exim -bp | exiqgrep -i | xargs exim -Mrm
August 9, 2014
August 7, 2014
Send email alerts if PERC H200 raid fails in Linux
Recently I have bought a Dell PowerEdge R210 server which is equipped by PERC H200 raid controller.
As I have setup a raid 1 on this server, I needed to monitor its raid status, Here is what I did :
First you need “sas2ircu” utility which can be found on following website :
http://hwraid.le-vert.net/wiki/DebianPackages
Running “sas2ircu 0 STATUS” give you following output :
root@x:/# sas2ircu 0 STATUS LSI Corporation SAS2 IR Configuration Utility. Version 16.00.00.00 (2013.03.01) Copyright (c) 2009-2013 LSI Corporation. All rights reserved. Background command progress status for controller 0... IR Volume 1 Volume ID : 79 Current operation : None Volume status : Enabled Volume state : Optimal Volume wwid : xxxxxxxxxxxxxx Physical disk I/Os : Not quiesced SAS2IRCU: Command STATUS Completed Successfully. SAS2IRCU: Utility Completed Successfully.
What we are interested in is “Optimal” status. so if Optimal changes to anything, we want to be notified.
You can use the following script to do that (change MAIL variable to your own email address) :
#!/bin/bash
MAIL=mail@domain.com
RESULT=`sas2ircu 0 STATUS | grep Optimal`
if [ -z "$RESULT" ]; then
echo "RAID ERROR ON SERVER" | mail -s 'Raid Error' "$MAIL"
else echo "Raid is OK"
fi
as always do not forget to test if your server is actually able to send mails and you receive them.
Finally save the script in a file and put it in cronjob. I have chosen to run it every 12 hours :
0 */12 * * * /usr/bin/raidcheck
July 23, 2014
How to block ongoing DDOS attack on Linux Server
DDOS attacks are one of hardest types of network attacks to encounter and stop. Usually the attacker uses many different IPs to request legitimate resources from your network to the point of exhaustion of your system resources and takes it down.
If you can somehow filter the IP addresses of the attacker on your system, then it is possible to block them in iptables easily and stop the attack.
In my case the attacker was attacking a website hosted on a dedicated IP address, so I was easily able to filter the attacker IP addresses by following command :
netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq
a.b.c.d : IP address of my server which the victim website was hosted on
You may do all kinds of filtering using grep and awk.
After I identified attacker IP addresses, blocking them was easy. first create a file named block and put it in /usr/bin with following contents :
#!/bin/bash iptables -I INPUT -s $1/32 -j DROP
make it executable :
chmod +x /usr/bin/block
then run the following command :
netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq | xargs -n1 block
It will automatically block all attacker IPs in server firewall.
You may run the command every 5-10 minutes until the attack stops completely.
The problem of this approach is that you may end up blocking some legitimate users mixed with attacker IPs, but it is still better than having your whole server down indefinitely.
Also after the attack stops, you can remove all firewall rules or simply reboot your server and everything will be good 🙂
Edit :
In fact you can turn this into a real one liner without creating block file :D, here it is :
netstat -n | grep a.b.c.d | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort | uniq | xargs -n1 -I {} iptables -I INPUT -s {}/32 -j DROP
July 20, 2014
Send email alerts when HP Proliant RAID fails in Linux
As a minimalist person, I am not a fan of running heavy monitoring tools of HP on my server. so I have written a very small bash script to monitor my server RAID status and send me email alerts if it fails.
For this script to work, first you need to install hpacucli (HP Array Configuration Utility) on your server. you can download it from HP website for your Linux distribution.
The script is very easy to understand but you may need to tweak it a little bit to fit your server.
