Linux 4 All

Best Linux tricks source

Posts in the CentOS category

When Nginx is running on a server behind a Load Balancer, by default all traffic will come from Load Balancer IP, thus Nginx will only log the Load Balancer IP. In order to get your visitor real IP address, you can use X-Forwarded-For header.

In order to configure Nginx to log real IP address, add the following to nginx.conf, http section:

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    set_real_ip_from 127.0.0.1; # Varnish IP address
    set_real_ip_from 10.0.0.0/8; # Load Balancer IP range

    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

Here is a little curl magic to get you how long it it will take to connect to a site. It will display time to connect, time to namelookup, time to first byte and so on.

curl -s -w "\ntime connect: %{time_connect}\ntime namelookup: %{time_namelookup}\ntime pretransfer: %{time_pretransfer}\ntime redirect: %{time_redirect}\ntime to first byte: %{time_starttransfer}\ntime total: %{time_total}\nhttp code: %{http_code}\n\n" -o /dev/null http://linux4all.uk

time connect: 0.165
time namelookup: 0.133
time pretransfer: 0.166
time redirect: 0.000
time to first byte: 0.392
time total: 0.432
http code: 200

rm -rf is gone

It looks like you cannot run rm -rf as root on CentOS or RHEL6 boxes.

# cat /etc/redhat-release 
CentOS release 6.5 (Final)
# rm -vrf /               
rm: it is dangerous to operate recursively on `/'
rm: use --no-preserve-root to override this failsafe
# 

Don’t try this on a RHEL5 boxes.

Assuming you have a huge incoming mail queue and you need to remove it quickly, here is how:

cd /var/spool/postfix
service postfix stop
mv incoming incoming.spam
mkdir incoming
chown postfix.root incoming
chmod 700 incoming
service postfix start

Should you need to disable Trace and Track methods on Apache, add the following lines to httpd.conf and restart Apache.


 RewriteEngine on
 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
 RewriteRule .* - [F]

TraceEnable off

Here is how to test IMAP, POP and SMTP authentication using telnet or openssl:

POP3 test:

telnet $SERVER_IP 110
+OK Hello there. 
USER user@example.com
+OK Password required.
PASS Password
+OK logged in.

IMAP test:

telnet $SERVER_IP 143
a1 LOGIN user@example.com Password
a1 OK LOGIN Ok.

POP3-SSL test:

openssl s_client -connect $SERVER_IP:995
+OK Hello there. 
USER user@example.com
+OK Password required.
PASS Password
+OK logged in.

IMAP-SSL test:

openssl s_client -connect $SERVER_IP:993
a1 LOGIN user@example.com Password
a1 OK LOGIN Ok.

For the SMTP test, first we need to generate base64 encrypted username/password hash and then we can test it:

printf '\0%s\0%s' 'user@example.com' 'Password' | openssl base64
AHVzZXJAZXhhbXBsZS5jb20AUGFzc3dvcmQ=

telnet $SERVER_IP 25
AUTH PLAIN AHVzZXJAZXhhbXBsZS5jb20AUGFzc3dvcmQ=
235 2.7.0 Authentication successful AHVzZXJAZXhhbXBsZS5jb20AUGFzc3dvcmQ=

e-mail

photo credit: Micky.! via photopin cc

In a previous post I was explaining how to log visitor real IP address in access_log. Now it’s time to do the same for error_log.

For this we are going to compile and install a module called mod_vgremoteip

Steps outlined bellow:

1. Get the module

git clone https://github.com/vgno/mod_vgremoteip.git

2. Install gcc and httpd-devel tools
yum install httpd-devel
yum install gcc

3. Compile the module
apxs -a -i -c mod_vgremoteip.c

4. Configure Apache to use it
LoadModule vgremoteip_module  modules/mod_vgremoteip.so

# Name of header which contains the 'real' client IP.
 VGRemoteIPHeader X-Forwarded-For
# Subnet to mark as trusted subnet (this ip will be allowed to set the X-Forwarded-For header and marked as a proxy ip).
# You should specify this.
VGTrustedProxy 10.0.0.0/8
# You can also specify a single ip addresses.
# Do not specify hostnames.
VGTrustedProxy 127.0.0.1

5. Restart Apache and you are done.
service httpd restart

The following one-liner will display number of Apache PIDs and sort them after memory usage:

ps aux | awk '$11 ~ /httpd/ {c++; SUM +=$6; print $6/1024" MB, PID:", $2|"sort -rn| head"} END {print c" Total Apache Processes"} END {print SUM/1024" MB Total Memory"} END {print "Top 10 Memory users:"}'

When Apache is running on a server behind a Load Balancer, by default all traffic will come from Load Balancer IP, thus Apache will only log the Load Balancer IP. In order to get your visitor real IP address, you can use X-Forwarded-For header.

Here is how Apache needs to be configured to log real IP addresses:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" forwarded
SetEnvIf X-Forwarded-For "." forwarded=1
CustomLog logs/access_log combined env=!forwarded
CustomLog logs/access_log forwarded env=forwarded

Basically you were adding a new LogFormat with X-Forwarded-For value named forwarded and configure CustomLog to use combined if the request was sent directly to the server: such as a curl cronjob, or forwarded if the request was passed through the Load Balancer.

In order to change the system timezone, there are 6 simple steps you need to follow:

1. Edit /etc/sysconfig/clock. It’s up to you if you’d like UTC to be false or true.

ZONE="Europe/London"
UTC=false

2. Edit /etc/php.ini

date.timezone = Europe/London

3. Update system time. If you are running it on a cloud server, second command is not required.

tzdata-update
hwclock --systohc

4. Restart all effected services, including MySQL if necessary.

service crond restart
service rsyslog restart
service syslog restart
service httpd restart
service mysqld restart

5. Restart NTP

service ntpd stop
ntpdate 0.centos.pool.ntp.org
service ntpd start

6. Run date to confirm date was changed on your server.