All posts by mydailyhacks

Execute Script on Connection established using Network Manager Dispatcher

If you want a script to be executed each time a Network connection is established there is a easy way to do so with Linux distributions which use the Network Manager (like Fedora, Suse, Ubuntu etc.). You simply have to copy the script to the directory /etc/NetworkManager/dispatcher.d and change the permissions to 755. (It is crucial to use 755, otherwise the script will be ignored.

[sourcecode language=”bash”]
chmod 755 /etc/NetworkManager/dispatcher.d/10-my-scirpt
[/sourcecode]

The scipts in this directory are executed by the order of their name eg. 10-my-script will be executed before 20-my-script.

Setup Webserver Monitoring with Munin

The tool Munin offers an easy way to monitor a webserver. It comes along with a lot of features like monitoring disk and memory usage, the CPU, the fork rate of new processes and much more. The monitored data is accessible by the web browser. The setup of Munin takes only a few minutes.

First you have to install Munin. In Fedora Linux this can be done via YUM:

[sourcecode language=”bash”]
yum install munin munin-node
[/sourcecode]

Once installed you have to edit the configuration file /etc/munin/munin.conf (The default file contains a lot of comments). For a basic setup you can add the following lines:

[sourcecode language=”text”]

dbdir /var/lib/munin
htmldir /var/www/html/munin
logdir /var/log/munin
rundir /var/run/munin

[www.example.com]
address 127.0.0.1
use_node_name yes

[/sourcecode]

In this case “/var/www/html/” has to be the HTML directory of you webserver. What is missing now is to create the HTML directory for Munin and set the correct permissions:

[sourcecode language=”bash”]
mkdir -p /var/www/html/munin
chown munin:munin /var/www/html/munin
[/sourcecode]

Restart Munin

[sourcecode language=”bash”]
/etc/init.d/munin-node restart
[/sourcecode]

The monitoring is running now. The results can be accessed by the webbrowser:

http://www.djvu-pdf.com/munin/

By default there is a .htaccess password protection for this page activated. You can either remove the file /var/www/html/munin/.htaccess or create a username password combination like follows:

You can create the required password file (usually /etc/munin/munin-htpasswd, it is quoted in the .htaccess file) like follows

[sourcecode language=”bash”]
htpasswd -c /etc/munin/munin-htpasswd Admin
[/sourcecode]

Where Admin is the username. You will be asked for the password in a prompt.

Munin produces intuitive graphs of the monitored resources like the following one:

Clone Hard Disk with Command Line Tools

If you have two hard disks in you machine and you want to be one and exact copy of the other one you can use the tool “dd” to do so.

Lets say you want /dev/sdb to be a clone of /dev/sda, then you can simply use the command:

[sourcecode language=”bash”]
dd if=/dev/sda of=/dev/sdb
[/sourcecode]

Make sure, that /dev/sdb has at least the same size as /dev/sda!

How long does dd take?

Cloning a hard disk with dd can take several hours.

Assuming a average speed of 8 MB/s copying a disk with 120 MB would take about four hours.

Send Server Ip Address by Email

This post describes to configure a web server in a way that it sents its IP address by email in a defined interval of time. This can be useful for example if your server has a dynamic IP address that changes with the time. In this example the tool Postfix is used to sent the emails instead of sendmail since it works similar and is way easier to configure than sendmail.

Preparations:

1. Install Postfix

In a first step it is necessary to setup and install postfix. You can download the source code here but most recent linux distributions include the package already. In Fedora the setup can simply be done by:

[sourcecode language=”bash”]
yum install postfix
[/sourcecode]

2. Configure Postfix

You need an SMTP server in order to sent the emails. If you have an email account with SMTP Server you can add the following lines to the postfix configuration file /etc/postfix/main.cf :

[sourcecode language=”text”]
relayhost = smtp.provider.com:25

smtpd_sasl_auth_enable = yes
smtpd_sasl_path = smtpd
smtp_sasl_password_maps = hash:/etc/postfix/passwd
smtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
[/sourcecode]

Now the password file /etc/postfix/passwd has to be created. The password file has to contain the line

[sourcecode language=”text”]
smtp.provider.com:25 username:password
[/sourcecode]

To convert the password file in a so called postmap look-up table do the following:

[sourcecode language=”bash”]
postmap hash:/etc/postfix/passwd
[/sourcecode]

If
[sourcecode language=”bash”]
postmap -q smtp.provider.com:25 /etc/postfix/passwd
[/sourcecode]

gives you the correct reply everything is working fine.

