Archive for May 2008

ssh: connect to host … port 22: Connection refused

29th May 2008, 09:28 am

I run a backup script to backup my VPS’s every night using rsync. On one of my VPS’s I was seeing the error  “ssh: connect to host … port 22: Connection refused” at seeming random points.

It took me a while to track down the fact that lylix.com (the provider of my VPS) block multiple inbound and outbound ssh connections to a server made over a short period of time.

Whilst this is probably useful for some people, and will offer their VPS some protection from brute force login attempts, it broke my script!  :-)

Continue reading ‘ssh: connect to host … port 22: Connection refused’ »

Category: Linux, VPS  |  1 Comment

Win a laptop - HP HDX Dragon Giveaway

27th May 2008, 10:54 am

Do you fancy winning a brand new laptop?

There are a total of 13 being given away by some tech bloggers/podcasters.

Head on over here to find out how to win one

Category: Other  |  Comment

Where’s all my disk space gone! - linux

19th May 2008, 01:41 pm

Even with today massive disk drives it’s so easy to run out of disk space. This can be a real pain if you happen to run out of space on your root volume.

So, you fancy doing some spring cleaning and want to track down where all of your space has gone.

Here’s a quick run through using nothing more than the command prompt -

To show all of your filesystems with the -m showing used/free space in megabytes

$ df -m
Filesystem   1M-blocks      Used     Available   Use%    Mounted on
simfs        10000          718      9283        8%      /

So I’m using 718 MB of my disk space but where?

For the next bit we’re going to need to be root (or root equivalent)

$ sudo -s
# cd /
# du -ahm --max-depth 1 --exclude /proc | sort -n

That will list the size in MB of all of the folders in root (/) with the largest last.

5    ./bin
6    ./etc
6    ./root
7    ./sbin
12    ./lib
18    ./home
154    ./var
513    ./usr

So my /usr folder is using 513MB. Now I can drill down into the folders running the same command again.

# cd /usr
# du -ahm --max-depth 1 --exclude /proc | sort -n

and so on.

Obviously you only want to be deleting files when you’re absolutely positive what they are used for and what impact deleting them will have on your system!

There are a whole bunch of utilities for both Windows and linux to make this process easier and prettier! Here’s a couple -

Linux - http://treesize.sourceforge.net/
Windows - http://sourceforge.net/projects/windirstat/

Category: Linux, VPS  |  Comment

Brute for SSH login attempts

16th May 2008, 10:37 am

I’ve always been pretty confident just using denyhosts to prevent people running brute force ssh login attempts against my servers but now with this from securityfocus - http://www.securityfocus.com/news/11518 - I think I’ll also be changing the port number that SSH is listening on.

The report says that there are now large distributed brute force ssh attempts coming from multiple IP addresses. This means that utilities that are blocking login attempts from hosts that have made multiple failed attempts are not going to help.

Category: Linux, VPS  |  Comment

ERROR: Could not open file (/a/etc/vfstab)

15th May 2008, 12:37 pm

I was trying to install Solaris U5 on one of our Sun boxes using jumpstart today and came across the error -

ERROR: Could not open file (/a/etc/vfstab)

We were previously using Solaris U4 and I had copied the U5 media to our jumpstart server. What I had forgotten to do was to copy the x86.miniroot file from the installation media to where it was being loaded from.

This resulted in the U5 installation trying to use the U4 ramdisk image. Doh!

So, if you see the same error, it’s something to check.

Category: Solaris  |  Comment

Configuring lighttpd for use with Asterisk & FreePBX

14th May 2008, 06:56 pm

I recently had a client that wanted to install Asterisk and FreePBX on a machine that was already running Apache so I though I’d have a go at getting it working with lighttpd instead.

It is pretty easy to setup and worked well. The instructions below are for CentOS 5.1.

Here’s how to set it up. You will probably need to alter this for your environment but it’ll be a good starting point.

Prerequisites

You need to have already installed Asterisk and FreePBX. When installing FreePBX you should choose a unique location for the install rather than the Apache default - /var/www/html. I chose /var/www/freepbx.

Installing lighttpd

I chose to install lighttpd from rpmforge but you could just as easy compile it from source.

See here for details on setting up rpmforge - http://dag.wieers.com/rpm/FAQ.php#B

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install lighttpd lighttpd-fastcgi

Lighttpd configuration file changes

Change or add the following lines from the default lighttpd configuration file

vi /etc/lighttpd/lighttpd.conf

server.document-root       = "/var/www/freepbx"
server.port                = 81
server.username            = "asterisk"
server.groupname           = "asterisk"
server.pid-file            = "/var/run/lighttpd/lighttpd.pid"
server.modules = (  "mod_fastcgi", "mod_auth" )
fastcgi.server             = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)
ssl.engine                 = "enable"
ssl.pemfile                = "/etc/lighttpd/lighttpd.pem"
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

Generate the SSL certificate

cd /etc/lighttpd/
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chown asterisk:asterisk lighttpd.pem
chmod 600 lighttpd.pem

Create the password file

htdigest -c /etc/lighttpd/.passwd 'Authorized users only' bob

Set some access rights

chown -R asterisk:asterisk /var/log/lighttpd/
mkdir /var/run/lighttpd
chown -R asterisk:asterisk /var/run/lighttpd/

Start Lighttpd

chkconfig lighttpd on
service lighttpd start

And that’s it. You should now be able to connect to FreePBX on port 81 using HTTPS.

You should be asked for a username/password which, if you followed the instructions above, will be ‘bob’ and whatever password you chose.

Category: Linux, VOIP  |  Comment

10 steps to a Xen domU

9th May 2008, 02:11 pm

Here’s a quick and easy way to get a CentOS Xen dom0 and domU up and running

1 - Boot using the CentOS CD

2 - When prompted for the package bundle selection just choose “Virtulization”

3 - Log into your new CentOS install as root

4 - Install the ftp server vsftpd. We’ll use this to install CentOS on our domU

yum install vsftpd
service vsftpd start

5 - Mount our CentOS CD so we can access it via FTP

mount /dev/cdrom /var/ftp

Continue reading ‘10 steps to a Xen domU’ »

Category: Linux, VPS  |  Comment

Where are my packets going?

9th May 2008, 11:04 am

If you’ve ever had a slow, unable connection to a server it could be that you’re suffering from some packet loss between you and the server.

This might not be noticeable for web browsing or e-mail but if you’re doing any sort or VOIP or gaming it can be critical to know the quality of the connection between 2 points.

A simple tool for this is mtr. This is normally included in modern Linux ditros - if you’re a RedHat/CentOS/Fedora person just run -

yum install mtr

Now you can fire it up by running -

/usr/sbin/mtr www.digg.com

Continue reading ‘Where are my packets going?’ »

Category: Linux, Network, VPS  |  Comment

bash: /bin/rm: Argument list too long

9th May 2008, 09:45 am

Yesterday I was trying to delete rather a lot of files from a server that had been used as a spam relay.

There were a total of 2.2 million files in the /var/spool/mqueue folder (and another 2 million in the /var/spool/clientmqueue folder!).

If you try to delete this many files from a folder using …

rm -f *

… you get get the following error

Continue reading ‘bash: /bin/rm: Argument list too long’ »

Category: Linux  |  Comment