Linux.com

Community Blogs



Management and economics issues of hosting virtual private email servers

After I published "Wanted: Virtual Personal Email Servers (VPES)" I got lots of feedback. Among others, John made very interesting comments, for example:

  • ... The most user friendly free email management interface is from Zimbra, but the setup is a bear and the system requirements are huge for what it provides
  • ...I (John) spent 20 min earlier today considering whether I could make any profit creating an easy VPES setup script with a fairly low monthly price point.
  • ... BTW, the laws for email metadata retention are different in the EU than in the USA...

The summary of this discussion is at Virtual Personal Email Servers: legal, management and economics issues.

 

Installing rssh in Linux Server

Here are the steps to install rssh in the linux server :
Follow the below steps to install if your linux os is 32 bit :
Step 1: cd /usr/src
Step 2: wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el4.rf.i386.rpm
Step 3: rpm -ivh rssh-2.3.2-1.2.el4.rf.i386.rpm
If your linux os is 64 bit then follow these steps:
Step 1: cd /usr/src
Step 2: wget http://dag.wieers.com/rpm/packages/rssh/rssh-2.3.2-1.2.el5.rf.x86_64.rpm
Step 3: rpm -ivh rssh-2.3.2-1.2.el5.rf.x86_64.rpm

For queries @ Linux Server

 

Set up OSOL 2010-03 (build 134) PV Guest at Xen 4.0 Dom0 (2.6.32.10 pvops kernel) on top of Ubuntu Karmic Koala Server

Due to absence in meantime pygrub support for ZFS 24 in Xen 4.0 proceed as usual and copy unix kernel and boot_archive off the disk to Dom0 :


mount -o loop,ro osol-134-dev-x86.iso /mnt
cp /mnt/platform/i86pc/amd64/boot_archive  /home/boris/osol134
cp /mnt/platform/i86xpv/kernel/amd64/unix /home/boris/osol134

In my case OSOL 134 PV DomU was able to obtain IP address just once after first boot up configuring SMF . Afterwards it required restarting ( or reenabling)  service svc:/network/physical:nwam, what finally brought me to accomplish this procedure as OSOL service , because no analog of /etc/rc.local exists on OSOL.


  Two steps in procedure bellow make Xen default Hypervisor on Ubuntu 9.10. First is commenting out (xend-unix-server yes) in /etc/xen/xend-config.sxp, second export variable export VIRSH_DEFAULT_CONNECT_URI=”xen:///” in root’s .bashrc.Then run:-
# apt-get install ubuntu-virt-server ubuntu-virt-mgmt


Create installation XML profile create_osol134.xml as follows :-


<domain type='xen'>
  <name>osol134</name>
  <uuid>f80856df-3180-acc5-931d-32190cfe4062</uuid>
  <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
  <vcpu>2</vcpu>
  <bootloader></bootloader>
  <os>
    <type>linux</type>
    <kernel>/home/boris/osol134/unix</kernel>
    <initrd>/home/boris/osol134/boot_archive</initrd>
    <cmdline>/platform/i86xpv/kernel/amd64/unix - nowin -B install_media=cdrom</cmdline>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>destroy</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='/dev/sdb5'/>
      <target dev='xvda' bus='xen'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='file'/>
      <source file='/root/MyDownloads/osol-dev-134.iso'/>
      <target dev='xvdc' bus='xen'/>
      <readonly/>
    </disk>
    <interface type='bridge'>
      <mac address='00:16:3e:72:da:33'/>
      <source bridge='eth0'/>
      <script path='/etc/xen/scripts/vif-bridge'/>
      <target dev='vif7.0'/>
    </interface>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target port='0'/>
    </console>
  </devices>
</domain>


and run


# virsh create create_osol134.xml
# virsh console osol134
At this point activate VNC connection to DomU via script

domid=`virsh domid osol134`
ip=`/usr/bin/xenstore-read /local/domain/$domid/guest/ipv4/0/address`
echo $ip
port=`/usr/bin/xenstore-read /local/domain/$domid/guest/vnc/port`
echo $port
/usr/bin/xenstore-read /local/domain/$domid/guest/vnc/passwd
vncviewer $ip:$port


and go through normal install. Now define new domain via profile :


