Yum Update Error

Error:
===
[root@host ~]# yum update
Loading “installonlyn” plugin
Setting up Update Process
Setting up repositories
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=5&arch=i386&repo=os error was
[Errno 4] IOError:
Error: Cannot find a valid baseurl for repo: base

Fix:
===
This error is due to the disabled recursion queries in /etc/named.conf file. \

From:
====
options {
directory “/var/named”;
recursion no;
};

To:
====
options {
directory “/var/named”;
// recursion no;
allow-recursion { localnets; };
};

At last restart named and yum…

🙂

Read Full Post »

Change server time in VPS.

How to change server time in VPS.
======================

Actually it is not possible to to change time inside the VPS however it is possible to change timezone. The timezone can be changed using standard Linux method by replacing the /etc/localtime with correct timezone which we want.

This can be done by just copying the required timezone file to /etc/localtime. Timezone files are located inside /usr/share/zoneinfo folder.

For example, if you want to change your vps to Europe/Madrid timezone, then use the command as below:

~]mv /etc/localtime /etc/localtime.bak

~]cp -f /usr/share/zoneinfo/Europe/Madrid /etc/localtime

🙂

Read Full Post »

Removing audit.d – can hang your server:

Stoping audit:
=========

1. chkconfig audit off
2. service audit stop

Make sure it’s stopped:
===============
ps -ef | grep auditd

It also involves a kernel module (named “auditd”), which you may also want to disable. Doing so will prevent the userspace tools that support auditing from generating errors when they can no longer find /dev/audit.

# service crond stop
# service atd stop
# rmmod audit

Make sure it’s gone:

# lsmod | grep audit

Removing from modules and restarting services:

# echo “alias char-major-10-224 off” >> /etc/modules.conf
# service crond start
# service atd start

Read Full Post »

Cleaning ghosts Apache semaphores:

Symptoms:
========

Apache hangs with semget: No space left on device error message on /etc/httpd/logs/error_log

Cause:
=====

About every system semaphore is used. Apache 1.3.27 can leave them used if killed.

Resolutions:
========

Close these semaphores.

Checking out which proccess is using Semaphores:
==============================
# ipcs -s

If there is lots of lines owned by “nobody” it is apache.

Killing apache semaphores:
=================
# service httpd stop
# /usr/bin/ipcrm sem $(/usr/bin/ipcs -s | grep nobody | awk ‘{print$2}’)
# service httpd start

🙂

Read Full Post »

Yum error: unable to open database file

Symptoms:
=======

‘yum update’ result

File “/usr/lib/python2.4/site-packages/yum/repos.py”, line 200, in populateSack
sack.populate(repo, with, callback, cacheonly)
File “/usr/lib/python2.4/site-packages/yum/yumRepo.py”, line 91, in populate
dobj = repo.cacheHandler.getPrimary(xml, csum)
File “/usr/lib/python2.4/site-packages/yum/sqlitecache.py”, line 100, in getPrimary
return self._getbase(location, checksum, ‘primary’)
File “/usr/lib/python2.4/site-packages/yum/sqlitecache.py”, line 93, in _getbase
self.updateSqliteCache(db, parser, checksum, metadatatype)
File “/usr/lib/python2.4/site-packages/yum/sqlitecache.py”, line 382, in updateSqliteCache
cur.execute(”DELETE FROM “+table+ ” where pkgKey in %s” % delpkgs)
File “/usr/lib64/python2.4/site-packages/sqlite/main.py”, line 244, in execute
self.rs = self.con.db.execute(SQL)
_sqlite.DatabaseError: unable to open database file

Cause:
=====

Notice anything wrong? Yikes! we don’t have a working /tmp or /var/tmp directory. Apparently the problem was inadvertendly caused by some cPanel scripts which try to help us by securing those directories, making them noexec so that attackers can’t run rogue scripts directly from the tmp directories.

