Mar 10

CentOS 5.4 released

By jason Linux/Unix Oprating system No Comments »

Almost two months after RHEL5.4, Centos 5.4 was released on the 21st October. This version includes various changes into the virtualization field and it includes support for KVM (kernel-based virtual machine) hypervisor and the Xen hypervisor.

Also this release features many bug fixes and security updates, and should be an easy upgrade for users running centos5.x:
yum update

For the full list of packages changed/added please see the centos5.4 release notes: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS5.4

Tagged with:
Mar 08

Tunning Kernel Parameters Improving Linux Network Performance

By jason Linux/Unix Oprating system No Comments »

By tunning kernel parameters can improve linux socket io performance.  The settings for sysctl.conf below apply for Fedora, RedHat, Centos OS as well as other Linux flavors. These settings will improve your server network performance and some little protection against ddos attacks as well.

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.

# Disables packet forwarding
net.ipv4.ip_forward=0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.lo.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable IP spoofing protection, turn on source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disables the magic-sysrq key
kernel.sysrq = 0

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 400

# Turn off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn off the tcp_timestamps
net.ipv4.tcp_timestamps = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

Tagged with:
Mar 07

Linux Check Disk Space with the Commands du and df

By jason Linux/Unix Oprating system No Comments »

To get a summary of the available and used disk space on your Linux system is to type in the df command in a terminal window. The command df stands for "disk filesystem". With the -h option (df -h) it shows the disk space in "human readable" form, which in this case means, it gives you the units along with the numbers.

The output of the df command is a table with four columns. The first column contains the file system path, which can be a reference to a hard disk or another storage device, or a file system connected through the network. The second column shows the capacity of that file system. The third column shows the available space, and the last column shows the path on which that file system is mounted. The mount point is the place in the directory tree where you can find and access the that file system.

The du command on the other hand shows the disk space used by the files and directories in the current directory. Again the -h option (df -h) makes the output easier to comprehend.

By default, the du command lists all subdirectories to show how much disk space each has occupied. This can be avoided with the -s option (df -h -s). This only shows a summary. Namely the combined disk space used by all subdirectories. If you want to show the disk usage of a directory (folder) other than the current directory, you simply put that directory name as the last argument. For example: du -h -s website, where "website" would be a subdirectory of the current directory.

Tagged with:
Mar 05

Install DHCP-SERVER in Linux Debian

By jason Linux/Unix Oprating system No Comments »

 

Installing  DHCP Server in debian linux is not that hard actually…

I assume you have the following configuration on your host:

2 internal nics:
eth0 (For internal  )
eth1 (for internet)

1. Setting up your eth0 for dhcp use

The most important thing you need to do is configuring static ip adresses.

I will use the following IP adress 192.168.10.x as my ip-adress range.

We type the following command: nano /etc/network/interfaces

And be sure the settings are the same as below:

auto eth0
iface eth0 inet static
address 192.168.10.1
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255

After you have modified the file press control+x you will get a confirmation telling you to save the file yes or no.. We do Y and press Enter

restart the network interface type:


/etc/init.d/networking restart

And press enter.

2. Install and configure the dhcp server

If you have completed the step above we are going to install the dhcp and configure it.

First lets install the module:

apt-get install dhcp3-server

After a while it gives a blue screen with a warning. Just press enter and let him install.

When it finished installing the server will not start. We need to bind him to a interface and give a IP range to lease.

2.1 Binding the interface

Enter the following command

nano /etc/default/dhcp3-server

Press enter

Edit the following line

INTERFACES=”"
To
INTERFACES=”eth1″

After you have modified the file press control+x you will get a confirmation telling you to save the file yes or no.. We do Y and press Enter

2.2 configuring the DHCP Release

We are at the final step and after that we have a full DHCP Server Running!

We are not going to use the default config file of the dhcp server however we are going to keep a copy of the config file.

go to the following directory:

cd /etc/dhcp3/

Make a backup copy of the following config file by typing the following command:

cp dhcpd.conf dhcpd.old.conf

And press Enter.

