It is usefull to check any ddos attack on the server.
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
netstat -anp |grep 'tcp\|udp' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
A Blog to share my experience and knowledge, Iam dealing with Linux Server Administration.
Monday 28 May 2012
Saturday 26 May 2012
Internal server error in linux
When a site gives Internal Server Error on any Linux server I follow these steps:
NOTE: USER = username of account
Step 1:
cd /home/USER/public_html
find ./ -perm +022 | xargs chmod go-w
The above will remove world writable permissions from files/folders, which we do not need in suPHP.
Step 2:
cd /home/USER/public_html
find ./ -user nobody -print | xargs chown USER:USER
The above will change nobody owned files back to user.
Step 3:
cd /home/USER/public_html
find ./ -name .htaccess | xargs grep -i php_ /dev/null
The above command will search for any php_flag or php_value directive in .htaccess files. As we run suPHP so php_flag or php_value results in Internal Server Error if found.
Step 4 (edit by Avesta):
chmod 751 cgi-bin
If the files/folder names contain spaces or special characters then the above commands may give error. So in the case, try the following commands:
find ./ -perm +022 -print0 | xargs -0 chmod go-w
find ./ -user nobody -print0 | xargs -0 chown USER:USER
find ./ -name .htaccess -print0 | xargs -0 grep -i php_ /dev/null
find ./ -name .htaccess -print0 | xargs -0 grep -i AddType /dev/null
Example:
root@server [/home/USER/www]# find ./ -perm +022 | xargs chmod go-w
chmod: missing operand after `go-w'
Try `chmod --help' for more information.
root@server [/home/USER/www]# find ./ -user nobody -print | xargs chown stats.stats
chown: missing operand after `stats.stats'
Try `chown --help' for more information.
Such output means that there is no world writable file/folder or with nobody ownership. If there will be any world writable file/folder or with nobody ownership then these commands will give no output.
If after running these commands you still see Internal Server Error, then the logs should be consulted. Logs that need to be checked are:
/usr/local/apache/logs/error_log
/usr/local/apache/logs/suphp_log
NOTE: USER = username of account
Step 1:
cd /home/USER/public_html
find ./ -perm +022 | xargs chmod go-w
The above will remove world writable permissions from files/folders, which we do not need in suPHP.
Step 2:
cd /home/USER/public_html
find ./ -user nobody -print | xargs chown USER:USER
The above will change nobody owned files back to user.
Step 3:
cd /home/USER/public_html
find ./ -name .htaccess | xargs grep -i php_ /dev/null
The above command will search for any php_flag or php_value directive in .htaccess files. As we run suPHP so php_flag or php_value results in Internal Server Error if found.
Step 4 (edit by Avesta):
chmod 751 cgi-bin
If the files/folder names contain spaces or special characters then the above commands may give error. So in the case, try the following commands:
find ./ -perm +022 -print0 | xargs -0 chmod go-w
find ./ -user nobody -print0 | xargs -0 chown USER:USER
find ./ -name .htaccess -print0 | xargs -0 grep -i php_ /dev/null
find ./ -name .htaccess -print0 | xargs -0 grep -i AddType /dev/null
Example:
root@server [/home/USER/www]# find ./ -perm +022 | xargs chmod go-w
chmod: missing operand after `go-w'
Try `chmod --help' for more information.
root@server [/home/USER/www]# find ./ -user nobody -print | xargs chown stats.stats
chown: missing operand after `stats.stats'
Try `chown --help' for more information.
Such output means that there is no world writable file/folder or with nobody ownership. If there will be any world writable file/folder or with nobody ownership then these commands will give no output.
If after running these commands you still see Internal Server Error, then the logs should be consulted. Logs that need to be checked are:
/usr/local/apache/logs/error_log
/usr/local/apache/logs/suphp_log
Friday 25 May 2012
Methods to reduce server load
1 )netstat -plan | grep :80 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n
2) netstat -plan | grep :25 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n
3) pstree -paul
4) cd /tmp
5) rm -f dos-* sess_* .spamassassin*
6) find . -user nobody -exec rm -f '{}' \;
7) ps -C exim -fH ewww
8) ps -C exim -fH eww |grep home
9) netstat -ntu | grep ':' | awk '{print $5}' | awk '{sub("::ffff:","");print}' | cut -f1 -d ':' | sort | uniq -c | sort -n
10) mysqladmin proc |grep Sleep |awk {'print $4'}|cut -d_ -f 1|sort|uniq -c|sort -nk 1
11) ps -C exim -fH ewww
12) for i in `ipcs -s | awk '{print $2}'`; do (ipcrm -s $i); done
13) for i in `mysqladmin proc |grep Sleep |cut -d " " -f 2`; do mysqladmin kill $i; done
14) exim -bp |grep "*** frozen ***" |awk '{print $3}' |xargs exim -Mrm
15) exiqgrep -z -i | xargs exim -Mrm;exiqgrep -o 432000 -i | xargs exim -Mrm
2) netstat -plan | grep :25 | awk '{print $5}' | cut -d: -f 1 | sort | uniq -c | sort -n
3) pstree -paul
4) cd /tmp
5) rm -f dos-* sess_* .spamassassin*
6) find . -user nobody -exec rm -f '{}' \;
7) ps -C exim -fH ewww
8) ps -C exim -fH eww |grep home
9) netstat -ntu | grep ':' | awk '{print $5}' | awk '{sub("::ffff:","");print}' | cut -f1 -d ':' | sort | uniq -c | sort -n
10) mysqladmin proc |grep Sleep |awk {'print $4'}|cut -d_ -f 1|sort|uniq -c|sort -nk 1
11) ps -C exim -fH ewww
12) for i in `ipcs -s | awk '{print $2}'`; do (ipcrm -s $i); done
13) for i in `mysqladmin proc |grep Sleep |cut -d " " -f 2`; do mysqladmin kill $i; done
14) exim -bp |grep "*** frozen ***" |awk '{print $3}' |xargs exim -Mrm
15) exiqgrep -z -i | xargs exim -Mrm;exiqgrep -o 432000 -i | xargs exim -Mrm
Subscribe to:
Posts (Atom)