mobile logo

Linux There are 10 posts in this category

10

As is probably obvious from our blog posts on Yubikey SSH/WordPress two factor authentication and Google Authenticator SSH two factor authentication, we at MNX Solutions are big proponents of multi-factor authentication schemes to add security to infrastructure. On the other side of things, though, we have to be agile system administrators in order to offer customers efficient and timely service when a problem occurs. While we still really enjoy our Yubikeys (especially for WordPress), we've found that the offering from Ann Arbor, MI based Duo Security is the one for us. Numerous Points of Integration Directly related to us, Duo easily integrates …

Read More

A problem that Puppet administrators have likely noticed when deploying its built-in Nagios functionality (called Naginator) is that creating configuration is very easy but 'cleaning' old configuration isn't as straight-forward. If you are like me, you'd delete the affected file(s) that had cruft and let Puppet re-build the service configuration without the old services or hosts. This is both a tedious and terrible practice but out of the box it seems like "the way to do it". Having tired of the problem I was able to find out a proper way to handle the situation. If you add the following block …

Read More

While working on a failed EC2 (ebs backed) instance recently, we were presented with an instance that would not start after reboot or stop/start. tl;dr: Create a snapshot of the existing EBS vol; remount and edit etc/fstab; re-attach and start the instance. The only symptom was in the console log: $ ec2-get-console-output i-nnnnnnnn init: console-setup main process (63) terminated with status 1 %Ginit: plymouth main process (45) killed by SEGV signal init: plymouth-splash main process (194) terminated with status 2 cloud-init running: Sat, 29 Jan 2011 23:33:24 +0000. up 2.65 seconds mountall: Disconnected from Plymouth It turned out this instance was running as a t1.micro instance, which do not …

Read More

A flaw in the popular ProFTPD FTP server potentially allows unauthenticated attackers to compromise a server. The problem is caused by a buffer overflow in the pr_netio_telnet_gets() function for evaluating TELNET IAC sequences. ProFTPD bug report: http://bugs.proftpd.org/show_bug.cgi?id=3521 All MNX Solutions Linux Server Management customers have been patched. Plesk 9.5 and 10 include this vulnerability. ALL CURRENT PLESK VERSIONS ARE VULNERABLE. Updating to ProFTPD version 1.3.3c or disabling FTP services is the only solution to this vulnerability. ProFTPD is capable of processing TELNET IAC sequences on port 21; the sequences enable or disable certain options not supported by the Telnet or FTP protocol itself. The …

Read More

Every week at MNX solutions we handle issues from server security and patch management to system recovery and performance tuning. In this blog series, we will review a number of firewall best practices that you can implement today on your server infrastructure. First things first, do you utilize a firewall on your server? If your answer is "no" or you are not sure, this should be one of your top priorities. You have two major choices for a firewall: hardware or software. A quick note on hardware vs. software firewalls Hardware firewalls can protect every machine on a local network (on the inside or DMZ …

Read More

bash_history date

0 Comments

Bash_history date Ever try to determine what caused the latest outage by trying to determined when a command was last executed? Look in your .bash_history (if you are running a bash shell), and you will see your recently executed commands. However, it is generally impossible to tell when the command was executed. Part of our job includes figuring out how a problem occurred, and then implementing solutions to prevent this problem from happening again. By using HISTTIMEFORMAT with bash, we can enable timestamps in the history command, allowing for much better auditing and correlation of problems. Below is example output of …

Read More

Interesting bug encountered today after a fresh install of RHEL5 from 5.3 media. When attempting to run the command, 'yum'.  The following error was presented: # yum Traceback (most recent call last): File "/usr/bin/yum", line 4, in ? import yum File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 30, in ? import logging ValueError: bad marshal data To correct this issue, I first needed to determine if the problem was with yum, or something else.  So I created a simple python script: #!/usr/bin/python import logging Actually, really simple. This helped me isolate the issue. When running this program I was presented with the same error …

Read More

We encounter many scenarios where using the latest version of PHP is required. No great way, aside from downloading the PHP5 source and compiling, is available. That is, until you discover then IUS Community Project. What is the IUS Community Project? The IUS Community Project is an effort to package rpms of the latest stable versions of the most commonly requested software on Red Hat Enterprise Linux and CentOS.   IUS provides a better way to upgrade PHP/MySQL/Python/Etc on RHEL or CentOS.  The project is run by professional Linux Engineers that are primarily focused on RPM Development in the web hosting industry. What …

Read More

Just a quick note about upgrading the operating system, or migrating your Urchin 5 installation from RedHat 3 -> RedHat 5 (or CentOS5). You think you've done everything properly, and you probably did.  But you are getting some DNS resolution error messages like: Geo-Update 5.7.02 (redhat_ent3) starting: 20091214 12:44:13 ------------------------------------------------------ Local Domain Database Version: 1203444941 Retrieving Domain Database Updates ERROR: (7066-211-368) Domain DB update failed DETAIL: (6) Couldn't resolve host 'download.urchin.com' ------------------------------------------------------ Geo-Update 5.7.02 (redhat_ent3) finishing: 20091214 12:44:14 The solution is quite simple, but took a bit of digging to find: # yum install nscd # service nscd start # chkconfig nscd on # ln -s /var/run/nscd/socket /var/run/.nscd_socket

Read More

To install IonCube loading in cPanel, run the following as root: # /scripts/phpextensionmgr install IonCubeLoader You can then check if ionCube was installed by running: # php -v PHP 5.2.9 (cli) (built: May  21 2009 11:27:40) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies You should see a line that contains, "with the ionCube PHP Loader". Contact MNX Solutions today if you need assistance with any Linux or UNIX based issue, or …

Read More
PAGE 1 OF 3