Resolutions:
========

First, let stop important services which use /tmp

service chkservd stop
service mysql stop
service postgresql stop
service httpd stop

Now, let make a copy of /tmp

mkdir /tmp_old
rsync -av /tmp/ /tmp_old/

Wipe out the tmp dir stuff that cpanel had setup:

/bin/umount -l /tmp
/bin/umount -l /var/tmp
/bin/rm -fv /usr/tmpDSK

I want to create a tmpDSK greater than 500MB (default), so I edit /scripts/securetmp on the line to anything I want, like 1024000

my $tmpdsksize = 1024000; # Must be larger than 250000

Now rebuild securetmp:

/scripts/securetmp –auto
mount -a

Check if /tmp and /var/tmp is mounted with

df -h

Restore our tmp copy:

rsync -av /tmp_old/ /tmp/

Starting services:

service mysql start
service postgresql start
service httpd start
service chkservd start

After everything fine remove tmp copy:

rm -rf /tmp_old/

😉

Read Full Post »

Replacing /var/named domains IP addresses with perl

Sometimes you moved a domain from one server to another and you do need to change DNS quickly.

Perl:
===

To do it:

perl -i.bak -pe “s/0.0.0.0/1.2.3.4/g” /var/named/domain.com.db

This example shows how to change from IP 0.0.0.0 to 1.2.3.4

It do also make a backup of /var/named/domain.com.db as /var/named/domain.com.db.bkp

If you do not want backup run:

perl -i -pe “s/0.0.0.0/1.2.3.4/g” /var/named/domain.com.db

Replace:
======
One alternate way would be (without perl):

replace 0.0.0.0 1.2.3.4 — /var/named/domain.com.db

Read Full Post »

Recoving a corrupted Postgres Database Index

Symptom:
=======

* Postgres database make server slow. With “ps auxw | grep postgres” you’ll get a almost 100% CPU use from “postgres: postgres DATABASE [local] SELECT” line
* with a pg_dump DATABASE you’ll get: “Attempt to lock table failed. ERROR: cannot open segment 2 of relation pg_class_relname_nsp_index No such file or directory”

Problem:
=====

Database index is corrupted.

Solution:
=====

# service postgresql stop
# su -l postgres
$ postgres -O -P DATABASE
> reindex database DATABASE
> Ctrl+D (to exit shell)
# service postgresql start

Legend:
=====

# root
$ user
> inside postgres
DATABASE -> your database name

🙂

Read Full Post »

Linux system runlevel:INIT

If the system is already up and running, you can use the init command to
start/stop the status of the system.
Options:

0     halt system
1     single user mode (for maintenance purposes, won’t allow others to login)
3     multi-user mode (normal mode)
5     multi-user mode with GUI started (normal level for workstations using
Xwindows)
6     reboot

init 1      To set single user mode
init 6     reboot

Read Full Post »

DDOS check via number of connections

A quick and usefull command for checking if a server is under ddos is

That will list the IPs taking the most amount of connections to a server. It
is important to remember that the ddos is becoming more sophistcated and they
are using fewer connections with more attacking ips. If this is the case you
will still get low number of connections even while you are under a DDOS.
this MUST be executed in one line via SSH
netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort |
uniq -c | sort -n

additionally you can check the connection ports here

lsof | grep ESTABLISHED
lsof | grep LISTEN

lsof -p PID

Read Full Post »

How to automatically sync date and time on remote server

Here’s how we do it on RHEL:

Logged in as root:

* Create file at /etc/cron.hourly/clockset
* with these two lines only:

rdate -s time-a.nist.gov > /dev/null
hwclock –systohc > /dev/null

* chmod 700 /etc/cron.hourly/clockset

OR
make a crontab entry:
0 6 * * * /etc/cron.hourly/clockset

open firewall ports:
rdate is for port 37.
NTP is for port 123.

source:
=====
http://www.directadmin.com/forum/showthread.php?s=&threadid=7484&highlight=sync+time

source of time servers: http://tf.nist.gov/service/time-servers.html

Read Full Post »