Linux

FAQs/HOW-TO's related to Linux and/or BSD server administration.

How to set max_open_files in MariaDB / MySQL in CentOS 7

Set the system wide open file limit:

vi /etc/security/limits.conf

Change/Add the following:

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 10240
* hard nproc 10240

Now do this for /etc/sysctl

vi /etc/sysctl

Add the following

fs.file-max = 1024000

Set the changes

sysctl -w fs.file-max=1024000
sysctl -p
# check changes
cat /proc/sys/fs/file-max

Set the mysqld.service limit (as settings here will override *.cnf ones)

Set both /etc/systemd/system.conf and /etc/systemd/user.conf

vi /etc/systemd/system.conf
vi /etc/systemd/user.conf

Add the following under [Manager] for both:

Tags: Linux mysql mariadb

How to install HTTP/2 on DirectAdmin

Install OpenSSL with ALPN support

cd /usr/local/src/
wget ftp://ftp.openssl.org/source/openssl-1.0.2j.tar.gz
tar xzf openssl-1.0.2j.tar.gz
cd openssl-1.0.2j
./config --prefix=/usr/local/lib_http2 no-ssl2 no-ssl3 zlib-dynamic -fPIC
make depend
make install

Install nghttp2 - HTTP/2 Library

cd /usr/local/directadmin/custombuild
./build update
./build nghttp2

​Install HTTP/2 for Apache 2.x

cd /usr/local/directadmin/custombuild
mkdir -p custom/ap2
cp -p configure/ap2/configure.apache custom/ap2/configure.apache
vi custom/ap2/configure.apache

### REPLACE "--with-ssl=/usr" \
### WITH:

        "--enable-http2" \
        "--enable-ssl-staticlib-deps" \
        "--with-ssl=/usr/local/lib_http2" \


### Rebuild apache

./build apache

### Add HTTP/2 settings to httpd-includes.conf
Tags: DirectAdmin Linux http2 http/2

How to install OPCache using DirectAdmin custombuild

If you used custombuild to install opcache, then you will need to set the opcache settings there.

cd /usr/local/directadmin/custombuild
 vi options.conf

Change opcache=no to opcache=yes

opcache=yes

Set your opache settings here:

vi custom/opcache/opcache.ini

Here are my settings (This is for a fast server, with 128GB RAM):

Tags: Linux DirectAdmin custombuild opcache

Enable WHM SSH safemode if you lock yourself out

If you locked yourself out of SSH in WHM/Cpanel for whatever reason--e.g. you specified an invalid AllowUsers in /etc/ssh/sshd_config--you can reload SSH service in safemode, by pasting this into your browser's address bar:

https://YOURSERVER:2087/scripts2/doautofixer?autofix=safesshrestart

Then login with your root credentials, and sshd will be restarted in safemode, allowing you to login and fix your /etc/ssh/sshd_config.

Once done, restart ssh:

service sshd restart
Tags: Linux ssh

How to move an account from DirectAdmin to WHM/cPanel

If you tried using WHM's Transfer Tool on very large sites, you've probably got a timeout error.

To fix this, we'll need to do this through SSH (via root) what the Transfer Tools wasn't able to do itself.

STEP 1.

The Transfer Tool will create a /scripts directory--with all required scripts--at the base of your server, which we will use to create WHM/cPanel compatible backups.

The name of the script will look like the following: /scripts/pkgacct.YOUR_CPANEL_SERVER_NAME

Type the following to get the exact name:

ls -la /scripts/

STEP 2.
Next, go into your /home directory to get a listing of the account names.

Tags: Server Linux cpanel DirectAdmin transfer

How to diagnose slow mysql performance

If you're experiencing slow mysql performance--top showing mysqld high cpu usage. This command will help you track down what's going on at that specific time.

mysql -e "show processlist"

Of course you should also check your log files:

/var/lib/mysql/mysql-slow.log
/var/lib/mysql/mysql-error.log

You'll also want to optimize your /etc/my.cnf: For a pretty good quick start, you can use this tool, Percona Configuration Wizard for MySQL

Tags: mysql Server Linux

How to install drush on Godaddy cPanel hosting

If you're using godaddy cpanel hosting, you have 2 options of installing drush

1. drush version from drupal (which is NOT being updated anymore--unlike the latest github version).

or 2. (Preferred) Install the latest github version:

Go here to view instructions on how to install the latest version of drush from github.

