One Line WordPress Install

One Line WordPress Install

To install the latest version of WordPress to your current working directory in Linux you can run this command

#wget -O - https://wordpress.org/latest.tar.gz |tar --strip-components=1 -xvzf - wordpress/

Just make sure you are in your install directory when you run it

#cd /var/www/html


my btmp file is huge on linux, what do I do

my btmp file is huge on linux,  what do I do

The /var/log/btmp file is one that tracks all of the login attempts on your machine.  If it is huge it probably means someone is trying to brute force attack you computer.

the file is binary so you can not just view it,  you have to use

#lastb|less

Most likely you will find that someone has been attempting to repeatedly hack your computer,   consider setting up a firewall which limits the IP address that are allowed to login to your SSH port.

You could also install DenyHosts

#apt-get install denyhosts

One issue that can occur is that if you are getting attacked,  the log size gets to large.

Most likely your logrotate.conf file has a /var/log/btmp entry in it.   Update this file to rotate and compress the log file more frequently (see the logrotate documentation)

Postgrey does not start – postfix rejecting mail – cannot connect to check_policy

Postgrey does not start – postfix rejecting mail – cannot connect to check_policy

On one of our mail servers as we were transitioning to a new server had an identical configuration of postfix,  policyd and postgrey put on it,  however it was rejecting mail with the following messages.

451 4.3.5 Server configuration problem;

A look at the messages just proceeding this in the mail.log, showed the real reason.

warning: connect to 127.0.0.1:60000: Connection refused
warning: problem talking to server 127.0.0.1:60000: Connection refused

A quick look into our postfix configuration shows that we had been running our greylist policy service there.

#grep 60000 /etc/postfix/ -r
/etc/postfix/main.cf:greylist = check_policy_service inet:127.0.0.1:60000

I check that the greylist service was installed correctly,  checked the open ports,  which ports the service ws supposed to run on and updated the postfix configuration file to use the correct port

# dpkg -l|grep postgrey
ii postgrey 1.34-1.2 all greylisting implementation for Postfix
#lsof -i:60000       #no results confirms that nothing is listening on port 60000
# grep OPTS /etc/default/postgrey       #a lookup of what options would run when postgrey is started shows what I should run to debug the daemon
POSTGREY_OPTS="--inet=10023"
#postgrey --inet=10023
2015/04/25-09:29:44 postgrey (type Net::Server::Multiplex) starting! pid(1569)
Resolved [localhost]:10023 to [127.0.0.1]:10023, IPv4
Resolved [localhost]:10023 to [::1]:10023, IPv6
Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Binding to TCP port 10023 on host ::1 with IPv6
ERROR: Can't connect to TCP port 10023 on ::1 [Cannot assign requested address] at /usr/sbin/postgrey line 776.
#lsof -i:10023       #no results confirms that nothing is already listening on port 10023

So I have two changes I had to make,

  • update the postfix and postgrey to be operating on the same port
  • Find out what is stopping postgrey from listening on port 10023

To change postfix to operate on the same channel as postgrey was a simple choice,  either tell postfix to check the policy service on 10023,  or change postgrey to be on channel 60000.  Since the postgrey was installed with apt-get and automatically choose 10023,   I figured that is more standard and since my postfix configuration is older,   i would move to 10023.

#sed -i -e's/60000/10023/' /etc/postfix/main.cf
#/etc/init.d/postfix reload

Now I have to figure out what postgrey could not start on 10023,   the first thing I will do is run it on a couple of different ports to find out if I get the same results

lsof -i:10022       #no results confirms that nothing is already listening on port 10023
#postgrey --inet=10022

A closer look at the error,  describes the problem,  postgrey is trying to start using IPv6.

Can't connect to TCP port 10023 on ::1 [Cannot assign requested address]

A quick check on the system shows that the system has IPv6 disabled.

#sysctl -a|grep 'ipv6.*disable'
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

so I tested starting postgrey explicity using the IPv4 loopback local address

#postgrey --inet=127.0.0.1:10023
2015/04/25-09:49:09 postgrey (type Net::Server::Multiplex) starting! pid(6085)
Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Setting gid to "115 115"
Setting uid to "106"

Success!  I just had to update the postgrey OPTS and restart postgrey and my postfix problems are solved

# sed -i -e 's/10023/127.0.0.1:10023/' /etc/default/postgrey
#/etc/init.d/postgrey start
 * Starting postfix greylisting daemon postgrey 
#lsof -i:10023 #results confirm that postgrey is listening
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
/usr/sbin 6557 postgrey 5u IPv4 8665045 0t0 TCP localhost:10023 (LISTEN)

And there we have it,  it is now working,   I confirmed postgrey was working by greppign my mail.log for postgrey and greylist and found results,   I also confirmed that I no longer had any server rejections or errors connecting to post 60000 or 100023.

