Instructions for installing a very clean Debian GNU/Linux system that boots from RAID 1, and has RAID 1 or RAID 5 root and data filesystems.

The examples assume two identical harddrives, sda and sdb, on which after a small boot partition, 1 GB is used for swap, 25 GB is used for the root filesystem and everything else is for a big “data” partition that will hold non-system stuff.

Although I personally prefer /boot to be readonly, this guide doesn’t add the ro flag in /etc/fstab, because that’ll only lead to complaints about lilo upgrades not going smoothly. (Which is exactly the point of having it readonly in the first place…)

They also assume some specific tools that you may or may not like, and a kernel without module support. This is how I prefer to do things for servers. Please don’t try to persuade me to use kernel packages, grub, modules, or whatever.

General knowledge is required. Don’t begin unless you understand each step.

Raidthingy

The 42nd time you do all this, it gets rather boring. So I decided to automate steps 4..19, excluding 15 (kernel), using a simple Perl script.

This script assumes you have equal and empty (unpartitioned) drives, and provides very little flexibility.

wget http://juerd.nl/files/raidthingy.pl
vim raidthingy.pl # Learn what it does.
perl raidthingy.pl # Follow instructions

The guide

1. Get a bootable cd with debootstrap and RAID support, like KNOPPIX, and boot from it.

2. Find a root shell.

If your drives are hdx instead of sdx, ensure that DMA is enabled for both drives:

hdparm -d1 /dev/hda
hdparm -d1 /dev/hdc

The rest of this guide assumes sda and sdb, because S-ATA devices are presented as SCSI devices in recent kernels.

3. Get networking up and running, if you don’t have DHCP:

ifconfig eth0 123.123.123.123 up
route add default gw 123.123.123.1
echo nameserver 123.123.123.1 > /etc/resolv.conf

4. Partition the drives, paying no attention to partition types yet:

fdisk /dev/sda
# n <CR> p <CR> 1 <CR> <CR> +64M <CR>
# n <CR> p <CR> 2 <CR> <CR> +1G <CR>
# n <CR> e <CR> 3 <CR> <CR> <CR>
# n <CR> l <CR> <CR> +25G <CR>
# n <CR> l <CR> <CR> <CR>
# a <CR> 1 <CR> w <CR>
fdisk /dev/sdb
# n <CR> p <CR> 1 <CR> <CR> +64M <CR>
# n <CR> p <CR> 2 <CR> <CR> +1G <CR>
# n <CR> e <CR> 3 <CR> <CR> <CR>
# n <CR> l <CR> <CR> +25G <CR>
# n <CR> l <CR> <CR> <CR>
# a <CR> 1 <CR> w <CR>

5. For every partition, create a RAID 1 array:

mdadm –create /dev/md0 -n 2 -l 1 /dev/sda1 /dev/sdb1
mdadm –create /dev/md1 -n 2 -l 1 /dev/sda2 /dev/sdb2
mdadm –create /dev/md2 -n 2 -l 1 /dev/sda5 /dev/sdb5
mdadm –create /dev/md3 -n 2 -l 1 /dev/sda6 /dev/sdb6

If you plan on installing sdb later, use missing instead of the second device.

For RAID 5, use -l 5 instead of -l 1, and just specify more disks. Make sure the boot volume is RAID 1, not 5 (/dev/md0 here, and yes, you can have RAID 1 with more than 2 disks). Also, increase the number of disks (-n) accordingly.

6. Create filesystems and initialize swap space:

mkfs.ext3 /dev/md0
mkswap /dev/md1
mkfs.ext3 /dev/md2
mkfs.ext3 /dev/md3 -O dir_index

7. Create a target mountpoint and mount your new filesystem(s) there:

mkdir /target
mount /dev/md2 /target

mkdir /target/boot
mount /dev/md0 /target/boot

mkdir /target/data
mount /dev/md3 /target/data

mkdir /target/data/home
mkdir /target/home
mount –bind /target/data/home /target/home

mkdir /target/data/var
mkdir /target/var
mount –bind /target/data/var /target/var

mkdir /data/share # for samba shares
mkdir /data/www # for mod_vhost_alias sites

8. Install a basic Debian system using debootstrap:

debootstrap sarge /target http://ftp.nl.debian.org/debian

9. Delete symlinks to the outside world in the target’s etc:

cd /target/etc
rm hostname resolv.conf localtime

10. Get some real things there:

cp /etc/resolv.conf .
ln -s /usr/share/zoneinfo/Europe/Amsterdam localtime
echo newboxthingy > hostname
vim default/rcS # FSCKFIX=yes

