Warning: Database file needs update - warning: /etc/aliases, line 2: record is in "key: value" format; is this an alias file?

I was investigating an error that I commonly receive in Logwatch every morning.

        2   *Warning: Database file needs update ----------------------------------------------------
        2      /etc/aliases

So I did what any normal person would do and GREPed the logs and ended up with this error:

/var/log/syslog:Jul 30 07:49:41 mx postfix/postmap[11224]: warning: /etc/aliases, line 2: record is in "key: value" format; is this an alias file?

So I did what any admin would do and ran newaliases, however that produced this error:

/var/log/syslog.1:Jul 29 17:03:48 mx postfix/smtpd[4062]: warning: database /etc/aliases.db is older than source file /etc/aliases

So after doing several Google searches I ended up finding a forum that gave me running this as a solution:

postalias /etc/aliases

That seemed to fix the problem. I could run newaliases after than without any error.

AutoMysqlBackup adds another layer of assurance

Nothing causes me loss of sleep more than the though of loosing data. To add another layer of assurance, AutoMysqlBackup helps me sleep better at night.

Just run:
apt-get install automysqlbackup

This utility automatically schedules a back of all your databases on a daily, weekly and monthly basis.

So you can always rollback(considering that you have matching nightly backup for your WWW files) if a disaster occurs.

New server is UP, BBU, cache and learning about IPMI

The new 2U server is on-line with the drives from the old T300 server (which are only 2 months old).

I'm constantly rsyncing my files from the rented server to the 2U server so that when I'm ready to switch over there will be less to sync.  The thing that takes me the longest, is actually migrating the databases.

I discovered that there is a Battery Backup Unit(BBU) for my 3ware 9550SX raid controller that is optional. This is necessary to keep the writes in cache alive in memory, in case of a power failure. Those writes get written to the disks once the power is restored. Enabling the cache will also increase the performance. I found a new BBU on Ebay for $120 bucks and ordered it. No it's just waiting for it to arrive.

I discovered that to get the KVM operating on the LAN NIC, it required a jumper to be moved. Once I had that done and was able to access it, I discovered that I had a non-KVM IPMI. I didn't even know that "that" existed. I can get into the KVM and monitor just about every sensor, as well as reboot the server, but with no KVM; I can't change BIOS options and such. I found a new IPMI with KVM support for my motherboard on Ebay for 99 bucks. I really can't wait for this one to arrive, because sometime I want to tweak something in the BIOS and just can't get a KVM from my DATACENTER because there is a waiting list.

The server only came with 8 gigs of RAM so I placed another 8 on order. I just can't operate on 8 gigs. It would be the death of me. As it is there is enough traffic on that server to have to swap out to disk with 16gigs, so 24 or 32 gigs is a future goal.

The new server has arrived at the collocation center

The server has arrived but not unpacked yet.

I'm pre-emptivly backing up my configuration, files and databases to a rented dedicated server so when the time comes for the final backup and sync it won't take too long.

The plan is to:

1. power up the rented dedicated server which won't be pulled until the 31st.
2. Migrate my sites and data back to that server. (2-3 hours)
3. remove the 4 1tb drives, 2 of the 4 gig DDR ECC memory and install them on the new server. 
4. Load the OS and migrate my site and data to the new server in case the raid set is not identified
5. Power down my rented dedicated server and the tower server.
6. Packup the tower server with all the left-over bits and pieces(extra raid controllers, memory dimms, cables,etc) and ship them back to me. 

Once my old server arrives, I will be turning it into the ultimate Warcraft Monster box. Then my wife will divorce me.

Pre-Login SSH banner

I was feeling very nostalgic one day and wanted an Ascii Art Login screen like the old BBSes I used to frequent as a youngster.

As you probably already know, I'm using Debian Squeeze, but this should work in just about any linux distro.

Just put what you want to appear in /etc/ssh/sshd_banner:

This is a private system! All attempts are logged!

Then, open /etc/ssh/sshd_config and modify this line:

#Banner /etc/issue.net
Banner /etc/ssh/sshd_banner

You can find cool ASCII art generators and galleries on-line.

How limit postfix from sending email certain domains in Debian Squeeze

Well all know those certain users that you know they got that job because they are related to someone. And, most of them tend to send mail to made up domains.

This is how to limit them from sending to domains that don't exist.

Open up:
nano /etc/postfix/maps/header_checks

Add the following line per your requirements:
/^To:.*@hotmail\.com\.mx/ REJECT This domain does not exist.
/^To:.*@gmail\.com\.mx/ REJECT This domain does not exist.

You can easily change To: to From: and block receiving emails from those domains as well.

