Saturday, August 23, 2008


ERROR:- rpmdb: unable to join the environment

PROBLEM:

 You get following or error while Rebuilding RPM database:
=======
[root@www root]# rpm –rebuilddb
rpmdb: unable to join the environment
error: db4 error(11) from dbenv->open: Resource temporarily unavailable
error: cannot open Packages index
=======

SOLUTION:
Try This:
=======
[root@www root]# rm -f /var/lib/rpm/__db*
[root@www root]# echo “%__dbi_cdb   create private cdb mpool mp_mmapsize=16Mb mp_size=1Mb” > /etc/rpm/macros
[root@www root]# rpm –rebuilddb
=======

 
PLEASE NOTE: This Fix Is Only For RedFat OS

Monday, July 07, 2008


 Install HotSaNIC
HotSaNIC is a very nice tool which combines all sorts of very important system graphs into a simple and easy to understand webpage. It allows the admin to take a quick glance at the graphs to see what may or may not be working with the system. With the new APPS graph it is also possible to watch as more processes are started which can be helpful in tracking down why the server load is increasing. For instance if you see a huge load spike but you see that the number of exim processes has gone up significantly at the same time you can start to investigate. It also just provides nice graphs to look at.

I built this guide on a cPanel server but it will work fine on an ensim box as well. I don't recall the plesk mailserver off the top of my head but changing that small part will make it work great fine plesk. This guide is also posted on my website.

First, we will need to install RRDtool

-----command-----
cd /usr/local/src/
wget http://oss.oetiker.ch/rrdtool/pub/rrdtool-1.0.x/rrdtool-1.0.48.tar.gz
tar -zxvf rrdtool-1.0.48.tar.gz
cd rrdtool-1.0.48
./configure
make
make install
make site-perl-install
cd ..
-----------------

Now we will install and configure HotSaNIC

-----command-----
cd /usr/local
wget http://downloads.sourceforge.net/hotsanic/hotsanic-0.5.0-pre5.tgz?modtime=1078012800&big_mirror=0
tar -zxf hotsanic-0.5.0-pre5.tgz
cd HotSaNIC
./setup.pl
-----------------


-----command-----

You will be asked a number of questions during the install script.

Module found: APCUSV Do you want to use this module?
Choose 'n'

Module found: APPS Do you want to use this module?
Choose 'y'

Do you want to show this module's graphs on the webpage? (Y/n)
Choose 'y'

Module found: BIND Do you want to use this module?
Choose 'n'

Module found: DISKIO Do you want to use this module?
Choose 'y'

Do you want to show this module's graphs on the webpage? (Y/n)
Choose 'y'

Module found: DNET Do you want to use this module?
Choose 'n'

Module found: MAILQ Do you want to use this module?
Choose 'n' (they only support postfix right now)

Module found: NETSTAT Do you want to use this module?
Choose 'n'

Module found: NETWORKS Do you want to use this module?
Choose 'n'

Module found: PART Do you want to use this module?
Choose 'y'

Do you want to show this module's graphs on the webpage? (Y/n)
Choose 'y'

Module found: SENSORS Do you want to use this module?
Choose 'n'

Module found: SHOUTCAST' Do you want to use this module?
Choose 'n'

Module found: SYSTEM Do you want to use this module?
Choose 'y'

Do you want to show this module's graphs on the webpage? (Y/n)
Choose 'y'

Module found: TRAFFIC Do you want to use this module?
Choose 'y'

Do you want to show this module's graphs on the webpage? (Y/n)
Choose 'y'

Module found: WORMS Do you want to use this module?
Choose 'n'

Found: eth0 - (y)es or (n)o
Choose 'y' (If you are prompted for any other interfaces starting with 'eth0' choose 'n')

Found: lo - (y)es or (n)o
Choose 'n'

0 /usr/local/cpanel/bin/rrdtoolinstall
1 /usr/local/cpanel/bin/rrdtoolcheck
2 /usr/local/cpanel/3rdparty/bin
by just pressing ´ENTER´, item "0" will be selected.
select item 0 ... 2? >

Select 0, we are going to change this below anyways.