3. Test Postfix
To test this configuration, postfix has to be started

[sourcecode language=”bash”]
postfix start
[/sourcecode]

Postfix now provides a sendmail command you can use like follows to test your setup:

Create a simple text file test.mail:

[sourcecode language=”text”]
From: you@provider.com
message
(compulsory blank line at the end)

[/sourcecode]

and execute the command

[sourcecode language=”bash”]
sendmail -f you@provider.com -s recipient@provider.com < test.mail
[/sourcecode]

The mail should have been sent now. If something is not working errors can be found in the following file:
/var/log/maillog

If you find something like

[sourcecode language=”text”]
warning: SASL authentication failure: No worthy mechs found

status=deferred (SASL authentication failed; cannot au
thenticate to server smtp.provider.com: no mechanism available)

[/sourcecode]

you probably have to add the following line to your /etc/postfix/main.cf:

[sourcecode language=”text”]
smtp_sasl_security_options = noanonymous
[/sourcecode]

Howto sent the IP by email:

To sent the IP address of you server by emil you simply you have execute the following simple script send_ip.sh by a cron job.

[sourcecode language=”bash”]
#!/bin/bash
# send_ip.sh

wget http://checkip.dyndns.com/ -O ip.txt
sendmail -f you@provider.com -s recipient@provider.com < ip.txt
rm -f ip.txt
[/sourcecode]

http://checkip.dyndns.com/ can be replaced by any web page that is displaying your IP.

The only thing that is missing now is to setup a cron job that executes the script in a defined interval of time, lets they every six hours.

As root do:

[sourcecode language=”bash”]
crontab -e
[/sourcecode]

and add the following line:

[sourcecode language=”text”]
0 */6 * * * source /home/user/send_ip.sh ;
[/sourcecode]

Now start the crond and thats it!

[sourcecode language=”bash”]
/sbin/service crond start
chkconfig crond on
[/sourcecode]

Attention!
You have to make sure, that the postfix mailing system is always running. In case to ensure that postfix sendmail command is not interferring with the “normal” sendmail command stop it.

[sourcecode language=”bash”]
service sendmail stop
postfix start
[/sourcecode]

Multiple Domains on one IP Address using Apache Virtual Server

Using Apache Virtual Servers it is easy to make multiple domains point at the same IP address displaying different content. You just have to add the following lines to the file /etc/httpd/conf/httpd.conf and restart apache:

[sourcecode language=”text”]
NameVirtualHost *:80

&lt;VirtualHost *:80&gt;
ServerName www.first-domain.com
ServerAlias first-domain.com *.first-domain.com
DocumentRoot /var/www/html
&lt;/VirtualHost&gt;

&lt;VirtualHost *:80&gt;
ServerName www.second-domain.com
DocumentRoot /var/www/samples
&lt;/VirtualHost&gt;

[/sourcecode]

In this setup www.first-domain.com is displaying the content of /var/www/html while www.second-domain.com is displaying the content of /var/www/samples.

SSH Tunnel as Socks Proxy Server for the Web Browser

If you have SSH access to a remote host and you want to use it as proxy server for your web browser you can do so easily by opening up a SSH tunnel:

[sourcecode language=”bash”]
ssh -D 9999 username@host.com -N
[/sourcecode]

If you now set your socks proxy in your web browser to localhost, port 9999 your traffice is redirect via host.com. In firefox you can do so in Preferences->Network->Settings

PHP Multi File Uploader with Progress Bar using APC

Important Update: If you are using PHP versions greater 5.3 you should use our new multi-file uploader script which does not depend on the APC cache. You find it here:

https://mydailyhacks.wordpress.com/2014/11/05/php-multifile-uploader-for-php-5-4-5-5/

For older PHP versions just continue reading.