cd ~
wget http://ftp.drupal.org/files/projects/drush-7.x-5.9.tar.gz
tar xvf drush-7.x-5.9.tar.gz 

Now we add the drush paths to our .bash_profile.

vi .bash_profile 

Paste the following in toward the top:

Tags: cpanel godaddy drush Linux

How to install and use Malware Linux Detect (Maldet)

How to install Maldet

cd /usr/local/src/
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh or sudo sh ./install.sh 

Now enable email_alert and add your email address to email_addr /usr/local/maldetect/conf.maldet

vi /usr/local/maldetect/conf.maldet 
#change to the following:
email_alert=1
email_addr="[email protected]"

How to update maldet

maldet --update-ver
maldet --update

How to manually scan with maldet:

maldet -a /home

Or:

maldet /home?/?/domains/?/public_html

Or in background:

Tags: maldet Linux malware

Enable DKIM and have Exim SMTP banner use the accounts dedicated IP in DirectAdmin for PHP mail

Enable DKIM and change the PHP mail SMTP Sender banner

To Change the "Sender" info we have to do the following:

cd /usr/local/directadmin/data/templates/custom/
cp /usr/local/directadmin/data/templates/virtual_host2.conf /usr/local/directadmin/data/templates/custom/
cp /usr/local/directadmin/data/templates/virtual_host2_secure.conf /usr/local/directadmin/data/templates/custom/
sed -i 's/`USER`@`DOMAIN`/no-reply@`DOMAIN`/g' ./virtual_host2*.conf
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
/usr/local/directadmin/dataskq d
Tags: Linux exim DirectAdmin DKIM spam SMTP PHP mail email

Optimized Apache 2.4 httpd.conf

Here is my optimized Apache 2.4.x httpd.conf:

Credits: gregrickaby/The-Perfect-Apache-Configuration: https://github.com/gregrickaby/The-Perfect-Apache-Configuration

NOTICE: Adjusted the <ifmodule filter_module=""> portion, to be compatible with Apache 2.4.

Before:

FilterProvider  COMPRESS  DEFLATE resp=Content-Type $text/html

After:

Tags: apache Linux apache 2.4 admin

DirectAdmin blacklisted and whitelisted IP

Recently my IP address was blacklisted by directadmin on my own server.  Here's a how-to that may save you time, in case you're unable to login to DirectAdmin.

Start DirectAdmin in debug mode

cd /usr/local/directadmin
killall -9 directadmin
./directadmin b2000

Now try to log into directadmin. You should see the reason why you are unable to. For me it was "Blocking blacklisted IP xxx.xx.xxx.xxx"

Tags: DirectAdmin Linux Administration

How to install GraphicsMagick with GMagick PHP extension

Let's install GraphicsMagick!

cd /usr/local/src
wget ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/GraphicsMagick-LATEST.tar.gz
tar xvfz GraphicsMagick-LATEST
cd GraphicsMagick-*
./configure --enable-shared
make
make install

Let's test it.

gm version 

If you get this error:

gm: error while loading shared libraries: libGraphicsMagick.so.3: cannot open shared object file: No such file or directory

 Do this to fix:

echo "/usr/local/lib" >> /etc/ld.so.conf
ldconfig

Ok... Let's install GMagick PHP extension

Tags: Linux admin GraphicsMagick imagemagick

How to install a new drive in Linux larger than 2TB with proper alignment

Let's assume that we already have a primary physical drive in our system (HDD or SDD), and have added a second drive to our box, which we need to partition and mount automatically on boot.

Here's how to that:

Let's see what physical drives we have installed in our server:

ls /dev/sd*

Since this is our 2nd drive, you should see /dev/sdb.

Example:

/dev/sda  /dev/sda1  /dev/sda2  /dev/sda3  /dev/sdb

Let see the currently mounted drives and partition layout:

lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL

Here's a full list of all available lsblk options:

Tags: Linux HDD ssd admin fdisk parted performance

How to fix Linux error "read-only file system"

Recently our /etc/fstab got screwed up preventing us from SSH-ing into the server after a reboot. So we were given KVM access to our server.

Once seting up Java to allow unsigned certificates--hint: under the Java Control Panel click the "Security" tab, and slide the "security level" to the bottom "Medium" . We were then greated with a message:

'give root password for maintenance or press ctrl+d to continue"

Come to find out CTRL-C and CTRL-V doesn't work, you have to type the pass by hand--this was very tedious since my root pass is extremely complex.

