Linux Cache Thrashed

Published by sac | Filed under Linux

Recently I came across an application in my workplace which is still under test phrase thrashing cache on RedHat linux servers badly. If this application would run for an hour+ the Server would start slowing down and the only way out was restart the linux server.

Then I came across this:

drop_caches

Writing to this will cause the kernel to drop clean caches, dentries and inodes from memory, causing that memory to become free.

To free pagecache:

* echo 1 > /proc/sys/vm/drop_caches

To free dentries and inodes:

* echo 2 > /proc/sys/vm/drop_caches

To free pagecache, dentries and inodes:

* echo 3 > /proc/sys/vm/drop_caches

As this is a non-destructive operation, and dirty objects are not freeable, the user should run “sync” first in order to make sure all cached objects are freed.

This tunable was added in 2.6.16.

Source: Linuxinsight
Source: Cyberciti.biz

Zimbra View mail disable

Published by sac | Filed under Mail, Zimbra

Do you have several admins who are looking administering Zimbra and you are concerned about all of them having access to viewing mails. Stop! Just issue these commands and keep the Admin password with you and they should be able Administer without “View Mail” options.

Commands to stop view mails from Zimbra, GlobalAdmin has be disabled:

#zmprov ma sachin@xxx.com zimbraIsDelegatedAdminAccount TRUE zimbraAdminConsoleUIComponents
cartBlancheUI
#zmprov grr global usr sachin@xxx.com +adminConsoleRights
#zmprov grr global usr sachin@xxx.com -adminLoginAs

Zine

Published by sac | Filed under Blog, Technology

I am looking at Zine a relatively new weblog engine written on python. I found it easy fast and secure. A move to Zine from Wordpress is next on evaluation.

Is chkrootkit the best ?

Published by sac | Filed under Blog

Mostly when I suspect that there is rootkit presence on Linux, the first I would go for is I am sure mostly all admins prefer the same or rkhunter. Yesterday just of curiosity when I checked the chkrrootkit script I saw that it would check for the default locations where the rootkit infects. If a dedicated hacker completely re-engineers the code, I don’t think it would throw out a error. I believe that the speed with which it scans out results is also because of it. I may be wrong as i have not read the complete script but rare.
Dgg it!

Snort on Centos64 bit.

Published by sac | Filed under Blog

I was just trying to install snort on one of the centos 64 bit servers. It took me a while to figure out that its not easy as configuring on a 32 bit. Here just paste this if you get struck

./configure –with-mysql –enable-dynamicplugin –with-libpcap-libraries=/usr/lib64/ –with-libpcre-libraries=/usr/lib64/–with-libnet-libraries=/usr/lib64/–enable-dynamicplugin LDFLAGS=’-L/usr/lib64 -L/usr/lib64 -L/usr/lib64/mysql’ –prefix=/var/local/snort-2.8.5.1

Spacewalk

Published by sac | Filed under Linux, Technology

Several times in my work and freelancing stage organisations I have come across organizations who have deployed rpm based distro for there developers primarily a fedora or a Centos. The only issue was how to update.Cfengine was the preferred choice what I always deployed, Till i discovered Spacewalk. Spacewalk is plain awesome and you can group you machines in categories for specific departments too other than servers, Monitor machines, Audit, Have kicstart deployed, geographically deploy updates or packages. Several Defence related organizations have deployed it where the machine are not connected to external network and updates and packages are taken by the Satelite server (The commercial one by RedHat here). Use it. RedHat is doing a awesome job till date by releasing codes for RedHat satelite server as Spacewalk, Directory server and many more.

Update: Google chrome just crashed while editing this post, a rare crash. Try it.

Opensource on steroids.

Published by sac | Filed under Linux, Technology

What happens when you join a fully open source company:

1. You have a fun time working.

2 You play with the latest tools.

3 You learn.

The last 4 months i have tried so many opensource tools that I cannot put all of”em here, But yes some of them are worth trying if you are a open source evangelist. Few which caught my attention are:

OSSIM

OSSEC

PacketFence

Syadmins: Try them out in your network, Its fun.

Update

Forgot Freenac. And all this on network, how do you manage. I remeber using Terminal, then mRemote and today Visionapp 2009 (Best for Admin Managers). You?

One month….Last day.

Published by sac | Filed under Blog

Its been one month without Asmi and Mayuri. They are flying back today to bangalore. Here is how I lived:

1. Food was mostly Egg and bread.(Maid who makes food at my home is pathetic)

2 Never did workout (Not even one benchpress)

3. Internet, old family videos for soul.

4. Late night work at office.

5. Beer and Friends

How do you spend time when your family is away ? Do you turn from  a health freak to couch potato in a day or two ?

I do,  Yes I do.

Ldap client settings.

Published by sac | Filed under Linux

I have more than 160 machines (100 = windows, 60 = Linux) on my network with LDAP as the authentication server. I plan to change the IP for the LDAP server, easy right. But what happens to the ldap client settings ? Is there a way I can keep the settings on the LDAP* server and push it automatically to clients.  Is there a way ?

Imagine manually going to all machines and running system-config-authentication or editing /etc/nsswitch.conf file.

Update: I know I know we can forward the existing IP* to the new IP or a scp script. But what I am looking for is to push Ldap client settings.

Godaddy and SSh.

Published by sac | Filed under Blog, Technology

Godaddy recently came up with ssh for there users. When I tried to activate it says

Status: Blocked – Your account is not SSH enabled.

Please Note:
* Your databases must be deleted before enabling SSH.

Whats this ? To enable a single service I need to backup my sqldatabase, let them delete, recreate again with the added risk of what if something goes wrong. Godaddy Go-to-mama.