sandip's blog

Unable to open pty: No such file or directory

Udev is a dependency of xorg and other development packages that breaks OpenVZ containers if installed or upgraded.

Re-create the missing devices after an upgrade via:

vzctl exec {VEID} /sbin/MAKEDEV tty
vzctl exec {VEID} /sbin/MAKEDEV pty

For a permanent fix, edit /etc/rc.sysinit to disable udev and auto-repair the devices:

#/sbin/start_udev
/sbin/MAKEDEV tty
/sbin/MAKEDEV pty

Munin stats for apache and lighttpd

Get status of apache (80) and lighttpd (81) on different ports:

This is done at the nodes.

  1. Enable apache server-status in httpd.conf :
    <Location /server-status> 
        SetHandler server-status
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Location>
  2. Enable lighttpd server-status in lighttpd.conf :
    $HTTP["remoteip"] == "127.0.0.1" {
    status.status-url          = "/server-status"
    }
  3. Create /etc/munin/plugin-conf.d/apache:
    [apache*]
    env ports="80 81" 

    * Test with:

    ports="80 83" /etc/munin/plugins/apache_processes

lighttpd idle process will be a straight line as total of busy and idle process is always the same when drawn as STACK, . To change this to LINE1:

At the host, edit "/etc/munin/munin.conf" and add the below line to the corresponding host:

apache_processes.idle81.draw LINE1

Lighttpd client side optimization

  1. Edit conf file: /etc/lighttpd/lighttpd.conf
  2. Enable mod_expire and mod_compress.
  3. Expire static files set for 3 days:
    $HTTP["url"] =~ "\.(js|css|gif|jpg|png|ico|txt|swf|html|htm)$" { expire.url = ( "" => "access 3 days" ) }
  4. Compress mime types:
    compress.cache-dir         = "/var/cache/lighttpd/compress/"
    compress.filetype          = ("text/plain", "text/html", "text/css", "text/xml", "text/javascript")
  5. Cleanup the compressed cache via daily cron script:
    #!/bin/bash
    # lighttpd_cache_clean
    # Clean cache stored at /var/cache/lighttpd/compress
    # Place in /etc/cron.daily

    # Cache dir path
    CROOT="/var/cache/lighttpd/compress"

    #Deleting files older than 3 days
    HOURS=72

    # Lighttpd user and group
    LUSER="lighttpd"
    LGROUP="lighttpd"

    # start cleaning
    /usr/sbin/tmpwatch --mtime ${HOURS} ${CROOT}

    # if directory missing just recreate it
    if [ ! -d $CROOT ]
    then
            mkdir -p $CROOT
            chown ${LUSER}:${LGROUP} ${CROOT}
    fi

    exit 0
  6. Create the cache directory and update permissions:
    mkdir -p /var/cache/lighttpd/compress
    chown lighttpd:lighttpd /var/cache/lighttpd/compress
  7. Restart lighttpd.

Create pdf of manual pages

Below command will convert and create a pdf of a manual page.

man -t man | ps2pdf - > man.pdf

unable to include potential exec

Recent upgrade to Apache-2.2.3 secured down on executables not able to be included within a SSI include call and was getting "unable to include potential exec" in the apache error log file.

Apparently .shtml files were being used as includes via SSI. Changing the included files to .html resolved the issue.

Below was the command issued from the document root to quickly rename all the embedded leftmenu.shtml to leftmenu.html:

cp -a leftmenu.shtml leftmenu.html
find -L -name "*.shtml" -type f -printf "\"%p\"\n" | xargs perl -pi -e 's/leftmenu\.shtml/leftmenu\.html/g'

Shadow password hash explained

You can programmatically generate shadow password hash via:

$ openssl passwd -1 -salt G5cYam5w test.123
$1$G5cYam5w$z0NDUjMRX4xVBKw9Nb6YL0

-1 means md5
G5cYam5w is a random salt (minimum 8)
test.123 is the password

Here is the breakdown:

The first $1 means that it is an md5 hash.
The second $G5cYam5w is a random salt.
The third $z0NDUjMRX4xVBKw9Nb6YL0 is the md5 hash.

