Category: Linux

  • nf_conntrack: table full, dropping packet

    On a CentOS server, i get following error in /var/log/messages

    Jan 17 03:40:02 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet
    Jan 17 03:40:03 ss1 kernel: nf_conntrack: table full, dropping packet

    This is because the server is getting too much connections. This can be due to a busy server or DDoS attack.

    if you traffic is legit, you can increase maximum connection tracking.

    To see current value, run

    cat /proc/sys/net/netfilter/nf_conntrack_max

    To set value, run

    echo 64000 > /proc/sys/net/netfilter/nf_conntrack_max

    Change 64000 with your desired value.

    You can also use sysctl, for example

    sysctl -a | grep nf_conntrack_max

    To set value, run

    sysctl -w net.netfilter.nf_conntrack_max=120000

    To make it permanent, edit 

    vi /etc/sysctl.conf

    Add 

    net.netfilter.nf_conntrack_max=120000

    Now run

    sysctl -p

    See sysctl

  • lsof

    To see all Open files

    lsof

    To see all network activity

    lsof -i

    See the connections on port 80

    lsof -i :80

    To see all files opened by a process

    lsof -p PID

    To see all files opened by a process and refresh it every 5 seconds, run

    lsof -p PID_HERE -r 5

    See Linux Commands

  • Install PHP 7.2 on CentOS from yum

    First you need to install Remi repository

    https://rpms.remirepo.net

    Enable epel repo with

    yum install epel-release -y

    On CentOS 7

    rpm -ivh https://rpms.remirepo.net/enterprise/remi-release-7.rpm

    On CentOS 6

    rpm -ivh https://rpms.remirepo.net/enterprise/remi-release-6.rpm

    Enable PHP 7.2

    yum install yum-utils
yum-config-manager --enable remi-php72

    To install PHP, run

    yum install -y php php-bcmath php-cli php-common php-devel php-gd \
    php-imap php-intl php-json php-ldap php-lz4 php-mbstring php-mysqlnd \
    php-soap php-intl php-opcache php-xml php-pdo

    Downgrading PHP version

    if you ever want to change PHP version, lets say PHP 7.0, do the following. Remove current PHP

    rpm -qa | grep php | xargs yum remove -y

    Disable PHP 7.2 repo.

    yum-config-manager --disable remi-php72

    Enable PHP 7.0 repo

    yum-config-manager --enable remi-php70

    Now install PHP as above.

    PHp Binary

    PHP cli will be installed in /usr/bin/php72, you can create a symlink if you want.

    PHP-FPM

    To install php-fpm module, run

    yum install php72-php-fpm -y

    To start php-fpm, run

    systemctl start php72-php-fpm

    See CentOS, php

  • CentOS

  • haproxy

    To install haproxy on Ubuntu, run

    apt install haproxy

    Haproxy config file is located at

    /etc/haproxy/haproxy.cfg

    Enable HTTP_X_FORWARDED_FOR in Haproxy
    Show X-Forwarded-For IP in Apache
    Haproxy Site With SSL
    Enable SSL in Haproxy Docker Container

  • chrome

    Good Plugins

    Some of the special URLs/settings pages

    chrome://settings/content
chrome://plugins
chrome://net-internals/#events
chrome://net-internals/#dns

    Configure Socks Proxy with google chrome

    google-chrome --user-data-dir=/mnt/data/chrome-profile/sok-vpn --class=sok-vpn --proxy-server="socks5://127.0.0.1:7373" --proxy-bypass-list="<local>,127.0.0.1,*.test" --host-resolver-rules="MAP * ~NOTFOUND , EXCLUDE 127.0.0.1"

  • Install Google Chrome on CentOS 7 64 bit

    To install Google Chrome on CentOS 7 (Chrome won’t work on CentOS 6 as it is using older version of libraries required for Chrome).

    First create repo file

    vi /etc/yum.repos.d/google-chrome.repo

    Add following content

    [google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=1
gpgcheck=1
gpgkey=https://dl-ssl.google.com/linux/linux_signing_key.pub

    Now you can install google chrome with command

    yum -y install google-chrome-stable

    See CentOS

  • screen

    screen allows you to run commands in the remote server even after you disconnect.

    disconnect from a session

    Press

    CTRL + A, then press CTRIL +D in quick succession.

