Category Archives: Server Administration

How to setup cPanel on Amazon EC2 with Centos 6.4

I had a lot of problems setting up a cPanel server on Amazon EC2. On my first attempt I used a CentOS image from the AWS marketplace but using one of these images has a very bad side effect of not being able to resize, clone, and/or mount the root file system to another instance ( think about the issues with data recovery or fixing an un-bootable ec2 instance – yuck ) – this is what dgFactor is referring to in his comment My next attempt I had launched the instance but after it was launched cPanel would not install, giving errors similar to: [20130131.123334] Setting up Install Process [20130131.123334] No package wget available. [20130131.123335] Nothing to do [20130131.123339] E Sysup: Needed system RPMs were not installed: wget [20130131.123339] ***** FATAL: Cannot proceed. Needed system RPMs were not installed. [20130131.123339] The Administrator will be notified to review this output when this script completes [20130131.123339] E Detected events which require user notification during updatenow. Will send iContact the log => Log closed Thu Jan 31 12:33:39 2013 [20130131.123339] E Running `/usr/local/cpanel/scripts/updatenow –upcp –log=/var/cpanel/updatelogs/update.1359657200.log` failed, exited with code 4608 => Log closed Thu Jan 31 12:33:39 2013 What seems to have happened here is that the file system was full. Even though I had increased the default drive size from 5GB to 40GB when the system booted the additional space was unavailable: This can be confirmed from SSH after connecting to the instance: [[email protected] ~]# df -h Filesystem Size Used Avail Use% … Continue reading

Posted in Linux, Server Administration | Tagged , | Leave a comment

Exclude fstab entries that use BIND from nagios nrpe check_disk / check_all_disks

Say you have an /etc/fstab file with an entry for bind: tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0 ** /root/special/folder /home/user1/folder none bind 0 0 If you run the nagios nrpe command (below) as root everything works fine: /usr/lib64/nagios/plugins/check_disk -w 8% -c 5% -A -x /dev/shm -X nfs -X bind -i /boot However, when you run this as the nagios user it fails (as is expected since the nagios does not have access to this folder): sudo -u nagios /usr/lib64/nagios/plugins/check_disk -w 8% -c 5% -A -x /dev/shm -X nfs -X bind -i /boot DISK CRITICAL – /home/user1/folder is not accessible: Permission denied Since the nrpe checks are done with nagios a solution is needed. You could exclude the path specifically, using the -x flag: `-x /home/user1/folder` But you’d have to do that each time you make any changes to the /etc/fstab file. In the commands above I left in the -X bind flag, which I attempted, although it does not work. I also tried -X bindfs with no luck. There are some other flags for different types of file systems. -X tmpfs -X devpts -X sysfs -X proc -X binfmt_misc -X rpc_pipefs -X nfs These can also be written as: –exclude-type=tmpfs –exclude-type=devpts –exclude-type=sysfs –exclude-type=proc –exclude-type=binfmt_misc –exclude-type=rpc_pipefs –exclude-type=nfs However, the one that is needed to exclude the bind is actually the none file system, or -X none or –exclude-type=none

Posted in Server Administration | Tagged , , | Leave a comment

How to update bash on Ubuntu 10.10 Maverick – fix shellshock

Ubuntu 10.10 Maverick is now past the end-of-life / end-of-support phase so it will no longer be getting any updates, including security updates. To update / patch bash you must do so from source. Here are the commands to download the source for bash and build and install it. Update – the instructions below were previous instructions, but to prevent the continuous need to apply patches there is an updated method using git: New Method 1 This method downloads a tarball of the latest source code and is around 7MB in size. wget “http://git.savannah.gnu.org/cgit/bash.git/snapshot/bash-master.tar.gz” unzip bash-master.tar.gz cd bash-master ./configure make make install New Method 2 This method uses git and requires ~ 150MB of space ( includes version history ) but makes future updates easier with a git pull: git clone git://git.sv.gnu.org/bash.git cd bash ./configure make make install Old Method mkdir src cd src wget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz #download all patches for i in $(seq -f “%03g” 0 27); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; done tar zxvf bash-4.3.tar.gz cd bash-4.3 #apply all patches for i in $(seq -f “%03g” 0 27);do patch -p0 < ../bash43-$i; done #build and install ./configure && make && make install cd .. cd .. rm -r src Testing Bash for Shellshock Paste this into a terminal env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” Desired Result bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test If you get something like the above message you’re good … Continue reading

