Disabling Apache Server Signatures

Apache by default puts a “signature” at the end of error pages and directory listings…here is an example of what this looks like:

Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.5 Server at missysadmin.com Port 80

Now, some people may not want to broadcast what type of server they are running or what’s on it, for reasons of security.  You can easily disable this in your httpd.conf file:

ServerSignature Off

service httpd restart

APF “Unable to load iptables module” Error

Upon upgrading the Linux Kernel version (usually in CentOS 4.6 – 5) you may get the following error when trying to start APF:

Unable to load iptables module (ipt_state), aborting.

To fix this, open /etc/apf/internals/functions.apf and locate the following lines:

ml ipt_state 1
ml ipt_multiport 1

And replace them with:

ml xt_state
ml xt_multiport

Then restart APF.

Yum ‘rpmdb’ Error

To our surprise a bad yum release hosed several of our systems.  While the errors varied, the common link between them was the frightful message:

rpmdb: PANIC: fatal region error detected; run recovery

This problem can usually be corrected by running the following commands:

cd /var/lib/rpm

rm -f __db*

rpm –rebuilddb -vv

CentOS Yum GCC-Dummy Error

The following error has been reported while doing yum updates on CentOS 4.x systems:

--> Processing Dependency: glibc-common = 2.3.4-2.25 for package: glibc-dummy-centos-4

--> Finished Dependency Resolution

Error: Missing Dependency: glibc-common = 2.3.4-2.25 is needed by package glibc-dummy-centos-4

To fix this error, the the following commands:

yum remove glibc-dummy-centos-4
yum install gcc & yum install gcc*
yum update

phpMyAdmin Error: Cannot start session

Among other problems you might not have noticed, phpMyAdmin might be giving you this error:

phpMyAdmin – Error Cannot start session without errors, please check errors given in your PHP and/or webserver log file and configure your PHP installation properly.

This means that your /tmp partition is full, or if you are on a VPS you are out of free inodes. To check both, type:

df -i

df -h

MySQL Cheat Sheet

SSH repair and optimize all MySQL databases:

# /usr/bin/mysqlcheck –repair –all-databases –password=xxxxxx

# /usr/bin/mysqlcheck –optimize –all-databases –password=xxxxxx

Upgrade/Downgrade to MySQL 4.x:

backup database:

# cd /root

# /usr/bin/mysqldump –create-options –compatible=mysql40 –all-databases –force –user=root –password=xxxx > backup.sql

MySQL Optimization (my.cnf)

# vi /etc/my.cnf
#opteron 852 4GB RAM
[mysqld]
safe-show-database
max_connections = 500
key_buffer = 150M
myisam_sort_buffer_size = 64M
join_buffer_size = 1M
read_buffer_size = 1M
sort_buffer_size = 1M
table_cache = 1024
thread_cache_size = 100
wait_timeout = 300
connect_timeout = 10
max_allowed_packet = 16M
max_connect_errors = 10
query_cache_limit = 1M
query_cache_size = 32M
query_cache_type = 1
skip-innodb
thread_concurrency=4

[mysqld_safe]
open_files_limit = 8192

[mysqldump]
quick
max_allowed_packet = 16M

[myisamchk]
key_buffer = 64M
sort_buffer = 64M
read_buffer = 16M
write_buffer = 16M[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
skip-locking
#skip-networking
safe-show-database
query_cache_limit=1M
query_cache_size=128M ## 32MB for every 1GB of RAM
query_cache_type=1
max_user_connections=200
max_connections=500
interactive_timeout=10
wait_timeout=20
connect_timeout=20
thread_cache_size=128
key_buffer=256M ## 64MB for every 1GB of RAM
join_buffer=1M
max_connect_errors=20
max_allowed_packet=16M
table_cache=1024
record_buffer=1M
sort_buffer_size=4M ## 1MB for every 1GB of RAM
read_buffer_size=4M ## 1MB for every 1GB of RAM
read_rnd_buffer_size=4M  ## 1MB for every 1GB of RAM
thread_concurrency=4 ## Number of CPUs x 2
myisam_sort_buffer_size=64M
server-id=1
log_slow_queries=/var/log/mysql-slow-queries.log
long_query_time=2
collation-server=latin1_general_ci
old-passwords

[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/lib/mysql/mysql.pid
open_files_limit=8192

[mysqldump]
quick
max_allowed_packet=16M

[mysql]
no-auto-rehash
#safe-updates

[isamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[myisamchk]
key_buffer=32M
sort_buffer=32M
read_buffer=16M
write_buffer=16M

[mysqlhotcopy]
interactive-timeout

Optimize sysctl.conf

# vi /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536



For changes to take affect right away

# /sbin/sysctl -p

Install vsftpd

login into the server as root. Go to the /usr/local/src/ folder and download the latest version of vsftpd…….

# cd /usr/local/src/

# wget ftp://vsftpd.beasts.org/users/cevans…d-2.0.5.tar.gz

untar the tar.gz file.

# tar -zxvf vsftpd-2.0.5.tar.gz

Go to the directory and run the make file.

# cd vsftpd-2.0.5
# make

Once it has finished compile and execute it

# make install
# cp vsftpd.conf /etc

Now edit the config file

vi /etc/vsftpd.conf

Disable anonymous logins and enable local, at the very bottom of the file add
listen=YES

Save the file and Just start the vsftpd service and enable it in startup.

# /usr/local/sbin/vsftpd
# chkconfig vsftpd on

How to import and export a mysql database as root

MySQL Backup

mysqldump -u root -p DBNAME > BKPNAME.sql

———–

MySQL Restore

mysql -u root -p DBNAME < BKPNAME.sql

You pay leave out the “-p” and it won’t ask you for the root password –

-p, –password[=name]
Password to use when connecting to server. If password is
not given it’s asked from the tty.