Ubuntu + Apache2 + vsftpd + virtual hosts

After a fresh install of Ubuntu complete the following.

sudo su
passwd root
exit
exit

-> login as root

dpkg-reconfigure tzdata
dpkg -P apparmor apparmor-utils
apt-get update
apt-get upgrade
reboot

-> login as root

apt-get dist-upgrade
reboot

-> login as root

apt-get autoremove
apt-get install ssh openssh-server openntpd
exit

-> ssh as root

apt-get install apache2
apt-get install php5 php-pear php5-mysql php5-gd

-> Setup of MTA send ONLY

apt-get install exim4-daemon-light mailutils
dpkg-reconfigure exim4-config

-> Select "internet site;" -> Ok -> Enter/Accept default entry as the FQDN -> Enter "127.0.0.1" to listen on -> Enter/Accept default in recipient domains -> Leave relay domains and relay machines blank -> Select No to keep DNS queries to a minimum -> Select "Maildir" for locally delivered email -> Select No to split file configuration -> Setup vsftpd

apt-get install vsftpd libpam-pwdfile

Edit vsftpd.conf

mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
vi /etc/vsftpd.conf

Add the following

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
pasv_promiscuous=YES

Register the virtual users

mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1
htpasswd -d /etc/vsftpd/ftpd.passwd user2
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
vi /etc/pam.d/vsftpd

Add the following

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

Create the local vsftpd user without shell access

 useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

Restart vsftpd

service vsftpd restart

Now we create the users directories

mkdir /var/www/user1
chmod -w /var/www/user1
mkdir /var/www/user1/www
chmod -R 755 /var/www/user1/www
chown -R www-data: /var/www/user1

The main one to not forget is the removal of write access to the users root directory /var/www/user1


Sierra Aircard 320U auto connect

I needed to setup my AirCard to be able to automatically connect to the internet. 1. Connecting to modem Open a Linux terminal window connect to modem using command
minicom –s
AT command port uses standard settings 115200 bps and 8 bits none parity, 1 stop bit (115200-8N1) Then, go to Serial port Setup and use : /dev/ttyUSB2 or /dev/ttyUSB3 ** depending of modem and firmware. To verify modem is responding type ati5. It shows modem IMEI and Firmware.
Manufacturer: Sierra Wireless, Incorporated
Model: AirCard 320U
Revision: X1_4_5_0AP R5267 CNSZXD00000140 2012/07/02 13:48:56
IMEI: 357272044870768
IMEI SV: 3
FSN: CC40993248910
3GPP Release 8
+GCAP: +CGSM,+DS,+ES
2. Setup the APN Verify if there is a profile created using command at+cgdcont?
+CGDCONT: 1,"IP","telstra.datapack","0.0.0.0",0,0
+CGDCONT: 15,"IP","telstra.internet","0.0.0.0",0,0
Most Branding cards have already a profile 1 created with standard APN. If there is not profile or SIM account uses a different APN. It is possible to modify or create a new profile using command
at+cgdcont =,"IP","APN".
Where “PID” is the profile id that identifies the profile, typically profile 1 The modem should respond with "OK" Examples:
Telstra: at+cgdcont=1,”IP”,”Telstra.datapack”
Telstra: at+cgdcont=15,”IP”,”Telstra.internet”
Optional step: To change the Authentication method with the Carrier you can use the following commands: AT$QCPDPP=1,1,"password","username" 3. Set Radio On When using the modem in different computers it could inadvertently have set the Radio off. To enable the Radio use command: at+cfun =1. After that, it should have power light on solid and Data light flashing. On CDMA modems use at!pcstate=1 Note: To set the radio off use command at+cfun=0 as a result the two lights will be off. 4. Establishing a manual connection The following commands can be used to connect or disconnect on direct IP modems To manual connect: at!scact=1,<pid> To manual disconnect: at!scact=0,<pid> Example at!scact=1,1 Optional : Setting Auto connect in default profile. Modem can auto connect after powering up or resets using the default profile. To set a default profile use the following command: at!scdftprof=<pid> You can enable Auto connect in default profile using command: at!scprof=,"",1,0,0,0. 5. IP address obtained by carrier To check the IP address obtained by modem from the network use: at!scpaddr=<pid> For Example to Check IP address on profile 1 use command: at!scpaddr=1 6. Passing the IP on the computer Depending of the modem, it may not have the DHCP enabled by firmware.
ifconfig wwan0 up **
ifup wwan0
ifconfig
It will show wwan0 interface with same IP address s as shown in step 5. ** if it shows error "interface wwan0 not configured". We suggest adding the following lines in the interface file located: /etc/network/interfaces using any text editor
auto wwan0
iface wwan0 inet dhcp
7. Summary Summary of command s to create a Profile and make a manual connection using profile 3
at+cfun=1 
at+cgdcont=3,"IP","CustomAPN"
at!scdftprof=3
at!scprof=3,"",0,0,0,0
at!scact=1,3
at!scpaddr=3
Summary of commands to create a Profile 3 and using Auto connect feature
at+cfun=1 
at+cgdcont=3,"IP","CustomAPN"
at!scdftprof=3
at!scprof=3," ",1,0,0,0
8. Command to check modem status: at!gstatus?


