LinuxHelps.com

A blog for Linux Lovers.

Posted by sibu on June 18, 2009

Zombie process

Zombie process is an inactive computer process, according to wikipedia article, “…On Unix operating systems, a zombie process or defunct process is a process that has completed execution but still has an entry in the process table, allowing the process that started it to read its exit status. In the term’s colorful metaphor, the child process has died but has not yet been reaped…”

Use top or ps command to find out zombie process.

# top
OR
# ps aux | awk ‘{ print $8 ” ” $2 }’ | grep -w Z

Output:

Z 4104
Z 5320
Z 2945

You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.

You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104.

# kill -9 4104

Please note that kill -9 does not guarantee to kill a zombie process.Write a script and schedule as a cron job.The following is a script to kill Zombie processes.

Code:

for each in `ps -ef | grep ” | grep -v PID | awk ‘{ print $3 }’`; do
for every in `ps -ef | grep $each | grep -v cron | awk ‘{ print $2 }’`; do
kill -9 $every;
done;
done

Posted by sibu on June 14, 2009

Optimize MySQL Performance With MySQLTuner

MySQLTuner is a high-performance MySQL tuning script written in perl that will provide you with a snapshot of a MySQL server health. Based on the statistics gathered, specific recommendations will be provided that will increase a MySQL servers efficiency and performance. The script gives you automated MySQL tuning that is on the level of what you would receive from a MySQL DBA.

# wget http://mysqltuner.com/mysqltuner.pl
# chmod +x mysqltuner.pl
# ./mysqltuner.pl

Result

>> MySQLTuner 0.9.0 - Major Hayden
>> Bug reports, feature requests, and downloads at http://mysqltuner.com/
>> Run with ‘–help’ for additional options and output filtering
Please enter your MySQL administrative login: secret
Please enter your MySQL administrative password: more secret

——– General Statistics ————————————————–
[OK] You have the latest version of MySQLTuner
[OK] Currently running supported MySQL version 5.0.32-Debian_7etch4-log
[OK] Operating on 32-bit architecture with less than 2GB RAM

——– Storage Engine Statistics ——————————————-
[--] Status: +Archive -BDB -Federated -InnoDB -ISAM -NDBCluster
[--] Data in MyISAM tables: 71M (Tables: 548)

——– Performance Metrics ————————————————-
[--] Up for: 109d 22h 8m 1s (69M q [7.283 qps], 1M conn, TX: 3B, RX: 3B)
[--] Reads / Writes: 98% / 2%
[--] Total buffers: 2.6M per thread and 58.0M global
[OK] Maximum possible memory usage: 320.5M (62% of installed RAM)
[OK] Slow queries: 0% (39/69M)
[OK] Highest usage of available connections: 63% (63/100)
[OK] Key buffer size / total MyISAM indexes: 16.0M/65.0K
[OK] Key buffer hit rate: 100.0%
[OK] Query cache efficiency: 80.6%
[!!] Query cache prunes per day: 30287
[OK] Sorts requiring temporary tables: 0%
[!!] Temporary tables created on disk: 59%
[OK] Thread cache hit rate: 99%
[!!] Table cache hit rate: 0%
[OK] Open file limit used: 12%
[OK] Table locks acquired immediately: 99%

——– Recommendations —————————————————–
General recommendations:

* Enable the slow query log to troubleshoot bad queries
* When making adjustments, make tmp_table_size/max_heap_table_size equal
* Reduce your SELECT DISTINCT queries without LIMIT clauses
* Increase table_cache gradually to avoid file descriptor limits

Variables to adjust:

* query_cache_size (> 16M)
* tmp_table_size (> 32M)
* max_heap_table_size (> 16M)
* table_cache (> 64)

Posted by sibu on June 11, 2009

SSL Certificates

SSL Certificates:

Normally data is sent unencrypted over Internet, which means anybody with certain tools can hack all your data. To pervent this from happening SSL (Secure Socket Layer) is used to encrypt the data stream between the Web Server and the Web Client.

Types:


* Self Signed Certificate
* Certificate issued by a trusted Certificate Authority(CA)

Why is a certificate issued by a CA necessary?


