Archive | Reliable Penguin

Linux and open-source solutions.

Using SSHFS To Mount Remote Filesystem

By admin on March 17, 2015 in Linux, SSH

If you need to do a lot of file operations against a remote ssh/sftp server then sshfs might be the perfect tool. sshfs is a FUSE filesystem that you can mount onto a local mount point. Once mounted you can manipulate the files as if there were local.

Here’s the project site:

http://fuse.sourceforge.net/sshfs.html

You might need to install with yum or apt-get:

yum install sshfs

1	yum install sshfs

After sshfs installed you can use it like this:

mkdir mymount
sshfs user@remoteip:/remote/path mymount/

1 2	mkdir mymount sshfs user@remoteip:/remote/path mymount/

You’ll be prompted for a password unless you has keys setup with the remote server.

Now you can copy files to and from under mymount/.

Chrooted SFTP Users

By admin on November 28, 2014 in Linux

Here’s the steps to create chrooted SFTP users.

1. Comment out the following line in /etc/ssh/sshd_config

Subsystem sftp /usr/libexec/openssh/sftp-server

1	Subsystem sftp /usr/libexec/openssh/sftp-server

2. Append the following in /etc/ssh/sshd_config

Subsystem sftp internal-sftp

# SFTP users
Match User USERNAME
ChrootDirectory /var/www/vhosts/MYDOMAIN.COM
ForceCommand internal-sftp

Subsystem sftp internal-sftp

# SFTP users

Match User USERNAME

ChrootDirectory /var/www/vhosts/MYDOMAIN.COM

ForceCommand internal-sftp

where USERNAME is the user and ChrootDirectory is the path that the user will be locked into. Add a new “Match User” stanza for each user that needs to be chrooted. This allows each user to have a unique directory.

3. Restart SSH

service sshd restart

1	service sshd restart

4. Create the SFTP user group

groupadd sftponly

1	groupadd sftponly

5. Modify the user

usermod -g sftponly USERNAME
usermod -s /bin/false USERNAME

1 2	usermod -g sftponly USERNAME usermod -s /bin/false USERNAME

SCP and SSH are not allowed with this setup but you could change the shell to allow them…

usermod -s /bin/bash USERNAME

1	usermod -s /bin/bash USERNAME

6. The highest directory in the chroot tree must be owned by user/group root

chown root:root /var/www/vhosts/MYDOMAIN.COM
chmod 755 /var/www/vhosts/MYDOMAIN.COM

1 2	chown root:root /var/www/vhosts/MYDOMAIN.COM chmod 755 /var/www/vhosts/MYDOMAIN.COM

Add Storage To LVM/XFS Partition

By admin on May 21, 2014 in Linux

Let’s assume that you have XFS formatted partition hosted on LVM named “/dev/vg1/gfs1” where “vg1” is the “volume group” and “gfs1” is the “logical volume”. You want to add an additional drive named “dev/xvdc” to the partition to increase storage. Here are the steps:

1. Partition the new drive with fdisk

[root@web root]# fdisk /dev/xvdc
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel with disk identifier 0x88e6b2eb.
Changes will remain in memory only, until you decide to write them.
After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-13054, default 1):
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-13054, default 13054):
Using default value 13054

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[root@web root]#

[root@web root]# fdisk /dev/xvdc

Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel

Building a new DOS disklabel with disk identifier 0x88e6b2eb.

Changes will remain in memory only, until you decide to write them.

After that, of course, the previous content won't be recoverable.

Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to

switch off the mode (command 'c') and change display units to

sectors (command 'u').

Command (m for help): n

Command action

e extended

p primary partition (1-4)

Partition number (1-4): 1

First cylinder (1-13054, default 1):

Using default value 1

Last cylinder, +cylinders or +size{K,M,G} (1-13054, default 13054):

Using default value 13054

Command (m for help): w

The partition table has been altered!

Calling ioctl() to re-read partition table.

Syncing disks.

[root@web root]#

2. Setup /dev/xvdc1 as an LVM physical volume:

[root@web root]# pvcreate /dev/xvdc1
Physical volume "/dev/xvdc1" successfully created

1 2	[root@web root]# pvcreate /dev/xvdc1 Physical volume "/dev/xvdc1" successfully created

3. Add /dev/xvdc1 to the LVM volume group:

[root@web root]# vgextend vg1 /dev/xvdc1
Volume group "vg1" successfully extended

1 2	[root@web root]# vgextend vg1 /dev/xvdc1 Volume group "vg1" successfully extended

You can show volume group detail to see the newly available storage:

[root@web root]# vgdisplay vg1
--- Volume group ---
VG Name vg1
System ID
Format lvm2
Metadata Areas 3
Metadata Sequence No 6
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 1
Open LV 1
Max PV 0
Cur PV 3
Act PV 3
VG Size 279.99 GiB
PE Size 4.00 MiB
Total PE 71677
Alloc PE / Size 46078 / 179.99 GiB
Free PE / Size 25599 / 100.00 GiB
VG UUID 7muRk4-U3d4-QJfh-oXFU-REo1-cXI7-z0p1i4

[root@web root]# vgdisplay vg1

--- Volume group ---

VG Name vg1

System ID

Format lvm2

Metadata Areas 3

Metadata Sequence No 6

VG Access read/write

VG Status resizable

MAX LV 0

Cur LV 1

Open LV 1

Max PV 0

Cur PV 3

Act PV 3

VG Size 279.99 GiB

PE Size 4.00 MiB

Total PE 71677

Alloc PE / Size 46078 / 179.99 GiB

Free PE / Size 25599 / 100.00 GiB

VG UUID 7muRk4-U3d4-QJfh-oXFU-REo1-cXI7-z0p1i4

Notice that “Free PE” is 100GB which is the size of our new /dev/xvdc drive.

4. Extend logical volume to use newly available storage:

[root@web root]# lvextend -l +100%FREE /dev/vg1/gfs1
Extending logical volume gfs1 to 279.99 GiB
Logical volume gfs1 successfully resized

[root@web root]# lvextend -l +100%FREE /dev/vg1/gfs1

Extending logical volume gfs1 to 279.99 GiB

Logical volume gfs1 successfully resized

5. Grow the XFS filesystem on “gfs1”:

[root@web root]# xfs_growfs /dev/vg1/gfs1
meta-data=/dev/mapper/vg1-gfs1 isize=256 agcount=10, agsize=5242624 blks
= sectsz=512 attr=2, projid32bit=0
data = bsize=4096 blocks=47183872, imaxpct=25
= sunit=0 swidth=0 blks
naming =version 2 bsize=4096 ascii-ci=0
log =internal bsize=4096 blocks=10239, version=2
= sectsz=512 sunit=0 blks, lazy-count=1
realtime =none extsz=4096 blocks=0, rtextents=0
data blocks changed from 47183872 to 73397248

[root@web root]# xfs_growfs /dev/vg1/gfs1

meta-data=/dev/mapper/vg1-gfs1 isize=256 agcount=10, agsize=5242624 blks

= sectsz=512 attr=2, projid32bit=0

data = bsize=4096 blocks=47183872, imaxpct=25

= sunit=0 swidth=0 blks

naming =version 2 bsize=4096 ascii-ci=0

log =internal bsize=4096 blocks=10239, version=2

= sectsz=512 sunit=0 blks, lazy-count=1

realtime =none extsz=4096 blocks=0, rtextents=0

data blocks changed from 47183872 to 73397248

And that’s it ..

[root@web root]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/xvda1 41283904 29238956 9947852 75% /
tmpfs 4014008 0 4014008 0% /dev/shm
/dev/mapper/vg1-gfs1 293548036 182781980 110766056 63% /var/www/vhosts

[root@web root]# df

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/xvda1 41283904 29238956 9947852 75% /

tmpfs 4014008 0 4014008 0% /dev/shm

/dev/mapper/vg1-gfs1 293548036 182781980 110766056 63% /var/www/vhosts

Of course there are lots of possible variations on the process. For example maybe you don’t want to allocate all of the free space to one single logical volume but these steps should provide a good starting place.

GoAccess Web Log Analyzer

By admin on April 11, 2014 in Misc, Webservers

Here’s a great webserver log analysis tool. It’s lightweight, fast and runs from the command line on Linux:

http://goaccess.prosoftcorp.com/

Just download, build and run with something like:

goaccess -f /var/log/httpd/access_log

1	goaccess -f /var/log/httpd/access_log

I also like generating an HTML report with something like:

cat /var/log/httpd/access_log | goaccess -a > report.html

1	cat /var/log/httpd/access_log \| goaccess -a > report.html

Monitor Web Site Files With Auditd

By leerb on December 10, 2013 in Linux

The Linux Auditing System and auditd are a great way to monitor who and when changes are made to the files in your website. To install and configure follow these steps:

1. Install auditd and related utilities:

yum install audit

1	yum install audit

2. Make sure auditd is running:

/sbin/chkconfig --list auditd
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

1 2	/sbin/chkconfig --list auditd auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

3. Edit /etc/audit/auditd.conf and change:

action_mail_acct = [your email address]

1	action_mail_acct = [your email address]

This sets any action emails to go to your preferred address.

4. Edit /etc/audit/audit.rules and add a line like this to the bottom:

-w [path_to_website] -p wa -k [key]

1	-w [path_to_website] -p wa -k [key]

So if you website is located at:

/var/www/vhosts/mysite.com/httpdocs

1	/var/www/vhosts/mysite.com/httpdocs

Then a command like:

-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite

1	-w /var/www/vhosts/mysite.com/httpdocs -p wa -k mysite

would setup auditing of write and attribute change requests. Events matching this rule would be tagged with the “mysite” key.

/sbin/service auditd restart

1	/sbin/service auditd restart

Audit logs go to:

/var/log/audit/audit.log

1	/var/log/audit/audit.log

← Previous 1 … 4 5 6 … 26 Next →

Need help immediately?

$100/hour
Satisfaction Guaranteed

Top Nav

Navigation