11. Set up the file system table:

# This is /etc/fstab
/dev/md0 /boot ext3 defaults 0 1
/dev/md1 none swap swap
/dev/md2 / ext3 defaults,errors=remount-ro 0 1
/dev/md3 /data ext3 defaults,errors=remount-ro 0 1
/data/home /home bind bind
/data/var /var bind bind
proc /proc proc

12. Get a working sources.list:

cd apt
rm sources.list
wget http://juerd.nl/sources.list

13. Change the current root directory to enter the new system:

chroot /target

14. Get the system up to date and install some useful packages:

apt-get update
apt-get dist-upgrade
apt-get install less wget w3m vim libncurses5-dev make gcc
mbr bzip2 lilo mdadm ssh

When asked to start RAID arrays automatically, answer “No”, as this is not needed with RAID built into the kernel and autodetected arrays.

15. Download a kernel, configure it, compile it, copy it:

cd /usr/src
wget http://ftp.nl.kernel.org/pub/linux/kernel/v2.6/linux-2.6.12.tar.bz2
tar -jvxf linux-2.6.12.tar.bz2
ln -s linux-2.6.12 linux

# grsecurity (optional)
wget http://www.grsecurity.net/grsecurity-2.1.6-2.6.11.12-200506141713.patch.gz
cd linux
zcat ../grsecurity-2.1.6-2.6.11.12-200506141713.patch.gz | patch -p1

cd /usr/src/linux
make menuconfig
# Don’t forget to compile in RAID 1/5 and ext3 support.
make bzImage
cp arch/i386/boot/bzImage /boot/vmlinuz-2.6.11.9
cp System.map /boot/System.map-2.6.11.9

16. Configure LILO:

# This is /etc/lilo.conf
boot=/dev/md0
root=/dev/md2
compact
lba32
read-only
image=/boot/vmlinuz-2.6.11.9
label=Linux

17. Install the boot records:

lilo
install-mbr /dev/sda
install-mbr /dev/sdb

18. Configure networking:

# This is /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 123.123.123.123
netmask 255.255.255.0
gateway 123.123.123.1
network 123.123.123.0
broadcast 123.123.123.255
# Alternatively:
# iface eth0 inet dhcp

19. Secure things a little:

shadowconfig on
passwd
adduser foo

20. Exit the chrooted environment:

exit

21. Wait until synchronization is complete:

watch cat /proc/mdstat

22. Set the partition types to 0xFD:

fdisk /dev/sda
# t <CR> 1 <CR> fd <CR>
# t <CR> 2 <CR> fd <CR>
# t <CR> 5 <CR> fd <CR>
# t <CR> 6 <CR> fd <CR> w <CR>
fdisk /dev/sdb
# t <CR> 1 <CR> fd <CR>
# t <CR> 2 <CR> fd <CR>
# t <CR> 5 <CR> fd <CR>
# t <CR> 6 <CR> fd <CR> w <CR>

23. Reboot and bring your favourite god(s) sacrifices:

reboot

24. Consider donating:

• Software in the Public Interest, Inc. (Debian)
• Free Software Foundation (GNU)
• Apache Software Foundation
• Perl Development Fund

You may receive the following error message while accessing Webmail on a Plesk server:

A fatal error has occurred
DB Error: connect failed

You need to make sure the ‘horde’ user is able to connect to the ‘horde’ database using the password mentioned in the file “/etc/psa/.webmail.shadow”. You have to create the file and specify a random password if the file is missing.

To set the password for user ‘horde’ , go to the mysql prompt.

#mysql -uadmin -p`cat /etc/psa/.psa.shadow` mysql

On the mysql prompt, execute:

mysql> update user set password=password(password-from-.webmail.shadow) where user=’horde’;

Also make sure sql.safe_mode is set to off in /etc/php.ini file:

sql.safe_mode=Off

Restart Apache server once you save the file.

If the problem persists, use the password from “/etc/psa/webmail/horde/.horde.shadow” file. Go through the following steps:

#cp /etc/psa/webmail/horde/.horde.shadow /etc/psa/.webmail.shadow

#mysql -uadmin -p`cat /etc/psa/.psa.shadow` mysql

mysql> update user set password=password(password-from-/etc/psa/webmail/horde/.horde.shadow) where user=’horde’;

You should now be able to access Webmail client.

LogView Install Instructions

• Login to your server as a root user
• wget http://www.logview.org/logview-install
• chmod +x logview-install
• ./logview-install
• Wait for install complete message
• rm -f logview-install

LogView is now installed on your server!