This little PHP Script allows you to upload multiple files at a time to a webserver. It is pretty easy to install and can easily be adapted and extended to your specific needs. The Ajax progress bar the script brings is based on jQuery. For a proper operation of the script the Alternative PHP Cache (APC) has to be activated.

Where to get the script?

How to install APC on a linux server?

In Fedora Linux you need the following packages to install APC using the pecl command afterwards.

[sourcecode language=”bash”]

yum install pcre-devel php-pear php-devel httpd-devel

pecl install apc

[/sourcecode]

The file /etc/php.ini should contain the following lines:

[sourcecode language=”bash”]

extension=apc.so
apc.enabled = 1
apc.max_file_size = 2000M
apc.rfc1867 = 1

[/sourcecode]

An introduction how to install it from the source code you find here.
http://www.electrictoolbox.com/install-apc-php-linux/

If you are not sure if APC is installed at your server contact the administrator.

Install a Telnet Server on Fedora

A telnet server on Fedora can be installed easily. Do the following as user root:

[sourcecode language=”bash”]

#install the server application
yum install telnet-server

# set on if you want to activate telnet at startup
chkconfig telnet on

# restart the internet services
/etc/init.d/xinetd restart

[/sourcecode]

Simple Linux Virtual Server Setup for Fedora 15 with LVS-DR forwarding

This post describes how to setup a simple Linux Virtual Server (LVS) using a director with Fedora 15 and direct routing (LVS-DR) as forwarding method. Setting up a LVS helps you to distribute the traffic of your website to various servers. This process is called load balancing. The instructions are based on the LVS-mini-HOWTO where further information can be found.
The purpose of this exercise is to distribute the traffic of a website between two (or more) servers which host a copy website. Furthermore persistent connections are required which means that a client is always redirected to the same server for a defined interval of time. For debugging as telnet (port 23) as http (port 80) are load balanced in this setup since testing for telnet is way more easier.


What do I need?

For realizing and testing this setup you need at least 3 nodes:

(1) A client to address the LVS
(2) A node the redirects the requests (director) and operates a real server at the same time
(3) A node that only works as a real server

Each node needs one network interface card (NIC).

You can add an arbitrary number of additional real servers to the setup to increase performance. The director and real server should have installed at least Fedora 15, for the client the operating system does not matter. The three nodes are located in the same network.

In our example the director has the IP address 192.168.1.12, the real server 192.168.1.10. Both will share the virtual IP address 192.168.1.110 under which the LVS will be reachable.

Preparations for node (2), the director:
Some steps have to be done manually, the rest of the configuration can be done by the configuration script.

Fedora 15 already brings the required kernel ip_vs modules therefore it is not necessary to patch the kernel.

In a first step we install the tool ipvsadm which we use and monitor to configure and the LVS.

[sourcecode language=”bash”]
yum install ipvsadm
[/sourcecode]

Now we have to add the following lines to the file /etc/sysctl.conf:

[sourcecode language=”bash”]
# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Controls source route verification
net.ipv4.conf.default.rp_filter = 0

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
[/sourcecode]

and afterwards run
[sourcecode language=”bash”]
sysctl -p
[/sourcecode]

to update the kernel parameters.

