Thursday, December 10, 2009

Find Windows LDAP Schema

Run this command:

adsiedit.msc

Connect to your Server and expand the tree to see it!!

Monday, November 16, 2009

Tuesday, October 27, 2009

View and change the Queue Lifetime in qmail

With this command you can see the Queue-Lifetime:

/var/qmail/bin/qmail-showctl | grep life

this returns the Lifetime in seconds. (Default is 604800 seconds or 7 days)

You can change this value by edit the queuelifetime file in /var/qmail/control:

echo 86400 > /var/qmail/control/queuelifetime

and then restart the Qmail:

/etc/init.d/qmail restart

Wednesday, September 16, 2009

Run windows command line from Ubuntu

Install wmi-client package.

Download the package for Jaunty from here.

Run winexe. For example as follows:

winexe -U DOMAIN/USERNAME //HOST-OR-IP "ipconfig /all".

See the Winexe Website here.

Monday, September 14, 2009

Linux Security Checklist

Disabling Unnecessary Services

ps –ax :will list all currently running processes

ls –l /etc/rc.d/rc3.d/S* :will show all start-up scripts (if you boot into
graphics mode, replace rc3.d with rc5.d)

netstat –a :will list all open ports


Check for Security on Key Files

/etc/fstab: make sure the owner & group are set to root:root and the
permissions are set to 0644 (-rw-r--r--)
• verify that /etc/passwd, /etc/shadow & /etc/group are all owned by 'root'
• verify that permissions on /etc/passwd & /etc/group are rw-r--r-- (644)
• verify that permissions on /etc/shadow are r-------- (400)

Limit root access using SUDO

/etc/sudoers


Only allow root to access CRON


To enhance security of the cron scheduler, you can establish the cron.deny and
cron.allow files to control use of the crontab. The following commands will
establish root as the only user with permission to add cron jobs:

cd /etc/bin/rm -f cron.deny at.deny
echo root >cron.allow
echo root >at.allow
/bin/chown root:root cron.allow at.allow
/bin/chmod 400 cron.allow at.allow


Remote Access and SSH Basic Settings


Telnet is not recommended for remote access. Secure Shell (SSH) provides
encrypted telnet-like access and is considered a secure alternative to telnet.
However, older versions of SSH have vulnerabilities and should not be used.
To disable SSH version 1 and enhance the overall security of SSH, consider
making the following changes to your sshd_config file:

Protocol 2
PermitRootLogin yes
PermitEmptyPasswords no
Banner /etc/issue
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
HostbasedAuthentication no
LoginGraceTime 1m (or less – default is 2 minutes)
SyslogFacility AUTH (provides logging under syslog AUTH)
AllowUser [list of users allowed access]
DenyUser [list of system accounts and others not allowed]
MaxStartups 10 (or less – use 1/3 the total number of remote users)

Note: MaxStartups refers to the max number of simultaneous
unauthenticated connections. This setting can be helpful against a brute-
force script that performs forking.

Apache Security

Verify that your apache subdirectories are all owned by root and have a
mod of 755:

ls -l /etc/apache2



To prevent users from setting up .htaccess files that can override security
features, change the server configuration file to include:

AllowOverride None

To prevent users from accessing the entire filesystem (starting with the root
directory), add the following to your server configuration file:

Order Deny,Allow
Deny from all

To provide access into individual directories, add the following:

Order Deny,Allow
Allow from all

Apache Configuration File

In Apache, the ServerTokens directive allow the system administrator to set different type of Server HTTP response header:

ServerTokens Prod
this is the most restrictive, in our example, apache will respond Server: Apache

ServerTokens Major
responds -> Server: Apache/2

ServerTokens Minor
responds -> Server: Apache/2.0

ServerTokens Min
responds -> Server: Apache/2.0.55

ServerTokens Os
responds -> Server: Apache/2.0.55 (Ubuntu)

ServerTokens Full
responds -> Server: Apache/2.0.55 (Ubuntu) PHP/5.1.4-1.dotdeb.2 mymod1/X.Y mymod2/W.Z

By default, ServerTokens is set to Full. To change that value, edit /etc/apache2/apache2.conf and look for the line containing ServerTokens.

