One of our customer asked me to install and setup software to manage FTP storage via web page. We decided to insall ftp2net free version. I tested it at my testing server and there was no problem at all. At customer server I had problems. Installation went well. But when I tried to log to ftp2net website I received error that connection was refused. I decided to check if Safe mode is on. It was off. Then I checked if PHP restriction allow_url_fopen is on. It was on, so I turned it off. But website still didn’t work. I came to time when I started tcpdump and looked on network interfaces if there is any FTP traffic. There was none. When I tried FTP connection from shell on server, I could connect and I also saw FTP traffic via tcpdump. It was weird. Something blocked initialization of FTP connection for Apache processes.
I found solution after the lunch time 🙂 It was SELinux. It’s security feature for linux kernels. I had to run command:
setsebool -P httpd_can_network_connect 1
This command disables SELinux protection which protected network connection made by httpd/apache processes.
I wanted to spend 10 minutes on this product, but I spent almost half of the day debugging this issue 🙂
Have a nice day,
When you export certificate in Windows with private key, you export it to .pfx file with password. When you want to use this certificate in linux you need to convert pfx file into .crt and .key files. You can use following commands to convert it:
[root@nagios]# openssl pkcs12 -in nagios.pfx -clcerts -nokeys -out nagios.crt
Enter Import Password:
MAC verified OK
[root@nagios]# openssl pkcs12 -in nagios.pfx -nocerts -nodes -out nagios.key
Enter Import Password:
MAC verified OK
Now you have two files .crt and .key which can be used in linux.
That’s all folks,
Sometimes when you work on linux in bash you don’t want to leave commands in bash history (.bash_history). Easy way to clean it up it’s to run following command:
HISTSIZE=0
Now your bash history will be not accessible and not saved when you logoff.
Yesterday called my friend that he wants to migrate one website to his webserver. I’ve created hosting for him and then problem began. When he accessed one .php file browser was “working”, but nothing happened. There was no log about problems on server. Nothing.
So I started to investigate problem. CPU was fine, RAM was fine, disk queue lenght was fine. So I focused on particular .php file. I ran following command:
strace php -f PATH_TO_PHP_FILE
and I saw:
and this was not moving forward. After couple tens of seconds it was moved one line futher. It looks like problem with /dev/random. When I looked into file crypt.class.php
I saw function mcrypt_create_iv() which creates an initialization vector from random source. And that’s it, random source is defined as /dev/random. You can change source by defining second parameter to value MCRYPT_DEV_URANDOM. When I tested it with second parameter set to value MCRYPT_DEV_URANDOM everything worked like it should. Php file was generated normally. When I tried to do cat /dev/random I received some random characters and after couple tens of second I’ve got more random characters:
So this look like slow /dev/random. When I tried cat /dev/urandom my screen was full of random characters. I started to look for differences between /dev/random and /dev/urandom. Some random generator is implemented in linux kernel which generates random bits into entropy pool. When entropy pool is empty, reads from /dev/random will block until additional random bits are generated. Ublocked/non-blocing random source /dev/urandom will not block when entropy pool is empty (it will reuse existing random bits). You can check how many bits are generated in entropy pool by looking into file cat /proc/sys/kernel/random/entropy_avail. More info here.
So how to make faster generation of random bits into entropy pool? There is daemon which can help you out rng-tools. To make it work in Debian you have to do following:
When I started this daemon /dev/random starts generate lots of random characters. 🙂
So this took four hours of my life. I’m working with Linux couple years, but I had no idea between /dev/random and /dev/urandom. I’m smarter now.
Have a nice day,
We had project replacing SAN switches. Customer has one old HP-UX (HP Unix) system. This system is very sensible about SAN changes.
Normal situation
You can see all hardware using command (http://www.bga.org/~lessem/psyc5112/usail/man/hpux/ioscan.1.html):
ioscan -fnC
Read more…
When I want to feel like guru or I just need to use some Unix based utilities in Windows, I used to install http://www.cygwin.com/. It’s cool. But I recently found out that Windows has native support for Unix based applications.
Read more…
Recent Comments