Author Archives: Ivan

Shell Script to check system load and send e-mail

This script can check the sytem load with cronjob and send email or even SMS if the load is too high. Anyway I preffer using monit. Tested with ubuntu.

#!/bin/bash
#Load Monitor - sends email when the sytem load reach 5.00, and sms when reach 9.
#first {print$10} check for the last 5 min load, replace with 9 to check for 1 min and 11 for 15 min.

LOAD=`uptime | tr ' ' ' ' | awk '{print$10}' | tr '.' ' ' | awk '{print$1}'`

if [ $LOAD -ge "2" ];
then
    echo "High Load: $LOAD" | mail -s "Load Alert" your@email.com
fi

if [ $LOAD -ge "5" ];
then
    echo "High Load: $LOAD" | mail -s "Load Alert" yourphonenumber@sms.mtel.net
fi

Shell backup script

Script to backup the web dorectory and mysql databases. Tested on ubuntu with cronjob every week.

#!/bin/bash
#=======================================================================================================================
# VPS Backup Script by Ivan Denkov
#=======================================================================================================================
DATE=$(date +"%Y-%m-%d")
MYSQLDUMP="$(which mysqldump)"
TAR="$(which tar)"
PASS="MySQLPSWD"
DIR="/home/backups"
DBS=`mysql -u root -h localhost -p$PASS -e"show databases"`
UPTIME=`uptime`
FREEHD=`df -h`

#This will remove files older than 35 days
find $DIR/* -mtime +35 -exec rm -rf {} \;

$TAR -cvf $DIR/Backup-$DATE.tar /var/www
for DATABASE in $DBS
do
if [ $DATABASE != "Database" ]; then
FILENAME=$DATABASE
$MYSQLDUMP -u root -h localhost -p$PASS $DATABASE > $DIR/$FILENAME.sql
$TAR -rvf $DIR/Backup-$DATE.tar $DIR/$FILENAME.sql
fi
done

#Remove dumped .sql in the folder
rm -rf $DIR/*.sql

sleep 40

#send me e-mail when done
echo "Email Body - Back Up completed at date $DATE, or maybe not!? Let see the statistic \n\n $UPTIME \n\n  $FREEHD" | mail -s "Email Subject - Back UP $DATE" your@email.com

Kill and Logout users in pts/* Linux

As a  Linux administrator you may need to force logout and kill a specific user, or an active user in pts/0 pts/1 pts/3 etc. Also this tutorial will work in most linux distros.
First of all display the out put of “w” command.

[root@server ~#]w
18:08:30 up 3:54, 3 users, load average: 0.05, 0.02, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/0 192.168.10.100 14:15 0.00s 0.05s 0.01s w
james pts/1 192.168.10.100 18:07 50.00s 0.02s 0.02s -bash
james pts/2 10.10.20.23 18:07 39.00s 0.02s 0.02s -bash

Here the user “james” is logged in from two different machines. And you need to force logout and kill the user “james” logged in from ip: 192.168.10.100 (pts/1)

use the below command

[root@server ~#]skill -KILL -v pts/1

This command will force logout and kill the user in pts/1. and the same user logged in pts/2 will not be logged out.

If need to kill a users all the connected sessions at once

[root@server ~#]skill -KILL -u james

(this will kill both pts/1 and pts/2 cessions)

To STOP/PAUSE a user’s activities

[root@server ~#]skill -STOP -u james

To RESUME a stopped user

[root@server ~#]skill -CONT -u james

Edit

There is some bug in recent Debian(7) and distros based on them like Ubuntu, which will make the command

skill -KILL -v pts/1

do nothing

What you can do in such case is to get the PID of the terminal you want to kill with

 skill -i -t pts/1

it will return something like

pts/1    root     27933 bash               ?