<domain type='xen'>
  <name>osol34</name>
  <uuid>0b9a31cc-13c2-065b-e64d-4ba1a042dedc</uuid>
  <memory>1048576</memory>
  <currentMemory>1048576</currentMemory>
  <vcpu>2</vcpu>
  <bootloader></bootloader>
  <os>
    <type>linux</type>
    <kernel>/home/boris/osol134/unix</kernel>
    <initrd>/home/boris/osol134/boot_archive</initrd>
    <cmdline>/platform/i86xpv/kernel/amd64/unix -B zfs-bootfs=rpool/ROOT/opensolaris,bootpath=/xpvd/xdf@51712:a</cmdline>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>destroy</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <disk type='block' device='disk'>
      <driver name='phy'/>
      <source dev='/dev/sdb5'/>
      <target dev='xvda' bus='xen'/>
    </disk>
    <interface type='bridge'>
      <mac address='00:16:3e:4d:60:e3'/>
      <source bridge='eth0'/>
      <script path='/etc/xen/scripts/vif-bridge'/>
      <target dev='vif8.0'/>
    </interface>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target port='0'/>
    </console>
  </devices>
</domain>


# virsh  define osol134-def.xml
# virsh start osol134
# virsh console osol134


In my case after first reboot configuring SMF OSOL 134 stopped obtain IP address via DHCP and required every time commands bellow :-


$ pfexec su -
# svcadm restart svc:/network/physical:nwam
Due /etc/rc.local doesn't exist on OSOL new service to restart NWAM was
implemented. First i created script /bin/dhcp_again.sh to add as service to SMF


root@opensolaris:~# cat /bin/dhcp_again.sh
svcadm restart svc:/network/physical:nwam


Created XML bellow per [1]:


<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--Script name goes here-->
<service_bundle type='manifest' name='SUNWcsr:dhcp_again'>

<!--Script name goes here too-->
<service
name='site/dhcp_again'
type='service'
version='1'>

<create_default_instance enabled='false' />

<single_instance/>

<!--If your script needs to run after a certain milestone has been met
you can specify that here, otherwise delete this bit.
Replace value for milestone you need to meet-->
<dependency
name='milestone'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/milestone/network' />
</dependency>

<!--Script to run goes here-->
<exec_method
type='method'
name='start'
exec='/usr/bin/bash /bin/dhcp_again.sh'
timeout_seconds='60' />

<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='60' />

<!--This bit makes it run ONCE and makes sure it is NOT restarted!-->
<property_group name='startd' type='framework'>
<propval name='duration' type='astring' value='transient' />
</property_group>

<template>
<common_name>
<loctext xml:lang='C'>
<!--Script name goes here-->
DHCP_AGAIN
</loctext>
</common_name>
<documentation>
<manpage title='' section=''
manpath='' />
</documentation>
</template>
</service>

</service_bundle>


Next step:-


# cd /var/svc/manifest/site
XML above saved in this directory as dhcp_again.xml
# svccfg validate dhcp_again.xml
# svccfg import dhcp_again.xml
# svcadm enable dhcp_again
#root@opensolaris:~# svcs -a|grep dhcp
online         19:37:20 svc:/site/dhcp_again:default


At this point activate GDM remote login via Xvnc :

root@opensolaris:~# cat /etc/gdm/custom.conf
# Custom Configuration file.
# overrides: /usr/share/gdm/defaults.conf
[daemon]
RemoteGreeter=/usr/lib/gdmgreeter
[security]
DisallowTCP=false
# AllowRoot=true
# AllowRemoteRoot=true
[xdmcp]
Enable=true
[gui]
[greeter]
[chooser]
[debug]
[servers]

