RSSAll Entries in the "Server Management" Category

undefined symbol: xmlTextReaderSetup error in Plesk

A quick one, about an issue that appears after Plesk upgrade to 10.4 version on I686 CentOS or RedHat.

It seams libxml2.so is not ok for the new sw-engine, and after the upgrade, there is “Internal server error 500”
And typical error in the sw-wngine log:

/usr/bin/sw-engine-cgi: symbol lookup error: /usr/bin/sw-engine-cgi: undefined symbol: xmlTextReaderSetup

The soliton is to remove manually the ingine:

#rpm -qa | grep sw-en
sw-engine-2.3.1-201410061604.rhel5
#rpm -e sw-engine-2.3.1-201410061604.rhel5 –nodeps

Then download the appropriate one from http://autoinstall.plesk.com/

In my case it was:


#wget http://autoinstall.plesk.com/PSA_10.4.4/dist-rpm-RedHat-el5-i386/contrib/sw-engine-2.3-201111031617.rhel5.i386.rpm

Then you may need to fix some apache configuration issues:

#/usr/local/psa/admin/bin/websrvmng -av

That is all.

Tags

Ubuntu Remote Desktop – multiple users

When I got my new dedicated server setup with Ubuntu server 12.04 LTS, I wanted to use it both for website hosting and multiple users remote desktop work.
It took me some time to arrange all the steps to have the above completed, and as far as the hosting part was pretty easy, the multiple Ubuntu users desktop setup needed some jugs of coffee before start working as I wanted it.

So, I presume you have logged in to your server with some user already, so we will stat with updating the system:

Next, as I want all Gnome desktop features, will install it completely with:

Unity looks fancy, but I want the old Gnome panel, and I do not need “compiz”, so:

Next what we need is a VNC server.

The tricky part here is that you have to create several configuration files for the Ubuntu Remote Desktop user. This is really time consuming if you have to read all the settings and creating the files by yourself.

It is more easy to start the VNC server which will create the files automatically:

You will be asked for a password so enter it, and then kill the server as we have to make some configuration changes:

Edit the xstartup configuration file:

And make it looks like this:

Now you can start the vnc server with this:

Certainly you can change the settings if you want different Remote Desktop geometry.

Now use your preferred VNC client – http://remmina.sourceforge.net/ (Linux) and http://www.tightvnc.com/download.php (Windows) are my suggestions – and connect to the Ubuntu Remote Desktop server using x.x.x.x:2 as (:2) is the number of display used to run for the client. If you have more than one running you should use different number at the end.

As I saying different desktops, I am going to add another user to my Ubuntu Remote Desktop server.
For this I will need to repeat the above steps for creating (and starting) the VNC profile for each user. This one is not yet automatically implemented, but it is not a big deal.
First I will add another user:

Complete the several steps for creating the user which is including creating the password and user personal information.
(A little trick when you want to add user with administrative privileges is to type the command as : adduser admin
)
Then start the VNC server once to create the VNC password:

Open VNC startup file for the ‘newuser’

And paste the same configuration as for the first user:

Save the file and start the service

Now using VNC client you can connect to the new user Desktop as going to x.x.x.x:3 address.

The next step is to automate a little bit the start-up precess for these Ubuntu Remote Desktop users. Otherwise you have to start vnc4server for each user when the server is rebooted.

So, switch to root (it is just more easier) and then create vncserver folder and create file as vncservers.conf:

Inside put the following massive:

Where ‘user’ is the main user you are dealing with (the one we configured VNC for initially) and ‘newuser’ which is the second user are we have created. If you have more users created and the above steps for settings passwords and vnc4srver start-up completed, add more lines accordingly wit (:4),(:5) etc. screens.

Then create startup script for VNC server as:

And put the following lines inside:

Make the script executable, and add it to the startup scripts:

Now:

And all added users in /etc/vncserver/vncservers.conf will be able to connect via Remote Desktop.

Certainly make sure VNC ports are anebled on the firewall.

Also take in mind that VNC is alsways better to be combined with SSH tunnel as its encryption and vulnerability issues are well known.

Tags

ProFTP – Fatal: error processing configuration file ‘/etc/proftpd.conf’

This is quick one how to fix issue with ProFTPD returning this error:

Simply run :

And the issue sould be resolved.

