Questions Tagged With system-administration

cat file in a php page

ygdrazil — Sat, 05 Mar 2011 12:17:18 -0500

Is there a way to make a php script so that http://view_log.php wil display the content of a log file in /var/logs/something.log? Im running Apache and latest php....

kernel for 8 core XEON

Dr. Gavin Seddon — Wed, 01 Sep 2010 09:36:09 -0400

Hi, I have started using the xeon for large intensive jobs. However, only 1 core runs at 100percent. The rest at ~20. My software is for all 8cores. The developer says it's a Linux issue.

On reading it appears Ubuntu isn't ready for 8cores by default and I need to rebuild the kernel. This isn't a prob. However, before starting will someone pls tell me is it ok to find the current ker. source and re configure rather than worry about supporting all necessary drivers in a new file?

Or, is there a better Linux distro for parallel use? I used Gentoo for years so rebuilding is easy. But will someone advise me on this since I don't want any mistakes with Ubuntu?

Thank you. Gav.

Processing passed arguments in script

rfelsburg — Fri, 23 Jul 2010 15:37:51 -0400

I'm trying to decide between short and long options, such as:

-h

vs.

--help

Obviously there are packages that deal with this, particularly in shell and perl programming.

Getopts, Getopts::Std, and Getopts::Long

I would prefer to use both, both -h and --help being a call for a help/usage function, but that requires quite a bit more effort.

So my question is, what are the pros and cons of both, while I like the readability of the long notation, it's also nice and cleaner to be able to use just the simple single character flags.

Nagios SCHEDULE_FORCED_HOST_CHECK not running

rfelsburg — Tue, 20 Jul 2010 16:04:48 -0400

In nagios, when I force a host check, I can clearly see in the logs:

[1279640879] EXTERNAL COMMAND: SCHEDULE_FORCED_HOST_CHECK;random-host.domain.org;1279640878

However it never actually runs the check-host-alive check, which is check_ping.

It doesn't appear in the scheduling queue, and even though the host in not pingable, and running the command itself fails it still shows as being up.

/usr/local/nagios/libexec/check_ping -H random-host.domain.org -w 3000.0,80% -c 5000.0,100% -p 1
CRITICAL - Host Unreachable (random-host.domain.org)

Host Status:      UP    
Status Information: PING OK - Packet loss = 0%, RTA = 1.10 ms
Performance Data:   
Current Attempt:    1/10
State Type: HARD
Last Check Type:    ACTIVE
Last Check Time:    07-19-2010 16:02:03
Status Data Age:    0d 0h 0m 30s
Next Scheduled Active Check:    N/A
Latency:    0.000 seconds
Check Duration: 0.053 seconds
Last State Change:  04-01-2009 15:58:50
Current State Duration: 474d 0h 3m 43s
Last Host Notification: N/A
Current Notification Number:    0  
Is This Host Flapping?    NO  
Percent State Change:   0.00%
In Scheduled Downtime?    NO  
Last Update:    07-19-2010 16:02:25

I can grep back through my archive logs, and see where hosts have been reported down however the above host was down for almost 30 minutes and we still received no alert:

HOST ALERT: some-other-random-host.org;DOWN;SOFT;1;CRITICAL - Host Unreachable (some-other-random-host.org)

My host and check-host-alive settings are:

define host{
name                            linuxprod-server
use                             generic-host
check_period                    24x7
max_check_attempts              10
check_command                   check-host-alive
notification_period             24x7
notification_interval           120
notification_options            d,u,r
contact_groups                  linux admins
register                        0
}

and check-host-alive is defined here:

# 'check-host-alive' command definition
define command{
        command_name    check-host-alive
        command_line    $USER1$/check_ping -H $HOSTALIAS$ -w 3000.0,80% -c 5000.0,100% -p 1
        }

Thoughts?

Tool for tracking user's usage of a Linux system

Andy — Thu, 10 Jun 2010 15:10:08 -0400

I am looking for a tool that monitors my system and informs me when a user logs in... someone attempts to login, etc. I know I can create a cron job to check "who" or "w" every so often but I was wondering if anyone was aware of a more proactive approach and/or tool.

