LINICKX.com

apc.php for rhel / centos

nick — Wed, 16 May 2012 14:39:00 +0100

Note to self: The apc.php (script for monitroing apc performance) is stored in - /usr/share/doc/php-pecl-apc-3.1.3p1

5 Minute CentOS/RHEL VPN

nick — Sun, 23 Jan 2011 09:51:00 +0000

I'm looking at running two servers on EC2; as we all know the most important thing about running services in the cloud is encryption!

Whilst googling on how to setup a host-to-host IPSEC VPN I was surprised at how easy it is...

On Host1 (192.168.56.101)...

#!/bin/bash
[root@CentOS1 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ipsec1 
DST=192.168.56.102
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK
[root@CentOS1 ~]#
[root@CentOS1 ~]# cat /etc/sysconfig/network-scripts/keys-ipsec1 
IKE_PSK=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[root@CentOS1 ~]#
[root@CentOS1 ~]# ifup ipsec1

On host2 (192.168.56.102)...

#!/bin/bash
[root@CentOS2 ~]# cat /etc/sysconfig/network-scripts/ifcfg-ipsec1 
DST=192.168.56.101
TYPE=IPSEC
ONBOOT=no
IKE_METHOD=PSK
[root@CentOS2 ~]#
[root@CentOS2 ~]# cat /etc/sysconfig/network-scripts/keys-ipsec1 
IKE_PSK=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[root@CentOS2 ~]#
[root@CentOS2 ~]#ifup ipsec1

... done!!!

#!/bin/bash
[root@CentOS1 ~]# tcpdump -n -i eth1 host 192.168.56.102
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
09:46:37.306292 IP 192.168.56.101 > 192.168.56.102: AH(spi=0x0aff2b10,seq=0x203): ESP(spi=0x00a0a3cc,seq=0x203), length 84
09:46:37.310197 IP 192.168.56.102 > 192.168.56.101: AH(spi=0x09f82154,seq=0x203): ESP(spi=0x098f0ff9,seq=0x203), length 68
09:46:38.175048 IP 192.168.56.101 > 192.168.56.102: AH(spi=0x0aff2b10,seq=0x204): ESP(spi=0x00a0a3cc,seq=0x204), length 84
09:46:38.179017 IP 192.168.56.102 > 192.168.56.101: AH(spi=0x09f82154,seq=0x204): ESP(spi=0x098f0ff9,seq=0x204), length 68
09:46:39.313583 IP 192.168.56.101 > 192.168.56.102: AH(spi=0x0aff2b10,seq=0x205): ESP(spi=0x00a0a3cc,seq=0x205), length 84
09:46:39.316427 IP 192.168.56.102 > 192.168.56.101: AH(spi=0x09f82154,seq=0x205): ESP(spi=0x098f0ff9,seq=0x205), length 68

6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@CentOS1 ~]#

Now this is a simple IKE pre-shared key vpn, you might want to google for using certificates for stronger authentication, you can also edit /etc/racoon/racoon.conf to change your IPSEC parameters.

Reference: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html

UPDATE: To make this work in EC2, you need to enable NAT-T see my hack here!

Smolt RPM for CentOS, RHEL, etc

nick — Fri, 06 Jul 2007 10:00:00 +0100

I after installing Fedora7 I thought I'd take a look at the stats the project had gathered, I saw some centos devices, but couldn't find a rpm.

I've had a go at building one, it mostly works (this is my nagios box), it's a rebuild of the f7 source, I have to frig about with the spec file, so I've published my source rpm here, search for Nick in the .spec file, you'll see my bodge.

The smolt rpms are in my yum repo, feel free to download the packages and have a go.

Extra Packages for Enterprise Linux... CentOS !

nick — Sun, 03 Jun 2007 17:54:00 +0100

Why has it taken me so long to spot this ? Looks like this draft was written on the 13th May, if I hadn't have been just about to download FC7 then I'd have missed it !

EPEL - Fedora Project Wiki
EPEL is a volunteer-based community effort from the Fedora project to create a repository of high-quality add-on packages that complement the Fedora-based Red Hat Enterprise Linux (RHEL) and its compatible spinoffs like CentOS or Scientific Linux.

About time, and thank you redhat/fedora, want fedora extra packages in centos, then install this epel-release .rpm frickin' sweet ! :cool:

Intel 3945ABG Wireless / WiFi Card on CentOS 5

nick — Thu, 24 May 2007 10:39:00 +0100

I've taken to using CentOS on my servers, and fedora on my Laptop. New job, means new laptop, and to avoid fedora update hell, I thought I'd try CentOS on my laptop.

