Blogs

In Linux Fedora Core 1, "crond" is started from the script "/etc/rc.d/init.d/crond". The manual `man cron` says that cron searches "/var/spool/cron" for crontab files which are named after accounts in "/etc/passwd"; crontabs found are loaded into memory. Cron also searches for "/etc/crontab" and the files in the "/etc/cron.d/" directory.

The "/etc/crontab" file contains the following.

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly

APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. APF is ideal for deployment in many server environments based on Linux.

Below are notes on installing, configuring and running APF.

1. Download the latest tarball via rfxnetworks.com
   
2. Extract and install it:
   

   # tar -xvzf apf-current.tar.gz
   # cd apf*
   # ./install.sh
   

The site migration was done from a server with Ensim Basic 3.1.12-9 (secure) to a server running Ensim Pro 4.0.2-7 (serv01).

1. ----- Preparation prior to migration -----
   
2. 48 hrs prior to migration, edit the SOA settings with the "Refresh Interval" and the "Minimum Time To Live" to 600 for the domains.
   
3. Remove frontpage extensions from all sites.
   
4. Backup sites on secure (ensim 3.1.12-9) with ensimbackup and move it to serv01.
   

   # ensimbackup -l </path/to/domain_list>
   

5. ----- In serv01 -----
6. Check to make sure that the default site template has enough databases to assign in pro.
   
7. Remove all instances of the domains to be restored in /etc/bind/secure_dns.conf .
   
8. Delete all corresponding /var/named/sec.domain.tld files.
   

   # for x in `cat <domain list file>`; do rm /var/named/sec.$x; done
   

9. Restart named.
10. Turn sim checking off for webbpliance (init.ocwhttpd off) in "/usr/local/sim/config/mods.control"
    
11. `service webppliance stop`
    
12. Unhide all hidden services.
    
13. Restore with ensimprorestore on serv01 (ensim 4.0.2-7.rhel).
    

    # ensimprorestore -a </path/to/dir/>
    

14. Assign Spam Filter and Mail Scanner and remove ssh and squirrelmail for the restored domains.

    # for x in `cat <domain list file>`; do \
    # EditVirtDomain -c mailscanner,on -c spam_filter,on \
                   -c ssh,off -c sqmail,off [-c frontpage,on] $x; done
    

15. Hide services, `/etc/appliance/svcdb/hide.sh hide`
16. `service webppliance start`
    
17. Turn sim checking on for webbpliance (init.ocwhttpd on).
    
18. Run `/var/www/html/secureDNS/dns_updater.php`.
    
19. Disable /etc/bind/dnsupdate for 48 hrs.
    
20. ----- In secure -----
    
21. Delete all instances of the domains from the zone list, "/etc/bind/bind.conf.wp".
    
22. Delete all corresponding /var/named/zone.domain.tld files.
    

    # for x in `cat <domain list file>`; do rm /etc/bind/zone.$x; done
    # for x in `cat <domain list file>`; do rm /var/named/db.$x; done
    

23. Restart named.
24. Run `/etc/bind/dnsupdate` in secure.
    
25. Delete the accounts after 48 hrs.
    
26. ----- Old Method, use only for reference -----
    
27. Create the Reseller Account.
    
28. Assign the site to the Reseller account with high security, no squirrelmail (available by default) and no SSH. Also, change the number of database back to the original number... which is normally 1.
    
29. Delete corresponding zone records from "/etc/bind/secure_dns.conf".
    
30. Add DNS records using "/etc/bind/addZone.sh <domain.com>".
    

    #!/bin/bash
    # addZone.sh
    
    cat <<EOF >zone.$1
    zone "$1" IN {
            type master;
            file "/var/named/db.$1";
            allow-update   { key "wp_default_key."; };
            allow-transfer { localhost; 216.12.215.205; };
    };
    EOF
    
    cat <<EOF >/var/named/db.$1
    \$ORIGIN .
    \$TTL 3600      ; 1 hour
    $1              IN SOA  ns2.edices.com. admin.edices.com. (
                                    2005021308 ; serial
                                    3600       ; refresh (1 hour)
                                    600        ; retry (10 minutes)
                                    86400      ; expire (1 day)
                                    3600       ; minimum (1 hour)
                                    )
                            NS      ns1.edices.com.
                            NS      ns2.edices.com.
    \$TTL 86400     ; 1 day
                            A       207.44.206.16
                            MX      10 mail.$1.
    \$ORIGIN $1.
    
    ftp                     A       207.44.206.16
    mail                    A       207.44.206.16
    www                     A       207.44.206.16
    EOF
    
    cat <<EOF >>bind.conf.wp
    include "/etc/bind/zone.$1";
    EOF
    
    [ -f /var/named/db.$1 ] && chown named:named /var/named/db.$1 && chmod 600 /var/named/db.$1
    [ -f /var/named/sec.$1 ] && rm /var/named/sec.$1
    
    echo "Restart named manually if everything looks fine..."
    

