Child pid xxx exit signal Segmentation fault (11)

Sometimes apache is crashing and all or some PHP pages are showing blank when you browse it. Also apache error logs shows following errors.

------------------------------------------------------------------------------------------------------------

[Thu Dec 24 09:12:03 2009] [notice] child pid 8877 exit signal Segmentation fault (11)

[Thu Dec 24 09:12:38 2009] [notice] child pid 8466 exit signal Segmentation fault (11)

[Thu Dec 24 09:12:38 2009] [notice] child pid 8883 exit signal Segmentation fault (11)

------------------------------------------------------------------------------------------------------------

Solution:

Edit httpd.conf file and add following line in the main config.

---------------------------------------------------------------------------------

CoreDumpDirectory /tmp/apache2-gdb-dump

---------------------------------------------------------------------------------

Then create following folder in /tmp and change the permisssion

---------------------------------------------------------------------------------

root@server [~] mkdir -p /tmp/apache2-gdb-dump

root@server [~] chmod 0777 /tmp/apache2-gdb-dump

---------------------------------------------------------------------------------

Also make changes in to following file.

root@server [~] nano /usr/sbin/httpd

Search for ulimit lines .For eg : you can see these lines

ulimit -n 1024

ulimit -n 4096

ulimit -n 8192

ulimit -n 16384

You need to add ulimit -c 0 at the end .Which will look like :

ulimit -n 1024

ulimit -n 4096

ulimit -n 8192

ulimit -n 16384

ulimit -c 0

------------------------------------------------------------------------------------------------------------

Stop and start apache server

root@server [~] /etc/init.d/httpd stop

root@server [~] /etc/init.d/httpd start

Mailman Error “Bug in Mailman version 2.1.11.cp3?

If you are getting following error when trying to modify mailinglist then execute following command on shell

Error
===============

Bug in Mailman version 2.1.11.cp3

We’re sorry, we hit a bug!

Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs.

===============

Command

chmod 02775 -R /usr/local/cpanel/3rdparty/mailman/

How to stop generating core files

You may come across core files which gets generated within your accounts . The possible reason for the core files getting generated is when a php process is killed, apache creates core files under your account .

On phpSuexec servers this may cause due to incorrect php.ini file placed in your account and if it is caused due to php/apache then you can get rid off those core files by editing the httpd startup file on the server end. Following are the steps to edit httpd startup file.

root@server [~]#which httpd

/usr/sbin/httpd

root@server [~]# nano /usr/sbin/httpd

Search for ulimit lines .For eg : you can see these lines

ulimit -n 1024

ulimit -n 4096

ulimit -n 8192

ulimit -n 16384

You need to add ulimit -c 0 at the end .Which will look like :

ulimit -n 1024

ulimit -n 4096

ulimit -n 8192

ulimit -n 16384

ulimit -c 0

root@server [~] /etc/init.d/httpd restart

cPanel :: Unable to locate clamd

If you are not able to restart clamd on cpanel server and getting following error:

root@sertech[~]# /scripts/restartsrv_clamd
Unable to locate clamd

Please follow the steps as given below:

# Red Hat Enterprise Linux 5 / i386:
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
# Red Hat Enterprise Linux 5 / x86_64:
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

Then install it through yum:

yum install clamd

And finally restart clamd service:

/scripts/restartsrv_clamd

How to enable SSI includes by using .htaccess

Including executables are no longer allowed by default apache configuration. IncludesNOEXEC is now the default, SSI includes are now disabled by default. This is done to prevent server abuse / insure server security. We recommend using PHP coding wherever possible. If using cgi includes is ABSOLUTELY necessary you may enable the includes via :

1. Create/edit the .htaccess file (you may find it within public_html folder) to permit the execution of CGI programs with the following options:

2. Enter the following:

Options +Includes +ExecCGI

AddHandler cgi-script .cgi .pl

OR

AddType text/html .shtml

AddHandler server-parsed .shtml

Options Indexes FollowSymLinks Includes

3. Save .htaccess file.

Including executables are no longer allowed by default apache configuration. IncludesNOEXEC is now the default, SSI includes are now disabled by default. This is done to prevent server abuse / insure server security. We recommend using PHP coding wherever possible. If using cgi includes is ABSOLUTELY necessary you may enable the includes via :
1. Create/edit the .htaccess file (you may find it within public_html folder) to permit the execution of CGI programs with the following options:2. Enter the following:
Options +Includes +ExecCGIAddHandler cgi-script .cgi .pl
OR
AddType text/html .shtmlAddHandler server-parsed .shtmlOptions Indexes FollowSymLinks Includes
3. Save .htaccess file.

How to Move or Copy an SSL Certificate from one Server to Another

There's two parts to moving a SSL cert. First, you will need to export the certificate on the old server. Then, you will need to import the cert to the new server. Here is a detailed description of the process to follow for both steps:

Here are the steps you should follow to export to the cert on the existing server:

1) Go to Start -> Run and enter MMC
2) From the menu bar, select Console -> Add Remove Snap In
3) Click the "Add" button. Select the Certificates snap in, and then click "Add" again
4) Choose the "Computer Account". Click Next.
5) Select "Local Computer" Click Finish.
6) Now click "Close" and then "OK"
7) Now expand the "Certificates" object in the MMC and drill down to Personal -> Certificates.
8) You should see your existing cert. listed. Right click on the cert and go to All Tasks -> Export
9) Choose "Yes, export the private key". Click "Next".
10) At the next screen, leave the default settings and hit "Next"
11) Enter a password to secure the exported cert. Click Next.
12) Enter a file name. The cert will be exported to this file name. Click Next.
13) Click Finish.

On the destination server, follow this procedure:

1) Copy the exported file over to the new server
2) Follow steps 1-7 outlined above
3) Right Click on the certificiates folder and choose "All Tasks -> Import "
4) Click Next. Browse to the file you copied over in step 1. Click Next
5) Enter the password you entered in step 11 above. Check the box "Mark the private key as exportable". Click Next
6) You want to place the cert into the Personal store - this is selected by default. Click Next.
7) Click Finish.
8) Now you will need to go into IIS and assign the SSL cert to the site.

9 Steps to Install and Configure PostgreSQL from Source on Linux

How To Configure CSF Firewall

In this how to I will describe how to install /configure full feature firewall on your server using Config Server Firewall (CSF)  script from http://www.configserver.com. Firewall are the basic need of every server now a days and people trying to protect there server by using different scripts but CSF gives all in one solution. The tools available for the implementing are either over-complex, not user friendly, or simply aren’t as effective as they could be. So that is the reason CSF developed.

You can see the features on following site.

http://www.configserver.com/cp/csf.html

1) Download CSF

[root@server1 ~]# cd /usr/src
[root@server1 src]# wget http://www.configserver.com/free/csf.tgz

2) Install CSF

[root@server1 src]# tar zxvf csf.tgz
[root@server1 csf]# cd csf
[root@server1 csf]# ./install.sh

It will compile and install csf under /etc/csf/ directory, now we will configure it.

3) Configuration

First run following command that you have all the required iptables modules available for running CSF full. Don’t worry if you cannot run all the features, so long as the script doesn’t report any FATAL errors

[root@server1 csf]# perl /etc/csf/csftest.pl
Testing ip_tables/iptable_filter…OK
Testing ipt_LOG…OK
Testing ipt_multiport/xt_multiport…OK
Testing ipt_REJECT…OK
Testing ipt_state/xt_state…OK
Testing ipt_limit/xt_limit…OK
Testing ipt_recent…OK
Testing ipt_owner…OK
Testing iptable_nat/ipt_REDIRECT…OK

RESULT: csf should function on this server

Looks 100% OK.

Now if you are running apf_bfd firewall, it has to be removed for csf works.