ServerSignature Off


Securing FTP

If you really have to use FTP (without wrapping it with sslwrap or inside a SSL or SSH tunnel), you should chroot ftp into the ftp users' home directory, so that the user is unable to see anything else than their own directory. Otherwise they could traverse your root file system just like if they had a shell in it. You can add the following line in your proftpd.conf in your global section to enable this chroot feature:

     DefaultRoot ~

Restart ProFTPd by /etc/init.d/proftpd restart and check whether you can escape from your homedir now.

To prevent ProFTPd DoS attacks using ../../.., add the following line in /etc/proftpd.conf: DenyFilter \*.*/

Thursday, September 10, 2009

iscsicli Examples

The original Link is here.

Users\john>sc config msiscsi start= auto

The output was:

[SC] ChangeServiceConfig SUCCESS

Then I entered:

Users\john>net start msiscsi

The output was:

The Microsoft iSCSI Initiator Service service is starting.
The Microsoft iSCSI Initiator Service service was started successfully.

Then, you use the Iscsicli command-line interface to connect to an iSCSI Target and list the available targets. The command I entered was:

Users\john>iscsicli QAddTargetPortal 192.168.1.31

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
The operation completed successfully.

Next I entered:

Users\john>iscsicli ListTargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Targets List:
quorum
data
The operation completed successfully.

You can then connect to a target using the following code as an example:

Users\john>iscsicli qlogintarget data

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
Session Id is 0xfffffa800626e018-0x4000013700000006
Connection Id is 0xfffffa800626e018-0x5
The operation completed successfully.

The following code checked to make sure the operation was successful:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Total of 1 mappings returned
Session Id : fffffa800626e018-4000013700000006
Target Name : data
Initiator : Root\ISCSIPRT\0000_0
Initiator Scsi Device : \\.\Scsi4:
Initiator Bus : 0
Initiator Target Id : 0
Target Lun: 0x0 <--> OS Lun: 0x0

The operation completed successfully.

You log out by using the logouttarget switch with the session ID, as the following sample code shows:

Users\john>iscsicli logouttarget fffffa800626e018-4000013700000006

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm the operation was successful, I entered the following code:

Users\john>iscsicli reporttargetmappings

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

No Mappings
The operation completed successfully.

The mappings obtained through the qlogintarget command aren’t persistent and will be lost at reboot. If you want a persistent connection, use the perssitenlogintarget switch, as the following code shows:

Users\john>iscsicli persistentlogintarget 
data
T * * * * * * * * * * * * * * * 0

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm that the operation was successful, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

Total of 1 peristent targets
Target Name : data
Address and Socket : 192.168.1.31 3260
Session Type : Data
Initiator Name : Root\ISCSIPRT\0000_0
Port Number :
++Security Flags : 0x0
++Version : 0
++Information Specified: 0x20
++Login Flags : 0x8
++Username :

The operation completed successfully.

Entering T * * * * * * * * * * * * * * * 0 specifies all the required switches. To remove a persistent target, apply the information obtained from the listpersistentargets command, using the following code as an example:

Users\john>iscsicli removepersistenttarget Root\ISCSIPRT\0000_0 
data
* 192.168.1.31 3260

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000 

The operation completed successfully.

To confirm the success of the operation, I entered:

Users\john>iscsicli listpersistenttargets

The output was:

Microsoft iSCSI Initiator Version 6.0 Build 6000
Total of 0 peristent targets
The operation completed successfully.

You'll notice that I passed the initiator name first, then the target name, the port number (which is *), and last of all the iSCSI target server IP address and socket.

