, starting with 0 in our example, the new kernel is in position 0, so –default=0

Step 4: type quit

Step 5: Reboot the system, it will now boot into the new kernel. If for some reason the system does not work with the new kernel, or is otherwise non-responsive, powercycling the system will restore it to the known working kernel selected in Step 1.

If you are happy with the new kernel edit the /etc/grub.conf and set the system to boot into the new kernel permanently.

Tomcat 4 & Graphics

Monday, April 18th, 2005

It you are trying to use graphics on a server, that does not run X, you may run into all sorts of problems with the AWT toolkit. When the AWT toolkit is initialised it expects to find an X server, regardless of whether its needed for actual display.

If you are running JDK 1.4 or later, you should add -Djava.awt.headless=true to your Tomcat startup.

I achieved this by editing the /usr/bin/dtomcat4 file.

Below is a downloadable patch file. Tomcat 4 Patch

Securing /tmp directory

Saturday, April 9th, 2005

If you are renting a server then chances are everything is lumped in / and a small amount partitioned for /boot and some for swap. With this current setup, you have no room for making more partitions unless you have a second hard-drive. Following the method descriped below, you will learn how to create a secure /tmp partition even while your server is already up and running.

Recently, I found out it would be worthwhile to give /tmp it’s own partition and mount it using noexec. This would protect your system from MANY local and remote exploits of rootkits being run from your /tmp folder.

What we are doing it creating a file that we will use to mount at /tmp. So log into ssh and su to root so we may begin!

In your /dev directory create an empty 250MB file. You may need more space on a busier system. To increase the size of the empty file make the count parameter larger.

cd /dev
dd if=/dev/zero of=tmppart bs=1024 count=250000

We will now create an ext3 filesystem for in our tmppart file. If it asks you if you want to proceed, since the destination is not a block device, say yes (y).

/sbin/mkfs.ext3 /dev/tmppart

Backup your /tmp diretory since you may have files in there that is needed by certain programs. Some programs may use it to store cache files or other temporary information.

cd /
cp -R /tmp /tmp_backup

Now, mount the new /tmp filesystem with noexec, nosuid and rw options, and set the correct permissions on the new partition:

mount -o loop,noexec,nosuid,rw /dev/tmppart /tmp
chmod 1777 /tmp

Restore the old /tmp data and remove backup directory:

cp -R /tmp_backup/* /tmp/
rm -rf /tmp_backup

We now need to add this to /etc/fstab so it mounts automatically on reboots. Add the following line to your /etc/fstab file.

/dev/tmppart /tmp ext3 loop,noexec,nosuid,rw 0 0

You are done! /tmp is now mounted as noexec, nosuid and rw. You can sleep a little bit safer tonight.

To test the setup, you may copy an executable to the /tmp directory and then try and execute it. It should fail with a Permission denied error message.

Running Plesk on Port 443

Saturday, March 5th, 2005

By default Plesk is installed to run on port 8443. Some companies have very restrictive firewalls, which might lead to clients not being able to access the Plesk control panel. I have found that most companies will happily allow a connection on port 443, the standard port for SSL connection. Luckily you can configure Plesk to listen on a second IP address for connections to port 443.

This method describled below has been tested on Plesk for Linux version 6.0.x, 7.1.x and Plesk for Windows version 7.5.x.

Step 1: Add a secondary IP address to your server. The way to do this depends on the OS and is left as an excercise to the reader. We assume that our secondary IP address is: 10.0.0.1
Step 2: Edit the httpsd.conf file. In this file add the following entry: Listen 10.0.0.1:443.
Step 3: If on Linux, edit the ssl.conf file, to only Listen on the the main IP address’s SSL port.
Step 4: Restart the Plesk control panel
Step 5: Test the setup, by connecting to: https://10.0.0.1/

If everything was done properly the Plesk control panel will now be running on port 443.

Speeding UP SMTP on Plesk 7.1.7

Saturday, March 5th, 2005

Some clients might experience a very slow SMTP connection on a Plesk 7.1.7 server running qmail. The main reason for the delay is cuased by a Reverse DNS lookup performed on each IP address connection to the SMTP server on port 25. If your server does not have good DNS connectivity or the owner of the IP address’s DNS servers are overloaded, you may notice a delay of up to 60 seconds (the default) to be able to send mail.

