Posts Tagged ‘Linux’

Users receive a “The page cannot be displayed” error message, and “Connections_refused” entries are logged in the Httperr.log file on a server that is running Windows Server 2003, Exchange 2003, and IIS 6.0

No Comments »

To work around this issue, add the EnableAggressiveMemoryUsage registry entry to the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

Then, set the EnableAggressiveMemoryUsage registry entry to 1.

To do this, follow these steps:

  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type EnableAggressiveMemoryUsage, and then press ENTER.
  5. On the Edit menu, click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. On the File menu, click Exit to exit Registry Editor.
  8. Restart the HTTP service. To do this, follow these steps:
    1. Click Start, click Run, type cmd in the Open box, and then click OK.
    2. At the command prompt, type net stop http /y, and then press ENTER.
    3. At the command prompt, type iisreset /restart, and then press ENTER.

How to Increase Disk Space in VMware

No Comments »

Have you ever encountered out of disk space issues on your wonderful VMs when trying install a critical application? Here are a few easy steps that help you to solve the disk space problems on your VMware workstation VMs Read the rest of this entry »


Playing with exim mail queue

No Comments »

Command to view the queue

To view the exim mail queue issue the following command:

mailq

OR

exim -bp

If exim is in /usr/sbin and /usr/sbin is not in your path, you’ll need to prefix the command with the full path like so:

/usr/sbin/exim -bp

Example output
The outut from the above commands will look something like so:

4d  1.2K 1Ka6u5-00032Z-Eb <from@example.com>
	          to@example.com
	62h  1.2K 1KaRH0-0007QZ-B5 <from@example.com>
	          to@example.com
	3h   22K 1KbLHr-0004ev-An <from@example.com>
	          to@example.com

In the above example “from@example.com” is the email address the email is being sent from and to@example.com is the address being sent to. Normally these would be real email addresses but I’ve changed them for the purposes of this post.

The 4d, 62h and 3h values indicate how long the email message has been in the queue: 4 days, 62 hours and 3 hours respectively.

The x.xK values are the message size.

And the 1Ka6u5-00032Z-Eb etc is the message id and is also the filename of the message on disk, which you will find in /var/spool/exim/msglog and /var/spool/exim/input (the directories may vary depending on your Linux/Unix distribution and/or compiled in settings).

Finding the files with the find command

Using the “find” command you could do this to locate all the relevent files:

find /var/spool/exim -name "1Ka6u5-00032Z-Eb*"

which would display something like this:
view sourceprint?

/var/spool/exim/msglog/1Ka6u5-00032Z-Eb
/var/spool/exim/input/1Ka6u5-00032Z-Eb-D
/var/spool/exim/input/1Ka6u5-00032Z-Eb-H

Command to flush the exim queue
There are two ways to flush the exim mail queue:

runq

or

exim -q

This will then process the mail queue. I had a look at the exim log file and the mail queue itself (I’ll be posting how to view what’s in the exim mail queue on Tuesday) after flushing the queue and the emails were still stuck there.
Additional flags to force mail send

Another quick look at the exim man page and I discovered the following options:

-qf = If one f flag is present, a delivery attempt is forced for each non-frozen message, whereas without f only those non-frozen addresses that have passed their retry times are tried.

-qff = If ff is present, a delivery attempt is forced for every message, whether frozen or not.

So I then ran this:

exim -qff

And the messages that were stuck in the queue were flushed and delivered. My customer reported back to me a few minutes later that their emails had been received.
Path to exim command

Note that the exim command is probably in /usr/sbin and you may need to use the whole path as well as the command to run it. If this is the case then do this:
view sourceprint?

