How to: Full Hard-drive backup using the tar command

It's a good idea to do a full backup of the hard-drive after the initial installation as well as when you finally get your server set up the way you want. Having a snapshot of your system right after the initial installation gives you something to revert back to should you want to reconfigure your server without starting from scratch. Linux has many backup utilities but the old standard is still the favorite of admins because of the flexibility offered by its myriad of options.


tar commands can become quite complex. It's easier to enter the command in a text file and make it a shell script. We also need to create a directory to hold the backup file. We'll use a separate directory so we can exclude that directory from the backup (we don't want tar trying to backup a file it's in the process of creating). Enter the following commands:

cd /home
mkdir backups
cd backups

First 5 Minutes Troubleshooting A Server

The cause of the issues are rarely obvious: here are a few things you should do to get started with:

Get some context

Don’t rush on the servers just yet, you need to figure out how much is already known about the server and the specifics of the issues. You don’t want to waste your time (trouble) shooting in the dark.

A “must have”:

• What exactly are the symptoms of the issue? Unresponsiveness? Errors?
• When did the problem start being noticed?
• Is it reproducible?
• Any pattern (e.g. happens every hour)?
• What were the latest changes on the platform (code, servers, stack)?
• Does it affect a specific user segment (logged in, logged out, geographically located…)?
• Is there any documentation for the architecture (physical and logical)?
• Is there a monitoring platform? Munin, Zabbix, Nagios, New Relic… Anything will do.
• Any (centralized) logs?. Loggly, Airbrake, Graylog…
• The last two ones are the most convenient sources of information, but don’t expect too much: they’re also the ones usually painfully absent. Tough luck, make a note to get this corrected and move on.

How to: Install Softaculous in DirectAdmin

The following guide will show you how to install Softaculous on DirectAdmin.

Requirements

1. A server with Direct Admin.
2. If you have a firewall, then please allow access to all packages from *.softaculous.com

Note : Please allow access to the following domains to your firewall as these are the mirrors used to download the script packages.

api.softaculous.com (IP : 216.18.221.243)
s1.softaculous.com (IP : 108.61.84.171)
s2.softaculous.com (IP : 23.29.77.179)
s3.softaculous.com (IP : 142.4.49.46)
s4.softaculous.com (IP : 188.138.10.177)

How to: Install Softaculous in cPanel

Requirements

• A server with cPanel
• If you have a firewall, then please allow access to download all packages from *.softaculous.com

Note : Please allow access to the following domains to your firewall as these are the mirrors used to download the script packages.

• api.softaculous.com (IP : 216.18.221.243)
• s1.softaculous.com (IP : 108.61.84.171)
• s2.softaculous.com (IP : 23.29.77.179)
• s3.softaculous.com (IP : 142.4.49.46)
• s4.softaculous.com (IP : 188.138.10.177)

How to: WHM Initial Setup

Access WHM

To access the WHM interface:
Type https://IP:2087 in your preferred web browser.
IP is meant to stand for the IP address of your web server.
Use root as the login name in the Username field.
Enter the root password into the Password field.
Click Login.

Initial Setup

When you log into WHM for the first time, you will see an Initial Setup screen. This feature will help you configure your server in 6 steps.

How to: Install cPanel / WHM

Obtain a cPanel / WHM license

If you do not already own a license for cPanel & WHM, you should obtain one for your IP address before attempting installation. To obtain a cPanel & WHM license, visit the cPanel Store.
 Note: The cPanel Store offers 15-day test licenses at no cost.

Connect to your server remotely via SSH

To connect to your server remotely via SSH, open the command line interface (using a terminal application).
Run the command ssh root@$IP (where $IP represents your target server's IP address).
Enter your server's root password.

How to: Speed up RAID1 resync

Just echo large numbers into both min and max resync speed proc entries:

/proc/sys/dev/raid/speed_limit_max
and
/proc/sys/dev/raid/speed_limit_min

E.g. login as root and do:

 echo 200000 > /proc/sys/dev/raid/speed_limit_max
 echo 200000 > /proc/sys/dev/raid/speed_limit_min

And watch the speed fly up till it maxes out your hardware!

The above will set both speeds to 200MiB/s which ought to be more than your device can do...

Email notification when a drive in software RAID fails

Debian - Ubuntu

Edit /etc/mdadm/mdadm.conf and add the following line:

MAILADDR example@example.com

You can also optionally configure the sending email address:

MAILFROM mdadm@example.com

Important is that "AUTOCHECK" in the file /etc/default/mdadm is set to "true":

# grep AUTOCHECK= /etc/default/mdadm
AUTOCHECK=true

How to: Replace a faulty drive in software RAID

Example scenario

The following configuration is assumed:

# cat /proc/mdstat
Personalities : [raid1]
md3 : active raid1 sda4[0] sdb4[1]
      1822442815 blocks super 1.2 [2/2] [UU]

md2 : active raid1 sda3[0] sdb3[1]
      1073740664 blocks super 1.2 [2/2] [UU]

md1 : active raid1 sda2[0] sdb2[1]
      524276 blocks super 1.2 [2/2] [UU]

md0 : active raid1 sda1[0] sdb1[1]
      33553336 blocks super 1.2 [2/2] [UU]

unused devices: none

There are four partitions in total:

• /dev/md0 as swap
• /dev/md1 as /boot
• /dev/md2 as /
• /dev/md3 as /home

/dev/sdb is the defective drive in this case and it is shown by [U_]. If the defective drive is /dev/sda it is show by [_U]. If the RAID array is intact, it shows [UU].