So once in I soon realized that the system was mounted as "read-only"; meaning that you couldn't make any changes to it; or in other words, completely useless at this state.

Tags: Linux admin fstab java KVM

New Linux Server Checklist (2017 Edition)

These are some of the basic things I do when I setup a new server

Get the latest directadmin.conf values

With each version of DirectAdmin, new configuration values are introduced that you may not know about. To see ALL these values do the following:

/usr/local/directadmin/directadmin c | sort -n

You can essentially copy/paste the entire results into your /usr/local/directadmin/conf/directadmin.conf replacing anything else in there.

Setup DirectAdmin with an SSL certificate

source: http://help.directadmin.com/item.php?id=15

If you don't own a certificate, you can create your own with letsencrypt.com:

Tags: how-to Linux Server checklist best-practice

Deny recursive DNS lookups in named (in newer or older versions of BIND)

For security reasons, it's recommended to disable recursive DNS lookups. Here is how:

Find out your named version

named -v

If your BIND version is at least 9.x then insert the following, between options { }:

        // Deny recursive lookups
        allow-query     { any; };
        allow-transfer  { none; };
        allow-recursion { localhost; };
        recursion yes;

So it looks like something like this:

Tags: named bind Linux admin

How to install CSF (ConfigServer Security & Firewall) with DirectAdmin or WHM

Block IPs with Brute Force Monitor in DirectAdmin using CSF

Source: https://help.poralix.com/articles/how-to-block-ips-with-csf-directadmin-bfm

Regular install of CSF

cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
./install.directadmin.sh

Now login as Admin into directadmin or WHM, and click the link ConfigServer Security & Firewall

You'll probably want to add your WAN IP here--you can find out what it is here: http://www.ip-secrets.com/

Then add your WAN IP into Quick Allow column.

Tags: CSF firewall security Linux Server admin DirectAdmin

DirectAdmin how to set an external email server for Domain Pointers

If you ever created domain pointers in DirectAdmin, you may have wondered how to set the domain pointer NOT to process email locally.

For instance say you have PRIMARYDOMAIN.com as the main domain under your DirectAdmin account--and it is set NOT to process emails locally, but rather have an external email server handle that; Under MX Records you un-checked "Use this server to handle my emails. If not, change the MX record and uncheck this option". So now you decided to create a "domain pointer" under that same account for another domain SECONDARYDOMAIN.com ... You set the proper MX records for this domain pointer under DNS settings, pointing to the external mail server, and think you're all good to go...

Tags: exim DirectAdmin Linux Administration

How to prevent accidentally doing "rm -rf /" | How to Install safe-rm

As a server administrator, I rely mostly on root or sudo access--allowing me absolute control of the server. However, "with great power, comes great responsibility!"

You can easily accidentally do this devastatingly bad command of wiping your entire system clean.

rm -rf /
# or
rm -rf /*

Which looks almost identical to the popular command

rm -rf ./
# or
rm -rf ./*

There was a recent prank on 4chan /b/ forum that, in short, instructed users to execute the above command in order to "unlock Apple OS X bitcoin mining". 

Tags: Linux rm safe-rm Administration

How to upgrade coreutils to latest version (from source)

Say you're on CentOS 5.x, and want to pimp out your bash prompt using the pretty awesome Solarized color scheme. Well, there's a nice .bashrc Solarized setup here: https://github.com/seebi/dircolors-solarized. To use all the features of dircolors.256dark version, you'll need GNU coreutils 8.5 or higher, otherwise you'll get errors like this:

Tags: Linux coreutils centos Administration DirectAdmin

How to install Composer and Drush LOCALLY and GLOBALLY

Drush 9.x Install Composer to your LOCAL user directory

cd ~
mkdir .composer
curl -sS https://getcomposer.org/installer | php
mv composer.phar ~/bin/composer
chmod +x ~/bin/composer
echo "PATH=$PATH:~/.composer/vendor/bin" >> ~/.bash_profile
. ~/.bash_profile

Install latest version of Drush locally

Get the latest (or whatever) version here:

https://github.com/drush-ops/drush/releases

cd /LOCATION/OF/DRUPAL
composer require drush/drush

And we done...

