I ran into an interesting band awhile ago that I’ve been listening to alot.  Not exactly manly music but thats ok.  You know the ying yang, staying in balanced idea which includes girly music

The story how I ran into them is interesting so I’ll recite it here.  A website that was promoting many bands (including them) had an issue so I sshed into the server and started to investigate the problem.  The owner gave me a link which was showing an error.  I figured out that it was an apache permission issue and resolved it.  I refresh the link and it wasn’t showing up the error anymore.  Then a song started playing since the error was fixed.  The song is called “Feel The Same Way” and I thought to myself, this is pretty good!  I did check out the other bands but none of them really had that catchy tune of that song.

I went to their myspace (http://www.myspace.com/poemamyspace) and listened to the other songs.  Good stuff.  The interesting thing is that their songs are simple melodies that just work.  Heck I can play their songs on the guitar myself.. but I won’t sound good thats for sure.

The thing I like about them is the purity, simplicity and good clean music.  They remind me of what I love about many classic Thai songs.  So now during work I cycle through their songs on their page.  I should purchase the songs sometimes soon

A few days ago I started to watch a program called Churchill’s Bodyguard.  It was about Sgt. Murray who was with Churchill for many years trying to protect him from many different types of threats.  Interestingly on one of the episodes, he talked about the trip to the ME and how Lawrence of Arabia had saved Churchill with his incredible popularity with the Arabs.

I’ve heard about the individual before but never really looked him up.  Since the episode was really fascinating, I got my hands on the classic movie and watched it.  I have to say this is one of the best movie I’ve seen.  Peter O’Toole play a great character and he did the character justice.  Now I gotta go out and buy the book.

Since Lawrence died so early I wonder what he would have done for the Arabs if he lived into an old age.  The movie potrayed him as someone who fought for the Arabs and tried but ultimately failed to unit the people.

What I’m really interested in knowing is what the contempory Arabs think of his contributions.

Do they consider him just a British agent using the Arabs as a tool? Do they think he truly tried hard to help them in gaining their independence?  Do they see him as a tragic character? I really wonder what Arab intellectuals think of him.

Since I live in a small town, its pretty difficult to find anyone who is truly interested in things such as this.  I’ll have to find a way to gather some info in the near future.

For some stupid reason I wasn’t able to connect to my VPS with the ftp account.  I am running openVZ. Checking the log I discovered this entry.

Feb 11 17:23:15 sarnworld xinetd[21875]: START: ftp pid=22305 from=thisismyiphere
Feb 11 17:23:15 sarnworld pure-ftpd: (?@?) [ERROR] Unable to switch capabilities : Operation not permitted
Feb 11 17:23:15 sarnworld xinetd[21875]: EXIT: ftp status=252 pid=22305 duration=0(sec)

Well googling for operation not permitted sent me to this link.

http://forum.openvz.org/index.php?&t=msg&goto=4203

Stopping the VM and then running the following command fixed the issue for me.

damn you pure-ftp and openvz for being weaksauce.

 
VPSID=110
for CAP in CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE CHOWN DAC_READ_SEARCH SETGID SETUID NET_BIND_SERVICE NET_ADMIN SYS_CHROOT SYS_NICE
do
vzctl set $VPSID --capability ${CAP}:on --save
done

I tried to install rtorrent but ran into some slight problems. It took me a few mins to figure it out but thought I’d post it just in case someone might need the help.

I’m installing it on a minimal CentOS 5 install.

First some basics.

First make sure python is installed which I had. Also make sure there’s a compiler (gcc) is installed. Next download the 2 files rtorrent and libtorrent.

I install it in /usr rather then leave it default because redhat binaries are put in /usr/bin rather then /usr/local/bin and I just want to keep it all in the same place.

cd libtorrent-0.12.2
./configure --prefix=/usr

First I run into an error with openssl being missing. I do have openssl installed but this is a typical problem. What is needed is the devel package.

yum install openssl-devel

Next was the ’sigc++-2.0′ error.

Resolved that by installing the DAG repo.

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install libsigc*

Next was this error

checking signedness of mincore parameter... configure: error: failed, do *not* attempt fix this with --disable-mincore unless you are running Win32.

This one was tricky for me. Looking at the config.log located in the libtorrent-0.12.2 folder gave me a hint. I see

configure:23341: g++ -c -O2 -Wall -g -DDEBUG -I/usr/kerberos/include   -I/usr/include/sigc++-2.0 -I/usr/lib/sigc++-2.0/include    conftest.cpp >&5
./configure: line 23342: g++: command not found

Solution was to install

yum install gcc-c++

The rest of the errors I ran into was ncurses and curl which just basically required the devel packages installed.

yum install ncurses-devel
yum install curl-devel

Now lets see how really good rtorrent is on commandline.