You are now back at the command prompt. (If it asks you more questions, just accept the default answers.. we are using these settings below....)

Now we are going to start the manual configuration of hotsanic.


-----command-----
cd /usr/local/HotSaNIC/var/settings
vi main
-------------------

-----command-----

press [ctrl -w] then type 'binpath' then press [enter]. Find and change this line.

BINPATH="not configured"

change to

BINPATH="/usr/local/rrdtool-1.0.49/bin"

press [ctrl -w] again then type 'webdir' then press [enter]. Find and change this line.

WEBDIR="not configured"

change to

WEBDIR="/home/username/public_html/stats/"
Note you are going to put this to someplace that is acessible to the internet. I would recommend setting it to a subdomain or a directory within a domain.

press [ctrl -w] again then type 'ctime' then press [enter]. Find and change this line.

CTIME="24"

change to

CTIME="4"

press [ctrl -w] again then type 'convertpath' then press [enter]. Find and change this line. If may already be changed, if so do not worry.

CONVERTPATH="not configured"

change to

CONVERTPATH="/usr/bin/convert"

Finally, to save and exit press [ctrl -x] Y then [enter]. At the prompt type.

pico mod-traffic

Find and change this line:

SWAPIO="no"

change to

SWAPIO="yes"

Again, to save and exit press [ctrl -x] Y then [enter]. At the prompt type.

pico -w mod_system

Go to the bottom and where you see all the IRQ= lines that are not commented out simply delete them.

Again, to save and exit press [ctrl -x] Y then [enter]. At the prompt type.


-----command-----
cat /proc/stat |grep disk_io
-----command-----
Edit the disk_io config file

-----command-----
pico -w mod_diskio
-----command-----

At the bottom add:

DEV=8_0,sda
DEV=8_1,sda

If your system has something other then the (8,0) and (8,1) as listed above make sure to put that in the config above. Again, to save and exit press [ctrl -x] Y then [enter]. At the prompt type.

-----command-----
pico -w mod_apps
-----command-----

This mod is going to allow you to track how many of a given service is running. I would say that apache, mysql, and email are the most important. Note that exim is what cPanel uses, if you are using ensim replace it with sendmail. Add the following to the bottom:

APP=httpd,Apache
APP=mysqld,Mysql
APP=exim,Exim

Again, to save and exit press [ctrl -x] Y then [enter]. Note that below when you make the directory it needs to be what you put in the configuration file above. At the prompt type.


-----command-----
cd /usr/local/HotSaNIC
mkdir /home/username/public_html/stats
./rrdgraph start
./makeindex.pl
./diagrams.pl
./convert.pl
-----command-----

You now have HotSaNIC installed

To view HotSaNIC go to http://yourIPaddress/stats/

(it will take a few mins for the graphs to generate data.

Now, Lets set HotSaNIC up so it will start when you reboot your server.

-----command-----
pico /etc/rc.local
-----command-----

Add this line:

/usr/local/HotSaNIC/./rrdgraph start

Tuesday, July 01, 2008

Tripwire

Open Source Tripwire® software is a security and data integrity tool useful for monitoring and alerting on specific file change(s) on a range of systems.

1) Download tripwire latest stable version from:
http://sourceforge.net/project/showfiles.php?group_id=3130

2) tar –xvf tripwire-2.4.1.2-src.tar

3) cd tripwire-2.4.1.2-src

4) ./configure --prefix=/usr/local/

5) make & make install

6) During installation it will ask for pass phrase, you can give it anything like ‘vmdfJH789zxnm’ more than 8 Characters

7) To test >> /usr/local/sbin/tripwire --test --email emailaddress@yahoo.com, you will receive an email from Tripwire.

Thursday, June 26, 2008

How To Install FFmpeg + FFmpeg-PHP + Mplayer + Mencoder + flv2tool + LAME MP3 Encoder

Following are the steps to install FFmpeg + FFmpeg-PHP + Mplayer + Mencoder + flv2tool + LAME MP3 Encoder + Libog on a Linux server or VPS Manually. These steps also include the common fixes for such errors.