Then re-enable services :

svcadm disable xvnc-inetd gdm
svcadm enable xvnc-inetd gdm
Runtime snapshots


Runtime snapshots





References
1. http://www.hashbang0.com/blog/2010/03/26/making-a-script-run-on-startup-on-opensolaris/

 

Virt-install&Virt-manager at Xen 4.0-rc8 (2.6.32.10 pvops) Dom0 on top Ubuntu Karmic Koala Server

The final target of this post is to demonstrate how flexible is Ubuntu Karmic Koala Server environment. Build Xen 4.0-rc8 and the most recent stable pvops kernel 2.6.32.10 ( with DRM support). Loading Xen Instance followed by install Ubuntu's Libvirt environment, providing utility virt-install for creating PV and HVM DomUs, virt-manager completely functional to manage any DomU been built via virt-install. Finally HVM image created by beta version Ubuntu 10.04 Lucid Lynx is utilized to bring up Ubuntu 10.04 Lucid Lynx PV DomU, regardless standard trick with "pygrub"  due to Lucid grub2 notation set root='(/dev/sda,1)' instead of  Karmic's set root=(hd0,1) doesn't work any longer. Xen's 4.0-rc8 "pygrub" was not ready to parse such unexpectedness First install required packages:

apt-get install libcurl4-openssl-dev xserver-xorg-dev python2.6-dev mercurial gitk build-essential libncurses5-dev uuid-dev gawk gettext texinfo bcc bridge-utils iasl

Second – build Xen from source

# cd /usr/src
# hg clone http://xenbits.xensource.com/xen-unstable.hg
# cd xen-unstable.hg
Set in Config.mk
PYTHON = python
PYTHON_PREFIX_ARG =
# make install-xen
# make install-tools
# make install-stubdom

Now checkout and build 2.6.32.10 pvops kernel

# git clone git://git.kernel.org/pub/scm/linux/kernel/git/jeremy/xen.git linux-2.6-xen
# cd linux-2.6-xen
# git checkout -b xen/stable-2.6.32.x origin/xen/stable-2.6.32.x

Notice :-

# git checkout origin/xen/master -b xen/master

will result building the most recent 2.31.12 version of pvops kernel. Branch above , actually is not required to be checked out . It’s default branch of "git clone".However, APIC rework has been committed for 2.6.32.9.

# make menuconfig
and tune kernel to support Xen in Dom0

# make -j4
# make modules_install install
# mkinitramfs -o /boot/initrd-2.6.32.10.img 2.6.32.10

Tuning Config.mk results Xen packages to be placed into /usr/local/lib/python2.6/dist-packages
due to Changeset 19594 in xen-3.4-testing.hg. Otherwise, Xen packages would go to /usr/lib/python2.6/site-packages, which is not default location for python 2.6 on Ubuntu 9.10 ( vs F12 ). Thus you won’t be able to start xend in Dom0. Add entry to /boot/grub/grab.cfg:-

menuentry "Xen 4.0-rc8 / Ubuntu 9.10 kernel 2.6.32.10 pvops" {
insmod ext2
set root=(hd1,8)
multiboot (hd1,8)/boot/xen.gz
module (hd1,8)/boot/vmlinuz-2.6.31.12 dummy=dummy root=/dev/sdb8 ro console=tty0
module (hd1,8)/boot/initrd-2.6.31.12.img
}

Reboot system and install libvirt environment :-

Two steps in procedure bellow make Xen default Hypervisor on Ubuntu 9.10.
First is commenting out (xend-unix-server yes) in /etc/xen/xend-config.sxp , second export variable export VIRSH_DEFAULT_CONNECT_URI="xen:///"
in root’s .bashrc.

