Admins eHow SysAdmin Tips & Tricks

July 15, 2009

How to install ffmpeg on Debian Lenny from SVN

Filed under: Debian,General — Tags: , , , — admin @ 11:36 am

From ffmpeg.org :

FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. It includes libavcodec – the leading audio/video codec library.

Installation Guide :
download the following debian package and install it :

wget http://www.debian-multimedia.org/pool/main/d/debian-multimedia-keyring/debian-multimedia-keyring_2008.10.16_all.deb
dpkg -i debian-multimedia-keyring_2008.10.16_all.deb

Add the following lines to your /etc/apt/source.list :

nano /etc/apt/nano sources.list
deb http://www.debian-multimedia.org lenny main
deb-src http://www.debian-multimedia.org lenny main

update your apt cache :

apt-get update

install needed utils :

apt-get install checkinstall yasm git-core subversion

install ffmpeg dependencies :

apt-get build-dep ffmpeg

Install x264 :

git clone git://git.videolan.org/x264.git
cd x264
./configure
make
checkinstall --pkgname=x264 --pkgversion "1:0.svn`date +%Y%m%d`" --backup=no --default

Install libtheora :

wget http://downloads.xiph.org/releases/theora/libtheora-1.1.1.tar.gz
tar xzvf libtheora-1.1.1.tar.gz
cd libtheora-1.1.1
./configure
make
checkinstall --pkgname=libtheora --pkgversion "1.1.1" --backup=no --default

remove old libx264-dev :

apt-get remove libx264-dev

download the latest release of ffmpeg using subversion :

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg

configure and make ffmpeg :

cd ffmpeg/
./configure --enable-version3 --enable-libmp3lame --enable-libtheora --enable-libx264 --enable-libgsm --enable-postproc --enable-libxvid --enable-libfaac --enable-pthreads --enable-libvorbis --enable-gpl --enable-x11grab --enable-nonfree
make
checkinstall --pkgname=ffmpeg --pkgversion "4:0.5+svn`date +%Y%m%d`" --backup=no --default

and we are all set πŸ™‚
just one more note , if you are going to convert flv files to 3gp files like me πŸ˜€ use the following command :

ffmpeg -i input.flv -s 176x144 -vcodec h263 -acodec aac output.3gp

July 12, 2009

Backup Your Data in Linux by sending them to your GMail

Filed under: CentOS,Debian,General,Security — Tags: , , , — admin @ 8:33 am

A very effective way for backing up your data on a Linux server is to set a cron job on your box to mail your data to your GMail account. GMail servers are very reliable and give you a huge amount of space for free. so they are pretty suitable for backing up sensitive data.
In order to accomplish this , first create a directory named “backup” in the root directory of your box :

cd / && mkdir backup

then you need to create a script to do the backup and mail it for you.

nano /usr/bin/backup

copy and paste the following into the file :

cd /backup
rm -rf /backup/*
cp LIST_OF_FILES .
tar jcf backup.tar.bz2 *
echo | mutt -a backup.tar.bz2 -s "my daily backup" -- adminsehow@gmail.com

you have to change LIST_OF_FILES string to the list of the files you want to be backed up separated by space , and change adminsehow@gmail.com to your own gmail account.
as you can see in the script we are compressing the data files to make them as small as possible.
also we are using “mutt” to send emails so you need to install it , in Debian you can install it by following command :

apt-get install mutt

make the script executable :

chmod +x /usr/bin/backup

lastly you need to set a cron job , so open the cron file by following command :

crontab -e

and copy and paste the following command into it :

0 0 * * * /usr/bin/backup

it will run your backup script once daily πŸ™‚
also don’t forget you need to have a working smtp server on your Linux box.

June 29, 2009

How to synchronize Linux Time Daily

Filed under: CentOS,Debian,General — Tags: , , , , — admin @ 6:51 pm

First you need to install rdate package.
For Debian : 

apt-get install rdate

For CentOS : 

yum install rdate

After installing the rdate package , install a new cron job to be run daily to synchronize your machine time and date.

crontab -e

and enter the following line into the cron file :

0 0 * * * /usr/bin/rdate -s time-nw.nist.gov && /sbin/hwclock --systohc

June 26, 2009

bash: /bin/rm: Argument list too long

Filed under: CentOS,Debian,General — Tags: — admin @ 1:44 pm

Use the following command the directory to solve the problem :

ls | xargs rm

June 22, 2009

Remove comments and empty lines on linux using sed command

Filed under: CentOS,Debian,General — Tags: , , , , — admin @ 10:24 am 
sed -e '/^\s*#.*$/d' -e '/^\s*$/d' filename