The heart is this line :
hpacucli ctrl slot=1 pd all show
which returns following on my server :
\\ EMPTY LINE
Smart Array P222 in Slot 1
array A
physicaldrive 2I:1:1 (port 2I:box 1:bay 1, SATA, 3 TB, OK)
physicaldrive 2I:1:2 (port 2I:box 1:bay 2, SATA, 3 TB, OK)
physicaldrive 2I:1:3 (port 2I:box 1:bay 3, SATA, 3 TB, OK)
physicaldrive 2I:1:4 (port 2I:box 1:bay 4, SATA, 3 TB, OK)
but we only need lines 6-9 which are showing the drives status. It is where you may need to tweak it as you may have more or less drives.
So it may not be 6-9 for you and you may need to change 6,9 in sed command.
Here is the final script :
#!/bin/bash MAIL=mail@domain.com RESULT=`hpacucli ctrl slot=1 pd all show | sed -n '6,9 p' | grep -v OK` if [ -n "$RESULT" ]; then echo "$RESULT" | mail -s 'Raid Error' "$MAIL" else echo "Raid is OK" fi
Dont forget to change MAIL variable to your own email address.
You may test the script once to make sure your server is able to send emails and you actually receive them.
Finally save the script in a file and put it in cronjob. I have chosen to run it every 12 hours :
0 */12 * * * /usr/bin/raidcheck
May 12, 2014
SPF Policy Tester & Syntax Validator
This website is super useful for verifying and testing SPF records :
SPF Syntax Validator : http://vamsoft.com/support/tools/spf-syntax-validator
SPF Policy Tester : http://vamsoft.com/support/tools/spf-policy-tester
May 11, 2014
How to enable mod_deflate on Apache 2.4
Well, I am writing this guide because enabling mod_deflate on Apache 2.4 has become more complex than enabling a single module like it was on Apache 2.2
Now you have to enable 3 modules in httpd.conf for mod_deflate to work properly :
LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule filter_module modules/mod_filter.so
Also you have to enable compression by this config :
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript DeflateCompressionLevel 9
May 9, 2014
Auto update Atomicorp mod_security rules script
Here is a very simple script, I have written for my own use to auto update mod_security rules from Atomicorp server. You can use cronjobs to automate the process.
Dont forget to put your Atomicorp subscription username and password in the script.
#!/bin/sh
USER=
PASS=
DIR=/var/cpanel
VER=`wget -q --user=$USER --password=$PASS http://updates.atomicorp.com/channels/rules/subscription/VERSION -O - | grep MODSEC_VERSION | sed -r 's/^.{15}//'`
FILE_NAME=modsec-$VER.tar.bz2
wget -q --user=$USER --password=$PASS http://updates.atomicorp.com/channels/rules/subscription/$FILE_NAME -O - | tar jxf - -C $DIR
/etc/init.d/httpd -k graceful
In this case, the script will install the rules in /var/cpanel/modsec directory and reload the server gracefully.
Apparently you should have the following in your modsec2.user.conf
Include "/var/cpanel/modsec/000000_asl_modreqtimeout.conf" Include "/var/cpanel/modsec/00_asl_0_global.conf" Include "/var/cpanel/modsec/00_asl_rbl.conf" Include "/var/cpanel/modsec/00_asl_z_antievasion.conf" Include "/var/cpanel/modsec/00_asl_zz_strict.conf" Include "/var/cpanel/modsec/01_asl_content.conf" Include "/var/cpanel/modsec/01_asl_rules_special.conf" Include "/var/cpanel/modsec/03_asl_dos.conf" Include "/var/cpanel/modsec/05_asl_exclude.conf" Include "/var/cpanel/modsec/05_asl_scanner.conf" Include "/var/cpanel/modsec/09_asl_rules.conf" Include "/var/cpanel/modsec/09_asl_rules_antievasion.conf" Include "/var/cpanel/modsec/10_asl_antimalware.conf" Include "/var/cpanel/modsec/10_asl_antimalware_output.conf" Include "/var/cpanel/modsec/10_asl_rules.conf" Include "/var/cpanel/modsec/11_asl_adv_rules.conf" Include "/var/cpanel/modsec/11_asl_data_loss.conf" Include "/var/cpanel/modsec/11_asl_rules.conf" Include "/var/cpanel/modsec/12_asl_brute.conf" Include "/var/cpanel/modsec/20_asl_useragents.conf" Include "/var/cpanel/modsec/30_asl_antimalware.conf" Include "/var/cpanel/modsec/30_asl_antispam.conf" Include "/var/cpanel/modsec/30_asl_antispam_referrer.conf" Include "/var/cpanel/modsec/31_asl_urispam.conf" Include "/var/cpanel/modsec/40_asl_apache2-rules.conf" Include "/var/cpanel/modsec/50_asl_rootkits.conf" Include "/var/cpanel/modsec/51_asl_rootkits.conf" Include "/var/cpanel/modsec/60_asl_recons.conf" Include "/var/cpanel/modsec/61_asl_recons_dlp.conf" Include "/var/cpanel/modsec/98_asl_adv_redactor.conf" Include "/var/cpanel/modsec/98_asl_jitp.conf" Include "/var/cpanel/modsec/99_asl_a_redactor.conf" Include "/var/cpanel/modsec/99_asl_exclude.conf" Include "/var/cpanel/modsec/99_asl_jitp.conf" Include "/var/cpanel/modsec/99_asl_redactor.conf" Include "/var/cpanel/modsec/99_asl_redactor_post.conf"
March 29, 2014
How to return your Google Play Edition HTC One to stock Sense
I have a HTC One (m7u) which originally came with HTC Sense OS, As I am a fan of stock android, I had it converted to a Google Play Edition HTC One when it was released.
Recently I noticed a purple tint in low light pictures taken by my HTC One, I did some research and I found out it is a hardware issue and camera should be replaced by HTC. I still had warranty but as I had done extensive modifications to my phone, it was possible that HTC refuses to repair it under warranty. so I decided to revert it back to stock sense and it took me around 12 hours to figure out how to do this properly. so I am writing this guide to help others who may have the same issues.
HTC One is one of the most complex devices I’ve ever worked with when you want to tweak it. It comes with a locked boot-loader which you need to unlock with a cryptographic key obtained from HTC. other than that , it has a security lock which you can turn on or off (known by s-on & s-off). I will not go into great details of these features as there are a lot of resources about them on Internet.
Lets get to reverting back your HTC One to stock ROM. My assumption is that you have a phone with unlocked bootloader and s-off and a non-stock ROM on it (Google Play Edition in my case).
Before we get to flashing things into your phone, you should check your current phone mid (model id) and cid (custom id). there is a chance that the custom ROM which you have flashed into your phone has changed your phone mid and cid and stock ROM will not install on your phone unless you revert them back into original values.
In order to check your phone mid and cid, reboot your phone into boot-loader mode by adb with following command (I assume you know how to work with adb and fastboot, if you dont just google for it and learn it) :
adb reboot bootloader
after phone is in bootloader mode, issue the following command :
fastboot getvar all
here is the output for me :
(bootloader) version: 0.5 (bootloader) version-bootloader: 1.54.0000 (bootloader) version-baseband: 4T.21.3218.21 (bootloader) version-cpld: None (bootloader) version-microp: None (bootloader) version-main: 3.62.1700.1 (bootloader) version-misc: PVT SHIP S-OFF (bootloader) serialno: XXXX (bootloader) imei: XXXX (bootloader) meid: 00000000000000 (bootloader) product: m7_u (bootloader) platform: HBOOT-8064 (bootloader) modelid: PN0712000 (bootloader) cidnum: GOOGL001 (bootloader) battery-status: good (bootloader) battery-voltage: 4338mV (bootloader) partition-layout: Generic (bootloader) security: off (bootloader) build-mode: SHIP (bootloader) boot-mode: FASTBOOT (bootloader) commitno-bootloader: dirty-0e82187e (bootloader) hbootpreupdate: 11 (bootloader) gencheckpt: 0
These are important information :
(bootloader) version-bootloader: 1.54.0000 : bootloader is 1.54 , so it will not work with revone tool to lock the bootloader again. we need bootloader 1.44 to Lock it completely.