31. Run `/var/www/html/secureDNS/dns_updater.php`.
32. Disable accounts in secure via the CLI.
    
33. Remove Zones in bind via GUI on secure.
    
34. Run `/etc/bin/dnsupdate` in secure.

I have backed up my system to an external ximeta drive using "dd" and the well-known linux live cd distribution, Knoppix to boot from. Below are the steps in brief:

1. Boot from the live cdrom distribution.
   
2. Switch to root.
   
3. Make sure NO partitions are mounted from the source hard drive.
   
4. Mount the external HD.
   

     # mount -t vfat /dev/sda1 /mnt/sda1
     

5. Backup the drive.

     # dd if=/dev/hda conv=sync,noerror bs=64K | gzip -c  > /mnt/sda1/hda.img.gz
     

   "dd" is the command to make a bit-by-bit copy of "if=/dev/hda" as the "Input File" to "of=/mnt/sda1/hda.img.gz" as the "Output File". Everything from the partition will go into an "Output File" named "hda.img.gz". "conv=sync,noerror" tells dd that if it can't read a block due to a read error, then it should at least write something to its output of the correct length. Even if your hard disk exhibits no errors, remember that dd will read every single block, including any blocks which the OS avoids using because it has marked them as bad. "bs=64K" is the block size of 64x1024 Bytes. Using this large of block size speeds up the copying process. The output of dd is then piped through gzip to compress it.

6. To restore your system:
   

     # gunzip -c /mnt/sda1/hda.img.gz | dd of=/dev/hda conv=sync,noerror bs=64K 
     

   NOTE: I've had much success leaving out "conv=sync,noerror" during restore.

7. Store extra information about the drive geometry necessary in order to interpret the partition table stored within the image. The most important of which is the cylinder size.
   

     # fdisk -l /dev/hda > /mnt/sda1/hda_fdisk.info
     

Here's something for broadband people that will really speed Firefox up:

1. Type "about:config" into the address bar and hit return. Scroll down and look for the following entries:
   

   network.http.pipelining
   network.http.proxy.pipelining
   network.http.pipelining.maxrequests
   

   Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:
   

   Set "network.http.pipelining" to "true"
   Set "network.http.proxy.pipelining" to "true"
   

ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

• Download tarball from modsecurity.org
  
• Check that you have "httpd-devel" installed.
  
• Backup your original "httpd.conf" file.
  
• After extracting, compile and install from the relevant apache direcoty, via:
  

    # apxs -cia mod_security.c
  

The entries in the /proc/meminfo can help explain what's going on with your memory usage, if you know how to read it.

Example of `cat /proc/meminfo`:

        total:    used:    free:  shared: buffers:  cached:
Mem:  1050001408 1012899840 37101568        0 113672192 420950016
Swap: 2097434624 217985024 1879449600
MemTotal:      1025392 kB
MemFree:         36232 kB
MemShared:           0 kB
Buffers:        111008 kB
Cached:         279304 kB
SwapCached:     131780 kB
Active:         677908 kB
ActiveAnon:     487272 kB
ActiveCache:    190636 kB
Inact_dirty:    129164 kB
Inact_laundry:   23948 kB

Had to do some fine tuning of MySQL 4.1.9 and here is what my.cnf file looks like for a 2GHz machine with 1GB of memory.

[mysqld]
socket=/path/to/mysql.sock
datadir=/var/lib/mysql
skip-locking
skip-innodb
# MySQL 4.x has query caching available.
# Enable it for vast improvement and it may be all you need to tweak.
query_cache_type=1
query_cache_limit=1M
query_cache_size=32M
# max_connections=500
# Reduced to 200 as memory will not be enough for 500 connections.
# memory=key_buffer+(sort_buffer_size+read_buffer_size)*max_connections

eAccelerator is a further development from mmcache PHP Accelerator & Encoder. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated.

• Prior to installing check that php-devel package is installed.
  
• Download via http://eaccelerator.net/DownloadEaccelerator
  
• Run the below commands to compile and configure:
  

    # export PHP_PREFIX="/usr"
    # $PHP_PREFIX/bin/phpize
  

PHP Accelerator is an easily installed PHP Zend engine extension that provides a PHP cache, and is capable of delivering a substantial acceleration of PHP scripts without requiring any script changes, loss of dynamic content, or other application compromises.

1. Installation:
   • Download PHPAccelerator.
     
   • Unpackage it and move contents to "/usr/local/phpaccelerator".
     
   • Include the below line to php.ini under dynamic extension section:
     

         zend_extension="/usr/local/phpaccelerator/php_accelerator_1.3.3r2.so"