Here is a guide that might help you with other things you might want to block: http://www.akadia.com/services/postfix_uce.html

Refurbished Supermicro 2U rackmount server bought from Ebay

I originally had a Dell T300 as out in-house server with four 1tb Sata 7.2k drives in a RAID-5 configuration. It's an ageing box with 3.16ghz XEON processor and not a hell of a lot of space to grow.

I saw this ad on Ebay:
Supermicro 2U 12-Bay 2.6Ghz Quad Core 8GB SATA Server, 3Ware 9550SX-12LP Raid

 

I was able to bid the seller down to 500 bucks, and with free shipping, you can't beat it. The seller even said he would throw in the IPMI for free. With 12 drive slots it has plenty of room to expand. Dual-Quad core XEON processors, rails, I can migrate my registered memory from the old server for a total of 24 gigs of ram.

Once it arrives at my collocation center(scheduled to be deliver on the 23rd of this month), I will be migrating my drives (and any memory that will fit) from the old server to the new unit.

Naturally, I will be installing Debian 6.0.7 Squeeze. Why not Debian 7 you say? Because unfortunately, my control panel of choice, DTC, does not work with Debian 7 yet. I guess one day I will get a new fancy control panel with integrated billing and provisioning, but I've yet to feel the need to have a single point of failure for my entire business. My hostbill is doing fine, and my support ticket system is doing pretty good too. If it ain't broke, don't fix it, I say; unless you're getting a significant improvement in some area.

Installing monitoring, cli and configuration software for a PERC5 raid controller on Debian Squeeze

Please add deb http://hwraid.le-vert.net/distrib branch main to /etc/apt/sources.list to access all packages.
distrib can be either debian or ubuntu.
branch can be lenny, squeeze, wheezy and sid for debian, or hardy, intrepid, jaunty and lucid for ubuntu.

In example, for current Debian stable release (Squeeze):
deb http://hwraid.le-vert.net/debian squeeze main

Theses packages are available for amd64 and i386 architectures. Sources packages are available as well (replace deb with deb-src).

Once you add the repo above do:

apt-get install megacli megaclisas-status megactl

To view the original doc: http://hwraid.le-vert.net/wiki/DebianPackages
To get the list of commands: http://hwraid.le-vert.net/wiki/LSIMegaRAIDSAS

Installing E-accelerator on Debain Squeeze

Download it

cd /tmp
wget http://www.debiantutorials.com/static/eaccelerator-0.9.6.1.tar.bz2

Unpack it

tar -xvjf eaccelerator-0.9.6.1.tar.bz2

Prepare for compiling it

apt-get install php5-dev make
cd eaccelerator-0.9.6.1
phpize

Compile it

Note: The extra option –without-eaccelerator-use-inode is a fix for problems of basedir-open/basedir-restrictions found with this version of eAccelerator.
See http://tipstricks.itmatrix.eu/?p=1297 for more details.

./configure --enable-eaccelerator=shared --without-eaccelerator-use-inode
make
make install

Add a configuration to it

Add the following configuration in: /etc/php5/conf.d/eaccelerator.ini

extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/var/cache/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

Create the cache directory for it

mkdir -p /var/cache/eaccelerator
chmod 0777 /var/cache/eaccelerator

Restart Apache2
/etc/init.d/apache2 restart

How to fix SSH timeouts

This is such a nuisance. I don't know of anything more annoying than to walk away to the bathroom, kitchen or whatever; and come back to find your terminal session disconnected.

This can also be helpful when running jobs that take a little longer, but I would really advise using SCREEN for that.

We will tackle this problem from both ends, the server and the client.

On the server

Edit /etc/ssh/sshd_config and add the line:


ClientAliveInterval 60

On the client

Edit /etc/ssh/ssh_config and add the line:

ServerAliveInterval 60

Installing Logwatch on Debian Squeeze

Logwatch is a good package that can send you emails every morning that you can peruse over your coffee. Is will run through your log file looking for anomalies.

It doesn't get much easier than this.

apt-get install logwatch

Config file here:

/usr/share/logwatch/default.conf/logwatch.conf

How to turn off IPv6 in Bind9 in Squeeze

In order to stop those nasty messages in your log files about not being able to find the route for IPV6 lookups, just do this:

nano /etc/default/bind9

Change OPTIONS to:

OPTIONS="-4 -u bind"

"-4" will tell bind to use ipv4 only.

How to turn off IPv6 in Debian Squeeze

Disabling IPv6 is not crucial however I like to keep my logs clean and to a minimum. 