#cd /usr/local/src/

DOWNLOAD MODULES

#wget www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20061022.tar.bz2
#wget rubyforge.org/frs/download.php/9225/flvtool2_1.0.5_rc6.tgz
#wget easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
#wget superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.1.tbz2
#wget downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
#wget downloads.xiph.org/releases/vorbis/libvorbis-1.1.2.tar.gz

EXTRACT MODULES

#tar zxvf lame-3.97.tar.gz
#tar zxvf libogg-1.1.3.tar.gz
#tar zxvf libvorbis-1.1.2.tar.gz
#tar zxvf flvtool2_1.0.5_rc6.tgz
#tar jxvf essential-20061022.tar.bz2
#tar jxvf ffmpeg-php-0.5.1.tbz2

#mkdir /usr/local/lib/codecs/

#yum install gcc gmake make libcpp libgcc libstdc++ gcc4 gcc4-c++ gcc4-gfortran subversion ruby ncurses-devel -y

DOWNLOAD FFMPEG and MPLAYER

#svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
#svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
#cd /usr/local/src/mplayer
#svn update
#cd /usr/local/src/
#mv /usr/local/src/essential-20061022/* /usr/local/lib/codecs/
#chmod -R 755 /usr/local/lib/codecs/

LAME:

#cd /usr/local/src/lame-3.97
#./configure

#make && make install

LIBOGG

#cd /usr/local/src/
#cd /usr/local/src/libogg-1.1.3
#./configure --enable-shared && make && make install
#PKG_CONFIG_PATH=/usr/local/lib/pkgconfig
#export PKG_CONFIG_PATH

LIBVORBIS

#cd /usr/local/src/
#cd /usr/local/src/libvorbis-1.1.2
#./configure && make && make install


FLVTOOL2

#cd /usr/local/src/
#cd /usr/local/src/flvtool2_1.0.5_rc6/
#ruby setup.rb config
#ruby setup.rb setup
#ruby setup.rb install

MPLAYER

#cd /usr/local/src/
#cd /usr/local/src/mplayer

#./configure && make && make install

#cd /usr/local/src/

FFMPEG:

#cd /usr/local/src/ffmpeg/
#./configure --enable-libmp3lame --enable-libvorbis --disable-mmx --enable-shared
#make
#make install

#export LD_LIBRARY_PATH=/usr/local/lib/

#ln -s /usr/local/lib/libavformat.so.50 /usr/lib/libavformat.so.50
#ln -s /usr/local/lib/libavcodec.so.51 /usr/lib/libavcodec.so.51
#ln -s /usr/local/lib/libavutil.so.49 /usr/lib/libavutil.so.49
#ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib/libmp3lame.so.0
#ln -s /usr/local/lib/libavformat.so.51 /usr/lib/libavformat.so.51

FFMPEG-PHP:

#cd /usr/local/src/
#cd /usr/local/src/ffmpeg-php-0.5.1/
#phpize
#./configure
#make
#make install

NOTICE: Make sure this is the correct php.ini for the box!!

#echo 'extension=ffmpeg.so' >>

NOTICE: Make sure this is the correct php.ini for the box!!

RESTART APACHE

#service httpd restart

Friday, June 20, 2008

Install Ruby on Rails

Ruby on Rails is an open-source web framework. Ruby is a language, Rails is a framework. Rails is fast becoming a preferred development framework eating into PHP share

Rails is a full-stack framework for developing database-backed web applications according to the Model-View-Control pattern. Rails works with a wealth of web servers and databases. For web server, we recommend Apache or lighttpd, running either FastCGI or SCGI, or Mongrel. For database, you can use MySQL, PostgreSQL, SQLite, Oracle, SQL Server, DB2, or Firebird. Just about any operating system will do, but a ‘nix-based one for deployment is recommend.