Wednesday, September 9, 2009

Use Ubuntu ISCSI in Windows

Install the packages:

apt-get install libssl-dev
apt-get install iscsitarget

Edit /etc/default/iscsitarget and set:

ISCSITARGET_ENABLE=true

Make a new Partition or new disk, for Example /dev/sda3.

Edit /etc/ietd.conf:

change this line:
Lun 0 Path=/dev/sda3,Type=fileio

Restart the iscsitarget service:

/etc/init.d/iscsitarget restart

Use iscsi:

Windows:

Run iscsi-initiator, add the Ubuntu machine IP in Discovery tab, under Target Portals.

Connect to iscsi by pressing Log On, in Target tab. Close the iscsi-initiator.

Add iscsi Partition in Windows Partitions same as a new partition.


Linux:


run this command:

iscsiadm -m discovery -t st -p IP-FOR-ISCSI-TARGET

The informations of nodes are saving in /etc/iscsi/nodes.

Then run this:

iscsiadm -m node --targetname "UNIQUE-NAME-OF-TARGET" --portal "IP-FOR-ISCSI-TARGET:3260" --login


You can Mount the new device. See fdsik -l

Friday, September 4, 2009

Shutdown Computer Remotely

You can shut down from one Windows another Windows remotely:
in command prompt type:

c:/> shutdown -m \\COMPUTERNAME /s (/r for restart)


From Linux:
net rpc shutdown -I HOSTNAME(OR IP) -U USERNAME%PASSWORD

Friday, July 31, 2009

Pass Password to SSH Command

Install sshpass (Debian Package).

run ssh command as follow:

sshpass -p [yourpassword] ssh [yourusername]@[host]

Thursday, July 23, 2009

Find Windows XP Administrator Password

First reboot your windows with a Linux-Live CD such as ubuntu.

Take two files SAM and SYSTEM under folder WINDOWS\SYSTEM32\CONFIG.

With Rainbow Tables (for example OPHCRACK) you can find very fast the Password.

This HOW-TO tells you how to install OPHCRACK in Ubuntu:

HOW-TO INSTALL OPHCRACK ON Ubuntu

Ubuntu - Install all dependecies for a package

Run this command:

apt-get build-dep PACKAGE_NAME

Wednesday, July 15, 2009

Search and Replace in bash

#!/bin/bash
origvar="This is the original string";
replvar=${origvar//original/changed};
replvar=${replvar//string/result.};
echo "replvar==\"${replvar}\".";
echo "this should now state \"This is the changed result.\".";

Import Domain from Plesk 7 to Plesk 9

run in Plesk 7 this command:

/usr/local/psa/bin/pleskbackup -v domains DOMAIN.NAME /tmp/FILENAME

copy FILENAME to plesk 9 (for example tmp directory).

Add same Customer and domain in plesk 9.

Convert the Backup:

/usr/local/psa/bin/pre9-backup-convert -v convert -d /var/lib/psa/dumps/ /tmp/FILENAME

this command makes a XML file under /var/lib/psa/dumps/domains/DOMAIN.NAME

import the domain:

/usr/local/psa/bin/pleskrestore --restore /var/lib/psa/dumps/domains/DOMAIN.NAME/converted_DOMAIN.NAME_info_xxxxxxxxxx.xml -level domains

Wednesday, July 8, 2009

How to switch from Qmail to Postfix and vice versa?

You may run the following command to switch MTA to Postfix:

Code:

/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component postfix
and for switching to Qmail:

Code:

/usr/local/psa/admin/sbin/autoinstaller --select-release-current --install-component qmail

Friday, June 5, 2009

Change Crontab Editor

In .bashrc add this line:

export EDITOR=/usr/bin/vim

or each editor you would have!

Thursday, June 4, 2009

Exmerge error: "Store 'MSPST MS' was not opened."