How to: Install Open Panel

Prerequisites

OpenPanel is designed to be installed on a clean server. Having packages installed is not a problem, but having their configuration modified can be a problem. Especially products like cPanel and DirectAdmin tend to modify configuration files to an extent where they’re no longer usable for other software.

OpenPanel supports the following platforms:

• Debian 5 “Lenny”
• Debian 6 “Squeeze”
• Ubuntu 10.04 “Lucid”
• Ubuntu 10.10 “Maverick”

In theory, OpenPanel can be installed on Ubuntu 11.04 “Natty” or Ubuntu 11.10 “Oneiric”. These platforms are not officially supported, though.

How to: change php settings using php.ini and .htaccess

How to change PHP settings using php.ini and .htaccess files.

In this article we will change the following php settings:

• memory_limit – maximum amount of physical memory that can be allocated to PHP script
• max_post_size – maximum size of data that can be transferred via POST method
• register_globals – this variable allows to enable or disable register_globals
• file_uploads – enables or disables file_uploads

First we will create our custom php.ini file.

How to: Change the default SSH port

By default, SSH runs on port 22.  Running SSH on port 22, though, makes it an easy target for those who might try to brute-force their way into your server and do all sorts of evil things with it.

Removing SSH from Port 22 and making it run on a different, unusual and hard-to-guess port, like, say, 61612 for instance, will increase the security of your server by making it appear to a bot or lazy port-scanner that you don’t have SSH running at all.

Of course, this won’t stop those determined to find the port that your SSH is running on, but it will immediately cut out those hackers who aren’t that invested in your machine in particular, but are looking instead for easy “ins”.

How to: Secure your cPanel / WHM server

1) Use secure passwords!

Insecure passwords are the most common security vulnerability for most servers. If an account password is insecure and is compromised, client sites can be defaced, infected, or used to spread viruses. Having secure passwords is paramount to having a secure server.

You can edit /etc/login.defs to configure many password options on your system. It is well documented.
Generally, a password utilizing at least 8 characters including alphanumeric and grammatical symbols is sufficient.

Never use passwords based upon dictionary words or significant dates. If you are uncertain about the security of a password, then you can test it using JTR cracker. If a password can be broken in a few hours, then it is probably too insecure and should not be used. You can also install tools like pam_passwdqc to check the strength of passwords.

Using vi Editor

Vi is the one of the mostly used editor in Linux via terminal. In most cases where Linux is used as a server operating system, admins use the terminal, where GUI uses more system resources - network bandwidth. Since Vi is used from the terminal, the lack of GUI force the user to learn function keys of the editor. Vi is a powerful and functional application if it is used with the ideas that is built on.

Linux Recursive Search inside files

You can make a search inside files within a a directory using the command "find", to do that:

cd /to_folder

find . -iname '*conf' | xargs grep 'string' -sl

Setting time with NTP in LINUX

NTP (Network Time Protocol) could be used to set time synced with ntp clocks, to do this use the shell command below:

Setting time with NTP:

Directadmin: MySQL root password recovery

DirectAdmin MySQL root password is set within the installation process and written down to setup.txt. If you didn't change this password you can find the default one in the setup.txt, use the command below to see the contents of this file:
less /usr/local/directadmin/scripts/setup.txt

DirectAdmin: How to automatically block IPs

You can block the IPs in DirectAdmin automatically, after a certain number of failed login attempts.

If you have CSF + LFD installed, create a script /usr/local/directadmin/scripts/custom/block_ip.sh:
#!/bin/sh
/etc/csf/csf.pl -td $ip 86400
exit 0

mdadm: common commands

Common mdadm commands I found really great (under Debian).

Generate mdadm.conf

cp /etc/mdadm/mdadm.conf /etc/mdadm/mdadm.conf.save
/usr/share/mdadm/mkconf --generate > /etc/mdadm/mdadm.conf

How To: Back up all MySQL and PostgreSQL databases

Back up all MySQL and PostgreSQL databases with a single line command
The following simply takes the output of mysqlshow, parses it, then passes it to mysqldump.
Files are created in the current directory

for db in ´mysqlshow | cut -d ' ' -f 2 | grep -v '+'´; do mysqldump $db > $db.dmp ; done

Directadmin: Basic System Security

Note that it's ultimately the responsibility of the server admin to ensure his system is secure.  These are some basic security tips that can be done to help protect your system.  This is not an end-all guide for server security, admins must be diligent, but rather some suggestions for a start to securing your server.

Shell script to warn at 90% disk space

df displays the amount of disk space available on the file system containing each file name argument. If no file name is given, the space available on all currently mounted file systems is shown. Read man page of df if you are new to df command.

Steps

=> Find disk space using df

=> Filter out filesystem and find out the percentage of space using grep

=> Write a shell script

Shell Script to notify Admin if System Load is over 10

Shell Script to notify Admin if System Load is over 10

How to Clean Cache in Linux

Open a command shell and type 

echo 1 > /proc/sys/vm/drop_caches 

followed by "Enter" to free the pagecache.

How to block an IP in Linux

I often find that my server is being attacked by other computers. Brute force SSH attacks, viruses scanning for the ability to spread, things like that. I’ll go into the SSH brute force defenses in a later post, but for now I’ll cover how to easily block an IP address.

First, I’ll assume you are already using iptables on Debian.

10 Linux nslookup examples for DNS Lookup

nslookup is a network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or any other specific DNS record. It is also used to troubleshoot DNS related problems.

nslookup can operate on both “Interactive mode” and “Non-Interactive mode”. Interactive mode allows the user to query the DNS-Server about various host, and domains. Non-Interactive mode allows the user to query the information for a host or domain. In this article, all the commands explained are “Non-Interactive mode”.