Linux Systems

Another basic shell script

Alex Underwood 0 Comments

The great thing about shell scripts is that they are a great way to solve complex problems that can cost you a lot of time to do manually. To this end, I had a client that needed some videos (that was made by using the Video production services Toronto) encoded on his server that didn’t encode properly. For an experienced script writer this would take about 5 minutes to write. It also makes it so that if the client wants to use it they can. The configuration was nice because the input and output file name was the same, just the extension was different. This is not very polished, if it were I would

A)run it as the same user

B)Put it in the user’s homedir

C)Make it so that it was password protected and executable via PHP script so the user wouldn’t require any bash experience at all but could upload a list via FTP and just run it.

#!/bin/bash

for video in `cat /root/list.txt` #We will run a loop where each line in list.txt is run as a variable $video.
do
mv /home/user/public_html/media/videos/flv/$video.flv /home/user/public_html/media/videos/flv/$video.flv.old #back up old files
ffmpeg -y -b 1500 -r 25 -i  /home/gogreenc/public_html/media/videos/vid/$video.* -f flv -s 640×480 -deinterlace -ac 1 -ar 41400 /home/user/public_html/media/videos/flv/$video.flv #encode new file, 640X480 out, FLV format deinterlaced.
chown user:user /home/user/public_html/media/videos/flv/$video.flv #chown to the right user. Not required if running as the right user.
done

A quickie MySQL backup script

Alex Underwood 0 Comments

I’ve seen my fair share of clients that need basic MySQL backups but have no control panel or don’t want to bother with Control panel based backups. This is a really simple setup that lets you do DB backups and put them in a local directory of the server. It would likely be easily modified to rsync to another server as well if you wanted to. There are a ton of options that could be added to this, your imagination (and shell scripting capacity) are the only limitations. Some suggestions I have would be

-Mail on success or failure and on old file deletion

-Connect to a remote DB

-Monitor the overall size

Well enough with the abstract, on to the shell!

#!/bin/bash
date=`date +%Y%m%d`
mysqldump –all-databases > /mysqlbackups/mysql-$date.sql
find /mysqlbackups/ -atime +30 -delete

If you notice, this takes up all of 4 lines. The first one is the she-bang, the second is establishing the date time stamp, the third dumps the databases and the last one purges any old backups. The only real variable you have to change here is the “+30” so that it is the number of days you want to retain the backups for minus one.

The sword of SEO

Alex Underwood 0 Comments

I was on a client server getting attacked, the DoS was heavily distributed. Since he’d mentioned something about someone linking to his web site, I was poking through the Apache logs. I noticed that one site was generating a huge amount of referrals. Investigating deeper, Ifound this on the referral site:

<iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>
0<br><iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>
1<br><iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>
2<br><iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>
3<br><iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>

…….

30<br><iframe src=”http://www.domain.com” width=”1″ height=”1″ ></iframe>

This is one of the slicker DoSes I’ve seen in a while. Because of the way it was set up it would be very difficult if not impossible to block on a network level and not traceable back to any particular IP on a network level (read:iptables, RTG or hardware firewall.) Within a few assumptions here this is what I believe to happen:

-Person sets up a web site with just a park page etc. on it.
-Person directs traffic to this using SEO. (back links, etc) to gain it status on search engines
-Person puts up the attack page similar to the above
-Every time a person from a search engine clicks the link, they load a few dozen copies of the page
-The iframe points to a “high value” target that generates a lot of load on the server, such as a forum or other dynamic content.

Backlinks are a crucial factor in the world of SEO. They are like a vote of confidence from other websites, indicating that your website is trustworthy and valuable. However, it’s essential to keep in mind that not all backlinks are created equal. High-quality backlinks from authoritative websites are worth more than low-quality backlinks from spammy websites. That’s why some people resort to buying backlinks to boost their website’s ranking. However, this is not a recommended strategy as it can lead to penalization from search engines like Google. Instead, it’s best to focus on building organic and high-quality backlinks through outreach and content marketing. Companies like Buybacklinks.club may offer to sell backlinks, but it’s important to proceed with caution and prioritize quality over quantity.

I personally saw this attack decimate a late model server with 16GB of RAM with enough IP distribution that it was not plausible to block it. It is viciously effective when planned out and done properly. It can also be done with virtually NO resources using a free shared hosting account. The person who loads it probably never realized they just made an attack on a server either. The plus side is that if you track it you can limit the damage done very easily provided you know what you are looking for. That will be my next blog.

Adding lots of IPs to a debian box

Alex Underwood 0 Comments

At work I had a client with a Debian system that needed a bunch of IPs added to it. Since it doesn’t really support ranges (at least that I can find) I came up with the following script.

#/bin/bash
j=42
for i in  {186..190}
do
j=$(expr $j + 1)
echo auto eth0:$j >> interfaces; echo iface eth0:$j inet static >> interfaces; echo address 192.168.41.$i >> interfaces; echo netmask 255.255.255.248 >> interfaces;
done

How it works is that j is the last IP in the ranges currently set in the interfaces file. The address is defined in the script, and the range is defined in the i= section. Just change the numbers to match what you want, put this into /etc/networking, run it and restart networking. This is only for five IPs but you could do hundreds or thousands this way if it was the desired affect. Or you can use a distro that supports ranges :>

How to upgrade Fedora 13 to 14.