Disable ipv6 in kernel :
echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf will disable ipv6 at next reboot.

Installing Denyhosts on Debian Squeeze(6.0.7)

While trying to install Denyhosts on Debian(with SYNCING working), I ran around this guide: Preventing_ssh_dictionary_attacks_with_denyhosts on Debian on Howtoforge. It had be written in 2006. Time for an update.

The DenyHosts in the Debian Repos worked fine, if you are not interested in SYNCing. If your not using syncing in Denyhosts, you might as well use Fail2ban, as it covers more services that just SSH.

The sync feature really sets Denyhosts apart from the rest of the pack. Because as soon as an IP is detected and banned on a server half-way around the world, it will will shortly be pre-emptively banned on your server as well. So you are protected by, as well as helping to protect others.

Here is what worked for me:

1 Installation

DenyHosts is written in Python, therefore we must install Python and also the Python development files first:

apt-get install python2.6-dev python2.6

or you can probably get away with doing:

apt-get install python python-dev

I just happened to know that 2.6 was the latest in the repos anyways.

Then we download and install DenyHosts like this:
cd /tmp
wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz/download
tar xvfz DenyHosts-2.6.tar.gz 
cd DenyHosts-2.6
python setup.py install
This installs DenyHosts to /usr/share/denyhosts.

2 Configuration

Now we have to create the DenyHosts configuration file /usr/share/denyhosts/denyhosts.cfg. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dist for this:

cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg

Make sure you set SECURE_LOG and LOCK_FILE to the correct values for your distribution! For Debian, these are:

SECURE_LOG = /var/log/auth.log
LOCK_FILE = /var/run/denyhosts.pid

As we want to run DenyHosts as a daemon, we need the daemon control script /usr/share/denyhosts/daemon-control. Again, we can use the sample script /usr/share/denyhosts/daemon-control-dist to create the needed file:

cp daemon-control-dist daemon-control
Edit /usr/share/denyhosts/daemon-control and make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. For Debian, these are:

DENYHOSTS_BIN   = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"

Next we have to make that file executable:

chown root daemon-control
chmod 700 daemon-control
Afterwards, we create the system bootup links for DenyHosts do that it is started automatically when the system is booted:

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
Finally, we start DenyHosts:
/etc/init.d/denyhosts start
 
DenyHosts logs to /var/log/denyhosts, if you are interested in the logs. The SSH daemon logs to /var/log/auth.log on Debian. You can watch both logs and try to log in with an invalid user or with a valid user and incorrect password, etc. via SSH and see what happens. 

Credits to: Falko Timme <ft [at] falkotimme [dot] com> for writing the original guide I drew most of this text from.

Preface

Here I am looking very mysterious and hacker-ish.

I am a long-time computer enthusiast(way back to the commodore, time-sinclar, Atari 800) days. I now own a speciality hosting provider for universities and businesses called Hospemex.com.

I've been interested in Linux for a long time. I was trained as a Windows Engineer(MCSE) back in the 1990s. Windows 2000 was all the rage. However, every-time I would walk into a book store, there would be Linux, right in my face with free CD ready to be loaded and experimented with. I believe around 2000 I gave in to my curiosity and installed Linux. I loved it's graphical interface and wanted to learn more. I could see the potential of having a free open-source operating system. I installed a distro that isn't even around any-more. I can't even recall the name. I've since loaded BSD, REDHAT and SLACKWARE and Mandrake(back when it was still called Mandrake). It was always on a spare machine that I didn't need and my kids could experiment with.

Fast Forward to 2008 and UBUNTU is being touted as being a windows killer. After doing some reading, watching Youtube videos and hearing about people touting the SPEED superiority; I caved in and installed it dual-boot on my laptop. Little by little over time I found myself working more and more on the Linux side of my laptop. I truly began to enjoy the GNOME interface.

I now had a taste of the power of Linux on the desktop, but I wanted to see a server at work. Knowing that Ubuntu was based on Debian(and Ubuntu did not offer a server version at the time), I naturally selected Debian as the server to learn the ropes on.

As a freelance engineer, I began suggesting Debian as a file-server for many of my projects. My clients were very happy to see how much I was able to save them on licensing. Slowly I was converting almost all my clients to a Debian file-server when their time to renew the hardware, or wanted better performance from their file-server.

Fast forward again to the present, I'm continually buying collocation rack space and servers for my clients. I have a presence on 3 different continents, and my company provides services to 35 major companies, universities and governments, around the globe. I am not an expert in Debian Linux (by far). I am continuously learning and updating my knowledge on Debian; thanks to websites, bloggers, wiki sites, howtos etc.,etc.,etc.