Linux
You are currently browsing the articles from Server Fu matching the category Linux.
Many server admins would like to check what port speed their server was configured by their host provider. If you paid for a 10Mbs or 1000Mbs connection, you definitely want to check on its correct provisioning.
Log into your server via putty and enter this command.
STEPS
root@server [~]# mii-tool
You will get a response like this example.
eth0: 100 Mbit, full duplex, link ok
mii-tool Command variables.
mii-tool [-v, --verbose] [-V, --version] [-R, --reset] [-r, --restart] [-w, --watch] [-l, --log] [-A, --advertise=media,...] [-F, --force=media] [interface ...]
Written by admin on August 22nd, 2008 with comments disabled.
Read more articles on How To and Linux.
Ever wondered how to check that status of your server’s ram with a convient, simple to use command? Well, worry no more.
STEPS
1) Enter
root@server [~]# free -o
Your response should look something like this:
total used free shared buffers cached
Mem: 2067220 2013636 53584 0 28300 1323664
Swap: 2031608 71336 1960272
This command will show you your total available/used memory and cached memory. In the case obvoe, this server has 2 gigabytes of RAM installed and has used a large portion of it with a memory intensive application. The SWAP file has been put to use to buttress the RAM use.
Another method is to use this command for more detail.
root@server [~]# cat /proc/meminfo
You will get a result something like this:
MemTotal: 2067220 kB
MemFree: 95960 kB
Buffers: 20472 kB
Cached: 1373616 kB
SwapCached: 25076 kB
Active: 697120 kB
Inactive: 1211676 kB
HighTotal: 1171136 kB
HighFree: 19632 kB
LowTotal: 896084 kB
LowFree: 76328 kB
SwapTotal: 2031608 kB
SwapFree: 1962060 kB
Dirty: 464 kB
Writeback: 0 kB
AnonPages: 505384 kB
Mapped: 32668 kB
Slab: 49260 kB
PageTables: 4128 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 3065216 kB
Committed_AS: 1145992 kB
VmallocTotal: 114680 kB
VmallocUsed: 5128 kB
VmallocChunk: 107708 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB
Written by admin on August 10th, 2008 with comments disabled.
Read more articles on How To and Linux.
There appears to be a problem with Centos 5.2 when trying to upgrade openssh-clients to version 4.3p2-26.el5.
root@server [/usr/src]# yum update openssh-clients
Loading “protectbase” plugin
Loading “fastestmirror” plugin
Loading mirror speeds from cached hostfile
* base: mirror.sanctuaryhost.com
* updates: mirror.sanctuaryhost.com
* addons: mirrors.rit.edu
* extras: updates.interworx.info
Excluding Packages in global exclude list
Finished
0 packages excluded due to repository protections
Setting up Update Process
Resolving Dependencies
–> Running transaction check
—> Package openssh-clients.i386 0:4.3p2-26.el5 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
openssh-clients i386 4.3p2-26.el5 base 446 k
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 446 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : openssh-clients ######################### [1/2]
Error unpacking rpm package openssh-clients – 4.3p2-26.el5.i386
error: unpacking of archive failed on file /usr/bin/ssh: cpio: rename
Updated: openssh-clients.i386 0:4.3p2-26.el5
Complete!
UPDATE: I finally figured out why Openssh was not updating.
If you lsattr /usr/bin/ssh it will probably show that the file has been modified using chattr -i -a to prevent modification.
Written by admin on July 2nd, 2008 with comments disabled.
Read more articles on Centos and Linux.
Do you want to check if your server is properly configured with rDNS or reverse DNS?
It’s pretty important these days to have a reverse DNS setup for your dedicated IP address in order for email to be properly delivered.
Many free email companies like GMail, Hotmail, Yahoo Mail, and others require a reverse DNS to be setup for the IP address from which the email orginiates. It would not hurt to have a SPF Record and/or a DomainKey configured as well, but that is for another post.
STEPS
1) Log into your server as root or as another user.
2) Enter the following at the prompt using putty or other SSH client.
root@server [~]# dig -x 68.180.206.184 <--- replace with your IP address
The output should look like this:
;; QUESTION SECTION:
;184.206.180.68.in-addr.arpa. IN PTR
;; ANSWER SECTION:
184.206.180.68.in-addr.arpa. 1200 IN PTR w2.rc.vip.sp1.yahoo.com.
As long as there is a record in the PTR section that matches what you would like your rDNS to be such as www.server.com then your are golden.
Sometimes, you must contact your server host and have them manually enter your PTR records for you or providers will allow you to do it yourself via a control panel.
Written by admin on June 26th, 2008 with comments disabled.
Read more articles on Centos and How To and Linux.
Yum is word that may inspire fear in hearts of many noobie server admins because they don’t understand what it does and fear it make break their server if used.
Yum stands for “Yellow Updater, Modified” and is similar to commands apt-get and up2date in function.
Here are some common Yum commands used while you are logged in as root.
# yum upgrade
# yum update
# yum install bind
Yum usage:
yum [options] <update | upgrade | install |
info | remove | list |clean | provides |
search | check-update | groupinstall |
groupupdate | grouplist>
Yum Options
-c [config file] - specify the config file
to use
-e [error level] - set the error logging
level
-d [debug level] - set the debugging level
-y answer yes to all questions
-t be tolerant about errors in package
commands
-R [time in minutes] - set the max amount of
time to randomly run in.
-C run from cache only - do not update the cache
--installroot=[path] - set the install root
(default '/')
--version - output the version of yum
-h, --help this screen
Written by admin on June 24th, 2008 with comments disabled.
Read more articles on Centos and Linux.
It’s a good idea on a new server to edit the syctl.conf file to increase server security.
Steps:
1) Log into your server as root.
2) I recommend using WinSCP as a windows based interface to edit and manipulate server files.
3) Find /etc/sysctl.conf
4) Add the following text to the file. Cut and paste.
#Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Disables packet forwarding
net.ipv4.ip_forward=0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0
# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
# Disables the magic-sysrq key
kernel.sysrq = 0
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800
# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536
5) You will now have to manually restart sysctl to affect the changes. This can be done by executing these two commands in order.
a) /sbin/sysctl -p
b) sysctl -w net.ipv4.route.flush=1
Written by admin on June 24th, 2008 with comments disabled.
Read more articles on How To and Linux.