• Login to WHM
• Go to Add-Ons >> LogView – File System Log Viewer
• Start using LogView

This is an exclusive! and free! add-on product for cPanel/WHM. The product provides you with an interface to the cPanel mod_security implementation from within WHM.

With ConfigServer ModSecurity Control you can:

• Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level
• Disable mod_security entirely, also on a global, per cPanel user or per hosted domain level
• Edit files containing mod_security configuration settings in /usr/local/apache/conf
• View the latest mod_security log entries

Requirements

• Apache v2+
• mod_security v2.5+ installed via Easyapache
• A set of mod_security rules each of which uses a unique ID

A recommended selection of rules can be obtained from ModSecurity Core Rule Set Project and Got Root. Care should be exercised with these rulesets as they can increase server resource usage by Apache child processes significantly.

This utility uses concepts explained in this section of the cPanel documentation.

Download

The latest version of cmc can be downloaded here: cmc.tgz

Screenshot

Support

Please visit our ConfigServer Scripts Forum

Licensing

This application is released under our script license. It is released free of charge, with no warranty to its suitability. There is no support provided with this application except through our online help forums.

While we are happy to provide these scripts for free, we are a small outfit that runs on a slim margin. If you do decide to use them, we’d be eternally grateful for any donation you think might express your gratitude so that we can continue to develop and provide them:

That’s it. If you don’t feel confident doing any of this yourself, or if you get into a horrible mess, we do have cPanel Server Services that include the installation and configuration of this application.

Documentation

• INSTALL.txt
• CHANGELOG.txt
• license.txt

source: http://configserver.net/cp/cmc.html

This tutorial explains how you can install MySQL Proxy on a CentOS 5 (x86_64) system. MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communication. Its flexibility allows for unlimited uses; common ones include: load balancing; failover; query analysis; query filtering and modification; and many more.

On a fresh minium Centos 5 final x86_64 install:

yum install gcc.x86_64 libevent.x86_64 libevent-devel.x86_64 readline.x86_64 readline-devel.x86_64 ncurses.x86_64 ncurses-devel.x86_64 glib2.x86_64 glib2-devel.x86_64

cd /usr/local/src/

wget http://www.lua.org/ftp/lua-5.1.3.tar.gz
tar zxvf lua-5.1.3.tar.gz

cd lua-5.1.3
make linux
make install

wget http://dev.mysql.com/get/Downloads/MySQL-Cluster-6.2/mysql-5.1.23-ndb-6.2.15-linux-x86_64-glibc23.tar.gz/\
from/http://www.mirrorservice.org/sites/ftp.mysql.com/

tar xzvf mysql-5.1.23-ndb-6.2.15-linux-x86_64-glibc23.tar.gz
ln -s mysql-5.1.23-ndb-6.2.15-linux-x86_64-glibc23 mysql

PATH=$PATH:/usr/local/mysql/bin
export PATH

Edit your .profile to make this permanent:

# .bash_profile

# Get the aliases and functions
if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

# User specific environment and startup programs

PATH=$PATH:/usr/local/mysql/bin:$HOME/bin

export PATH
unset USERNAME

wget http://dev.mysql.com/get/Downloads/MySQL-Proxy/mysql-proxy-0.6.1.tar.gz/from/http://www.mirrorservice.org/sites/ftp.mysql.com/

tar zxvf mysql-proxy-0.6.1.tar.gz
cd mysql-proxy-0.6.1

./configure  LDFLAGS=”-lm -ldl” LUA_CFLAGS=”-I/usr/local/include/” LUA_LIBS=/usr/local/lib/liblua.a

make
make install

Let’s create a sample LUA script so you can see some logs.

mkdir /var/log/mysql-proxy/
mkdir -p /usr/local/mysql/lua-scripts/

vi /usr/local/mysql/lua-scripts/simple-log.lua

(see: http://www.oreillynet.com/pub/a/databases/2007/07/12/getting-started-with-mysql-proxy.html?page=3

Script modified to get IP and to use  proxy.connection.server.thread_id.)

local log_file = '/var/log/mysql-proxy/mysql.log'
local fh = io.open(log_file, "a+")

function read_query( packet )
 if string.byte(packet) == proxy.COM_QUERY then
   local query = string.sub(packet, 2)
   fh:write( string.format("%s %6d -- %s :IP %s :USER: %s\n",
   os.date('%Y-%m-%d %H:%M:%S'),
   proxy.connection.server.thread_id,
   query,
   proxy.connection.client.address,
   proxy.connection.client.username))
  fh:flush()
 end
end

Now start up your proxy using the variable –proxy-backend-addresses to point the proxy at your servers.