Why Nginx?

Its hard to be a server/linux/software geek and not know about Nginx. I’ve been meaning to play with Nginx for a while. Thought about installing it on SW VPS but I just never found the time to do it. I did attempt to install nginx with RT 3.8 and that was a total failure on my part and mainly because I couldn’t get RT’s quirky perl to work. I will give that another try since I understand Nginx much better this time around.

Before I start I like to thank Boris from WHT, Nathan of SM Script, and #nginx on freenode IRC. and yawn.it

Although I mention using SM script, you can use this tutorial for pretty any scripts out there that uses php and .htaccess

A large part of this post is compromised of this tutorial I found on the web on nginx. Really well written and modified a little by me for CentOS5.

First, lets start with some packages we needed to compile nginx with no errors. Make sure all the development packages are installed. And of course a compiler (gcc)!

yum install ffmpeg-devel libxml2-devel libXpm-devel libjpeg-devel libpng-devel mysql-devel libtool make patch gcc

Next, we need to compile a custom version of php 5.2.6 patched and integrated with php-fpm and ffmpeg-php (for SM script). CentOS default php binary is located in “/usr/bin”, the compile of the source code defaults in “/usr/local/bin”. The nice thing about this whole process is the fact that you can have both php binaries installed and depending on what you want to turn on (apache or nginx), you can just activate it accordingly.

Download php 5.2.6 and php-fpm. Patch php.

wget http://us.php.net/get/php-5.2.6.tar.gz/from/this/mirror
tar -xvvzf php-5.2.6.tar.gz
wget http://php-fpm.anight.org/downloads/head/php-5.2.6-fpm-0.5.9.diff.gz
gzip -cd php-5.2.6-fpm-0.5.9.diff.gz | patch -d php-5.2.6 -p1

Download ffmpeg-php and build it right into the binary (I prefer it this way).

wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2?modtime=1224044751&big_mirror=0
bunzip2 -c ffmpeg-php-0.6.0.tbz2 | tar xvf -
mv ffmpeg-php-0.6.0 php-5.2.6/ext/ffmpeg
cd php-5.2.6
autoconf
./configure --enable-fastcgi --enable-fpm --with-zlib --enable-mbstring --with-mysql --with-mysql-sock --with-gd --with-jpeg-dir=/usr/lib --enable-gd-native-ttf --without-sqlite --disable-pdo --disable-reflection --with-ffmpeg=yes
make all install
strip /usr/local/bin/php-cgi

Start configuring php-fpm.conf
On a side note I copied the sample php.ini from the source folder. This was a mistake as the sample didn’t have short_open_tag enabled. This was to give me a big headache for a while. Best thing is to copy your default CentOS php.ini which also already have ioncube loaded. The default location for your new php binary will be loaded from /usr/local/lib

cp /etc/php.ini /usr/local/lib
vi /usr/local/etc/php-fpm.conf

Find these two lines. Remove the Comments (arrows) and replace the “nobody” with the user and group you would like php-fpm to run as.

 <!--  <value name="user">nobody</value>         -->
<!--  <value name="group">nobody</value>      -->

If you don’t do this, starting php-fpm will show this error.

fpm_unix_conf_wp(), line 124: please specify user and group other than root, pool ‘default’

Next we will compile Nginx (There is an easy way to install using RPM but I’m not sure what options and where it gets put. Link here)

Although the default modules that are activated with nginx is plenty enough, I wanted to enabled two extra modules. One is http_stub_status_module and flv streaming. As of version 2.1 SM Script does not support FLV seeking but the new update for the flash player should give that ability so might as well get ready by activating the module.

You will need pcre library to compile nginx.

wget http://sysoev.ru/nginx/nginx-0.6.32.tar.gz
tar -xvvzf nginx-0.6.32.tar.gz
wget http://downloads.sourceforge.net/pcre/pcre-7.8.tar.gz?modtime=1220617433&big_mirror=0
tar -xvvzf pcre-7.8.tar.gz
cd nginx-0.6.32
./configure --with-http_stub_status_module --with-http_flv_module --with-pcre=/path/to/pcre-7.8/
make
make install

Edit Nginx config file

vi /usr/local/nginx/conf/nginx.conf

Use the following nginx config. This is a basic config that will run nginx with SM Script. (NOTE: Config isn’t optimized for best performance with script). Replace “root /var/www/html” with your path for SM script. Click here to get all the converted rewrites for nginx.

