Norton blacklisted my website and it is CLEAN!

Norton for a long time used to show clients site as blacklisted, I registered for https://safeweb.norton.com/ and sent a review request........ days passed by with no reply.
Scanned site at sitecheck.sucuri.net which too showed clean but blacklisted at Norton.  
Later found a quick solution on Norton forums :

Submit category change request with WebPulse:

https://sitereview.symantec.com/#/

 Please enter a valid URL for the review process -
> valid URL for review -
https://ecoinsee.org/
> Filtering Service - select 'Norton Safe Web'-
> Your suggested category - 'Select a Category'-
> Comments - add 'Safe Web Orange Caution with 0 Threats'-


After few hours I see the site now clean.


https://safeweb.norton.com/report/show?url=ecoinsee.org

CentOS 7 :: /var/log/messages , cron , secure log files empty

Today I found a cPanel CentOS 7 server with empty log files :

-rw------- 1 root root 0 Aug 18 05:57 cron
-rw------- 1 root root 0 Aug 18 05:57 maillog
-rw------- 1 root root 0 Aug 18 05:57 messages
-rw------- 1 root root 0 Aug 18 05:57 secure

Found a quick solution :

rm -f /var/lib/rsyslog/imjournal.state

service rsyslog restart

Server reboot and service restarts did not help however the above worked..

Voila the logs started working…….

Plesk Onyx 17.8 :: Backup Error :: Errcode: 24 – Too many open files

A recently setup Plesk on CentOS 7 Server was showing errors under Backup manager :

Unable to execute SQL: Out of resources when opening file '/tmp/#sql_5226_0.MYI' (Errcode: 24 - Too many open files). SQL query: SHOW FULL COLUMNS IN `catalogindex_minimal_price`

The MySQL configured was default and showed limits as below :

mysql> show global variables like 'open%';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| open_files_limit | 1000  |
+------------------+-------+
1 row in set (0.00 sec)

mysql>

To raise the limits I had to create a directory and create a configuration file as below :

cd  /usr/lib/systemd/system
mkdir mysql.service.d
cd mysql.service.d/
nano -w override.conf


# cat override.conf
[Service]
LimitNOFILE=5000
#
systemctl daemon-reload
service mysqld restart

Once this was applied the Backups worked fine. You may raise the limits as required.


OpenVZ 7 Upgrade Error !

While upgrading OpenVZ server I got an error as below :

====
--> Finished Dependency Resolution
Error: Package: 10:qemu-kvm-vz-2.9.0-16.3.vz7.8.x86_64 (factory)
Requires: libspice-server.so.1(SPICE_SERVER_0.12.5)(64bit)
You could try using --skip-broken to work around the problem
** Found 1 pre-existing rpmdb problem(s), 'yum check' output follows:
grub2-theme-openvz-1.4-1.vl7.noarch has installed conflicts grub2-theme-openvz: grub2-theme-openvz-1.4-1.vl7.noarch

====

This is a known bug and has been patched by OpenVZ Team and below is the fix :

Update vzlinux-release
yum update vzlinux-release
Enable virtuozzolinux-factory repo – edit /etc/yum.repos.d/vzlinux.repo or launch
yum-config-manager --enable virtuozzolinux-factory
Actually launch “yum update”
yum update

This fixes the bug. 🙂

Reference : https://bugs.openvz.org/browse/OVZ-6924

How to verify matching private key with a certificate

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5
$ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a “one-liner”:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5

Flush DNS cache

This morning I was doing some work with one of my website transfer and to see the changes on my MacBook laptop I knew I would need to flush the DNS cache so I wouldn’t have to wait for the cache to expire.
So for anyone else who needs to know the commands here they are:

OS X <= 10.5.1 (Mac OSX versions 10.5.1 and before)

lookupd -flushcache

OS X >= 10.5.2 (Mac OSX Leopard)

dscacheutil -flushcache

In Linux, the nscd daemon manages the DNS cache. To flush the DNS cache, restart the nscd daemon.

To restart the nscd daemon, use the command

/etc/rc.d/init.d/nscd restart

In Microsoft Windows, you can use the command to flush the DNS resolver cache:

C:\>ipconfig /flushdns

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.
You can also use the command to view the DNS resolver cache.

ipconfig /displaydns

Hope that will help anyone out there who needs to flush their dns cache.

