Category: Linux Toggle Comment Threads | Keyboard Shortcuts

Over 80% is running on some form of Linux – so does your Mac and you iPhone. Sometimes we have to get our hands dirty on the command line – it makes you feel like a proper hacker.

Here are some pointers I picked up on my journey.

  • Jay Versluis 12:57 pm on March 27, 2016 Permalink | Reply
    Tags: ,   
    Categories: Linux, Plesk ( 76 )

    How to fix “MLSD unable to build data connection” in ProFTP 

    Filezilla IconI’ve come across an odd problem today on a server that’s been working fine for all kinds of FTP traffic for many years. Turns out that today, FileZilla started complaining about explicit TLS connections (when available) and gave the following error message:

    425 MLSD unable to build data connection: operation not permitted

    Clients could still connect, but no directory content was displayed, nor was uploading new files possible. Rats, I thought. This was on a CentOS 6 server with Plesk 12 running without a hitch otherwise.

    Turns out that by default, ProFTP is configured to re-use TLS sessions – but it appears that this behaviour freaks out FileZilla, which in turn doesn’t like it and throws an error instead. This did not affect plain (non-secure) sessions.

    Thankfully, Adam Stohl knows the answer to this problem: tell ProFTP not to re-use TLS sessions. Open /etc/proftp.conf and add the following line to the bottom of the file:

    TLSOptions NoSessionReuseRequired

    The ProFTP service in Plesk is part of xinetd, so for those changes to take effect, simply restart it with this:

    service xinetd restart

    And voila, TLS connections can happen again. Thanks, Adam – you’re a life saver!

     





     

  • Jay Versluis 12:14 pm on November 19, 2015 Permalink | Reply
    Tags:   
    Categories: Linux, Mac OS X ( 76 )

    How to see which users are logged in on OS X and Linux 

    There are two funky commands that can help us see who’s currently logged in, and what operations were performed last. Those two commands are who and last.

    Let me show you how to use them.

    The who command

    Type who at the command prompt and you’ll see a list of currently logged-in users:

    who

versluis tty1         2015-11-19 11:21 (:0)
root     pts/0        2015-11-19 11:46 (10.0.1.55)

    This system has two users logged in: versluis, via TTY, and root via PTS. We also get to see which IP addresses these users are logged in from (:0 is localhost).

    On this note, TTY is the local text based terminal at the machine, while PTS is a pseudo-terminal. This is most likely an SSH session or similar, anything that’s happening remotely.

    who can also show us who we are, in case you’re ever logged in on a system and don’t know which user you are:

    who am i

your-username-here

    You can also concatenate who am i into whoami.

    The last command

    The last command can take a moment to execute and will show a list similar to this:

    last

versluis tty1         :0               Tue Feb 10 18:54 - down  (4+13:11)   
reboot   system boot  2.6.32-504.8.1.e Tue Feb 10 18:51 - 08:05 (4+13:14)   
root     pts/1        10.0.1.43        Tue Feb 10 16:33 - 16:44  (00:10)    
root     pts/0        10.0.1.52        Tue Feb 10 11:36 - down   (07:13)    
versluis pts/0        :0.0             Tue Feb 10 11:35 - 11:35  (00:00)    
versluis tty1         :0               Tue Feb 10 11:29 - down   (07:20)    
reboot   system boot  2.6.32-504.8.1.e Tue Feb 10 11:27 - 18:50  (07:22)    
root     tty1                          Tue Feb 10 11:16 - down   (00:09)    
reboot   system boot  2.6.32-504.8.1.e Tue Feb 10 11:15 - 11:25  (00:10)    
reboot   system boot  2.6.32-504.8.1.e Tue Feb 10 10:59 - 11:25  (00:26)    
root     tty1                          Tue Feb 10 10:29 - down   (00:28)    
reboot   system boot  2.6.32-504.el6.i Tue Feb 10 10:28 - 10:58  (00:29)    

wtmp begins Tue Feb 10 10:28:53 2015

    You can see who has logged in to the system recently, from which IP address, and when each session started and finished. You can also see when the system was last restarted (and in Linux, which Kernel was used to do so).