Now remove the file that you have backuped

rm dhcpd.conf

We make the new dhcpd.conf in this step as I promised type:

nano dhcpd.conf

Now  copy/paste the following data into the file

subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.10 192.168.10.100;
option domain-name-servers 192.168.1.1;
option domain-name “Failserver.nl”;
option netbios-name-servers 192.168.10.1;
option routers 192.168.10.1;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
default-lease-time 86400;
max-lease-time 676800;
}

After you have modified the file press control+x you will get a confirmation telling you to save the file yes or no.. We do Y and press Enter

Now restart the DHCP3 server

/etc/init.d/dhcp3-server restart

Tagged with:
Mar 04

Linux software RAID 5 very slow

By jason Linux/Unix Oprating system No Comments »

Here I am going to tell about  Linux software RAID. If it’s very slow,you can test it with my way, hope it can help you.
So I had a ASUS P6T motherboard which has Intel ICH10R raid controller, 3x 1 Tb SATA 2 HDDs and Intel Core i7 920 processor. So I wanted to install Fedora 10 on that machine.
After configuring RAID 5 in the BIOS I booted the Fedora 10 installation DVD to start the installation. BUT! Suddenly I saw that Anaconda see 3 separate hard drives instead of 1 RAID device. After some googleing I figured out that my motherboard don’t have real RAID controller. Instead it is fakeraid controller. It is just software raid which software is located in BIOS. So I decided to use linux software raid, because it is definitely better than the from ASUS.
So installed Fedora 10 with linux software RAID 5 with LUKS encryption. After installation machine started to work very slowly. I thought it so because of the encryption, but after some googleing I understood that the encryption can’t slow down the machine that way. The thing was when you newly create RAID 5 array it needs to build the 3rd hard drive and it take a lot of time. It took from me approximately 4 hours to finish that operation on 1 Tb hard drives. You can check the rebuild status at any time invoking one of the following commands:

# cat /proc/mdstat

or

# mdadm --detail /dev/md0

After rebuild was over and after some tunings , I had ~90 Mb/s write and ~200 Mb/s read.

Tuning parameters was:

echo 32768 > /sys/block/md0/md/stripe_cache_size
blockdev --setra 65536 /dev/md0
Tagged with:
Mar 02

force disk geometry with sfdisk

By jason Linux/Unix Oprating system No Comments »

This is a quick and dirty update which covers a handy little trick when dealing with writeable removable media – especially USB drives, compact flash cards, and the like.

I end up using a lot of USB keys in my environment for a variety of reasons, not the least of which is as handy portable Linux drives that can be stuck into any workstation and booted from directly.  They’re like LiveCDs, except since i can write to them, any changes that are made during a session don’t disappear when the machine reboots (nice).  As an aside, if that sounds interesting to you, i suggest checking out the Fedora LiveCD on USB Howto.

USB keys are so ubiquitous now that we buy in bulk, meaning we’ll get a bunch of identical units at one time.  Once in a while (though more often than i’d like), one of the keys will end up having a detected geometry which is different from the others.  This isn’t normally a big deal, but it can cause slight variations in the apparent available space to create a partition.  This ends up being a problem if i’m looking to clone data from one key to another using a disk imaging tool such as « Partimage » (another tool that gets a lot of play around here).

The solution is fantastically simple, but perhaps not immediately obvious, as it requires the use of a tool that – for the most part – never gets touched by the average user (or admin !) : « sfdisk ».  Sfdisk is a partition table manipulator that allows us to do a number of advanced (read: dangerous) operations to disks.  Since the common day-to-day operations one might perform on a disk, such as creating or modifying partition assignments, are covered by the more common « fdisk » (or even « cfdisk »), sfdisk is rarely called upon outside of bizarre or extreme situations.