I was running an Exchange Server in English and then tried to move the accounts using exmerge to one in German when I ran into this error. After much reading I came accross this website: http://technet.microsoft.com/en-us/library/bb124178.aspx which states:

"Store 'MSPST MS' was not opened Store 'MSEMS' was not opened

The Store 'MSPST MS' was not opened or Store 'MSEMS' was not opened errors might be seen in the ExMerge log file (ExMerge.log) after merging data from the recovery storage group has failed. These errors typically indicate a language localization mismatch problem. The errors can usually be resolved by entering the correct localized names for the MAPI services on which ExMerge depends.

  1. In the ExMerge.ini file that is bundled with the ExMerge tool, find the LoggingLevel line and set its value to 3 instead of 0. This enables verbose logging of ExMerge errors.

  2. Run ExMerge again to generate the error condition again. To reduce the output to the log file, select only a single mailbox to merge.

  3. In the ExMerge.log file, find the lines that begin with "Checking service" and that are followed by a "was not opened" error. For example:

    [15:02:19] Checking service 'Microsoft Exchange Message Store'
    [15:02:19] Checking service 'Personal Folders'
    [15:02:19] Store 'MSPST MS' was not opened.
    [15:02:19] Ending Routine: EDKRoutines::OpenStores)
  4. In the ExMerge.ini file, find LocalisedExchangeServerServiceName and remove the semicolon (;) that precedes the line. Then set the value to the service name displayed in the ExMerge.log file. For example:

    LocalisedExchangeServerServiceName = Microsoft Exchange Message Store
  5. In the ExMerge.ini file, find LocalisedPersonalFoldersServiceName and remove the semicolon (;) that precedes the line. Then set the value to the service name displayed in the ExMerge.log file. For example:

    LocalisedPersonalFoldersServiceName = Personal Folders


So, simply find the localised names and remove the ';' from the one you need to use. For example, in my case I needed spanish so I removed it from the Spanish one and here is what I ended up with:

; French
;LocalisedPersonalFoldersServiceName=Dossiers personnels
; Spanish
LocalisedPersonalFoldersServiceName=Carpetas personales
; German
;LocalisedPersonalFoldersServiceName=Persönliche Ordner
; Italian
;LocalisedPersonalFoldersServiceName=Cartelle personali

From the looks of it, you will run into issues if you are using ExMerge for a French, Spanish, German or Italian system. Hope this helps!

Wednesday, May 27, 2009

Reset VTIGER Admin password

If you can get access to the database, try changing the user_password field value in vtiger_users table to:

adpexzg3FUZAk which makes the password as admin

mysql> update vtiger_users set user_password='adpexzg3FUZAk' where user_name='admin' ;


You will also need to set the crypt_type field of vtiger_users to blank (empty value) if you are on 5.0.4 and above.update

mysql> vtiger_users set crypt_type='' where user_name='admin' ;


Now the password for "admin" is "admin"!

NOTE: Once you login make sure to update the password to a secure one through 'My Preferences' link.

Wednesday, May 20, 2009

Ubuntu Encrypted directory with EncFS

Install the ENCFS package:

apt-get install encfs fuse-utils

modprobe fuse


Make the directory where encrypted data will be stored:

mkdir /encrypted

Make a mount point:

mkdir /temp-encr

use encfs with this directories:

encfs /encrypted /temp-encr

enter your Password.

for avoid the others to access the encrypted data, just unmount the folder:

fusermount -u /encrypted /temp-encr

In encrypted folder only "Encrypted Data" could be seen.

If you want to encrypt a directory on your fileserver and have the decrypted mountpoint accessible by Linux or Windows clients via Samba, you need to modify your setup slightly to permit "other" access to the Fuse device.

First, modify the /etc/fuse.conf file so that the last line "user_allow_other" does NOT have a leading hash. Save and exit.

