Chris Nizzardini, Salt Lake City Utah, Web Developer Specializing in LAMP+Ajax Since 2006

My Blog

Here is my awesome blog. You can find information on programming, linux, documentation, tips for code and database optimization, my thoughts and rants, and whatever else I feel like sharing. Feel free to contribute to the blog by posting comments and asking questions.

Linux

« Older Entries

Key Based SSH Authentication on CentOS Linux

Posted by chris on August 17th, 2011 Comments(0)

I wanted to create a shell script that will automatically grab a database backup from our backup server via rsync to a local server so we can have relatively recent copies of our database stored locally for running intensive reports against. This is a stopgap solution until we setup a reporting server in our datacenter. The first step to doing this was setting up key based authentication over SSH (so I can do this via cron). There are lots of tutorials on this and the process is pretty simple, but I did run into one little hitch on our CentOS server that I want to document here.

The setting I had to change was StrictMode No.

StrictModes
Specifies whether sshd should check file modes and ownership of the user’s files and home directory before accepting login. This is normally desirable because novices sometimes accidentally leave their directory or files world-writable. The default is “yes”.

Beyond that following tutorials like this one and finally this one (where I discovered the StrictMode hint) make the process straight-forward. Some of the tutorials you will find are not entirely clear on the point that if you are connecting from foo@client to foo@server then the user foo must exist on both hosts (the client and server). I assumed this, but thought it was strange that this was not explicitly mentioned in the tutorials.

Another item that is not explained in any of the tutorials I found is the difference between RSA and DSA. RSA, short for Rivest, Shamir, and Adelman (the folks who created the algorithm back in the mid to late 1980s) is an aglorithm for encrypting data as well as signing it. DSA, short for Digital Signature Algorithm, is used for signing only.

So do you use DSA or RSA? Since we are only using this for signing and verification it appears that it does not matter which one you use. I have read there are nominal speed differences between the two. I used DSA for this project.

In Linux (, , , , , )

Custom Apache Logs in Centos Linux

Posted by chris on May 17th, 2011 Comments(0)

You can create custom Apache logs to log only the data you need. By default Apache installations will use the combined log for logging to logs/access_log. This combined format is very long giving you the remote host, date and time, referer, user agent, and other information. I am working on something where I only care about a time, process identifier, file, and requested URL. To do this go into your httpd.conf file and add the following Log Format:

LogFormat "%P %t %f %U" piddy

I don’t want this log to contain any information on image requests, javascript, or CSS. I only want to log requests for PHP and HTML files. To do this add the following to httpd.conf:

SetEnvIf Request_URI ".(jpg|jpeg|png|css|gif|ico|js)$" dontlog

Now to use your log add the following to httpd.conf:

CustomLog logs/piddy_log piddy env=!dontlog

You will need to reload Apache (restart is not required), but before reloading your configurations use sudo apachectl configtest to verify your configurations are good. It will return Syntax OK if it finds your config to be good, otherwise it will return an error message a long with a line number.

Now we have a our custom log:

22141 [17/May/2011:14:14:52 -0600] /var/www/html/change_billing_address_checkout.php /change_billing_address_checkout.php
22194 [17/May/2011:14:14:52 -0600] /var/www/html/change_billing_address_checkout.php /change_billing_address_checkout.php
22317 [17/May/2011:14:14:52 -0600] /var/www/html/shopping_cart.php /shopping_cart.php
22173 [17/May/2011:14:14:52 -0600] /var/www/html/404.php /404.php
22171 [17/May/2011:14:14:52 -0600] /var/www/html/model.xml /model.xml
22322 [17/May/2011:14:14:52 -0600] /var/www/html/404.php /404.php
In Linux (, , , , )

Adding Linux Binary Paths to bash_profile in Centos

Posted by chris on April 21st, 2011 Comment(1)

I’m not sure why these paths aren’t in Centos by default and I certainly don’t profess to be a Linux expert. The best guess I can take is these are not where binary executables should go by default so thats why they are not put in by Centos or Red Hat. Actually that doesn’t make sense because service and chkconfig have been in Centos/Red Hat for a while now. Anyways, I get tired of typing in a full path to execute something like ntpudate, service, or chkconfig. Here’s how to avoid needing to do that:

sudo echo 'export PATH=$PATH:/usr/sbin' >> $HOME/.bash_profile
sudo echo 'export PATH=$PATH:/sbin' >> $HOME/.bash_profile

The path to the executable just follows PATH=$PATH: this will prevent you from needing to type something like /sbin/service rather than just simply service in the future. You will need to re-login for the changes to take hold.

