bind is a DNS server.
To check bind configuration for errors, run
named-checkconf -z /etc/named.conf
if chroot
named-checkconf -z -t /var/named/chroot /etc/named.conf
To see open files in linux use the command
lsof
There is a limit set in the kernel on how many open file descriptors are allowed on the system. This may be compiled in, or it may be tunable on the fly. In Linux, the value of this parameter can be read from and written to the proc filesystem.
[root@server50 home]# cat /proc/sys/fs/file-max 131072 [root@server50 home]#
On this system 1,31,072 open file descriptors are permitted. We are unlikely to run out. If we wanted to change it, we’d do something like this:
echo "132096" > /proc/sys/fs/file-max
But how do we know how many file descriptors are being used?
[root@server1 ~]# cat /proc/sys/fs/file-nr 1792 0 131072 | | | | | | | | maximum open file descriptors | total free allocated file descriptors total allocated file descriptors (the number of file descriptors allocated since boot)
lighttpd server crashes with fllowing error in error_log file.
2019-11-05 09:39:02: (network_linux_sendfile.c.143) open failed: Too many open files 2019-11-05 09:39:02: (connections.c.603) connection closed: write failed on fd 1228 2019-11-05 09:39:02: (response.c.537) file not found ... or so: Too many open files /4032/1_451.jpg ->
As lighttpd is a single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems).
If you are running a high-traffic site you might want to increase this limit by setting server.max-fds.
server.max-fds = 8192
[root@server22 lighttpd]# cat /proc/sys/fs/file-nr 4544 0 95873 [root@server22 lighttpd]#
Related Posts
On a server, df not showing all mounts
root@server20 [~]# df -h Filesystem Size Used Avail Use% Mounted on tmpfs 3.9G 0 3.9G 0% /dev/shm root@server20 [~]#
This is caused by corrupt /etc/mtab
To fix
mv /etc/mtab /etc/mtab.old cat /proc/mounts > /etc/mtab
See df
df command shows partitions and disks used by each partition.
root@server54 [~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 450G 380G 47G 90% / /dev/sda1 99M 11M 83M 12% /boot tmpfs 2.0G 0 2.0G 0% /dev/shm /dev/sdb1 458G 390G 46G 90% /backup /usr/tmpDSK 485M 63M 397M 14% /tmp root@server54 [~]#
To see partitions alone with Type, use
df -hT
1. Logical volume ‘home’ as created and mounted. Reduce its size to ‘192M’ (size from 185M to 200MB is acceptable)
# lvdispaly # umount /dev/vgsrv/home # e2fsck -f /dev/vgsrv/home # resize2fs /dev/vgsrv/home 192M # lvcreduce -L 192M /dev/vgsrv/home # mount /dev/vgsrv/home # lvdisplay # lvdisplay # umount /dev/vgsrv/home # lvextend -L 256M /dev/vgsrv/home # e2fsck -f /dev/vgsrv/home # resize2fs /dev/vgsrv/home 256M # mount /dev/vgsrv/home # lvdisplay
2. Add a group sysmgrs
Add a user Natasha such that user’s secondary group is sysmgrs.
Add a user harry such that user’s secondary group is sysmgrs.
Add a user sarrah, who has no interactive shell, and not belongs to the group sysmgrs.
Set password of Natasha, harry and sarrah to lotawens.
# groupadd sysmgrs # useradd -G sysmgrs Natasha ( We can verify the newly created user by cat /etc/passwd) # useradd -G sysmgrs harry # useradd -s /sbin/nologin sarrh # passwd Natasha # passwd harry # passwd sarrah
3. Configure FTP access on your virtual machine to allow permission for anonymous user.
If yum not configured; # cd /etc/yum.repos.d # vim domain70.repo [domain70] baseurl= enabled=1 gpgcheck=0 :wq! # yum clean all # yum update all # yum install vsftpd* # yum install ftp # ftp ip User: anonymous Password:If logging successfully, do the last steps; If not, the below mentioned files and make changes. # vim /etc/vsftpd/vsftpd.conf # vim /etc/vsftpd/ftpusers # vim /etc/vsftpd/user_list And try again # service vsftpd restart # chkconfig vsftpd on
4. Make a collaborative directory /a/b and set the permission as
Group ownership of /a/b is sysmgrs
The directory should be readable, writable and accessable to members of sysmgrs, but not to any other user. ( it is undershould that root has access to all files and
directories on the system)
Files created in /a/b automatically have group ownership set to the group sysmgrs.