Next, add an option to your EncFS mount command:

encfs /encrypted /temp-encr -- -o allow_other

Thursday, May 14, 2009

Mysql - Change Root Password

First stop the Mysql:

/etc/init.d/mysql stop

run this command to start Mysql again:

mysqld_safe –skip-grant-tables

Go to mysql:

mysql -u root mysql

and run this command in Mysql:

mysql> UPDATE user SET Password=PASSWORD('newrootpassword') WHERE User='root';

then this command:

mysql> FLUSH PRIVILEGES;

exit Mysql:

mysql> exit ;

Stop the mysqld service:

killall mysqld

and start that normally:

/etc/init.d/mysql start

That's all.

Tuesday, May 12, 2009

Solaris Remote Console (XDMCP)


vi /etc/default/login


and comment this line with # symbole:

Console=/dev/console

Solaris Shell Profile

Type the following in terminal:

su -
stty erase ^H
TERM=vt100
export TERM
exec tcsh -l
eval `/usr/openwin/bin/resize -c`

Now, type in:

passwd -e

as the new shell, type in “/bin/tcsh”. Your default shell has now been changed to the Tenex C-shell; it can do everything bash can.

Don’t modify root’s SHELL.

type in “exit
type in “exit” again, then log in.

Create and edit the following files with your preferred text editor:

vi /.login

add this line:

stty erase ^H


vi /.cshrc

add these lines:

set Resize="/usr/openwin/bin/resize"

set autolist
set notify
set correct=cmd
set prompt="[%B%n@%m%b][%B%~%b]> "
set savehist=7000

eval "$Resize" -c

setenv TERM vt100
setenv PAGER ´less -s´

Anyways, now your cursor keys and the [BACKSPACE] will always work properly

Thursday, May 7, 2009

Debian Root-Mail Forwarding

In /root/.forward give your email address.

For forwarding www-data emails to root, open the /etc/aliases and add this line:

www-data: root

Wednesday, March 25, 2009

Debian Lenny Fonts

My Fonts in Debain desktop war not correct.
I ran the following command:

dpkg-reconfigure fontconfig-config

and answer all question with yes.

Now everything is OK.

Monday, March 9, 2009

Remove Permission from User on Public Folder in Exchange Server 2007

Run this command from ExchangeServerManagerShell:

Add-PublicFolderClientPermission -Identity \FOLDERNAME -AccessRights None -User USERNAME

Thursday, March 5, 2009

Let's the image flying

Open a web page by IE ( the page must have image) and then in address bar copy and paste this java script:

javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.images; DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=Math.sin(R*x1+i*x2+x3)*x4+x5; DIS.top=Math.cos(R*y1+i*y2+y3)*y4+y5}R++}setInterval('A()',5); void(0);

:)

Thursday, February 19, 2009

Mysql - Minimize Master-Slave Traffic during replication

Put to the my.cnf:

slave_compressed_protocol=ON

or you can change this value in the run time in mysql with:

SET global slave_compressed_protocol=OFF;

Wednesday, February 18, 2009

Installing Windows 2000 on eee-PC

I have been reading a couple of posts saying how people got the blue screen of death while trying to install Win2k.

If you don't have win2k sp4, the thing will crash. I think sp4 has some files that support booting/installing from usb external devices.

That's it! Please install win2k with sp4!!

Wednesday, February 11, 2009

Ramfs on Ubuntu

Make a new folder for mount, for example:

mkdir /mnt/ramdisk

then run this command:

mount -t ramfs RAMDISK /mnt/ramdisk -o maxsize=1024000

That's all!

Tuesday, February 10, 2009

How to reset gnome-panel to default in Ubuntu/GNOME2

Remove ~/.gconf/apps/panel or just move the folder elsewhere if you want to back it up.

Log out of GNOME, then back in.