Tyler Bishop 1 Comment

For whatever reason they seem to have left out some important steps for a successful upgrade, so here you go:

wget https://fedoraproject.org/static/97A1071F.txt -O /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-14-primary
yum update fedora-release --releasever=14
yum --releasever=14 update --skip-broken -y

After you reboot run 
rpm -qa | grep -v fc14 | xargs yum -y update

If anyone at the Fedora group is paying attention.. add this crap to the wiki.

http://fedoraproject.org/wiki/YumUpgradeFaq#Fedora_13_-.3E_Fedora_14

Trick Out Your HTOP With Useful Features

Tyler Bishop 5 Comments

Here’s the htop I’ve came up with over several years.

Simply create a “.htoprc” in your home folder with the below contents.

# Beware! This file is rewritten every time htop exits.
# The parser is also very primitive, and not human-friendly.
# (I know, it's in the todo list).
fields=0 48 17 18 38 39 40 2 46 47 49 1
sort_key=46
sort_direction=1
hide_threads=0
hide_kernel_threads=1
hide_userland_threads=0
shadow_other_users=0
highlight_base_name=0
highlight_megabytes=1
highlight_threads=0
tree_view=0
header_margin=1
detailed_cpu_time=1
color_scheme=0
delay=15
left_meters=Hostname Tasks LoadAverage Uptime Memory Memory Swap CPU CPU
left_meter_modes=2 2 2 2 1 2 1 1 2
right_meters=AllCPUs
right_meter_modes=1

Rebuilding an RPM-based OS White it’s Running

Tyler Bishop 0 Comments

Cool title right? Recently at Beyond Hosting we had a server get hard powered off while it was doing a raid array rebuild and for whatever reason it corrupted a ton of data, surprising right? Thank a singlehop DC ‘tech?’..

Okay well here’s how you do it.
First create a list of all the files that are SCREWED. Then reinstall them with yum, hopefully your yum/rpm still works..

rpm -V -a | grep -v local | awk '{print $2}' | \
xargs rpm -q --whatprovides | sort | uniq | grep -v "no package" | \
xargs yum -y reinstall

At this point restart and hopefully everything that isn’t a configuration or user generated file is fixed.

Why you pay money for ECC RAM

Alex Underwood 0 Comments

Tonight presents a valuable lesson. I had a box running heavy MySQL duty that would crash at odd times. I could get MySQL to start, but the processes would die, it wouldn’t terminate cleanly, and even on a freshly started copy it was giving me “out of memory” errors. After fighting this for some time (say hours) and assuming that it was me the user, I checked the system in a bout of frustration.

Being a Xeon, my first look after rebooting it was in the error log of the BIOS. It had a lone ECC error in the log. Where I couldn’t even run show databases; before it will go through a check and stay up now. I bring this up as it presents two invaluable lessons:

A)It’s usually the software or the sysadmin that screws a server up. Not the hardware. That being said it is best to consider it. This is the second time I’ve seen a machine with ECC RAM screw up like this in two years and several hundred servers later. I have seen maybe 20 ECC equipped machines that actually had DIMMs that were bad. Probably half that. With that being said MySQL tends to show it first.

B)ECC RAM is worth the extra outlay in the datacenter. This could have easily not been detected for a long period of time, and cost a client and the next client that would have been put on the server.

How to identify what processes are generating IO Wait load

Tyler Bishop 0 Comments

An easy way to identify what process is generating your IO Wait load is to enable block I/O debugging. This is done by setting /proc/sys/vm/block_dump to a non zero value like:

echo 1 > /proc/sys/vm/block_dump

This will cause messages like the following to start appearing in dmesg:

bash(6856): dirtied inode 19446664 (ld-2.5.so) on md1

Using the following one-liner will produce a summary output of the dmesg entries:

dmesg | egrep "READ|WRITE|dirtied" | egrep -o '([a-zA-Z]*)' | sort | uniq -c | sort -rn | head
    354 md
    324 export
    288 kjournald
     53 irqbalance
     45 pdflush
     14 portmap
     14 bash
     10 egrep
     10 crond
      8 ncftpput

Once you are finished you should disable block I/O debugging by setting /proc/sys/vm/block_dump to a zero value like:

echo 0 > /proc/sys/vm/block_dump

Another cool method with a perl script: http://www.xaprb.com/blog/2009/08/23/how-to-find-per-process-io-statistics-on-linux/

MySQL Auto Repair and Optimization

Tyler Bishop 0 Comments

It’s important to keep your MySQL tables repaired and optimized, simply add the below command to crontab.

crontab -e

@daily mysqlcheck --all-databases -B -e --auto-repair --optimize

You will need to provide your MySQL root details in .my.cnf

[client]
user="root"
pass="password"

Alex actually showed me this a while ago but its a good bit of information.