Browsing articles in "Blog"

Monitoring Percona Mysql with Munin

Dec 5, 2013   //   by BridgeInfomatics.com   //   Blog  //  4 Comments

Create a new file /etc/munin/plugin-conf.d/mysql with below content

[mysql*]
  env.mysqlconnection DBI:mysql:mysql;host=127.0.0.1;port=3306
  env.mysqluser munin
  env.mysqlpassword 50meS3cr3tPassw0rd

Next, create a new user in mysql:

mysql> CREATE USER munin@127.0.0.1 IDENTIFIED BY '50meS3cr3tPassw0rd';
mysql> GRANT SUPER,PROCESS ON *.* TO munin@127.0.0.1;
mysql> GRANT SELECT ON mysql.* TO munin@127.0.0.1;
mysql> FLUSH PRIVILEGES;

You may need to install some perl dependencies:

yum install -y perl-Cache-Cache

Now, test that your new user is able to connect to the db thorough munin. You should not see any mysql errors printed here.

munin-node-configure --suggest 2>&1 | grep mysql

Next, install the suggested mysql plugins:

(munin-node-configure --shell 2>&1 | grep mysql | /bin/bash); service munin-node restart

Finally, you can confirm that the plugin is setup and working properly by testing it by running munin-run

munin-run mysql_connections
max_connections.value 2048
Max_used_connections.value 80
Aborted_clients.value 7047
Aborted_connects.value 43060
Threads_connected.value 4
Connections.value 3405554

If you get error like

Unknown section: Main thread process no. 19405, id 139794226624256, state: flushing buffer pool pages at /etc/munin/plugins/mysql_connections line 1099.

You need to make a simple change to /usr/share/munin/plugins/mysql_ in the subroutine update_innodb around line 982 add

$sth->finish();
<strong>$status =~ s/-----------------\nMain thread//g;</strong>  ##add this line
 
parse_innodb_status($status);

Securing WordPress – Tips & Tricks

Oct 22, 2013   //   by BridgeInfomatics.com   //   Blog  //  No Comments

Recent there has been mass attack on WordPress sites where hackers have successfully defaces many sites.

Below are some of the techniques to keep a WP site safe

1 . First and foremost keep your wordpress installation up to date.

2. Keep you plugins and themes up to date.

3. Install plugins and themes from trusted sources only.

4. Make sure every WP user have strong password, there are plugins available to force strong passwords

5. Secure /wp-login.php with HTTPS.

6. Setup login CAPTCHA

7. There are plugins available that can stop brute-force attack on login pages, install them.

8. Do regular scan of wp-content directory, hackers put their malware in location(or sub-directories)

9. Make sure you use secure FTPS or SFTP for file transfers.

10. install mod_security and set it up to scan any new uploaded file with anti-virus like ClamAV

11. Moder FTP servers also have provision to scan files on upload, you can employ this.

12. Protect all index.php and 404.php files, most defacing is done by modifying these files. Make them immutable with ‘chatte +ias’ command

13. Secure /wp-admin url by imposing server side password or IP based restrictions.

14. Last but not least make sure to do regular backups of both the database as well as the files

Apart from the above there are other security measures listed here http://codex.wordpress.org/Hardening_WordPress

Setting up HTTPS SSL certificate for Amazon Elastic Load Balancer

Jun 19, 2013   //   by BridgeInfomatics.com   //   Blog  //  No Comments

If you use HTTPS termination on Amazon Elastic Load Balancer (ELB), ELB requires that the certificates are in PEM format.

Usually certificate authorities provide these certificates in PEM Base64 encoded  format.
To add them to ELB they need to be converted to standard PEM format, all the Key, Certificate and the CA certificate should be converted.

Below are the command for these conversion

To convert Key file

openssl rsa -in yourdomain.key -outform PEM

To convert Certificate and the CA certificate bundle

openssl x509 -inform PEM -in yourdomain.crt
 
openssl x509 -inform PEM -in bundle.crt

pg_dump No space left on device

Feb 7, 2013   //   by BridgeInfomatics.com   //   Blog  //  No Comments

While doing a postgres database dump if you hit ‘No space left on device’ error even though there is enough space as well as inodes available on disk.