All seems good other than my wifi card not being detected, and for some reason googling for "centos 5 intel 3945" didn't provide a working anserwer, actually I found the answer by googling for "supplementary disk centos 5" which finds this thread that says...

Install dag's repo (this rpm), and then install dkms-ipw3945 (yum will pick up the dependancies)

yum install dkms-ipw3945

Next enable network manager...

chkconfig --level 345 NetworkManager on
chkconfig --level 345 NetworkManagerDispatcher on

reboot (seriously) and when you next log in you'll get a little icon in you system tray where you can manage your WiFi :)

rkhunter rpm for Centos / RedHat

nick — Sun, 29 Apr 2007 11:47:00 +0100

Whilst doing some routine maintenance, I noticed that I never published the rkhunter rpm I built, the software is officially supported at rootkit.nl but for ease I wanted a yum available rpm ;)

How to Migrate from White Box Linux 4 to CentOS 4.4

nick — Tue, 24 Apr 2007 14:16:00 +0100

There are somethings that you just never get round to, my nagios box was still running whitebox linux, and I've finally gotten round "upgrading" it to CentOS... yeah ok, upgrade is arguable, but you get my point.

First off a warning: Don't do this ! All the documentation, for CentOS, RHEL, Fedora, any redhat linux all say, clean installs are the best way, and upgrades are not advised.... therefore I offer no support or warranty that this will work, in fact, I you advise you to read this post, but step away from your consoles !

But, if you think it might be a laugh, the centos documentationis a bit old, and not 100% correct, so here is what I did. First up (as root - obviously), clear out your yum cache,and install the CentOS gpg key.

yum clean all
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4

Next, install some base centos packages, take not that some need to be forced on

rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/centos-release-4-4.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-4.2.1.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/sqlite-3.3.3-1.2.i386.rpm
rpm -Uvh --force http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/yum-2.4.3-1.c4.noarch.rpm

finally remove the whitebox rpm db.

rpm -ev rpmdb-whitebox

Move any "whitebox" mirrors still in /etc/yum.repos.d and

yum install rpmdb-CentOS

Once you have that sorted, you can complete the upgrade with

yum update
reboot

& cross your fingers ;)
If you come across the following warnings while using yum: Warning, could not load sqlite, falling back to pickle , I found...

yum install python-sqlite

Fixed the problem. And there we have it, all my boxes are now running CentOS - yay - just in time to look at the CentOS 5 upgrade ;)

Dependency Problems ?
If a whitebox rpm is newer than the CentOS one, it won't get upgraded, this might cause problems when installing new packages via yum. To solve the problem download the rpm manually from http://www.centos.org/modules/tinycontent/index.php?id=13 and force an upgrade

rpm --force -Uvh Something-CentOS.rpm

UPDATE: If you're using something like Root Kit Hunter, you will notice a load of md5 hashes fail, these are whitebox rpm's that didn't need upgrading, to correct the problem you need to replace these with CentOS versions.. example rkhunter output:

/sbin/init  [ BAD ]

Find which rpm, init belongs to

# rpm -q --whatprovides /sbin/init
SysVinit-2.85-34.3

and upgrade it

wget http://www.mirrorservice.org/sites/mirror.centos.org/4.4/os/i386/CentOS/RPMS/SysVinit-2.85-34.3.i386.rpm
rpm --force -Uvh SysVinit-2.85-34.3.i386.rpm

How to Migrate from White Box Linux 4 to CentOS 4.4

nick — Tue, 24 Apr 2007 14:16:00 +0100

yum clean all
rpm --import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-4

Next, install some base centos packages, take not that some need to be forced on

rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/centos-release-4-4.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-elementtree-1.2.6-4.2.1.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-sqlite-1.1.7-1.2.i386.rpm
rpm -ivh http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/sqlite-3.3.3-1.2.i386.rpm
rpm -Uvh --force http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/python-urlgrabber-2.9.8-2.noarch.rpm
rpm -Uvh --nodeps http://mirror.centos.org/centos/4.4/os/i386/CentOS/RPMS/yum-2.4.3-1.c4.noarch.rpm

finally remove the whitebox rpm db.

rpm -ev rpmdb-whitebox

Move any "whitebox" mirrors still in /etc/yum.repos.d and

yum install rpmdb-CentOS

Once you have that sorted, you can complete the upgrade with

yum update
reboot

& cross your fingers ;)
If you come across the following warnings while using yum: Warning, could not load sqlite, falling back to pickle , I found...

yum install python-sqlite

Fixed the problem. And there we have it, all my boxes are now running CentOS - yay - just in time to look at the CentOS 5 upgrade ;)

rpm --force -Uvh Something-CentOS.rpm

/sbin/init  [ BAD ]

