mobile logo

Posts tagged Linux

Avoid single points of failure. You can and should assume everything will fail. Start by listing all major points of your architecture, then break it down further, and then maybe one more level. Now review each of these points and consider what would happen if any of these failed. You need to include redundancy or failback plans for each of these areas at a minimum: CloudFront Have an alternate solution for cloudfront if you depend on it.-- MaxCDN, Edgecast, Akamai, etc. Elastic Compute Cloud (EC2) Use Mutiple AZs, and Multiple Regions redundantly for your EC2 instances. Be prepared to utilize an alternate cloud provider in the worst …

Read More

In the second part of our series on great tools to help with infrastructure management, we are going to talk about mCollective (Marionette-Collective). This project was recently acquired by Puppet Labs and helps to sensibly manage day-to-day system administrator tasks with an RPC framework. With so many people trying to write complex SSH for-loops to handle tasks that should be treated more elegantly, mCollective can offer what a system administrator has been missing: consistency! Pulling Strings with Ease By using an RPC framework, mCollective stands apart from 'mass-host-execution' programs or scripts. Plugin creation for mCollective is written in Ruby, leveraging base frameworks …

Read More

This blog series will showcase some of the better technologies that we implement for our customers to create a truly scalable, fault-tolerant, easily managed, and well configured infrastructure. A challenge of any system administration team is to not only ensure that applications are working as expected, but deploying them in a way that consistency is kept and nothing is ever in an 'unexpected state'. Our first post will be about Puppet, a configuration management application that will help once again give sanity and continuity to your vital infrastructure. Update: Part 2 is now available. Puppet Configuration Management All too often an employee will …

Read More

A privilege escalation vulnerability exists in Exim, the mail transfer agent used by cPanel & WHM. All MNX Solutions customers have been patched, and are no longer vulnerable to this privilege escalation vulnerability. If you are not an MNX Solutions customer, you should read the following page for details on how to correct the problem: From http://mail.cpanel.net/pipermail/news_cpanel.net/2010-December/000060.html: To resolve and work around the issue, for Linux-based systems cPanel has issued new Exim RPMs. The new version of Exim locks configuration file locations to the /etc/exim prefix as well as disabling use of the -D flag. Server Owners are strongly urged to upgrade to the …

Read More

We encounter many scenarios where using the latest version of PHP is required. No great way, aside from downloading the PHP5 source and compiling, is available. That is, until you discover then IUS Community Project. What is the IUS Community Project? The IUS Community Project is an effort to package rpms of the latest stable versions of the most commonly requested software on Red Hat Enterprise Linux and CentOS.   IUS provides a better way to upgrade PHP/MySQL/Python/Etc on RHEL or CentOS.  The project is run by professional Linux Engineers that are primarily focused on RPM Development in the web hosting industry. What …

Read More

To install IonCube loading in cPanel, run the following as root: # /scripts/phpextensionmgr install IonCubeLoader You can then check if ionCube was installed by running: # php -v PHP 5.2.9 (cli) (built: May  21 2009 11:27:40) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies with eAccelerator v0.9.5.3, Copyright (c) 2004-2006 eAccelerator, by eAccelerator with the ionCube PHP Loader v3.1.34, Copyright (c) 2002-2009, by ionCube Ltd., and with Zend Extension Manager v1.2.2, Copyright (c) 2003-2007, by Zend Technologies You should see a line that contains, "with the ionCube PHP Loader". Contact MNX Solutions today if you need assistance with any Linux or UNIX based issue, or …

Read More

The Center for Internet Security  has a great list of security configuration and audit guidelines. A great resource comprised of 40+ consensus Security Configuration Benchmarks for Operating Systems, Middleware, Software Applications and Network Devices. The Benchmarks are: Recommended technical control rules/values for hardening operating systems, middleware and software applications, and network devices; Unique, because the recommendations are defined via consensus among hundreds of security professionals worldwide; Downloaded approximately 1 million times per year; Distributed freely by CIS in .PDF format (some are available to CIS Members only in XML format via the CIS Members web site); Used by thousands of enterprises as the basis for security configuration …

Read More

When working with CUPS using remote print queues, you may find that the remote printer is not always available, has timed out, ran out of paper, has a paper jam, etc. Sometimes this causes a job to 'not-complete' and when running 'lpstat -o', you see old print jobs. We put together a quick script to auto-purge these jobs.  Hopefully this helps someone in the future. Please let us know if you found this useful, or if you have any suggested changes. #!/usr/bin/python # # Purge print jobs that are not-complete and older than 10 days. # from datetime import date, timedelta, datetime import time import os howmanydaysago=10 today=date.today() daysago=today-timedelta(days=howmanydaysago) epoch_today=time.mktime(today.timetuple()) epoch_daysago=time.mktime(daysago.timetuple()) date_difference=epoch_today-epoch_daysago for line in os.popen('/usr/bin/lpstat …

Read More

We have been working on a project for a customer to upgrade the kernel, PowerPath, OCFS2 and other operating system patches.  The project was interesting as no single source of information existed on the appropriate process. The procedure issue comes in because OCFS2 relies on seeing the disks which PowerPath presents.  PowerPath and OCFS2 are reliant on a particular kernel version to work properly.  With all of the inter-dependencies,  which should be done and in what order was the question. To top it off, this was also running a RHEL cluster and another instance running Oracle RAC. Comment: Why not just use …

Read More

We had a client with 3000+ named users, and each of them were configured without authentication for smtp relaying, the qmail/vpopmail system they were migrating from had "pop before smtp" authentication. Well, we wanted to have as little disruption as possible for the migration so we needed to enable this same feature in Zimbra. It is still planned to cutover the clients to SMTP Authentication, but this allows for a somewhat smoother transition. 1) Download and install Pop-before-smtp - Changes in /etc/pop-before-smtp-conf.pl: $dbfile = '/opt/zimbra/postfix/conf/pop-before-smtp'; $ENV{'PATH'} = '/opt/zimbra/postfix/sbin'; $logtime_pat = '(dddd-dd-dd d+:d+:d+)'; $pat = '[LOGTIME],d+ INFO [Pop3Server-d+\] [name=[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4};oip=(d+.d+.d+.d+);] pop - user [A-Za-z0-9._%- ]+@[A-Za-z0-9.-]+.[A-Za-z]{2,4} authenticated, mechanism=login'; $out_pat …

Read More
PAGE 1 OF 2