# mkdir -p /a/b # chgrp sysmgrs /a/b # chmod 2770 /a/b
5. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that,
The file /var/tmp/fstab is owned by the root user
The file /var/tmp/fstab is belongs to group root
The file /var/tmp/fstab is should not be executable by anyone
The user natasha is able to read and write /var/tmp/fstab
The user harry can neigher write not read /var/tmp/fstab
All other users (current or future) have the ability to read /var/tmp/fstab
# cp -a /etc/fstab /var/tmp # cd /var/tmp # ls -l # getfacl /var/tmp/fstab # chmod ugo-x /var/tmp/fstab [ No need to do this, there won't be execute permission for the file by default] # setfacl -m u:natasha:rw /var/tmp/fstab # setfacl -m u:harry:0 /var/tmp/fstab (zero) [Read permission will be there for all the users, by default. Check it using ls -l /var/tmp/fstab] Verify by [ ls -la /var/tmp/fstab]
6. set cronjob for user natasha to do /bin/echo hiya at 14:23
# crontab -e -u natasha 23 14 * * * /bin/echo hiya :wq!
7. host.domain70.example.com shares remote users. Configure ldap such that ldapusers has no home directory until we do automounting.
baseDN: dc=domain70, dc=example, dc=com
Certificate: ftp://host.domain70.example.com/pub/EXAMPLE-CA-CERT
Username: ldapuser70
Password: password
# system-config-authentication LDAP user DN=dc=domain70,dc=example,dc=com Server=host.domain70.example.com Certificate= ftp://host.domain70.example.com/pub/exam-crt ( enter url carefully, there maybe // or ..) LDAP password OK starting sssd # su -ldapuser70 Display Bash prompt #exit
8. configure NTP with that of rhcert.domain70.example.com
# system-config-date Delete old server names and add given server name Advanced Tick speedup #exit
9. Implement a web server for the site http://station.domain70.example.com/ then perform the following steps:
Download ftp://rhcert.domain70.example.com/pub/rhcsa/station.html
Rename the download file to index.html
Copy this index.html to the Document root of your web server.
DO NOT make any modifications to the content of index.html
# yum install httpd # cd /var/www/html # wget ftp://rhcert.domain70.example.com/pub/rhcsa/station.html # mv station.html index.html 990th line : remove '#' Remove '*' and add IP address: Eg Name VirtualHost 172.40.70.12 1003rd line copy 7 lines and paste below that itself. (last 7 lines) Remove # of all lines Ist line : remove * and add ip3rd line Document Root /var/www/html 4th line server name station.domain70.example.com :wq! #service httpd restart # chkconfig httpd on check site http://station.domain70.example.com/
10. Install the appropriate Kernel update from ftp://domain70.example.com/pub/updates/ The following criteria must also be met:
The updated kernel is the default Kernel when the system is rebooted.
The orginal kernel remains available and bootable on the system.
# ftp rhcert.domain70.example.com Anonymous login ftp> cd /pub/updates ftp> ls ftp> mget kernel* ftp> bye # rpm -ivh kernel* # vim /etc/grub.conf Check the updatted kernel is the first kernel and the orginal kernel remains available. set default=0 :wq!
11. Configure autofs to automount the home directories of ldapusers host.domain70.example.com NFS-exports /rhome to your
machine. ldapuser70’s home directory should be automounted locally beneath /rhome/ldapuser7-. Home directores must be writable by thier users.