Supermicro IPMI disconnects when os boots.

There is an issue with the e1000e driver when using the supermicro IPMI BMC2 card. When the OS boots you loose all connection to the BMC2 card.
To fix this you have to disable CRC Checking in the e1000e driver.

To do this on Ubuntu add/edit the following file. Add the following kernel boot parameters to /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="e1000e.CrcStripping=0"
update-grub
reboot

Reboot your server and your IPMI will stay active. Your checking for the following

[    0.960771] e1000e 0000:0d:00.0: CRC Stripping Disabled
dmesg | grep e1000e
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.11.0-15-generic root=/dev/mapper/em--web--00--vg-root ro e1000e.CrcStripping=0
[    0.000000] Kernel command line: BOOT_IMAGE=/vmlinuz-3.11.0-15-generic root=/dev/mapper/em--web--00--vg-root ro e1000e.CrcStripping=0
[    0.960506] e1000e: Intel(R) PRO/1000 Network Driver - 2.3.2-k
[    0.960516] e1000e: Copyright(c) 1999 - 2013 Intel Corporation.
[    0.960554] e1000e 0000:0d:00.0: Disabling ASPM L0s L1
[    0.960559] e1000e 0000:0d:00.0: can't disable ASPM; OS doesn't have ASPM control
[    0.960764] e1000e 0000:0d:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[    0.960771] e1000e 0000:0d:00.0: CRC Stripping Disabled
[    0.960810] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X
[    1.071099] e1000e 0000:0d:00.0 eth0: (PCI Express:2.5GT/s:Width x1) 00:30:48:90:ee:68
[    1.071109] e1000e 0000:0d:00.0 eth0: Intel(R) PRO/1000 Network Connection
[    1.071284] e1000e 0000:0d:00.0 eth0: MAC: 2, PHY: 2, PBA No: FFFFFF-0FF
[    1.071306] e1000e 0000:0e:00.0: Disabling ASPM L0s L1
[    1.071312] e1000e 0000:0e:00.0: can't disable ASPM; OS doesn't have ASPM control
[    1.071488] e1000e 0000:0e:00.0: Interrupt Throttling Rate (ints/sec) set to dynamic conservative mode
[    1.071527] e1000e 0000:0e:00.0: irq 70 for MSI/MSI-X
[    1.182944] e1000e 0000:0e:00.0 eth1: (PCI Express:2.5GT/s:Width x1) 00:30:48:90:ee:69
[    1.182951] e1000e 0000:0e:00.0 eth1: Intel(R) PRO/1000 Network Connection
[    1.183022] e1000e 0000:0e:00.0 eth1: MAC: 2, PHY: 2, PBA No: FFFFFF-0FF
[    7.547764] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X
[    7.648070] e1000e 0000:0d:00.0: irq 68 for MSI/MSI-X


Downloading a website using wget with auth and ssl TEST

First off issue the login and store the session cookie.

 wget --no-check-certificate \
--save-cookies cookies.txt \
--keep-session-cookies \
--post-data 'username=user&amp;password=pass&amp;remember=1&amp;Submit=Login' \
https://some.web.site.com

Then we request the page we wish to download and follow.

 wget \
 --load-cookies cookies.txt \
 --keep-session-cookies \
 --save-cookies cookies.txt \
 --reject *index.php*,*whoson.php* \
 --no-check-certificate \
 --recursive \
 --no-clobber \
 --page-requisites \
 --html-extension \
 --convert-links \
 --restrict-file-names=windows \
 --domains some.web.site.com \
 --no-parent \
https://some.web.site.com