Find which rpm, init belongs to

# rpm -q --whatprovides /sbin/init
SysVinit-2.85-34.3

and upgrade it

wget http://www.mirrorservice.org/sites/mirror.centos.org/4.4/os/i386/CentOS/RPMS/SysVinit-2.85-34.3.i386.rpm
rpm --force -Uvh SysVinit-2.85-34.3.i386.rpm

Tripwire 2.4.1.1 rpm for CentOS, Redhat ( RHEL ) 4

nick — Tue, 17 Apr 2007 13:28:00 +0100

Following a request I've rebuilt a later tripwire rpm (2.4.1.1); I think at this point it would be prudent to point out that the rpms found here are not maintained, and I do not offer any kind of support - you use them at your own risk - but you're welcome to make requests !

tripwire-2.4.1.1-1.i386.rpm

My Yum repo has also been updated, config file here :D

Service Recovery Scripts & Error Page Tips.

nick — Tue, 06 Mar 2007 13:32:00 +0000

A couple of weeks ago, I was proper ill with flu; the problem with looking after your own server is that only you can fix it - it's well and good having monitoring systems (nagios) telling you about faults, but if you can't read or see the alerts the fault won't get resolved.

During this time I was ill, for an unknown reason the mySQL process on my server died, as such my website (and others I look after) were down for 8 hours. The fix was simple, one command, restart the service and normal service was resumed (excuse the pun).

This led to me to the conclusion that there must be a way to get the server to fix it's self. after all, why do a job when you can get a computer to do it for you ! Fortunately I had a light bulb moment and realised that I could use the init scripts that are provided by redhat, the below code will restart apache (httpd) and mySQL on a redhat based system in the event that the service was not stopped cleanly. (In-fact this config has only be tested on CentOS, your mileage may vary on anything else)

#!/bin/bash

# taken from redhast default scripts - /etc/rc.d/init.d/functions

# Set up a default search path.
PATH="/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin"
export PATH

status() {
        local base=${1##*/}
        local pid

        # Test syntax.
        if [ "$#" = 0 ] ; then
                echo $"Usage: status {program}"
                return 1
        fi

        # First try "pidof"
        pid=`pidof -o $$ -o $PPID -o %PPID -x $1 ||
             pidof -o $$ -o $PPID -o %PPID -x ${base}`
        if [ -n "$pid" ]; then
# Uncomment this if you want OK messages
#               echo $"${base} (pid $pid) is running..."
                return 0
        fi

        # Next try "/var/run/*.pid" files
        if [ -f /var/run/${base}.pid ] ; then
                read pid < /var/run/${base}.pid
                if [ -n "$pid" ]; then
                        echo $"${base} dead but pid file exists"
                        /etc/init.d/${base} restart
                        return 1
                fi
        fi
        # See if /var/lock/subsys/${base} exists
        if [ -f /var/lock/subsys/${base} ]; then
                echo $"${base} dead but subsys locked"
                /etc/init.d/${base} restart
                return 2
        fi
        echo $"${base} is stopped"
        return 3
}

# found in /etc/init.d/httpd
httpd=${HTTPD-/usr/sbin/httpd}

status mysqld
status $httpd

If you save this, as /etc/cron.hourly/auto_recovery.sh , then do chmod +x /etc/cron.hourly/auto_recovery.sh , assuming you've not changed the default cron setup, every hour mySQL & httpd will be checked, if they have died the'll be restarted and root will get an e-mail about what happened.

Cool eh !

A final finishing touch: I wanted to change the default "Database Down" error messages on my two most popular applications.

Melvin Rivera has written a tutorial on how to customize the wordpress error page, note that it involves editing a file outside of wp-content, that means you'll have to re-do this "hack" every time you upgrade wordpress.

PHPBB: Setting a custom error page on that is really easy, first create a php page displaying your message. Then at the bottom of /path/to/phpbb-install/includes/db.php you'll see

// Make the database connection.
$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
if(!$db->db_connect_id)
{
message_die(CRITICAL_ERROR, "Could not connect to the database");
}

change it to

 // Make the database connection.
$db = new sql_db($dbhost, $dbuser, $dbpasswd, $dbname, false);
if(!$db->db_connect_id)
{
 include("/path/to/my-custom-error-page.php");
        die();
}

Now if you database dies, for the time it's down (before cron fixes it) wordpress & phpbb sites would get a much prettier error message. Obviously there's no solution for apache as there's nothing to serve the pages, but hopefully this kind of thing doesn't happen to often :D