Just kill it –

kill 27933

Blank Widget

This example widget code, place the code in separate file, then include it in finctions.php like that:

require( get_template_directory() . '/menu-widget.php' );

Register the widget(match the class names!)-

    function register_my_widget() {  
        register_widget( 'example_widget' );  
    }  

And call the widget:

add_action( 'widgets_init', function(){
     register_widget( 'My_Widget' );
});

And here it comes the widget code:

<?php
/**
 * Example Widget Class
 */
class example_widget extends WP_Widget {
 
 
    /** constructor -- name this the same as the class above */
    function example_widget() {
        parent::WP_Widget(false, $name = 'Example Text Widget');	
    }
 
    /** @see WP_Widget::widget -- do not rename this */
    function widget($args, $instance) {	
        extract( $args );
        $title 		= apply_filters('widget_title', $instance['title']);
        $message 	= $instance['message'];
        ?>
              <?php echo $before_widget; ?>
                  <?php if ( $title )
                        echo $before_title . $title . $after_title; ?>
							<ul>
								<li><?php echo $message; ?></li>
							</ul>
              <?php echo $after_widget; ?>
        <?php
    }
 
    /** @see WP_Widget::update -- do not rename this */
    function update($new_instance, $old_instance) {		
		$instance = $old_instance;
		$instance['title'] = strip_tags($new_instance['title']);
		$instance['message'] = strip_tags($new_instance['message']);
        return $instance;
    }
 
    /** @see WP_Widget::form -- do not rename this */
    function form($instance) {	
 
        $title 		= esc_attr($instance['title']);
        $message	= esc_attr($instance['message']);
        ?>
         <p>
          <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label> 
          <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo $title; ?>" />
        </p>
		<p>
          <label for="<?php echo $this->get_field_id('message'); ?>"><?php _e('Simple Message'); ?></label> 
          <input class="widefat" id="<?php echo $this->get_field_id('message'); ?>" name="<?php echo $this->get_field_name('message'); ?>" type="text" value="<?php echo $message; ?>" />
        </p>
        <?php 
    }
 
 
} // end class example_widget
add_action('widgets_init', create_function('', 'return register_widget("example_widget");'));
?>


You can use ultimate posts widget to display posts – ultimate-posts-widget.1.8.1

ALFA AWUS036H Set to max power

Vivek’s video is here.

This video discusses the Alfa card in some detail. The frequency range the card operates on depends on your country. This limits which channels can be used, and the transmission power. Vivek shows us how to change the current country so as to increase the number of channels available and transmit power.

0. Start backtrack, leave the alfa card disconnected.

1. Monitor kernel messages in one terminal:

tail -f /var/log/messages

2. Plug in you alfa card.

3. You should see lines in your kernel messages that read:

cfg80211: Calling CRDA to update world regulatory domain
cfg80211: World regulatory domain updated:
cfg80211:      (start_freq - end_freq @ bandwidth), (max_antenna_gain, max eirp)
cfg80211:      (2402000 KHz - 2472000 KHx @ 40000 KHz), (300 mBi, 2000 mBm)
...

You can check these frequency ranges against the Wifi frequency table (wikipedia).

Transmit power is measured in dBm. 30dBm = 1W.

https://www.rapidtables.com/convert/power/dBm_to_mW.htm

The table in kernel messages show EIRP (effecive isotropic radiated power). It’s a measure of the effective transmit power of a device calculated as:

EIRP = Transmit Power (in dBm) + Antenna Gain (in dBi) – Cable loss (in dBm)

4. Bring up the alfa card, and select channel 1.

Open another terminal and enter the following:

	
ifconfig wlan0 up
iwconfig wlan0 channel 1
iwconfig

In the iwconfig output you should see that the frequency is listed as 2.412GHz and it’s transmiting at 20 dBm.

5. Change the transmit power of the card:

iwconfig wlan0 txpower 30

You’ll notice if you try this you get an error as follows:

	
Error for wireless request "Set Tx Power" (8B26) :
    SET failed on device wlan0 ; Invalid argument.

However, we can switch our card between regulatory domains:

	
ifconfig wlan0 down
iw reg set US
ifconfig wlan0 up

Look at your kernel message terminal. You should see that the regulatory domain has change to the US. And that the eirp has change to 2700 mBm for channel 1.

Try changing the power again:

	
iwconfig wlan0 txpower 27

However if you setting the power beyond 27 you’ll still receive and error. Setting a channel of 12 or above will also cause the following error:

	
Error for wireless request "Set Frequency" (8B04)
    SET failed on device wlan0 ; Invalid argument.

The least restrictive countries are BO and BZ. You can set these are before as:

	
ifconfig wlan0 down
iw reg set BO
ifconfig wlan0 up
iwconfig wlan0 channel 13
iwconfig wlan0 txpower 30

You should receive no errors. However you should be aware that using the card in this manner may be illegal in your country.

Update: You will have to perform these steps each time you power on your VM or physical device. You can toss the below script in your init.d dir so you wont need to remember. Again, not my work, just placing here for quick reference.

    #!/bin/bash
    ##iw reg set <your-country-code>
    iw reg set <insert-your-country-code-here-in-CAPITAL-LETERS>All country codes are in ‘CAPITAL LETTERS’

save & close text edoter

then put it in the /etc/init.d/ directory.

So in a terminal enter

    sudo cp ~/Desktop/setwirelesscountrycode.sh /etc/init.d/
    Then make the file you created executable.e.g.
    sudo chmod +x /etc/init.d/setwirelesscountrycode.sh To set it to run on startup
    sudo update-rc.d /etc/init.d/setwirelesscountrycode.sh defaults note ‘defaults’ puts a link to start ‘/etc/init.d/setwirelesscountrycode.sh’ in run levels 2, 3, 4 and 5. and puts a link to stop ‘/etc/init.d/setwirelesscountrycode.sh’ into run levels 0, 1 and 6.

Speed up PHP with APC on Ubuntu 10.04LTS

Ubuntu 10.04 LTS makes it quite simple to set up a basic LAMP server using tasksel; however, the default PHP set up does not include APC, the Alternative PHP Cache, which speeds up many PHP applications like Drupal. In the past, setting up APC involved using PECL or installing from source, but with Ubuntu Lucid, the process has been simplified using apt-get.

First, let me identify my demo system. It is running Ubuntu 10.04 LTS Lucid and has been patched to the latest version:

$ uname -a
Linux demo 2.6.32-24-generic #43-Ubuntu SMP Thu Sep 16 14:17:33 UTC 2010 i686 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 10.04.2 LTS
Release:	10.04
Codename:	lucid
$ sudo apache2ctl status | grep "Server Version"
Server Version: Apache/2.2.14 (Ubuntu) PHP/5.3.2-1ubuntu4.7 with Suhosin-Patch
$ apt-cache show php-apc | grep Version
Version: 3.1.3p1-2

Ubuntu has added a Debian package into universe that allows APC to be added to any system quite easily:

$ sudo apt-get install php-apc
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  php5-gd
The following NEW packages will be installed:
  php-apc
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/77.2kB of archives.
After this operation, 217kB of additional disk space will be used.
Selecting previously deselected package php-apc.
(Reading database ... 28911 files and directories currently installed.)
Unpacking php-apc (from .../php-apc_3.1.3p1-2_i386.deb) ...
Processing triggers for libapache2-mod-php5 ...
 * Reloading web server config apache2
   ...done.
Setting up php-apc (3.1.3p1-2) ...

Note: You must restart the web server to begin using APC

$ sudo apache2ctl graceful

Out of the box (er…package), APC has some sane defaults. If you are “a serious user,” you will want to change your configuration yourself. Seriously, that is what the documentation says:

    …serious users should consider tuning the following parameters…

To tweak your very serious APC installation, you can change the settings manually (using vim):

$ sudo vim /etc/php5/conf.d/apc.ini

The APC configuration file is seriously barren; it is little more than an extension include directive. You can add extra keys after reading the APC’s online documentation related to settings.

Finally, there is a small php script that provides more information on the operation of the APC module. Copy it to your web root and decompress it. You should change the default username and password used to protect the script by changing the username and password variables directly in the PHP code:

$ sudo cp /usr/share/doc/php-apc/apc.php.gz /var/www
$ sudo gzip -d /var/www/apc.php.gz
$ sudo vim /var/www/apc.php

Change credentials near line 41:

defaults('ADMIN_USERNAME','apc'); // Admin Username
defaults('ADMIN_PASSWORD','password'); // Admin Password - CHANGE THIS TO ENABLE!!!