[root@server1 csf]# sh /etc/csf/remove_apf_bfd.sh
Removing apf and/or bfd…

/etc/csf/remove_apf_bfd.sh: line 5: apf: command not found
error reading information on service apf: No such file or directory
error reading information on service apf: No such file or directory

…Done

sure i dont use it, so not found.

Now to configure csf config file to implement firewall as per our need.

[root@server1 csf]# vi /etc/csf/csf.conf

The following TAG will run csf in Testing Mode as if we by mistake block ourself out, it will flush all firewall rules in 5 minutes to get us in and fixed it.

TESTING = “1?

We will change it to zero “0? when we finished and sure we have all right rules in.

Put your all ports which you want to be open on your server for incoming traffic seperated by comma.

TCP_IN = “20,21,22,25,53,80,110,143,443,465,587,993,995?

Also open any port you want for outgoing traffic

TCP_OUT = “20,21,22,25,53,80,110,113,443?

Same goes for UDP_IN and UDP_OUT, be remember if you are running DNS service, so you have to open port 53 in UDP_IN as DNS port 53 runs on udp rather than tcp

UDP_IN = “20,21,53?

To allow outgoing traceroute add 33434:33523 to this list

UDP_OUT = “20,21,53,113,123,33434:33523?

If you like to people ping your server without any timout than change following value to zero “0? because default value limit ping 1 per second, which may show you ping timeout and you may have impression of that your server is dropping packets.

ICMP_IN_RATE = “0?

SYNFLOOD protection is already enabled and if you want to change the RATE or BURST value you can use following lines to match your traffic.

SYNFLOOD = “0?
SYNFLOOD_RATE = “100/s”
SYNFLOOD_BURST = “150?

currently the RATE is 100/s and BURST can upto 150. This can be varry from server to server.

To protect your server any specific port from DOS attacks, you can define it in PORTFLOOD tag.  This option limits the number of connections per time interval that new connections can be made to specific ports.

By default its empty and i did like to limit 20 connections per 5 sec to port 80 (webserver).

PORTFLOOD = “80;tcp;20;5?

It defines protect port 80 running on protocol tcp, 20 connections per 5 seconds. Use the same for more ports followed by semmi colon ;.

Define email address to which you need to get alerts and define email address to which you want to get.

LF_ALERT_TO = “sohaileo@gmail.com”

LF_ALERT_FROM = “csf@sohailriaz.com”

This will implement firewall more than you need. It has tons of options and you can edit csf.conf for your need.

After this save the file and restart the csf service.

[root@server1 csf]#  /etc/init.d/csf start

Dont scare of large iptables commands running in

The CSF will start in Testing mode and now you have to check rules are implement correctly or not and if you have accidently block yourself, wait for 5 minutes and then relogin to fix it.

If you completed with configuation and sure that every rules is implemented correctly then change Testing from 1 to 0 for run CSF permanently.

TESTING = “0?

and restart the service again to activate it.

[root@server1 csf]#  /etc/init.d/csf restart

To allow IP addresses through iptables insert, one IP per line. If want to allow full block use CIDR notation

[root@server1 csf]# vi /etc/csf/csf.allow

192.168.0.1
192.168.1.0/24

These IP should also be define in /etc/csf/csf.ignore to be ignore from lfd daemon from checking.

To deny IP addresses will be allowed through iptables, one IP address per line. If want to deny full block use CIDR notation

[root@server1 csf]# vi /etc/csf/csf.deny

192.168.0.5 #do not delete

The #do not delete option will tell csf to igonore the DENY_IP_LIMIT tag and dont delete ip from this file.

Now you have full feature firewall install and running without any error. The work you have to do now is to re-read /etc/csf/csf.conf file full and check every option it gives and change accordingly to your firewall need. I hope you will now easily edit it and do more with it. If you need any help please comments to benefit for all.

Fantastico shows error 'You cannot install more than one script in the root directory of a domain'

In order to solve this issue you should follow these steps:

1. Log in cPanel and click on File Manager;

2. Navigate to .fantasticodata in your Home Directory;

3. Delete the file installed_in_root.php.

This will ensure there is no Fantastico information remaining from previous installations.