Best practices for geo-redundancy?

Jeffery — Wed, 02 Jun 2010 20:57:56 -0400

We have a Lighttpd/Perl/MySQL web service we run on an Ubuntu VPS, and want to add redundacy so that if our datacenter has issues, we stay up.

Interested in thoughts and comments on our proposed solution:

We're looking at using GlusterFS to mirror the web roots and config files for our apps, and MySQL Replication in multimaster mode to mirror the database. Both would run over the WAN/Public Internet between the two datacenters with IPSec Transport mode encryption.
We'd use dual A records (an IP at each datacenter) to host the sites. This would provide for round-robin while things were working, and would failover within 4 seconds (worst case, most browsers release a DNS pinning in 1000ms) to the other server, should connectivity be lost.
GlusterFS and MySQL replication would both "self heal" and update the other server automatically once connectivity was restored, so there is no issue of needing to update an out-of-sync server after failover, and both servers can run in "live mode" with both A records live all the time - so there is no DNS propagation to take place to make a failover happen.
In the event of software failure or a need to take one server offline for maintenance (rather than connectivity failure) we could simply pull one server's IP offline using the VPS control panel, or firewall it temporarily with iptables on the server itself.
As well as the automatic failover we'd experience with a datacenter outage, we could also automatically initiate a failover in the event of software failure on one server using automatic monitoring - if one server isn't returning the content we expect to see, we would get an alert, and the monitoring software would automatically pull the offending server offline using the VPS host's API - causing requests to fail over to the other.

Interested to know if anyone has tried doing anything similar, or for any thoughts, comments or suggestions on the above strategy.

Detecting A Compromised Host

gjcwilliams — Sat, 08 May 2010 12:54:50 -0400

Okay so you have installed your distribution of choice and done all of the recommended hardening security steps such as encrypted paritions, configured your firewall (iptables/tcpwrappers), installed a file integrity checker/host intrusion detection system (tripwire, samhain, ossec). You also regularly check for rootkits using tools such as (rkhunter, chkrootkit) and audit/harden your machine following (lynsis / bastilles) recommendations. Only running services which are necessary and disable any which are surplus to requirements. Keeping up to date with security patches, maintaining good file system permissions and regularly reading your system logs.

Although the above is not a fully comprehensive list, If you have implemented the above chances are your in pretty good shape. However my question is what additional steps do you take to protect/prevent your host/network from becoming compromised and more importantly if it was how quickly would you know about it?

For example here is a few things that I personally do on my Linux boxes.

Create an MD5 hash of my currently running iptables check this every 15 minutes if it has changed something has been added/removed.
I create separate partitions for various mount points such as (/var,/usr,/tmp,/boot,/home) etc and use mount options such as NOSUID, NOEXEC, READONLY. I then check every 15 minutes and compare the current mount options to ensure none of them have changed, If one of them suddenly writable I want to know about it.
Monitor netstat's output for listening services and comparing this against a file which contains a list of known good services/ports which I have approved. If any new services start listening I will be informed and can check whether this is legitimate or a potential backdoor.
Perform a daily scan of my local home network using nmap/ndiff to detect any foreign hosts or determine if any other hosts are listening for new services.
Implement and check that critical files (/etc/passwd, /etc/shadow, /etc/group ...) are immutable (chattr +i).

The above checks can be performed regularly using a cronjob. Obviously if someone roots the box swiftly some of these checks are going to be useless if the attacker gets an opportunity to disable them. Although if you have more than one Linux box you can configure them to check on each other which adds an additional layer of protection.

I am keen to know what the rest of the community does and any funky hurdles they place to trip an attacker up?

What shells are available on the box ?

Knight Samar — Mon, 03 May 2010 08:16:53 -0400

Hi,

Is there a way to determine what shells are available on a Linux box other than trying out /bin/shellname ?

Even a workaround would do :)

Thanks.