Determine cpu bit

You can try this to find out if your CPU/Processor is 32 bit or 64 bit:

cat /proc/cpuinfo | grep flags | grep lm

lm means Long Mode = 64 bit CPU

Also:

getconf LONG_BIT

Should display 32 or 64.

suphp-0.7.1 and DirectAdmin

Recently upgraded server running DirectAdmin to suphp-0.7.1 via the Custombuild. However, got "500 Internal Server Error" on accessing sites running on php5-cgi with log as below:

SecurityException in Application.cpp:511: Unknown Interpreter: php

The solution was to update the suphp.conf file as below:

Edit "/usr/local/suphp/etc/suphp.conf" and change from:

[handlers]
;Handler for php-scripts
x-httpd-php5=php:/usr/local/php5/bin/php-cgi

;Handler for CGI-scripts
x-suphp-cgi=execute:!self

to:

[handlers]
;Handler for php-scripts
x-httpd-php5="php:/usr/local/php5/bin/php-cgi"

;Handler for CGI-scripts
x-suphp-cgi="execute:!self"

Note the double quotes for the variables.

Running `./build rewrite_confs` should fix this issue as well.

Plesk rblsmtpd and smtp authentication

On Debian with Plesk-8.2 installed, /etc/inetd.conf show up with:

smtp stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env  /usr/sbin/rblsmtpd  -r bl.spamcop.net -r zen.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

Essentially, when the SMTP connection is made, rblsmtpd is handed the connection and does its DNSBL checking. It’s then responsible for either executing the next program (relaylock) if there’s no match, or handles the connection itself if it does find a match. Thus smtp authentication never takes place if your IP is listed in PBL.

On checking Parallels Forum, I came across this post, which suggested:

If you use an dnsrbl in Plesk that lists the IP of someone trying to connect to your server to send email then they will not be able to use your server for smtp on port 25. The dnsrbl will block their attempts. This is normal and expected behaviour in Plesk.

The instructions you read about using authenticated smtp to get around the problem do not apply to the default installation of Plesk (and other similar setups). The idea of the instructions you read is that by using authenticated smtp you will bypass the dnsrbl, and therefore will not be blocked. This does not happen with the default installation of Plesk so the instructions won't work (they are rather simplistic).

The solution in Plesk 8.4 is a simple one. Enable the "submission" option in Plesk, ask your customers to change to port 587 from port 25 in their email clients and require them to use smtp authentication (remember to open up your firewall for port 587 too). This basically creates a second smtp instance listening on port 587 instead of port 25, does not have any dnsrbl blocking and REQUIRES users to use smtp authentication in order to be able to use it. No spam will come via that port because a) server to server email transfer happens on port 25 and b) it requires authentication.

(A similar solution will work in earlier versions of Plesk but rather than ticking a box in the control panel to get it to happen you have to copy a single file and edit two lines in it, but it works just as well and basically does the same thing)

The other option you can go for is to install spamdyke (search the forum for step by step instructions) which does bypass all dnsrbls when smtp authentication takes place. Note that when you use spamdyke you will not be able to use pop-before-relay authentication, and that you set up dnsrbls within spamdyke's configuration files, not via Plesk. spamdyke does add a whole plethora of additional anti-spam measures, however, and it is well worth installing if you don't need pop-before-relay.

Since version of Plesk is older, I put in the below lines in /etc/inetd.conf and restarted inetd.

# Submission port 587 without dnsblcheck
submission stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env  /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

Now on using the port 587 instead of port 25, users are able to autheticate and send email via the SMTP/Submission server.

ways to continue run command after shell exit

  1. screen:
    screen -dmS <screen_name> <command>
    exit
  2. nohup:
    nohup <command> &
    exit
  3. at:
    echo "<command>" | at now
    exit
  4. disown:
    <command> &
    disown -h
    exit

Syndicate content
Comment