Tags: Drupal Administration Linux drush composer

Enable Zend OPcache for PHP 5.5 or Install ZendOpcache for PHP 5.3 or PHP 5.4

Zend Opcache is part of PHP 5.5, however, it's not enabled by default. It's a successor to APC cache--meaning APC cache is never going to be compatible with PHP 5.5 or higher

Opcache is also around 10% faster than APC, and more stable.

However, if you're on PHP 5.3 or PHP 5.4, you can still use ZendOpCache, and it should still be a bit faster than APC

Enable OpCache (part of with PHP 5.5)

vi /usr/local/lib/php.ini

Paste this under your extension_dir

Tags: Linux cache APC opcache

wget download all files from a directory with resume

Here is how you download all files from a directory using wget with automatic resume of partially downloaded files (in case your connection gets cut off)

wget -r -c --no-parent http://www.whateveraddress.com/downloads

Keep in mind this will only download files that it can read from that location.  If you need to wget a bunch of files from a directory you have SSH or FTP access to you first have to do the following inside that directory:

vi .htaccess

and paste in the following and save.

Options +Indexes

Now that directory should show all the files in it via a browser.

Tags: Linux admin

How to create a larger /tmp location using ext2 filesystem

Increasing the size of /tmp is not a practical thing to do on a busy server, mainly because you probably won't be able to dismount /tmp because it's constantly used by various services--trying to find and kill them all is too tedius. (Plus you won't be able to do single user mode through SSH)

So what we will do here is create a whole new /tmp storage location, make a backup of the old /tmp, add the new location to fstab, reboot the server, copy everything from the backup /tmpBKP location to new location, and lastly reboot the server again.

Tags: Linux linux server admin

How to permanently raise ulimit 'open files' and MySQL 'open_files_limit'

The default ulimit (maximum) open files limit is: 1024--Which is very low, especially for a web server environment hosting multiple heavy database driven sites.

This ulimit 'open files' setting is also used by MySQL. MySQL automatically sets its open_files_limit to whatever the system's ulimit is set to--at default will be 1024.

NOTE: MySQL can NOT set it's open_files_limit to anything higher than what is specified under ulimit 'open files'--you can set it lower, but not above the 'open files' limit.

Anyhow...

This is how we raise the ulimit

To check the limits:


ulimit -a

You will see something like:

Tags: Linux admin mysql

How to optimize and auto repair all MySQL databases using SSH

Here's a simple command to optimize and auto repair all tables in your MySQL database.


mysqlcheck -uroot -p --auto-repair --optimize --all-databases

This is the same thing as using PHPMyAdmin, however, you don't need to do this one by one for each database, select all tables, and optimize--and not to mention if you wanted to repair a database prior to optimizing, it will take 2x as long.

Tags: mysql Server Linux database

How to move MySQL database -- the simple way

There are plenty of articles about how to move mysql to another directory or partition by telling you to mess with the my.cnf by changing all the references of datadir and socket to the new location.

Example:


[mysqld]
datadir=/new/location
socket=/new/location/mysql.sock

Don't do this... Not only will it waste your time, but likely won't work for half the server setups. Reason being there are other factors at play when you're changing things, it's not only the my.cnf that you have to worry about. For example, if you're using Ubuntu, you may be using AppArmor and you'll also have to specify the new directory in /etc/apparmor.d/usr.sbin.mysqld

Tags: mysql Server Linux database

How to set date and time automatically in CentOS

tzselect

Answer the 3 locations questions. Then create a symlink to your local time.

rm -rf /etc/localtime
ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime

The symlink will be according to your time zone--above is just an example.

Now, we check the date and time

date

Time and date should now be properly set.

Tags: Linux date time

How to install XCache 3.0 from source

Alright... So APC has been pretty unstable for me on 2 separate servers running PHP 5.3.x and PHP 5.4.x. So I figured I'd give XCache a try after reading about similar problems with APC.

Anyhow...

Here's how to install XCache 3.X from source on CentOS

Get the latest version of XCache from here: http://xcache.lighttpd.net/#Downloads

Latest version at the time of this writing is XCache 3.0.1


cd /usr/local/src
wget http://xcache.lighttpd.net/pub/Releases/3.0.3/xcache-3.0.3.tar.gz
tar xvfz xcache-3.0.3.tar.gz
cd xcache-3.0.3
phpize
./configure --enable-xcache
make
make install

Note the installation path. Example here are my paths:

Tags: XCache APC Linux Server how-to