Protecting WordPress with mod-security

Posted on February 11, 2015 by iwik

This my blog and also other hosted websites running WordPress are target of bots trying passwords to wordpress admin and posting spam comments. I was unable to found simple plugin for comments dns blacklist, so I focused to mod-security. Continue reading →

Big XFS filesystem NFS export mount fails with stale nfs handle

Posted on January 25, 2015 by iwik

If you have big XFS filesystem (with lot of files) and you use inode64 mount option, exporting this file system using NFS may fail when mouting this export on client:

Stale NFS file handle

This error is strange and confusing. Workaround is to specify fsid in /etc/exports for this filesystem.

For more information check this nice blog article https://hpc.uni.lu/blog/2014/xfs-and-inode64/

Snapshoting virtual machine running mysql database

Posted on June 26, 2014 by iwik

Backup in virtualized enviroment is mostly based on snapshoting entire virtual machine and saving this state to backup repository. This snapshot does not include memory of virtual machine. When you restore virtual machine from this snapshot filesystem is in unclean state, but journal filesystem can handle this. From mysql point of view server crash happended and database can be corrupted and unrecoverable, depending on what queries where running during snapshot. This unpredicted and unconsistent state you don’t want to have as a backup of your data. Continue reading →

VMware backup script

Posted on May 30, 2014 by iwik

I have been searching for simple and easy script to backup selected virtual machines running on esxi server, which will:

run on linux – do not require windows machine; can’t use PowerCLI
do not require direct access to esxi host using ssh (as other backups scripts like ghettoVCB.sh do) and will use API
support multiple esxi hosts managed by vcenter
have clear code – that means no perl hell (including big vsphere perl sdk)
have short code
can be put into cron

I was unable to find any to comply my requirements. I’m learning python, so I searched for some python vsphere libs and found psphere. Then backup.py has born.

Continue reading →

Debian iso images with firmware included

Posted on April 19, 2013 by iwik

Are you getting angry when installing Debian and your network cards (eg. bnx2) are not working because of missing non-free firmware policy? Solution is simple – just use for installation unofficial Debian iso images with firmware. Continue reading →

Installing vSphere cli on Centos 6

Posted on January 28, 2013 by iwik

VMware vSphere cli requires many CPAN libraries. On Centos 6 I have enabled EPEL repository and installed packages:
Continue reading →

Redhat Enterprise Linux 6 IPSec configuration example

Posted on May 10, 2012 by iwik

IPSec implementation has been changed in recent Redhat Enterprise Linux (RHEL) from ipsec tools (used in RHEL 5) to openswan in RHEL 6. Configuration using ifcfg-ipsec interfaces doesn’t works any more. Obviously, same change applies for Centos.
Continue reading →

Fighting againts SPAM – postfwd

Posted on August 19, 2011 by iwik

Postfwd is Postfix firewall daemon. Continue reading →

Install conntrack tools on Centos 5

Posted on July 20, 2011 by iwik

Conntrack tools allows manipulating linux connection tracking table. Command conntrack is useful for deleting conntrack entries, but it is not included by default in RHEL/Centos.
Continue reading →

Dotdeb packages unattended upgrade

Posted on April 7, 2011 by iwik

Unattended upgrades in Debian will not upgrade packages from third-party repositories (for example dotdeb.org) by default. It can be easily enabled editing /etc/apt/apt.conf.d/50unattended-upgrades.
Continue reading →

blog.erben.sk

Just another sysadmin blog

Category Archives: linux