    You can also close the terminal, the screen session will continue in the background.

    screen -lsList all available screen sessions
    screen -rReconnect to a disconnected screen session

  • OVH VPS Configure failover IP in Ubuntu

    On Ubuntu

    Default config look like

    root@zecurecode:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# Source interfaces
# Please check /etc/network/interfaces.d before changing this file
# as interfaces may have been defined in /etc/network/interfaces.d
# See LP: #1262951
source /etc/network/interfaces.d/*.cfg

root@zecurecode:~#

    /etc/network/interfaces.d/50-cloud-init.cfg is used to auto configure network interface with dhcp.

    root@zecurecode:~# cat /etc/network/interfaces.d/50-cloud-init.cfg 
# This file is generated from information provided by
# the datasource.  Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
auto lo
iface lo inet loopback

auto ens3
iface ens3 inet dhcp
root@zecurecode:~#

    First find the gateway used by the VPS.

    root@zecurecode:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         51.254.32.1     0.0.0.0         UG    0      0        0 ens3
51.254.32.1     0.0.0.0         255.255.255.255 UH    0      0        0 ens3
root@zecurecode:~#

    We found the gateway IP 51.254.32.1

    The VPS had main IP of the server is 51.254.35.58 and secondary IPS 94.23.153.137, 178.32.52.159, 178.32.49.157

    Here is the modified /etc/network/interfaces

    root@zecurecode:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# Source interfaces
# Please check /etc/network/interfaces.d before changing this file
# as interfaces may have been defined in /etc/network/interfaces.d
# See LP: #1262951
#source /etc/network/interfaces.d/*.cfg

auto ens3
iface ens3 inet static
    address 51.254.35.58
    netmask 255.255.255.255
    broadcast 51.254.35.58
    post-up route add 51.254.32.1 dev ens3
    post-up route add default gw 51.254.32.1
    post-down route del default gw 51.254.32.1
    post-down route del 51.254.32.1 dev ens3

auto ens3:1
iface ens3:1 inet static
    address 94.23.153.137
    netmask 255.255.255.255
    broadcast 94.23.153.137

auto ens3:2
iface ens3:2 inet static
    address 178.32.52.159
    netmask 255.255.255.255
    broadcast 178.32.52.159

auto ens3:3
iface ens3:3 inet static
    address 178.32.49.157
    netmask 255.255.255.255
    broadcast 178.32.49.157


root@zecurecode:~#

    Here is a PHP script to create OVH failover IP config for Ubuntu/Debian.

    https://gist.github.com/serverok/991f7ccd1be36cbc579e8d55caf39715

  • ssh-keygen

    To generate SSH key, run

    ssh-keygen -t ed25519

    If you need RSA key, run

    ssh-keygen -b 4096

    To create an SSH key in the current folder, run

    ssh-keygen -b 4096 -N "" -f NAME_OF_KEY

    This will create 2 files in the current directory. The “-N” option is for keyphrase. With -N “”, it won’t ask you for kayphrase.

    ssh-keygen

    See Change SSH Key Passphrase

  • Change SSH Key Passphrase

    To change SSH key passphrase, run

    ssh-keygen -p -f ~/.ssh/id_rsa

    Example

    root@ok:~/.ssh# ssh-keygen -p -f ~/.ssh/id_rsa
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.
root@ok:~/.ssh#

    See ssh-keygen

  • lsblk

    lsblk list all block level devices available on your system.

    Example

    root@ok:~# lsblk
NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda      8:0    0  100G  0 disk 
├─sda1   8:1    0   98G  0 part /
├─sda2   8:2    0    1K  0 part 
└─sda5   8:5    0    2G  0 part [SWAP]
sdb      8:16   0  700G  0 disk 
└─sdb1   8:17   0  700G  0 part /backup
sr0     11:0    1  655M  0 rom  
loop0    7:0    0 36.4M  1 loop /snap/heroku/1513
loop1    7:1    0 83.8M  1 loop /snap/core/3748
loop2    7:2    0   16M  1 loop /snap/heroku/1527
root@ok:~#

    See fs