MYSQL - Too many connections

You might have a user with SUPER privilege.

grant Super, Processlist on *.* to admin identified by 'PASSWORD' ;

Connect with that user to Mysql and change the Max_connection variable Online:

set Global max_connections=XXX ; (XXX is a new Value)

Or you can Kill the process(es) ;

show processlist ;

Kill PROC_NO ;

Thursday, February 5, 2009

Activate SSH on VMware Server ESX 3i

Boot your ESXi server, wait for it to finish loading, and then do the following:

1. ALT-F1 to change to the main console.

2. Type 'unsupported' (you will not be able to see what you're typing).

3. When prompted, enter the root user's password.

4. Type: vi /etc/inetd.conf

5. Find the line that begins with #ssh

6. Cursor over the first 's' and press the 'i' key (for insert mode)

7. Press backspace

8. Press ESC

9. Type SHIFT+colon (:) and then 'wq!' to write and exit.

10. Type 'ps | grep inetd' to find the inetd process

11. Send the hangup signal to the process ID output from step 10 with:

kill -s HUP

12. You can now SSH into your ESXi server.

Wednesday, January 28, 2009

Ubuntu Number of Files

With help of this command you could find the number of open files by each program:

lsof -n|grep -oE '^[a-z]+'|sort|uniq -c|sort -n

This command shows the Resources limitaions and number of fails:

cat /proc/user_beancounters

Wednesday, January 14, 2009

Winscp and ssh user with jail for Website

Look at this very useful page:

http://www.fuschlberger.net/programs/ssh-scp-sftp-chroot-jail

Download make_chroot_jail.sh from there,

and add in the line useradd ... the desired group (e.g.: -g www-data).

Then run script as follows:

./make_chroot_jail.sh USERNAME /var/www/vhosts/YOURDOMAIN.COM/.bashrc /var/www/vhosts/YOURDOMAIN.COM


Change the access rights for desired folder(s):

chown 775 /var/www/vhosts/YOURDOMAIN.COM/htdocs -R

That's all!

Webpage Password Protection (.htaccess)

Edit the .htaccess file and add these lines to it:

AuthName "Member's Area Name"
AuthUserFile /full/path/to/.htpasswd
AuthType Basic
require valid-user

Change the file mode:

chmod 755 .htaccess

Go to this site http://www.kxs.net/support/htaccess_pw.html and generate your encrypted password.

Copy and paste it to .htpasswd file (It's recommended that, you create this file in another directory).

Go to web page, you must give your username and password to enter it!

Mysql Performance Tuning - 1

Command: mysqladmin -u root -p extended

The values making most sense to monitor are:

Slave_running: If the system is a slave replication server, this is an indication of the slave's health.
Threads_connected: The number of clients currrently connected. This should be less than some preset value (like 200), but you can also monitor that it is larger than some value to ensure that clients are active.
Threads_running: If the database is overloaded you'll get an increased number of queries running. That also should be less than some preset value (20?). It is OK to have values over the limit for very short times. Then you can monitor some other values, when the Threads_running was more than the preset value and when it did not fall back in 5 seconds.
Aborted_clients: The number of clients that were aborted (because they did not properly close the connection to the MySQL server). For some applications this can be OK, but for some other applications you might want to track the value, as aborted connects may indicate some sort of application failure.
Questions: Number of queries you get per second. Also, it's total queries, not number per second. To get number per second, you must divide Questions by Uptime.
Handler_*: If you want to monitor low-level database load, these are good values to track. If the value of Handler_read_rnd_next is abnormal relative to the value that you normally would expect, it may indicate some optimization or index problems. Handler_rollback will show the number of queries that have been rolled back. You might want to wish to investigate them.
Opened_tables: Number of table cache misses. If the value is large, you probably need to increase table_cache. Typically you would want this to be less than 1 or 2 opened tables per second.
Select_full_join: Joins performed without keys. This should be zero. This is a good way to catch development errors, as just a few such queries can degrease the system's performance.
Select_scan: Number of queries that performed a full table scan. In some cases these are OK but their ratio to all queries should be constant. if you have the value growing it can be a problem with the optimizer, lack of indexes or some other problem
Slow_queries: Number of queries longer than --long-query-time or that are not using indexes. These should be a small fraction of all queries. If it grows, the system will have performance problems.
Threads_created: This should be low. Higher values may mean that you need to increase the value of thread_cache or you have the amount of connections increasing, which also indicates a potential problem.