If you still  have problems with your Fantastico, Please contact you sysadmin for further help

How to remove the blocked ip using iptables

1. First check that ip is blocked or not


2. iptables –L –n | grep

DROP all -- 125.99.10.123 216.240.157.91

1. to unblock the ip give the command

iptables -D INPUT -s 125.99.10.123 -d 216.240.157.91 -j DROP

Now the ip is unblocked.

Install RED5 Server on Centos 5.3

In this how to i will describe how to install RED5 server on Centos 5.3. This how to can be used to install RED5 server on Centos 4 and Fedora 8 – 11 as well. RED5 is open source flash server written in java supports streaming audio/video, recording client streams, shared objects, live stream publishing etc.
1) Download and Install Java

RED5 server depends on Java. CentOS 5.3 comes with OpenJDK 1.6 and install it using yum.

yum -y install java-1.6.0-openjdk java-1.6.0-openjdk-devel

2) Download and Install Ant (Apache Project)

Ant will need to compile RED5 server code. Ant comes in binary form, so just download and install it in /usr/local directory.

cd /usr/src
wget http://opensource.become.com/apache/ant/binaries/apache-ant-1.7.1-bin.tar.gz
tar zxvf apache-ant-1.7.1-bin.tar.gz
mv apache-ant-1.7.1/ /usr/local/ant

3) Export Variables for Ant and Java

export ANT_HOME=/usr/local/ant
export JAVA_HOME=/usr/lib/jvm/java
export PATH=$PATH:/usr/local/ant/bin
export CLASSPATH=.:$JAVA_HOME/lib/classes.zip

Also export these variables in /etc/bashrc to become available for every user login or for any terminal opens.

echo ‘export ANT_HOME=/usr/local/ant’ >> /etc/bashrc
echo ‘export JAVA_HOME=/usr/lib/jvm/java’ >> /etc/bashrc
echo ‘export PATH=$PATH:/usr/local/ant/bin’ >> /etc/bashrc
echo ‘export CLASSPATH=.:$JAVA_HOME/lib/classes.zip’ >> /etc/bashrc

4) Download and Install RED5 Server

Here the latest version available for RED5 is 0.7 on site but download from google code using svn as the tarball of 0.7 on site is missing some of the files.

cd /usr/src
svn checkout http://red5.googlecode.com/svn/java/server/trunk/ red5
mv red5 /usr/local/
cd /usr/local/red5
ant prepare
ant dist

you will see a ton of lines, but you should get at last

BUILD SUCCESSFUL

that’s mean its install and now copy the conf directory from dist/ and test the red5 installation.

cp -r dist/conf .
./red5.sh

If it shows Installer service created in the last then everything is fine here, press ctrl+c and move to next step to create init script.
5) Init Script

Now we will create init script for red5 to start, stop and restart easily.

vi /etc/init.d/red5

download http://www.sohailriaz.com/downloads/red5.txt and copy / paste code in it. The init script code also be viewed below.

#!/bin/sh
# For RedHat and cousins:
# chkconfig: 2345 85 85
# description: Red5 flash streaming server
# processname: red5

PROG=red5
RED5_HOME=/usr/local/red5
DAEMON=$RED5_HOME/$PROG.sh
PIDFILE=/var/run/$PROG.pid

# Source function library
. /etc/rc.d/init.d/functions

[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5

RETVAL=0

case “$1? in
start)
echo -n $”Starting $PROG: ”
cd $RED5_HOME
$DAEMON >/dev/null 2>/dev/null &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG

fi
[ $RETVAL -eq 0 ] && success $”$PROG startup” || failure $”$PROG startup”
echo
;;
stop)
echo -n $”Shutting down $PROG: ”
killproc -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
;;
restart)
$0 stop
$0 start
;;
status)
status $PROG -p $PIDFILE
RETVAL=$?
;;
*)
echo $”Usage: $0 {start|stop|restart|status}”
RETVAL=1
esac

exit $RETVAL

Now start the service

/etc/init.d/red5 start

check status

/etc/init.d/red5 status
red5 (pid XXXXX) is running…

again you can do stop, restart.