The configuration script:

Replace “p5p1″ by the name of your NIC (often eth0) before running the configuration script:

[sourcecode language=”bash”]
#!/bin/bash
#—————mini-rc.lvs_dr-director————————
#set ip_forward OFF for lvs-dr director (1 on, 0 off)
#(there is no forwarding in the conventional sense for LVS-DR)

#add ethernet device and routing for VIP 192.168.1.110
/sbin/ifconfig p5p1:110 192.168.1.110 broadcast 192.168.1.110 netmask 255.255.255.255
/sbin/route add -host 192.168.1.110 dev p5p1:110
#listing ifconfig info for VIP 192.168.1.110
/sbin/ifconfig p5p1:110

#check VIP 192.168.1.110 is reachable from self (director)
/bin/ping -c 1 192.168.1.110
#listing routing info for VIP 192.168.1.110
/bin/netstat -rn

#setup_ipvsadm_table
#clear ipvsadm table
/sbin/ipvsadm -C
#installing LVS services with ipvsadm
#add telnet to VIP with round robin scheduling
/sbin/ipvsadm -A -t 192.168.1.110:telnet -s rr
/sbin/ipvsadm -A -t 192.168.1.110:http -s rr
# persistent connection deactivated for it is difficult to debug
#/sbin/ipvsadm -A -t 192.168.1.110:http -s rr -p 600

#forward telnet and http to realserver using direct routing with weight 1
/sbin/ipvsadm -a -t 192.168.1.110:telnet -r 192.168.1.10 -g -w 1
/sbin/ipvsadm -a -t 192.168.1.110:http -r 192.168.1.10 -g -w 1
#check realserver reachable from director
ping -c 1 192.168.1.10

#forward telnet and http to the director itself using direct routing with weight 1
/sbin/ipvsadm -a -t 192.168.1.110:telnet -r 192.168.1.12 -g -w 1
/sbin/ipvsadm -a -t 192.168.1.110:http -r 192.168.1.12 -g -w 1
#check realserver reachable from director
ping -c 1 192.168.1.12

#displaying ipvsadm settings
/sbin/ipvsadm

[/sourcecode]

In case you need persistent connections use the commented line in the script for that.

Preparations for node (3), the real servers:

Before running the configuration script you have also to modify the /etc/sysctl.conf at the real server. It has to contain the following lines. “p2p1″ has to be the name of the NIC (e.g. eth0).

[sourcecode language=”bash”]

net.ipv4.conf.p2p1.arp_ignore = 1
net.ipv4.conf.p2p1.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2

# Controls IP packet forwarding
net.ipv4.ip_forward = 0

[/sourcecode]

run
[sourcecode language=”bash”]
sysctl -p
[/sourcecode]

The standard gateway for the real servers can be any IP (eg. the client or a DSL router) in your network apart from that of the director. Change “p2p1” to the name the NIC of your real server.

The configuration script:
[sourcecode language=”bash”]

#!/bin/bash
#———-mini-rc.lvs_dr-realserver——————
#installing default gw 192.168.1.1 for vs-dr
/sbin/route add default gw 192.168.1.1
#showing routing table
/bin/netstat -rn
#checking if DEFAULT_GW 192.168.1.1 is reachable
ping -c 1 192.168.1.1

#looking for DIP 192.168.1.12
ping -c 1 192.168.1.12

#looking for VIP (will be on director)
ping -c 1 192.168.1.110

#install_realserver_vip
/sbin/ifconfig lo:110 192.168.1.110 broadcast 192.168.1.110 netmask 0xffffffff up
#ifconfig output
/sbin/ifconfig lo:110
#installing route for VIP 192.168.1.110 on device lo:110
/sbin/route add -host 192.168.1.110 dev lo:110
#listing routing info for VIP 192.168.1.110
/bin/netstat -rn

[/sourcecode]

Thats it! You can try to connect to your LVS now from the client by typing

[sourcecode language=”bash”]
telnet 192.168.1.110
[/sourcecode]

The requests should be processed by the director and by the real server rotatory. You can check this by typing

[sourcecode language=”bash”]
/sbin/ipvsadm
[/sourcecode]

at the director. In the output you should see “Active Connections” for both nodes. If that works you can try to connect via http e.g. by typing 192.168.1.110 in your web browser.

If you want to reach your LVS from the internet you can setup IP forwarding from the relevant ports in your DSL router. The ports have to be forwarded to the virtual IP 192.168.1.110. Deactivate all firewalls for testing!