Simple - It is not really necessary - the data is secure and cannot easily be decrypted by a third party. However, certificates do serve a crucial role in the communication process. The certificate, signed by a trusted Certificate Authority, ensures that the certificate holder is really who he claims to be. Without a trusted signed certificate, your data may be encrypted, however, the party you are communicating with may not be whom you think. Without certificates, impersonation attacks would be much more common.

Steps in generating Certificates:


* Generate a Private Key
* Generate a CSR (Certificate Signing Request)
* Generating a Self-Signed Certificate / Get the Certificate from a CA
* Installing the Private Key and Certificate
* Configuring SSL Enabled Virtual Hosts
* Restart Apache and Test

Generate a Private Key:


* OpenSSL tool is used for this purpose, make sure openssl is installed
* It is always ideal to include the domain names in file names

openssl genrsa -out /etc/httpd/conf/ssl.key/domain.key 1024

Generate a CSR:


* Once the Private Key is created, use it to generate a CSR
* Avoid entering data for extra attributes like : “A Challenge Password”, since this might be asking you for the passphrase each time you restart Apache

openssl req -new -key /etc/httpd/conf/ssl.key/domain.key -out /etc/httpd/conf/ssl.crt/domain.csr


Generating a Self-Signed Certificate / Get the Certificate from CA

* A Self-Signed Certificate is one that we create by ourself
* However, using a self-signed certificate will generate an error in clients browser that, “igning certificate authority is unknown and not trusted”.

openssl x509 -req -in /usr/local/apache/ssl.crt/domain.csr -signkey /usr/local/apache/ssl.key/domain.key -out /usr/local/apache/ssl.crt/domain.crt

* And to get a Certificate from a CA, all you have to do is send them a copy of the Private key and CSR ytou have just generated on the server

* Copy all the certificates generated to appropriate folders

Configuring SSL Enabled Virtual Hosts

Configure your httpd.conf to encorporate the SSL Certificates with Apache Server

SSLEngine on
SSLCertificateFile /usr/local/apache/conf/ssl.crt/domain.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domain.key
SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”

Posted by sibu on May 24, 2009

Changing time zone linux

Change Time Zone

1. Logged in as root, check which timezone your machine is currently using by executing `date`. You’ll see something like Mon 17 Jan 2005 12:15:08 PM PST, PST in this case is the current timezone.

2.Change to the directory /usr/share/zoneinfo here you will find a list of time zone regions. Choose the most appropriate region, if you live in Canada or the US this directory is the “America” directory.

3. If you wish, backup the previous timezone configuration by copying it to a different location. Such as
mv /etc/localtime /etc/localtime-old

4. Create a symbolic link from the appropiate timezone to /etc/localtime. Example:
ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

5. If you have the utility rdate, update the current system time by executing
/usr/bin/rdate -s time.nist.gov

6. Set the ZONE entry in the file /etc/sysconfig/clock file (e.g. “America/Los_Angeles”)

7. Set the hardware clock by executing:
/sbin/hwclock –systohc

How to Change Date and Time

You can change the date and time on linux machine using the date command
Eg: If you want to change the date to July 31, 11:16 pm then type as follows

date 07312316
If you want to change the year as well, you could type
“date 073123161998”

You can also use the following:

date -s “31 JULY 1998 23:16:00″

Posted by sibu on May 24, 2009

Disable SELinux for only Apache / httpd in Linux

You can disable Apache SELinux protection easily. Please keep in mind that by disabling SELinux for apache you are inviting more security related problems.

Disable Apache SELinux Protection

Open /etc/selinux/targeted/booleans file using a text editor:
# vi /etc/selinux/targeted/booleans
Append or modify value for httpd_disable_trans as follows:
httpd_disable_trans=1

Save and close the file.

Type the following two commands:
# setsebool httpd_disable_trans 1
# /etc/init.d/httpd restart

GUI tool to disable SELinux for Apache                                                                                                         Open a shell prompt
Type the command system-config-securitylevel
system-config-securitylevel &
Next select SELinux tab > click on Disable SELinux protection for httpd daemon checkbox > Save the changes
Finally restart httpd service:
# /etc/init.d/httpd restart

Posted by sibu on May 24, 2009

Flushing DNS cache

You can flush your DNS cache as per following.

1) For Windows

Start -> Run -> type cmd
- in command prompt, type ipconfig /flushdns
- Done! You Window DNS cache has just been flush.

