Mount /tmp with noexec,nosuid options on Openvz
October 30, 2009
Simply do this :
# mount -t tmpfs -o noexec,nosuid tmpfs /tmp/
# cat /proc/mounts
simfs / simfs rw 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
tmpfs /tmp tmpfs rw,nosuid,noexec 0 0
and dont forget to insert to /etc/fstab :
tmpfs /tmp tmpfs noexec,nosuid 0 0
tmpfs /var/tmp tmpfs noexec,nosuid 0 0
Creating OpenVZ OSTemplate
October 27, 2009
Actually this article is not about creating OS template. Well, it’s about when you done customizing some OS Template and you want to backup or make it as a new pre-configured OS template :
- Shutdown your OpenVZ container : vzctl stop {CTID}
- As root, go to /vz/private/{CTID} and launch : tar -cvzf /vz/template/cache/{OSTemplate-Name}.tar.gz .
How to Enable CSF on OpenVZ Container
August 30, 2009
On the node server :
Modify IPTABLES_MODULES on /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_netbios_ns ipt_conntrack ipt_LOG ipt_owner ipt_state ip_conntrack_ftp iptable_nat ip_nat_ftp ip_tables ipt_multiport iptable_filter ipt_limit"
then launch : service iptables restart
to restart iptables services
Then modify IPTABLES on /etc/vz/vz.conf
IPTABLES="ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ip_tables ipt_conntrack ip_conntrack_ftp ipt_LOG ipt_owner"
then launch : /etc/init.d/vz restart
How to Identify MySQL Slow Query
August 14, 2009
Long query on mysql often fill up your server’s CPU and RAM with a bunch of load. It can be happened because un-optimized query, dirty table, very large row, etc.
You can enable slow query log on your mysql server :
-
Edit your my.cnf config, under [mysqld] add :
log-slow-queries = /var/log/mysql-slow.log
long_query_time = 3
- Create /var/log/mysql-slow.log and chmod it :
touch /var/log/mysql-slow.log
chown mysql.root /var/log/mysql-slow.log
-
Restart MySQL Services : service mysql restart
This will make MySQL to log queries that take more than 3 seconds to execute.
How to Use Screen on Linux
January 24, 2009
I’m not going to write what screen is about in this article. I just want to make a personal note for myself about this linux utility.
Starting screen :
#screen
Create a screen session :
Ctrl-a-c
Move to next screen session :
Ctrl-a-n
Move to previous screen session :
Ctrl-a-p
Detach current screen session :
Ctrl-a-d
To view current screen session :
#screen -ls
Output sample :
—————————————–
There is a screen on:
966.pts-0.helios (Detached)
1 Socket in /var/run/screen/S-root.
—————————————–
To reconnect to 966.pts-0.helios screen session :
#screen -r 966.pts-0.helios
That’s all. I hope my post can be useful to you 
Change TimeZone on Centos Linux
January 21, 2009
It’s quite easy to change time zone on centos / linux os :
cp /usr/share/zoneinfo/Asia/Jakarta /etc/localtime
Change Asia/Jakarta into your location. After copying, you can run : ntpdate pool.ntp.org
to synchornize your server time with the closest public NTP server.
Analyzing Core Dump File
December 18, 2008
Yeah, I know core dump files may eat up user’s space quickly. But it is definitely a sign that something wrong with their scripts. So, keeping coredump files is sometimes useful so that we can analyze it properly. Here’s how to analyze core dump files :
strings /home/user/public_html/core.11051|head
You will find what scripts causing the coredump files.
or get a clear view with :
gdb /usr/bin/php /home/user/public_html/core.11051
Hope it can be useful for you!
Deal with /bin/rm: Argument list too long
December 3, 2008
As a linux user or administrator, you will someday will need to delete files that pile up your storage. If there are a lot of files (I dont know exactly how much), it will report :
/bin/rm: Argument list too long
Here’s how to handle it :
find . -name ‘[FILE-PREFIX]*’ | xargs rm
For example you want to delete cache_* files, the syntax is :
find . -name ‘cache_*’ | xargs rm
Fixing File and Folder Permission on suPHP
August 19, 2008
Just for my own note 
After installing suPHP on server, execute :
find /home/*/public_html -type d -exec chmod 755 {} \;
This command fix all folder permission
find /home/*/public_html -name '*.php' -o -name '*.php[345]' -o -name '*.phtml'| xargs chmod -v 644
This command fix all file permission
#!/bin/bash
cd /var/cpanel/users
for user in *
do
chown -R $user.$user /home/$user/public_html/*
done
This script fix all ownership issue
Disable CoreDump on Apache with suPHP
June 30, 2008
The idea of limiting user’s vhost resource usage on Apache brings me to give the suPHP a try. suPHP makes PHP process owned by the owner it self, not “nobody” or apache user, enabling us to limit resource per vhost.
After setting up suPHP with rlimit rule per vhosts, I see that Rlimit really works. Apache kills all PHP execution that hit the Rlimit. So, basically we can have a containers that lock user’s PHP execution, thus preventing user to overload the server with buggy or highload type of PHP script.
But a new problem arised. When PHP execution killed, it generate coredump files. Coredump files are very useful to traceback any crash issues that occur during PHP execution. But I got them all over user’s directory, especially on user’s directory that have a highload type of PHP script. The size may vary from 1MB to 40MB (on my system). They eat up users space every time a greedy resource PHP execution killed. Read the rest of this entry »