In Linux (, , , )

Happy Cacti Graphs at the Office

Posted by chris on February 23rd, 2011 Comments(0)

I’m pretty excited about getting cacti running in our production environment to monitor our Web and Database servers.  Cacti is a complete network graphing solution designed to harness the power of RRDTool‘s data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Read the rest of this entry »

In Linux, Software (, , , , )

How to Configure LogWatch on Centos

Posted by chris on February 2nd, 2011 Comments(0)

I recently discovered some dunce code was modifying our php.ini settings at run time preventing error logging in production. Not displaying errors in production is fine, but not logging them makes it difficult to fix bugs and generally makes me want to slap the developer that disabled error logging through an ini_set(). After fixing the dunce code I finally took a peak at the log and discovered a mountain of mostly PHP Warnings and a few fatal errors here and there. I decided to setup logwatch and document the experience here on my blog.

Logwatch analyzes and reports on system logs. It is a customizable and pluggable log-monitoring system and will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems. On our Centos install the package was already installed so I just needed to make a few slight configuration changes.
Read the rest of this entry »

In Linux, Software (, , )

Setting up WebDav on Ubuntu 10

Posted by chris on January 24th, 2011 Comments(0)

Finally got around to installing WebDAV on my home computer.  Had to fight getting basic Apache authentication working, here’s what I did.  Hopefully things go smoother for you.  You’ll need to have apache and svn installed along with webdav which can be done using synaptic or aptitude.  I gave a pretty good overview of setting this up in a previous blog. Once installed enable webdav using the following command:

Read the rest of this entry »

In Linux (, , , )

How to Remove and Add Rules to IP Tables Chains in Centos Linux

Posted by chris on October 12th, 2010 Comments(0)

Occasionally our IP Tables at work will block us. I finally got tired of looking up how to resolve this and decided to document the fix on my blog. I’m not a System Administrator (but by defacto rule I am) and I’m definitely not an IP Tables expert, so follow at your own risk. You’re IP Tables list is probably pretty long so you’ll want to pipe the output of iptables -L into a file to be viewed by VIM. This command will give you a rule number and a list. Be sure to see which chain the rule is in (ie INPUT, LOCALINPUT, LOCALOUTPUT etc).

Read the rest of this entry »

In Linux (, , )

Setting up SubVersion (SVN) on Local Ubuntu with Netbeans

Posted by chris on October 5th, 2010 Comments (4)

Assuming you have SVN installed follow these steps from the shell (where “proj” is your project). You can put this anywhere you want really, this is how I decided to do it though to keep it out of my default apache directory. I’ll show steps for configuring this to work with apache if you’re doing this as a PHP repo on your localhost. You may need to sudo yourself for these commands. Also, I’m an SVN novice so follow at your own risk. I’m pretty sure I did this poorly…

Read the rest of this entry »

In Linux, Programming, Software (, , )

Setting up NTP on CentOS

Posted by chris on September 9th, 2010 Comments(0)

Wow has it been this long since I did a Linux post? Here’s a quickie. I needed to setup NTP on a newly migrated server to resolve some wacky time card issues. First install ntp (should already be installed), turn the service on with chkconfig, create a backup of your timezone file, set your timezone to your local area, perform an ntp update, ensure the service is started, and last using chkconfig verify that it has the proper run levels (2-5) so it starts up on a server reboot.

yum install ntp
chkconfig ntpd on
mv /etc/localtime /etc/localtime.bak
ln -s /usr/share/zoneinfo/America/Denver /etc/localtime
ntpdate pool.ntp.org
/etc/init.d/ntpd start
chkconfig --list

You may also want to sync your hardware clock in your BIOS to your system clock.

See:
http://www.cyberciti.biz/faq/howto-install-ntp-to-synchronize-server-clock/

http://www.wikihow.com/Change-the-Timezone-in-Linux

http://www.forum.psoft.net/showthread.php?t=13307

In Linux, Software (, )

Fix Gnome Vino Server (VNC) From Randomly Closing on Ubuntu

Posted by chris on March 19th, 2010 Comments(0)

I’m not a fan of Gnomes implementation of the VNC Server on Ubuntu. It is always randomly closing on me. If you have SSH access to your desktop though you can remotely start the vino-server allowing you to once again VNC in.

Simply create the following script and name it something like start-vino.sh:

1
2
3
4
5

#!/bin/bash
gconftool-2 -s -t bool /desktop/gnome/remote_access/enabled true
gconftool-2 --type bool --set /desktop/gnome/remote_access/prompt_enabled 0
export DISPLAY=:0.0
/usr/lib/vino/vino-server

Now chmod the script 744, giving only you the owner the ability to execute and modify the file. Next time your vino server dies, tunnel into your desktop and run this script. You can find more information by viewing this Ubuntu Forum thread.

In Linux (, , )
« Older Entries