2) For Linux

- To restart the nscd daemon, type /etc/rc.d/init.d/nscd restart in your terminal
- Once you run the command your linux DNS cache will flush.

3) For Mac OS X

- type lookupd -flushcache in your terminal to flush the DNS resolver cache.
ex: bash-2.05a$ lookupd -flushcache
- Once you run the command your DNS cache (in Mac OS X) will flush.

Posted by sibu on May 24, 2009

Required permissions and directories for Fantastico

Fantastico requires certain files and directories to have the following permissions:

NOTE: Depending on your server setup, the files may be in slightly different locations.

Files:
/bin/tar 0755
/bin/gzip 0755
/usr/bin/wget 0700
/bin/bash 0755

Directories (create if they do not exist):
/tmp 1777
/usr/local/cpanel/base/tmp 1777
/usr/local/cpanel/3rdparty/tmp 1777

Posted by sibu on May 24, 2009

Yum Commands

YUM packages updater (Fedora, RedHat and like)

yum install package_name download and install a rpm package
yum localinstall package_name.rpm That will install an RPM, and try to resolve all the dependencies for you using your repositories.
yum update update all rpm packages installed on the system
yum update package_name upgrade a rpm package
yum remove package_name remove a rpm package
yum list list all packages installed on the system
yum search package_name find a package on rpm repository
yum clean packages clean up rpm cache erasing downloaded packages
yum clean headers remove all files headers that the system uses to resolve dependency
yum clean all remove from the cache packages and headers files

Posted by sibu on May 24, 2009

RPM commands

rpm -ivh package.rpm install a rpm package
rpm -ivh –nodeps package.rpm install a rpm package ignoring dependencies requests
rpm -U package.rpm upgrade a rpm package without changing configuration files
rpm -F package.rpm upgrade a rpm package only if it is already installed
rpm -e package_name.rpm remove a rpm package
rpm -qa show all rpm packages installed on the system
rpm -qa | grep httpd show all rpm packages with the name “httpd”
rpm -qi package_name obtain information on a specific package installed
rpm -qg “System Environment/Daemons” show rpm packages of a group software
rpm -ql package_name show list of files provided by a rpm package installed
rpm -qc package_name show list of configuration files provided by a rpm package installed
rpm -q package_name –whatrequires show list of dependencies required for a rpm packet
rpm -q package_name –whatprovides show capability provided by a rpm package
rpm -q package_name –scripts show scripts started during installation / removal
rpm -q package_name –changelog show history of revisions of a rpm package
rpm -qf /etc/httpd/conf/httpd.conf verify which rpm package belongs to a given file
rpm -qp package.rpm -l show list of files provided by a rpm package not yet installed
rpm –import /media/cdrom/RPM-GPG-KEY import public-key digital signature
rpm –checksig package.rpm verify the integrity of a rpm package
rpm -qa gpg-pubkey verify integrity of all rpm packages installed
rpm -V package_name check file size, permissions, type, owner, group, MD5 checksum and last modification
rpm -Va check all rpm packages installed on the system - use with caution
rpm -Vp package.rpm verify a rpm package not yet installed
rpm2cpio package.rpm | cpio –extract –make-directories *bin* extract executable file from a rpm package
rpm -ivh /usr/src/redhat/RPMS/`arch`/package.rpm install a package built from a rpm source
rpmbuild –rebuild package_name.src.rpm build a rpm package from a rpm source

Posted by sibu on May 24, 2009

File search commands

find  / -name file1 - search file and directory into root filesystem from ‘/’
find / -user user1 - search files and directories belonging to ‘user1′
find /home/user1 -name \*.bin - search files with ‘. bin’ extension within directory ‘/ home/user1′
find /usr/bin -type f -atime +100 - search binary files are not used in the last 100 days
find /usr/bin -type f -mtime -10 - search files created or changed within 10 days
find / -name \*.rpm -exec chmod 755 ‘{}’ \;   - search files with ‘.rpm’ extension and modify permits
find / -xdev -name \*.rpm - search files with ‘.rpm’ extension ignoring removable partitions as cdrom, pen-drive, etc.…
locate \*.ps - find files with the ‘.ps’ extension - first run ‘updatedb’ command
whereis halt -  show location of a binary file, source or man
which halt  - show full path to a binary / executable