Red Hat, Fedora openssh security compromise
Many of you may have already read the news, but for those of you that have not here is a recap. But first, let me state that we have tested all of our customer’s servers, and none have been compromised.
An email was sent to the fedora-announce mailing list, it started with, “Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline.”
Network Solutions down, Under Attack [resolved]
Many of our customers have servers located with Softlayer. According to this thread (softlayer account required):
“There’s an ongoing attack directed to Network Solutions from a number of providers. Currently the attacker is spoofing the source addresses making it quite difficult to track down. As such Network Solutions requested that we [Softlayer] block all outbound traffic to their netblock until further notice. They have also blocked all of our IP space inbound to their network at their provider’s edge.”
Extracting files from rpm and deb packages
We ran into an issue where an init script was missing and we needed to restore the file. The backup (of course) did not include the file we needed. We had to download the package, extract the contents, and move the init script back into place. Below are the commands used:
DEB:
$ dpkg-deb -x <package.deb> /restore/dir
RPM:
$ rpm2cpio <package.rpm> | cpio -idv
IXOS HDSK Migration
MNX Solutions works on many UNIX based systems, one of which is IXOS (now called OpenText).
We needed to migrate from WORM (9.1GB) media to a hard disk based configuration for performance, scalability and disaster recovery purposes. Below is the high level procedure I used during the migration to migrate from WORM to HDSK, on IXOS EconServer 5.5C..
Zimbra – Pop before smtp authentication howto
We had a client with 3000+ named users, and each of them were configured without authentication for smtp relaying, the qmail/vpopmail system they were migrating from had “pop before smtp” authentication. Well, we wanted to have as little disruption as possible for the migration so we needed to enable this same feature in Zimbra.
It is still planned to cutover the clients to SMTP Authentication, but this allows for a somewhat smoother transition.
Retrieve Ensim MySQL root password
You can display the current root password for mysql (if the host is running ensim), by using the following command.
# ensim-python -c "import sys;sys.path.append(\"/usr/lib/opcenter/mysql\");import mysqlbe;print mysqlbe.read_mysqlpass()"
cPanel / Fantastico Deluxe install doesn't do anything.
We ran into an issue when installing Fantastico. After clicking the installation button, everything seemed to download just fine, but every time you go back to the Fantastico link it says it is not installed.
It turns out, Fantastico uses wget to download files. wget is called with the ‘-P’ option, which is not honored in the recent version of wget. In order to get around this, I found the following post useful: http://www.netenberg.com/forum/index.php?topic=5430.0
Netdump, figuring out what caused that system crash
We have all been there before. Your server crashed, nothing indicates what happened. You check /var/log/messages and all you see is.. well.. nothing. With no sign of what happened, or indication of why it happened you are left to.. wait until it happens again.
On Red Hat based systems, you have an answer. NetDump (diskdump may work as well, more on that another time). Below we will explore the steps required to setup and test netdump.
Dedicated Linux Server Checklist for the New Year.
If you have a dedicated Linux server, this list is for you. Below are a few items you need to do, to ensure your 2008 will be a bit brighter. This list is by no means comprehensive, but hopefully gets you started in the right direction this year.
- Check your backups and perform a full system backup (or setup a backup routine! Now!).
If you have backups configured, validate they are actually being run. Check the last date / time of the backups to ensure they are running as expected. If possible, test the restore process.
Perform a full system backup and copy this backup offsite, to a provider like rsync.net
Restoring Plesk, new drive, old disk still available on same system.
Here was the scenario I faced. RHEL4 machine will not boot (according to data center), receives various library not found errors on bootup (Later, I found these errors were from an intruder who tried to install a rootkit, and it didn’t go so well. Most of /bin was corrupt).
The data center recommends that the operating system be reloaded onto a separate disk, which will become the primary, and then mount the old disk as a different mount point for reference / restore. The data center reloaded the operating system, and the customer then found our services online and asked for assistance.