I suggest that you update your /etc/xinetd.d/smtp_psa and /etc/xinetd.d/smtps_psa files.

Update the server_args key in both files, as suggested below:
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net ......

You may want to replace sbl-xbl.spamhaus.org and/or bl.spamcop.net with your favourite RBL list. You may also add additional RBL entries by specifying additional -r parameters.

Upgrading phpMyAdmin on Plesk 7.1.7

Saturday, March 5th, 2005

Thanks to G.L. DATA it is now possible to upgrade the default phpMyAdmin installed in the Plesk control panel under the DB WebAdmin icon. According to G.L. DATA the upgrade will work on version 7.1.x and 7.5.x of Plesk for Linux. We have been able to confirm that it definitely does run on Plesk 7.1.7 for Linux.

For more information see G.L. DATA Plesk page

qmHandle 1.2.0 for Qmail

Saturday, March 5th, 2005

qmHandle is a very useful utility to manage Qmail based mail installations.

Get it from the qmHandle Homepage

Connecting to MySQL 4.1.x from MySQL 4.0.x

Thursday, March 3rd, 2005

If you attempt to connect to a MySQL 4.1.x server from a MySQL 4.0.x client you may receive the following error:

#1251 - Client does not support authentication protocol requested by server; consider upgrading MySQL client

To fix the problem, first make sure that you have no usernames that are longer than 16 characters:

SELECT Host, User, Password FROM mysql.user WHERE LENGTH(Password) > 16

Now you may update the password for the user to the old style passwords:

SET PASSWORD FOR 'root'@'localhost' = OLD_PASSWORD('newpasswd');

For more information see: Password Hashing in MySQL 4.1

Plesk for Windows 7.5.0 & MySQL

Sunday, February 27th, 2005

There are two instances of MySQL running, one on port 3306 (default) and one on port 8306. The instance running on port 8306 is the intstance that is used by the Plesk contol panel.

Use the -P option of the mysql.exe client tool to specify the port:

mysql -u admin -p -P 8306

SpinRite 6.0

Sunday, February 20th, 2005

SpinRite now brings its legendary data recovery and drive maintenance magic to the latest file systems, operating systems, and hard drives. It runs MUCH faster than ever before, can help maintain all of your drives in tip top shape, can warn of impending disaster, and wrestle data from dying and nearly dead drives . . . before it’s too late.

This industry-standard data recovery tool is operating system independent, so it can be applied by users of Windows XP, 2000, Linux, and all other Intel/AMD PC‑platform hard drives and file systems.

SpinRite 6.0 home page ….

Anti-Virus Testing Tool

Sunday, February 20th, 2005

Test your email account’s anti-virus protection by sending a harmless “EICAR” virus attachment to your mail server. The EICAR test virus is completely safe and contains no viral code. For more information, please visit www.eicar.org.

Anti-Virus Testing Tool

Plesk 7.1.6’s psadump and MySQL version

Saturday, February 12th, 2005

The psadump utility that is shipped with Plesk 7.1.6, expect the version number of the MySQL server to always be in the format x.x.x, where x is a digit. We have however had cases where the MySQL version was x.x.xX, where x is a digit and X is a letter. Below is a hack on the regex to make psadump work properly again.

In the {PSA_BASE_DIRECTORY}/lib/perl5/BU/PSA/Const.pm file, change:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.]+)[\s,]/;

to:

$mysql_version_str =~ m/[Vv][Ee][Rr]\s+[0-9\.]+\s+Distrib\s+([0-9\.\w]+)[\s,]/;

UPDATE:
This problem has been resolved in Plesk for Linux version 7.1.7.

Run any program as a Service

Sunday, February 6th, 2005

You have installed a program on your Windows server and needs to have it starting everytime the server reboots. The obvious solution is to have the program installed as a service, but how do you do it if the program does not support it by default? Well Microsoft provides the solution.

How To Create a User-Defined Service [Open New Window]

Windows 2003 Tools

Sunday, February 6th, 2005

You may want to have a little bit more control over your Windows 2003 server. Microsoft does provide you with the tools, if you know where to find them. Below is links to tools that I have found useful.