Tags

GPG error NO_PUBKEY

This quick tutorial is to show you how to fix bad GPG key or missing(deleted )GPG key on a Debian-like system.
Usually the next error appears when you try to install application or update OS with apt-get update:

GPG error: http://linux.dell.com Release: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY AS4433E25E3D7775

Simple resolution can be performed with the following two lines:

Take in mind to change the key with the one from your error.

Tags

Can not include OpenSSL headers files.

Today I had question about “..why since I have OpenSSL installed and working fine with other services, I receive such message(the bellow one) when I am trying to compile something..”

The answer is because the application you are trying to compile manually requires “openssl-devel.x” package installed. It includes files for development of applications which will use OpenSSL.
So according to your OS you should use either yum, apt-get or gpg to install it.
In my example I am trying to compile on CentOS 32 bit, so I will use yum like that:

So the next time when I try to compile my application, Openssl headers files will be there:

Tags

Set scheduled task Windows 2008

This will be basic tutorial about how to set scheduled task in Windows 2008.

First go to the Administrative Tools – Task Schedule.

 

 

Windows 2008 Scheduled tasks location

 

Once opened, you will see the Task Scheduler window. If it is not something special, you can just create basic task on your Windows 2008. Just click on the link located at right filed under actions.

 

Create basic task in the task scheduler

 

The very first step will be to set scheduled task description :

 

new task description

 

The next one will be to choose scheduled task trigger :

Scheduled Task Trigger

Windows 2008 Task Scheduler has the following trigger options you can choose from: Daily, Weekly, Monthly, One time, When the computer starts, When I log on, When a specific event is logged. All of them are self-explainable so pick the one you need. In my case the scheduled task will be on daily basis.

windows 2008 scheduled task trigger

Choose the time-frame you want the task to be executed, and then click Next for the scheduled task action:

task action

I will start simple script which will restart IIS using “iisreset” command.Use the browse button to locate the application or the script you want to be scheduled.

execute command scheduled task

The next will be to finish the task setup.

finish task configurationHere you will see the task summary, and will add the task to the Windows 2008 task schedule .

Tags

Generate SSL key and CSR with OpenSSL

It is really easy to generate SSL key and CSR using OpenSSL, and the next several steps will guide you trough the process.

If you are on Linux server, OpenSSL can be downloaded from here: OpenSSL source – or you can use your package management software like YUM install or apt-get. For Windows users, you can use: Win32OpenSSL.

Once you have OpenSSL installed, we can generate SSL certificate key

The following will appear:

The above command will generate SSL key using ‘-rand’ option with few big files for sources and 2048 encryption. The reason of using some big files with ‘-rand’ option is because there are no absolute random generation with computers – but that is different story. Recently the minimum allowed encryption by the SSL issuers is 2048 bits so make sure you will generate your key with this number or with 4096 bit SSL key.

There is another command which can be used :

After executing it, the output will be:

When you generate SSL key with this command will require password, which is good when the key is transported, but once set on a Web Server it will ask for a password every time it is restarted. If you have chosen this method, the next command will remove the SSL key password.

If you open the SSL key file it should be similar to this one:

Now to generate CSR from a key use OpenSSL with this options:

You will be asked few questions for the certificate:

When you are ready with the CSR information, and you open the CSR file, it should look similar to this:

Now provide the CSR to a certificate issuer and wait for the SSL approval message.

Most SSL issuers have service that relies upon the Subscriber or the Subscriber’s authorized administrator to approve all certificate requests for all hosts in the domain. It is important that you will select a correct authorized administrator email. By selecting an authorized administrator, you warrant to the certificate issuer that the individual is authorized to approve the request. The request for SSL server certificate will not be processed beyond this point if you select an incorrect email address.
This part is important and it is a part of the SSL certificate issue process. Its purpose is to avoid someone else to have a certificate issued for your domain.

Be peppered with the following allowed e-mails:
Registered Domain Contacts – This is when the SSL issuer has successfully obtained domain contacts for this domain from the domain registrar. This will be the

Alternate Approval Email Addresses can be used, but you must make sure that such e-mail account has been set up and is available before you provide the CSR, or the approval email will not be delivered.