June 17, 2009

MySQL Backup/Restore from command line

Filed under: CentOS,Debian,General,MySQL — Tags: , , , — admin @ 2:48 pm

Backup

Dump ALL MySQL Databases

mysqldump --user=XXXXXXXX --password=XXXXXXX -A > /PATH/TO/DUMPFILE.SQL

Dump Individual or Multiple MySQL Databases

mysqldump --user=XXXXXXXX --password=XXXXXXX DB_NAME1 DB_NAME2 DB_NAME3 > /PATH/TO/DUMPFILE.SQL

Dump only certain tables from a MySQL Database

mysqldump --user=XXXXXXXX --password=XXXXXXXX DB_NAME --tables TABLE_NAME > /PATH/TO/DUMPFILE.SQL

Restore

mysql --user=XXXXXXXX --password=XXXXXXXX DB_NAME < /PATH/TO/DUMPFILE.SQL

June 7, 2009

Change Linux Password from PHP Script

Filed under: CentOS,Debian,General,PHP — Tags: , , , — admin @ 8:48 pm

There are a few scripts available on net which allow you to change a linux user password from PHP. but all of them are very complex and hard to implement , so after some hours of work , I’ve written this PHP script πŸ™‚ it is very simple , in order for this to work you need to allow your webserver to run sed command as root through sudoers , or allow your webserver to write on your /etc/shadow file.

$username='USERNAME';
$password='PASSWORD';  // New Password
$sed='/bin/sed'; //Path to sed command
$salt = substr($username, 0, 2);
$pass_crypt = crypt($password, $salt);
$pass_crypt=str_replace("/","\/",$pass_crypt);
system($sed." -i 's/".$username.":[a-zA-z0-9/$\.]*/".$username.":".$pass_crypt."/g' /etc/shadow",$retval);

May 31, 2009

How to configure nginx + php5 + mysql on debian 5 lenny

Filed under: Debian,General,MySQL,Nginx,PHP — Tags: , , , , — admin @ 3:56 pm

1.Install PHP5
We will use dotdeb repo for installing the latest version of PHP5 and MySQL Server so first we need to configure apt to use dotdeb repo.
Edit /etc/apt/sources.list :

nano /etc/apt/sources.list

Add The following lines to end of it :

deb http://packages.dotdeb.org stable all
deb-src http://packages.dotdeb.org stable all

Press CTRL+X Choose Yes to save the file and Exit.
update apt cache :

apt-get update

Now install PHP5 :

apt-get install php5-cgi php5-mysql

Now edit /etc/php5/cgi/php.ini :

nano /etc/php5/cgi/php.ini

and change cgi.fix_pathinfo to 1 :

cgi.fix_pathinfo = 1

Save File and Exit.
2. Install MySQL Server

apt-get install mysql-server

3. Install Lighttpd
We need to install lighttpd because Nginx does not come with a FastCGI package, and there isn’t a standalone package yet. So we are going to install Lighttpd, disable it, and use spawn-fcgi from the Lighttpd package.

apt-get install lighttpd
/etc/init.d/lighttpd stop
update-rc.d -f lighttpd remove

Also remove lighttpd executable file :

rm /usr/sbin/lighttpd

4. Setup spawn-fcgi
Since we are going to use spawn-fcgi to handle PHP, we need to set it up to start when our server starts and make an init script so that we can control the processes. For starters, create the init script:

nano /etc/init.d/php-fastcgi

and add the following code to it and save it:

#! /bin/sh
### BEGIN INIT INFO
# Provides:          php-fastcgi
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start and stop php-cgi in external FASTCGI mode
# Description:       Start and stop php-cgi in external FASTCGI mode
### END INIT INFO

# Author: Kurt Zankl <[EMAIL PROTECTED]>

# Do NOT "set -e"

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="php-cgi in external FASTCGI mode"
NAME=php-fastcgi
DAEMON=/usr/bin/php-cgi
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
PHP_CONFIG_FILE=/etc/php5/cgi/php.ini

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# If the daemon is not enabled, give the user a warning and then exit,
# unless we are stopping the daemon
if [ "$START" != "yes" -a "$1" != "stop" ]; then
log_warning_msg "To enable $NAME, edit /etc/default/$NAME and set START=yes"
exit 0
fi

# Process configuration
export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS
DAEMON_ARGS="-q -b $FCGI_HOST:$FCGI_PORT -c $PHP_CONFIG_FILE"

do_start()
{
# Return
#   0 if daemon has been started
#   1 if daemon was already running
#   2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON \
--background --make-pidfile --chuid $EXEC_AS_USER --startas $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}

do_stop()
{
# Return
#   0 if daemon has been stopped
#   1 if daemon was already stopped
#   2 if daemon could not be stopped
#   other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently.  A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload)
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac

There is no editing needed for the code above. Now we need to make it executable.

chmod +x /etc/init.d/php-fastcgi

Now we will create the configuration file for spawn-fcgi:

nano /etc/default/php-fastcgi

and add:

START=yes

# Which user runs PHP? (default: www-data)

EXEC_AS_USER=www-data

# Host and TCP port for FASTCGI-Listener (default: localhost:9000)

FCGI_HOST=localhost
FCGI_PORT=9000

# Environment variables, which are processed by PHP

PHP_FCGI_CHILDREN=4
PHP_FCGI_MAX_REQUESTS=1000

In this file, you can change the FCGI_PORT, PHP_FCGI_CHILDREN, and PHP_FCGI_MAX_REQUESTS. If you change the port, make sure to note what you change it to because we will need it for later. Now, we want to make sure that spawn-fcgi starts when the server starts:

update-rc.d php-fastcgi defaults
/etc/init.d/php-fastcgi restart

5. Install Nginx

apt-get install nginx

6. Configure Nginx and your default vhost
For help with configuring Nginx beyond just the default configuration, please refer to the Nginx Wiki. We are now going to configure the default vhost so that we can verify that PHP is working with Nginx.

nano /etc/nginx/sites-available/default

In the default vhost, change the following lines to look like this:

server_name _;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;
include fastcgi_params;
}

What we did here was changed the server_name to accept all incoming requests, uncommented the location stanza and defined where Nginx needs to look for spawn-fcgi. If you changed the port above in the /etc/default/php-fastcgi file, then you need to change the port on the fastcgi_pass line as well. On the line fastcgi_param SCRIPT_FILENAME /var/www/nginx-default$fastcgi_script_name;, you need to change /var/ww/nginx-default to match your web root. On the line include fastcgi_params; you need to add a space between the include and the fastcgi_params as there is a bug in the default configuration and that space was omitted. Once you save the default-vhost, you need to restart Nginx.

/etc/init.d/nginx restart

Now we will create an info.php file in your web root:

nano /var/www/nginx-default/info.php

Add the following code and save the file:

<? phpinfo(); ?>

Now in your web browser, pull up the newly created file (http://your-ip/info.php). You should see information about the version of PHP that you are running.

Note: When I installed Nginx, it did not start automatically, however it was setup to start when the server booted. I have heard stories of users having issues with Nginx starting automatically when the server boots. If Nginx does not start when you boot your server, run the following command which will make it start on boot:

update-rc.d nginx defaults

Enjoy!

Reference : ChrisJohnston.org

How to configure exim on debian

Filed under: Debian,General — Tags: , , , — admin @ 3:25 pm

exim is my favorite mailer daemon for debian , but you need to reconfigure it to act as a real internet mailer daemon. run the configuration by the following command :

dpkg-reconfigure exim4-config

May 16, 2009

Guide to secure the server using DenyHosts

Filed under: CentOS,Debian,General,Security — Tags: , , , , — admin @ 9:20 am

One of the greatest tools I have found to secure the server from brute force attacks and keep your server out of the reach of hackers is DenyHosts.
What DenyHosts does is very simple , but very effective , it processes auth.log ( in Debian based distros ) or secure.log ( in Redhat based distros ) and finds unsuccessful login attempts through ssh and blocks the attacker through /etc/hosts.deny file.
also it has a central server which can synchronize all DenyHosts instances around the world , so if there is an attacker detected in US , it will be blocked in all of the world very fast ! but this option needs to be enabled in config file.
DenyHosts is an open source project and is available to download at sourceforge : http://denyhosts.sourceforge.net

As my favorite distro is Debian , I guide you how to install and use it on Debian. but steps are almost the same on CentOs.
DenyHosts is available through Debian repos so you can simply install it by :

apt-get install denyhosts

then you need to configure it , configuration file is located at /etc/denyhosts.conf
I suggest you to read the whole file and understand it , it worth’s the time. but in case you need a good working configuration, you can use mine :

SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 1w
PURGE_THRESHOLD = 2
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/run/denyhosts.pid
ADMIN_EMAIL = youremail@domain.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@domain.com>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
SYNC_DOWNLOAD_THRESHOLD = 3
SYNC_DOWNLOAD_RESILIENCY = 5h

Don’t Forget to set ADMIN_EMAIL and SMTP_FROM to your own emails.
One of the important steps that you should do is to add your own IP address to white list so it doesn’t get blocked.
to do this , open /var/lib/denyhosts/allowed-hosts file and enter your own IP in it.
if you have forgotten to do this and now you are blocked from server , you need to connect to server from another IP address and do the following steps :

1.Stop DenyHosts :

/etc/init.d/denyhosts stop

2.Remove the IP address from /etc/hosts.deny
3.Also you need to remove your IP address from any file located in /var/lib/denyhosts , first look which files contain your IP :

grep Your_IP *

The remove the IP from files using your favorite editor or method πŸ˜‰

Edit : I have found a great solution to delete your IP from all files all at once.

sed -i '/Your IP/d' *

4.Consider adding the IP address to /var/lib/allowed-hosts
5.Start DenyHosts

« Newer PostsOlder Posts »

Powered by WordPress