Windows Server 2003 Resource Kit Tools [ Open New Window]
Windows Server 2003 Administration Tools Pack [ Open New Window]

Mail Enable 1.8 on Plesk 7.0.3 & the default email message

Saturday, February 5th, 2005

When creating a new email address (mailbox) on Plesk 7.0.3 for Windows, you will recieve a default email in the mailbox. This default email is stored in the following locations:

Filename: DEFAULT.MAI
System default: C:\Program Files\SWsoft\Plesk\Mail Enable\Config\Postoffices
Domain default: C:\Program Files\SWsoft\Plesk\Mail Enable\Config\Postoffices\<domainname>

To alter the email is very easy. All you need to do is to create the email message as you would like it to appear to your clients and then send it to one of the defined email addresses on the system. You will be able to retrieve the email from the location below.

Email file locaton: C:\Program Files\SWsoft\Plesk\Mail Enable\Postoffices\<domainname>\MAILROOT\<mailbox>\Inbox\*.MAI

Plesk backups and psadump

Wednesday, February 2nd, 2005

/usr/local/psa/bin/psadump -F -z --nostop --nostop-domain --tar-ignore-failed-read --do-not-dump-logs -f - | split -b 1000m - /backup/psa-`cat /usr/local/psa/version | cut -d ' ' -f 1`-backup-`date +%Y%m%d%H`.

Basically it does a full dump and doesn’t stop services, doesn’t switch a domain off, ignores misread files (files which are being modified whilst psadump is backing them up), doesn’t backup logfiles (waste of time/space/resources) and splits the backup into 1000MB chunks, labeling them with the Plesk version and that date and hour of the backup.

Plesk and CentOS

Wednesday, February 2nd, 2005

Plesk will run fine on RedHat Enterprise Linux 3 (RHEL 3). CentOS is a distibution based on the RHEL 3 source RPMS and is almost totally compatible with RHEL 3. Plesk does however not recognise the OS identification string, to fix it do the following:

cp /etc/redhat-release /etc/redhat-release_original
echo "Red Hat Enterprise Linux ES release 3 (Taroon Update 4)" > /etc/redhat-release

Plesk 7.1.6 and osCommerce (Application Vault)

Tuesday, February 1st, 2005

After installing osCommerce on a clients website, the osCommerce installation gave a number of errors. Searching the web and forums, let to the discovery that you have to have register_globals on and safe_mode off.

Add a vhost.conf file with the following entries:

<IfModule sapi_apache2.c>
php_admin_flag register_globals On
php_admin_flag safe_mode Off
</IfModule>

and then reconfigure the webserver:

/usr/local/psa/admin/bin/websrvmng --reconfigure-vhost --vhost-name=<domainname>

and restart the webserver:

/usr/local/psa/admin/bin/websrvmng --restart

Plesk 7.1.6 and Dr. Web Antivirus

Tuesday, February 1st, 2005

We purchased the Dr. Web Antivirus solution for 2 of our Plesk 7.1.6 installations. When we recieved the key files, we were instructed to upload the keys via the Pleskcontrol panel.

Every time we tried, Plesk informed us that the file did not contain a valid key file.

To resolve the problem, we finally installed the key file manually, by copying the key file to the /opt/drweb/drweb32.key and then restarting Dr. Web using service drwebd restart.

The above solved the problem on both, a RedHat 9 and RHEL 3 box.

Plesk 7.0.3 for Windows & PASV FTP

Tuesday, February 1st, 2005

After playing with the defautl install of Plesk 7.0.3 for Windows we reliased that it does not support PASV FTP if you enable the Firewall. After a few minutes of searching, the solution was found.

You need to tell IIS to only use a certain range of ports for PASV FTP connections. Microsof provides the following knowledge base article on how to achive this: How To Configure PassivePortRange In IIS

After you have limited IIS to only use a certain port range, you have to configure the default firewall management file Plesk\admin\bin\pfwmng.js to listen on the TCP ports for incomming connections. Yes, this does mean adding each port seperated by a comma in this file. For more information please visit the followin link: Plesk Firewall question