Posted in Server Administration | Tagged , | 5 Comments

Centos – 3 Ways to Check openSSL Version / Heartbleed vulnerability

If you’re running a Centos server or cPanel WHM and want to see if your server’s OpenSSL version is affected by Heartbleed you can do a few things. Here are three ways to check Check your OpenSSL version via the command line run this: openssl version It should result in something like this: OpenSSL 1.0.1e-fips 11 Feb 2013 While 1.0.1e is listed as being vulnerable, your system may have already had a patch installed to fix that version, so to check for that patch run: rpm -q –changelog openssl-1.0.1e | grep -B 1 CVE-2014-0160 If the patch has been applied you should get a result like this: * Mon Apr 07 2014 Tomáš Mráz <tmraz @redhat.com> 1.0.1e-16.7 – fix CVE-2014-0160 – information disclosure in TLS heartbeat extension</tmraz> Check for Heartbleed using this website http://filippo.io/Heartbleed/ Build the Heartbleed command line checker tool ( requires golang ) https://github.com/FiloSottile/Heartbleed

Posted in Server Administration | Leave a comment

knife bash completion – with fixed environments autocomplete

Steven Danna has written the best knife bash completion script that I’ve seen for use with managing chef servers and the chef software by opscode. Update: Steven has now made an update so this is working! There was always one little thing wrong with it though: knife environment edit (etc) would not autocomplete – it would give an error The error was: -bash: _chef_environments: command not found The solution is pretty simple – you just need to edit the script and transpose two letters that were a typo from the knife_completion.sh file: _chef_environemnts should actually be: _chef_environments The difference is hard to spot but it’s key. Two other scripts for knife completion (that I don’t like as much) are this one by avishai-ish-shalom and a spinoff by vindimy – I think they are slower and not as user friendly. If you use zsh instead of bash there is also a zsh knife plugin which is part of oh-my-zsh that seems pretty good.

Posted in Server Administration, Tech Tips | Tagged , , | Leave a comment

ssh command returns “stdin: is not a tty”

If you run a command via ssh (secure shell) on linux and you get the following output: stdin: is not a tty The most common cause is the mesg y or similar command found in the file: /etc/bashrc What is mesg ? mesg is a Unix command that sets or reports the permission other users have to write to your terminal using the talk and write commands. How can I fix this issue? Option 1 would be to comment out the line. Option 2 would be to change the line to something like this to only invoke the command when you are actually using a connection with tty: if tty -s; then mesg y; fi

Posted in Linux, Server Administration | Tagged , | Leave a comment

Rackspace – Default Disk Partition Option Change

Hello, Starting October 1st, we will set the default Disk Partition option to “Manual” for all Linux base images. Currently, Linux Cloud Servers built using the API and/or the Cloud Control Panel use the “Automatic” Disk Partition option for disk partitioning during the build and resize processes. Adjusting the default option to “Manual” decreases the build times for servers, allowing you to be up and running faster. It is required to format and partition the extra disk space in order to make use of it. (This adjustment does not affect Windows or FreeBSD servers, which already use the Manual option by default and expand the disk using different mechanisms.) You will always be able to select the Disk Partition option that best meets your needs via the API or the Cloud Control Panel. As part of this change, we recommend that update your python-novaclient and any SDKs that you might be using in order to take advantage of all the API options. For additional information about automation, snapshots, and building servers, please see this FAQ article in the Knowledge Center. If you have any questions regarding the new disk configuration options, please contact your support team. Sincerely, Rackspace Phone Support (US): 1.877.934.0407 Phone Support (INTL): 1.210.581.0407 Core Cloud (UK): Freephone: 08000 546 345 or Tel: +44 20 8734 4345 Managed Cloud (UK): Freephone: 08000 546 645 or Tel: +44 20 8734 4445 Live Chat: https://mycloud.rackspace.com/ (select Live Chat) Building Cloud Servers via the Cloud Control Panel: As part of the … Continue reading