Level 2 Domain Addresses as bellow are allowed:

Level 3 Domain Addresses as bellow are allowed:

Once you have received and approve the SSL certificate, it will be sent to you and you can install it on your web server.

Tags

PHP relocation error

This will be quick tutorial about how to fix PHP relocation error like this one: php: symbol zlibVersion , version libmysqlclient_16 not defined in in file libmysqlclient.so.16 with link time reference. Instead php: relocation error: php: symbol zlibVersion the error could be php: relocation error: php: symbol crc32.

This is an example and the issue could happen with any shared library not only with libmysqlclient.so .

As per the error message the library version is not matching so we have to check the shared library dependencies. This can be done with tool called ‘ldd’ which prints the shared library dependencies. In this case we will check PHP for “libmysqlclient” so the command should be like this:

Or if for some reason the PHP binary is located elsewhere:

The output should be similar to this one:

Let’s check the file:

In my case this is a symbolic link to the library in the same folder:

Now let’s check if this file exist in another place.

My output is:

So there are two libraries, and now we have to check where is the missing symbol – for example zlibVersion. For that will use ‘nm’ command lists symbols from object files. Let’s try the current linked file:

The output is:

So it seams there are no symbols in this library.

With the other file:

The output is:

Which seams better.

Now I will just remote the current link:

And will create a new one with the library that contains the symbol:

This should resolve the case, and the php: symbol zlibVersion , version libmysqlclient_16 not defined in in file libmysqlclient.so.16 with link time reference error was solved.

Tags

Extract certificates from P7B

P7B extract to certificatesThis will be quick tutorial about how to convert P7B to certificate. Actually we will extract certificates from PKCS #7 file using OpenSSL.
Here I have to mention one issue which is really often met and it is with the beginning and the end of the certificate provided. It depends on the OpenSSL version, but for now if the beginning and the end of the certificate are like:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
will lead to the following error when you try to extract the SSL certificates:
error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:644:Expecting: PKCS7 .
Let’s examine P7B certificate to see how to avoid such error.

 

Your certificate could be much longer as digits, but I put […] to shorten the listing on mine. Anyway if your certificate has the same beginning and end, you should change it to:

I have changed:
—–BEGIN PKCS #7 SIGNED DATA—-
and
—–END PKCS #7 SIGNED DATA—–
to
—–BEGIN PKCS7—–
and
—–END PKCS7—–
in order to accommodate the OpenSSL “Expecting: PKCS7

Now we can run the OpenSSL command which will extract PKCS7 certificates from the P7B file .
Note: this command works for both Linux and Windows machines with installed OpenSSL.

The output which prints the stored in the p7b file certificates will be similar to this one:

All this certificates will be stored into the pem.cer file as per the example. The first one is the certificate itself and the following two are CAs signing the certificate.

Another useful option is if you want to merge SSL certificate and key into PFX file

Tags

How to disconnect (kick out) other SSH users

In this tutorial I will talk about how to disconnect SSH user from Linux remote server.

This is useful when you have stuck SSH connections or there are suspicious IPs connected to the server. If your case is the second one you may kick out the hacker from the server, but even disconnected he may have setup already backdoor or application that will return the connection to him. Anyway the first step will be to kill sshd processes serving other connection but yours.

First you will have to login to the Linux server via SSH – if you are not aware how just click on the link.

Once logged in list all current users on the server using ‘w’ command – simply type:

This will list all users on the Linux box like this:

List logged users Linux

As you can see there are several users currently logged in, and to discover which one is yours can be done comparing your IP address, what is currently doing as well as the time – for how long the users is on the server.If you are just logged in your time will be the current one on the server.

To list which user which TTY(pts) is using we have to use the Linux ‘ps’ command with extended output like this:

The output will show which “sshd” service running for which ‘pts‘ stands:

List sshd processesNow I want to kick off Linux user with pts / 4 marked on the image, and for that I will use Linux ‘kill’ command.

This will send kill signal to process 6702 which is the number for the “sshd” service with pts / 4 running on the server.
After you have executed this command try the ‘w’ command to see if the user is still logged in.

Tags