worker_processes  1;
events {
    worker_connections  1024;
}
 
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    # the 300m represent 300megs.  This is the max upload.  Change it if you need.
    client_max_body_size 300m;
 
server {
  listen 80;
# replace domainname.com with your domain name.  I discover you need to do this for encoded files.
  server_name  domainname.com;
# Replace /var/www/html with your path to SM script.
  root /var/www/html;
  location / {
    index index.php index.html;
  }
 
# This is your php-fpm section.  Replace it accordingly (For example if you decide to run it on a different port).
  location ~ \.php$ {
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
  }
 
# This enable flv streaming allowing fast forwarding.  Next version of SM should support it.
location ~ \.php {
            flv;
        }
 
# This is for nginx to deny access to .htaccess file on your SM script root.
# Leave it there so you can easily turn on apache if the need arise.
  location ~ /\.ht {
            deny  all;
        }
 
# Copy all the converted SM .htaccess rules here.  Yes all of it needs to go in there.
rewrite ^/signup/$ /index.php?view=signup last;
....
....
....
 
       }
 
}

On a side note: Here is how the apache rewrite is converted to nginx
Apache: RewriteRule ^signup/$ index.php?view=signup [L]
Nginx: rewrite ^/signup/$ /index.php?view=signup last;

Replace it with all lines following this rule and it will work.

start nginx and php-fpm

php-fpm start
/usr/local/nginx/sbin/nginx

Since I can’t find any init script I do the lazy route of starting up the services by putting the commands in rc.local These commands will automatically run next time the VPS is restarted.

edit the file and put the 2 start commands in the file.

vi /etc/rc.local

php-fpm start
/usr/local/nginx/sbin/nginx

Now if you decide to stop nginx and start apache for whatever reason all you have to do is.

php-fpm stop
kill `cat /usr/local/nginx/logs/nginx.pid`
/etc/init.d/httpd start

Some Notes:

You may see this error when you browse the site after successfully starting nginx.
“No input file specified”
This error pops up if your fastcgi_param isn’t set correctly.

Part 2 is done!

Continue onto Part 3 which will involve setting up a Remote Backup and MySQL replication.

I installed OpenVZ on the new video server and then created a 850 gig CentOS5 VPS.

So why did I decide to go with the VPS route when I could just use the dedicated server itself? Here are the advantages I see when you running as an OpenVZ VPS in this case.

• Might have some issues when you ask techs to format your server in a specific way for Xen.  This is especially true if you are planning to use hypervm.  And also this might cost money.

• Overhead isn’t so bad with virtualization; especially with OpenVZ.

• I could run another independent VPS for some tiny experiment if I wanted to.

• If I screw up on something, it is painless to recreate the VPS and start fresh. Even if you have free OS reloads, it is still a hassle.

• On the worse case scenario where the VPS is compromised badly, you can quickly restore everything.  For example you can move your hundreds of gigs of videos to the main platform easily with a command and then destroy and recreate your VPS.  On Xen this would be impossible if your VPS space is almost full.

So lets continue on with the rest of the basic settings.

Installed Jason’s ever awesome repo. Get the near latest versions of the softwares.

Did the good ole basic commands to get things rolling.

yum -y update
yum install php php-mysql php-gd mysql mysql-server httpd vsftpd

Setup some really anal firewall rules.

Installed the SM script.  Make sure you enable .htaccess in httpd.conf

Started on the ffmpeg, mencoder and flv2 for the script

I just have to make a point that I used to compile all these by hand. Sure it was geeky but I have to say, using rpmforge really saves time. Sure I don’t have the latest versions but its SOOO easy!

Here’s a MUCH EASIER way.

Installed the rpmforge repo rpm

wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.3.6-1.el5.rf.i386.rpm
yum install ffmpeg mencoder flvtool2

Patiently wait for the 73 packages to download.

Continue to Part 2 (installing Nginx webserver and other things).

So I rented a server for our new video server. My plan was to just prepare and to release it after at least a week or two.

BUT after a few days, I was checking the bandwidth meter and I saw my bandwidth going through the roof (100gig+). I went and downloaded the bw monitor and saw that I was at that moment pumping out about 27 mbits. I ran top and saw a few really bad things. First I saw utorrent running; second I saw a vnc server running; third I saw the user that was running and it was a shell user that I didn’t create.

Initially I was shocked because it made no sense other then the fact that I got rooted. Basically I got owned and this was definitely something that never happened. I’ve had situations where I got either SQL injected or have a run away script due to carelessness but NEVER one where I had practically zero services running other then SSH AND I had a rogue shell user running services that only a root user could run.

First thing I did was to kill the rogue services that were running. Then I set some very anal firewall rules. Then I started investigating. Things got interesting real quick.

After spending quite sometime into it, I was now pretty sure my server was compromised before I even got access to it.  At least before I even SSH in.

Here are some excerpts from the history and secure logs that shows what happened with some of my comments.

First we start off with the History log.

1  yum install yum-fastestmirror -y
2  yum update -y   ---- (Technician runs yum update)
3  cd /etc/
4  cd sysconfig
5  ls
6  cd network-scripts/
7  ls
8  cp ifcfg-eth0 ifcfg-eth0:0    ---- (Technician gives me another IP)
9  vi ifcfg-eth0:0
10  reboot   ----  (Disconnected)
11  setup    ----  (The same person or another person? comes in)
12  passwd    ----  (root pass word changed? is this the root pass I was emailed?)
13  uname -a
14  cd /home
15  ls
16  top
17  df -h
18  tp
19  top
20  df -h
21  uptime
22  ls
23  mkdir /var/spool/sql  ---- (same user now creating the hacked account)
24  cd /var/spool/sql   ----  (this is the home folder of the account that was using my server)
25  adduser sqlserver   ----  (person adds in the user)
26  passwd sqlserver    ----  (made a password)
27  nano /etc/passwd    ----  (changed his login path; promoted himself to root UID:0)
28  cd /var/log    ----  (to the logs)
29  nano secure   ----  (either edited or changed some stuff)
30  id sqlserver
31  exit      ----  (he leaves)
32  ls
33  exit
34  ls       ----  (This is me connected)
35  ifconfig
36  ifconfig
37  cat /proc/cpuinfo    ----  (me making sure its quadcore)
38  free -m
39  top -c
40  df -h          ----  (me checking a bunch of stuff)
41  lvdisplay
42  uname -a
43  w
44  passwd     ----  (me changing the root pass)
45  ls
46  w
47  ls
48  vi /etc/selinux/config    ----   (me making sure selinux was disabled)
49  pwd
50  wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-slave.sh   ----    (me installing openVZ)

Now here are the entries from the Secure log in /var/log

 
Oct  2 19:23:58 server700 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Oct  2 19:23:58 server700 login: ROOT LOGIN ON tty1

This is the first entry in the log (console login)  Probably the technician running yum.

Oct  2 19:32:00 server700 sshd[2565]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct  2 19:34:13 server700 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Oct  2 19:34:13 server700 login: ROOT LOGIN ON tty1

Here is the 2nd time a console login was done and I’m assuming this login was the one that added the sqlserver user which was running utorrent on my box and sucking up my BW.

Oct  2 20:24:48 server700 sshd[3081]: pam_unix(sshd:session): session closed for user root
Oct  2 21:11:41 server700 sshd[3941]: Accepted password for root from 100.100.100.100 port 63266 ssh2
Oct  2 21:11:41 server700 sshd[3941]: pam_unix(sshd:session): session opened for user root by (uid=0)
Oct  2 21:11:49 server700 passwd: pam_unix(passwd:chauthtok): password changed for root

Here is ME logging in and changing my root password.

Oct  2 21:19:39 server700 sshd[2793]: pam_unix(sshd:session): session opened for user root by (uid=0)
Oct  2 21:20:17 server700 groupadd[2867]: new group: name=lxlabs, GID=501
Oct  2 21:20:17 server700 useradd[2871]: new user: name=lxlabs, UID=500, GID=501, home=/home/lxlabs, shell=/sbin/nologin

Here is me logging back in and installing hypervm on my box.

Oct  2 21:36:04 server700 sshd[6628]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct  2 21:47:06 server700 sshd[8321]: Accepted password for sqlserver from 200.200.200.200 port 10170 ssh2
Oct  2 21:47:06 server700 sshd[8321]: pam_unix(sshd:session): session opened for user sqlserver by (uid=0)

You can see that this account logs in with ROOT Access.  And if you remember in the history above, this person probably changed UID to 0 (by editing /etc/passwd)).

This shows that whoever compromised the server did it from the console. Whether it is from someone inside or someone who gained kvm/ip access (which is pretty scary) is something I don’t know for sure.

Surprise that the person left alot of footprints behind but I’m glad it happened this way so I was able to at least proved my case.

I send the information to the server’s company and complained about the incident. Thankfully they decided to compensate me which ended up being about a month of free hosting and of course a free OS reload.

Good thing that the site was in the developmental stage and wasn’t even ready for prime time. So it wasn’t a terrible loss other then me wasting time putting a few hours into it. Sure it was easy but I would have to do alot of those recompiles again.

So I guess this little experiment isn’t going no where.  I’m sad since I did put a good amount of time into this but its just one of those things that happens in life.  I wish Joey good luck in whatever she wants to do.  And that is all I have to say about this.

So I decided to install some stuff to make the forum runs faster.

First was the SpeedUp mod.

This was really easy and you instantly notice the speed increases on the forum.

Now the next thing was to install Xcache.  On the older server, I’ve always had Eaccelerator  and it worked fine.  For some reason I never thought about installing one of these on the new server.  Probably because it was a quadcore and I just didn’t feel like I needed to do it which is obviously the wrong attitude.

Looking for some basic instructions I found two.

http://www.php.ph/2008/08/10/centos-5-installing-xcache-from-source/

http://www.jasonlitka.com/2006/12/20/php-caching-and-acceleration-with-xcache/

Initially I did the compile myself and everything looked good til I restarted apache.  Apache wasn’t starting up at all.  I tried it again and it still didn’t work.  Then I got lazy and decided to use the ever excellent Jason’s repo (Jason keep up the good work).

Ran yum install php-xcache

Restarted and promptly killed apache as it can’t start.  Just not getting any love tonight!

As I suspected this was due to lxadmin and since my work had support with them, I promptly got on live support.

The tech instantly knew my problem and told me to run

/script/upcp

after the yum install.  Mentioned to me that xcache was unstable.

Well after the command xcache.ini was gone from /etc/php.d/

Apparently, it got moved inside /etc/php.ini

I wasn’t sure where we were going with this so I asked the tech guy about it.

He told me to log into the LXADMIN panel and look at the php config.  Well turns out now xcache was now an option that I can enable.  So I checked the option then restarted apache and checked with phpinfo().

Well Xcache is finally listed in there.  The forum didn’t feel faster though; not like with the SpeedUP mod but I will be monitoring the load and see if it decreases as the load actually climbs a little bit during some busy time (load up to 4 or 5).

lxadmin panel is coming along nicely and I really like the support.  Especially love the way they patch things super quick.

Still prefer good ole shell though

For the past few days I’ve been struggling and trying to get this new Xen Platform to work.

Basically the problem lies in the fact that after the OS install (CentOS 5), the machine would refuse to boot with 2 kind of error.  One of a frozen initial boot screen and the other is a kernel panic (can’t find VolGroup00).

Since the total space of the harddrives were more then 2 terabytes (6 750 gb drives in raid10 and 2 hot spares), I had to either have autocarve on OR use a boot volume and thereby converting the 2nd (sdb) into a GPT format.

Since I can’t get the machine to boot, my initial reaction was to update the 3ware raid card and the motherboard to the latest BIOS version.  But I still can’t get pass the frozen screen or the kernel panic screen no matter what I did.  I tried every possible senario I can think of and we’re talking EVERYTHING.

Ram tested good, HDs are fine, tried IDE cdrom, DVDrom, sata dvdrom,

Found some interesting threads

http://forums.fedoraforum.org/showthread.php?p=1073621

http://www.3ware.com/kb/article.aspx?id=15388

But nothing worked although the thread on the fedoraforum looked interesting and I thought I had something with it but ended up with NO results.

Then I had this bright idea of reducing the speed of the bus to pci-x 66 from 133. Now I start thinking perhaps something was wrong the card since we bought a used one. Well the install went fine but afterward during the brute force test, a ton of errors pop out on the screen and the thing just looks horribly flaky.

I called 3ware and asked them for some tips. The guy was very helpful giving me some things I haven’t tried yet (although I have tried pretty much everything else). I tried his tips and nothing worked.

Well finally I took the card home and plugged it into my Tyan server at home (my sweet new fileserver) and bam it worked FLAWLESSLY.

This is when I started to realize that it could be the motherboard itself. I did try a little bit more random stuff and finally just decided to RMA and cross ship the board. We use supermicro boards at work and even the server I built for SW used supermicro. I mean this is how much love I have for supermicro that I didn’t remotely even considered that it could be the board being flaky.

Well when the new board arrived, I plugged the parts in and it was basically a WAM BAM THANK YOU MAM. Worked flawlessly. It looked like the PCI-X ports for the board was just bad. Perhaps if the raid card was PCI-E, that slot might have worked perfectly.

Lesson I learned: Don’t think that the motherboard (just cause the brand is hot) isn’t the weakest link.