Command: mysqladmin -u root -p processlist

You can get the number of threads connected and running by using other statistics, but this is a good way to check how long queries that are running take. If there are some very long-running queries (e.g. due to being badly formulated) the admin should be informed. You might also want to check how many queries are in "Locked" state - these are not counted as running but are inactive, i.e. a user is waiting on the database to respond.

Command: mysql -u root -p -e "SHOW INNODB STATUS"

This statement produces a great deal of information, from which you should extract the parts in which you are interested. The first thing you need to check is: "Per second averages calculated from the last xx seconds". InnoDB rounds stats each minute.

Pending normal aio reads: These are InnoDB IO request queue sizes. If they are bigger than 10-20 you might have some bottleneck.
reads/s, avg bytes/read, writes/s, fsyncs/s: These are IO statistics. Large values for reads/writes means the IO subsystem is being loaded. Proper values for these depend on your system configuration.
Buffer pool hit rate: The hit rate also depends a lot on your application. Check your hit rate, when there are problems.
inserts/s, updates/s, deletes/s, reads/s: These are low level row operations that InnoDB does. You might use these to check your load if it is in expected range.


You can examine the state of the cache from the mysql command line:

mysql> show status like 'qcache%';

+-------------------------+----------+
| Variable_name | Value |
+-------------------------+----------+
| Qcache_free_blocks | 9990 |
| Qcache_free_memory | 34431360 |
| Qcache_hits | 2165383 |
| Qcache_inserts | 461500 |
| Qcache_lowmem_prunes | 113692 |
| Qcache_not_cached | 1894 |
| Qcache_queries_in_cache | 28203 |
| Qcache_total_blocks | 66628 |
+-------------------------+----------+
8 rows in set (0.00 sec)

Here we can see that there have been 2 million cache hits and that about half of the allocated cache is still available (free_memory). The cache has been flushed (lowmem_prunes), so it might be useful to increase the value of cache_size in my.cnf slightly.

Tuesday, January 13, 2009

Change Crontab Editor

Temporary:
env EDITOR=vim crontab -e


Permanently:

add this line in ~/.bashrc:

export EDITOR=vim

Apache Tuning

Links:

(Apache)
http://phplens.com/phpeverywhere/tuning-apache-php
http://httpd.apache.org/docs/1.3/misc/perf-tuning.html
http://perl.apache.org/docs/1.0/guide/performance.html#the_crashme_Script
http://tldp.org/LDP/LGNET/123/vishnu.html
http://www.perlcode.org/tutorials/apache/tuning.html
http://drupal.org/node/215516

(PHP)
http://phplens.com/lens/php-book/optimizing-debugging-php.php

Apache is configured using the httpd.conf file. The following parameters are particularly important in configuring child processes:

Directive

Default

Description

MaxClients

256

The maximum number of child processes to create. The default means that up to 256 HTTP requests can be handled concurrently. Any further connection requests are queued.

StartServers

5

The number of child processes to create on startup.

MinSpareServers

5

The number of idle child processes that should be created. If the number of idle child processes falls to less than this number, 1 child is created initially, then 2 after another second, then 4 after another second, and so forth till 32 children are created per second.

MaxSpareServers

10

If more than this number of child processes are alive, then these extra processes will be terminated.

MaxRequestsPerChild

0

Sets the number of HTTP requests a child can handle before terminating. Setting to 0 means never terminate. Set this to a value to between 100 to 10000 if you suspect memory leaks are occurring, or to free under-utilized resources.