Altering geometry is one such situation.

change is good

The first thing we need to do is determine what the correct geometry is.  This is obtained easily enough by running an fdisk report against a known-good key (sdc, in this case) :

[root@goit ~]# fdisk -l /dev/sdc

Disk /dev/sdc: 4001 MB, 4001366016 bytes
19 heads, 19 sectors/track, 21648 cylinders
Units = cylinders of 361 * 512 = 184832 bytes
Disk identifier: 0xf1bcd225

 Device Boot      Start         End      Blocks   Id  System
/dev/sdc1   *           1       21648     3907454+  83  Linux

Alternatively, we could ask sfdisk :

[root@goit ~]# sfdisk -g /dev/sdc
/dev/sdc: 21648 cylinders, 19 heads, 19 sectors/track

Now that we have the correct geometry, we can get sfdisk to alter that of the naughty key (sdb, in this case).  As you can likely guess, -C is the cylinders, -H is the heads, and -S in the sectors (per track) :

[root@goit ~]# sfdisk -C 21648 -H 19 -S 19 /dev/sdb

Depending on your particular version of sfdisk and distro, this may trigger an interactive process which will ask you to create the desired partitions on the key.  Assuming you just want one big Linux partition, you can hit « enter » and accept every default until it’s done.

And that’s that – one key brought rapidly in line with the others.

Tagged with:
Mar 01

What’s Mean "TCP: Treason uncloaked! Peer..shrinks window..Repaired."

By jason Linux/Unix Oprating system No Comments »

Operation System Information:
www@goit#uname –r
2.6.18-164.el5xen

Warning Information
www@goit#dmesg |more

TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093017764:1093019216. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093033736:1093035188. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093061324:1093065680. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093088912:1093091816. Repaired.
TCP: Treason uncloaked! Peer 210.5.118.202:55324/80 shrinks window 1093627604:1093630508. Repaired.
TCP: Treason uncloaked! Peer 202.116.38.21:63915/80 shrinks window 2969207540:2969208920. Repaired.
TCP: Treason uncloaked! Peer 202.116.38.21:63915/80 shrinks window 2969448108:2969450868. Repaired.
TCP: Treason uncloaked! Peer 222.210.139.220:31508/80 shrinks window 4286929240:4286930700. Repaired.
TCP: Treason uncloaked! Peer 222.210.139.220:31508/80 shrinks window 4287067940:4287069400. Repaired.

About these information explain:

That comes from the kernel tcp code below.  Looks like the DLink has returned information yielding a
transmit window smaller than it previously did; specifically it returned a window of zero plus an ack
of up to byte 3957222360, thus indicating that it can accept nothing after that byte.  Previously it
had sent some ack+wnd values indicating that it would accept up to byte 3957222379.

The Linux side is now supposed to send a packet every now and then forever until the returned window
is nonzero.  It does.

However, the dlink is apparently not responding in a timely manner. Any response would either open the
window or update the rcv timestamp such that the thing will retransmit forever.  It may be responding
very slowly, or just not responding at all.

The kernel prints the message after it expected but did not see a response to the probe packet it sent
to check for a nonzero window. The kernel implements exponential backoff retransmissions until it hasn’t
seen any response in 2m, then it will bail and close the connection.  This is reasonable.  It’s unclear
from your report if the connections are failing outright or just sometimes having to retransmit a probe
against a peer that shrank the window.

Tagged with:
Mar 01

Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory

By jason Linux/Unix Oprating system No Comments »

tail –f /var/log/message

  • Feb  7 18:04:31 bora ntpd[4063]: synchronized to 222.110.108.22, stratum 2
  • Feb  7 18:35:57 bora restorecond: Will not restore a file with more than one hard link (/etc/resolv.conf) No such file or directory

    • Fix it:

  • $ ls -i /etc/resolv.conf #get inode
  • 16721694 /etc/resolv.conf
  • $ sudo find /etc -inum 16721694#find hard link
  • Password:
  • /etc/sysconfig/networking/profiles/default/resolv.conf
  • /etc/resolv.conf
  • $ sudo /usr/sbin/lsof|grep resolv.conf #make sure it is not open
  • $ sudo rm /etc/sysconfig/networking/profiles/default/resolv.conf #delete
  • $ sudo restorecon /etc/resolv.conf
  • $ sudo ln /etc/resolv.conf /etc/sysconfig/networking/profiles/default/resolv.conf #recreate hard link
    • Tagged with:
    Feb 28

    how to deal with broken time zones during a CentOS 5.3 kickstart

    By jason Linux/Unix Oprating system No Comments »

    Hello again fair readers !  Today’s quick tip concerns the problem with missing time zones when deploying CentOS 5.3 (and some of the more recent Fedoras) in a kickstart environment.  It’s a known problem, and unfortunately, since the source of the problem (an incomplete time zone data file) lies deep in the heart of the kickstart environment, fixing it directly is a distinct pain in the buttock region.