 

 

The Linux find command is awesomely powerful!

The Linux find command is awesomely powerful!

At least I think it is awesome. Here are a couple of useful commands which highlight some of it more powerful features.  (these are just ones I used recently,   as soon as you start chaining sed, awk, sort and uniq,   the commands get even more powerful)

Changing the ownership of all files which do not have the correct ownership (useful to me when doing a server migration where the postfix user was uid 102 and changed to uid 105)
This command also lists the details of the file before it runs the chown command on it.

find . -not -uid 105 -exec chown postfix {} ;

Get a list of all of the files that have been modified in the last 20 minutes

find . -mmin -20

find all log files and their sizes older than 60 days,   I use awk to sum the size of these up.

find /data/webs/ -path '*/logs/*' -name '*log' -mtime +60 -exec du {} ; |awk '{t+=$1; print t" "$0}'

Often times I just turn around and delete these files if I do not need them ,  the command above helps me know what kind of space I would be recovering and if there are any HUGE file size offenders.

find /data/webs/ -path '*/logs/*' -name '*log' -mtime +60 -delete

 

Quick script to install WordPress from the Linux command line

Quick script to install WordPress from the Linux command line

I find that it is much faster to download and install WordPress from the command line in Linux than attempting to use FTP

By running the following script in a new directory, you will:

  • download the latest version of WordPress
  • untar / unzip it
  • move the files into the current directory
  • cleanup the unused empty directory
  • and update the ownership of all of the files to match the directory you are already in.
wget https://wordpress.org/latest.tar.gz
tar -xvzf latest.tar.gz
mv wordpress/* .
rm -rf wordpress/ latest.tar.gz
chown -R `stat . --printf '%u.%g'` *

Linux System Discovery

Linux System Discovery

Over the last couple of weeks I have been working on doing some in depth “System Discovery” work for a client.

The client came to us after a major employee restructuring,  during which they lost ALL of the technical knowledge of their network.
The potentially devastating business move on their part turned into a very intriguing challenge for me.

They asked me to come in and document what service each of their 3 Linux servers.
As I dug in I found that their network had some very unique, intelligent solutions:

  • A reliable production network
  • Thin Client Linux printing stations,  remotely connected via VPN
  • Several Object Oriented PHP based web applications

Several open source products had been combined to create robust solutions

It has been a very rewarding experience to document the systems and give ownership of the systems, network and processes back to the owner.

The documentation I have provided included

  • A high level network diagram as a quick reference overview for new administrators and developers
  • An overall application and major network, server and node object description
  • Detailed per server/node description with connection documentation,  critical processes , important paths and files and dependencies
  • Contact Information for the people and companies that the systems rely on.

As a business owner myself,  I have tried to help the client recognize that even when they use an outside consultant,  it is VERY important that they maintain details of their critical business processes INSIDE of their company.  Their might not be anything in business that is as rewarding as giving ownership of a “lost” system back to a client.

 

Network Boot Server with Linux Install, Debian Etch and Lenny, CentOS and KNOPPIX

Network Boot Server with Linux Install, Debian Etch and Lenny, CentOS and KNOPPIX

I just LOVE my dedicated PXE boot server at the office with several flavors of linux install on it.

I can bring a new server online with a base install in as few as five minutes with Debian or CentOS
I can debug workstations and servers with a quickbooting KNOPPIX install.

I even have some kernel installations customized to install network drivers for the Dell 2650 so that the installs I do for those are quick and simple. (basically the broadcom network drivers and the openssh-server packages are preseeded to be installed with the default package)

Here are the contents my pxelinux.cfg/default file:

DISPLAY boot.txt

#DEFAULT etch_i386_install

LABEL etch_i386_install
kernel debian/etch/i386/linux
append vga=normal initrd=debian/etch/i386/initrd.gz  —
LABEL etch_i386_expert
kernel debian/etch/i386/linux
append priority=low vga=normal initrd=debian/etch/i386/initrd.gz  —
LABEL etch_i386_rescue
kernel debian/etch/i386/linux
append vga=normal initrd=debian/etch/i386/initrd.gz  rescue/enable=true —
LABEL knoppix
kernel knoppix/vmlinuz
append secure myconfig=scan nfsdir=192.168.0.1:/srv/diskless/knoppix nodhcp lang=us ramdisk_size=100000 init=/etc/init apm=p
ower-off nomce vga=791 initrd=knoppix/miniroot.gz quiet BOOT_IMAGE=knoppix
LABEL centos5_install
kernel centos/5/vmlinuz
append ks=nfs:192.168.0.1:/srv/diskless/centos/5/ks_prompt.cfg initrd=centos/5/initrd.img ramdisk_size=100000 ksdevice=eth0
ip=dhcp url –url http://mirror.centos.org/centos/5/os/i386/CentOS/
LABEL centos5_raid_install_noprompt
kernel centos/5/vmlinuz
append ks=nfs:192.168.0.1:/srv/diskless/centos/5/ks_raid.cfg initrd=centos/5/initrd.img ramdisk_size=100000 ksdevice=eth0 ip
=dhcp url –url http://mirror.centos.org/centos/5/os/i386/CentOS/
LABEL centos5_hda_install_noprompt
kernel centos/5/vmlinuz
append ks=nfs:192.168.0.1:/srv/diskless/centos/5/ks_hda.cfg initrd=centos/5/initrd.img ramdisk_size=100000 ksdevice=eth0 ip=
dhcp url –url http://mirror.centos.org/centos/5/os/i386/CentOS/
LABEL centos5_install_noprompt
kernel centos/5/vmlinuz
append ks=nfs:192.168.0.1:/srv/diskless/centos/5/ks.cfg initrd=centos/5/initrd.img ramdisk_size=100000 ksdevice=eth0 ip=dhcp
url –url http://mirror.centos.org/centos/5/os/i386/CentOS/

[dfads params=’groups=221&limit=1′]

LABEL lenny_i386_install
kernel debian/lenny/i386/linux
append vga=normal initrd=debian/lenny/i386/initrd.gz —

LABEL lenny_amd64_install
kernel debian/lenny/amd64/linux
append vga=normal initrd=debian/lenny/amd64/initrd.gz —

LABEL etch_amd64_install
kernel debian/etch/amd64/linux
append vga=normal initrd=debian/etch/amd64/initrd.gz —

LABEL etch_amd64_linux
kernel debian/etch/amd64/linux
append vga=normal initrd=debian/etch/amd64/initrd.gz —

LABEL etch_amd64_expert
kernel debian/etch/amd64/linux
append priority=low vga=normal initrd=debian/etch/amd64/initrd.gz —

LABEL etch_amd64_rescue
kernel debian/etch/amd64/linux
append vga=normal initrd=debian/etch/amd64/initrd.gz rescue/enable=true —

LABEL etch_amd64_auto
kernel debian/etch/amd64/linux
append auto=true priority=critical vga=normal initrd=debian/etch/amd64/initrd.gz —

PROMPT 1

Here are the contents of my boot.txt file (so that I know what to type at the command line when booting)

– Boot Menu –
=============

etch_i386_install   –   Debian Stable
etch_i386_expert    –   Debian Stable (Shows install menu every step)
etch_i386_rescue    –   Debian Stable Rescue
lenny_i386_install — has Broadcom net card customization
lenny_amd64_install — has Broadcom net card customization
etch_amd64_install
etch_amd64_linux
etch_amd64_expert
etch_amd64_rescue
etch_amd64_auto
centos5_install –  CentOS 5 (Will prompt for disks)
centos5_install_noprompt –  CentOS 5 (Will auto install without prompts)
centos5_hda_install_noprompt –  CentOS 5 (Will auto install without prompts)
centos5_raid_install_noprompt –  CentOS 5 (Will auto install on raid 1 without prompts)
knoppix

Hope someone out there can find some use from this.
We of course can help people having trouble with their own TFTP and PXE Boot Server .

2 Useful Things to Know on the Linux Bash Command Line

2 Useful Things to Know on the Linux Bash Command Line

A couple useful Linux commands that I have shown a few people in the past are

Ctrl+A 

This takes you to the beginning of the command line, so say you type out some ridiculously long command and you want to go back to the first character without holding down your arrow key for a minute,  Ctrl+A will get you there.

When you put a “!” at the beginning of your command line it matches the following text with the most recently run command
Say you recently ran the following list of commands

cd /var/log/httpd
tail -n100 error.log
vi /etc/httpd/httpd.conf
/etc/init.d/httpd restart
grep 127.0.0.1 *.log| tail -1

if you type

!tail  # this will run the tail command from the second line above as though you retyped “tail -n100 error.log”
!grep  # (or even “!g”)  will run the grep command from the fifth line above as though you retyped “grep 127.0.0.1 *.log| tail -1”

Those are my favorites for now ..

Call Now Button(208) 344-1115

SIGN UP TO
GET OUR 
FREE
 APP BLUEPRINT

Join our email list

and get your free whitepaper