(bootloader) product: m7_u : the phone variation is m7u (GSM Only) and not m7ul (GSM & LTE). it is important when you want to choose the stock ROM.
(bootloader) modelid: PN0712000 : PN0712000 is Google Play Edition model which is different from my phone stock. I need to revert it back to original before I can flash the stock ROM.
(bootloader) cidnum: GOOGL001 : GOOGL001 is Google Play Edition custom id which is different from my phone stock. I need to revert it back to original before I can flash the stock ROM.
(bootloader) security: off : my phone is in s-off state. I need to make it s-on.
Now we have to change modelid and cid to original values. you can find your phone modelid on the back of your phone. it starts with PN so it is easy to find and there are only a few possible values based on the region of the phone.
There are 3 ways to change modelid of your phone :
1.Flashing an Engineering bootloader on your phone and changing modelid through fastboot commands (NOT RECOMMENDED)
2.Change modelid through adb, explained here :Â http://forum.xda-developers.com/showthread.php?t=2490792
3.Change modelid through TWRP/CWM recovery, explained here : http://forum.xda-developers.com/showthread.php?t=2535365
After changing the modelid reboot into bootloader and confirm it has been changed properly.
Fortunately changing cid is much easier and can be done through a single command in boot-loader mode (change YOURCID to your stock cid value) :
fastboot oem writecid YOURCID
Note : CID is also dependent on the region and your phone carrier, if you dont know your stock cid, your best bet is to search on forums like xda-developers where many users around the world have shared their modelid and cid and carrier names.
After changing the cid reboot into bootloader and confirm it has been changed properly.
Now that we have proper mid and cid, we can relock bootloader and flash stock ROM. in order to relock bootloader issue the following command while you are in bootloader mode :
fastboot oem lock
Note : Please note your boot-loader has changed into RELOCKED state which shows you had voided your warranty ! we will fix it later using revone tool.
You can find the proper ROM for your htc one on this website : http://www.htc1guru.com/downloads/ruu-zip-downloads/
the ruu zip is pretty large and is approximately 1GB. download the ruu zip for your device and place it inside your adb folder and rename it to ruu.zip
reboot into HTC RUU mode (Rom Update Utility) while you are in boot-loader mode :
fastboot oem rebootRUU
You can recognize the RUU mode by a black screen and a silver htc logo in center.
After you are in RUU mode issue the following command TWICE :
fastboot flash zip ruu.zip
It is important to issue the command twice because first time it updates the bootloader and reboots into RUU mode again ready for ROM to be flashed.
If you have done every step correctly , your stock ROM should be flashed into your device now and you can see the progress on screen.
When flashing is over and you get a success message , it is time to reboot the device :
fastboot reboot
Your phone should boot into stock ROM now. it may take a while as this is like the first boot of the phone. but there is still two steps to be done :
1. Locking bootloader (it is in Relocked state now)
2. Turning Security ON (S-ON)
In order to Lock the bootloader like original we will use a tool called revone.
Please read this guide on how to use revone to Lock your bootloader : http://forum.xda-developers.com/showthread.php?t=2497712
Note 1 : Revone will not work on hboot 1.54 or above, if by any chance you have boot-loader 1.54 or higher, you need to downgrade your hboot to version 1.44.
Note 2 : You may need to run revone more than once to work. for me personally it took two tries to get a success message.
After you got a success massage from revone , reboot back into bootloader and make sure your bootloader is in Locked state.
The last step is to turn the security on, it is very easy, just run the following command in bootloader :
fastboot oem writesecureflag 3
Now your device is 100% back to stock and you can return it for warranty 🙂 just reboot the phone and install all the official OTA updates.