Installation:

wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz
tar -zxf mod_fastcgi-2.4.2.tar.gz
cd mod_fastcgi-2.4.2

cd /usr/local/src/

wget http://rubyforge.org/frs/download.php/7858/ruby-1.8.4.tar.gz
wget http://rubyforge.org/frs/download.php/5207/rubygems-0.8.11.tgz
wget http://www.fastcgi.com/dist/fcgi-2.4.0.tar.gz
wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz

tar -zxf fcgi-2.4.0.tar.gz
tar -zxf mod_fastcgi-2.4.2.tar.gz
tar -zxf rubygems-0.8.11.tgz
tar -zxf ruby-1.8.4.tar.gz

cd /usr/local/src/ruby-1.8.4
./configure
make
make install

cd /usr/local/src/rubygems-0.8.11
ruby setup.rb
gem install rails

cd /usr/local/src/fcgi-2.4.0
./configure
make
make install

cd /usr/local/src/mod_fastcgi-2.4.2
/usr/local/apache/bin/apxs -o mod_fastcgi.so -c *.c
/usr/local/apache/bin/apxs -i -a -n fastcgi mod_fastcgi.so

gem install fcgi

mkdir /tmp/dynamic
chmod 777 /tmp/dynamic
chown -R nobody:nobody /tmp/dynamic

Edit /usr/local/apache/conf/fastcgi.conf file in your favorite editor such vi ,pico and add following code


FastCgiIpcDir /tmp/
AddHandler fastcgi-script .fcgi


Then open /usr/local/apache/conf/httpd.conf file and add following line in end of file

Include “/usr/local/apache/conf/fastcgi.conf”

Service httpd restart

Thursday, June 19, 2008

Install imap c-client

These functions enable you to operate with the IMAP protocol, as well as the NNTP, POP3 and local mailbox access methods.

Be warned however, that some of IMAP functions will not work correctly with the POP protocol.

Download c-client file

# wget ftp://ftp.cac.washington.edu/imap/c-client.tar.Z

# tar -zxvf c-client.tar.Z

# cd imap-2004g (this is the latest for now)

# vi Makefile (read inside which format you need to use, eg "slx", "lnp", "lrh", or "lsu")

For centos, we will use this

# make slx

Let's create directories for c-client, name varies on version.

# mkdir /usr/local/imap-2004g

Create libraries dir

# mkdir /usr/local/imap-2004g/lib

Create include dir

# mkdir /usr/local/imap-2004g/include

Change dir into the c-client dir.

# cd c-client/

Copy all .h files into /usr/local/imap-2004g/include/
# cp *.h /usr/local/imap-2004g/include/

Copy all .c files.
# cp *.c /usr/local/imap-2004g/lib/

Copy c-client.a
# cp c-client.a /usr/local/imap-2004g/lib/libc-client.a
Installation of eAccelerator

eAccelerator is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

To install eAccelerator on a Server just follow the following steps:

1) Login as root in SSH

2) Run the following commands in the following order:

#cd /usr/local/src/

Download the latest version of eAccelerator from http://tinyurl.com/2zzdsv using wget

#tar xvzf eaccelerator-.tar.gz

#cd eaccelerator-

#export PHP_PREFIX="/usr"

#$PHP_PREFIX/bin/phpize

#./configure --enable-eaccelerator=shared --with-php-config=$PHP_PREFIX/bin/php-config
#make
#make install

3) Edit php.ini - usually it's /etc/php.ini or /usr/local/lib/php.ini

Find this:

;Windows Extensions

Above this, comment out or remove the PHPA or mmcache lines if you have them. Replace them with this:

To install as a ZEND extension:

zend_extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

OR to install as a PHP extension:
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"

4) Create the cache directory by doing the following at the command line

#mkdir /tmp/eaccelerator
#chmod 0777 /tmp/eaccelerator

5) Restart Apache

service httpd restart

Wednesday, June 18, 2008

Installing Mod_Bandwidth

"Mod_bandwidth" is a module for the Apache webserver that enable the setting of server-wide or per connection bandwidth limits, based on the directory, size of files and remote IP/domain.

Following are the steps to install mod_bandwidth

1. Login to your server via SSH as root.

2. Type: mkdir /root/mod_bw

3. Type: cd /root/mod_bw

4. Type: wget ftp://ftp.cohprog.com/pub/apache/module/1.3.0/mod_bandwidth.c

5. Type: /usr/local/apache/bin/apxs -c /root/mod_bw/mod_bandwidth.c -o /usr/local/apache/libexec/mod_bandwidth.so

6. Type: mkdir /usr/local/apache/bw_limit

7. Type: mkdir /usr/local/apache/bw_limit/link

8. Type: mkdir /usr/local/apache/bw_limit/master

9. Type: vi /etc/httpd/conf/httpd.conf

10. Locate the following Line:
LoadModule rewrite_module libexec/mod_rewrite.so

11. Before the above line add this:
LoadModule bandwidth_module libexec/mod_bandwidth.so

12. Now locate this line:
AddModule mod_env.c

13. Before the above line add this:
AddModule mod_bandwidth.c

14. Now locate this line: # Document types.

15. Before the above line add this:
BandWidthDataDir "/usr/local/apache/bw_limit"
BandWidthModule On

16. To enable mod_bandwidth on a virtual host locate the virtual host entry for the specified domain/acount you wish to limit. Just before the line add the following:
BandWidthModule On
BandWidth all 512

The 512 can be replaced with whatever rate you wish to limit the acount too.

17. Save the file and exit.

18. Type: service httpd restart

19. Type: cd /usr/sbin

20. Type: wget ftp://ftp.cohprog.com/pub/apache/module/cleanlink.pl

What is cleanlink?
Cleanlink is a deamon that is used to clean links created by mod_bandwidth when they aren't removed properly by the server. (When a httpd process doesn't terminate the usual way.)

21. Type: chmod 755 cleanlink.pl

22. Type: vi cleanlink.pl

23. Change $LINKDIR to the following:
$LINKDIR="/usr/local/apache/bw_limit/link";

24. Save the file and exit.

25. Type: perl cleanlink.pl

26. Type: vi /etc/rc.d/rc.local

27. Scroll down to the very end of the file and add the following:
# The following line Launches CleanLink for Mod_Bandwidth
perl /usr/sbin/cleanlink.pl

28. Save the file and exit.

mod_bandwidth has many options. If you wish to modify mod_bandwidth and enable more options please visit the documentation available by the programmer here: http://www.cohprog.com/v3/bandwidth/doc-en.html

Installation of RKHunter

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing MD5 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD

Following are the Installation Steps of RKHUNTER

#wget -c http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz
#tar -zxvf rkhunter-1.2.7.tar.gz
#cd rkhunter-1.2.7.tar.gz
#./installer.sh

Now you can run a test scan with the following command:

#/usr/local/bin/rkhunter -c

How to setup a daily scan report?

#vi /etc/cron.daily/rkhunter.sh

add the following replacing your email address:
===
#!/bin/bash
(/usr/local/bin/rkhunter -c --cronjob 2>&1 | mail -s "Daily Rkhunter Scan Report" email@domain.com)
===

#chmod +x /etc/cron.daily/rkhunter.sh

I just got a false positive!! What do i do?

False positives are warnings which indicates there is a problem, but aren't really a problem. Example: some Linux distro updated a few common used binaries like `ls` and `ps`. You (as a good sysadmin) update the new packages and run (ofcourse) daily Rootkit Hunter. Rootkit Hunter isn't yet aware of these new files and while scanning it resports some "bad" files. In this case we have a false positive. You could always have your datacenter or a system administrator check out the server to verify that it is not compromised.
Installation of Mod_Security

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.

It is also an open source project that aims to make the web application firewall technology available to everyone.

Perform following steps to install mod_security on a linux server

1. Login to the server through SSH and su to the root user.
2. First your going to start out by grabbing the latest version of mod_security (Tar.gz) from the URL: http://www.modsecurity.org/download/

3. Next we untar the archive and cd into the directory:
tar zxvf mod_security-.tar.gz
cd mod_security-/

4. Now you need to determine which version of apache you use:
APACHE 1.3.x users
cd apache1/

APACHE 2.x users
cd apache2/

5. Lets Compile the module now:
/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file. First we will make a backup just incase something goes wrong:
cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico
with nano depending on what you have
vi /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for
(altho any of the IfModules would work fine)

9. Now add this
================================

# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature " "
# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On
# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255
# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. "On" will log everything,
# "DynamicOrRelevant" will log dynamic requests or violations,
# and "RelevantOnly" will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log
# Should mod_security inspect POST payloads
SecFilterScanPOST On
# Action to take by default
SecFilterDefaultAction "deny,log,status:500"
# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective "HTTP_USER_AGENT|HTTP_HOST" "^$"
# Prevent path traversal (..) attacks
SecFilter "../"

# Weaker XSS protection but allows common HTML tags
SecFilter "<[[:space:]]*script"
# Prevent XSS atacks (HTML/Javascript injection)
SecFilter "<(.|n)+>"

# Very crude filters to prevent SQL injection attacks
SecFilter "delete[[:space:]]+from"
SecFilter "insert[[:space:]]+into"
SecFilter "select.+from"

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID "!^[0-9a-z]*$"
SecFilterSelective COOKIE_PHPSESSID "!^[0-9a-z]*$"

================================

10. Save and exit the file

11. Restart Apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start
Installation of Mod_Evasive

Mod_Evasive is an apache module which helps protecting against people sending too many requests to the web server in an attempt to flood it. If it detects too many connections the offending ip will be blocked from the accessing apache for this is especially useful when the server is continuously getting attacked.

Following are the steps to install and configure it on a Linux Machine:

Login to the server as root and execute

cd /usr/local/src
wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz
tar -zxvf mod_evasive_1.10.1.tar.gz
cd mod_evasive

For apache 2.0.x
/usr/sbin/apxs -cia mod_evasive20.c

Then add add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600


For apache 1.3.x
/usr/local/apache/bin/apxs -cia mod_evasive.c

Then add this too httpd.conf

DOSHashTableSize 3097
DOSPageCount 6
DOSSiteCount 100
DOSPageInterval 2
DOSSiteInterval 2
DOSBlockingPeriod 600

Now just restart apache and the installation is complete.

/etc/init.d/httpd restart

Tuesday, June 17, 2008

Install Turck MMCache

Turck MMCache is a free open source PHP accelerator, optimizer, encoder and dynamic content cache for PHP. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated. Also it uses some optimizations to speed up execution of PHP scripts. Turck MMCache typically reduces server load and increases the speed of your PHP code by 1-10 times.

Following are the steps to install Turck MMCache on Linux Machine

1. Login to your server as root via SSH

2. Type: cd /

3. Type: mkdir mmcache

4. Type: cd mmcache

5. Download Turck MMCache tar from http://tinyurl.com/5c32sq using wget

6. Type: tar -xvzf turck-mmcache-.tar.gz

7. Type: cd turck-mmcache-

8. Type: export PHP_PREFIX="/usr"
OR
export PHP_PREFIX="/usr/local"
This depends on where PHP is installed


9. Type: $PHP_PREFIX/bin/phpize

10. Type: ./configure --enable-mmcache=shared --with-php-config=$PHP_PREFIX/bin/php-config

11. Type: make

12. Type: make install

13. Edit PHP.INI File (One of the below will work - if one is emtpy then use the other file)
Type: pico -w /etc/php.ini
or
Type: pico -w /usr/local/lib/php.ini

14. Find this:

;Windows Extensions

Above this line comment out the PHPA or the ZEND lines if they are there.
Replace them with the following:

For ZEND:
zend_extension="/mmcache/turck-mmcache-2.4.6/modules/mmcache.so"
mmcache.shm_size="16"
#^-This is the folder limit (16mb), you can make it larger if you wish.
mmcache.cache_dir="/home/mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"

OR for PHP Extensions
extension="/mmcache/turck-mmcache-2.4.6/modules/mmcache.so"
mmcache.shm_size="16"
mmcache.cache_dir="/home/mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"

mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"

15. Now we need to create a cache directory.

16. Type: mkdir /home/mmcache

17. Type: chmod 0777 /home/mmcache

18. Restart Apache
Type: service httpd restart

19. Done - A list of supported scripts.
MMCache support enabled
Caching Enabled true
Optimizer Enabled true
Memory Size 33,554,392 Bytes
Memory Available 23,737,176 Bytes
Memory Allocated 9,817,216 Bytes
Cached Scripts 110
Removed Scripts 0
Cached Keys 0

NOTE:When you upgrade PHP you need to completely re-install MMCache. You need to delete the whole directory, and re-install.