Installing RALUS client on Debian with 3.0 kernel

1. Unpack the archive provided by Symantec

  • tar xzf RALUS_RMALS_RAMS-2896.9.tar.gz

2. Stop the RALUS service if it is already installed and runnig

  • /etc/init.d/VRTSralus.init stop

3. Very important, if you are under a 64 bit Linux you have to this

  • Extract debian package :
    tar xzf RALUS64/pkgs/Linux/VRTSralus.tar.gz
  • Install debian package :
    dpkg -i VRTSralus-13.0.2896-0.x86_64.deb
  • Start installation :
    ./RALUS64/installralus
  • If you get "./installralus: line 50: ../perl/Linux/bin/perl: No such file or directory", simply edit ./RALUS64/installralus, and change line 50 :

  • from:

    • if [ $LOCAL_PERL -eq 1 ] ; then
        ../perl/$OS/bin/perl -I.. -I$PATH -I$VXIF_HOME -I../perl/$OS/lib/$PERL_VER ./installralus.pl $*
      else
        perl -I.. -I$PATH -I$VXIF_HOME ../installralus.pl $*
      fi
    •  
      to:
      #if [ $LOCAL_PERL -eq 1 ] ; then
      # ../perl/$OS/bin/perl -I.. -I$PATH -I$VXIF_HOME -I../perl/$OS/lib/$PERL_VER ./installralus.pl $*
      #else
        perl -I.. -I$PATH -I$VXIF_HOME ../installralus.pl $* 
      #fi
      C) If the installation is sucessful but VRTSralus refuses to start, launch /opt/VRTSralus/bin/beremote –-log-console to see the error.

    If you get error while loading shared libraries: libstdc++.so.5: cannot open shared object file: No such file or directory you simply need to install the package :

    • Under Debian : apt-get install libstdc++5

      However the service will fail to start afterwards.

Change into ralus directory
#cd /opt/VRTSralus/bin

Make a backup of libbesocket.so
#cp libbesocket.so libbesocket.so.orig

Install objdump
apt-get install binutils binutils-multiarch

Disassemble the binary to a file
#objdump -D libbesocket.so > libbesocket.asm

Open file and search for ‘$0x8938?

#nano libbesocket.asm
Type ctrl+w to search
Type '$0x8938' and press enter

Find the following lines and locate the hex highlighted in red in front of the jump-no-sign instruction.
In my case it happens to be ’79 19?.

23840:       31 c0                   xor    %eax,%eax
23842:       be 38 89 00 00          mov    $0x8938,%esi
23847:       e8 2c df fe ff          callq  11778 <ioctl@plt>
2384c:       85 c0                   test   %eax,%eax
2384e:       79 19                   jns    23869 <_Z10getifaddrsPP7ifaddrs+0xb9>
23850:       e8 d3 df fe ff          callq  11828 <__errno_location@plt>
23855:       83 38 16                cmpl   $0x16,(%rax)
23858:       0f 85 40 03 00 00       jne    23b9e <_Z10getifaddrsPP7ifaddrs+0x3ee>
2385e:       c7 84 24 ec 00 00 00    movl   $0x20,0xec(%rsp)

Install hex editor and open the file

#apt-get install hexer
#hexer libbesocket.so

Search for the hex we found earlier

Type '/' to search
Type '\xx 79 19' and press enter

NOTE: Only change the code where the hex matches the preceeding chunks of code in the middle column earlier in that exact order. This is what my line looked like.
00023840:  31 c0 be 38 89 00 00 e8  2c df fe ff 85 c0 78 19  1..8....,.....x.

Using arrow keys move cursor into position and change value from ’79’ to ’78’

Type 'r' to edit
Type '78' and press enter
Type ':wq' and press enter to quit while saving

Now go and start the service
/etc/init.d/VRTSralus.init start


mpt-statusd: detected non-optimal RAID status

I have noticed that mpt-status gets installed by default in Debian 7 Wheezy when running on VMware. Since the virtual machine does not use RAID mpt-statusd reports "non-optimal" RAID status in the log every 10 minutes.

mpt-statusd: detected non-optimal RAID status

The mpt-status package is used to query the status of LSI SCSI HBAs so unless your machine is using such HBA cards the mpt-status package should be safe to remove.

sudo service mpt-statusd stop
sudo apt-get purge mpt-status