For large sites, values close to the following might be better:

MinSpareServers 32

MaxSpareServers 64

Apache on Windows behaves differently. Instead of using child processes, Apache uses threads. The above parameters are not used. Instead we have one parameter: ThreadsPerChild which defaults to 50. This parameter sets the number of threads that can be spawned by Apache. As there is only one child process in the Windows version, the default setting of 50 means only 50 concurrent HTTP requests can be handled. For web servers experiencing higher traffic, increase this value to between 256 to 1024.

Other useful performance parameters you can change include:

Directive

Default

Description

SendBufferSize

Set to OS default

Determines the size of the output buffer (in bytes) used in TCP/IP connections. This is primarily useful for congested or slow networks when packets need to be buffered; you then set this parameter close to the size of the largest file normally downloaded. One TCP/IP buffer will be created per client connection.

KeepAlive [on|off]

On

In the original HTTP specification, every HTTP request had to establish a separate connection to the server. To reduce the overhead of frequent connects, the keep-alive header was developed. Keep-alives tells the server to reuse the same socket connection for multiple HTTP requests.

If a separate dedicated web server serves all images, you can disable this option. This technique can substantially improve resource utilization.

KeepAliveTimeout

15

The number of seconds to keep the socket connection alive. This time includes the generation of content by the server and acknowledgements by the client. If the client does not respond in time, it must make a new connection.

This value should be kept low as the socket will be idle for extended periods otherwise.

MaxKeepAliveRequests

100

Socket connections will be terminated when the number of requests set by MaxKeepAliveRequests is reached. Keep this to a high value below MaxClients or ThreadsPerChild.

TimeOut

300

Disconnect when idle time exceeds this value. You can set this value lower if your clients have low latencies.

LimitRequestBody

0

Maximum size of a PUT or POST. O means there is no limit.

If you do not require DNS lookups and you are not using the htaccess file to configure Apache settings for individual directories you can set:

# disable DNS lookups: PHP scripts only get the IP address

HostnameLookups off

# disable htaccess checks

AllowOverride none

If you are not worried about the directory security when accessing symbolic links, turn on FollowSymLinks and turn off SymLinksIfOwnerMatch to prevent additional lstat() system calls from being made:

Options FollowSymLinks

#Options SymLinksIfOwnerMatch


MaxClients:

You can, and should, control the MaxClients setting so that your server does not spawn so many children it starts swapping. The procedure for doing this is simple: determine the size of your average Apache process, by looking at your process list via a tool such as top, and divide this into your total available memory, leaving some room for other processes.


MaxRequestsPerChild:

when using PHP's persistent database connections: don't set MaxRequestsPerChild too high so idle resources are released quickly

Tools:

http://2bits.com/articles/tools-for-performance-tuning-and-optimization.html

HTTPERF:
ftp://ftp.hpl.hp.com/pub/httperf/

ab (Apache Benchmark)


PHP:

Enable the compression of HTML by putting in your php.ini:

output_handler = ob_gzhandler

Tuesday, January 6, 2009

Mysql Multiple Instance

Add mysqld_admin part in /etc/mysql/my.cnf:

[mysqld_multi]
mysqld = /usr/bin/mysqld_safe
mysqladmin = /usr/bin/mysqladmin
user = multi_admin
password = multi

Add new instance parameters:

[mysqld3]
socket = /var/run/mysqld/mysql3.sock
port = 3308
pid-file = /var/run/mysqld/mysql3.pid
datadir = /var/lib/mysql/data3
language = /usr/share/mysql/english
server-id = 5

Build new Data directory:

mysql_install_db --user=mysql --ldata=/var/lib/mysql/data3

Restart mysql server:

/etc/init.d/mysql restart

Start new instance:

mysqld_multi start 3

Check that is runing:

mysqld_multi report 3

Set the root password for new instance:

mysqladmin -uroot password "NEWPASSWORD" -S /var/run/mysqld/mysql3.sock

Check new instance is available:

mysql -uroot -p -S /var/run/mysqld/mysql3.sock