/usr/sbin/exim -q
/usr/sbin/exim -qff
etc

Delete a single message from the exim mail queue

Use mailq / exim -bp to show the mail queue, e.g.:

$ mailq
0m   528 1XoIxD-0001rc-8J

And then run exim -Mrm [message id] to delete the specific message:

exim -Mrm 1XoIxD-0001rc-8J

If the message is successfully deleted, you’ll see this:

Message 1XoIxD-0001rc-8J has been removed

If exim is currently processing the message, you’ll see this and it won’t be deleted:

Message 1XoIxD-0001rc-8J is locked

You either need to wait and try again later, or get the id of the process which is currently processing the message, kill it, and then run the command again (e.g. “ps ax 1XoIxD-0001rc-8J” and then “kill -9 [process id/s]). It’s probably not recommended that you kill the process.
Delete all messages in the exim mail queue

Running “exiqgrep -i” returns all the message ids for queued emails; pipe that through “exim -Mrm” and all the messages will be deleted, with the same caveat as above: if exim is currently processing a message, that one will not be deleted so you need to try again later.

exiqgrep -i | xargs exim -Mrm

And the result, if one could be removed and another one couldn’t:

Message 1XoJ1U-0001sC-ME has been removed
Message 1XoJ1i-0001sQ-UJ is locked

Password encrypted files in Linux

No Comments »

 

I am found of keeping password protected backups and most of the time I lost my super secret password thus unable to open my super important backups 🙂 just kidding.

Like in windows we can simple right click and zip folders/files with passwords in text based terminals of linux I always want the same.

So here is the trick I normally use.

For encrypting a file:

openssl enc -aes-256-cbc -e > out.file

It will ask for password like:

enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

If you want to encrypt a folder with compression (tar.gz)

tar -cz foldername | openssl enc -aes-256-cbc -e > out.tar.gz

Now the important part, decrypting your encrypted files….

openssl enc -aes-256-cbc -d -in out.file > new.file

Monitor Web Site Files With Auditd

No Comments »

 

The Linux Auditing System and auditd are a great way to monitor who and when changes are made to the files in your website. To install and configure follow these steps:

1. Install auditd and related utilities:

yum install audit

2. Make sure auditd is running:

/sbin/chkconfig --list auditd 
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

3. Edit /etc/audit/auditd.conf and change:

action_mail_acct = [your email address]

This sets any action emails to go to your preferred address.
4. Edit /etc/audit/audit.rules and add a line like this to the bottom:

-w [path_to_website] -p wa -k [key]

So if you website is located at:
/var/www/vhosts/mysite.com/httpdocs
Then a command like:

-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite

would setup auditing of write and attribute change requests. Events matching this rule would be tagged with the “mysite” key.

/sbin/service auditd restart

Audit logs go to:

/var/log/audit/audit.log

 


Passive Mode FTP with iptables

No Comments »

There’s lots of advice on the net about how to setup a server with iptables to allow passive mode FTP. Below is the approach that we’ve found to be most effective.

Start by configuring your FTP daemon to use a fixed range of ports. We use 41361 to 65534 which is the IANA registered ephemeral port range. The exact config depends on what FTP software you’re using:

vsftpd

Edit /etc/vsftpd/vsftpd.conf and add the following lines:

pasv_min_port=49152
pasv_max_port=65534

proftpd

Edit /etc/proftpd.conf and add to the Global section:

 
...... 
PassivePorts 49152 65534
......

Now restart your FTP service so the changes take effect.

Next you’ll need to configure the ip_conntrack_ftp iptables module to load. On Redhat/CentOS just edit /etc/sysconfig/iptables-config and add “ip_conntrack_ftp” to the IPTABLES_MODULES like this:

IPTABLES_MODULES="ip_conntrack_ftp"

Next edit /etc/sysconfig/iptables and add a rule to allow TCP port 21.
The new line is marked in red:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now restart the iptables service:

/sbin/service iptables restart

You can verify that the correct port range has been registered with lsmod like this:

lsmod | grep conntrack_ftp

and you’ll get something like this:

nf_conntrack_ftp       12913  0 
nf_conntrack           79645  4 nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state

And that’s all it takes to get passive mode ftp working behind iptables.

P.S: If your server is behind a physical firewall and you are behind NAT, then you’ll probable need to load the “ip_nat_ftp” iptables module.