Now, view your APC page (assuming your web server is at 192.168.0.6):

https://192.168.0.6/apc.php

fail2ban on centos 6.x

I just had to install fail2ban on a centOS server with plesk, and thought I write it down as I am going to need it in the future.

Fail2Ban is excellent software as it helps to deter those would brute force attacks on a server.

So first we need to enable the repo called epel, so as the root user:

wget https://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install epel-release-6-8.noarch.rpm

Then in the text editor (I use nano) of your choice edit the repo to disable it (we only want to enable it to download any packages from it, this adds security):

nano /etc/yum.repos.d/epel.repo

and change

enabled=1

to

enabled=0

Now we are going to install fail2ban, we will also need the whois program so fail2ban can query ip whois database:

yum --enablerepo=epel install fail2ban jwhois

now we have our packages installed, we want to copy the config file and use the copy so we have a backup if we mess things up:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

OK we are ready to edit our config file so:

nano /etc/fail2ban/jail.local

I normally leave the the defaults in place. So find the place where ‘[ssh-iptables]‘ is located in the file.
This is already turned on but you will need to alter a few options. A quick review of the basic options are:

enabled : Whether to turn the filter on or off.
filter : Which filter to use located in ‘/etc/fail2ban/filter.d’.
action : The action to take located in ‘/etc/fail2ban/action.d’.
logpath : Where the log to scan is located.
maxretry : the number of times a login attempt can be made before a ban.
bantime : How long the ban will last in seconds.
findtime : The ban is reset if no match is found within “findtime” seconds.

So with that in mind here are some rules for ssh, postfix, courier-imap and proftpd. Change ‘yourdomain.com’ to your actual server domain and ‘user@yourdomain.com’ to your email address you want the whois data sent to.

[ssh-iptables]

enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
sendmail-whois[name=SSH, dest=user@yourdomain.com, sender=fail2ban@yourdomain.com]
logpath = /var/log/secure
maxretry = 3
bantime = 43200
findtime = 43200

[postfix-iptables]

enabled = true
filter = postfix
action = iptables[name=Postfix, port=smtp, protocol=tcp]
sendmail-whois[name=Postfix, dest=user@yourdomain.com, sender=fail2ban@yourdomain.com]
logpath = /usr/local/psa/var/log/maillog
maxretry = 6

[courierimap-iptables]

enabled = true
filter = courierlogin
action = iptables-multiport[name=IMAP, port="110,995,143,993"]
sendmail-whois[name=IMAP, dest=user@yourdomain.com, sender=fail2ban@yourdomain.com]
logpath = /usr/local/psa/var/log/maillog
maxretry = 6

[proftpd-iptables]

enabled = true
filter = proftpd
action = iptables[name=ProFTPD, port=ftp, protocol=tcp]
sendmail-whois[name=ProFTPD, dest=user@yourdomain.com]
logpath = /var/log/proftpd/auth.log
maxretry = 6

Now edit the following filters:
/etc/fail2ban/filter.d/courierlogin.conf

Change:
LOGIN FAILED, .*, ip=\[\]$

To:
LOGIN FAILED, ip=\[\]$

/etc/fail2ban/filter.d/proftpd.conf. Repalce the failregex with:

failregex = \[\]\s+530$

Because Plesk doesn’t log failed auth attempts in proftpd, we have to make it do so.

/etc/proftpd.conf add:

ExtendedLog /var/log/proftpd/auth.log AUTH auth
LogFormat auth "%v %t \"%r\" [%h] %s"

create ‘proftpd’ directory in ‘/var/log’

mkdir /var/log/proftpd

Create a file in ‘/etc/logrotate.d’

mkdir /etc/logrotate.d/proftpd

and put this in it:

/var/log/proftpd/auth.log
{
weekly
missingok
rotate 7
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
# reload could be not sufficient for all logs, a restart is safer
/usr/bin/kill -HUP `cat /var/run/proftpd.pid 2>/dev/null` 2>/dev/null || true
endscript
}

Now restart fail2ban and proftpd:

service fail2ban restart
/etc/init.d/xinetd restart

Now you should have a more secure server. Enjoy!