HowTo install and configure FFmpeg and FFmpeg-Php on a DA server

I saw this headline on another part of the forum and the instructions I thought were a lot more than was needed. And that might be fine for some but I thought I would post a much shorter process. Here is what I do on my servers running CentOS. Its so easy that I just do it by default on every server I setup.

Install FFMPEG CentOS

cd /root
echo "[dag]" > /etc/yum.repos.d/dag.repo
echo "name=Dag RPM Repository for Red Hat Enterprise Linux" >> /etc/yum.repos.d/dag.repo
echo "baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag" >> /etc/yum.repos.d/dag.repo
echo "gpgcheck=0" >> /etc/yum.repos.d/dag.repo
echo "enabled=1" >> /etc/yum.repos.d/dag.repo

yum -y install ffmpeg ffmpeg-devel flvtool2 mencoder
wget http://internap.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
tar -xjf ffmpeg-php-0.6.0.tbz2
cd ffmpeg-php-0.6.0/
/usr/local/bin/phpize
./configure --with-php-config=/usr/local/bin/php-config
make
make install
cp /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ffmpeg.so /usr/local/lib/php/extensions/
echo "extension=ffmpeg.so" >> /etc/php.ini
service httpd restart

How to install Roundcubemail (webmail alternative)

WARNING: This application is ALPHA software. Use at your own risk

I found roundcube mail while searching projects on freshmeat. Already in Alpha stage is runs very nice, has a great template system and uses xhtml/css 2 (although the xhtml could be strict and much better) the default template is great. It currently lacks a search but that is coming in the future.

http://www.roundcube.net/

So lets get started.
=============================

1) Create a mysql db via direct admin. I called mine admin_webmail (you should all know how to do this!)

2) Download and unpack the package:
Code:

#  cd /var/www/html

#  wget http://easynews.dl.sourceforge.net/s...0051007.tar.gz

#  tar xvfz roundcube_webmail_0.1-20051007.tar.gz

3) Ensure proper permissions of the folders:

Code:

#  chown -R root.root roundcubemail

#  cd roundcubemail

#  chown -R apache logs temp

4) Import their SQL file:

Code:

#  cd SQL

//replace the following with the database username and password you created in step 1

#  mysql -u admin_webmail -p
Enter Password: *******

Once in, import their SQL file:
Code:

use admin_webmail

SOURCE mysql.initial.sql

now the import should be complete.

5) Setup db config variables

Code:

#  cd ../config/

#  nano db.inc.php

all you have to do here is change the "$rcmail_config['db_dsnw'] = " config information, mine looks like this:

Code:

$rcmail_config['db_dsnw'] = 'mysql://admin_webmail:myPasswordHere@localhost/admin_webmail';

the format is: mysql://:@host/database_name

save that file and close it.

6) Setup the application config:

Code:

#  nano main.inc.php

find this line:

Code:

$rcmail_config['enable_caching'] = TRUE;

Replace with:

Code:

$rcmail_config['enable_caching'] = FALSE;

next find:

Code:

$rcmail_config['default_host'] = '';

replace with:

Code:

$rcmail_config['default_host'] = 'localhost';

7) *optional* you may want to setup an apache alias, you can overwrite your current webmail one with the following:

Edit httpd.conf:

Code:

#  nano /etc/httpd/conf/httpd.conf

Find this line:

Code:

Alias /webmail /var/www/html/webmail/

Replace with:

Code:

Alias /webmail /var/www/html/roundcubemail/

then restart apache
Code:

#  service httpd restart

You are done!

Login @ http://www.domain.com/webmail/

Questions, Comments, Typos, Suggestions, Praise post here please and I will update this main thread.

Thanks,

Pushkar
Reply With Quote

Online Backup, Replication and Encryption