    The last line (on Linux, beginning with wtmp) shows since when the command was able to display results. last and who both read a file called wtmp (in /var/log/wtmp), which logs all login attempts over time.

    last accepts several filtering options too. For example, to query when a particular user has logged on and off, type last followed by the username:

    last versluis

versluis tty1         :0               Thu Nov 19 11:21   still logged in   
versluis tty1         :0               Tue Nov 17 12:44 - 22:32  (09:48)    
versluis tty1         :0               Tue Nov 17 11:13 - down   (01:29)    
versluis tty1         :0               Sat Oct 31 23:35 - crash (16+12:37)  
versluis tty1         :0               Sun Aug  9 09:09 - down  (83+14:24)  
versluis tty1         :0               Tue Jun 30 18:03 - down  (39+15:04)  
versluis pts/0        10.0.1.52        Thu Feb 19 14:41 - 18:34  (03:52)

    Or if you’re only interested in restarts:

    last reboot

reboot   system boot  2.6.32-573.8.1.e Thu Nov 19 11:20 - 12:02  (00:41)    
reboot   system boot  2.6.32-573.8.1.e Tue Nov 17 12:43 - 12:02 (1+23:18)   
reboot   system boot  2.6.32-573.7.1.e Tue Nov 17 11:12 - 12:42  (01:29)    
reboot   system boot  2.6.32-573.7.1.e Sat Oct 31 23:34 - 12:42 (16+14:07)  
reboot   system boot  2.6.32-573.1.1.e Sun Aug  9 09:08 - 23:33 (83+14:24)  
reboot   system boot  2.6.32-504.23.4. Tue Jun 30 18:02 - 09:07 (39+15:05)  
reboot   system boot  2.6.32-504.8.1.e Sun Feb 15 11:30 - 09:07 (174+20:37)

    On OS X the output is somewhat more limited due to the absence of kernels, but it works just the same. For more information on each command, checkout the man pages with man last and man who.





     

  • Jay Versluis 3:31 pm on November 9, 2015 Permalink | Reply
    Tags: , Spam   
    Categories: Linux ( 76 )

    How to remove an IP from the CBL (Composite Blocking List) 

    Today I was introduced to something called the CBL, or the Composite Blocking List. This is one of several Spamhaus projects that’s there to make sure IP’s are blacklisted when they’re sending spam.

    You can check if your IP’s are OK at http://www.spamhaus.org/lookup/

    The CBL is a separate website in which you can also lookup IPs. Spamhaus will tell you if that’s the case and direct you to the CBL here: http://www.abuseat.org/lookup.cgi

    Even though my IP was otherwise fine, it was listed in the CBL, and Yahoo kindly made me aware of this as part of an error message I’ve received when trying to send an email. If ever there is an email problem in CentOS, the first place to look is /var/log/maillog. Here’s Yahoo’s very helpful explanation: https://help.yahoo.com/kb/postmaster/SLN5070.html

    Turns out that the hostname was not setup yet, so the box would respond as localhost.localdomain. That’s a big fat no-no as far as the CBL people are concerned. Here’s CBL’s explanation:

    This IP address is HELO’ing as “localhost.localdomain” which violates the relevant standards (specifically: RFC5321).

    The CBL does not list for RFC violations per-se. This _particular_ behaviour, however, correlates strongly to spambot infections. In other words, out of thousands upon thousands of IP addresses HELO’ing this way, all but a handful are infected and spewing junk. Even if it isn’t an infection, it’s a misconfiguration that should be fixed, because many spam filtering mechanisms operate with the same rules, and it’s best to fix it regardless of whether the CBL notices it or not.

    (More …)





     

    • N1njawtf 2:50 pm on March 20, 2016 Permalink | Reply

      Cool! thanks alot! I guess this solved my blacklisting problem.

  • Jay Versluis 1:06 pm on November 9, 2015 Permalink | Reply
    Tags:   
    Categories: Linux ( 76 )

    How to set the hostname on CentOS 7 

    CentOS 7 has a nice command called hostnamectl. With it we can display the current hostname, and set any of the three types of hostname:

    • static hostname (something like example.com)
    • transient hostname (anything you like, assigned when using DHCP)
    • pretty hostname (something like Jay’s MacBook Pro)

    By default, a CentOS installation comes back with localhost.localdomain – but that’s not meaningful if you see lots of localhosts on the same network.

    If the IP of the box does not change, we can set the static hostname like this:

    hostnamectl set-hostname example.com --static

    No feedback means good news. Likewise, we can set a hostname if were using DHCP to get an IP address, even though it may change every time we connect. To make sure we retain the same name no matter what IP we get, let’s set the transient hostname like so:

    hostnamectl set-hostname myserver --transient

    Note that we can’t use spaces or special characters with static or transient hostnames as far as I know.

    Lucky for us there’s also the pretty hostname, which does support special characters. It doesn’t usually appear anywhere on the command line, but GUIs like to display the pretty name of a machine when available:

    hostnamectl set-hostame "Jay's MacBook Pro" --pretty

    There’s no need to restart anything, the changes are in effect as soon as we hit return after either command.