/usr/local/sbin/mysql-proxy –proxy-lua-script=/usr/local/mysql/lua-scripts/simple-log.lua –proxy-backend-addresses=192.168.1.33:3306 –proxy-backend-addresses=192.168.1.34:3306 –daemon

192.168.1.33 and 192.168.1.34 are the MySQL nodes that the proxy will be connecting to.

Allow connections for the proxy through your firewall:

### ALLOWED TO CONNECT TO MYSQL PROXY
###
### LOCAL ADMINS
-A INPUT -s SRC-IP -d DST-IP -p tcp -m state --state NEW -m tcp --dport 4040 -j ACCEPT

Where  DST-IP is my proxy server and  SRC-IP is my local box (client machine).

Now from your local box (not the mysql-proxy server) try and connect to the backend databases through the proxy ( user with relevent permissions must exist in the db).

mysql -u dba_admin -p -h PROXY-SERVER -P 4040

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 16 to server version: 5.1.23-ndb-6.2.15

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> show databases;

+——————–+
| Database           |
+——————–+
| information_schema |
| Imap_Forms         |
| mysql              |
| test               |
+——————–+
4 rows in set (0.01 sec)

mysql> quit

Bye

N.B. The proxy uses the port 4040 instead of 3306.

Test the mysql-proxy admin interface from the mysql-proxy server:

mysql -u root -p -h 127.0.0.1 -P 4041

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.1.20-agent MySQL Enterprise Agent

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the buffer.

mysql> select * from proxy_connections;

+——+——–+——-+——+
| id   | type   | state | db   |
+——+——–+——-+——+
|    0 | server | 0     |      |
|    1 | proxy  | 0     |      |
|    2 | server | 10    |      |
+——+——–+——-+——+
3 rows in set (0.00 sec)

mysql>quit

Cannot compressing files into zip format using the built in cPanel compressor:

(internal death while parsing ./frontend/x3/filemanager/live_fileop.xml) Tue Aug 11 19:04:14 2009 [30234] error: open3: exec of zip -r /home/fxhost/public_html/player/hsplaylist.xspf.zip hsplaylist.xspf index.html mhsplaylist.xspf failed at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 21
Carp::croak(‘open3: exec of zip -r /home/fxhost/public_html/player/hsplayli…’) called at /usr/lib/perl5/5.6.2/IPC/Open3.pm line 230
IPC::Open3::_open3(‘open3′, ‘Cpanel::SafeRun::Errors’, ‘<&RNULL’, ‘GLOB(0xb0e4500)’, ‘GLOB(0xb0e4500)’, ‘zip’, ‘-r’, ‘/home/fxhost/public_html/player/hsplaylist.xspf.zip’, …) called at /usr/lib/perl5/5.6.2/IPC/Open3.pm line 291
IPC::Open3::open3(‘<&RNULL’, ‘GLOB(0xb0e4500)’, ‘GLOB(0xb0e4500)’, ‘zip’, ‘-r’, ‘/home/fxhost/public_html/player/hsplaylist.xspf.zip’, ‘hsplaylist.xspf’, ‘index.html’, …) called at /usr/local/cpanel/Cpanel/SafeRun/Errors.pm line 21
Cpanel::SafeRun::Errors::saferunallerrors(‘zip’, ‘-r’, ‘/home/fxhost/public_html/player/hsplaylist.xspf.zip’, ‘hsplaylist.xspf’, ‘index.html’, ‘mhsplaylist.xspf’) called at /usr/local/cpanel/Cpanel/Fileman.pm line 2251
Cpanel::Fileman::__ANON__(‘zip’, ‘-r’, ‘/home/fxhost/public_html/player/hsplaylist.xspf.zip’, ‘hsplaylist.xspf’, ‘index.html’, ‘mhsplaylist.xspf’) called at /usr/local/cpanel/Cpanel/Fileman.pm line 2286
Cpanel::Fileman::_handle_compress(‘return’, ‘ARRAY(0×9471054)’, ‘/home/fxhost/public_html/player/hsplaylist.xspf.zip’, ‘zip’) called at /usr/local/cpanel/Cpanel/Fileman.pm line 2875
Cpanel::Fileman::api2_fileop() called at (eval 9) line 1
eval ‘$dataref = [Cpanel::Fileman::api2_fileop(%CFG)];’ called at cpanel.pl line 4960
main::api2_exec(‘Fileman’, ‘fileop’, ‘HASH(0xb0e4488)’, ‘HASH(0x941a270)’) called at cpanel.pl line 1476
main::cpexectag(

This suggests installing it with

Code: yum install zip

If the zip is exit
Another suggests

Code:
chmod 755 /bin/{tar,gtar,gunzip,gzip,zcat}
chmod 755 /usr/bin/{zip,unzip,unrar}

You need to setup password less login using ssh keys; refer to following tutorials:
+ Howto Linux / UNIX setup SSH with DSA public key authentication (password less login)
+ SSH Public key based authentication – Howto

#!/bin/bash
# Remote Server Rsync backup Replication Shell Script
# ————————————————————————-
# Copyright (c) 2005 nixCraft project
# This script is licensed under GNU GPL version 2.0 or above
# ————————————————————————-
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ————————————————————————-
# Local dir location
LOCALBAKPOINT=/disk3
LOCALBAKDIR=/remote/home/httpd/
# remote ssh server
# user
SSHUER=brootbeer

# server IP / host
SSHSERVER=10.10.11.12

#remote dir to backup
SSHBACKUPROOT=/disk2.backup/hot/

rsync –exclude ‘*access.log*’ –exclude ‘*error.log*’ -avz -e ‘ssh ‘ ${SSHUER}@${SSHSERVER}:${SSHBACKUPROOT} ${LOCALBAKPOINT}${LOCALBAKDIR}

# log if backup failed or not to /var/log/messages file
[ $? -eq 0 ] && logger ‘RSYNC BACKUP : Done’ || logger ‘RSYNC BACKUP : FAILED!’

# Replicate backup to /disk1 and /disk2
# You can also use format user@host:/path
# refer to rsync man page
SRC=${LOCALBAKPOINT}${LOCALBAKDIR}
DST=”/disk1/remote /disk2/remote”
for d in $DST
do
[ ! -d $d ] && mkdir -p $d || :
rsync -avr $SRC $d
done

A banner for ssh server is a few phrase that will come out the time you want to access a server through ssh. By default, this feature is turned off. To turned it on:

1. Login as ‘root’
2. Create your banner file first. In this example, i will create banner file named /home/banner
• # vi /home/banner
• Insert your banner message to the file. I will insert ‘Welcome to my pc’
3. After you have finish with the banner file, open /etc/sshd_config
• # vi /etc/sshd_config
• Uncomment or add the following line
• Banner /home/banner
4. Restart ssh server
• # /etc/init.d/sshd restart
5. When you login, this will be displayed
• # ssh pingu@10.20.20.171
  Welcome to my pc
  pingu@10.20.20.171′s password:

There are two ways to install micro-updates for Parallels Plesk Panel.

Using the Command Line Interface:

Note: The “$PRODUCT_ROOT_D” variable in the command should be replaced with its value according to Plesk variables.

The exact value of path variables can be known from /etc/psa/psa.conf file on Parallels Plesk Panel server.

Or use the following parameters:

Note: The “$PRODUCT_ROOT_D” variable in the command should be replaced with its value.

The exact value of path variables can be known from /etc/psa/psa.conf file on Parallels Plesk Panel server.

Reference: http://parallels.com

By default Urchin 6 is installed at /usr/local/urchin directory. You can change directory by typing the following command:
# cd /usr/local/urchin

Use urchinctl to control Urchin web server / scheduler

You will find urchinctl inside bin directory. It is used to control Urchin web server listing on TCP port 9999.

To start the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl start

To restart the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl restart
Above command is useful if you change Urchin port or other settings.

To view the Urchin webserver and scheduler status , enter:

# /usr/local/urchin/bin/urchinctl status
Sample output:

Urchin webserver is running
Urchin MASTER scheduler is running
Urchin SLAVE scheduler is running

To stop the Urchin webserver, enter:

# /usr/local/urchin/bin/urchinctl stop

/usr/local/urchin/util/utm directory

You need to use urchin.js and __utm.gif file to track the statistics. These files are also known as the UTM Sensor, which is nothing but a small amount of JavaScript code that accomplishes various tracking methods.

Automatically start / stop Urchin after RHEL reboot

You need to copy /usr/local/urchin/util/urchin_daemons file to /etc/init.d/ directory:
# cp /usr/local/urchin/util/urchin_daemons /etc/init.d/urchin
Set permissions
# chmod +x /etc/init.d/urchin
Use chkconfig tool, which provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.
# chkconfig urchin on

Now you can start, stop or restart Urchin services automatically.

Incoming search terms:

• website analytics cd software (1)