Software RAID Recovery
To simulate disk failure
# mdadm /dev/md0 -f /dev/sda1
Recovering from a software RAID disk failure
1.
Replace and reboot, or hot-remove if hardware supports it
# mdadm /dev/md0 -r /dev/sda1
2.
Add replacement partition into array
# mdadm /dev/md0 -a /dev/sda1
To disassemble/stop a disk array
# mdadm -S /dev/md0
Configuring the Quota System
Implemented within the kernel
Enabled on a per-filesystem basis
Individual policies for groups or users
Limit by the number of 1K-blocks or inodes
Implement both soft and hard limits
Initialization
Partition mount options: usrquota, grpquota
Initialize database: quotacheck -cugm /filesystem
Start or stop quotas: quotaon, quotaoff
Managing Quotas
Implementation
Edit quotas directly: edquota username
From a shell: setquota username 4096 5120 40 50 /foo
Define prototypical users: edquota -p user1 user2
Reporting
User inspection: quota
Quota overviews: repquota
Miscellaneous utilities: warnquota
GRUB Components and Configuration
1st Stage
Small, added to MBR or boot sector during installation
Use /sbin/grub-install to repair
2nd Stage
Loaded from filesystem containing /boot
Configured in /boot/grub/grub.conf
To boot Linux: title, kernel, root filesystem, and initial ramdisk
Kernel Initialization
Kernel boot time functions
Device detection
Device driver initialization (modules loaded from initrd-
Mounts root filesystem read only
Loads initial process (init, PID 1)
Logged to /var/log/dmesg
init Initialization
init reads its config: /etc/inittab
Initial runlevel
System initialization scripts
Runlevel specific script directories
Trap certain key sequences
Define UPS power fail / restore scripts
Spawn gettys on virtual consoles
Initialize X in runlevel 5
System Initialization
/etc/rc.d/rc.sysinit
Activate udev and selinux
Sets kernel parameters in /etc/sysctl.conf
Sets the system clock
Loads keymaps
Enables swap partitions
Sets hostname
Root filesystem check and remount read-write
Activate RAID and LVM devices
Enable disk quotas
Check and mount other local filesystems
Cleans up stale locks and PID files
Standalone Service Initialization
/etc/rc.d/rc defines which standalone services to start
l5:5:wait:/etc/rc.d/rc 5
Each runlevel has a corresponding directory:
/etc/rc.d/rc5.d/
K* symbolic links called with a stop argument
S* symbolic links called with a start argument
The System V init scripts reside in:
/etc/rc.d/init.d/
Behavior configured with files under /etc/sysconfig/
Non-Service Startup
/etc/rc.d/rc.local
Runs near the end of the runlevel specific scripts (S99local)
Common place for custom modification
Better practice:
Create a System V init script
Existing /etc/rc.d/init.d/ scripts can be used as a starting point
List all current settings: sysctl -a
Reprocess settings from sysctl.conf: sysctl -p
Set a /proc value dynamically: sysctl -w net.ipv4.ip_forward=1
Can be OR’d or negated with -o or -not
find -user joe -not -group joe
find -user joe -o -user jane
find -not \( -user joe -o -user jane \)
Can match ownership by name or id
find / -user joe -o -uid 500
Can match octal or symbolic permissions
find -perm 755
matches if mode is exactly 755
find -perm +222
matches if anyone can write
find -perm -222
matches if everyone can write
find -perm -002
matches if other can write
Many find criteria take numeric values
find -size 10M
Files with a size of exactly 10 megabytes
find -size +10M
Files with a size over 10 megabytes
find -size -10M
Files with a size less than 10 megabytes
Other modifiers are available such as k for KB, G for GB, etc.
find can match by inode timestamps
-atime when file was last read
-mtime when file data last changed
-ctime when file data or metadata last changed
Value given is in days
find /tmp -ctime +10
Files changed more than 10 days ago
Can use a value of minutes
-amin
-mmin
-cmin
find /etc -amin -60
Commands can be executed on found files
Command must be preceded with -exec or -ok
-ok prompts before acting on each file
Command must end with Space\;
Can use {} as a filename placeholder
find -size +100M -ok mv {} /tmp/largefiles/ \;
Back up configuration files, adding a .orig extension
$ find -name ‘*.conf’ -exec cp {} {}.orig \;
Prompt to remove Joe’s tmp files that are over 3 days old
$ find /tmp -ctime +3 -user joe -ok rm {} \;
Fix other-writable files in your home directory
$ find ~ -perm -002 -exec chmod o-w {} \;
Do an ls -l style listing of all directories in /home/
$ find /home -type d -ls
Find files that end in .sh but are not executable by anyone. For each file, ask to make it executable by everyone
$ find -not -perm +111 -name ‘*.sh’ -ok chmod 755 {} \;
vi/vim commands:
A append to end of line
a append after current symbol
I insert at beginning of line
o insert new a line (below)
O insert new line (above)
Move by word: w, b
Move by sentence: ), (
Move by paragraph: }, {
Jump to line x: xG or : x
Jump to end: G
Change (replace) Delete (cut) Yank (copy)
Line cc dd yy
Letter cl dl yl
Word cw dw yw
Sentence ahead c) d) y)
Sentence behind c( d( y(
Paragraph above c{ d{ y{
Paragraph below c} d} y}
p -> paste below(after)
P -> paste above(before)
ctrl+r -> redo last undo
ctrl+u -> undo
ctrl+U – > undo all
Multiple documents can be viewed in a single vim screen
Ctrl-w, s splits the screen horizontally
Ctrl-w, v splits the screen vertically
Ctrl-w, Arrow moves between windows
Standard input (STDIN) – keyboard by default
Standard output (STDOUT) – terminal window by default
Standard error (STDERR) – terminal window by default
> Redirect STDOUT to file
2> Redirect STDERR to file
&> Redirect all output to file
2>&1: Redirects STDERR to STDOUT
(): Combines STDOUTs of multiple programs
$ ( cal 2007 ; cal 2008 ) | less
to list backups full
on backup server:
vzarestore -l -f -e <host-of-vps or ID>
to restore only a folder/file
on HN of vps:
vzarestore <id container> --files <path to folder or file> -b <backup ID> --storage user:"password"@<ip of backup server>
How do I rebuild qmail queue if it is damaged or consists of a lot of spam messages?