Posted in Server Administration, Tech Tips | Tagged | Leave a comment

How use crontab / cron with Jailkit on Ubuntu 12

Recently I began testing jailkit on Ubuntu 12 and 12.04 and wanted users to have access to cron and crontab I read a lot of the documentation for man cron and have a pretty good understanding of how Vixie Cron works. There is a bit of a conflict with permissions of Cron and Jailkit. Jailkit wants most everything inside the jail (most often /home/jail/) to be owned by root and in the root group, and basically nothing to be writable by the jailed users (except for /home/jail/tmp/ and the users home directories in /home/jail/home/*) Cron, on the other hand, doesn’t want you to edit the crontab files for the users directly. They live in /var/spool/cron/crontabs cron searches its spool area (/var/spool/cron/crontabs) for crontab files (which are named after accounts in /etc/passwd); crontabs found are loaded into memory. Note that crontabs in this directory should not be accessed directly – the crontab command should be used to access and update them. More information is given from man crontab: There is one file for each user’s crontab under the /var/spool/cron/crontabs directory. Users are not allowed to edit the files under that directory directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that specific group. That’s great, but… How do I set up … Continue reading

Posted in Server Administration | Tagged , , , | Leave a comment

RabbitMQ: users disappear / settings gone after reboot / restart

If you are using RabbitMQ on am Amazon EC2 instance and your node settings and users seem to disappear on reboot, it may be because of how the RabbitMQ server works. Settings, users, vhosts, and the rest of the RabbitMQ are all bound based on the node name – or the hostname. You can check by running either hostname or hostname -f for the FQDN. You will also notice that RabbitMQ stores settings in: /var/lib/rabbitmq/ And more specifically in: /var/lib/rabbitmq/mnesia If you check the contents you will see something like: drwxr-xr-x 5 rabbitmq rabbitmq 4096 Feb 27 14:55 [email protected]/ drwxr-xr-x 2 rabbitmq rabbitmq 4096 Feb 27 14:55 [email protected]/ drwxr-xr-x 5 rabbitmq rabbitmq 4096 Feb 25 15:08 [email protected]/ drwxr-xr-x 2 rabbitmq rabbitmq 4096 Feb 25 14:41 [email protected]/ drwxr-xr-x 5 rabbitmq rabbitmq 4096 Feb 23 04:48 [email protected]/ -rw-r–r– 1 rabbitmq rabbitmq 5 Feb 23 04:41 [email protected] drwxr-xr-x 2 rabbitmq rabbitmq 4096 Feb 23 04:41 [email protected]/ drwxr-xr-x 4 rabbitmq rabbitmq 4096 Feb 18 17:31 [email protected]/ drwxr-xr-x 2 rabbitmq rabbitmq 4096 Feb 18 17:28 [email protected]/ drwxr-xr-x 4 rabbitmq rabbitmq 4096 Feb 26 15:32 [email protected]/ drwxr-xr-x 2 rabbitmq rabbitmq 4096 Feb 26 15:26 [email protected]/ Why do RabbitMQ settings disappear on restart? Well, if you “stop” an amazon ec2 instance and then “start” it, it will have a new IP address unless you are using static IP addresses. Note that this doesn’t happen on “reboots” – just “stop” and “start” for EBS / (Elastic Block Storage) volumes. If you are not using an EBS volume then … Continue reading

Posted in Linux, Server Administration | 2 Comments

Google Apps Free – Signup

You don’t even need a credit card to try Google Apps. It’s free for up to 10 users – just fill out this quick form to create your account. Have bigger business needs? Get Google Apps for Business Enter the domain name you would like to use with Google Apps A domain name is your online business identity or online brand. It can be used to host your organization’s website (e.g. www.your_company.com) or email address (e.g. [email protected]_company.com). That was the way you used to be able to sign up for Google Apps for Free. It lived at the address: https://www.google.com/a/cpanel/standard/new3 Unfortunately, as of 12/7/2012 Google Apps is No Longer Free. Here is what the signup screen used to look like:

Posted in Marketing, Server Administration, Tech Tips | Tagged , , | Leave a comment