Admins eHow SysAdmin Tips & Tricks

April 8, 2021

Resolving openconnect connection issues

Filed under: linux — Tags: , , , , — admin @ 4:43 am

Recently I have switched from OpenVPN to OpenConnect as my main VPN solution as somehow my ISP has blocked access to OpenVPN.
The first issue which I encountered was very familiar, connection hangs and a debug message like this “Failed to read from SSL socket: The transmitted packet is too large (EMSGSIZE)”, It was obvious to me that it has something to do with MTU settings so after some digging into docs I simply added the “–base-mtu 1450” argument to OpenConnect client and it resolved the first issue.
But the second issue was something much more baffling, some websites would work perfectly and some would hang in middle of loading or simply refuse to connect at all, after some more digging into forums, I found out the solution.

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

More info :

October 23, 2019

How to limit the number of incoming connections to a specific port

Filed under: linux,Security — Tags: , , , , — admin @ 11:47 pm

Replace [PORT] & [CON_NUM] with respected values.

iptables -I INPUT -p tcp --syn --dport [PORT] -m connlimit --connlimit-above [CON_NUM] --connlimit-mask 0 -j REJECT --reject-with tcp-reset

October 22, 2019

How to add rc.local in Debian 9 & 10

Filed under: Debian,linux — Tags: , , — admin @ 10:59 am

Debian has removed rc.local from its recent releases.
I have created a simple script which adds rc.local back to the system.
You need to run the following command as root:

bash <(curl -s

or if you are skeptical to run a script from internet, you can create rc-local.txt yourself and run it.
rc-local.txt :


echo '[Unit]

ExecStart=/etc/rc.local start

[Install]' > /etc/systemd/system/rc-local.service

echo '#!/bin/sh -e
# rc.local
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
# In order to enable or disable this script just change the execution
# bits.
# By default this script does nothing.

exit 0' > /etc/rc.local

chmod +x /etc/rc.local
systemctl enable rc-local

May 21, 2015

Block Torrent Trackers on Linux

Filed under: linux,Security,Torrent — Tags: , , , — admin @ 2:38 am

Create “/etc/trackers” with a list of trackers which you want to be blocked.
My current file contains:

You can have duplicates in the list, script will take care of that.

Now create “/usr/bin/blocktrackers” script:


L=$(/usr/bin/sort /etc/trackers | /usr/bin/uniq)
for fn in $L; do
        /sbin/iptables -D INPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -D FORWARD -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -D OUTPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A INPUT -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A FORWARD -d $fn -j DROP -m comment --comment "Tracker"
        /sbin/iptables -A OUTPUT -d $fn -j DROP -m comment --comment "Tracker"

Make it executable and create a cronjob to run it daily because trackers change IP address very often.

March 22, 2015

Linux dig utility for Windows x64

Filed under: dns,General,linux,Windows — Tags: , , , — admin @ 5:00 pm

I have created an installer for Linux DNS dig utility for Windows x64. it is extracted from BIND 9.10.2.x64.
It installs dig into system32 folder of Windows so it is already included in PATH and can be invoked from anywhere in command prompt.

Download : DIG_9.10.2.x64

September 6, 2014

Send weekly reports of IPs logged into vsftpd

Filed under: linux — Tags: , , , — admin @ 10:25 am
root@X:[/etc/logrotate.d]: cat /etc/logrotate.d/vsftpd

        create 640 root adm

        # ftpd doesn't handle SIGHUP properly
        rotate 4
                echo "<html><body><table>$(grep "OK LOGIN" /var/log/vsftpd.log | awk '{print $8" "$12'} | sort | uniq -c | awk '{print "<tr><td>"$2"</td><td>"$3"</td><td>"$1"</td></tr>"}')</table></body></html>" | mail -a "Content-type: text/html" -s 'FTP REPORT'

September 1, 2014

Filter out comments and empty lines from config files

Filed under: Bash,linux — Tags: , , , , , — admin @ 12:38 pm
egrep -v "^[[:blank:]]*(#|$)" filename

Send email alerts if Adaptec raid fails in Linux

Filed under: linux — Tags: , , , , — admin @ 10:56 am

For Adaptec Raid you need arcconf tool to check the raid status, you can install it based on the instructions provided on this link (For Debian) :
After you have arcconf installed, create /usr/bin/raidcheck with following content and make it executable :

RESULT=$(arcconf GETCONFIG 1 | grep Status | grep -v "Not Installed" | grep -v Optimal)
if [ -n "$RESULT" ]; then
    wget -O /dev/null
    else echo "Raid is OK"

Note : In my script I have chosen to use a php script on another server to send the alert, this way I wont need to install a mail server on every server which I am monitoring. you can do the same or change the wget line to whatever you want.
Put the script in the cron to check the raid status every 12 hours :

0 */12 * * * /usr/bin/raidcheck

Disable ipv6 on Linux

Filed under: linux — Tags: , , — admin @ 10:17 am

To disable ipv6 on Linux, add following line to /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1

Now apply the change :

sysctl -p

August 30, 2014

Backup cPanel accounts to DropBox

Filed under: cPanel,linux — Tags: , , , — admin @ 7:30 pm

Notice : You need root access to cPanel server to be able to use this method.
DropBox is my favorite cloud space provider. Their recent price adjustment (1TB for $10/mo) has made using it a no brainer IMO. It is specially very good for backup purposes because it keeps different versions of your files without using any extra space. The retention period for free accounts is 30 days and for pro accounts is 1 year.
So lets say you take a backup of your website and upload it to DropBox everyday and size of your backup is 100MB. if you keep doing it for 1 year, in fact DropBox is keeping 365 x 100MB of your files which you can retrieve any of them while only 100MB of your space is used! it is crazy good, I know.
In order to be able to backup cPanel accounts directly to DropBox, first we need a method to upload files to DropBox from Linux command line. Fortunately there is a very good solution out there to do it :
Please refer to script documentation on how to install it on your server and link it to your DropBox account. it is fairly easy.
After you linked the script to your DropBox Account, move it to /usr/bin folder.
If you want to test it, run the following command and it should show your DropBox account info :

root@X:[~]: info
Dropbox Uploader v0.14

 > Getting info...

Name:   X X
UID:    012345
Quota:  1021760 Mb
Used:   2611 Mb
Free:   1019148 Mb

Now create /usr/bin/backup2db with following content and make it executable :

for fn in $1; do
/scripts/pkgacct $fn
/usr/bin/ upload /home/cpmove-$fn.tar.gz /cpanel-backup/cpmove-$fn.tar.gz
rm /home/cpmove-$fn.tar.gz

Thats it ! We are good to go.
Command to backup cPanel account acct1 :

backup2db 'acct1'

It even support multiple account backup :

backup2db 'acct1 acct2 acct3'

If you need daily backups, you can put it in cron :

0 0 * * * /usr/bin/backup2db 'acct1 acct2 acct3' > /dev/null 2>&1
Older Posts »

Powered by WordPress