Article ID: 252
Last Review: Mar,5 2009
Author: Vitaly Malakhov
Last updated by: Vitaly Malakhov APPLIES TO:
* Plesk 8.x for Linux/Unix
* Plesk 7.5.x Reloaded
Resolution
This instruction is written for RPM-based systems (RedHat, Fedora, CentOS, etc…).
Please perform the following steps to recreate Qmail`s queue.
Attention!
All current messages will be removed from the queue in this case and cannot be restored.
1. Stop Qmail and xinetd.
/etc/init.d/qmail stop
/etc/init.d/xinetd stop
2. Move current queue to another location.
mv /var/qmail/queue /var/qmail/queue_old
3 Reinstall ‘psa-qmail’ RPM to recreate qmail queue structure with the command like:
rpm -Uvh –force psa-qmail….
4.(Optional).Reinstall drweb-qmail RPM if you use DrWeb antivirus feature which comes with Plesk.
rpm -Uvh –force drweb-qmail….
5.Start Qmail and xinetd:
/etc/init.d/qmail start
/etc/init.d/xinetd start
Note: you should get the both psa-qmail and drweb-qmail RPMs from the same Plesk version distributive which is installed on the server.
You can obtain current psa-qmail, drweb-qmail RPMs and Plesk build versions by running the following commands on Linux systems:
rpm -q psa-qmail
rpm -q drweb-qmail
rpm -q psa
The server is saturated with SPAM. There are many messages in the queue. The mail is sent slowly.
Article ID: 766
Last Review: Mar,16 2009
Author: Daria Taranova
Last updated by: Daria Taranova APPLIES TO:
* Plesk 7.5.x Reloaded
* Plesk 9.x for Linux/Unix
* Plesk 8.x for Linux/Unix
Resolution
First check that all domains have the option ‘Mail to non-existing user’ set to ‘reject’ but not to ‘forward’. You can change this setting to all domains using “Group Operations” in the “Domains” tab in Parallels Plesk Control Panel. The option “Reject mail to nonexistent user” is available since Parallels Plesk Panel 7.5.3.
Also, please, check that all the IPs and networks in the white lists are reliable and familiar to you.
Check how many messages are in the queue with Qmail:
# /var/qmail/bin/qmail-qstat
messages in queue: 27645
messages in queue but not yet preprocessed: 82
If the queue has too many messages, try to discover the source of SPAM.
If mail is being sent by an authorized user but not from the PHP script, you can run the command below to find the user that has sent the most messages (available since Plesk 8.x). Note that you must have the ‘SMTP authorization’ activated on the server to see these records:
# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk ‘{print $11}’ |sort |uniq -c |sort -n
The path to ‘maillog’ may differ depending on the OS you are using.
The next step is to use is “qmail-qread”, which can be used to read the message headers:
# /var/qmail/bin/qmail-qread
18 Jul 2005 15:03:07 GMT #2996948 9073
done remote user1@domain1.com
done remote user2@domain2.com
done remote user3@domain3.com
….
This shows the senders and recipients of messages. If the message contains too many recipients, probably this is spam. Now try to find this message in the queue by its ID ( # 2996948 in our example):
# find /var/qmail/queue/mess/ -name 2996948
Examine the message and find the line “Received” to find out from where it was sent for the first time, for example, if you find:
Received: (qmail 19514 invoked by uid 10003); 13 Sep 2005 17:48:22 +0700
it means that this message was sent via a CGI by user with UID 10003. Using this UID it is possible to find the domain:
# grep 10003 /etc/passwd
If the ‘Received’ line contains a UID of a user ‘apache’ (for example invoked by uid 48) – it means that spam was sent through a PHP script. In this case, you can try to find the spammer using information from spam email (address from/to or any other information). It is usually very difficult to discover the source of SPAM. If you are absolutely sure that this time there is a script which sends SPAM (tail grows rapidly for no apparent reason), you can use the following script to know what PHP scripts are running at this time:
# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep php
You can also apply KB article which describes the procedure of discovering which domains are sending mail through PHP scripts.
Lines in Received section like
Received: (qmail 19622 invoked from network); 13 Sep 2005 17:52:36 +0700
Received: from external_domain.com (192.168.0.1)
mean that the message has been accepted and delivered via SMTP, and that the sender is an authorized mail user.
IMPORTANT: Learn how to recreate the queue in Qmail
[How To] How to test Spamassassin
Resolution
To test Spamassassin it is necessary to send a test mail containing the following string of characters (in upper case and with no white spaces and line breaks):
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
Note: Test mail must be sent from an account outside of your network.
Additional information
Please see more information about Spamassassin here: http://spamassassin.apache.org/gtube