November 6, 2013
Installing rtorrent+rutorrent on Debian 7 Wheezy
Here is a simple guide on how to install rtorrent/rutorrent on Debian 7 Wheezy , It may also work on Ubuntu and other Debian based Linux distros.
Install prerequisite packages :
apt-get install gcc pkg-config libssl-dev g++ make libncurses5-dev libsigc++-2.0-dev libcurl4-openssl-dev subversion screen nano
Install XMLRPC-C , it is required for rutorrent communication with rtorrent :
svn co http://svn.code.sf.net/p/xmlrpc-c/code/advanced xmlrpc-c cd xmlrpc-c ./configure make make install
Install LibTorrent required by rtorrent :
wget http://libtorrent.rakshasa.no/downloads/libtorrent-0.13.3.tar.gz tar zxvf libtorrent-0.13.3.tar.gz cd libtorrent-0.13.3 ./configure make make install
Install rtorrent client :
wget http://libtorrent.rakshasa.no/downloads/rtorrent-0.9.3.tar.gz tar zxvf rtorrent-0.9.3.tar.gz cd rtorrent-0.9.3 ./configure --with-xmlrpc-c make make install ldconfig
Now, we have to make a user for rtorrent and configure it :
useradd user1 mkdir -p /home/user1/rtorrent mkdir -p /home/user1/rtorrent/.session mkdir -p /home/user1/rtorrent/download chown -R user1:user1 /home/user1
Copy rtorrent sample config from rtorrent source directory to user1 home directory :
cp rtorrent-0.9.3/doc/rtorrent.rc /home/user1/.rtorrent.rc
Now you can customize the configuration :
nano /home/user1/.rtorrent.rc
But what you need to customize are following options :
directory = /home/user1/rtorrent/download session = /home/user1/rtorrent/.session scgi_port = localhost:5000
It is time to run rtorrent, This command runs rtorrent as user1 :
su - user1 -c 'screen -fa -d -m rtorrent'
Now we can install Apache + php5 which is required by rutorrent :
apt-get install libapache2-mod-php5
Enable auth_digest module which is required for rutorrent authentication :
a2enmod auth_digest
Install rutorrent+pluins :
wget http://dl.bintray.com/novik65/generic/rutorrent-3.6.tar.gz tar zxvf rutorrent-3.6.tar.gz mv rutorrent /var/www wget http://dl.bintray.com/novik65/generic/plugins-3.6.tar.gz tar zxvf plugins-3.6.tar.gz mv plugins /var/www/rutorrent/
Tip : The only plugin which you need is httprpc. you can disable or delete all the rest.
Configure user1 on rutorrent :
mkdir -p /var/www/rutorrent/conf/users/user1 cp /var/www/rutorrent/conf/config.php /var/www/rutorrent/conf/users/user1 nano /var/www/rutorrent/conf/users/user1/config.php
Make sure $scgi_port in config.php matches scgi_port in rtorrent config file :
$scgi_port = 5000;
For rutorrent web authentication create .htaccess file in rutorrent directory :
nano /var/www/rutorrent/.htaccess
Copy and paste the following inside .htaccess :
AuthName "Restricted Area" AuthType Basic AuthUserFile /etc/.htpasswd AuthGroupFile /dev/null require valid-user
Create password file for Apache :
htdigest -c /etc/.htpasswd "Restricted Area" user1
Now we need to configure Apache to allow .htaccess override :
nano /etc/apache2/sites-enabled/000-default
Change :
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
To :
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
And finally restart apache :
/etc/init.d/apache2 restart
Now you should be able to access your rtorrent/rutorrent on this address : http://IP_SERVER/rutorrent
October 24, 2012
The proper way to benchmark disk write performance in Linux
dd bs=1M count=512 if=/dev/zero of=test conv=fdatasync
The result is something like this :
512+0 records in
512+0 records out
536870912 bytes (537 MB) copied, 1.43334 s, 375 MB/s