Posts Tagged server

Easy Linux Firewalling using IPTables

Posted by on Sunday, 21 March, 2010

A lot of our customers have asked for firewalls, and since this is a common theme, i decided that I would help them out. Of course it can be a mission to learn how to make your own and what to do or not do, and some of the pre-made ones can be confusing.

So i decided to simplify it a little for you all by writing a firewall script. I originally took a script made by somebody else, then totally modified it to suit myself, then modified it again to suit any machine. You *should* be able to literally drop this in place on any server and have it *just work*.

All you need to do is edit the top couple of lines to set what ports you want open or closed. edit the other options (ie ssh port etc). Full instructions as follows

wget http://b.ri.mu/files/firewall
nano firewall # ctrl+x to exit when finished editing
chmod +x firewall
./firewall

If you are still able to connect to your VPS in all the usual ways then you can add that into your init scripts. To check what ports you have open and want the outside world to connect to you can use

netstat -pant |grep LISTEN

If you are unable to login then you may need to log into the console of your VPS at https://rimuhosting.com/cp/vps/console.jsp

Adding it into the init scripts

cp firewall /etc/init.d/firewall

Debian Based (debian.ubuntu etc)

update-rc.d firewall defaults

Centos/RPM based

chkconfig --add firewall

wordpress & wordpress MU mass upgrade script 2.9.2

Posted by on Sunday, 21 March, 2010

Okay, I have rolled the usual ‘upgrade all instances of wordpress’ script.

In this version i finally got around to checking the permissions prior to updating and changing the ownership of them back to that owner afterwards. This was breaking things and could be rather annoying before if you had more than 5  sites to fix permissions on.

Also, I did a database check to make sure your schema is the latest version, if not it will display the upgrade.php link which will do it for you (before it just showed that regardless)

Let me know if you have any bugs at all, or any problems.

Here’s your script to upgrade them all.

wget http://b.ri.mu/files/wordpress-upgrade-2.9.2.sh ; sh wordpress-upgrade-2.9.2.sh

Because the wordpress mu previous version has one less number (it shows up as 2.8.5 rather than 2.9.1.1 ) you may notice that it says
You have version 2.8.5’; located at /path/etc

Just ignore it, its not going to matter. so long as the version isn’t current. it needs to be upgraded :)


Linux Backups for Servers and Desktops

Posted by on Thursday, 18 June, 2009

Everyone wants to back up right? Well you will once you have totally lost the last years worth of work on a website and somebody breaks things severely!

Heres a quick and nasty backup HOWTO.

Database Dumps

mysqldump -u root -p mydatabase > mydatabase.sql

This dumps a database into a file, you can modify this to dump it offsite using ssh with this command.

su postgres -c "pg_dumpall" > pgdatabase.psql

If you use postgres you can change this to something like this

mysqldump -u root -p mydatabase > mydatabase.sql | ssh username@backup.comain.com “dd of=mydatabase.sql”

If you want to dump the entire database you can use

mysqldump -A -u root -p >entiredatabase.sql

This may take some time. To put this in a shell script and dump multiple copies and keep track of things you can use something similar to this

date=`date +%m-%h-%Y`

mysqldump -A -u root -p >${date}-fulldatabase.sql

This will expand to dump it into something like

06-Jun-2009-fulldatabase.sql

File Backup

FTP

To run a regular interactive FTP session:

lftp -u 'username,password' backup.yourdomain.com

To backup one or more files:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true; mput /local/dir/files* /remotedir; exit"

You need to set ftp:ssl-protect-data else you will not be able to store the file.  If you want to make this a default option, add it to the lftp.conf file.  e.g. :

grep -qai "set ftp:ssl-protect-data true" /etc/lftp.conf || echo "set ftp:ssl-protect-data true" >> /etc/lftp.conf

To restore a file from the FTP server to your Machine:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mget /remotedir/files* -O /localdir; exit".

The -O option is not required it you wish to store to the current local directory.

To mirror a whole directory to the FTP server:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname; exit".

--reverse means that the ‘mirroring’ is going in the reverse direction than ‘normal’.  i.e. from your server to the backup server.  If you run man lftp there are a few other options to choose from.  e.g. --delete to delete files on the backup server that do not exist locally. Or --continue to continue a mirror job.  Or --exclude files to exclude certain files from the transfer.

To restore a whole directory from the FTP server to your machine:

lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror remotedirname /local/dir/name;exit"

To create a nightly cronjob that uploads a directory to the backup FTP server, create a /etc/crond.daily/ftpbackup file like this:


#!/bin/bash
lftp -u 'username,password' backup.yourdomain.com -e "set ftp:ssl-protect-data true;mirror --reverse /local/dir/name remotedirname;exit" > /dev/null

Run

chmod +x /etc/cron.daily/ftpbackup.

Then check the files have been mirrored as you expect the next day.

Rsync

Rsync is a better option in some ways as it checks the MD5 of files and updates them if they are out of date, rather than re-copying the entire lot.  Short but easy shell script to copy things over

#!/bin/bash
EXCLUDE=” –exclude *.tmp \
–exclude *.temp”
USER=username
HOST=backup.domain.com
BACKUPPATH=/backups

rsync –archive -vv –rsh=ssh $EXCLUDE $USER@$HOST:/etc/ $BACKUPPATH/$HOST/etc

Rdiff-backup

This is better again than rsync as it does versioning control and only backs up the difference in files.

To backup files

rdiff-backup /some/local-dir hostname.net::/whatever/remote-dir

To restore

rdiff-backup --restore-as-of now host.net::/remote-dir/file local-dir/file
rdiff-backup -r now host.net::/remote-dir/file local-dir/file

The -r command is the same as –restore-as-of

The main advantage of rdiff-backup is that it keeps version history. This command restores host.net::/remote-dir/file as it was 10 days ago into a new location /tmp/file.

rdiff-backup -r 10D host.net::/remote-dir/file /tmp/file

Other acceptable time strings include 5m4s (5 minutes and 4 seconds) and 2002-03-05 (March 5th, 2002). For more information, see the TIME FORMATS section of the manual page.

More examples can be found at http://www.nongnu.org/rdiff-backup/examples.html

This tutorial was compiled from several others, and props go out to http://rimuhosting.com and http://www.howtoforge.com