    To see the current hostnames, we can use the status switch:

    hostnamectl status

   Static hostname: example.com
   Transient hostname: myserver
   Pretty hostname: Jay's MacBook Pro
         Icon name: computer-vm
           Chassis: vm
        Machine ID: 3d1ed70be1e940efaab8fb63b82822cc
           Boot ID: b95807c92b904fc192bd086b2596bea5
    Virtualization: kvm
  Operating System: CentOS Linux 7 (Core)
       CPE OS Name: cpe:/o:centos:centos:7
            Kernel: Linux 3.10.0-229.20.1.el7.x86_64
      Architecture: x86_64

    Thanks to Vivek Gite for this wonderful explanation!





     

  • Jay Versluis 8:05 am on November 2, 2015 Permalink | Reply
    Tags: ,   
    Categories: Linux ( 76 )

    How to disable SSH access from everywhere except for certain IPs in CentOS 7 

    Here’s how to do it:

    firewall-cmd --zone=internal --add-service=ssh --permanent
firewall-cmd --zone=internal --add-source=1.2.3.4/32 --permanent
firewall-cmd --zone=internal --add-source=5.6.7.8/32 --permanent
firewall-cmd --zone=public --remove-service=ssh --permanent

firewall-cmd --reload

    This declares an internal zone with two IPs (add as many or as few as you like) and subsequently removes the SSH service from the public zone altogether. As a result, any other IP gets a message such as “Connection refused” when trying to connect via SSH.

    The “–permanent” switch saves the changes. Remove it for testing or if you don’t want this change to be permanent.

    The last line reloads the current firewall rules (thanks, CertDepot).





     

  • Jay Versluis 8:29 am on September 10, 2015 Permalink | Reply
    Tags:   
    Categories: Linux ( 76 )

    How to fix a “could not bind to address” error in Apache 

    I have worked on a server recently and I came across a problem (again) that I meant to write about, and include a solution should you suffer from a similar problem. It was a Plesk server running CentOS, but this particular issue can also happen on plain LAMP stacks.

    Trying to start Apache, I got the following error message:

    apachectl -k restart
httpd not running, trying to start
(98)Address already in use: make_sock: could not bind to address [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

    The port number may be different depending on which port Apache is supposed to listen on (80 is the default, but depending on your system it may be something different, for example 7080). What this error is saying is that the Apache config file says the service is supposed to use a specific port, and another service is already using it. Hence, Apache can’t start or restart.

    If your server has worked fine before, then it’s likely that the config file is not the problem – so don’t go messing with it unless you absolutely know what to tweak.

    Let’s find out what service (or process) is listening on our port. We can do this using the lost command:

    lsof -i:80

COMMAND   PID   USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
httpd   18893 apache    5u  IPv6 216716713      0t0  TCP *:http (LISTEN)
httpd   32576 apache    5u  IPv6 216716713      0t0  TCP *:http (LISTEN)
httpd   32576 apache  178u  IPv4 226927338      0t0  TCP us13659668780097405.dynamiccloudserver.info:33052->br218-ip02.hostgator.com.br:http (CLOSE_WAIT)
httpd   32576 apache  180u  IPv4 236802430      0t0  TCP us13659668780097405.dynamiccloudserver.info:42497->versace.freshwebserver.com:http (CLOSE_WAIT)
httpd   5135 apache    5u  IPv6  24375      0t0  TCP *:empowerid (LISTEN)
httpd   5146 apache    5u  IPv6  24375      0t0  TCP *:empowerid (LISTEN)

    Replace the port number (80 in the above example) with your own. In this example, Apache is in fact listening but something isn’t quite right and it’s unable to restart. We can go and kill each of these processes using the following command:

    kill -SIGTERM 18893

    Do this with every process ID (PID) from the list you get from the lsof command. As soon as they’re all dead (verify with lsof), try to restart apache once again:

    apachectl -k restart

    This has helped me on a number of occasions 😉





     

  • Jay Versluis 11:01 am on August 14, 2015 Permalink | Reply
    Tags: ,   
    Categories: Linux ( 76 )

    How to disable the user list at login on CentOS 7 

    Screen Shot 2015-08-13 at 10.51.47

    By default, CentOS 7 will display a list of all users on the system. Click on it, type in the password, and you’re in. This works well when you have a handful of users on the system.

    However, on systems with a lot of users, not everyone can be displayed in that list – and scrolling up or down is impossible (and even if it was, it’s impractical at best). The solution is to replace that list with a box to type in a user, much like what would happen when you choose the “Not Listed” option.