Then run:-

# apt-get install ubuntu-virt-server ubuntu-virt-mgmt

Now you should be able to install Ubuntu 10.04 Lucid Server HVM via virt-install :-

# virt-install -n LucidSRV -r 1024 --hvm --vnc -f /dev/sda8 -c /home/boris/Lucid.iso --debug

Start up LucidSRV HVM via virt-manager and scp to Dom0 vmlinuz-2.6.32-16-server and initrd.img-2.6.32-16-server

File bellow may be used for command :-

# virsh define Lucid-def.xml

***************
Lucid-def.xml
***************

***************
Lucid-def.xml
***************
<domain type='xen' id='3'>
<name>Ubuntu10.04</name>
<uuid>40721ad3-27fd-39a9-35d8-ffa9d12bd494</uuid>
<memory>2097152</memory>
<currentMemory>2097152</currentMemory>
<vcpu>2</vcpu>
<bootloader></bootloader>
<os>
<type>linux</type>
<kernel>/home/boris/lucid/vmlinuz-2.6.32-16-server</kernel>
<initrd>/home/boris/lucid/initrd.img-2.6.32-16-server</initrd>
<cmdline>root=/dev/xvda1 ro </cmdline>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/lib/xen/bin/qemu-dm</emulator>
<disk type='block' device='disk'>
<driver name='phy'/>
<source dev='/dev/sda8'/>
<target dev='xvda' bus='xen'/>
</disk>
<interface type='bridge'>
<mac address='00:16:3e:04:6b:5a'/>
<source bridge='eth0'/>
<script path='/etc/xen/scripts/vif-bridge'/>
<target dev='vif3.0'/>
</interface>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target port='0'/>
</console>
<input type='mouse' bus='xen'/>
<graphics type='vnc' port='5900' autoport='yes'/>
</devices>
</domain>

At this point Lucid Server PV DomU may be started via virt-manager.

Runtime snapshots

 

Systems Administrator Creed

This is my server.  There are many like it, but this one is mine.  My server is my best friend.  It is my life. I must master it as I master my life.  My server, without me is useless. Without my server, I am useless.  I must configure my server true.  I will...

 

My server and myself know that what counts in this war is not the packets we drop, the noise of our fans, nor the power we consume. We know that it is the data that counts. We will backup...

 

My server is human, even as I, because it is my life. Thus, I will learn it as a brother. I will learn its weakness, its strength, its parts, its accessories, its I/O and its slots. I will keep my server clean and ready, even as I am clean and ready. We will become part of each other. We will...

 

Before God I swear this creed:  My server and myself are defenders of the command prompt, we are the masters of our enemy.  We are the saviors of my life.  So be it, until every server is patched and there is no enemy, but uptime.

 

 

Accessing VMWare Server 2 with vSphere Client (the unsupported way)

As many of you already discovered there's no official Linux client for accessing VMWare Server 2.x, the only thing VMWare suggests you to do is to use internal web interface based on a Tomcat webserver.
This web interface is ugly and slow, not so reliable if you plan a clean and fast administration, as alternative you can use the good and efficient Virtual Infrastructure Client (VIC).

Again: VIC is only available for Windows platform and no Linux (or OS-X) client is available now, you can run it on top of WINE libs but it's still not a linux native client.
VMWare promised a lot of time ago a "planned version" for Linux but nobody have already seen it (planned with no expected date...) so we're still waiting for it.

Now vSphere architecture is out, new vSphere Client replaces Virtual Infrastructure Client and guess what ? vSphere Client doesn't support officially VMWare Server, this makes me really upset and after reading different posts even from their community forum (like this) I was really trying to find a different way to access my server installations or move to a totally different product (VirtualBox, KVM, ...)

But after some TCPDUMP traces, a lot of different retries and some Google searches  I've solved my problem and I'll hope this article may help someone else as well.

When you try to connect vSphere to VMWare server you need to insert your credentials and the host name/IP, I've started with https://ip.address.to.use:8333 (the old way used with VIC), ip.address.to.use, ip.address.to.use:8333 and so on...
Finally I've discovered this form: ip.address.to.use:8333 seems to be the right one.

At the first connection you need to install a certificate in your Windows machine, second step is to retrieve from server "a generic installer", so you can choose to "Save the Installer" or "Run the Installer";

both options drives you to a generic error like:

"The required client support files cannot be retrieved from the server"
"The login process will now exit"
"Details: The server could not interpret the client's request. (404 not found)"

 

But what kind of support files do you need, where are there ? Here's a link with some useful and legal files in it

Now what you should do after downloading these support files ?
Just unrar these files into your vSphere Client installation folder, something like
"Program FilesVMWareInfrastructureVirtual Infrastructure Client" (x86 32bit)
or
"Program Files (x86)VMwareInfrastructureVirtual Infrastructure Client" (x86 64bit)
you'll finally have a directory named "2.5" inside this root folder, now run your vSphere Infrastructure Client again, after inserting your credentials you'll see
the entire login process like in the past with VIC (so "loading inventory form",
"loading classes", and so on...) and the new shiny Client interface is now connected
to VMWare Server as in the past.

 

This is just a trick to have authentication running again and have access to your
legitimate VMWare Server installation, I'll hope they're really working on this
promised linux client capable of connecting to VMWare Server.
At the moment I'm quite skeptic because this new client relies on Microsoft Windows .NET 3.x Framework and Windows J# redistributable package, as a programmer these are not my preferred tools if I'm planning to have a cross platform program because I'm totally depending on .NET (or Mono) and MS libs.
If you're running a big business you don't really need it, you just purchase vSphere (new ESX) and you're set, but if you really need "bare metal emulation" and you can't afford vSphere, VMWare Server is still the best reliable solution for it, yeah I know Virtual Box/KVM/XEN and others are growing fast but on bare metal VMWare is still the best (from my point of view)

 

 

I hope this process may help someone else and I'll look forward for your comments to this post

Andrea (Ben) Benini

 

Access VMWare Server 2 remote virtual machine without web interface

I've spent a lot of time doing something else and I left the blog alone for a while.

This new entry is related to VMWare Server v2.0 and Virtual Infrastructure Client on Linux.
Many of you already know there's no Virtual Infrastructure Client available on a linux client, so it's quite a mess if you'd like to control a VMWare server if you don't want the ugly web interface available with it.

Personally I don't like WebInterface, it's ugly and very slow, here's where Virtual Infrastructure Client (VIC) comes out, unfortunately this is only available for Windows machines. VMWare promised a lot of time ago a version available for linux but nobody have already seen it working or available.

I'm quite upset about lack of support for linux users so I've installed the windows client on linux with WINE emulation. It works fine, even with WINE, but it's clearly a Windows application and it's not native.

Few days ago I've discovered I can use VMWare Player  v2.x and use it to control Virtual Machines consoles even on a remote VMWare Server. If you run VMWare Player (v2.5.3.x on my Gentoo box) you can only choose local virtual machines so you cannot select remote machines running on a remote host without some sort of network share. if you run local help you can see:

~$ vmplayer --help
Usage:
vmplayer [OPTION...] <Virtual machine config file>

Help Options:
-?, --help Show help options

Application Options:
-v, --version Display the program version
-L, --list-stock-ids Display the list of registered stock IDs
-X, --fullscreen Start in fullscreen mode
-U, --unity Start in Unity mode
-k, --no-kiosk-warning Suppress the warning that appears when a Kiosk Mode ACE is started
-K, --no-kiosk-mode Force a Kiosk Mode ACE to start outside of Kiosk Mode

 But, if you launch it with this command:

~$ vmplayer -h remote.host.with.vmware:8333

Where "remote.host.with.vmware" is obviously the IP Address of the remote VMWare Server machine and 8333 is the remote port for VIC control (TCP Default)

When you run it you can see:

Just input your remote username and password and you'll see the list of remote virtual machines available:

 Open one of the machines and use it. You cannot administer or manage remote filestore or create new virtual machines like VIC does but at least you can use them. You've full access to the remote machine console without VIC and without web access.

Hope it helps someone

 

Andrea (Ben) Benini

 

 

 

mod_rewrite with Fedora 10 and ISPConfig for WordPress

This relates to Fedora 10 and ISPConfig 3.0.1 set up as described in this HowtoForge post One of my colleagues recently got interested in offering our clients Wordpress as a content management system, so he's been trying it out. Yesterday he found out that if he wanted to change the permalink style in Wordpress he needed write access to .htaccess, which he didn't have because the user rights haven't been set up very well there. So I gave him write access by using
chown apache:apache .htaccess
Unfortunately this resulted in a 500 Interal Server Error. Looking at the error log for the website I tried this for it let me know that RewriteEngine directives were not allowed in the .htaccess. Since I didn't want to mess with the base configurations of ISPConfig I started looking around for other options. Eventually I found that I had to add something similar to this to the Apache directives field under options under the website's settings
<IfModule mod_rewrite.c>
<Directory /var/www/[sitename]/web/>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
</IfModule>
Of course [sitename] should be replaced with the name of your website. It all works after I restarted the apache server myself, but I do not know if that is completely necessary. Also it might take a few seconds before ISPConfig finishes editing the configuration file.
 

RAID: Installing grub on the other Disks

So, you've followed my previous blog: Replacing faulted drive on Linux software RAID (MDTOOLS), you already know how to swap a faulty drive with a new one, but what happens if you need to substitute primary disk where your Computer makes boot ?

After adding a new disk to your raid chain it's a good idea to make it bootable as well by installing grub on MBR. When boot drive in your raid array becomes faulty all you've to do is to power off your machine, substitute your faulty drive and boot your computer again. If you've properly set bios boot sequence to iterate between primary, secondary, ... you can boot your raid array again, second or third HD makes the boot because you've installed grub on it, pretty easy and straightforward, this contributes to have a bulletproof system.

How to install grub on other disks ?

First enter grub console:

~# grub
Probing devices to guess BIOS drives. This may take a long time.

 

GNU GRUB  version 0.97  (640K lower / 7168K upper memory)
[ Minimal BASH-like line editing is supported.  For the first word, TAB
   lists possible command completions.  Anywhere else TAB lists the possible
   completions of a device/filename. ]
grub> root (hd1,0)
grub> setup (hd1)
grub> quit

Where HD1 means second disk (grub starts counting from 0), HD2 means third disk and so on

If you've your boot partition inside a drive array as well it becomes easy to swap disks and replace them when faulty, here's an example:

boba:~# fdisk -l /dev/sda
Disk /dev/sda: 320.0 GB, 320072933376 bytes
255 heads, 63 sectors/track, 38913 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x0003272d
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          12       96358+  fd  Linux raid autodetect
/dev/sda2              13          73      489982+  fd  Linux raid autodetect
/dev/sda3              74         681     4883760   fd  Linux raid autodetect
/dev/sda4             682       38913   307098540   fd  Linux raid autodetect

take a look at my fstab:

boba:~# cat /etc/fstab
# /etc/fstab: static file system information.
#
# proc /proc proc defaults 0 0
/dev/md2 / ext3 errors=remount-ro 0 1
/dev/md0 /boot ext2 defaults 0 2
/dev/mapper/storage-storage /home xfs defaults 0 2
/dev/md1 none swap sw 0 0
/dev/hda /media/cdrom0 udf,iso9660 user,noauto 0 0

As you can see my /dev/md0 is the boot partition, /dev/sda1 is a part of it, it doesn't matter if you're using RAID1,5,6,10,...

With this hint you can boot your machine again, even if your primary disk has gone 

Hope it helps

 

Andrea (Ben) Benini

 

 

Open Source Security Solutions

A report on the state of security has been released today by the Sans Internet Storm Center , the two main threats posed to an organisation are the threat of targetted "spear phishing" against Client Desktops and attacks against web applications.

Most here at Linux.com would be familiar with the threat of the malware against Windows Desktops, this report highlights the fact that other client applications are being targeted; Adobe Reader and Quicktime are good examples. Of course running Linux on your desktop lowers the risk of these attack vectors considerably.

Another area where Linux based open source solutions excel is in security vulnerability assessment tools. Use of these tools will help to find security vulnerabilities within your web server and web applications. Once the vulnerabilities are found they can be fixed or remediated.

Here are some tools to get you started:

Nmap for port scanning of your system(s). Shows you open ports on your server and holes in your firewall.
OpenVas for server vulnerability scanning of your servers. It checks for listening ports / services and then tries to confirm if services are vulnerable to exploitation using a db of thousands of vulnerabilities.
Nikto is web service scanner that does a thorough analysis of your web server. Looks for scripts and server misconfigurations that are a security threat.
SQLiX performs SQL Injection Testing that can find vulnerable web application applications. This is a popular attack vector for web application attacks.
OSSEC  is a Host based intrusion detection system that is easy to setup and use.

These tools are all high quality and just a sample of the powerful open source security tools that are available.

About the Author: Peter runs the popular online open source security tool scanning site http://www.hackertarget.com. Where various security scanning tools are made available for free to assist in the securing of internet based servers.
 

Replacing faulted drive on Linux software RAID (MDTOOLS)

Here's a very quick HOWTO for Linux Software RAID, these notes are maded for replacing a faulty disk with a new one.

When you've a software RAID configuration with linux you've planned to survive to hardware failures, when these failures happen you need to replace the faulty drive with a new one and inform your RAID configuration of it.

First take a look at your current RAID config by running the command:

~# cat /proc/mdstat
Personalities : [raid1]
  md1 : active raid1 sda2[2](F) sdb2[1]
     70645760 blocks [2/1] [_U]
  md0 : active raid1 sda1[0] sdb1[1]
     9767424 blocks [2/2] [UU]
  unused devices:

 

This shows raid md1 has drive sda2 stopped with a fault.
As my config shows I've two disks with software RAID1, sda2 is marked as faulty (letter F) and block device is not present in the RAID ("_" instead of "U"). First thing to do is to replace the drive, power off the machine if you don't have hotswap drives

Then you need to inform your configuration about the new drive, first remove your previous block device (from raid md1 in my case):

~# mdadm /dev/md1 -r /dev/sda2
mdadm: hot removed /dev/sda2

Then add your new partitioned block device:

~# mdadm /dev/md1 -a /dev/sda2
mdadm: re-added /dev/sda2


Now you will see it regenerate your RAID chain in mdstat:

~# cat /proc/mdstat
Personalities : [raid1]
md1 : active raid1 sda2[2] sdb2[1]
70645760 blocks [2/1] [_U]
[>....................] recovery = 0.3% (268800/70645760) finish=21.8min speed=53760K/sec
md0 : active raid1 sda1[0] sdb1[1]
9767424 blocks [2/2] [UU]
unused devices:

When finished you'll have a working config

 

Hope it helps

Ben 

 

 

 
Page 5 of 9

Upcoming Linux Foundation Courses

  1. LFS426 Linux Performance Tuning
    08 Sep » 11 Sep - New York
    Details
  2. LFS520 OpenStack Cloud Architecture and Deployment
    08 Sep » 11 Sep - Virtual
    Details
  3. LFD320 Linux Kernel Internals and Debugging
    15 Sep » 19 Sep - Virtual
    Details

View All Upcoming Courses


Who we are ?

The Linux Foundation is a non-profit consortium dedicated to the growth of Linux.

More About the foundation...

Frequent Questions

Join / Linux Training / Board