User: ldpauser70
Password: password
# vim /etc/auto.master /rhome /etc/auto.misc :wq! # vim /etc/auto.misc ldapuser70 --rw,sync host.domain70.example.com:/rhome/ldpauser70 :wq! #service autofs restart # service autofs reload # chkconfig autofs on # su -ldapuser70 Login ldapuser with home directory # exit
12. Create a swap partition of 754 MB size. Do not make any change to the existing swap partition
# fdisk -l # fdisk -cu /dev/vda p n e or p select e default (first): enter default (last): enter n default(first): enter default(first): +754M t(1-5) l: 82 p w #reboot #mkswap /dev/vda5 # vim /etc/fstab /dev/vda5 swap swap defaults 0 0 :wq # mount -a # swapon -a # swapon -s
13. Add a user manlo with uid 1353. Set his password as lotawens
# useradd -u 1353 manlo # passwd manlo # su - manlo
14. Locate all files and directories of user jacques and copy it to /root/findfiles
OR locate the files of owner “dax” and copy to the directory /root/founddirectory
OR Find files in your system which is owned by andrew user & save on /backup/somefile.
# find / -user jacques > /root/findfiles ( if /root/findfiles is a file)
# mkdir -p /root/findfiles
# find / -user jacques -exec cp -a {} /root/findfiles\; [ if /root/findfiles is a directory ]
15. Find all lines contain a string loop in a file /etc/grub.conf copy it to /root/list. Don’t leave a free line in /root/list
grep loop /etc/hosts > /root/list
16. Create a device:
Logical volume qa with 60 extents.
Volume group qagroup with 16MB extent size.
Mount it permanently under /abc with file system ext3
# fdisk -l # fdisk -cu /dev/vda n default(first) default(last): +1000M (since 60 extents of 16M = 16*60=960MB lvm; So physical volume > 960MB) t(1-6):6 l:8e p w # reboot(init6) # pvcreate /dev/vda6 # vgcreate -s 16M qagroup /dev/vda6 # lvcreate -l 60 -n qa qagroup # mkfs.ext3 /dev/qagroup/qa # mkdir /abc # vim /etc/fstab /dev/qagroup/qa /abc ext3 defaults 0 0 :wq # mount -a
When installing a program in Ubuntu 18.04 server minimal installation, i get following error
debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76.) debconf: falling back to frontend: Readline
To fix this, run
apt -y install whiptail
OR
apt -y install dialog
Related Posts
Unbound is an Open source DNS caching and recursive resolver. You can find more about unbound at
https://nlnetlabs.nl/projects/unbound/about/
To install unbound on Ubuntu/Debian, run
apt install unbound
To start unbound
systemctl start unbound
Set unbound to start on boot
systemctl enable unbound
To configure your server to use local name servers provided by unbound, edit file
vi /etc/resolv.conf
Add
nameserver 127.0.0.1
See dns
To auo start x11vnc with supervisord, first install x11vnc and supervisord
apt -y install supervisor x11vnc
Create a password file
x11vnc -storepasswd YOUR_SECRET_PW /etc/vncsecret
Replace YOUR_SECRET_PW with whatever password you want to use.
Create supervisord unit file
vi /etc/supervisor/conf.d/x11vnc.conf
Add following content
[program:x11vnc] priority=200 command=/usr/bin/x11vnc -rfbauth /etc/vncsecret -display :0 -xkb -noxrecord -noxfixes -noxdamage -wait 5 -shared user=USERNAME_HERE autorestart=true autostart=true redirect_stderr=true
Replace USERNAME_HERE with actual user name used to login to system.
Enable supervisior
systemctl enable supervisor
You can use following commands to interact with supervisord
supervisorctl restart all supervisorctl reload supervisorctl status
See vnc
On CentovaCast server, icecast is run as user ccuser, to run icecast, you need to enable shell for this user. By defult, this user have shell access disabled.
ccuser:x:1001:1001::/usr/local/centovacast:/bin/false
running icecast manually maybe useful when you want to debug some issue with icecast.
To enable bash shell for user, run
chsh --shell /bin/bash ccuser
Login as user ccuser
su - ccuser
Now start icecast with
/usr/local/icecast/bin/icecast -c /usr/local/centovacast/var/vhosts/USER_HERE/etc/server.conf
Beofore you manually start icecast from terminal, make sure you stop icecast by logging into user in Centova Cast control panel.
See Centova Cast
CentovaCast Enable SSL on icecast
How to install icecast KH on CentOS 7 Server
Autostart icecast using systemd
Enable SSL for icecast steam using nginx
To run icecast server
icecast -c server.conf