    Here’s how to do it:

    From the command line, login as root and create a file called /etc/dconf/db/gdm.d/00-login-screen. By default it does not exist.

    vi /etc/dconf/db/gdm.d/00-login-screen

    Now add the following lines to it and save the file:

    [org/gnome/login-screen]
# Do not show the user list
disable-user-list=true

    This will tell GNOME not to display the list anymore, and instead bring up a text box as shown below. For the change to take effect, we need to update GNOME with the following command:

    dconf update

    And that’s it!

    Screen Shot 2015-08-13 at 10.54.55





     

  • Jay Versluis 10:48 am on August 13, 2015 Permalink | Reply
    Tags: ,   
    Categories: Linux ( 76 )

    How to enable automatic user logins in CentOS 7 and GNOME 

    CentOS-LogoIf you’ve read my previous article about how to enable automatic logins on CentOS 6, and it sounded a little daunting, you may be pleased to hear that it’s a little easier to accomplish the same thing on CentOS 7.1.

    If you’re using GNOME in a single user environment, and you’re confident that nobody else will use your system, you can enable auto-logins without the password questions like this:

    1. Login to GNOME as usual
    2. Find your name at the top right and click on it
    3. Now select Settings
    4. In the new window that opens, find Users
    5. Click on Unlock at the top right
    6. Select your own user and turn on Automatic Logins

    You need supervisor privileges to make this change. Next time you restart your system, you’re logged in automatically.

    Screen Shot 2015-08-13 at 10.19.12

    Thank you, CentOS!





     

    • eliashickman 2:26 am on March 14, 2016 Permalink | Reply

      I can’t get this to work. What is the command to launch the user/account UI? Is there another way to do this via systemd?
      I’ve tried editing /etc/gdm/custom.conf and it doesn’t work either.

      • Jay Versluis 7:39 am on March 14, 2016 Permalink | Reply

        Pass I’m afraid – on my system “it just works”.

  • Jay Versluis 4:35 pm on July 24, 2015 Permalink | Reply
    Tags: ,   
    Categories: Linux ( 76 )

    How to install Parallels Tools via the Command Line in CentOS 

    I like setting up barebones CentOS and other flavoured VMs on my Mac via Parallels Desktop. Trouble is, for such things like time synchronisation to work properly, something called Parallels Tools needs to be installed on each VM.

    This is to make sure Parallels Desktop can speak to the VM and communicate with it properly. It’s more important for GUIs so that the screen resolution and mouse handling is more accurate.

    Thing is, when you have a VM with a GUI, installing Parallels Tolls is extremely easy and may even happen automatically as soon as you install the OS. But if you have a command line only interface, it just doesn’t happen, and it’s up to us to install those tools manually. Here’s how to do it in CentOS 6.

    First, boot up your barebones VM and wait for it to start. Now head over to the VM’s menu and choose Actions – Install Parallels Tools. If they’re already installed, this message will change to “Reinstall Parallels Tools”.

    Screen_Shot_2015-07-21_at_16_39_13

    If your VM has a graphical user interface, this process will kick off the actual installation, but on barebones machines, it will merely attach the ISO image that contains the tools to your VM. In an ideal world, this tool would even mount the image for us, but sadly it doesn’t work with CentOS. Therefore we have a bit more work to do until we get to the installation part.

    You’ll see the following message to confirm the attachment:

    Screen-Shot-2015-07-21-at-16.29.35

    Now let’s login to our VM as root using our favourite SSH client (or simply use Parallels Desktop). We’ll create a directory to which we can mount the image. As suggested in the Parallels documentation, we’ll use /media/cdrom:

    mkdir /media/cdrom

    With this directory in place, let’s mount the ISO image to it so we can address it:

    mount -o exec /dev/cdrom /media/cdrom
mount: block device /dev/sr0 is write-protected, mounting read-only

    The message is fairly self-explanatory: no writing to that ISO image. No problem! To start the installation, enter the directory and call the install script like so:

    cd /media/cdrom
./install

     

    Help! That’ didn’t work!

    Sometimes (in CentOS 7 for example) the ISO image isn’t properly mounted, and instead Parallels Desktop mounts a directory containing the ISO image. That’s no good of course. If you receive an error message along the lines of “command not found”, take a look at the CD Rom’s directory with the ls command.

    If there is no file called “install”, and instead there’s something like “prl-tools-lin.iso”, you need to manually attach the ISO image to your VM. To do this, restart your VM and select Devices – CD/DVD 1 – Connect Image. Now navigate to Applications – Parallels Desktop.app – Contents – Resources – Tools and pick the appropriate ISO file.

