Category Archives: Linux

Linux and Unix

ssh: connect to host … port 22: Connection refused – UPDATE

As someone pointed out here another possibilty for these kind off error messages is that, if you’ve just changed the SSH port from 22 to something else for security, then there’s a good chance your firewall may be blocking the connection.

Redhat5/CentOS5 cetainly has a firewall enabled as default. Try ‘iptables –list’ to see if you’ve got iptables running

ssh: connect to host … port 22: Connection refused

I run a backup script to backup my VPS’s every night using rsync. On one of my VPS’s I was seeing the error  “ssh: connect to host … port 22: Connection refused” at seeming random points.

It took me a while to track down the fact that lylix.com (the provider of my VPS) block multiple inbound and outbound ssh connections to a server made over a short period of time.

Whilst this is probably useful for some people, and will offer their VPS some protection from brute force login attempts, it broke my script!  🙂

Continue reading

Where’s all my disk space gone! – linux

Even with today massive disk drives it’s so easy to run out of disk space. This can be a real pain if you happen to run out of space on your root volume.

So, you fancy doing some spring cleaning and want to track down where all of your space has gone.

Here’s a quick run through using nothing more than the command prompt –

To show all of your filesystems with the -m showing used/free space in megabytes

$ df -m
Filesystem   1M-blocks      Used     Available   Use%    Mounted on
simfs        10000          718      9283        8%      /

So I’m using 718 MB of my disk space but where?

For the next bit we’re going to need to be root (or root equivalent)

$ sudo -s
cd /
du -ahm --max-depth 1 --exclude /proc | sort -n

That will list the size in MB of all of the folders in root (/) with the largest last.

5    ./bin
6    ./etc
6    ./root
7    ./sbin
12    ./lib
18    ./home
154    ./var
513    ./usr

So my /usr folder is using 513MB. Now I can drill down into the folders running the same command again.

cd /usr
du -ahm --max-depth 1 --exclude /proc | sort -n

and so on.

Obviously you only want to be deleting files when you’re absolutely positive what they are used for and what impact deleting them will have on your system!

There are a whole bunch of utilities for both Windows and linux to make this process easier and prettier! Here’s a couple –

Linux – http://treesize.sourceforge.net/
Windows – http://sourceforge.net/projects/windirstat/

Configuring lighttpd for use with Asterisk & FreePBX

I recently had a client that wanted to install Asterisk and FreePBX on a machine that was already running Apache so I though I’d have a go at getting it working with lighttpd instead.

It is pretty easy to setup and worked well. The instructions below are for CentOS 5.1.

Here’s how to set it up. You will probably need to alter this for your environment but it’ll be a good starting point.

Prerequisites

You need to have already installed Asterisk and FreePBX. When installing FreePBX you should choose a unique location for the install rather than the Apache default – /var/www/html. I chose /var/www/freepbx.

Installing lighttpd

I chose to install lighttpd from rpmforge but you could just as easy compile it from source.

See here for details on setting up rpmforge – http://dag.wieers.com/rpm/FAQ.php#B

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install lighttpd lighttpd-fastcgi

Lighttpd configuration file changes

Change or add the following lines from the default lighttpd configuration file

vi /etc/lighttpd/lighttpd.conf

server.document-root       = "/var/www/freepbx"
server.port                = 81
server.username            = "asterisk"
server.groupname           = "asterisk"
server.pid-file            = "/var/run/lighttpd/lighttpd.pid"
server.modules = (  "mod_fastcgi", "mod_auth" )
fastcgi.server             = ( ".php" =>
( "localhost" =>
(
"socket" => "/var/run/lighttpd/php-fastcgi.socket",
"bin-path" => "/usr/bin/php-cgi"
)
)
)
ssl.engine                 = "enable"
ssl.pemfile                = "/etc/lighttpd/lighttpd.pem"
auth.backend = "htdigest"
auth.backend.htdigest.userfile = "/etc/lighttpd/.passwd"
auth.debug = 2
auth.require = ( "/" =>
(
"method" => "digest",
"realm" => "Authorized users only",
"require" => "valid-user"
)
)

Generate the SSL certificate

cd /etc/lighttpd/
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 365 -nodes
chown asterisk:asterisk lighttpd.pem
chmod 600 lighttpd.pem

Create the password file

htdigest -c /etc/lighttpd/.passwd 'Authorized users only' bob

Set some access rights

chown -R asterisk:asterisk /var/log/lighttpd/
mkdir /var/run/lighttpd
chown -R asterisk:asterisk /var/run/lighttpd/

Start Lighttpd

chkconfig lighttpd on
service lighttpd start

And that’s it. You should now be able to connect to FreePBX on port 81 using HTTPS.

You should be asked for a username/password which, if you followed the instructions above, will be ‘bob’ and whatever password you chose.

10 steps to a Xen domU

Here’s a quick and easy way to get a CentOS Xen dom0 and domU up and running

1 – Boot using the CentOS CD

2 – When prompted for the package bundle selection just choose “Virtulization”

3 – Log into your new CentOS install as root

4 – Install the ftp server vsftpd. We’ll use this to install CentOS on our domU

yum install vsftpd
service vsftpd start

5 – Mount our CentOS CD so we can access it via FTP

mount /dev/cdrom /var/ftp

Continue reading

Where are my packets going?

If you’ve ever had a slow, unable connection to a server it could be that you’re suffering from some packet loss between you and the server.

This might not be noticeable for web browsing or e-mail but if you’re doing any sort or VOIP or gaming it can be critical to know the quality of the connection between 2 points.

A simple tool for this is mtr. This is normally included in modern Linux ditros – if you’re a RedHat/CentOS/Fedora person just run –

yum install mtr

Now you can fire it up by running –

/usr/sbin/mtr www.digg.com

Continue reading

bash: /bin/rm: Argument list too long

Yesterday I was trying to delete rather a lot of files from a server that had been used as a spam relay.

There were a total of 2.2 million files in the /var/spool/mqueue folder (and another 2 million in the /var/spool/clientmqueue folder!).

If you try to delete this many files from a folder using …

rm -f *

… you get get the following error

Continue reading

Making your SSH service secure

SSH is extremely versatile and can be used to both mange your server and copy files to your server. Unless you have a real good reason to be using FTP still you really shouldn’t be (and you certainly shouldn’t be using telnet any more!)

It’s certainly worth taking some time to make sure your SSH service is secure and there is plenty you can do to accomplish this.

Here’s what I do with my servers plus some links to other things that you can do.

1 – Make sure you are running the latest version of the SSH daemon software

2 – Install denyhosts

Denyhosts can be configured to stop accepting connections from IP addresses that have made too many failed login attempts. It is configurable so you can specify how many failed login attempts to allow before the host is blocked, how long the host is blocked for … 

Continue reading

Modifying subinacl exports with a bash script

We are currently in the process of migrating our users from one Active Directory domain to another.

The users already exist in the target domain so we were looking to mass change our NTFS permissions to include the user from the new domain whilst also retaining the permissions from the old domain.

A tool that Microsoft supplies looked ideal for the task – subinacl – apart from in one respect – the tool was deigned to replace permissions instead of adding to them. The way we got round this problem was to edit the export from subinacl and add in the new permissions that we wanted and then to run the export file against the NTFS volume.

So this was a 4 step process.

Continue reading