    There is, however, a workaround – and it’s not even that messy !  The first step is to use a region that does exist, such as « Europe/Paris », which will satisfy the installer – then set the time zone to what you actually want after the fact in the « %post » section.  So, in the top section of the kickstart file, we’ll put :

    # set temporarily to avoid time zone bug during install
    timezone –utc Europe/ParisThe « –utc » switch simply states that the system clock is in UTC, which is pretty standard these days, but ultimately optional.  Next, in the %post section towards the end, we’ll shoe horn our little hack fix into place :

    # fix faulty time zone setting
    mv /etc/sysconfig/clock /etc/sysconfig/clock.BAD
    sed ’s@^ZONE="Europe/Paris"@ZONE="Etc/UTC"@’ /etc/sysconfig/clock.BAD > /etc/sysconfig/clock
    /usr/sbin/tzdata-updateSo, what’s going on there ?  Let’s break it down :

    •In the first line, we’re just backing up the original configuration file, to use in the next line…
    •The second line is the important one – this is the actual manipulation which will fix the faulty time zone, setting it to whatever we want.  In this example « Etc/UTC » is used, but you can pick whatever is appropriate.
    ◦The tool being used here is « sed », a non-interactive editor which dates back to the 1970’s, and which is still used by system administrators around the world every day.
    ◦The command we’re issuing to sed is between the single quotes – astute readers will notice that it’s a regular expression, but with @’s instead of the more usual /’s.  In it, we simply state that the instance of « ZONE=”Europe/Paris” » is to be replaced with « ZONE=”Etc/UTC” ».
    ◦This change is to be made against the backup file, and outputted to the actual config.
    •Finally, we run « tzdata-update » which, as you’ve no doubt guessed, updates the time zone data system-wide, based (in part) on the newly-corrected clock config.
    And that, as they say, is that.  Happy kickstarting, friends, and i’ll see you next time !

    Tagged with:
    Feb 27

    Homemade Bench top Power Supply

    By jason Linux/Unix Oprating system No Comments »

    I’ve always had an interest for electronics and recently I’ve been exploring my interests more. Last week I sorted through my tub of parts and placed them in individual draws. It took a good while to sort everything but I think it was worth it. I’ve seen power supplies built from PC power supplies before so I thought I’d build one my self. Thing is, I never really got around to it.

    Yesterday I was feeling rather ambitious and decided to make a bench top power supply for small electronics. All the sites I found I have lost, so I kind of made it up as I went along. Most of them used ATX power supplies that are readily available, but I opted for the easy way out and used an AT with a hard on/off switch. At first this was the only reason I used it, but there are more advantages to using a AT over an ATX power supply for an external power supply. Firstly, it was cheap, well free actually. I took it from a PC that I had modified some time ago. I have a box full of AT power supplies in storage that I’ll get to some time and replace it. But I won’t be using the PC it came out of for a while, mostly because I have toaster ovens that are faster. Another reason it is better than a ATX is it has less voltages. The only voltages listed are 12v, 5v, -5v (7v) and GND. They vary in amps but are sufficient for what I will be using it for. It made it easy not to screw it up since there wasn’t many wires.

    To make it was really easy. I took the top off. Drilled 4 holes in the case and inserted the insulated terminal, checking to make sure they didn’t ground out on the case. Cut most of the cables, leaving a couple of molex’s hanging out just in case I need them. I then soldered the remaining wires to a terminal by voltage (Yellow +12, Red +5, Red +/-5, Black GND.) It might not be the prettiest of them all, but I think it will do its job well.

    Tagged with:
    Previous Entries
    preload preload preload