Archive for category Tutorials

inode problems and full disks

Posted by on Wednesday, 23 June, 2010

Today i had a person who had an interesting problem. They were getting the message ‘disk is full’ despite having plenty of free space. Luckily for him, my first thought was ‘inodes?’
I logged in and checked his inode usage

root@askdev:# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/xvda1 525312 524844 468 100% /
varrun 65579 27 65552 1% /var/run
varlock 65579 2 65577 1% /var/lock
udev 65579 2696 62883 5% /dev
devshm 65579 1 65578 1% /dev/shm

This shows that all the inodes on the disk itself are full.
I used the following script to determine where the inode usage was most

root@askdev:/# for i in `ls -1A`; do echo “`find $i | sort -u | wc -l` $i”; done | sort -rn | head -5
468388 var
49844 usr
18741 proc
5187 sys
5026 root

I tracked it down to /var/lib/php5/ and all the session files in there.

I used a find to then find any that were older than 10 days

root@askdev:/var/lib/php5# find ./ -type f -mtime +10 | wc -l
111041

High inode usage is usually caused by a massive number of small files. In this case the session files are normally stored somewhere temporary and removed when not in use. Either there could have been a bug in the code not removing them or it was a higher traffic website.

You can delete files older than 10 days if you want with the following command

cd /dir/of/inodes
find ./ -type f -mtime +10 | xargs rm
Category: Tutorials   , , ,
Comments (2)

Apache modules to help your server

Posted by on Friday, 27 November, 2009

libapache2-mod-bw – bandwidth limiting module

This module allows you to limit bandwidth usage on every virtual host or directory or to restrict the number of simultaneous connections.

The bandwidth control, for example, can be configured according to the criteria: origin of the connection, file extension, file size or user agent of the client.
Example:

LoadModule bw_module /usr/lib/apache2/modules/mod_bw.so
BandWidthModule On
BandWidth all 40000
MinBandWidth all 10000
ForceBandWidthModule On

libapache2-mod-defensible – module for Apache2 which provides DNSBL usage

mod_defensible implements usage of DNSBL servers to block access to a Web site or to specific locations.

Example:

DnsblUse On
DnsblServers httpbl.abuse.ch sbl-xbl.spamhaus.org
DnsblNameserver 145.253.2.75

libapache2-mod-evasive – evasive module to minimize HTTP DoS or brute force attacks

mod_evasive is an evasive maneuvers module for Apache to provide some protection in the event of an HTTP DoS or DDoS attack or brute force attack.

It is also designed to be a detection tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera.

Example:

<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 5
DOSSiteCount 100
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 600
</IfModule>

Comes with a perl script to test it also.

vps:/etc/apache2/mods-available# perl /usr/share/doc/libapache2-mod-evasive/examples/test.pl
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 200 OK
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden

libapache2-mod-line-edit – search-and-replace line editor module for apache 2

mod_line_edit is a general-purpose apache 2 filter for text documents. It operates as a simple on-the-fly line editor, applying search-and-replace rules defined in a configuration or .htaccess file. Both simple text and regular expression search and replace are supported.

Example:

SetOutputFilter line-editor
SetEnv LineEdit “text/plain;text/css;text/html”
LELineEnd ANY
LERewriteRule https?://(www\.)?example\.com http://example-development.yoursite.co.nz Ri

Throw something like that into your or somewhere and you instantly fixed all those problem URLS on your development system, without touching the source files at all.
This is ideal to stop/prevent people exploiting various holes in web applications and inserting javascript redirects etc.

Please note: the name of all these modules is debian/ubuntu related. Centos or RedHat based distros may have another name for the same modules. If you need any of these installed just drop an email into the support box and let us know.

Category: Security, Tutorials   , , , ,
Comments (1)

postfixadmin – mysql – errors

Posted by on Thursday, 5 November, 2009

A lot of people use postfixadmin, it means email users are in the database, its easy to use, easy to admin. However the setup can be a little tricky for those not used to it.

If you want to have a go doing it yourself, there is a great tutorial here http://rimuhosting.com/knowledgebase/linux/mail/postfixadmin

Today however we had the most exasperating problem trying to get postfix to connect to the database however on one particular VPS. 2 of us sat for over an hour trying to figure out why all the credentials worked fine, but postfix still couldnt connect.

The logs had the following error messages

Nov 5 01:12:40 hostname postfix/trivial-rewrite[8740]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (40)
Nov 5 01:12:40 hostname postfix/trivial-rewrite[8740]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Nov 5 01:12:40 hostname postfix/trivial-rewrite[8741]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (40)
Nov 5 01:12:40 hostname postfix/trivial-rewrite[8741]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Nov 5 01:12:41 hostname postfix/smtpd[8657]: warning: problem talking to service rewrite: Success
Nov 5 01:12:41 hostname postfix/smtpd[8491]: warning: problem talking to service rewrite: Connection reset by peer
Nov 5 01:12:41 hostname postfix/master[8481]: warning: process /usr/lib/postfix/trivial-rewrite pid 8740 exit status 1
Nov 5 01:12:41 hostname postfix/master[8481]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup — throttling
Nov 5 01:12:41 hostname postfix/smtpd[8685]: warning: problem talking to service rewrite: Success
Nov 5 01:12:41 hostname postfix/master[8481]: warning: process /usr/lib/postfix/trivial-rewrite pid 8741 exit status 1

So clearly it was a case of not being able to connect to the MySQL server, but why? the user was fine, the host was fine, everything was checked, and rechecked. Finally I saw an email which touched on postfix being in a chroot, which meant it was unable to access the mysql.sock file (i had already checked permissions on this multiple times by now).

To make a long story short, this is a Debian based box, and the fix is to change the mysql socket to a place that the mail could access it.

/etc/init.d/mysql stop
cd /etc/mysql
mkdir backup # always
cp *.cnf backup/ # backup everything
sed -i s@/var/run/mysqld/@/var/spool/postfix/var/run/mysqld/@g my.cnf # this edits the file inline
sed -i s@/var/run/mysqld/@/var/spool/postfix/var/run/mysqld/@g debian.cnf #changing the socket location
mkdir /var/spool/postfix/var/run/mysqld/
chown mysql /var/spool/postfix/var/run/mysqld/
/etc/init.d/mysql start

This changed the mysql sock into a directory so that they postfix was able to access it, enabling all mail to run freely.

Category: Tutorials   , , , ,
Comments (2)