    Screen Shot 2015-08-07 at 12.49.50

     

    For all Linux flavours this is prl-tools-lin.iso. Once attached, mount the device as discussed above and you should be able to run the installer.

     

    Parallels Tools TUI in action

    The script will greet us with a TUI and some steps we need to complete, one of which may be that some additional components (such as make and gcc) need to be installed. That’s not always the case on barebones systems. Lucky for us, the script will take care of this for us too:

    Screen Shot 2015-07-21 at 16.33.51

    And that’s it! The script will finish fairly quickly, and at that point, Parallels Tools is installed in your VM. Congratulations! There’s only one final step: reboot the VM. You can either do that from the VM’s menu under Actions – Restart, or by issuing the following command:

    reboot now

Broadcast message from root@yourserver
(/dev/pts/0) at 16:53 ...

The system is going down for reboot NOW!

    As soon as the VM is back up and running you’re all set 🙂

    Screen Shot 2015-07-21 at 16.38.48

     

    Further Reading:





     

  • Jay Versluis 9:55 am on May 3, 2015 Permalink | Reply
    Tags:   
    Categories: Linux, Plesk ( 76 )

    How to update Plesk via the Command Line 

    Plesk-LogoYou can update Plesk via the Web Interface (under Tools and Settings – Updates and Upgrades). However sometimes the interface times out, or browsers get confused – therefore it’s good to know that you can apply updates via the command line interface as well. In this article I’ll show you how (in Linux – I don’t know much about running Plesk on Windows I’m afraid).

    We need to download the standard installer script for this. It’s a powerful little tool which can also be used to add or remove components from the current Plesk installation, or to install Plesk on a barebones server.

    As of 2015 the link can be found here:

    Screen Shot 2015-05-03 at 09.39.40

    If you click the option “Download Plesk installer for Linux”, you’ll see the actual script open in a new browser tab. Not what we want, although you could copy and paste this into a new file on your Linux system. Instead, right-click on the link and choose “Copy Link” instead.

    Screen Shot 2015-05-03 at 09.41.27

    With that link in your clipboard, connect to your server via SSH and download the file with something like wget:

    wget http://autoinstall.plesk.com/plesk-installer?long-url-here

    This will result in a file called “plesk-installer” with some nasty parameters at the end, several hundred characters in total. Let’s rename it to something easier and tweak the execution permissions:

    mv plesk-installer* plesk-installer
chmod +x plesk-installer

    Now we can run the script like so:

    ./plesk-installer

Welcome to the Parallels Installation and Upgrade Wizard!
===============================================================================

This wizard will guide you through the installation or upgrade process. Before
installing or upgrading Parallels products, be sure to back up your data.

To start the installation or upgrade, press N and then press Enter.
To quit the installer, press Q and then press Enter.

    Follow the instructions to upgrade Plesk. You can also call the script with several options, for a full list of those call it with “–help”. To see all available versions of Plesk during the installation, use “–all-versions”, which will eventually lead you to a screen similar to this:

    Select the desired products and their versions
===============================================================================

The following product versions are available:

1. [*] Parallels Plesk
  2. ( ) Parallels Plesk Panel 12.1.21 (testing)
  3. ( ) Parallels Plesk Panel 12.1.20 (testing)
  4. ( ) Parallels Plesk Panel 12.1.19 (testing)
  5. ( ) Parallels Plesk Panel 12.1.18 (testing)
  6. ( ) Parallels Plesk Panel 12.1.17 (testing)
  7. ( ) Parallels Plesk Panel 12.1.16 (testing)
  8. ( ) Parallels Plesk Panel 12.1.15 (testing)
  9. ( ) Parallels Plesk Panel 12.1.14 (testing)
  10. ( ) Parallels Plesk Panel 12.1.13 (testing)
  11. ( ) Parallels Plesk Panel 12.1.12 (testing)
  12. ( ) Parallels Plesk Panel 12.1.11 (testing)
  13. ( ) Parallels Plesk Panel 12.1.10 (testing)
  14. ( ) Parallels Plesk Panel 12.1.9 (testing)
  15. ( ) Parallels Plesk Panel 12.1.8 (testing)
  16. ( ) Parallels Plesk Panel 12.1.7 (testing)
  17. ( ) Parallels Plesk Panel 12.1.6 (testing)
  18. (*) Parallels Plesk 12.0.18 (Stable) (currently installed)

N) Go to the next page; P) Go to the previous page; Q) Cancel installing
To select a version, type the respective number;
Select an action [N]:

    If you call the script without any parameters, only micro updates and additional components are applied. Micro updates are usually applied automatically if this feature is enabled (it is by default).





     

← Older posts

c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel