Posts

Stefan Helander

Delete old PHP5 session files automatically

/0 Comments/in , /by

If not specified the PHP5 session files will be located in a directory like /var/lib/php5 and the builtin garbage collection will delete them, normally after 24 hours.

But often systems like CMS:es will put session files somewhere else and if the system doesn’t have it’s own garbage collection those session files will be kept forever. The reason can be to let a website visitor click “keep me logged in” or to remember a visitors preferences on the website. This normally doesn’t impose a problem as these session files are very small and the number of them counts in hundreds or possibly a couple of thousand files.

However, I encountered a site that created a very large number of session files and kept them forever. At some point the session files count was in the range of millions of files causing the system to run out of inodes. A solution could be to investigate how the system was handling session files but the internal workings of the site was outside of my responsibility. Another solution was to increase inodes but this will be a temporary solution.

The solution chosen was to create a garbage collection routine for the site in question, that deleted session files older than x days. The oldest session files was over 4 years old. The decision was to delete all session files older than a month (30 days), causing visitors who logged in, or had their preferences set, for more than a month ago had to re-login or set their preferences again on their next visit to the site. This was accomplished by the following command (which is run by cron every night):

find /var/www/somedomain.com/web/var/session/ -type f -mtime +30 -exec rm {} \;

Stefan Helander

Cron scripts in /etc/cron.daily not running

/0 Comments/in /by

If you put a script to be run by cron in cron.hourly, cron.daily, cron.weekly or cron.monthly but they won’t run, make sure that they:

  • Are chmod +x
  • Are owned by the correct user (like root:root)
  • Start with #!/bin/sh or the corresponding shell used to execute them
  • The filename doesn’t contain any dots, like a script name ending in .sh will not execute

You can also execute the command to verify that your script will be run:

run-parts –test /etc/cron.daily

Stefan Helander

PrestaShop PHP error Cannot redeclare class BlowfishCore on Ubuntu 14.04 server [solution]

/0 Comments/in /by

Edit /etc/php5/cgi/conf.d/05-opcache.ini. Add:

opcache.enable=0
opcache.enable_cli=0

Stefan Helander

Ispconfig3 on Ubuntu 12.04 upgrade to 14.04

/0 Comments/in , /by

Upgrading a system running Ispconfig3 on Ubuntu 12.04 (LTS) to 14.04 is quite straight forward. However there are some issues to consider before doing so. It might affect some of the sites that are being hosted.

  • Ubuntu 14.04 will move you from Apache 2.2 to 2.4
  • php will be upgraded from 5.3 to 5.5. Most modern CMS:es like Joomla and WordPress will run on php 5.5 but clients can be using other software or third party extensions that are not ready for php 5.5

Upgrade procedure:

  • Backup, backup and backup. And do some backup again.
  • Prepare your users for some downtime. The upgrade can take up to several hours depending on your server.
  • Upgrade all installed packages so you have the latest versions;
    apt-get update
    apt-get upgrade
  • Then run do-release-upgrade
  • During the upgrade process you probably will be prompted several times about configuration files that have been locally modified. I usually examine the differences using D option and in most cases I select to install the new configuration file using Y option.
  • After Ubuntu has been upgraded and the system has been rebooted you must reconfigure Ispconfig3. I did it by using the update procuedure even though I was running the latest Ispconfig before I upgraded Ubuntu:
    cd /tmp
    wget http://sourceforge.net/projects/ispconfig/files/ISPConfig%203/ISPConfig-3.0.5.4p5/ISPConfig-3.0.5.4p5.tar.gz
    tar xvzf ISPConfig-3.0.5.4p5.tar.gz
    cd ispconfig3_install/install
    php -q update.php
  • Allow Ispconfig3 to reconfigure your services
  • In my case Apache2 wouldn’t start after the upgrade. It was caused by the ruby module and since I don’t use it my simple solution for the moment was just to disable it:
    a2dismod ruby
    service apache2 restart
  • php imap extension had been disabled, so to fix it:
    php5enmod imap
    service apache2 restart
  • If you are hosting PrestaShop sites, you may need to disable php opcache described here or disable encryption by issuing the SQL command: UPDATE `ps_configuration` SET `value` = ‘0’ WHERE `name` = ‘PS_CIPHER_ALGORITHM’;
  • Apache2 configuration files has been moved from /etc/apache2/conf.d to /etc/apache2/conf-availible directory. Then to enable them you need to symlink the configuration file from /etc/apache2/conf-availible to /etc/apache2/conf-enabled and issue the command: service apache2 restart
  • You might experience problems with Postfix after the upgrade with log entries like fatal: no SASL authentication mechanisms and mail not being sent from the mailqueue. In that case:
    apt-get install sasl2-bin
    edit /etc/default/saslauthd and set START=yes
    /etc/init.d/saslauthd start
    service amavis restart
    service postfix restart
    I also had to comment out two lines in /etc/postfix/main.cf:
    #smtpd_sasl_path = private/auth
    #smtpd_sasl_type = dovecot
    And then do:
    service postfix restart

 

Stefan Helander

Ispconfig3 site cron not executing

/0 Comments/in , /by

When setting up a website in Ispconfig3 I wanted to run a cron job (shell script) for the site (setup under Sites -> Cron jobs) but the job did not execute. When examining the /var/log/auth.log I found lines like these:

Mar 22 10:31:01 servername jk_chrootsh[28726]: abort, homedir ‘/var/www/clients/client6/web284’ for user web284 (5015) does not contain the jail separator <jail>/./<home>

Mar 22 10:31:01 servername jk_chrootsh[28725]: abort, homedir ‘/var/www/clients/client1/web283’ for user web283 (5014) does not contain the jail separator <jail>/./<home>

The solution was to just add a dummy ssh user (using Jailkit as Chroot shell) in Ispconfig3 for the website.
I haven’t verified but I suspect the issue could be caused by the fact that the system originally was set up under Ubuntu 12.04 (LTS) and recently I did a do-release-upgrade to Ubuntu 14.04.
Stefan Helander

Ubuntu 12.04 hangs in different stages of the boot sequence

/0 Comments/in /by

A server I am maintaining stopped during boot on the "Stopping userspace bootsplash" or "Configuring network interfaces". If Ctrl-Alt-Del was pressed the machine rebooted so it was not completely stuck. I tried booting in rescue mode and checked the /etc/network/interfaces syntax but no problem visible there.

The solution was quite simple. Boot in rescue mode and select package repair. After repairing my packages the machine was rebooted, then fsck was ran automatically (which took quite a while). After that the machine booted normally.

 

Stefan Helander

Install Ubuntu 14.04 on Samsung Ultrabook Ativ Book 9

/5 Comments/in /by

To install Ubuntu 14.04 on a Samung Ultrabook Ativ Book 9, this is how to do it.

I decided to keep the factory installed Windows 8.1 beside my Ubuntu install using dual boot. Thanks to enrish for the basic info. I found out there is no need to shrink the Windows 8.1 partition as long there is space enough for Ubuntu. The Ubuntu installation will do this for you. Before you do anything – make sure you have a backup as usual. If you decide not to keep the Windows 8.1 install, do keep the recovery partitions. No need to install any screen drivers, Ubuntu worked out of the box.

  1. In WIndows, run the Samsung Update Utility and update everything including BIOS/firmware.
  2. In Window Control Panel go to Power options and click on Choose what the power button does. Click on Change settings that are currently unavailable then scroll down and deselect Turn on fast startup (source http://askubuntu.com/questions/221835/installing-ubuntu-on-a-pre-installed-windows-8-64-bit-system-uefi-supported). Restart your system.
  3. When booting, press F2 to enter the setup.
  4. In the Boot section, disable Fastboot
  5. Insert the USB flash drive with Ubuntu ISO (prepared with create startup disk on another computer). 
  6. Configure boot device order, setting the flash drive to be the first option.
  7. Save and reboot. Now the system should be booting on the flash drive.
  8. Select to Install Ubuntu. During installation Ubuntu will recognize that you have Windows 8.1 installed and you have the option to install Ubuntu beside the Windows 8.1. The Ubuntu install will shrink the Windows 8.1 partition to make room for Ubuntu. By dragging the vertical bar you can decide how large the partitions for Windows vs Ubuntu should be. Continue installing Ubuntu as usual.
  9. After installing Ubuntu, unplug the flashdrive and when booting, press F2 and enable Fastboot again.

 

Stefan Helander

Disable 802.11n on Compaq 6910p with iwl4965 in Ubuntu

/1 Comment/in , , /by

I’ve found out that the 802.11n high speed wifi / wlan mode (300 Mbps theoretically) tends to cause more harm than good, i.e. the performance in many, especially crowded, wifi environments will be really poor and it is a better option to turn it off.

My Compaq 6910p laptop comes with an Intel Wireless WiFi Link 4965AGN chipset. The 802.11n mode can be disabled making it fall back to only use 802.11a/b/g modes casuing the connection to be much more stable and often the overall bandwidth will be better.

To check if your chipset is running with 802.11n enabled, enter the command:

sudo iwconfig wlan0

The output will look something like this:

wlan0     IEEE 802.11abgn  ESSID:"XXXXXX"
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:0C:F6:82:90:28
          Bit Rate=14.4 Mb/s   Tx-Power=15 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=51/70  Signal level=-59 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:66  Invalid misc:36   Missed beacon:0

If the first line says 802.11abgn your chipset has 802.11n activated.

To disable 802.11n mode do the following:

sudo modprobe -r iwl4965
sudo modprobe iwl4965 11n_disable=1

This will disable 802.11n until next reboot. Now check again with sudo iwconfig wlan0 and the output should display the first line without the “n” after 802.11, like this:

wlan0     IEEE 802.11abg  ESSID:”XXXXXX”
          Mode:Managed  Frequency:2.462 GHz  Access Point: 00:0C:F6:82:90:28
          Bit Rate=54 Mb/s   Tx-Power=15 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=46/70  Signal level=-64 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:7  Invalid misc:485   Missed beacon:0

If you want to make this change permanent, i.e. always disable 802.11n, do the following:

sudo echo "options iwl4965 11n_disable=1" >> /etc/modprobe.d/iwl4965.conf

After rebooting, verify using sudo iwconfig wlan0 that 802.11n is not enabled.

 

Stefan Helander

Fix the Heartbleed Bug on Ubuntu

/0 Comments/in /by

OpenSSL on Ubuntu can be vulnerable to the Heartbleed Bug. Not all versions of OpenSSL are affected though. 

OpenSSL version 1.0.1 to 1.0.1f are vulnerable.
OpenSSL version 1.0.1g are not vulnerable.
OpenSSL branches 1.0.0 and 0.9.8 are not vulnerable.

To fix this issue on Ubuntu systems: 

Check your OpenSSL version to see if it is vulnerable to the bug:

openssl version

If it says 1.0.1 check the build date:

openssl version -b

If it says anything before Apr 7 2014 you need to update OpenSSL. Proceed as follows:

sudo apt-get update
sudo apt-get install openssl
sudo apt-get install libssl1.0.0

Now verify that you are running the updated OpenSSL libraries:

openssl version
openssl version -b

The build date should now come out Apr 7 2014 or later.

Now you need to regenerate your SSL certificates as they might been compromised. A guide can be found here: https://www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-12-04
 

 

Stefan Helander

Remmina on Ubuntu 12.04 problem to connect to Windows 7 with RDP ‘Unable to connect to RDP server’

/0 Comments/in /by

Suddenly I couldn’t connect to my Windows 7 machine by RDP using Remmina on Ubuntu 12.04. It had worked before and suddenly stopped working. The error message displayed was ‘Unable to connect to RDP server’. Other RDP connections worked fine.

For some reason the problem was solved by editing the file ~/.freerdp/known_hosts and deleting the line with the server having the problem. When connecting again I was asked to accept the certificate and now the RDP connection worked again.