Chances are you are dumping data in tar format, switch to custom or plain text format and that will solve your problem.

AFAIK there are no advantages of using tar format instead of custom (both works with pg_restore).

Plesk The current Container offline management settings make the Panel unavailable

Oct 31, 2012   //   by BridgeInfomatics.com   //   Blog  //  No Comments

If you see error message upon upgrading Plesk control panel, and are eager to access the upgraded version a quick fix is to edit file

/etc/sw-cp-server/applications.d/plesk.conf

and change the default port 8443 to something different like 18443 and restart plesk sw-cp-server

So the lines in the file should read

 include_shell "/etc/sw-cp-server/applications.d/plesk.socket.sh 18443 ssl"
 include_shell "/etc/sw-cp-server/applications.d/plesk.socket.sh 18880"
 include_shell "/etc/sw-cp-server/applications.d/plesk.socket.sh 18443 ipv6 ssl"
 include_shell "/etc/sw-cp-server/applications.d/plesk.socket.sh 18880 ipv6"

 


Note, this is only a temporary fix.

If you have root access to the host node then run

vzctl set VEID –offline_management=no –save

Else contact your VPS provider.

dovecot postmaster_address setting not given lda

Jan 12, 2012   //   by BridgeInfomatics.com   //   Blog  //  No Comments

If you see this error add below lines to dovecot configuration file

protocol lda {
postmaster_address = postmaster@your.com
}

postmaster_address is the address were bounced messages will be sent.

ODW_STATUS critical opsview nagios

Nov 29, 2011   //   by BridgeInfomatics.com   //   Blog  //  No Comments

If you see this alert/notification on a opsview server, login to the opsview master server and as user ‘nagios’ run

. /usr/local/nagios/bin/profile && /usr/local/nagios/bin/cleanup_import -v

The output will be like
Running cleanup for all data after Sun Nov 27 02:59:59 2011 on this opsview instance

then run

. /usr/local/nagios/bin/profile && /usr/local/nagios/bin/import_runtime -v

You will see the

Running for 2011-11-27 03:00:00 – started at Tue Nov 29 14:25:26 2011
– took 26 seconds
Running for 2011-11-27 04:00:00 – started at Tue Nov 29 14:25:52 2011
– took 8 seconds
Running for 2011-11-27 05:00:00 – started at Tue Nov 29 14:26:00 2011
– took 10 seconds
Running for 2011-11-27 06:00:00 – started at Tue Nov 29 14:26:10 2011
– took 11 seconds

Binary log is not open

Nov 13, 2011   //   by BridgeInfomatics.com   //   Blog  //  No Comments

In a mysql replication setup if you see something like this error

Got fatal error 1236 from master when reading data from binary log: ‘Binary log is not open’

make sure you have binary logging enabled in my.cnf, you can add a line like

log-bin=mysql-bin

to master’s my.cnf file

Error – Perl execution failed Undefined subroutine & virtual_server::show_domain_name…..

Oct 22, 2011   //   by BridgeInfomatics.com   //   Blog  //  No Comments

If you see this error with webmin one possible reason could be you server does not have enough memory.
On a OpenVZ based VPS check UBC values and make sure none are failing.

linux security tool

Oct 21, 2011   //   by BridgeInfomatics.com   //   Blog  //  No Comments

Some must have tools on any linux servers

Firewall

CSF – http://www.configserver.com/cp/csf.html
APF – http://www.rfxn.com/projects/advanced-policy-firewall/
Anti-brute force for SSH

DenyHosts – http://denyhosts.sourceforge.net/
Anti-Virus, Rootkit and Malware scanners

ClamAv – http://www.clamav.net/
Rootkit Hunter – http://rkhunter.sourceforge.net/
chkrootkit – http://www.chkrootkit.org/
maldet – http://www.rfxn.com/projects/linux-malware-detect/

Pages:12»

Blog Categories