Linux Configuration and Diagnostic Tools



untitled




System and Network Configuration

* linuxconf – A GUI interactive interface available on Redhat 6.0 or later which includes netconf configuration.
* netconf – A GUI interactive interface available on Redhat 6.0 and later.
* kbdconf – A Redhat Linux tool which configures the /etc/sysconfig/keyboard file which specifies the location of the keyboard map file. This is a GUI based tool.
* mouseconfig – A Redhat Linux tool used to configure the /etc/sysconfig.mouse file. This is a GUI tool.
* timeconfig – A Redhat Linux tool used to configure the /etc/sysconfig/clock file. This is a GUI tool used to set timezone and whether or not the clock is set to GMT time.
* kernelcfg – A Redhat kernel configuration utility to be started from X.
* stty – Used to configure and print the console devices.
* setterm – Set terminal attributes.
* vmstat – Report statistics on virtual memory.

X Configuration

* XF86Setup – A newer X configuration program with a GUI interface which modifies the “/etc/X11/XF86Config” configuration file.
* xf86config – An older X configuration program with a text based interface. It also modifies the “/etc/X11/XF86Config” configuration file.
* Xconfigurator – The Redhat tool used during system setup to configure X.
* SuperProbe – A program that probes the video card to determine its type for use with setting up X.
* xvidtune – This program will test video modes on the fly without modification to your X configuration. Read the usr/X11R6/lib/X11/doc/VideoModes.doc file before running this program.

Library and kernel Dependency Management

Library management:
* ldd – Used to determine shared libraries used by binary files. Type “ldd /bin/ls” to see the shared libraries used by the “ls” command.
* ldconfig – Used to update links and cache for system use of the most recent runtime shared libraries.

Kernel Management:

* lsmod – List currently installed kernel modules.
* depmod – Creates a dependency file, “modules.dep” in the directory “/lib/modules/x.x.x”, later used by modprobe to automatically load the relevant modules.
* insmod – Installs a loadable kernel module into the running kernel.
* rmmod – Unloads modules, Ex: rmmod ftape
* modprobe – Used to load a module or set of modules. Loads all modules specified in the file “modules.dep”.

General Diagnostic
System resources

* free – Show system memory availability and usage
* df – Show the amount of disk free space on each mounted filesystem.
* du – Show disk usage
* lspci – List PCI devices
* pnpdump – Lists ISA PNP device resource information.
* vmstat – Reports virtual memory statistics.

Other:

* env – List the current environment variables.
* printenv – Print a copy of the environment.
* set – Shows how the environment is set up. This command can be very useful when debugging the environment.
* runlevel – List the current and previous runlevel.
* uname – Print system information. In my case, it prints “Linux”.
* dmesg – Show the last kernel messages printed during the last boot.

Auto lock your Mac when you walk away

We geeks all have some sort of bluetooth device on us like your Nokia N80 or your new iPhone (which I will be getting and LOVE) so why not take advantage of one of these as a beacon to your computer. With a small application you can set your computer to detect the proximity of your device and perform actions based on when it comes in or goes out of range.

I’m using the free utility Proximity to do the detection. You could even unlock the computer when you come back in range, but I just want it to lock when I walk away since I always forget. With a small AppleScript that’s easy:

tell application “ScreenSaverEngine” to activate

That’s all there is to it and it works great.

#!/bin/bash

I think the number one skill a sysadmin should have is a solid understanding of shells and shell scripting. The Advanced Bash-Scripting Guide is a good place to start or take a refresher. From the introduction:

A working knowledge of shell scripting is essential to anyone wishing to become reasonably proficient at system administration, even if they do not anticipate ever having to actually write a script. Consider that as a Linux machine boots up, it executes the shell scripts in /etc/rc.d to restore the system configuration and set up services. A detailed understanding of these startup scripts is important for analyzing the behavior of a system, and possibly modifying it.

Not to mention I’ll bet every sysadmin is doing some menial tasks over and over again instead of automating or simplifying them with a script. Sometimes you just don’t realize it. For instance, I can’t tell you how many times I’ve typed a loooong find command to recursively set AFS permissions and I just wrote a wrapper to do it with just two parameters the other day. That one script will literally save me minutes each week. Keep at it and you’ll save hours a week.